DevFW-CICD/argocd-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'master' into argo-events/logging_options

Browse source
This commit is contained in:
Marco Kilchhofer 2021-05-29 11:28:55 +02:00 committed by GitHub
commit 092a822c1e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
220 changed files with 18883 additions and 18897 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.circleci/chart-testing.yaml
View file

@ -1,2 +0,0 @@
chart-repos:
- argo=https://argoproj.github.io/argo-helm

26
.circleci/config.yml
View file

@ -2,32 +2,16 @@ version: 2.1
jobs:
lint:
docker:
- image: gcr.io/kubernetes-charts-ci/test-image:v3.1.0
- image: quay.io/helmpack/chart-testing:v3.3.1
steps:
- checkout
- run: ct lint --config .circleci/chart-testing.yaml --lint-conf .circleci/lintconf.yaml
# Technically this only needs to be run on master, but it's good to have it run on every PR
# so that it is regularly tested.
- run: ct lint --config .github/configs/ct-lint.yaml --lint-conf .github/configs/lintconf.yaml
publish:
docker:
# We just need an image with `helm` on it. Handily we know of one already.
- image: gcr.io/kubernetes-charts-ci/test-image:v3.1.0
- image: bash
steps:
# install the additional keys needed to push to Github. Alex Collins owns these keys.
- add_ssh_keys
- run: git config --global user.email "nobody@circleci.com"
- run: git config --global user.name "Circle CI Build"
- checkout
- run: helm init --client-only
# Only actually publish charts on master.
- run: |
set -x
if [ "$CIRCLE_BRANCH" = "master" ]; then
export GIT_PUSH=true
else
export GIT_PUSH=false
fi
sh ./scripts/publish.sh
- run: echo "Replaced by Github Workflow - https://github.com/argoproj/argo-helm/actions/workflows/publish.yml"
workflows:
version: 2
workflow:

2
.github/configs/cr.yaml vendored Normal file
View file

@ -0,0 +1,2 @@
## Reference: https://github.com/helm/chart-releaser
index-path: "./index.yaml"

19
.github/configs/ct-install.yaml vendored Normal file
View file

@ -0,0 +1,19 @@
## Reference: https://github.com/helm/chart-testing/blob/master/doc/ct_lint-and-install.md
# Don't add the 'debug' attribute, otherwise the workflow won't work anymore
# Only Used for the CT Install Stage
remote: origin
chart-dirs:
- charts
chart-repos:
- argo=https://argoproj.github.io/argo-helm
- minio=https://helm.min.io/
- dandydeveloper=https://dandydeveloper.github.io/charts/
- stable=https://charts.helm.sh/stable
- incubator=https://charts.helm.sh/incubator
helm-extra-args: "--timeout 600s"
validate-chart-schema: false
validate-maintainers: true
validate-yaml: true
exclude-deprecated: true
excluded-charts:
- "argocd-applicationset"

18
.github/configs/ct-lint.yaml vendored Normal file
View file

@ -0,0 +1,18 @@
## Reference: https://github.com/helm/chart-testing/blob/master/doc/ct_lint-and-install.md
# Don't add the 'debug' attribute, otherwise the workflow won't work anymore
# Only Used for the CT Lint Stage
remote: origin
chart-dirs:
- charts
chart-repos:
- argo=https://argoproj.github.io/argo-helm
- minio=https://helm.min.io/
- dandydeveloper=https://dandydeveloper.github.io/charts/
- stable=https://charts.helm.sh/stable
- incubator=https://charts.helm.sh/incubator
helm-extra-args: "--timeout 600s"
validate-chart-schema: false
validate-maintainers: true
validate-yaml: true
exclude-deprecated: true
excluded-charts: []

0
.circleci/lintconf.yaml → .github/configs/lintconf.yaml vendored
View file

12
.github/pull_request_template.md vendored
View file

@ -1,9 +1,13 @@
Note on DCO:
If the DCO action in the integration test fails, one or more of your commits are not signed off. Please click on the *Details* link next to the DCO action for instructions on how to resolve this.
Checklist:
* [ ] I have update the chart version in `Chart.yaml` following Semantic Versioning.
* [ ] I have updated the chart version in `Chart.yaml` following Semantic Versioning.
* [ ] Any new values are backwards compatible and/or have sensible default.
* [ ] I have followed the testing instructions in the [contributing guide](https://github.com/argoproj/argo-helm/blob/master/CONTRIBUTING.md).
* [ ] I have signed the CLA and the build is green.
* [ ] I will test my changes again once merged to master and published.
* [ ] I have signed off all my commits as required by [DCO](https://github.com/argoproj/argoproj/tree/master/community#contributing-to-argo).
* [ ] My build is green ([troubleshooting builds](https://argoproj.github.io/argo-cd/developer-guide/ci/)).
Changes are automatically published when merged to `master`. They are not published on branches.
Changes are automatically published when merged to `master`. They are not published on branches.

17
.github/stale.yaml vendored Normal file
View file

@ -0,0 +1,17 @@
# Number of days of inactivity before an issue becomes stale
daysUntilStale: 60
# Number of days of inactivity before a stale issue is closed
daysUntilClose: 7
# Issues with these labels will never be considered stale
exemptLabels:
- pinned
- security
# Label to use when marking an issue as stale
staleLabel: wontfix
# Comment to post when marking an issue as stale. Set to `false` to disable
markComment: >
This issue has been automatically marked as stale because it has not had
recent activity. It will be closed if no further activity occurs. Thank you
for your contributions.
# Comment to post when closing a stale issue. Set to `false` to disable
closeComment: false

1
.github/stale.yml vendored
View file

@ -1 +0,0 @@
# See https://github.com/probot/stale

45
.github/workflows/lint-and-test.yml vendored Normal file
View file

@ -0,0 +1,45 @@
## Reference: https://github.com/helm/chart-testing-action
---
name: Linting and Testing
on: pull_request
jobs:
chart-test:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Set up Helm
uses: azure/setup-helm@v1
- name: Set up python
uses: actions/setup-python@v2
with:
python-version: 3.7
- name: Setup Chart Linting
id: lint
uses: helm/chart-testing-action@v2.0.1
- name: List changed charts
id: list-changed
run: |
## If executed with debug this won't work anymore.
changed=$(ct --config ./.github/configs/ct-lint.yaml list-changed)
charts=$(echo "$changed" | tr '\n' ' ' | xargs)
if [[ -n "$changed" ]]; then
echo "::set-output name=changed::true"
echo "::set-output name=changed_charts::$charts"
fi
- name: Run chart-testing (lint)
run: ct lint --debug --config ./.github/configs/ct-lint.yaml --lint-conf ./.github/configs/lintconf.yaml
- name: Create kind cluster
uses: helm/kind-action@v1.1.0
if: steps.list-changed.outputs.changed == 'true'
- name: Run chart-testing (install)
run: ct install --config ./.github/configs/ct-install.yaml
if: steps.list-changed.outputs.changed == 'true'

14
.github/workflows/pr-sizing.yml vendored Normal file
View file

@ -0,0 +1,14 @@
## Reference: https://github.com/pascalgn/size-label-action
---
name: 'PR Size'
on:
pull_request_target:
types: [opened, synchronize, reopened]
jobs:
size-label:
runs-on: ubuntu-latest
steps:
- name: size-label
uses: "pascalgn/size-label-action@v0.4.2"
env:
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

42
.github/workflows/publish.yml vendored Normal file
View file

@ -0,0 +1,42 @@
---
name: Chart Publish
on:
push:
branches:
- master
- rewrite-build
jobs:
publish:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Install Helm
uses: azure/setup-helm@v1
- name: Add dependency chart repos
run: |
helm repo add argo https://argoproj.github.io/argo-helm
helm repo add minio https://helm.min.io/
helm repo add dandydeveloper https://dandydeveloper.github.io/charts/
helm repo add stable https://charts.helm.sh/stable
helm repo add incubator https://charts.helm.sh/incubator
- name: Configure Git
run: |
git config user.name "$GITHUB_ACTOR"
git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
## This is required to consider the old Circle-CI Index and to stay compatible with all the old releases.
- name: Fetch current Chart Index
run: |
git checkout origin/gh-pages index.yaml
- name: Run chart-releaser
uses: helm/chart-releaser-action@v1.2.0
with:
config: "./.github/configs/cr.yaml"
env:
CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

15
.github/workflows/stale.yml vendored Normal file
View file

@ -0,0 +1,15 @@
name: Mark stale issues and pull requests
on:
schedule:
- cron: "30 1 * * *"
jobs:
stale:
runs-on: ubuntu-latest
steps:
- uses: actions/stale@v3
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
stale-issue-message: 'Stale issue message'
stale-pr-message: 'Stale pull request message'
stale-issue-label: 'no-issue-activity'
stale-pr-label: 'no-pr-activity'

13
CODEOWNERS
View file

@ -1,16 +1,19 @@
# https://help.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners
# All charts
/charts/ @mkilchhofer
# Argo Workflows
/charts/argo @benjaminws @stefansedich @paguos
/charts/argo-workflows/ @stefansedich @paguos @vladlosev @yann-soubeyrand @oliverbaehler
# Argo CD
/charts/argo-cd @seanson @spencergilbert
/charts/argo-cd @seanson @davidkarlsen @mr-sour @yann-soubeyrand @oliverbaehler
# Argo Events
/charts/argo-events @jbehling
/charts/argo-events @jbehling @VaibhavPage @oliverbaehler
# Argo Rollouts
/charts/argo-rollouts @cabrinha
/charts/argo-rollouts @oliverbaehler
# Argo CD Notifications
/charts/argocd-notifications @alexmt @andyfeller
/charts/argocd-notifications @alexmt @andyfeller @oliverbaehler

19
CONTRIBUTING.md
View file

@ -22,6 +22,12 @@ helm delete argo-cd --purge
kubectl delete crd -l app.kubernetes.io/part-of=argocd
```
Pre-requisites:
```
helm repo add redis-ha https://dandydeveloper.github.io/charts/
helm dependency update
```
Minimally:
```
@ -76,11 +82,11 @@ Please ensure chart version changes adhere to semantic versioning standards:
## Testing Charts
As part of the Continous Intergration system we run Helm's [Chart Testing](https://github.com/helm/chart-testing) tool.
As part of the Continuous Integration system we run Helm's [Chart Testing](https://github.com/helm/chart-testing) tool.
The checks for this tool are stricter than the standard Helm requirements, where fields normally considered optional like `maintainer` are required in the standard spec and must be valid GitHub usernames.
Linting configuration can be found in [lintconf.yaml](.circleci/lintconf.yaml)
Linting configuration can be found in [ct-lint.yaml](./.github/configs/ct-lint.yaml)
The linting can be invoked manually with the following command:
@ -90,11 +96,4 @@ The linting can be invoked manually with the following command:
## Publishing Changes
Changes are automatically publish whenever a commit is merged to master. The CI job (see `.circleci/config.yaml`) runs this:
```
GIT_PUSH=true ./scripts/publish.sh
```
Script generates tar file for each chart in `charts` directory and push changes to `gh-pages` branch.
Write access to https://github.com/argoproj/argo-helm.git is required to publish changes.
Changes are automatically publish whenever a commit is merged to master. The CI job (see `./.github/workflows/publish.yml`).

4
README.md
View file

@ -1,6 +1,8 @@
# Argo Helm Charts
Argo Helm is a collection of **community maintained** charts for http://argoproj.io/ projects. the charts can be added using following command:
[![Chart Publish](https://github.com/argoproj/argo-helm/actions/workflows/publish.yml/badge.svg?branch=master)](https://github.com/argoproj/argo-helm/actions/workflows/publish.yml)
Argo Helm is a collection of **community maintained** charts for http://argoproj.io/ projects. The charts can be added using following command:
```
helm repo add argo https://argoproj.github.io/argo-helm

2
charts/argo-cd/.helmignore
View file

@ -1,2 +1,2 @@
*.tgz
/*.tgz
output

6
charts/argo-cd/Chart.lock Normal file
View file

@ -0,0 +1,6 @@
dependencies:
- name: redis-ha
repository: https://dandydeveloper.github.io/charts/
version: 4.12.14
digest: sha256:34275a4f4df92c570d07b0553da5d1fa200b6f057f7091746c853fd7399ee30a
generated: "2021-05-03T16:02:41.4356045-04:00"

11
charts/argo-cd/Chart.yaml
View file

@ -1,8 +1,8 @@
apiVersion: v1
appVersion: 1.7.6
apiVersion: v2
appVersion: 2.0.3
description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes.
name: argo-cd
version: 2.10.0
version: 3.6.3
home: https://github.com/argoproj/argo-helm
icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
keywords:
@ -14,3 +14,8 @@ maintainers:
- name: alexmt
- name: jessesuen
- name: seanson
dependencies:
- name: redis-ha
version: 4.12.14
repository: https://dandydeveloper.github.io/charts/
condition: redis-ha.enabled

87
charts/argo-cd/README.md
View file

@ -12,11 +12,58 @@ The default installation is intended to be similar to the provided ArgoCD [relea
This chart currently installs the non-HA version of ArgoCD.
### Synchronizing Changes from Original Repository
In the original [ArgoCD repository](https://github.com/argoproj/argo-cd/) an [`manifests/install.yaml`](https://github.com/argoproj/argo-cd/blob/master/manifests/install.yaml) is generated using `kustomize`. It's the basis for the installation as [described in the docs](https://argo-cd.readthedocs.io/en/stable/getting_started/#1-install-argo-cd).
When installing ArgoCD using this helm chart the user should have a similar experience and configuration rolled out. Hence, it makes sense to try to achieve a similar output of rendered `.yaml` resources when calling `helm template` using the default settings in `values.yaml`.
To update the templates and default settings in `values.yaml` it may come in handy to look up the diff of the `manifests/install.yaml` between two versions accordingly. This can either be done directly via github and look for `manifests/install.yaml`:
https://github.com/argoproj/argo-cd/compare/v1.8.7...v2.0.0#files_bucket
Or you clone the repository and do a local `git-diff`:
```bash
git clone https://github.com/argoproj/argo-cd.git
cd argo-cd
git diff v1.8.7 v2.0.0 -- manifests/install.yaml
```
Changes in the `CustomResourceDefinition` resources shall be fixed easily by copying 1:1 from the [`manifests/crds` folder](https://github.com/argoproj/argo-cd/tree/master/manifests/crds) into this [`charts/argo-cd/crds` folder](https://github.com/argoproj/argo-helm/tree/master/charts/argo-cd/crds).
## Upgrading
### 3.2.*
With this minor version we introduced the evaluation for the ingress manifest (depending on the capabilities version), See [Pull Request](https://github.com/argoproj/argo-helm/pull/637).
[Issue 703](https://github.com/argoproj/argo-helm/issues/703) reported that the capabilities evaluation is **not handled correctly when deploying the chart via an ArgoCD instance**,
especially deploying on clusters running a cluster version prior to `1.19` (which misses `Ingress` on apiVersion `networking.k8s.io/v1`).
If you are running a cluster version prior to `1.19` you can avoid this issue by directly installing chart version `3.6.0` and setting `kubeVersionOverride` like:
```yaml
kubeVersionOverride: "1.18.0"
```
Then you should no longer encounter this issue.
### 3.0.0 and above
Helm apiVersion switched to `v2`. Requires Helm `3.0.0` or above to install. [Read More](https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/) on how to migrate your release from Helm 2 to Helm 3.
### 2.14.7 and above
The `matchLabels` key in the ArgoCD Application Controller is no longer hard-coded. Note that labels are immutable so caution should be exercised when making changes to this resource.
### 2.10.x to 2.11.0
The application controller is now available as a `StatefulSet` when the `controller.enableStatefulSet` flag is set to true. Depending on your Helm deployment this may be a downtime or breaking change if enabled when using HA and will become the default in 3.x.
### 1.8.7 to 2.x.x
`controller.extraArgs`, `repoServer.extraArgs` and `server.extraArgs` are now arrays of strings intead of a map
`controller.extraArgs`, `repoServer.extraArgs` and `server.extraArgs` are now arrays of strings instead of a map
What was
```yaml
@ -50,11 +97,11 @@ NAME: my-release
...
```
### Helm v3 Compatability
### Helm v3 Compatibility
Requires chart version 1.5.2 or newer.
Helm v3 has removed the `install-crds` hook so CRDs are now populated by files in the [crds](./crds) directory. Users of Helm v3 should set the `installCRDs` value to `false` to avoid warnings about nonexistant webhooks.
Helm v3 has removed the `install-crds` hook so CRDs are now populated by files in the [crds](./crds) directory. Users of Helm v3 should set the `installCRDs` value to `false` to avoid warnings about nonexistent webhooks.
## Chart Values
@ -62,12 +109,15 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i
|-----|------|---------|
| global.image.imagePullPolicy | If defined, a imagePullPolicy applied to all ArgoCD deployments. | `"IfNotPresent"` |
| global.image.repository | If defined, a repository applied to all ArgoCD deployments. | `"argoproj/argocd"` |
| global.image.tag | If defined, a tag applied to all ArgoCD deployments. | `"v1.7.6"` |
| global.image.tag | If defined, a tag applied to all ArgoCD deployments. | `"v1.8.4"` |
| global.securityContext | Toggle and define securityContext | See [values.yaml](values.yaml) |
| global.imagePullSecrets | If defined, uses a Secret to pull an image from a private Docker registry or repository. | `[]` |
| global.hostAliases | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | `[]` |
| kubeVersionOverride | Override the Kubernetes version, which is used to evaluate certain manifests | `""` |
| nameOverride | Provide a name in place of `argocd` | `"argocd"` |
| fullnameOverride | String to fully override `"argo-cd.fullname"` | `""` |
| installCRDs | Install CRDs if you are using Helm2. | `true` |
| configs.clusterCredentials | Provide one or multiple [external cluster credentials](https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#clusters) | `[]` (See [values.yaml](values.yaml)) |
| configs.knownHostsAnnotations | Known Hosts configmap annotations | `{}` |
| configs.knownHosts.data.ssh_known_hosts | Known Hosts | See [values.yaml](values.yaml) |
| configs.secret.annotations | Annotations for argocd-secret | `{}` |
@ -80,6 +130,7 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i
| configs.tlsCertsAnnotations | TLS certificate configmap annotations | `{}` |
| configs.tlsCerts.data."argocd.example.com" | TLS certificate | See [values.yaml](values.yaml) |
| configs.secret.extra | add additional secrets to be added to argocd-secret | `{}` |
| configs.styles | Define custom CSS styles for your argo instance ([Read More](https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/)). This Settings will automatically mount the provided css and reference it in the argo configuration. | `""` (See [values.yaml](values.yaml)) |
| openshift.enabled | enables using arbitrary uid for argo repo server | `false` |
## ArgoCD Controller
@ -89,11 +140,14 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i
| controller.affinity | [Assign custom affinity rules to the deployment](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) | `{}` |
| controller.args.operationProcessors | define the controller `--operation-processors` | `"10"` |
| controller.args.appResyncPeriod | define the controller `--app-resync` | `"180"` |
| controller.args.selfHealTimeout | define the controller `--self-heal-timeout-seconds` | `"5"` |
| controller.args.statusProcessors | define the controller `--status-processors` | `"20"` |
| controller.clusterAdminAccess.enabled | Enable RBAC for local cluster deployments. | `true` |
| controller.containerPort | Controller listening port. | `8082` |
| controller.extraArgs | Additional arguments for the controller. A list of flags | `[]` |
| controller.enableStatefulSet | Enable deploying the controller as a StatefulSet instead of a Deployment. Used for HA installations. | `false` |
| controller.env | Environment variables for the controller. | `[]` |
| controller.envFrom | `envFrom` to pass to the controller. | `[]` (See [values.yaml](values.yaml)) |
| controller.image.repository | Repository to use for the controller | `global.image.repository` |
| controller.image.imagePullPolicy | Image pull policy for the controller | `global.image.imagePullPolicy` |
| controller.image.tag | Tag to use for the controller | `global.image.tag` |
@ -124,7 +178,8 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i
| controller.service.annotations | Controller service annotations. | `{}` |
| controller.service.labels | Controller service labels. | `{}` |
| controller.service.port | Controller service port. | `8082` |
| controler.serviceAccount.annotations | Controller service account annotations | `{}` |
| controller.serviceAccount.annotations | Controller service account annotations | `{}` |
| controller.serviceAccount.automountServiceAccountToken | Automount API credentials for the Service Account | `true` |
| controller.serviceAccount.create | Create a service account for the controller | `true` |
| controller.serviceAccount.name | Service account name. | `"argocd-application-controller"` |
| controller.tolerations | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` |
@ -144,6 +199,7 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i
| repoServer.containerPort | Repo server port | `8081` |
| repoServer.extraArgs | Additional arguments for the repo server. A list of flags. | `[]` |
| repoServer.env | Environment variables for the repo server. | `[]` |
| repoServer.envFrom | `envFrom` to pass to the repo server. | `[]` (See [values.yaml](values.yaml)) |
| repoServer.image.repository | Repository to use for the repo server | `global.image.repository` |
| repoServer.image.imagePullPolicy | Image pull policy for the repo server | `global.image.imagePullPolicy` |
| repoServer.image.tag | Tag to use for the repo server | `global.image.tag` |
@ -172,6 +228,7 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i
| repoServer.replicas | The number of repo server pods to run | `1` |
| repoServer.resources | Resource limits and requests for the repo server pods. | `{}` |
| repoServer.service.annotations | Repo server service annotations. | `{}` |
| repoServer.service.automountServiceAccountToken | Automount API credentials for the Service Account | `true` |
| repoServer.service.labels | Repo server service labels. | `{}` |
| repoServer.service.port | Repo server service port. | `8081` |
| repoServer.serviceAccount.annotations | Repo server service account annotations | `{}` |
@ -203,6 +260,7 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i
| server.containerPort | Server container port. | `8080` |
| server.extraArgs | Additional arguments for the server. A list of flags. | `[]` |
| server.env | Environment variables for the server. | `[]` |
| server.envFrom | `envFrom` to pass to the server. | `[]` (See [values.yaml](values.yaml)) |
| server.image.repository | Repository to use for the server | `global.image.repository` |
| server.image.imagePullPolicy | Image pull policy for the server | `global.image.imagePullPolicy` |
| server.image.tag | Tag to use for the server | `global.image.tag` |
@ -210,15 +268,18 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i
| server.ingress.enabled | Enable an ingress resource for the server | `false` |
| server.ingress.hosts | List of ingress hosts | `[]` |
| server.ingress.labels | Additional ingress labels. | `{}` |
| server.ingress.ingressClassName | Defines which ingress controller will implement the resource | `""` |
| server.ingress.tls | Ingress TLS configuration. | `[]` |
| server.ingress.https | Uses `server.service.servicePortHttps` instead `server.service.servicePortHttp` | `false` |
| server.ingressGrpc.annotations | Additional ingress annotations for dedicated [gRPC-ingress] | `{}` |
| server.ingressGrpc.enabled | Enable an ingress resource for the server for dedicated [gRPC-ingress] | `false` |
| server.ingressGrpc.hosts | List of ingress hosts for dedicated [gRPC-ingress] | `[]` |
| server.ingressGrpc.labels | Additional ingress labels for dedicated [gRPC-ingress] | `{}` |
| server.ingressGrpc.ingressClassName | Defines which ingress controller will implement the resource [gRPC-ingress] | `""` |
| server.ingressGrpc.tls | Ingress TLS configuration for dedicated [gRPC-ingress] | `[]` |
| server.route.enabled | Enable a OpenShift route for the server | `false` |
| server.route.hostname | Hostname of OpenShift route | `""` |
| server.lifecycle | PostStart and PreStop hooks configuration | `{}` |
| server.livenessProbe.failureThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `3` |
| server.livenessProbe.initialDelaySeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` |
| server.livenessProbe.periodSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` |
@ -251,9 +312,13 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i
| server.service.servicePortHttps | Server service https port | `443` |
| server.service.servicePortHttpName | Server service http port name, can be used to route traffic via istio | `http` |
| server.service.servicePortHttpsName | Server service https port name, can be used to route traffic via istio | `https` |
| server.service.nodePortHttp | Server service http port for NodePort service type| `30080` |
| server.service.servicePortHttps | Server service http port for NodePort service type | `30443` |
| server.service.loadBalancerSourceRanges | Source IP ranges to allow access to service from. | `[]` |
| server.service.externalIPs | Server service external IPs. | `[]` |
| server.service.type | Server service type | `"ClusterIP"` |
| server.serviceAccount.annotations | Server service account annotations | `{}` |
| server.serviceAccount.automountServiceAccountToken | Automount API credentials for the Service Account | `true` |
| server.serviceAccount.create | Create server service account | `true` |
| server.serviceAccount.name | Server service account name | `"argocd-server"` |
| server.tolerations | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` |
@ -281,11 +346,13 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i
| dex.metrics.serviceMonitor.selector | Prometheus ServiceMonitor selector. | `{}` |
| dex.name | Dex name | `"dex-server"` |
| dex.env | Environment variables for the Dex server. | `[]` |
| dex.envFrom | `envFrom` to pass to the Dex server. | `[]` (See [values.yaml](values.yaml)) |
| dex.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` |
| dex.podAnnotations | Annotations for the Dex server pods | `{}` |
| dex.podLabels | Labels for the Dex server pods | `{}` |
| dex.priorityClassName | Priority class for dex | `""` |
| dex.resources | Resource limits and requests for dex | `{}` |
| dex.serviceAccount.automountServiceAccountToken | Automount API credentials for the Service Account | `true` |
| dex.serviceAccount.create | Create dex service account | `true` |
| dex.serviceAccount.name | Dex service account name | `"argocd-dex-server"` |
| dex.servicePortGrpc | Server GRPC port | `5557` |
@ -309,9 +376,11 @@ through `xxx.extraArgs`
| redis.enabled | Enable redis | `true` |
| redis.image.imagePullPolicy | Redis imagePullPolicy | `"IfNotPresent"` |
| redis.image.repository | Redis repository | `"redis"` |
| redis.image.tag | Redis tag | `"5.0.8"` |
| redis.image.tag | Redis tag | `"6.2.1-alpine"` |
| redis.extraArgs | Additional arguments for the `redis-server`. A list of flags. | `[]` |
| redis.name | Redis name | `"redis"` |
| redis.env | Environment variables for the Redis server. | `[]` |
| redis.envFrom | `envFrom` to pass to the Redis server. | `[]` (See [values.yaml](values.yaml)) |
| redis.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` |
| redis.podAnnotations | Annotations for the Redis server pods | `{}` |
| redis.podLabels | Labels for the Redis server pods | `{}` |
@ -320,7 +389,7 @@ through `xxx.extraArgs`
| redis.securityContext | Redis Pod Security Context | See [values.yaml](values.yaml) |
| redis.servicePort | Redis service port | `6379` |
| redis.tolerations | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` |
| redis-ha | Configures [Redis HA subchart](https://github.com/helm/charts/tree/master/stable/redis-ha) The properties below have been changed from the subchart defaults | |
| redis-ha | Configures [Redis HA subchart](https://github.com/DandyDeveloper/charts/tree/master/charts/redis-ha) The properties below have been changed from the subchart defaults | |
| redis-ha.enabled | Enables the Redis HA subchart and disables the custom Redis single node deployment| `false` |
| redis-ha.exporter.enabled | If `true`, the prometheus exporter sidecar is enabled | `true` |
| redis-ha.persistentVolume.enabled | Configures persistency on Redis nodes | `false`
@ -329,6 +398,6 @@ through `xxx.extraArgs`
| redis-ha.redis.config.save | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled | `""` |
| redis-ha.haproxy.enabled | Enabled HAProxy LoadBalancing/Proxy | `true` |
| redis-ha.haproxy.metrics.enabled | HAProxy enable prometheus metric scraping | `true` |
| redis-ha.image.tag | Redis tag | `"5.0.8-alpine"` |
| redis-ha.image.tag | Redis tag | `"6.2.1-alpine"` |
[gRPC-ingress]: https://argoproj.github.io/argo-cd/operator-manual/ingress/
[gRPC-ingress]: https://argoproj.github.io/argo-cd/operator-manual/ingress/

21
charts/argo-cd/charts/redis-ha/Chart.yaml
View file

@ -1,21 +0,0 @@
apiVersion: v1
appVersion: 5.0.6
description: Highly available Kubernetes implementation of Redis
engine: gotpl
home: http://redis.io/
icon: https://upload.wikimedia.org/wikipedia/en/thumb/6/6b/Redis_Logo.svg/1200px-Redis_Logo.svg.png
keywords:
- redis
- keyvalue
- database
maintainers:
- email: salimsalaues@gmail.com
name: ssalaues
- email: aaron.layfield@gmail.com
name: dandydeveloper
name: redis-ha
sources:
- https://redis.io/download
- https://github.com/scality/Zenko/tree/development/1.0/kubernetes/zenko/charts/redis-ha
- https://github.com/oliver006/redis_exporter
version: 4.4.2

6
charts/argo-cd/charts/redis-ha/OWNERS
View file

@ -1,6 +0,0 @@
approvers:
- ssalaues
- dandydeveloper
reviewers:
- ssalaues
- dandydeveloper

230
charts/argo-cd/charts/redis-ha/README.md
View file

@ -1,230 +0,0 @@
# Redis
[Redis](http://redis.io/) is an advanced key-value cache and store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets, sorted sets, bitmaps and hyperloglogs.
## TL;DR;
```bash
$ helm install stable/redis-ha
```
By default this chart install 3 pods total:
* one pod containing a redis master and sentinel container (optional prometheus metrics exporter sidecar available)
* two pods each containing a redis slave and sentinel containers (optional prometheus metrics exporter sidecars available)
## Introduction
This chart bootstraps a [Redis](https://redis.io) highly available master/slave statefulset in a [Kubernetes](http://kubernetes.io) cluster using the Helm package manager.
## Prerequisites
- Kubernetes 1.8+ with Beta APIs enabled
- PV provisioner support in the underlying infrastructure
## Upgrading the Chart
Please note that there have been a number of changes simplifying the redis management strategy (for better failover and elections) in the 3.x version of this chart. These changes allow the use of official [redis](https://hub.docker.com/_/redis/) images that do not require special RBAC or ServiceAccount roles. As a result when upgrading from version >=2.0.1 to >=3.0.0 of this chart, `Role`, `RoleBinding`, and `ServiceAccount` resources should be deleted manually.
### Upgrading the chart from 3.x to 4.x
Starting from version `4.x` HAProxy sidecar prometheus-exporter removed and replaced by the embedded [HAProxy metrics endpoint](https://github.com/haproxy/haproxy/tree/master/contrib/prometheus-exporter), as a result when upgrading from version 3.x to 4.x section `haproxy.exporter` should be removed and the `haproxy.metrics` need to be configured for fit your needs.
## Installing the Chart
To install the chart
```bash
$ helm install stable/redis-ha
```
The command deploys Redis on the Kubernetes cluster in the default configuration. By default this chart install one master pod containing redis master container and sentinel container along with 2 redis slave pods each containing their own sentinel sidecars. The [configuration](#configuration) section lists the parameters that can be configured during installation.
> **Tip**: List all releases using `helm list`
## Uninstalling the Chart
To uninstall/delete the deployment:
```bash
$ helm delete <chart-name>
```
The command removes all the Kubernetes components associated with the chart and deletes the release.
## Configuration
The following table lists the configurable parameters of the Redis chart and their default values.
| Parameter | Description | Default |
|:--------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-------------------------------------------------------------------------------------------|
| `image` | Redis image | `redis` |
| `imagePullSecrets` | Reference to one or more secrets to be used when pulling redis images | [] |
| `tag` | Redis tag | `5.0.6-alpine` |
| `replicas` | Number of redis master/slave pods | `3` |
| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` |
| `serviceAccount.name` | The name of the ServiceAccount to create | Generated using the redis-ha.fullname template |
| `rbac.create` | Create and use RBAC resources | `true` |
| `redis.port` | Port to access the redis service | `6379` |
| `redis.masterGroupName` | Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated | `mymaster` |
| `redis.config` | Any valid redis config options in this section will be applied to each server (see below) | see values.yaml |
| `redis.customConfig` | Allows for custom redis.conf files to be applied. If this is used then `redis.config` is ignored | `` |
| `redis.resources` | CPU/Memory for master/slave nodes resource requests/limits | `{}` |
| `sentinel.port` | Port to access the sentinel service | `26379` |
| `sentinel.quorum` | Minimum number of servers necessary to maintain quorum | `2` |
| `sentinel.config` | Valid sentinel config options in this section will be applied as config options to each sentinel (see below) | see values.yaml |
| `sentinel.customConfig` | Allows for custom sentinel.conf files to be applied. If this is used then `sentinel.config` is ignored | `` |
| `sentinel.resources` | CPU/Memory for sentinel node resource requests/limits | `{}` |
| `init.resources` | CPU/Memory for init Container node resource requests/limits | `{}` |
| `auth` | Enables or disables redis AUTH (Requires `redisPassword` to be set) | `false` |
| `redisPassword` | A password that configures a `requirepass` and `masterauth` in the conf parameters (Requires `auth: enabled`) | `` |
| `authKey` | The key holding the redis password in an existing secret. | `auth` |
| `existingSecret` | An existing secret containing a key defined by `authKey` that configures `requirepass` and `masterauth` in the conf parameters (Requires `auth: enabled`, cannot be used in conjunction with `.Values.redisPassword`) | `` |
| `nodeSelector` | Node labels for pod assignment | `{}` |
| `tolerations` | Toleration labels for pod assignment | `[]` |
| `hardAntiAffinity` | Whether the Redis server pods should be forced to run on separate nodes. | `true` |
| `additionalAffinities` | Additional affinities to add to the Redis server pods. | `{}` |
| `securityContext` | Security context to be added to the Redis server pods. | `{runAsUser: 1000, fsGroup: 1000, runAsNonRoot: true}` |
| `affinity` | Override all other affinity settings with a string. | `""` |
| `persistentVolume.size` | Size for the volume | 10Gi |
| `persistentVolume.annotations` | Annotations for the volume | `{}` |
| `persistentVolume.reclaimPolicy` | Method used to reclaim an obsoleted volume. `Delete` or `Retain` | `""` |
| `emptyDir` | Configuration of `emptyDir`, used only if persistentVolume is disabled and no hostPath specified | `{}` |
| `exporter.enabled` | If `true`, the prometheus exporter sidecar is enabled | `false` |
| `exporter.image` | Exporter image | `oliver006/redis_exporter` |
| `exporter.tag` | Exporter tag | `v0.31.0` |
| `exporter.port` | Exporter port | `9121` |
| `exporter.annotations` | Prometheus scrape annotations | `{prometheus.io/path: /metrics, prometheus.io/port: "9121", prometheus.io/scrape: "true"}` |
| `exporter.extraArgs` | Additional args for the exporter | `{}` |
| `exporter.script` | A custom custom Lua script that will be mounted to exporter for collection of custom metrics. Creates a ConfigMap and sets env var `REDIS_EXPORTER_SCRIPT`. | |
| `exporter.serviceMonitor.enabled` | Use servicemonitor from prometheus operator | `false` |
| `exporter.serviceMonitor.namespace` | Namespace the service monitor is created in | `default` |
| `exporter.serviceMonitor.interval` | Scrape interval, If not set, the Prometheus default scrape interval is used | `nil` |
| `exporter.serviceMonitor.telemetryPath` | Path to redis-exporter telemetry-path | `/metrics` |
| `exporter.serviceMonitor.labels` | Labels for the servicemonitor passed to Prometheus Operator | `{}` |
| `exporter.serviceMonitor.timeout` | How long until a scrape request times out. If not set, the Prometheus default scape timeout is used | `nil` |
| `haproxy.enabled` | Enabled HAProxy LoadBalancing/Proxy | `false` |
| `haproxy.replicas` | Number of HAProxy instances | `3` |
| `haproxy.image.repository`| HAProxy Image Repository | `haproxy` |
| `haproxy.image.tag` | HAProxy Image Tag | `2.0.1` |
| `haproxy.image.pullPolicy`| HAProxy Image PullPolicy | `IfNotPresent` |
| `haproxy.imagePullSecrets`| Reference to one or more secrets to be used when pulling haproxy images | [] |
| `haproxy.annotations` | HAProxy template annotations | `{}` |
| `haproxy.customConfig` | Allows for custom config-haproxy.cfg file to be applied. If this is used then default config will be overwriten | `` |
| `haproxy.extraConfig` | Allows to place any additional configuration section to add to the default config-haproxy.cfg | `` |
| `haproxy.resources` | HAProxy resources | `{}` |
| `haproxy.emptyDir` | Configuration of `emptyDir` | `{}` |
| `haproxy.service.type` | HAProxy service type "ClusterIP", "LoadBalancer" or "NodePort" | `ClusterIP` |
| `haproxy.service.nodePort` | HAProxy service nodePort value (haproxy.service.type must be NodePort) | not set |
| `haproxy.service.annotations` | HAProxy service annotations | `{}` |
| `haproxy.stickyBalancing` | HAProxy sticky load balancing to Redis nodes. Helps with connections shutdown. | `false` |
| `haproxy.hapreadport.enable` | Enable a read only port for redis slaves | `false` |
| `haproxy.hapreadport.port` | Haproxy port for read only redis slaves | `6380` |
| `haproxy.metrics.enabled` | HAProxy enable prometheus metric scraping | `false` |
| `haproxy.metrics.port` | HAProxy prometheus metrics scraping port | `9101` |
| `haproxy.metrics.portName` | HAProxy metrics scraping port name | `exporter-port` |
| `haproxy.metrics.scrapePath` | HAProxy prometheus metrics scraping port | `/metrics` |
| `haproxy.metrics.serviceMonitor.enabled` | Use servicemonitor from prometheus operator for HAProxy metrics | `false` |
| `haproxy.metrics.serviceMonitor.namespace` | Namespace the service monitor for HAProxy metrics is created in | `default` |
| `haproxy.metrics.serviceMonitor.interval` | Scrape interval, If not set, the Prometheus default scrape interval is used | `nil` |
| `haproxy.metrics.serviceMonitor.telemetryPath` | Path to HAProxy metrics telemetry-path | `/metrics` |
| `haproxy.metrics.serviceMonitor.labels` | Labels for the HAProxy metrics servicemonitor passed to Prometheus Operator | `{}` |
| `haproxy.metrics.serviceMonitor.timeout` | How long until a scrape request times out. If not set, the Prometheus default scape timeout is used | `nil` |
| `haproxy.init.resources` | Extra init resources | `{}` |
| `haproxy.timeout.connect` | haproxy.cfg `timeout connect` setting | `4s` |
| `haproxy.timeout.server` | haproxy.cfg `timeout server` setting | `30s` |
| `haproxy.timeout.client` | haproxy.cfg `timeout client` setting | `30s` |
| `haproxy.timeout.check` | haproxy.cfg `timeout check` setting | `2s` |
| `haproxy.priorityClassName` | priorityClassName for `haproxy` deployment | not set |
| `haproxy.securityContext` | Security context to be added to the HAProxy deployment. | `{runAsUser: 1000, fsGroup: 1000, runAsNonRoot: true}` |
| `haproxy.hardAntiAffinity` | Whether the haproxy pods should be forced to run on separate nodes. | `true` |
| `haproxy.affinity` | Override all other haproxy affinity settings with a string. | `""` |
| `haproxy.additionalAffinities` | Additional affinities to add to the haproxy server pods. | `{}` |
| `podDisruptionBudget` | Pod Disruption Budget rules | `{}` |
| `priorityClassName` | priorityClassName for `redis-ha-statefulset` | not set |
| `hostPath.path` | Use this path on the host for data storage | not set |
| `hostPath.chown` | Run an init-container as root to set ownership on the hostPath | `true` |
| `sysctlImage.enabled` | Enable an init container to modify Kernel settings | `false` |
| `sysctlImage.command` | sysctlImage command to execute | [] |
| `sysctlImage.registry` | sysctlImage Init container registry | `docker.io` |
| `sysctlImage.repository` | sysctlImage Init container name | `busybox` |
| `sysctlImage.tag` | sysctlImage Init container tag | `1.31.1` |
| `sysctlImage.pullPolicy` | sysctlImage Init container pull policy | `Always` |
| `sysctlImage.mountHostSys`| Mount the host `/sys` folder to `/host-sys` | `false` |
| `sysctlImage.resources` | sysctlImage resources | `{}` |
| `schedulerName` | Alternate scheduler name | `nil` |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
```bash
$ helm install \
--set image=redis \
--set tag=5.0.5-alpine \
stable/redis-ha
```
The above command sets the Redis server within `default` namespace.
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
```bash
$ helm install -f values.yaml stable/redis-ha
```
> **Tip**: You can use the default [values.yaml](values.yaml)
## Custom Redis and Sentinel config options
This chart allows for most redis or sentinel config options to be passed as a key value pair through the `values.yaml` under `redis.config` and `sentinel.config`. See links below for all available options.
[Example redis.conf](http://download.redis.io/redis-stable/redis.conf)
[Example sentinel.conf](http://download.redis.io/redis-stable/sentinel.conf)
For example `repl-timeout 60` would be added to the `redis.config` section of the `values.yaml` as:
```yml
repl-timeout: "60"
```
Note:
1. Some config options should be renamed by redis versione.g.:
```
# In redis 5.xsee https://raw.githubusercontent.com/antirez/redis/5.0/redis.conf
min-replicas-to-write: 1
min-replicas-max-lag: 5
# In redis 4.x and redis 3.xsee https://raw.githubusercontent.com/antirez/redis/4.0/redis.conf and https://raw.githubusercontent.com/antirez/redis/3.0/redis.conf
min-slaves-to-write 1
min-slaves-max-lag 5
```
Sentinel options supported must be in the the `sentinel <option> <master-group-name> <value>` format. For example, `sentinel down-after-milliseconds 30000` would be added to the `sentinel.config` section of the `values.yaml` as:
```yml
down-after-milliseconds: 30000
```
If more control is needed from either the redis or sentinel config then an entire config can be defined under `redis.customConfig` or `sentinel.customConfig`. Please note that these values will override any configuration options under their respective section. For example, if you define `sentinel.customConfig` then the `sentinel.config` is ignored.
## Host Kernel Settings
Redis may require some changes in the kernel of the host machine to work as expected, in particular increasing the `somaxconn` value and disabling transparent huge pages.
To do so, you can set up a privileged initContainer with the `sysctlImage` config values, for example:
```
sysctlImage:
enabled: true
mountHostSys: true
command:
- /bin/sh
- -xc
- |-
sysctl -w net.core.somaxconn=10000
echo never > /host-sys/kernel/mm/transparent_hugepage/enabled
```
## HAProxy startup
When HAProxy is enabled, it will attempt to connect to each announce-service of each redis replica instance in its init container before starting.
It will fail if announce-service IP is not available fast enough (10 seconds max by announce-service).
A such case could happen if the orchestator is pending the nomination of redis pods.
Risk is limited because announce-service is using `publishNotReadyAddresses: true`, although, in such case, HAProxy pod will be rescheduled afterward by the orchestrator.

10
charts/argo-cd/charts/redis-ha/ci/haproxy-enabled-values.yaml
View file

@ -1,10 +0,0 @@
---
## Enable HAProxy to manage Load Balancing
haproxy:
enabled: true
annotations:
any.domain/key: "value"
serviceAccount:
create: true
metrics:
enabled: true

25
charts/argo-cd/charts/redis-ha/templates/NOTES.txt
View file

@ -1,25 +0,0 @@
Redis can be accessed via port {{ .Values.redis.port }} and Sentinel can be accessed via port {{ .Values.sentinel.port }} on the following DNS name from within your cluster:
{{ template "redis-ha.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local
To connect to your Redis server:
{{- if .Values.auth }}
1. To retrieve the redis password:
echo $(kubectl get secret {{ template "redis-ha.fullname" . }} -o "jsonpath={.data['auth']}" | base64 --decode)
2. Connect to the Redis master pod that you can use as a client. By default the {{ template "redis-ha.fullname" . }}-server-0 pod is configured as the master:
kubectl exec -it {{ template "redis-ha.fullname" . }}-server-0 sh -n {{ .Release.Namespace }}
3. Connect using the Redis CLI (inside container):
redis-cli -a <REDIS-PASS-FROM-SECRET>
{{- else }}
1. Run a Redis pod that you can use as a client:
kubectl exec -it {{ template "redis-ha.fullname" . }}-server-0 sh -n {{ .Release.Namespace }}
2. Connect using the Redis CLI:
redis-cli -h {{ template "redis-ha.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local
{{- end }}

275
charts/argo-cd/charts/redis-ha/templates/_configs.tpl
View file

@ -1,275 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{- define "config-redis.conf" }}
{{- if .Values.redis.customConfig }}
{{ tpl .Values.redis.customConfig . | indent 4 }}
{{- else }}
dir "/data"
port {{ .Values.redis.port }}
{{- range $key, $value := .Values.redis.config }}
{{ $key }} {{ $value }}
{{- end }}
{{- if .Values.auth }}
requirepass replace-default-auth
masterauth replace-default-auth
{{- end }}
{{- end }}
{{- end }}
{{- define "config-sentinel.conf" }}
{{- if .Values.sentinel.customConfig }}
{{ tpl .Values.sentinel.customConfig . | indent 4 }}
{{- else }}
dir "/data"
{{- range $key, $value := .Values.sentinel.config }}
{{- if eq "maxclients" $key }}
{{ $key }} {{ $value }}
{{- else }}
sentinel {{ $key }} {{ template "redis-ha.masterGroupName" $ }} {{ $value }}
{{- end }}
{{- end }}
{{- if .Values.auth }}
sentinel auth-pass {{ template "redis-ha.masterGroupName" . }} replace-default-auth
{{- end }}
{{- end }}
{{- end }}
{{- define "config-init.sh" }}
HOSTNAME="$(hostname)"
INDEX="${HOSTNAME##*-}"
MASTER="$(redis-cli -h {{ template "redis-ha.fullname" . }} -p {{ .Values.sentinel.port }} sentinel get-master-addr-by-name {{ template "redis-ha.masterGroupName" . }} | grep -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}')"
MASTER_GROUP="{{ template "redis-ha.masterGroupName" . }}"
QUORUM="{{ .Values.sentinel.quorum }}"
REDIS_CONF=/data/conf/redis.conf
REDIS_PORT={{ .Values.redis.port }}
SENTINEL_CONF=/data/conf/sentinel.conf
SENTINEL_PORT={{ .Values.sentinel.port }}
SERVICE={{ template "redis-ha.fullname" . }}
set -eu
sentinel_update() {
echo "Updating sentinel config with master $MASTER"
eval MY_SENTINEL_ID="\${SENTINEL_ID_$INDEX}"
sed -i "1s/^/sentinel myid $MY_SENTINEL_ID\\n/" "$SENTINEL_CONF"
sed -i "2s/^/sentinel monitor $MASTER_GROUP $1 $REDIS_PORT $QUORUM \\n/" "$SENTINEL_CONF"
echo "sentinel announce-ip $ANNOUNCE_IP" >> $SENTINEL_CONF
echo "sentinel announce-port $SENTINEL_PORT" >> $SENTINEL_CONF
}
redis_update() {
echo "Updating redis config"
echo "slaveof $1 $REDIS_PORT" >> "$REDIS_CONF"
echo "slave-announce-ip $ANNOUNCE_IP" >> $REDIS_CONF
echo "slave-announce-port $REDIS_PORT" >> $REDIS_CONF
}
copy_config() {
cp /readonly-config/redis.conf "$REDIS_CONF"
cp /readonly-config/sentinel.conf "$SENTINEL_CONF"
}
setup_defaults() {
echo "Setting up defaults"
if [ "$INDEX" = "0" ]; then
echo "Setting this pod as the default master"
redis_update "$ANNOUNCE_IP"
sentinel_update "$ANNOUNCE_IP"
sed -i "s/^.*slaveof.*//" "$REDIS_CONF"
else
DEFAULT_MASTER="$(getent hosts "$SERVICE-announce-0" | awk '{ print $1 }')"
if [ -z "$DEFAULT_MASTER" ]; then
echo "Unable to resolve host"
exit 1
fi
echo "Setting default slave config.."
redis_update "$DEFAULT_MASTER"
sentinel_update "$DEFAULT_MASTER"
fi
}
find_master() {
echo "Attempting to find master"
if [ "$(redis-cli -h "$MASTER"{{ if .Values.auth }} -a "$AUTH"{{ end }} ping)" != "PONG" ]; then
echo "Can't ping master, attempting to force failover"
if redis-cli -h "$SERVICE" -p "$SENTINEL_PORT" sentinel failover "$MASTER_GROUP" | grep -q 'NOGOODSLAVE' ; then
setup_defaults
return 0
fi
sleep 10
MASTER="$(redis-cli -h $SERVICE -p $SENTINEL_PORT sentinel get-master-addr-by-name $MASTER_GROUP | grep -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}')"
if [ "$MASTER" ]; then
sentinel_update "$MASTER"
redis_update "$MASTER"
else
echo "Could not failover, exiting..."
exit 1
fi
else
echo "Found reachable master, updating config"
sentinel_update "$MASTER"
redis_update "$MASTER"
fi
}
mkdir -p /data/conf/
echo "Initializing config.."
copy_config
ANNOUNCE_IP=$(getent hosts "$SERVICE-announce-$INDEX" | awk '{ print $1 }')
if [ -z "$ANNOUNCE_IP" ]; then
"Could not resolve the announce ip for this pod"
exit 1
elif [ "$MASTER" ]; then
find_master
else
setup_defaults
fi
if [ "${AUTH:-}" ]; then
echo "Setting auth values"
ESCAPED_AUTH=$(echo "$AUTH" | sed -e 's/[\/&]/\\&/g');
sed -i "s/replace-default-auth/${ESCAPED_AUTH}/" "$REDIS_CONF" "$SENTINEL_CONF"
fi
echo "Ready..."
{{- end }}
{{- define "config-haproxy.cfg" }}
{{- if .Values.haproxy.customConfig }}
{{ .Values.haproxy.customConfig | indent 4}}
{{- else }}
defaults REDIS
mode tcp
timeout connect {{ .Values.haproxy.timeout.connect }}
timeout server {{ .Values.haproxy.timeout.server }}
timeout client {{ .Values.haproxy.timeout.client }}
timeout check {{ .Values.haproxy.timeout.check }}
listen health_check_http_url
bind :8888
mode http
monitor-uri /healthz
option dontlognull
{{- $root := . }}
{{- $fullName := include "redis-ha.fullname" . }}
{{- $replicas := int (toString .Values.replicas) }}
{{- $masterGroupName := include "redis-ha.masterGroupName" . }}
{{- range $i := until $replicas }}
# Check Sentinel and whether they are nominated master
backend check_if_redis_is_master_{{ $i }}
mode tcp
option tcp-check
tcp-check connect
{{- if $root.auth }}
tcp-check send AUTH\ {{ $root.redisPassword }}\r\n
tcp-check expect string +OK
{{- end }}
tcp-check send PING\r\n
tcp-check expect string +PONG
tcp-check send SENTINEL\ get-master-addr-by-name\ {{ $masterGroupName }}\r\n
tcp-check expect string REPLACE_ANNOUNCE{{ $i }}
tcp-check send QUIT\r\n
tcp-check expect string +OK
{{- range $i := until $replicas }}
server R{{ $i }} {{ $fullName }}-announce-{{ $i }}:26379 check inter 1s
{{- end }}
{{- end }}
# decide redis backend to use
#master
frontend ft_redis_master
bind *:{{ $root.Values.redis.port }}
use_backend bk_redis_master
{{- if .Values.haproxy.readOnly.enabled }}
#slave
frontend ft_redis_slave
bind *:{{ .Values.haproxy.readOnly.port }}
use_backend bk_redis_slave
{{- end }}
# Check all redis servers to see if they think they are master
backend bk_redis_master
{{- if .Values.haproxy.stickyBalancing }}
balance source
hash-type consistent
{{- end }}
mode tcp
option tcp-check
tcp-check connect
{{- if .Values.auth }}
tcp-check send AUTH\ REPLACE_AUTH_SECRET\r\n
tcp-check expect string +OK
{{- end }}
tcp-check send PING\r\n
tcp-check expect string +PONG
tcp-check send info\ replication\r\n
tcp-check expect string role:master
tcp-check send QUIT\r\n
tcp-check expect string +OK
{{- range $i := until $replicas }}
use-server R{{ $i }} if { srv_is_up(R{{ $i }}) } { nbsrv(check_if_redis_is_master_{{ $i }}) ge 2 }
server R{{ $i }} {{ $fullName }}-announce-{{ $i }}:{{ $root.Values.redis.port }} check inter 1s fall 1 rise 1
{{- end }}
{{- if .Values.haproxy.readOnly.enabled }}
backend bk_redis_slave
{{- if .Values.haproxy.stickyBalancing }}
balance source
hash-type consistent
{{- end }}
mode tcp
option tcp-check
tcp-check connect
{{- if .Values.auth }}
tcp-check send AUTH\ REPLACE_AUTH_SECRET\r\n
tcp-check expect string +OK
{{- end }}
tcp-check send PING\r\n
tcp-check expect string +PONG
tcp-check send info\ replication\r\n
tcp-check expect string role:slave
tcp-check send QUIT\r\n
tcp-check expect string +OK
{{- range $i := until $replicas }}
server R{{ $i }} {{ $fullName }}-announce-{{ $i }}:{{ $root.Values.redis.port }} check inter 1s fall 1 rise 1
{{- end }}
{{- end }}
{{- if .Values.haproxy.metrics.enabled }}
frontend metrics
mode http
bind *:{{ .Values.haproxy.metrics.port }}
option http-use-htx
http-request use-service prometheus-exporter if { path {{ .Values.haproxy.metrics.scrapePath }} }
{{- end }}
{{- if .Values.haproxy.extraConfig }}
# Additional configuration
{{ .Values.haproxy.extraConfig | indent 4 }}
{{- end }}
{{- end }}
{{- end }}
{{- define "config-haproxy_init.sh" }}
HAPROXY_CONF=/data/haproxy.cfg
cp /readonly/haproxy.cfg "$HAPROXY_CONF"
{{- $fullName := include "redis-ha.fullname" . }}
{{- $replicas := int (toString .Values.replicas) }}
{{- range $i := until $replicas }}
for loop in $(seq 1 10); do
getent hosts {{ $fullName }}-announce-{{ $i }} && break
echo "Waiting for service {{ $fullName }}-announce-{{ $i }} to be ready ($loop) ..." && sleep 1
done
ANNOUNCE_IP{{ $i }}=$(getent hosts "{{ $fullName }}-announce-{{ $i }}" | awk '{ print $1 }')
if [ -z "$ANNOUNCE_IP{{ $i }}" ]; then
echo "Could not resolve the announce ip for {{ $fullName }}-announce-{{ $i }}"
exit 1
fi
sed -i "s/REPLACE_ANNOUNCE{{ $i }}/$ANNOUNCE_IP{{ $i }}/" "$HAPROXY_CONF"
if [ "${AUTH:-}" ]; then
echo "Setting auth values"
ESCAPED_AUTH=$(echo "$AUTH" | sed -e 's/[\/&]/\\&/g');
sed -i "s/REPLACE_AUTH_SECRET/${ESCAPED_AUTH}/" "$HAPROXY_CONF"
fi
{{- end }}
{{- end }}

83
charts/argo-cd/charts/redis-ha/templates/_helpers.tpl
View file

@ -1,83 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "redis-ha.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "redis-ha.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Return sysctl image
*/}}
{{- define "redis.sysctl.image" -}}
{{- $registryName := default "docker.io" .Values.sysctlImage.registry -}}
{{- $tag := default "latest" .Values.sysctlImage.tag | toString -}}
{{- printf "%s/%s:%s" $registryName .Values.sysctlImage.repository $tag -}}
{{- end -}}
{{- /*
Credit: @technosophos
https://github.com/technosophos/common-chart/
labels.standard prints the standard Helm labels.
The standard labels are frequently used in metadata.
*/ -}}
{{- define "labels.standard" -}}
app: {{ template "redis-ha.name" . }}
heritage: {{ .Release.Service | quote }}
release: {{ .Release.Name | quote }}
chart: {{ template "chartref" . }}
{{- end -}}
{{- /*
Credit: @technosophos
https://github.com/technosophos/common-chart/
chartref prints a chart name and version.
It does minimal escaping for use in Kubernetes labels.
Example output:
zookeeper-1.2.3
wordpress-3.2.1_20170219
*/ -}}
{{- define "chartref" -}}
{{- replace "+" "_" .Chart.Version | printf "%s-%s" .Chart.Name -}}
{{- end -}}
{{/*
Create the name of the service account to use
*/}}
{{- define "redis-ha.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "redis-ha.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{- define "redis-ha.masterGroupName" -}}
{{- $masterGroupName := tpl ( .Values.redis.masterGroupName | default "") . -}}
{{- $validMasterGroupName := regexMatch "^[\\w-\\.]+$" $masterGroupName -}}
{{- if $validMasterGroupName -}}
{{ $masterGroupName }}
{{- else -}}
{{ required "A valid .Values.redis.masterGroupName entry is required (matching ^[\\w-\\.]+$)" ""}}
{{- end -}}
{{- end -}}

12
charts/argo-cd/charts/redis-ha/templates/redis-auth-secret.yaml
View file

@ -1,12 +0,0 @@
{{- if and .Values.auth (not .Values.existingSecret) -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "redis-ha.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{ include "labels.standard" . | indent 4 }}
type: Opaque
data:
{{ .Values.authKey }}: {{ .Values.redisPassword | b64enc | quote }}
{{- end -}}

41
charts/argo-cd/charts/redis-ha/templates/redis-ha-announce-service.yaml
View file

@ -1,41 +0,0 @@
{{- $fullName := include "redis-ha.fullname" . }}
{{- $namespace := .Release.Namespace -}}
{{- $replicas := int (toString .Values.replicas) }}
{{- $root := . }}
{{- range $i := until $replicas }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ $fullName }}-announce-{{ $i }}
namespace: {{ $namespace }}
labels:
{{ include "labels.standard" $root | indent 4 }}
annotations:
service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
{{- if $root.Values.serviceAnnotations }}
{{ toYaml $root.Values.serviceAnnotations | indent 4 }}
{{- end }}
spec:
publishNotReadyAddresses: true
type: ClusterIP
ports:
- name: server
port: {{ $root.Values.redis.port }}
protocol: TCP
targetPort: redis
- name: sentinel
port: {{ $root.Values.sentinel.port }}
protocol: TCP
targetPort: sentinel
{{- if $root.Values.exporter.enabled }}
- name: exporter
port: {{ $root.Values.exporter.port }}
protocol: TCP
targetPort: exporter-port
{{- end }}
selector:
release: {{ $root.Release.Name }}
app: {{ include "redis-ha.name" $root }}
"statefulset.kubernetes.io/pod-name": {{ $fullName }}-server-{{ $i }}
{{- end }}

25
charts/argo-cd/charts/redis-ha/templates/redis-ha-configmap.yaml
View file

@ -1,25 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "redis-ha.fullname" . }}-configmap
namespace: {{ .Release.Namespace }}
labels:
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
app: {{ template "redis-ha.fullname" . }}
data:
redis.conf: |
{{- include "config-redis.conf" . }}
sentinel.conf: |
{{- include "config-sentinel.conf" . }}
init.sh: |
{{- include "config-init.sh" . }}
{{ if .Values.haproxy.enabled }}
haproxy.cfg: |-
{{- include "config-haproxy.cfg" . }}
{{- end }}
haproxy_init.sh: |
{{- include "config-haproxy_init.sh" . }}

11
charts/argo-cd/charts/redis-ha/templates/redis-ha-exporter-script-configmap.yaml
View file

@ -1,11 +0,0 @@
{{- if .Values.exporter.script }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "redis-ha.fullname" . }}-exporter-script-configmap
namespace: {{ .Release.Namespace }}
labels:
{{ include "labels.standard" . | indent 4 }}
data:
script: {{ toYaml .Values.exporter.script | indent 2 }}
{{- end }}

15
charts/argo-cd/charts/redis-ha/templates/redis-ha-pdb.yaml
View file

@ -1,15 +0,0 @@
{{- if .Values.podDisruptionBudget -}}
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
name: {{ template "redis-ha.fullname" . }}-pdb
namespace: {{ .Release.Namespace }}
labels:
{{ include "labels.standard" . | indent 4 }}
spec:
selector:
matchLabels:
release: {{ .Release.Name }}
app: {{ template "redis-ha.name" . }}
{{ toYaml .Values.podDisruptionBudget | indent 2 }}
{{- end -}}

19
charts/argo-cd/charts/redis-ha/templates/redis-ha-role.yaml
View file

@ -1,19 +0,0 @@
{{- if and .Values.serviceAccount.create .Values.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ template "redis-ha.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
app: {{ template "redis-ha.fullname" . }}
rules:
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
{{- end }}

19
charts/argo-cd/charts/redis-ha/templates/redis-ha-rolebinding.yaml
View file

@ -1,19 +0,0 @@
{{- if and .Values.serviceAccount.create .Values.rbac.create }}
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ template "redis-ha.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
app: {{ template "redis-ha.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "redis-ha.serviceAccountName" . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "redis-ha.fullname" . }}
{{- end }}

35
charts/argo-cd/charts/redis-ha/templates/redis-ha-service.yaml
View file

@ -1,35 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: {{ template "redis-ha.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{ include "labels.standard" . | indent 4 }}
{{- if and ( .Values.exporter.enabled ) ( .Values.exporter.serviceMonitor.enabled ) }}
servicemonitor: enabled
{{- end }}
annotations:
{{- if .Values.serviceAnnotations }}
{{ toYaml .Values.serviceAnnotations | indent 4 }}
{{- end }}
spec:
type: ClusterIP
clusterIP: None
ports:
- name: server
port: {{ .Values.redis.port }}
protocol: TCP
targetPort: redis
- name: sentinel
port: {{ .Values.sentinel.port }}
protocol: TCP
targetPort: sentinel
{{- if .Values.exporter.enabled }}
- name: exporter-port
port: {{ .Values.exporter.port }}
protocol: TCP
targetPort: exporter-port
{{- end }}
selector:
release: {{ .Release.Name }}
app: {{ template "redis-ha.name" . }}

12
charts/argo-cd/charts/redis-ha/templates/redis-ha-serviceaccount.yaml
View file

@ -1,12 +0,0 @@
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "redis-ha.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
labels:
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
app: {{ template "redis-ha.fullname" . }}
{{- end }}

35
charts/argo-cd/charts/redis-ha/templates/redis-ha-servicemonitor.yaml
View file

@ -1,35 +0,0 @@
{{- if and ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) ( .Values.exporter.serviceMonitor.enabled ) ( .Values.exporter.enabled ) }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
{{- if .Values.exporter.serviceMonitor.labels }}
labels:
{{ toYaml .Values.exporter.serviceMonitor.labels | indent 4}}
{{- end }}
name: {{ template "redis-ha.fullname" . }}
namespace: {{ .Release.Namespace }}
{{- if .Values.exporter.serviceMonitor.namespace }}
namespace: {{ .Values.exporter.serviceMonitor.namespace }}
{{- end }}
spec:
endpoints:
- targetPort: {{ .Values.exporter.port }}
{{- if .Values.exporter.serviceMonitor.interval }}
interval: {{ .Values.exporter.serviceMonitor.interval }}
{{- end }}
{{- if .Values.exporter.serviceMonitor.telemetryPath }}
path: {{ .Values.exporter.serviceMonitor.telemetryPath }}
{{- end }}
{{- if .Values.exporter.serviceMonitor.timeout }}
scrapeTimeout: {{ .Values.exporter.serviceMonitor.timeout }}
{{- end }}
jobLabel: {{ template "redis-ha.fullname" . }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
selector:
matchLabels:
app: {{ template "redis-ha.name" . }}
release: {{ .Release.Name }}
servicemonitor: enabled
{{- end }}

319
charts/argo-cd/charts/redis-ha/templates/redis-ha-statefulset.yaml
View file

@ -1,319 +0,0 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ template "redis-ha.fullname" . }}-server
namespace: {{ .Release.Namespace }}
labels:
{{ template "redis-ha.fullname" . }}: replica
{{ include "labels.standard" . | indent 4 }}
spec:
selector:
matchLabels:
release: {{ .Release.Name }}
app: {{ template "redis-ha.name" . }}
serviceName: {{ template "redis-ha.fullname" . }}
replicas: {{ .Values.replicas }}
podManagementPolicy: OrderedReady
updateStrategy:
type: RollingUpdate
template:
metadata:
annotations:
checksum/init-config: {{ print (include "config-redis.conf" .) (include "config-init.sh" .) | sha256sum }}
{{- if .Values.podAnnotations }}
{{ toYaml .Values.podAnnotations | indent 8 }}
{{- end }}
{{- if .Values.exporter.enabled }}
prometheus.io/port: "{{ .Values.exporter.port }}"
prometheus.io/scrape: "true"
prometheus.io/path: {{ .Values.exporter.scrapePath }}
{{- end }}
labels:
release: {{ .Release.Name }}
app: {{ template "redis-ha.name" . }}
{{ template "redis-ha.fullname" . }}: replica
{{- range $key, $value := .Values.labels }}
{{ $key }}: {{ $value }}
{{- end }}
spec:
{{- if .Values.schedulerName }}
schedulerName: "{{ .Values.schedulerName }}"
{{- end }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.tolerations }}
tolerations:
{{ toYaml .Values.tolerations | indent 8 }}
{{- end }}
affinity:
{{- if .Values.affinity }}
{{- with .Values.affinity }}
{{ tpl . $ | indent 8 }}
{{- end }}
{{- else }}
{{- if .Values.additionalAffinities }}
{{ toYaml .Values.additionalAffinities | indent 8 }}
{{- end }}
podAntiAffinity:
{{- if .Values.hardAntiAffinity }}
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app: {{ template "redis-ha.name" . }}
release: {{ .Release.Name }}
{{ template "redis-ha.fullname" . }}: replica
topologyKey: kubernetes.io/hostname
{{- else }}
preferredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app: {{ template "redis-ha.name" . }}
release: {{ .Release.Name }}
{{ template "redis-ha.fullname" . }}: replica
topologyKey: kubernetes.io/hostname
{{- end }}
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchLabels:
app: {{ template "redis-ha.name" . }}
release: {{ .Release.Name }}
{{ template "redis-ha.fullname" . }}: replica
topologyKey: failure-domain.beta.kubernetes.io/zone
{{- end }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }}
{{- end }}
securityContext:
{{ toYaml .Values.securityContext | indent 8 }}
serviceAccountName: {{ template "redis-ha.serviceAccountName" . }}
initContainers:
{{- if .Values.sysctlImage.enabled }}
- name: init-sysctl
image: {{ template "redis.sysctl.image" . }}
imagePullPolicy: {{ .Values.sysctlImage.pullPolicy }}
resources:
{{ toYaml .Values.sysctlImage.resources | indent 10 }}
{{- if .Values.sysctlImage.mountHostSys }}
volumeMounts:
- name: host-sys
mountPath: /host-sys
{{- end }}
command:
{{ toYaml .Values.sysctlImage.command | indent 10 }}
securityContext:
runAsNonRoot: false
privileged: true
runAsUser: 0
{{- end }}
{{- if and .Values.hostPath.path .Values.hostPath.chown }}
- name: hostpath-chown
image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
securityContext:
runAsNonRoot: false
runAsUser: 0
command:
- chown
- "{{ .Values.securityContext.runAsUser }}"
- /data
volumeMounts:
- name: data
mountPath: /data
{{- end }}
- name: config-init
image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
resources:
{{ toYaml .Values.init.resources | indent 10 }}
command:
- sh
args:
- /readonly-config/init.sh
env:
{{- $replicas := int (toString .Values.replicas) -}}
{{- range $i := until $replicas }}
- name: SENTINEL_ID_{{ $i }}
value: {{ printf "%s\n%s\nindex: %d" (include "redis-ha.name" $) ($.Release.Name) $i | sha1sum }}
{{ end -}}
{{- if .Values.auth }}
- name: AUTH
valueFrom:
secretKeyRef:
{{- if .Values.existingSecret }}
name: {{ .Values.existingSecret }}
{{- else }}
name: {{ template "redis-ha.fullname" . }}
{{- end }}
key: {{ .Values.authKey }}
{{- end }}
volumeMounts:
- name: config
mountPath: /readonly-config
readOnly: true
- name: data
mountPath: /data
containers:
- name: redis
image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- redis-server
args:
- /data/conf/redis.conf
env:
{{- if .Values.auth }}
- name: AUTH
valueFrom:
secretKeyRef:
{{- if .Values.existingSecret }}
name: {{ .Values.existingSecret }}
{{- else }}
name: {{ template "redis-ha.fullname" . }}
{{- end }}
key: {{ .Values.authKey }}
{{- end }}
livenessProbe:
tcpSocket:
port: {{ .Values.redis.port }}
initialDelaySeconds: 15
resources:
{{ toYaml .Values.redis.resources | indent 10 }}
ports:
- name: redis
containerPort: {{ .Values.redis.port }}
volumeMounts:
- mountPath: /data
name: data
- name: sentinel
image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- redis-sentinel
args:
- /data/conf/sentinel.conf
{{- if .Values.auth }}
env:
- name: AUTH
valueFrom:
secretKeyRef:
{{- if .Values.existingSecret }}
name: {{ .Values.existingSecret }}
{{- else }}
name: {{ template "redis-ha.fullname" . }}
{{- end }}
key: {{ .Values.authKey }}
{{- end }}
livenessProbe:
tcpSocket:
port: {{ .Values.sentinel.port }}
initialDelaySeconds: 15
resources:
{{ toYaml .Values.sentinel.resources | indent 10 }}
ports:
- name: sentinel
containerPort: {{ .Values.sentinel.port }}
volumeMounts:
- mountPath: /data
name: data
{{- if .Values.exporter.enabled }}
- name: redis-exporter
image: "{{ .Values.exporter.image }}:{{ .Values.exporter.tag }}"
imagePullPolicy: {{ .Values.exporter.pullPolicy }}
args:
{{- range $key, $value := .Values.exporter.extraArgs }}
- --{{ $key }}={{ $value }}
{{- end }}
env:
- name: REDIS_ADDR
value: redis://localhost:{{ .Values.redis.port }}
{{- if .Values.auth }}
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
{{- if .Values.existingSecret }}
name: {{ .Values.existingSecret }}
{{- else }}
name: {{ template "redis-ha.fullname" . }}
{{- end }}
key: {{ .Values.authKey }}
{{- end }}
{{- if .Values.exporter.script }}
- name: REDIS_EXPORTER_SCRIPT
value: /script/script.lua
{{- end }}
livenessProbe:
httpGet:
path: {{ .Values.exporter.scrapePath }}
port: {{ .Values.exporter.port }}
initialDelaySeconds: 15
timeoutSeconds: 1
periodSeconds: 15
resources:
{{ toYaml .Values.exporter.resources | indent 10 }}
ports:
- name: exporter-port
containerPort: {{ .Values.exporter.port }}
{{- if .Values.exporter.script }}
volumeMounts:
- mountPath: /script
name: script-mount
{{- end }}
{{- end }}
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName }}
{{- end }}
volumes:
- name: config
configMap:
name: {{ template "redis-ha.fullname" . }}-configmap
{{- if .Values.sysctlImage.mountHostSys }}
- name: host-sys
hostPath:
path: /sys
{{- end }}
{{- if .Values.exporter.script }}
- name: script-mount
configMap:
name: {{ template "redis-ha.fullname" . }}-exporter-script-configmap
items:
- key: script
path: script.lua
{{- end }}
{{- if .Values.persistentVolume.enabled }}
volumeClaimTemplates:
- metadata:
name: data
annotations:
{{- range $key, $value := .Values.persistentVolume.annotations }}
{{ $key }}: {{ $value }}
{{- end }}
spec:
accessModes:
{{- range .Values.persistentVolume.accessModes }}
- {{ . | quote }}
{{- end }}
resources:
requests:
storage: {{ .Values.persistentVolume.size | quote }}
{{- if .Values.persistentVolume.storageClass }}
{{- if (eq "-" .Values.persistentVolume.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.persistentVolume.storageClass }}"
{{- end }}
{{- end }}
{{- if .Values.persistentVolume.reclaimPolicy }}
persistentVolumeReclaimPolicy: "{{ .Values.persistentVolume.reclaimPolicy }}"
{{- end }}
{{- else if .Values.hostPath.path }}
- name: data
hostPath:
path: {{ tpl .Values.hostPath.path .}}
{{- else }}
- name: data
emptyDir:
{{ toYaml .Values.emptyDir | indent 10 }}
{{- end }}

151
charts/argo-cd/charts/redis-ha/templates/redis-haproxy-deployment.yaml
View file

@ -1,151 +0,0 @@
{{- if .Values.haproxy.enabled }}
kind: Deployment
apiVersion: apps/v1
metadata:
name: {{ template "redis-ha.fullname" . }}-haproxy
namespace: {{ .Release.Namespace }}
labels:
{{ include "labels.standard" . | indent 4 }}
spec:
strategy:
type: RollingUpdate
revisionHistoryLimit: 1
replicas: {{ .Values.haproxy.replicas }}
selector:
matchLabels:
app: {{ template "redis-ha.name" . }}-haproxy
release: {{ .Release.Name }}
template:
metadata:
name: {{ template "redis-ha.fullname" . }}-haproxy
labels:
app: {{ template "redis-ha.name" . }}-haproxy
release: {{ .Release.Name }}
annotations:
{{- if .Values.haproxy.metrics.enabled }}
prometheus.io/port: "{{ .Values.haproxy.metrics.port }}"
prometheus.io/scrape: "true"
prometheus.io/path: "{{ .Values.haproxy.metrics.scrapePath }}"
{{- end }}
checksum/config: {{ print (include "config-haproxy.cfg" .) (include "config-haproxy_init.sh" .) | sha256sum }}
{{- if .Values.haproxy.annotations }}
{{ toYaml .Values.haproxy.annotations | indent 8 }}
{{- end }}
spec:
# Needed when using unmodified rbac-setup.yml
{{ if .Values.haproxy.serviceAccount.create }}
serviceAccountName: {{ template "redis-ha.serviceAccountName" . }}-haproxy
{{ end }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
tolerations:
{{ toYaml .Values.tolerations | indent 8 }}
affinity:
{{- if .Values.haproxy.affinity }}
{{- with .Values.haproxy.affinity }}
{{ tpl . $ | indent 8 }}
{{- end }}
{{- else }}
{{- if .Values.haproxy.additionalAffinities }}
{{ toYaml .Values.haproxy.additionalAffinities | indent 8 }}
{{- end }}
podAntiAffinity:
{{- if .Values.haproxy.hardAntiAffinity }}
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app: {{ template "redis-ha.name" . }}-haproxy
release: {{ .Release.Name }}
topologyKey: kubernetes.io/hostname
{{- else }}
preferredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app: {{ template "redis-ha.name" . }}-haproxy
release: {{ .Release.Name }}
topologyKey: kubernetes.io/hostname
{{- end }}
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchLabels:
app: {{ template "redis-ha.name" . }}-haproxy
release: {{ .Release.Name }}
topologyKey: failure-domain.beta.kubernetes.io/zone
{{- end }}
initContainers:
- name: config-init
image: {{ .Values.haproxy.image.repository }}:{{ .Values.haproxy.image.tag }}
imagePullPolicy: {{ .Values.haproxy.image.pullPolicy }}
resources:
{{ toYaml .Values.haproxy.init.resources | indent 10 }}
command:
- sh
args:
- /readonly/haproxy_init.sh
{{- if .Values.auth }}
env:
- name: AUTH
valueFrom:
secretKeyRef:
{{- if .Values.existingSecret }}
name: {{ .Values.existingSecret }}
{{- else }}
name: {{ template "redis-ha.fullname" . }}
{{- end }}
key: {{ .Values.authKey }}
{{- end }}
volumeMounts:
- name: config-volume
mountPath: /readonly
readOnly: true
- name: data
mountPath: /data
{{- if .Values.haproxy.imagePullSecrets }}
imagePullSecrets: {{ toYaml .Values.haproxy.imagePullSecrets | nindent 8 }}
{{- end }}
securityContext:
{{ toYaml .Values.haproxy.securityContext | indent 8 }}
containers:
- name: haproxy
image: {{ .Values.haproxy.image.repository }}:{{ .Values.haproxy.image.tag }}
imagePullPolicy: {{ .Values.haproxy.image.pullPolicy }}
livenessProbe:
httpGet:
path: /healthz
port: 8888
initialDelaySeconds: 5
periodSeconds: 3
ports:
- name: redis
containerPort: {{ default "6379" .Values.redis.port }}
{{- if .Values.haproxy.readOnly.enabled }}
- name: readonlyport
containerPort: {{ default "6380" .Values.haproxy.readOnly.port }}
{{- end }}
{{- if .Values.haproxy.metrics.enabled }}
- name: metrics-port
containerPort: {{ default "9101" .Values.haproxy.metrics.port }}
{{- end }}
resources:
{{ toYaml .Values.haproxy.resources | indent 10 }}
volumeMounts:
- name: data
mountPath: /usr/local/etc/haproxy
- name: shared-socket
mountPath: /run/haproxy
{{- if .Values.haproxy.priorityClassName }}
priorityClassName: {{ .Values.haproxy.priorityClassName }}
{{- end }}
volumes:
- name: config-volume
configMap:
name: {{ template "redis-ha.fullname" . }}-configmap
- name: shared-socket
emptyDir:
{{ toYaml .Values.haproxy.emptyDir | indent 10 }}
- name: data
emptyDir:
{{ toYaml .Values.haproxy.emptyDir | indent 10 }}
{{- end }}

42
charts/argo-cd/charts/redis-ha/templates/redis-haproxy-service.yaml
View file

@ -1,42 +0,0 @@
{{- if .Values.haproxy.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "redis-ha.fullname" . }}-haproxy
namespace: {{ .Release.Namespace }}
labels:
{{ include "labels.standard" . | indent 4 }}
component: {{ template "redis-ha.fullname" . }}-haproxy
annotations:
{{- if .Values.haproxy.service.annotations }}
{{ toYaml .Values.haproxy.service.annotations | indent 4 }}
{{- end }}
spec:
type: {{ default "ClusterIP" .Values.haproxy.service.type }}
{{- if and (eq .Values.haproxy.service.type "LoadBalancer") .Values.haproxy.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.haproxy.service.loadBalancerIP }}
{{- end }}
ports:
- name: haproxy
port: {{ .Values.redis.port }}
protocol: TCP
targetPort: redis
{{- if and (eq .Values.haproxy.service.type "NodePort") .Values.haproxy.service.nodePort }}
nodePort: {{ .Values.haproxy.service.nodePort }}
{{- end }}
{{- if .Values.haproxy.readOnly.enabled }}
- name: haproxyreadonly
port: {{ .Values.haproxy.readOnly.port }}
protocol: TCP
targetPort: {{ .Values.haproxy.readOnly.port }}
{{- end }}
{{- if .Values.haproxy.metrics.enabled }}
- name: {{ .Values.haproxy.metrics.portName }}
port: {{ .Values.haproxy.metrics.port }}
protocol: TCP
targetPort: metrics-port
{{- end }}
selector:
release: {{ .Release.Name }}
app: {{ template "redis-ha.name" . }}-haproxy
{{- end }}

12
charts/argo-cd/charts/redis-ha/templates/redis-haproxy-serviceaccount.yaml
View file

@ -1,12 +0,0 @@
{{- if and .Values.haproxy.serviceAccount.create .Values.haproxy.enabled }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "redis-ha.serviceAccountName" . }}-haproxy
namespace: {{ .Release.Namespace }}
labels:
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
app: {{ template "redis-ha.fullname" . }}
{{- end }}

34
charts/argo-cd/charts/redis-ha/templates/redis-haproxy-servicemonitor.yaml
View file

@ -1,34 +0,0 @@
{{- if and ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) ( .Values.haproxy.metrics.serviceMonitor.enabled ) ( .Values.haproxy.metrics.enabled ) }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
{{- with .Values.haproxy.metrics.serviceMonitor.labels }}
labels: {{ toYaml . | nindent 4}}
{{- end }}
name: {{ template "redis-ha.fullname" . }}-haproxy
namespace: {{ .Release.Namespace }}
{{- if .Values.haproxy.metrics.serviceMonitor.namespace }}
namespace: {{ .Values.haproxy.metrics.serviceMonitor.namespace }}
{{- end }}
spec:
endpoints:
- targetPort: {{ .Values.haproxy.metrics.port }}
{{- if .Values.haproxy.metrics.serviceMonitor.interval }}
interval: {{ .Values.haproxy.metrics.serviceMonitor.interval }}
{{- end }}
{{- if .Values.haproxy.metrics.serviceMonitor.telemetryPath }}
path: {{ .Values.haproxy.metrics.serviceMonitor.telemetryPath }}
{{- end }}
{{- if .Values.haproxy.metrics.serviceMonitor.timeout }}
scrapeTimeout: {{ .Values.haproxy.metrics.serviceMonitor.timeout }}
{{- end }}
jobLabel: {{ template "redis-ha.fullname" . }}-haproxy
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
selector:
matchLabels:
app: {{ template "redis-ha.name" . }}
release: {{ .Release.Name }}
component: {{ template "redis-ha.fullname" . }}-haproxy
{{- end }}

27
charts/argo-cd/charts/redis-ha/templates/tests/test-redis-ha-configmap.yaml
View file

@ -1,27 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: {{ template "redis-ha.fullname" . }}-configmap-test
labels:
{{ include "labels.standard" . | indent 4 }}
annotations:
"helm.sh/hook": test-success
spec:
containers:
- name: check-init
image: koalaman/shellcheck:v0.5.0
args:
- --shell=sh
- /readonly-config/init.sh
volumeMounts:
- name: config
mountPath: /readonly-config
readOnly: true
{{- if .Values.imagePullSecrets }}
imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 4 }}
{{- end }}
restartPolicy: Never
volumes:
- name: config
configMap:
name: {{ template "redis-ha.fullname" . }}-configmap

20
charts/argo-cd/charts/redis-ha/templates/tests/test-redis-ha-pod.yaml
View file

@ -1,20 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: {{ template "redis-ha.fullname" . }}-service-test
labels:
{{ include "labels.standard" . | indent 4 }}
annotations:
"helm.sh/hook": test-success
spec:
containers:
- name: "{{ .Release.Name }}-service-test"
image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
command:
- sh
- -c
- redis-cli -h {{ template "redis-ha.fullname" . }} -p {{ .Values.redis.port }} info server
{{- if .Values.imagePullSecrets }}
imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 4 }}
{{- end }}
restartPolicy: Never

362
charts/argo-cd/charts/redis-ha/values.yaml
View file

@ -1,362 +0,0 @@
## Configure resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
image:
repository: redis
tag: 5.0.6-alpine
pullPolicy: IfNotPresent
## Reference to one or more secrets to be used when pulling images
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## This imagePullSecrets is only for redis images
##
imagePullSecrets: []
# - name: "image-pull-secret"
## replicas number for each component
replicas: 3
## Kubernetes priorityClass name for the redis-ha-server pod
# priorityClassName: ""
## Custom labels for the redis pod
labels: {}
## Pods Service Account
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
serviceAccount:
## Specifies whether a ServiceAccount should be created
##
create: true
## The name of the ServiceAccount to use.
## If not set and create is true, a name is generated using the redis-ha.fullname template
# name:
## Enables a HA Proxy for better LoadBalancing / Sentinel Master support. Automatically proxies to Redis master.
## Recommend for externally exposed Redis clusters.
## ref: https://cbonte.github.io/haproxy-dconv/1.9/intro.html
haproxy:
enabled: false
# Enable if you want a dedicated port in haproxy for redis-slaves
readOnly:
enabled: false
port: 6380
replicas: 3
image:
repository: haproxy
tag: 2.0.4
pullPolicy: IfNotPresent
## Reference to one or more secrets to be used when pulling images
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
imagePullSecrets: []
# - name: "image-pull-secret"
annotations: {}
resources: {}
emptyDir: {}
## Enable sticky sessions to Redis nodes via HAProxy
## Very useful for long-living connections as in case of Sentry for example
stickyBalancing: false
## Kubernetes priorityClass name for the haproxy pod
# priorityClassName: ""
## Service type for HAProxy
##
service:
type: ClusterIP
loadBalancerIP:
annotations: {}
serviceAccount:
create: true
## Official HAProxy embedded prometheus metrics settings.
## Ref: https://github.com/haproxy/haproxy/tree/master/contrib/prometheus-exporter
##
metrics:
enabled: false
# prometheus port & scrape path
port: 9101
portName: exporter-port
scrapePath: /metrics
serviceMonitor:
# When set true then use a ServiceMonitor to configure scraping
enabled: false
# Set the namespace the ServiceMonitor should be deployed
# namespace: monitoring
# Set how frequently Prometheus should scrape
# interval: 30s
# Set path to redis-exporter telemtery-path
# telemetryPath: /metrics
# Set labels for the ServiceMonitor, use this to define your scrape label for Prometheus Operator
# labels: {}
# Set timeout for scrape
# timeout: 10s
init:
resources: {}
timeout:
connect: 4s
server: 30s
client: 30s
check: 2s
securityContext:
runAsUser: 1000
fsGroup: 1000
runAsNonRoot: true
## Whether the haproxy pods should be forced to run on separate nodes.
hardAntiAffinity: true
## Additional affinities to add to the haproxy pods.
additionalAffinities: {}
## Override all other affinity settings for the haproxy pods with a string.
affinity: |
## Custom config-haproxy.cfg files used to override default settings. If this file is
## specified then the config-haproxy.cfg above will be ignored.
# customConfig: |-
# Define configuration here
## Place any additional configuration section to add to the default config-haproxy.cfg
# extraConfig: |-
# Define configuration here
## Role Based Access
## Ref: https://kubernetes.io/docs/admin/authorization/rbac/
##
rbac:
create: true
sysctlImage:
enabled: false
command: []
registry: docker.io
repository: busybox
tag: 1.31.1
pullPolicy: Always
mountHostSys: false
resources: {}
## Use an alternate scheduler, e.g. "stork".
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
# schedulerName:
## Redis specific configuration options
redis:
port: 6379
masterGroupName: "mymaster" # must match ^[\\w-\\.]+$) and can be templated
config:
## Additional redis conf options can be added below
## For all available options see http://download.redis.io/redis-stable/redis.conf
min-replicas-to-write: 1
min-replicas-max-lag: 5 # Value in seconds
maxmemory: "0" # Max memory to use for each redis instance. Default is unlimited.
maxmemory-policy: "volatile-lru" # Max memory policy to use for each redis instance. Default is volatile-lru.
# Determines if scheduled RDB backups are created. Default is false.
# Please note that local (on-disk) RDBs will still be created when re-syncing with a new slave. The only way to prevent this is to enable diskless replication.
save: "900 1"
# When enabled, directly sends the RDB over the wire to slaves, without using the disk as intermediate storage. Default is false.
repl-diskless-sync: "yes"
rdbcompression: "yes"
rdbchecksum: "yes"
## Custom redis.conf files used to override default settings. If this file is
## specified then the redis.config above will be ignored.
# customConfig: |-
# Define configuration here
resources: {}
# requests:
# memory: 200Mi
# cpu: 100m
# limits:
# memory: 700Mi
## Sentinel specific configuration options
sentinel:
port: 26379
quorum: 2
config:
## Additional sentinel conf options can be added below. Only options that
## are expressed in the format simialar to 'sentinel xxx mymaster xxx' will
## be properly templated expect maxclients option.
## For available options see http://download.redis.io/redis-stable/sentinel.conf
down-after-milliseconds: 10000
## Failover timeout value in milliseconds
failover-timeout: 180000
parallel-syncs: 5
maxclients: 10000
## Custom sentinel.conf files used to override default settings. If this file is
## specified then the sentinel.config above will be ignored.
# customConfig: |-
# Define configuration here
resources: {}
# requests:
# memory: 200Mi
# cpu: 100m
# limits:
# memory: 200Mi
securityContext:
runAsUser: 1000
fsGroup: 1000
runAsNonRoot: true
## Node labels, affinity, and tolerations for pod assignment
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
nodeSelector: {}
## Whether the Redis server pods should be forced to run on separate nodes.
## This is accomplished by setting their AntiAffinity with requiredDuringSchedulingIgnoredDuringExecution as opposed to preferred.
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity-beta-feature
##
hardAntiAffinity: true
## Additional affinities to add to the Redis server pods.
##
## Example:
## nodeAffinity:
## preferredDuringSchedulingIgnoredDuringExecution:
## - weight: 50
## preference:
## matchExpressions:
## - key: spot
## operator: NotIn
## values:
## - "true"
##
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
additionalAffinities: {}
## Override all other affinity settings for the Redis server pods with a string.
##
## Example:
## affinity: |
## podAntiAffinity:
## requiredDuringSchedulingIgnoredDuringExecution:
## - labelSelector:
## matchLabels:
## app: {{ template "redis-ha.name" . }}
## release: {{ .Release.Name }}
## topologyKey: kubernetes.io/hostname
## preferredDuringSchedulingIgnoredDuringExecution:
## - weight: 100
## podAffinityTerm:
## labelSelector:
## matchLabels:
## app: {{ template "redis-ha.name" . }}
## release: {{ .Release.Name }}
## topologyKey: failure-domain.beta.kubernetes.io/zone
##
affinity: |
# Prometheus exporter specific configuration options
exporter:
enabled: false
image: oliver006/redis_exporter
tag: v1.3.2
pullPolicy: IfNotPresent
# prometheus port & scrape path
port: 9121
scrapePath: /metrics
# cpu/memory resource limits/requests
resources: {}
# Additional args for redis exporter
extraArgs: {}
# Used to mount a LUA-Script via config map and use it for metrics-collection
# script: |
# -- Example script copied from: https://github.com/oliver006/redis_exporter/blob/master/contrib/sample_collect_script.lua
# -- Example collect script for -script option
# -- This returns a Lua table with alternating keys and values.
# -- Both keys and values must be strings, similar to a HGETALL result.
# -- More info about Redis Lua scripting: https://redis.io/commands/eval
#
# local result = {}
#
# -- Add all keys and values from some hash in db 5
# redis.call("SELECT", 5)
# local r = redis.call("HGETALL", "some-hash-with-stats")
# if r ~= nil then
# for _,v in ipairs(r) do
# table.insert(result, v) -- alternating keys and values
# end
# end
#
# -- Set foo to 42
# table.insert(result, "foo")
# table.insert(result, "42") -- note the string, use tostring() if needed
#
# return result
serviceMonitor:
# When set true then use a ServiceMonitor to configure scraping
enabled: false
# Set the namespace the ServiceMonitor should be deployed
# namespace: monitoring
# Set how frequently Prometheus should scrape
# interval: 30s
# Set path to redis-exporter telemtery-path
# telemetryPath: /metrics
# Set labels for the ServiceMonitor, use this to define your scrape label for Prometheus Operator
# labels: {}
# Set timeout for scrape
# timeout: 10s
podDisruptionBudget: {}
# maxUnavailable: 1
# minAvailable: 1
## Configures redis with AUTH (requirepass & masterauth conf params)
auth: false
# redisPassword:
## Use existing secret containing key `authKey` (ignores redisPassword)
# existingSecret:
## Defines the key holding the redis password in existing secret.
authKey: auth
persistentVolume:
enabled: true
## redis-ha data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
# storageClass: "-"
accessModes:
- ReadWriteOnce
size: 10Gi
annotations: {}
# reclaimPolicy per https://kubernetes.io/docs/concepts/storage/persistent-volumes/#reclaiming
reclaimPolicy: ""
init:
resources: {}
# To use a hostPath for data, set persistentVolume.enabled to false
# and define hostPath.path.
# Warning: this might overwrite existing folders on the host system!
hostPath:
## path is evaluated as template so placeholders are replaced
# path: "/data/{{ .Release.Name }}"
# if chown is true, an init-container with root permissions is launched to
# change the owner of the hostPath folder to the user defined in the
# security context
chown: true
emptyDir: {}

2705
charts/argo-cd/crds/crd-application.yaml
View file

File diff suppressed because it is too large Load diff

446
charts/argo-cd/crds/crd-project.yaml
View file

@ -1,4 +1,4 @@
apiVersion: apiextensions.k8s.io/v1beta1
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels:
@ -18,214 +18,242 @@ spec:
- appprojs
singular: appproject
scope: Namespaced
validation:
openAPIV3Schema:
description: 'AppProject provides a logical grouping of applications, providing controls for: * where the apps may deploy to (cluster whitelist) * what may be deployed (repository whitelist, resource whitelist/blacklist) * who can access these applications (roles, OIDC group claims bindings) * and what they can do (RBAC policies) * automation access to these roles (JWT tokens)'
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AppProjectSpec is the specification of an AppProject
properties:
clusterResourceBlacklist:
description: ClusterResourceBlacklist contains list of blacklisted cluster level resources
items:
description: GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types
properties:
group:
type: string
kind:
type: string
required:
- group
- kind
type: object
type: array
clusterResourceWhitelist:
description: ClusterResourceWhitelist contains list of whitelisted cluster level resources
items:
description: GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types
properties:
group:
type: string
kind:
type: string
required:
- group
- kind
type: object
type: array
description:
description: Description contains optional project description
type: string
destinations:
description: Destinations contains list of destinations available for deployment
items:
description: ApplicationDestination contains deployment destination information
properties:
name:
description: Name of the destination cluster which can be used instead of server (url) field
type: string
namespace:
description: Namespace overrides the environment namespace value in the ksonnet app.yaml
type: string
server:
description: Server overrides the environment server value in the ksonnet app.yaml
type: string
type: object
type: array
namespaceResourceBlacklist:
description: NamespaceResourceBlacklist contains list of blacklisted namespace level resources
items:
description: GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types
properties:
group:
type: string
kind:
type: string
required:
- group
- kind
type: object
type: array
namespaceResourceWhitelist:
description: NamespaceResourceWhitelist contains list of whitelisted namespace level resources
items:
description: GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types
properties:
group:
type: string
kind:
type: string
required:
- group
- kind
type: object
type: array
orphanedResources:
description: OrphanedResources specifies if controller should monitor orphaned resources of apps in this project
properties:
ignore:
items:
properties:
group:
type: string
kind:
type: string
name:
type: string
type: object
type: array
warn:
description: Warn indicates if warning condition should be created for apps which have orphaned resources
type: boolean
type: object
roles:
description: Roles are user defined RBAC roles associated with this project
items:
description: ProjectRole represents a role that has access to a project
properties:
description:
description: Description is a description of the role
type: string
groups:
description: Groups are a list of OIDC group claims bound to this role
items:
type: string
type: array
jwtTokens:
description: JWTTokens are a list of generated JWT tokens bound to this role
items:
description: JWTToken holds the issuedAt and expiresAt values of a token
properties:
exp:
format: int64
type: integer
iat:
format: int64
type: integer
id:
type: string
required:
- iat
type: object
type: array
name:
description: Name is a name for this role
type: string
policies:
description: Policies Stores a list of casbin formated strings that define access policies for the role in the project
items:
type: string
type: array
required:
- name
type: object
type: array
signatureKeys:
description: List of PGP key IDs that commits to be synced to must be signed with
items:
description: SignatureKey is the specification of a key required to verify commit signatures with
properties:
keyID:
description: The ID of the key in hexadecimal notation
type: string
required:
- keyID
type: object
type: array
sourceRepos:
description: SourceRepos contains list of repository URLs which can be used for deployment
items:
type: string
type: array
syncWindows:
description: SyncWindows controls when syncs can be run for apps in this project
items:
description: SyncWindow contains the kind, time, duration and attributes that are used to assign the syncWindows to apps
properties:
applications:
description: Applications contains a list of applications that the window will apply to
items:
type: string
type: array
clusters:
description: Clusters contains a list of clusters that the window will apply to
items:
type: string
type: array
duration:
description: Duration is the amount of time the sync window will be open
type: string
kind:
description: Kind defines if the window allows or blocks syncs
type: string
manualSync:
description: ManualSync enables manual syncs when they would otherwise be blocked
type: boolean
namespaces:
description: Namespaces contains a list of namespaces that the window will apply to
items:
type: string
type: array
schedule:
description: Schedule is the time the window will begin, specified in cron format
type: string
type: object
type: array
type: object
required:
- metadata
- spec
type: object
version: v1alpha1
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: 'AppProject provides a logical grouping of applications, providing controls for: * where the apps may deploy to (cluster whitelist) * what may be deployed (repository whitelist, resource whitelist/blacklist) * who can access these applications (roles, OIDC group claims bindings) * and what they can do (RBAC policies) * automation access to these roles (JWT tokens)'
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AppProjectSpec is the specification of an AppProject
properties:
clusterResourceBlacklist:
description: ClusterResourceBlacklist contains list of blacklisted cluster level resources
items:
description: GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types
properties:
group:
type: string
kind:
type: string
required:
- group
- kind
type: object
type: array
clusterResourceWhitelist:
description: ClusterResourceWhitelist contains list of whitelisted cluster level resources
items:
description: GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types
properties:
group:
type: string
kind:
type: string
required:
- group
- kind
type: object
type: array
description:
description: Description contains optional project description
type: string
destinations:
description: Destinations contains list of destinations available for deployment
items:
description: ApplicationDestination holds information about the application's destination
properties:
name:
description: Name is an alternate way of specifying the target cluster by its symbolic name
type: string
namespace:
description: Namespace specifies the target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace
type: string
server:
description: Server specifies the URL of the target cluster and must be set to the Kubernetes control plane API
type: string
type: object
type: array
namespaceResourceBlacklist:
description: NamespaceResourceBlacklist contains list of blacklisted namespace level resources
items:
description: GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types
properties:
group:
type: string
kind:
type: string
required:
- group
- kind
type: object
type: array
namespaceResourceWhitelist:
description: NamespaceResourceWhitelist contains list of whitelisted namespace level resources
items:
description: GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types
properties:
group:
type: string
kind:
type: string
required:
- group
- kind
type: object
type: array
orphanedResources:
description: OrphanedResources specifies if controller should monitor orphaned resources of apps in this project
properties:
ignore:
description: Ignore contains a list of resources that are to be excluded from orphaned resources monitoring
items:
description: OrphanedResourceKey is a reference to a resource to be ignored from
properties:
group:
type: string
kind:
type: string
name:
type: string
type: object
type: array
warn:
description: Warn indicates if warning condition should be created for apps which have orphaned resources
type: boolean
type: object
roles:
description: Roles are user defined RBAC roles associated with this project
items:
description: ProjectRole represents a role that has access to a project
properties:
description:
description: Description is a description of the role
type: string
groups:
description: Groups are a list of OIDC group claims bound to this role
items:
type: string
type: array
jwtTokens:
description: JWTTokens are a list of generated JWT tokens bound to this role
items:
description: JWTToken holds the issuedAt and expiresAt values of a token
properties:
exp:
format: int64
type: integer
iat:
format: int64
type: integer
id:
type: string
required:
- iat
type: object
type: array
name:
description: Name is a name for this role
type: string
policies:
description: Policies Stores a list of casbin formated strings that define access policies for the role in the project
items:
type: string
type: array
required:
- name
type: object
type: array
signatureKeys:
description: SignatureKeys contains a list of PGP key IDs that commits in Git must be signed with in order to be allowed for sync
items:
description: SignatureKey is the specification of a key required to verify commit signatures with
properties:
keyID:
description: The ID of the key in hexadecimal notation
type: string
required:
- keyID
type: object
type: array
sourceRepos:
description: SourceRepos contains list of repository URLs which can be used for deployment
items:
type: string
type: array
syncWindows:
description: SyncWindows controls when syncs can be run for apps in this project
items:
description: SyncWindow contains the kind, time, duration and attributes that are used to assign the syncWindows to apps
properties:
applications:
description: Applications contains a list of applications that the window will apply to
items:
type: string
type: array
clusters:
description: Clusters contains a list of clusters that the window will apply to
items:
type: string
type: array
duration:
description: Duration is the amount of time the sync window will be open
type: string
kind:
description: Kind defines if the window allows or blocks syncs
type: string
manualSync:
description: ManualSync enables manual syncs when they would otherwise be blocked
type: boolean
namespaces:
description: Namespaces contains a list of namespaces that the window will apply to
items:
type: string
type: array
schedule:
description: Schedule is the time the window will begin, specified in cron format
type: string
type: object
type: array
type: object
status:
description: AppProjectStatus contains status information for AppProject CRs
properties:
jwtTokensByRole:
additionalProperties:
description: JWTTokens represents a list of JWT tokens
properties:
items:
items:
description: JWTToken holds the issuedAt and expiresAt values of a token
properties:
exp:
format: int64
type: integer
iat:
format: int64
type: integer
id:
type: string
required:
- iat
type: object
type: array
type: object
description: JWTTokensByRole contains a list of JWT tokens issued for a given role
type: object
type: object
required:
- metadata
- spec
type: object
served: true
storage: true
storage: true

6
charts/argo-cd/requirements.lock
View file

@ -1,6 +0,0 @@
dependencies:
- name: redis-ha
repository: https://kubernetes-charts.storage.googleapis.com
version: 4.4.2
digest: sha256:70fdd035c3aa3b7185882f12a73143c58ab32f04262dda2cf34a2b1a52116d96
generated: "2020-03-29T14:37:59.349371452+01:00"

5
charts/argo-cd/requirements.yaml
View file

@ -1,5 +0,0 @@
dependencies:
- name: redis-ha
version: 4.4.2
repository: https://kubernetes-charts.storage.googleapis.com
condition: redis-ha.enabled

9
charts/argo-cd/templates/NOTES.txt
View file

@ -4,12 +4,13 @@ In order to access the server UI you have the following options:
and then open the browser on http://localhost:8080 and accept the certificate
2. enable ingress in the values file `service.ingress.enabled` and either
2. enable ingress in the values file `server.ingress.enabled` and either
- Add the annotation for ssl passthrough: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ingress.md#option-1-ssl-passthrough
- Add the `--insecure` flag to `server.extraArgs` in the values file and terminate SSL at your ingress: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ingress.md#option-2-multiple-ingress-objects-and-hosts
After reaching the UI the first time you can login with username: admin and the password will be the
name of the server pod. You can get the pod name by running:
After reaching the UI the first time you can login with username: admin and the random password generated during the installation. You can find the password by running:
kubectl get pods -n {{ .Release.Namespace }} -l app.kubernetes.io/name={{ include "argo-cd.name" . }}-server -o name | cut -d'/' -f 2
kubectl -n {{ .Release.Namespace }} get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
(You should delete the initial secret afterwards as suggested by the Getting Started Guide: https://github.com/argoproj/argo-cd/blob/master/docs/getting_started.md#4-login-using-the-cli)

61
charts/argo-cd/templates/_helpers.tpl
View file

@ -115,4 +115,65 @@ Create chart name and version as used by the chart label.
*/}}
{{- define "argo-cd.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Common labels
*/}}
{{- define "argo-cd.labels" -}}
helm.sh/chart: {{ include "argo-cd.chart" .context }}
{{ include "argo-cd.selectorLabels" (dict "context" .context "component" .component "name" .name) }}
app.kubernetes.io/managed-by: {{ .context.Release.Service }}
app.kubernetes.io/part-of: argocd
{{- end }}
{{/*
Selector labels
*/}}
{{- define "argo-cd.selectorLabels" -}}
{{- if .name -}}
app.kubernetes.io/name: {{ include "argo-cd.name" .context }}-{{ .name }}
{{ end -}}
app.kubernetes.io/instance: {{ .context.Release.Name }}
{{- if .component }}
app.kubernetes.io/component: {{ .component }}
{{- end }}
{{- end }}
{{/*
Return the appropriate apiVersion for ingress
*/}}
{{- define "argo-cd.ingress.apiVersion" -}}
{{- if semverCompare "<1.14-0" (include "argo-cd.kubeVersion" $) -}}
{{- print "extensions/v1beta1" -}}
{{- else if semverCompare "<1.19-0" (include "argo-cd.kubeVersion" $) -}}
{{- print "networking.k8s.io/v1beta1" -}}
{{- else -}}
{{- print "networking.k8s.io/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the target Kubernetes version
*/}}
{{- define "argo-cd.kubeVersion" -}}
{{- default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride }}
{{- end -}}
{{/*
Argo Configuration Preset Values (Incluenced by Values configuration)
*/}}
{{- define "argo-cd.config.presets" -}}
{{- if .Values.configs.styles }}
ui.cssurl: "./custom/custom.styles.css"
{{- end }}
{{- end -}}
{{/*
Merge Argo Configuration with Preset Configuration
*/}}
{{- define "argo-cd.config" -}}
{{- if .Values.server.configEnabled -}}
{{- toYaml (mergeOverwrite (default dict (fromYaml (include "argo-cd.config.presets" $))) .Values.server.config) }}
{{- end -}}
{{- end -}}

13
charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml
View file

@ -4,13 +4,11 @@ kind: ClusterRole
metadata:
name: {{ template "argo-cd.controller.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.controller.name }}
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
rules:
{{- if .Values.controller.clusterRoleRules.enabled }}
{{- toYaml .Values.controller.clusterRoleRules.rules | nindent 2 }}
{{ else }}
- apiGroups:
- '*'
resources:
@ -21,4 +19,5 @@ rules:
- '*'
verbs:
- '*'
{{- end }}
{{- end }}
{{- end }}

7
charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml
View file

@ -4,12 +4,7 @@ kind: ClusterRoleBinding
metadata:
name: {{ template "argo-cd.controller.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.controller.name }}
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole

52
charts/argo-cd/templates/argocd-application-controller/deployment.yaml
View file

@ -1,21 +1,18 @@
{{- $redisHa := (index .Values "redis-ha") -}}
apiVersion: apps/v1
kind: Deployment
kind: {{ .Values.controller.enableStatefulSet | ternary "StatefulSet" "Deployment" }}
metadata:
name: {{ template "argo-cd.controller.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.controller.name }}
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.controller.image.tag | quote }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-application-controller
app.kubernetes.io/instance: {{ .Release.Name }}
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }}
{{- if .Values.controller.enableStatefulSet }}
serviceName: {{ template "argo-cd.controller.fullname" . }}
{{- end }}
revisionHistoryLimit: 5
replicas: {{ .Values.controller.replicas }}
template:
@ -27,12 +24,7 @@ spec:
{{- end }}
{{- end }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.controller.name }}
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 8 }}
app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.controller.image.tag | quote }}
{{- if .Values.controller.podLabels }}
{{- toYaml .Values.controller.podLabels | nindent 8 }}
@ -54,6 +46,8 @@ spec:
- {{ .Values.controller.args.operationProcessors | quote }}
- --app-resync
- {{ .Values.controller.args.appResyncPeriod | quote }}
- --self-heal-timeout-seconds
- {{ .Values.controller.args.selfHealTimeout | quote }}
- --repo-server
- {{ template "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }}
- --logformat
@ -76,6 +70,9 @@ spec:
{{- if .Values.controller.env }}
env:
{{- toYaml .Values.controller.env | nindent 8 }}
{{- end }}
{{- with .Values.controller.envFrom }}
envFrom: {{- toYaml . | nindent 8 }}
{{- end }}
ports:
- name: controller
@ -98,10 +95,12 @@ spec:
timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.controller.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }}
{{- if .Values.controller.volumeMounts }}
volumeMounts:
{{- toYaml .Values.controller.volumeMounts | nindent 10}}
{{- end }}
- mountPath: /app/config/controller/tls
name: argocd-repo-server-tls
{{- with .Values.controller.volumeMounts }}
{{- toYaml . | nindent 8 }}
{{- end }}
resources:
{{- toYaml .Values.controller.resources | nindent 10 }}
{{- if .Values.controller.nodeSelector }}
@ -121,10 +120,21 @@ spec:
hostAliases:
{{ toYaml . | indent 6 }}
{{- end }}
{{- if .Values.controller.volumes }}
volumes:
{{- toYaml .Values.controller.volumes | nindent 8 }}
{{- end }}
- name: argocd-repo-server-tls
secret:
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
- key: ca.crt
path: ca.crt
optional: true
secretName: argocd-repo-server-tls
{{- with .Values.controller.volumes }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- if .Values.controller.priorityClassName }}
priorityClassName: {{ .Values.controller.priorityClassName }}
{{- end }}

10
charts/argo-cd/templates/argocd-application-controller/metrics-service.yaml
View file

@ -9,12 +9,7 @@ metadata:
{{- end }}
{{- end }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-metrics
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.controller.name }}
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" "metrics") | nindent 4 }}
{{- if .Values.controller.metrics.service.labels }}
{{- toYaml .Values.controller.metrics.service.labels | nindent 4 }}
{{- end }}
@ -26,6 +21,5 @@ spec:
port: {{ .Values.controller.metrics.service.servicePort }}
targetPort: controller
selector:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }}
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 4 }}
{{- end }}

7
charts/argo-cd/templates/argocd-application-controller/prometheusrule.yaml
View file

@ -7,12 +7,7 @@ metadata:
namespace: {{ .Values.controller.metrics.rules.namespace }}
{{- end }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.controller.name }}
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
{{- if .Values.controller.metrics.rules.selector }}
{{- toYaml .Values.controller.metrics.rules.selector | nindent 4 }}
{{- end }}

7
charts/argo-cd/templates/argocd-application-controller/role.yaml
View file

@ -3,12 +3,7 @@ kind: Role
metadata:
name: {{ template "argo-cd.controller.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.controller.name }}
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
rules:
- apiGroups:
- ""

7
charts/argo-cd/templates/argocd-application-controller/rolebinding.yaml
View file

@ -3,12 +3,7 @@ kind: RoleBinding
metadata:
name: {{ template "argo-cd.controller.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.controller.name }}
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role

10
charts/argo-cd/templates/argocd-application-controller/service.yaml
View file

@ -9,17 +9,11 @@ metadata:
{{- end }}
name: {{ template "argo-cd.controller.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.controller.name }}
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
spec:
ports:
- name: {{ .Values.controller.service.portName }}
port: {{ .Values.controller.service.port }}
targetPort: {{ .Values.controller.containerPort }}
selector:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }}
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 4 }}

8
charts/argo-cd/templates/argocd-application-controller/serviceaccount.yaml
View file

@ -1,6 +1,7 @@
{{- if .Values.controller.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: {{ .Values.controller.serviceAccount.automountServiceAccountToken }}
metadata:
name: {{ template "argo-cd.controllerServiceAccountName" . }}
{{- if .Values.controller.serviceAccount.annotations }}
@ -10,10 +11,5 @@ metadata:
{{- end }}
{{- end }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.controller.name }}
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
{{- end }}

14
charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml
View file

@ -7,12 +7,7 @@ metadata:
namespace: {{ .Values.controller.metrics.serviceMonitor.namespace }}
{{- end }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.controller.name }}
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
{{- if .Values.controller.metrics.serviceMonitor.selector }}
{{- toYaml .Values.controller.metrics.serviceMonitor.selector | nindent 4 }}
{{- end }}
@ -22,14 +17,15 @@ metadata:
spec:
endpoints:
- port: metrics
interval: 30s
{{- with .Values.controller.metrics.serviceMonitor.interval }}
interval: {{ . }}
{{- end }}
path: /metrics
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
selector:
matchLabels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-metrics
app.kubernetes.io/component: {{ .Values.controller.name }}
{{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.controller.name "name" "metrics") | nindent 6 }}
{{- end }}

12
charts/argo-cd/templates/argocd-configs/argocd-cm.yaml
View file

@ -1,19 +1,15 @@
{{- if .Values.server.configEnabled }}
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-cm
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-cm
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.server.name }}
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "cm") | nindent 4 }}
{{- if .Values.server.configAnnotations }}
annotations:
{{- range $key, $value := .Values.server.configAnnotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
data:
{{- toYaml .Values.server.config | nindent 4 }}
data: {{- include "argo-cd.config" $ | nindent 4 }}
{{- end }}

11
charts/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml
View file

@ -1,14 +1,10 @@
{{- if .Values.server.rbacConfigCreate }}
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-rbac-cm
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-rbac-cm
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.server.name }}
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "rbac-cm") | nindent 4 }}
{{- if .Values.server.rbacConfigAnnotations }}
annotations:
{{- range $key, $value := .Values.server.rbacConfigAnnotations }}
@ -18,4 +14,5 @@ metadata:
{{- if .Values.server.rbacConfig }}
data:
{{- toYaml .Values.server.rbacConfig | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

7
charts/argo-cd/templates/argocd-configs/argocd-secret.yaml
View file

@ -4,12 +4,7 @@ kind: Secret
metadata:
name: argocd-secret
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-secret
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.server.name }}
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "secret") | nindent 4 }}
{{- if .Values.configs.secret.annotations }}
annotations:
{{- range $key, $value := .Values.configs.secret.annotations }}

7
charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml
View file

@ -3,12 +3,7 @@ apiVersion: v1
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-ssh-known-hosts-cm
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.server.name }}
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "ssh-known-hosts-cm") | nindent 4 }}
{{- if .Values.configs.knownHostsAnnotations }}
annotations:
{{- range $key, $value := .Values.configs.knownHostsAnnotations }}

11
charts/argo-cd/templates/argocd-configs/argocd-styles-cm.yaml Normal file
View file

@ -0,0 +1,11 @@
{{- if .Values.configs.styles }}
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-custom-styles
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
data:
custom.styles.css: |
{{- .Values.configs.styles | nindent 4 }}
{{- end }}

7
charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml
View file

@ -5,12 +5,7 @@ apiVersion: v1
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-tls-certs-cm
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.server.name }}
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "tls-certs-cm") | nindent 4 }}
{{- if .Values.configs.tlsCertsAnnotations }}
annotations:
{{- range $key, $value := .Values.configs.tlsCertsAnnotations }}

26
charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml Normal file
View file

@ -0,0 +1,26 @@
{{- range .Values.configs.clusterCredentials }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ include "argo-cd.name" $ }}-cluster-{{ .name }}
labels:
{{- include "argo-cd.labels" (dict "context" $) | nindent 4 }}
{{- with .labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
argocd.argoproj.io/secret-type: cluster
{{- with .annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
type: Opaque
stringData:
name: {{ required "A valid .Values.configs.clusterCredentials[].name entry is required!" .name }}
server: {{ required "A valid .Values.configs.clusterCredentials[].server entry is required!" .server }}
{{- with .namespaces }}
namespaces: {{ . }}
{{- end }}
config: |
{{- required "A valid .Values.configs.clusterCredentials[].config entry is required!" .config | toPrettyJson | nindent 4 }}
{{- end }}

41
charts/argo-cd/templates/argocd-repo-server/deployment.yaml
View file

@ -4,18 +4,12 @@ kind: Deployment
metadata:
name: {{ template "argo-cd.repoServer.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.repoServer.name }}
{{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.repoServer.image.tag | quote }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 6 }}
revisionHistoryLimit: 5
{{- if (ne .Values.repoServer.autoscaling.enabled true) }}
replicas: {{ .Values.repoServer.replicas }}
@ -29,12 +23,7 @@ spec:
{{- end }}
{{- end }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.repoServer.name }}
{{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 8 }}
app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.repoServer.image.tag | quote }}
{{- if .Values.repoServer.podLabels }}
{{- toYaml .Values.repoServer.podLabels | nindent 8 }}
@ -78,14 +67,15 @@ spec:
value: argocd
{{- end }}
{{- end }}
{{- with .Values.repoServer.envFrom }}
envFrom: {{- toYaml . | nindent 8 }}
{{- end }}
volumeMounts:
{{- if .Values.repoServer.volumeMounts }}
{{- toYaml .Values.repoServer.volumeMounts | nindent 8}}
{{- end }}
{{- if .Values.openshift.enabled }}
- mountPath: /app/config/gpg/keys
name: gpg-keyring
{{- end }}
{{- if .Values.configs.knownHosts }}
- mountPath: /app/config/ssh
name: ssh-known-hosts
@ -94,6 +84,10 @@ spec:
- mountPath: /app/config/tls
name: tls-certs
{{- end }}
- mountPath: /app/config/reposerver/tls
name: argocd-repo-server-tls
- mountPath: /tmp
name: tmp-dir
ports:
- name: repo-server
containerPort: {{ .Values.repoServer.containerPort }}
@ -142,10 +136,8 @@ spec:
{{- if .Values.repoServer.volumes }}
{{- toYaml .Values.repoServer.volumes | nindent 6}}
{{- end }}
{{- if .Values.openshift.enabled }}
- emptyDir: {}
name: gpg-keyring
{{- end }}
{{- if .Values.configs.knownHosts }}
- configMap:
name: argocd-ssh-known-hosts-cm
@ -156,6 +148,19 @@ spec:
name: argocd-tls-certs-cm
name: tls-certs
{{- end }}
- name: argocd-repo-server-tls
secret:
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
- key: ca.crt
path: ca.crt
optional: true
secretName: argocd-repo-server-tls
- emptyDir: {}
name: tmp-dir
{{- if .Values.repoServer.initContainers }}
initContainers:
{{- toYaml .Values.repoServer.initContainers | nindent 6 }}

7
charts/argo-cd/templates/argocd-repo-server/hpa.yaml
View file

@ -3,12 +3,7 @@ apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
metadata:
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }}-hpa
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.repoServer.name }}
{{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" (printf "%s-hpa" .Values.repoServer.name)) | nindent 4 }}
name: {{ template "argo-cd.repoServer.fullname" . }}-hpa
spec:
scaleTargetRef:

10
charts/argo-cd/templates/argocd-repo-server/metrics-service.yaml
View file

@ -9,12 +9,7 @@ metadata:
{{- end }}
{{- end }}
labels:
app.kubernetes.io/name: {{ template "argo-cd.repoServer.fullname" . }}-metrics
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.repoServer.name }}
{{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" (printf "%s-metrics" .Values.repoServer.name)) | nindent 4 }}
{{- if .Values.repoServer.metrics.service.labels }}
{{- toYaml .Values.repoServer.metrics.service.labels | nindent 4 }}
{{- end }}
@ -26,6 +21,5 @@ spec:
port: {{ .Values.repoServer.metrics.service.servicePort }}
targetPort: metrics
selector:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }}
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 4 }}
{{- end }}

7
charts/argo-cd/templates/argocd-repo-server/repository-credentials-secret.yaml
View file

@ -4,12 +4,7 @@ kind: Secret
metadata:
name: argocd-repository-credentials
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-secret
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.server.name }}
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "secret") | nindent 4 }}
type: Opaque
data:
{{- range $key, $value := .Values.configs.repositoryCredentials }}

7
charts/argo-cd/templates/argocd-repo-server/role.yaml
View file

@ -4,12 +4,7 @@ kind: Role
metadata:
name: {{ template "argo-cd.repoServer.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.repoServer.name }}
{{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
rules:
{{- if .Values.repoServer.rbac }}
{{toYaml .Values.repoServer.rbac }}

7
charts/argo-cd/templates/argocd-repo-server/rolebinding.yaml
View file

@ -4,12 +4,7 @@ kind: RoleBinding
metadata:
name: {{ template "argo-cd.repoServer.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.repoServer.name }}
{{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role

10
charts/argo-cd/templates/argocd-repo-server/service.yaml
View file

@ -8,12 +8,7 @@ metadata:
{{- end }}
{{- end }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.repoServer.name }}
{{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
name: {{ template "argo-cd.repoServer.fullname" . }}
spec:
ports:
@ -22,5 +17,4 @@ spec:
port: {{ .Values.repoServer.service.port }}
targetPort: repo-server
selector:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }}
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 4 }}

8
charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml
View file

@ -1,6 +1,7 @@
{{- if .Values.repoServer.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: {{ .Values.repoServer.serviceAccount.automountServiceAccountToken }}
metadata:
name: {{ template "argo-cd.repoServerServiceAccountName" . }}
{{- if .Values.repoServer.serviceAccount.annotations }}
@ -10,10 +11,5 @@ metadata:
{{- end }}
{{- end }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.repoServer.name }}
{{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
{{- end }}

15
charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml
View file

@ -7,12 +7,7 @@ metadata:
namespace: {{ .Values.repoServer.metrics.serviceMonitor.namespace }}
{{- end }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.repoServer.name }}
{{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
{{- if .Values.repoServer.metrics.serviceMonitor.selector }}
{{- toYaml .Values.repoServer.metrics.serviceMonitor.selector | nindent 4 }}
{{- end }}
@ -22,15 +17,15 @@ metadata:
spec:
endpoints:
- port: metrics
interval: 30s
{{- with .Values.controller.metrics.serviceMonitor.interval }}
interval: {{ . }}
{{- end }}
path: /metrics
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
selector:
matchLabels:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ template "argo-cd.repoServer.fullname" . }}-metrics
app.kubernetes.io/component: {{ .Values.repoServer.name }}
{{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.repoServer.name "name" (printf "%s-metrics" .Values.repoServer.name)) | nindent 6 }}
{{- end }}

7
charts/argo-cd/templates/argocd-server/backendconfig.yaml
View file

@ -4,12 +4,7 @@ kind: BackendConfig
metadata:
name: {{ template "argo-cd.server.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.server.name }}
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
spec:
{{- toYaml .Values.server.GKEbackendConfig.spec | nindent 2 }}
{{- end }}

9
charts/argo-cd/templates/argocd-server/certificate.yaml
View file

@ -12,12 +12,7 @@ kind: Certificate
metadata:
name: {{ template "argo-cd.server.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.server.name }}
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
spec:
commonName: {{ .Values.server.certificate.domain | quote }}
dnsNames:
@ -28,5 +23,5 @@ spec:
issuerRef:
kind: {{ .Values.server.certificate.issuer.kind | quote }}
name: {{ .Values.server.certificate.issuer.name | quote }}
secretName: argocd-secret
secretName: argocd-tls-certificate
{{- end }}

7
charts/argo-cd/templates/argocd-server/clusterrole.yaml
View file

@ -4,12 +4,7 @@ kind: ClusterRole
metadata:
name: {{ template "argo-cd.server.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.server.name }}
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
rules:
- apiGroups:
- '*'

7
charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml
View file

@ -4,12 +4,7 @@ kind: ClusterRoleBinding
metadata:
name: {{ template "argo-cd.server.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.server.name }}
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole

47
charts/argo-cd/templates/argocd-server/deployment.yaml
View file

@ -4,18 +4,12 @@ kind: Deployment
metadata:
name: {{ template "argo-cd.server.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.server.name }}
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.server.image.tag | quote }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 6 }}
revisionHistoryLimit: 5
{{- if (ne .Values.server.autoscaling.enabled true) }}
replicas: {{ .Values.server.replicas }}
@ -29,12 +23,7 @@ spec:
{{- end }}
{{- end }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.server.name }}
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 8 }}
app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.server.image.tag | quote }}
{{- if .Values.server.podLabels }}
{{- toYaml .Values.server.podLabels | nindent 8 }}
@ -78,6 +67,9 @@ spec:
{{- if .Values.server.env }}
env:
{{- toYaml .Values.server.env | nindent 8 }}
{{- end }}
{{- with .Values.server.envFrom }}
envFrom: {{- toYaml . | nindent 8 }}
{{- end }}
volumeMounts:
{{- if .Values.server.volumeMounts }}
@ -91,6 +83,13 @@ spec:
- mountPath: /app/config/tls
name: tls-certs
{{- end }}
- mountPath: /app/config/server/tls
name: argocd-repo-server-tls
{{- if .Values.configs.styles }}
- mountPath: "/shared/app/custom/custom.styles.css"
subPath: "custom.styles.css"
name: custom-styles
{{- end }}
ports:
- name: {{ .Values.server.name }}
containerPort: {{ .Values.server.containerPort }}
@ -120,6 +119,10 @@ spec:
failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
resources:
{{- toYaml .Values.server.resources | nindent 10 }}
{{- if .Values.server.lifecycle }}
lifecycle:
{{- toYaml .Values.server.lifecycle | nindent 10 }}
{{- end }}
{{- if .Values.server.extraContainers }}
{{- toYaml .Values.server.extraContainers | nindent 6 }}
{{- end }}
@ -146,6 +149,11 @@ spec:
{{- end }}
- emptyDir: {}
name: static-files
{{- if .Values.configs.styles }}
- configMap:
name: argocd-custom-styles
name: custom-styles
{{- end }}
{{- if .Values.configs.knownHosts }}
- configMap:
name: argocd-ssh-known-hosts-cm
@ -156,6 +164,17 @@ spec:
name: argocd-tls-certs-cm
name: tls-certs
{{- end }}
- name: argocd-repo-server-tls
secret:
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
- key: ca.crt
path: ca.crt
optional: true
secretName: argocd-repo-server-tls
{{- if .Values.server.priorityClassName }}
priorityClassName: {{ .Values.server.priorityClassName }}
{{- end }}

7
charts/argo-cd/templates/argocd-server/hpa.yaml
View file

@ -3,12 +3,7 @@ apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
metadata:
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}-hpa
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.server.name }}
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" (printf "%s-hpa" .Values.server.name)) | nindent 4 }}
name: {{ template "argo-cd.server.fullname" . }}-hpa
spec:
scaleTargetRef:

78
charts/argo-cd/templates/argocd-server/ingress-grpc.yaml
View file

@ -3,11 +3,7 @@
{{- $servicePort := ternary .Values.server.service.servicePortHttps .Values.server.service.servicePortHttp .Values.server.ingressGrpc.https -}}
{{- $paths := .Values.server.ingressGrpc.paths -}}
{{- $extraPaths := .Values.server.ingressGrpc.extraPaths -}}
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
apiVersion: networking.k8s.io/v1beta1
{{ else }}
apiVersion: extensions/v1beta1
{{ end -}}
apiVersion: {{ include "argo-cd.ingress.apiVersion" . }}
kind: Ingress
metadata:
{{- if .Values.server.ingressGrpc.annotations }}
@ -18,47 +14,75 @@ metadata:
{{- end }}
name: {{ template "argo-cd.server.fullname" . }}-grpc
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.server.name }}
{{- if .Values.server.ingressGrpc.labels }}
{{- toYaml .Values.server.ingressGrpc.labels | nindent 4 }}
{{- end }}
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
{{- if .Values.server.ingressGrpc.labels }}
{{- toYaml .Values.server.ingressGrpc.labels | nindent 4 }}
{{- end }}
spec:
{{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }}
{{- with .Values.server.ingress.ingressClassName }}
ingressClassName: {{ . }}
{{- end }}
{{- end }}
rules:
{{- if .Values.server.ingressGrpc.hosts }}
{{- range $host := .Values.server.ingressGrpc.hosts }}
{{- range $host := .Values.server.ingressGrpc.hosts }}
- host: {{ $host }}
http:
paths:
{{- if $extraPaths }}
{{- toYaml $extraPaths | nindent 10 }}
{{- end -}}
{{- range $p := $paths }}
{{- if $extraPaths }}
{{- toYaml $extraPaths | nindent 10 }}
{{- end -}}
{{- range $p := $paths }}
- path: {{ $p }}
{{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }}
pathType: Prefix
{{- end }}
backend:
{{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }}
service:
name: {{ $serviceName }}
port:
{{- if kindIs "float64" $servicePort }}
number: {{ $servicePort }}
{{- else }}
name: {{ $servicePort }}
{{- end }}
{{- else }}
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end -}}
{{- end -}}
{{- end }}
{{- end -}}
{{- end -}}
{{- else }}
- http:
paths:
{{- if $extraPaths }}
{{- toYaml $extraPaths | nindent 10 }}
{{- end -}}
{{- range $p := $paths }}
{{- if $extraPaths }}
{{- toYaml $extraPaths | nindent 10 }}
{{- end -}}
{{- range $p := $paths }}
- path: {{ $p }}
{{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }}
pathType: Prefix
{{- end }}
backend:
{{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }}
service:
name: {{ $serviceName }}
port:
{{- if kindIs "float64" $servicePort }}
number: {{ $servicePort }}
{{- else }}
name: {{ $servicePort }}
{{- end }}
{{- else }}
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end -}}
{{- end }}
{{- end -}}
{{- end -}}
{{- if .Values.server.ingressGrpc.tls }}
tls:
{{- toYaml .Values.server.ingressGrpc.tls | nindent 4 }}
{{- toYaml .Values.server.ingressGrpc.tls | nindent 4 }}
{{- end -}}
{{- end -}}

78
charts/argo-cd/templates/argocd-server/ingress.yaml
View file

@ -3,11 +3,7 @@
{{- $servicePort := ternary .Values.server.service.servicePortHttps .Values.server.service.servicePortHttp .Values.server.ingress.https -}}
{{- $paths := .Values.server.ingress.paths -}}
{{- $extraPaths := .Values.server.ingress.extraPaths -}}
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
apiVersion: networking.k8s.io/v1beta1
{{ else }}
apiVersion: extensions/v1beta1
{{ end -}}
apiVersion: {{ include "argo-cd.ingress.apiVersion" . }}
kind: Ingress
metadata:
{{- if .Values.server.ingress.annotations }}
@ -18,47 +14,75 @@ metadata:
{{- end }}
name: {{ template "argo-cd.server.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.server.name }}
{{- if .Values.server.ingress.labels }}
{{- toYaml .Values.server.ingress.labels | nindent 4 }}
{{- end }}
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
{{- if .Values.server.ingress.labels }}
{{- toYaml .Values.server.ingress.labels | nindent 4 }}
{{- end }}
spec:
{{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }}
{{- with .Values.server.ingress.ingressClassName }}
ingressClassName: {{ . }}
{{- end }}
{{- end }}
rules:
{{- if .Values.server.ingress.hosts }}
{{- range $host := .Values.server.ingress.hosts }}
{{- range $host := .Values.server.ingress.hosts }}
- host: {{ $host }}
http:
paths:
{{- if $extraPaths }}
{{- toYaml $extraPaths | nindent 10 }}
{{- end }}
{{- range $p := $paths }}
{{- if $extraPaths }}
{{- toYaml $extraPaths | nindent 10 }}
{{- end }}
{{- range $p := $paths }}
- path: {{ $p }}
{{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }}
pathType: Prefix
{{- end }}
backend:
{{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }}
service:
name: {{ $serviceName }}
port:
{{- if kindIs "float64" $servicePort }}
number: {{ $servicePort }}
{{- else }}
name: {{ $servicePort }}
{{- end }}
{{- else }}
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end -}}
{{- end -}}
{{- end }}
{{- end -}}
{{- end -}}
{{- else }}
- http:
paths:
{{- if $extraPaths }}
{{- toYaml $extraPaths | nindent 10 }}
{{- end }}
{{- range $p := $paths }}
{{- if $extraPaths }}
{{- toYaml $extraPaths | nindent 10 }}
{{- end }}
{{- range $p := $paths }}
- path: {{ $p }}
{{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }}
pathType: Prefix
{{- end }}
backend:
{{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }}
service:
name: {{ $serviceName }}
port:
{{- if kindIs "float64" $servicePort }}
number: {{ $servicePort }}
{{- else }}
name: {{ $servicePort }}
{{- end }}
{{- else }}
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end -}}
{{- end }}
{{- end -}}
{{- end -}}
{{- if .Values.server.ingress.tls }}
tls:
{{- toYaml .Values.server.ingress.tls | nindent 4 }}
{{- toYaml .Values.server.ingress.tls | nindent 4 }}
{{- end -}}
{{- end -}}

10
charts/argo-cd/templates/argocd-server/metrics-service.yaml
View file

@ -9,12 +9,7 @@ metadata:
{{- end }}
{{- end }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}-metrics
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.server.name }}
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" (printf "%s-metrics" .Values.server.name)) | nindent 4 }}
{{- if .Values.server.metrics.service.labels }}
{{- toYaml .Values.server.metrics.service.labels | nindent 4 }}
{{- end }}
@ -26,6 +21,5 @@ spec:
port: {{ .Values.server.metrics.service.servicePort }}
targetPort: metrics
selector:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }}
{{- end }}

7
charts/argo-cd/templates/argocd-server/role.yaml
View file

@ -3,12 +3,7 @@ kind: Role
metadata:
name: {{ template "argo-cd.server.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.server.name }}
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
rules:
- apiGroups:
- ""

7
charts/argo-cd/templates/argocd-server/rolebinding.yaml
View file

@ -3,12 +3,7 @@ kind: RoleBinding
metadata:
name: {{ template "argo-cd.server.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.server.name }}
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role

7
charts/argo-cd/templates/argocd-server/route.yaml
View file

@ -4,12 +4,7 @@ kind: Route
metadata:
name: {{ template "argo-cd.server.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.server.name }}
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
{{- with .Values.server.route.annotations }}
annotations:
{{ toYaml . | indent 4 }}

22
charts/argo-cd/templates/argocd-server/service.yaml
View file

@ -9,12 +9,7 @@ metadata:
{{- end }}
name: {{ template "argo-cd.server.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.server.name }}
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
{{- if .Values.server.service.labels }}
{{- toYaml .Values.server.service.labels | nindent 4 }}
{{- end }}
@ -25,19 +20,30 @@ spec:
protocol: TCP
port: {{ .Values.server.service.servicePortHttp }}
targetPort: {{- if .Values.server.service.namedTargetPort }} {{ .Values.server.name }} {{- else }} {{ .Values.server.containerPort }} {{- end }}
{{- if eq .Values.server.service.type "NodePort" }}
nodePort: {{ .Values.server.service.nodePortHttp }}
{{- end }}
- name: {{ .Values.server.service.servicePortHttpsName }}
protocol: TCP
port: {{ .Values.server.service.servicePortHttps }}
targetPort: {{- if .Values.server.service.namedTargetPort }} {{ .Values.server.name }} {{- else }} {{ .Values.server.containerPort }} {{- end }}
{{- if eq .Values.server.service.type "NodePort" }}
nodePort: {{ .Values.server.service.nodePortHttps }}
{{- end }}
selector:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }}
{{- if eq .Values.server.service.type "LoadBalancer" }}
{{- if .Values.server.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.server.service.loadBalancerIP | quote }}
{{- end }}
{{- if .Values.server.service.externalIPs }}
externalIPs: {{ .Values.server.service.externalIPs }}
{{- end }}
{{- if .Values.server.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{ toYaml .Values.server.service.loadBalancerSourceRanges | indent 4 }}
{{- end }}
{{- end -}}
{{- with .Values.server.service.externalTrafficPolicy }}
externalTrafficPolicy: {{ . }}
{{- end }}

8
charts/argo-cd/templates/argocd-server/serviceaccount.yaml
View file

@ -1,6 +1,7 @@
{{- if .Values.server.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: {{ .Values.server.serviceAccount.automountServiceAccountToken }}
metadata:
name: {{ template "argo-cd.serverServiceAccountName" . }}
{{- if .Values.server.serviceAccount.annotations }}
@ -10,10 +11,5 @@ metadata:
{{- end }}
{{- end }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.server.name }}
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
{{- end }}

15
charts/argo-cd/templates/argocd-server/servicemonitor.yaml
View file

@ -7,12 +7,7 @@ metadata:
namespace: {{ .Values.server.metrics.serviceMonitor.namespace }}
{{- end }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.server.name }}
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
{{- if .Values.server.metrics.serviceMonitor.selector }}
{{- toYaml .Values.server.metrics.serviceMonitor.selector | nindent 4 }}
{{- end }}
@ -22,15 +17,15 @@ metadata:
spec:
endpoints:
- port: metrics
interval: 30s
{{- with .Values.controller.metrics.serviceMonitor.interval }}
interval: {{ . }}
{{- end }}
path: /metrics
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
selector:
matchLabels:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}-metrics
app.kubernetes.io/component: {{ .Values.server.name }}
{{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.server.name "name" (printf "%s-metrics" .Values.server.name)) | nindent 6 }}
{{- end }}

46
charts/argo-cd/templates/dex/deployment.yaml
View file

@ -4,18 +4,12 @@ kind: Deployment
metadata:
name: {{ template "argo-cd.dex.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.dex.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.dex.name }}
app.kubernetes.io/version: {{ .Values.dex.image.tag }}
{{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }}
app.kubernetes.io/version: {{ .Values.dex.image.tag | quote }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.dex.name }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.dex.name) | nindent 6 }}
template:
metadata:
{{- if .Values.dex.podAnnotations }}
@ -25,13 +19,8 @@ spec:
{{- end }}
{{- end }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.dex.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.dex.name }}
app.kubernetes.io/version: {{ .Values.dex.image.tag }}
{{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 8 }}
app.kubernetes.io/version: {{ .Values.dex.image.tag | quote }}
{{- if .Values.dex.podLabels }}
{{- toYaml .Values.dex.podLabels | nindent 8 }}
{{- end }}
@ -55,8 +44,8 @@ spec:
command:
- cp
- -n
- /usr/local/bin/argocd-util
- /shared
- /usr/local/bin/argocd
- /shared/argocd-dex
volumeMounts:
- mountPath: /shared
name: static-files
@ -65,7 +54,7 @@ spec:
image: {{ .Values.dex.image.repository }}:{{ .Values.dex.image.tag }}
imagePullPolicy: {{ .Values.dex.image.imagePullPolicy }}
command:
- /shared/argocd-util
- /shared/argocd-dex
- rundex
{{- if .Values.dex.containerSecurityContext }}
securityContext: {{- toYaml .Values.dex.containerSecurityContext | nindent 10 }}
@ -73,6 +62,9 @@ spec:
{{- if .Values.dex.env }}
env:
{{- toYaml .Values.dex.env | nindent 8 }}
{{- end }}
{{- with .Values.dex.envFrom }}
envFrom: {{- toYaml . | nindent 8 }}
{{- end }}
ports:
- name: http
@ -86,10 +78,12 @@ spec:
containerPort: {{ .Values.dex.containerPortMetrics }}
protocol: TCP
{{- end }}
{{- if .Values.dex.volumeMounts }}
volumeMounts:
{{- toYaml .Values.dex.volumeMounts | nindent 10 }}
{{- end }}
- mountPath: /tmp
name: tmp-dir
{{- if .Values.dex.volumeMounts }}
{{- toYaml .Values.dex.volumeMounts | nindent 8 }}
{{- end }}
resources:
{{- toYaml .Values.dex.resources | nindent 10 }}
{{- if .Values.dex.nodeSelector }}
@ -105,10 +99,12 @@ spec:
{{- toYaml .Values.dex.affinity | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "argo-cd.dexServiceAccountName" . }}
{{- if .Values.dex.volumes }}
volumes:
{{- toYaml .Values.dex.volumes | nindent 8}}
{{- end }}
- emptyDir: {}
name: tmp-dir
{{- if .Values.dex.volumes }}
{{- toYaml .Values.dex.volumes | nindent 6 }}
{{- end }}
{{- if .Values.dex.priorityClassName }}
priorityClassName: {{ .Values.dex.priorityClassName }}
{{- end }}

7
charts/argo-cd/templates/dex/role.yaml
View file

@ -4,12 +4,7 @@ kind: Role
metadata:
name: {{ template "argo-cd.dex.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.dex.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.dex.name }}
{{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }}
rules:
- apiGroups:
- ""

7
charts/argo-cd/templates/dex/rolebinding.yaml
View file

@ -4,12 +4,7 @@ kind: RoleBinding
metadata:
name: {{ template "argo-cd.dex.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.dex.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.dex.name }}
{{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role

10
charts/argo-cd/templates/dex/service.yaml
View file

@ -10,12 +10,7 @@ metadata:
{{- end }}
{{- end }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.dex.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.dex.name }}
{{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }}
{{- if .Values.dex.metrics.service.labels }}
{{- toYaml .Values.dex.metrics.service.labels | nindent 4 }}
{{- end }}
@ -36,6 +31,5 @@ spec:
targetPort: metrics
{{- end }}
selector:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.dex.name }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.dex.name) | nindent 4 }}
{{- end }}

18
charts/argo-cd/templates/dex/serviceaccount.yaml
View file

@ -1,13 +1,15 @@
{{- if .Values.dex.serviceAccount.create }}
{{- if and .Values.dex.enabled .Values.dex.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: {{ .Values.dex.serviceAccount.automountServiceAccountToken }}
metadata:
name: {{ template "argo-cd.dexServiceAccountName" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.dex.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.dex.name }}
{{- if .Values.dex.serviceAccount.annotations }}
annotations:
{{- range $key, $value := .Values.dex.serviceAccount.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }}
{{- end }}

15
charts/argo-cd/templates/dex/servicemonitor.yaml
View file

@ -7,12 +7,7 @@ metadata:
namespace: {{ .Values.dex.metrics.serviceMonitor.namespace }}
{{- end }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.dex.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.dex.name }}
{{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }}
{{- if .Values.dex.metrics.serviceMonitor.selector }}
{{- toYaml .Values.dex.metrics.serviceMonitor.selector | nindent 4 }}
{{- end }}
@ -22,14 +17,14 @@ metadata:
spec:
endpoints:
- port: metrics
interval: 30s
{{- with .Values.controller.metrics.serviceMonitor.interval }}
interval: {{ . }}
{{- end }}
path: /metrics
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
selector:
matchLabels:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.dex.name }}
app.kubernetes.io/component: {{ .Values.dex.name }}
{{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 6 }}
{{- end }}

26
charts/argo-cd/templates/redis/deployment.yaml
View file

@ -5,13 +5,8 @@ kind: Deployment
metadata:
name: {{ template "argo-cd.redis.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.redis.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.redis.name }}
app.kubernetes.io/version: {{ .Values.redis.image.tag }}
{{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }}
app.kubernetes.io/version: {{ .Values.redis.image.tag | quote }}
spec:
selector:
matchLabels:
@ -25,13 +20,8 @@ spec:
{{- end }}
{{- end }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.redis.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.redis.name }}
app.kubernetes.io/version: {{ .Values.redis.image.tag }}
{{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 8 }}
app.kubernetes.io/version: {{ .Values.redis.image.tag | quote }}
{{- if .Values.redis.podLabels }}
{{- toYaml .Values.redis.podLabels | nindent 8 }}
{{- end }}
@ -51,14 +41,20 @@ spec:
- ""
- --appendonly
- "no"
{{- with .Values.redis.extraArgs }}
{{- . | toYaml | nindent 8 }}
{{- end }}
image: {{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }}
imagePullPolicy: {{ .Values.redis.image.imagePullPolicy}}
{{- if .Values.redis.containerSecurityContext }}
securityContext: {{- toYaml .Values.redis.containerSecurityContext | nindent 10 }}
{{- end }}
{{- end }}
{{- if .Values.redis.env }}
env:
{{- toYaml .Values.redis.env | nindent 8 }}
{{- end }}
{{- with .Values.redis.envFrom }}
envFrom: {{- toYaml . | nindent 8 }}
{{- end }}
ports:
- containerPort: {{ .Values.redis.containerPort }}

9
charts/argo-cd/templates/redis/service.yaml
View file

@ -5,16 +5,11 @@ kind: Service
metadata:
name: {{ template "argo-cd.redis.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.redis.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.redis.name }}
{{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }}
spec:
ports:
- port: {{ .Values.redis.servicePort }}
targetPort: {{ .Values.redis.servicePort }}
selector:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.redis.name }}
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.redis.name) | nindent 4 }}
{{- end }}

Some files were not shown because too many files have changed in this diff Show more