DevFW-CICD/argocd-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

merged upstream

Browse source
This commit is contained in:
konstantin.kiess 2020-01-21 14:03:37 +01:00
commit 0dc73fdc89
38 changed files with 3207 additions and 133 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
CODEOWNERS
View file

@ -1,7 +1,7 @@
# https://help.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners
# Argo CD
/charts/argo-cd @seanson
/charts/argo-cd @seanson @spencergilbert
# Argo Events
/charts/argo-events @jbehling

4
CONTRIBUTING.md
View file

@ -19,7 +19,7 @@ Clean-up:
```
helm delete argo-cd --purge
kubectl delete crd -l app.kubernetes.io/part-of=argo-cd
kubectl delete crd -l app.kubernetes.io/part-of=argocd
```
Minimally:
@ -32,7 +32,7 @@ kubectl port-forward service/argo-cd-argocd-server -n argocd 8080:443
In a new terminal:
```
argocd version
argocd version --server localhost:8080 --insecure
# reset password to 'Password1!'
kubectl -n argocd patch secret argocd-secret \
-p '{"stringData": {

2
charts/argo-cd/.helmignore Normal file
View file

@ -0,0 +1,2 @@
*.tgz
output

6
charts/argo-cd/Chart.yaml
View file

@ -1,10 +1,10 @@
apiVersion: v1
appVersion: "1.2.4"
appVersion: "1.3.6"
description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes.
name: argo-cd
version: 1.0.3
version: 1.6.3
home: https://github.com/argoproj/argo-helm
icon: https://raw.githubusercontent.com/argoproj/argo/master/argo.png
icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
keywords:
- argoproj
- argocd

41
charts/argo-cd/README.md
View file

@ -2,8 +2,6 @@ Argo CD Chart
======
A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes.
Current chart version is `1.0.2`
Source code can be found [here](https://argoproj.github.io/argo-cd/)
## Additional Information
@ -26,6 +24,11 @@ $ helm repo add argo https://argoproj.github.io/argo-helm
$ helm install --name my-release argo/argo-cd
```
### Helm v3 Compatability
Requires chart version 1.5.1 or newer.
Helm v3 has removed the `install-crds` hook so CRDs are now populated by files in the [crds](./crds) directory. Users of Helm v3 should set the `installCRDs` value to `false` to avoid warnings about nonexistant webhooks.
## Chart Values
@ -33,14 +36,17 @@ $ helm install --name my-release argo/argo-cd
|-----|------|---------|
| global.image.imagePullPolicy | If defined, a imagePullPolicy applied to all ArgoCD deployments. | `"IfNotPresent"` |
| global.image.repository | If defined, a repository applied to all ArgoCD deployments. | `"argoproj/argocd"` |
| global.image.tag | If defined, a tag applied to all ArgoCD deployments. | `"v1.2.3"` |
| global.image.tag | If defined, a tag applied to all ArgoCD deployments. | `"v1.3.6"` |
| global.securityContext | Toggle and define securityContext | See [values.yaml](values.yaml) | 
| nameOverride | Provide a name in place of `argocd` | `"argocd"` |
| installCRDs | bool | `true` | Install CRDs if you are using Helm2. |
| configs.knownHosts.data.ssh_known_hosts | Known Hosts | See [values.yaml](values.yaml) |
| configs.secret.bitbucketSecret | BitBucket incoming webhook secret | `""` |
| configs.secret.createSecret | Create the argocd-secret. | `true` |
| configs.secret.githubSecret | GitHub incoming webhook secret | `""` |
| configs.secret.gitlabSecret | GitLab incoming webhook secret | `""` |
| configs.tlsCerts.data."argocd.example.com" | TLS certificate | See [values.yaml](values.yaml) |
| configs.secret.extra | add additional secrets to be added to argocd-secret | `{}` |
## ArgoCD Controller
@ -51,7 +57,8 @@ $ helm install --name my-release argo/argo-cd
| controller.args.statusProcessors | define the controller `--status-processors` | `"20"` |
| controller.clusterAdminAccess.enabled | Enable RBAC for local cluster deployments. | `true` |
| controller.containerPort | Controller listening port. | `8082` |
| controller.extraArgs | Additional arguments for the controller. | `[]` |
| controller.extraArgs | Additional arguments for the controller. A list of key:value pairs | `[]` |
| controller.env | Environment variables for the controller. | `[]` |
| controller.image.repository | Repository to use for the controller | `global.image.repository` |
| controller.image.imagePullPolicy | Image pull policy for the controller | `global.image.imagePullPolicy` |
| controller.image.tag | Tag to use for the controller | `global.image.tag` |
@ -83,7 +90,7 @@ $ helm install --name my-release argo/argo-cd
| controller.service.port | Controller service port. | `8082` |
| controller.serviceAccount.create | Create a service account for the controller | `true` |
| controller.serviceAccount.name | Service account name. | `"argocd-application-controller"` |
| controller.tolerations | Tolerations for use with node taints https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | `{}` |
| controller.tolerations | Tolerations for use with node taints https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | `[]` |
| controller.volumeMounts | Controller volume mounts | `[]` |
| controller.volumes | Controller volumes | `[]` |
@ -93,7 +100,8 @@ $ helm install --name my-release argo/argo-cd
|-----|------|---------|-------------|
| repoServer.affinity | Assign custom affinity rules to the deployment https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ | `{}` |
| repoServer.containerPort | Repo server port | `8081` |
| repoServer.extraArgs | Additional arguments for the repo server | `[]` |
| repoServer.extraArgs | Additional arguments for the repo server. A list of key:value pairs. | `[]` |
| repoServer.env | Environment variables for the repo server. | `[]` |
| repoServer.image.repository | Repository to use for the repo server | `global.image.repository` |
| repoServer.image.imagePullPolicy | Image pull policy for the repo server | `global.image.imagePullPolicy` |
| repoServer.image.tag | Tag to use for the repo server | `global.image.tag` |
@ -123,7 +131,7 @@ $ helm install --name my-release argo/argo-cd
| repoServer.service.annotations | Repo server service annotations. | `{}` |
| repoServer.service.labels | Repo server service labels. | `{}` |
| repoServer.service.port | Repo server service port. | `8081` |
| repoServer.tolerations | Tolerations for use with node taints https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | `{}` |
| repoServer.tolerations | Tolerations for use with node taints https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | `[]` |
| repoServer.volumeMounts | Repo server volume mounts | `[]` |
| repoServer.volumes | Repo server volumes | `[]` |
@ -136,9 +144,10 @@ $ helm install --name my-release argo/argo-cd
| server.certificate.domain | Certificate manager domain | `"argocd.example.com"` |
| server.certificate.enabled | Enables a certificate manager certificate. | `false` |
| server.certificate.issuer | Certificate manager issuer | `{}` |
| server.config | URL for Argo CD | `{}` |
| server.config | [General Argo CD configuration](https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#repositories) | See [values.yaml](values.yaml) |
| server.containerPort | Server container port. | `8080` |
| server.extraArgs | Additional arguments for the server | `[]` |
| server.extraArgs | Additional arguments for the server. A list of key:value pairs. | `[]` |
| server.env | Environment variables for the server. | `[]` |
| server.image.repository | Repository to use for the server | `global.image.repository` |
| server.image.imagePullPolicy | Image pull policy for the server | `global.image.imagePullPolicy` |
| server.image.tag | Tag to use for the repo server | `global.image.tag` |
@ -147,6 +156,8 @@ $ helm install --name my-release argo/argo-cd
| server.ingress.hosts | List of ingress hosts | `[]` |
| server.ingress.labels | Additional ingress labels. | `{}` |
| server.ingress.tls | Ingress TLS configuration. | `[]` |
| server.route.enabled | Enable a OpenShift route for the server | `false` |
| server.route.hostname | Hostname of OpenShift route | `""` |
| server.livenessProbe.failureThreshold | int | `3` |
| server.livenessProbe.initialDelaySeconds | int | `10` |
| server.livenessProbe.periodSeconds | int | `10` |
@ -164,7 +175,7 @@ $ helm install --name my-release argo/argo-cd
| server.podAnnotations | Annotations for the repo server pods | `{}` |
| server.podLabels | Labels for the repo server pods | `{}` |
| server.priorityClassName | Priority class for the repo server | `""` |
| server.rbacConfig | Argo CD RBAC policy https://argoproj.github.io/argo-cd/operator-manual/rbac/ | `See [values.yaml](values.yaml)` |
| server.rbacConfig | [Argo CD RBAC policy](https://argoproj.github.io/argo-cd/operator-manual/rbac/) | `{}` |
| server.readinessProbe.failureThreshold | int | `3` |
| server.readinessProbe.initialDelaySeconds | int | `10` |
| server.readinessProbe.periodSeconds | int | `10` |
@ -178,7 +189,7 @@ $ helm install --name my-release argo/argo-cd
| server.service.type | Server service type | `"ClusterIP"` |
| server.serviceAccount.create | Create server service account | `true` |
| server.serviceAccount.name | Server service account name | `"argocd-server"` |
| server.tolerations | Tolerations for use with node taints https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | `{}` |
| server.tolerations | Tolerations for use with node taints https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | `[]` |
| server.volumeMounts | Server volume mounts | `[]` |
| server.volumes | Server volumes | `[]` |
@ -197,6 +208,7 @@ $ helm install --name my-release argo/argo-cd
| dex.initImage.imagePullPolicy | Argo CD init image imagePullPolicy | `global.image.imagePullPolicy` |
| dex.initImage.tag | Argo CD init image tag | `global.image.tag` |
| dex.name | Dex name | `"dex-server"` |
| dex.env | Environment variables for the Dex server. | `[]` |
| dex.nodeSelector | Dex node selector https://kubernetes.io/docs/user-guide/node-selection/ | `{}` |
| dex.priorityClassName | Priority class for dex | `""` |
| dex.resources | Resource limits and requests for dex | `{}` |
@ -204,7 +216,7 @@ $ helm install --name my-release argo/argo-cd
| dex.serviceAccount.name | Dex service account name | `"argocd-dex-server"` |
| dex.servicePortGrpc | Server GRPC port | `5557` |
| dex.servicePortHttp | Server HTTP port | `5556` |
| dex.tolerations | Tolerations for use with node taints https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | `{}` |
| dex.tolerations | Tolerations for use with node taints https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | `[]` |
| dex.volumeMounts | Dex volume mounts | `"/shared"` |
| dex.volumes | Dex volumes | `{}` |
@ -214,13 +226,14 @@ $ helm install --name my-release argo/argo-cd
|-----|------|---------|-------------|
| redis.affinity | Assign custom affinity rules to the deployment https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ | `{}` |
| redis.containerPort | Redis container port | `6379` |
| redis.enabled | Enable redis | `false` |
| redis.enabled | Enable redis | `true` |
| redis.image.imagePullPolicy | Redis imagePullPolicy | `"IfNotPresent"` |
| redis.image.repository | Redis repository | `"redis"` |
| redis.image.tag | Redis tag | `"5.0.3"` |
| redis.name | Redis name | `"redis"` |
| redis.env | Environment variables for the Redis server. | `[]` |
| redis.nodeSelector | Redis node selector https://kubernetes.io/docs/user-guide/node-selection/ | `{}` |
| redis.priorityClassName | Priority class for redis | `""` |
| redis.resources | Resource limits and requests for redis | `{}` |
| redis.servicePort | Redis service port | `6379` |
| redis.tolerations | Tolerations for use with node taints https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | `{}` |
| redis.tolerations | Tolerations for use with node taints https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | `[]` |

1914
charts/argo-cd/crds/crd-application.yaml Normal file
View file

File diff suppressed because it is too large Load diff

603
charts/argo-cd/crds/crd-project.yaml Normal file
View file

@ -0,0 +1,603 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
labels:
app.kubernetes.io/name: appprojects.argoproj.io
app.kubernetes.io/part-of: argocd
name: appprojects.argoproj.io
spec:
group: argoproj.io
names:
kind: AppProject
plural: appprojects
shortNames:
- appproj
- appprojs
scope: Namespaced
validation:
openAPIV3Schema:
description:
"AppProject provides a logical grouping of applications, providing
controls for: * where the apps may deploy to (cluster whitelist) * what may
be deployed (repository whitelist, resource whitelist/blacklist) * who can
access these applications (roles, OIDC group claims bindings) * and what they
can do (RBAC policies) * automation access to these roles (JWT tokens)"
properties:
apiVersion:
description:
"APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources"
type: string
kind:
description:
"Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds"
type: string
metadata:
properties:
annotations:
additionalProperties:
type: string
description:
"Annotations is an unstructured key value map stored with
a resource that may be set by external tools to store and retrieve
arbitrary metadata. They are not queryable and should be preserved
when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"
type: object
clusterName:
description:
The name of the cluster which the object belongs to. This
is used to distinguish resources with same name and namespace in different
clusters. This field is not set anywhere right now and apiserver is
going to ignore it if set in create or update request.
type: string
deletionGracePeriodSeconds:
description:
Number of seconds allowed for this object to gracefully
terminate before it will be removed from the system. Only set when
deletionTimestamp is also set. May only be shortened. Read-only.
format: int64
type: integer
deletionTimestamp:
description:
"DeletionTimestamp is RFC 3339 date and time at which this
resource will be deleted. This field is set by the server when a graceful
deletion is requested by the user, and is not directly settable by
a client. The resource is expected to be deleted (no longer visible
from resource lists, and not reachable by name) after the time in
this field, once the finalizers list is empty. As long as the finalizers
list contains items, deletion is blocked. Once the deletionTimestamp
is set, this value may not be unset or be set further into the future,
although it may be shortened or the resource may be deleted prior
to this time. For example, a user may request that a pod is deleted
in 30 seconds. The Kubelet will react by sending a graceful termination
signal to the containers in the pod. After that 30 seconds, the Kubelet
will send a hard termination signal (SIGKILL) to the container and
after cleanup, remove the pod from the API. In the presence of network
partitions, this object may still exist after this timestamp, until
an administrator or automated process can determine the resource is
fully terminated. If not set, graceful deletion of the object has
not been requested. \n Populated by the system when a graceful deletion
is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata"
format: date-time
type: string
finalizers:
description:
Must be empty before the object is deleted from the registry.
Each entry is an identifier for the responsible component that will
remove the entry from the list. If the deletionTimestamp of the object
is non-nil, entries in this list can only be removed.
items:
type: string
type: array
generateName:
description:
"GenerateName is an optional prefix, used by the server,
to generate a unique name ONLY IF the Name field has not been provided.
If this field is used, the name returned to the client will be different
than the name passed. This value will also be combined with a unique
suffix. The provided value has the same validation rules as the Name
field, and may be truncated by the length of the suffix required to
make the value unique on the server. \n If this field is specified
and the generated name exists, the server will NOT return a 409 -
instead, it will either return 201 Created or 500 with Reason ServerTimeout
indicating a unique name could not be found in the time allotted,
and the client should retry (optionally after the time indicated in
the Retry-After header). \n Applied only if Name is not specified.
More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#idempotency"
type: string
generation:
description:
A sequence number representing a specific generation of
the desired state. Populated by the system. Read-only.
format: int64
type: integer
initializers:
description:
"An initializer is a controller which enforces some system
invariant at object creation time. This field is a list of initializers
that have not yet acted on this object. If nil or empty, this object
has been completely initialized. Otherwise, the object is considered
uninitialized and is hidden (in list/watch and get calls) from clients
that haven't explicitly asked to observe uninitialized objects. \n
When an object is created, the system will populate this list with
the current set of initializers. Only privileged users may set or
modify this list. Once it is empty, it may not be modified further
by any user. \n DEPRECATED - initializers are an alpha field and will
be removed in v1.15."
properties:
pending:
description:
Pending is a list of initializers that must execute
in order before this object is visible. When the last pending
initializer is removed, and no failing result is set, the initializers
struct will be set to nil and the object is considered as initialized
and visible to all clients.
items:
properties:
name:
description:
name of the process that is responsible for initializing
this object.
type: string
required:
- name
type: object
type: array
result:
description:
If result is set with the Failure field, the object
will be persisted to storage and then deleted, ensuring that other
clients can observe the deletion.
properties:
apiVersion:
description:
"APIVersion defines the versioned schema of this
representation of an object. Servers should convert recognized
schemas to the latest internal value, and may reject unrecognized
values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources"
type: string
code:
description:
Suggested HTTP return code for this status, 0 if
not set.
format: int32
type: integer
details:
description:
Extended data associated with the reason. Each
reason may define its own extended details. This field is
optional and the data returned is not guaranteed to conform
to any schema except that defined by the reason type.
properties:
causes:
description:
The Causes array includes more details associated
with the StatusReason failure. Not all StatusReasons may
provide detailed causes.
items:
properties:
field:
description:
"The field of the resource that has caused
this error, as named by its JSON serialization.
May include dot and postfix notation for nested
attributes. Arrays are zero-indexed. Fields may
appear more than once in an array of causes due
to fields having multiple errors. Optional. \n Examples:
\ \"name\" - the field \"name\" on the current
resource \"items[0].name\" - the field \"name\"
on the first array entry in \"items\""
type: string
message:
description:
A human-readable description of the cause
of the error. This field may be presented as-is
to a reader.
type: string
reason:
description:
A machine-readable description of the
cause of the error. If this value is empty there
is no information available.
type: string
type: object
type: array
group:
description:
The group attribute of the resource associated
with the status StatusReason.
type: string
kind:
description:
"The kind attribute of the resource associated
with the status StatusReason. On some operations may differ
from the requested resource Kind. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds"
type: string
name:
description:
The name attribute of the resource associated
with the status StatusReason (when there is a single name
which can be described).
type: string
retryAfterSeconds:
description:
If specified, the time in seconds before the
operation should be retried. Some errors may indicate
the client must take an alternate action - for those errors
this field may indicate how long to wait before taking
the alternate action.
format: int32
type: integer
uid:
description:
"UID of the resource. (when there is a single
resource which can be described). More info: http://kubernetes.io/docs/user-guide/identifiers#uids"
type: string
type: object
kind:
description:
"Kind is a string value representing the REST resource
this object represents. Servers may infer this from the endpoint
the client submits requests to. Cannot be updated. In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds"
type: string
message:
description:
A human-readable description of the status of this
operation.
type: string
metadata:
description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds"
properties:
continue:
description:
continue may be set if the user set a limit
on the number of items returned, and indicates that the
server has more data available. The value is opaque and
may be used to issue another request to the endpoint that
served this list to retrieve the next set of available
objects. Continuing a consistent list may not be possible
if the server configuration has changed or more than a
few minutes have passed. The resourceVersion field returned
when using this continue value will be identical to the
value in the first response, unless you have received
this token from an error message.
type: string
resourceVersion:
description:
"String that identifies the server's internal
version of this object that can be used by clients to
determine when objects have changed. Value must be treated
as opaque by clients and passed unmodified back to the
server. Populated by the system. Read-only. More info:
https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency"
type: string
selfLink:
description:
selfLink is a URL representing this object.
Populated by the system. Read-only.
type: string
type: object
reason:
description:
A machine-readable description of why this operation
is in the "Failure" status. If this value is empty there is
no information available. A Reason clarifies an HTTP status
code but does not override it.
type: string
status:
description:
'Status of the operation. One of: "Success" or
"Failure". More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status'
type: string
type: object
required:
- pending
type: object
labels:
additionalProperties:
type: string
description:
"Map of string keys and values that can be used to organize
and categorize (scope and select) objects. May match selectors of
replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"
type: object
managedFields:
description:
"ManagedFields maps workflow-id and version to the set
of fields that are managed by that workflow. This is mostly for internal
housekeeping, and users typically shouldn't need to set or understand
this field. A workflow can be the user's name, a controller's name,
or the name of a specific apply path like \"ci-cd\". The set of fields
is always in the version that the workflow used when modifying the
object. \n This field is alpha and can be changed or removed without
notice."
items:
properties:
apiVersion:
description:
APIVersion defines the version of this resource that
this field set applies to. The format is "group/version" just
like the top-level APIVersion field. It is necessary to track
the version of a field set because it cannot be automatically
converted.
type: string
fields:
additionalProperties: true
description: Fields identifies a set of fields.
type: object
manager:
description:
Manager is an identifier of the workflow managing
these fields.
type: string
operation:
description:
Operation is the type of operation which lead to
this ManagedFieldsEntry being created. The only valid values
for this field are 'Apply' and 'Update'.
type: string
time:
description:
Time is timestamp of when these fields were set.
It should always be empty if Operation is 'Apply'
format: date-time
type: string
type: object
type: array
name:
description:
"Name must be unique within a namespace. Is required when
creating resources, although some resources may allow a client to
request the generation of an appropriate name automatically. Name
is primarily intended for creation idempotence and configuration definition.
Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"
type: string
namespace:
description:
"Namespace defines the space within each name must be unique.
An empty namespace is equivalent to the \"default\" namespace, but
\"default\" is the canonical representation. Not all objects are required
to be scoped to a namespace - the value of this field for those objects
will be empty. \n Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces"
type: string
ownerReferences:
description:
List of objects depended by this object. If ALL objects
in the list have been deleted, this object will be garbage collected.
If this object is managed by a controller, then an entry in this list
will point to this controller, with the controller field set to true.
There cannot be more than one managing controller.
items:
properties:
apiVersion:
description: API version of the referent.
type: string
blockOwnerDeletion:
description:
If true, AND if the owner has the "foregroundDeletion"
finalizer, then the owner cannot be deleted from the key-value
store until this reference is removed. Defaults to false. To
set this field, a user needs "delete" permission of the owner,
otherwise 422 (Unprocessable Entity) will be returned.
type: boolean
controller:
description: If true, this reference points to the managing controller.
type: boolean
kind:
description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds"
type: string
name:
description: "Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names"
type: string
uid:
description: "UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"
type: string
required:
- apiVersion
- kind
- name
- uid
type: object
type: array
resourceVersion:
description:
"An opaque value that represents the internal version of
this object that can be used by clients to determine when objects
have changed. May be used for optimistic concurrency, change detection,
and the watch operation on a resource or set of resources. Clients
must treat these values as opaque and passed unmodified back to the
server. They may only be valid for a particular resource or set of
resources. \n Populated by the system. Read-only. Value must be treated
as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency"
type: string
selfLink:
description:
SelfLink is a URL representing this object. Populated by
the system. Read-only.
type: string
uid:
description:
"UID is the unique in time and space value for this object.
It is typically generated by the server on successful creation of
a resource and is not allowed to change on PUT operations. \n Populated
by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"
type: string
type: object
spec:
properties:
clusterResourceWhitelist:
description:
ClusterResourceWhitelist contains list of whitelisted cluster
level resources
items:
properties:
group:
type: string
kind:
type: string
required:
- group
- kind
type: object
type: array
description:
description: Description contains optional project description
type: string
destinations:
description:
Destinations contains list of destinations available for
deployment
items:
properties:
namespace:
description:
Namespace overrides the environment namespace value
in the ksonnet app.yaml
type: string
server:
description:
Server overrides the environment server value in
the ksonnet app.yaml
type: string
type: object
type: array
namespaceResourceBlacklist:
description:
NamespaceResourceBlacklist contains list of blacklisted
namespace level resources
items:
properties:
group:
type: string
kind:
type: string
required:
- group
- kind
type: object
type: array
orphanedResources:
description:
OrphanedResources specifies if controller should monitor
orphaned resources of apps in this project
properties:
warn:
description:
Warn indicates if warning condition should be created
for apps which have orphaned resources
type: boolean
type: object
roles:
description:
Roles are user defined RBAC roles associated with this
project
items:
properties:
description:
description: Description is a description of the role
type: string
groups:
description:
Groups are a list of OIDC group claims bound to this
role
items:
type: string
type: array
jwtTokens:
description:
JWTTokens are a list of generated JWT tokens bound
to this role
items:
properties:
exp:
format: int64
type: integer
iat:
format: int64
type: integer
required:
- iat
type: object
type: array
name:
description: Name is a name for this role
type: string
policies:
description:
Policies Stores a list of casbin formated strings
that define access policies for the role in the project
items:
type: string
type: array
required:
- name
type: object
type: array
sourceRepos:
description:
SourceRepos contains list of repository URLs which can
be used for deployment
items:
type: string
type: array
syncWindows:
description:
SyncWindows controls when syncs can be run for apps in
this project
items:
properties:
applications:
description:
Applications contains a list of applications that
the window will apply to
items:
type: string
type: array
clusters:
description:
Clusters contains a list of clusters that the window
will apply to
items:
type: string
type: array
duration:
description:
Duration is the amount of time the sync window will
be open
type: string
kind:
description: Kind defines if the window allows or blocks syncs
type: string
manualSync:
description:
ManualSync enables manual syncs when they would otherwise
be blocked
type: boolean
namespaces:
description:
Namespaces contains a list of namespaces that the
window will apply to
items:
type: string
type: array
schedule:
description:
Schedule is the time the window will begin, specified
in cron format
type: string
type: object
type: array
type: object
required:
- metadata
- spec
type: object
versions:
- name: v1alpha1
served: true
storage: true

4
charts/argo-cd/templates/NOTES.txt
View file

@ -1,6 +1,6 @@
In order to access the server UI you have the following options:
1. kubectl port-forward service/argo-cd-argocd-server -n argocd 8080:443
1. kubectl port-forward service/{{include "argo-cd.fullname" . }}-server -n {{ .Release.Namespace }} 8080:443
and then open the browser on http://localhost:8080 and accept the certificate
@ -12,4 +12,4 @@ In order to access the server UI you have the following options:
After reaching the UI the first time you can login with username: admin and the password will be the
name of the server pod. You can get the pod name by running:
kubectl get pods -n argocd -l app.kubernetes.io/name={{ include "argo-cd.name" . }}-server -o name | cut -d'/' -f 2
kubectl get pods -n {{ .Release.Namespace }} -l app.kubernetes.io/name={{ include "argo-cd.name" . }}-server -o name | cut -d'/' -f 2

11
charts/argo-cd/templates/_helpers.tpl
View file

@ -92,6 +92,17 @@ Create the name of the ArgoCD server service account to use
{{- end -}}
{{- end -}}
{{/*
Create the name of the repo-server service account to use
*/}}
{{- define "argo-cd.repoServerServiceAccountName" -}}
{{- if .Values.repoServer.serviceAccount.create -}}
{{ default (include "argo-cd.fullname" .) .Values.repoServer.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.repoServer.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}

15
charts/argo-cd/templates/argocd-application-controller/deployment.yaml Normal file → Executable file
View file

@ -1,3 +1,4 @@
apiVersion: apps/v1
kind: Deployment
metadata:
@ -9,6 +10,7 @@ metadata:
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.controller.name }}
app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.controller.image.tag | quote }}
spec:
selector:
matchLabels:
@ -31,10 +33,14 @@ spec:
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.controller.name }}
app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.controller.image.tag | quote }}
{{- if .Values.controller.podLabels }}
{{- toYaml .Values.controller.podLabels | nindent 8 }}
{{- end }}
spec:
{{- if .Values.global.securityContext }}
securityContext: {{- toYaml .Values.global.securityContext | nindent 8 }}
{{- end }}
containers:
- command:
- argocd-application-controller
@ -60,6 +66,13 @@ spec:
image: {{ default .Values.global.image.repository .Values.controller.image.repository }}:{{ default .Values.global.image.tag .Values.controller.image.tag }}
imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.controller.image.imagePullPolicy }}
name: {{ .Values.controller.name }}
{{- if .Values.controller.containerSecurityContext }}
securityContext: {{- toYaml .Values.controller.containerSecurityContext | nindent 10 }}
{{- end }}
{{- if .Values.controller.env }}
env:
{{- toYaml .Values.controller.env | nindent 8 }}
{{- end }}
ports:
- name: controller
containerPort: {{ .Values.controller.containerPort }}
@ -103,4 +116,4 @@ spec:
{{- if .Values.controller.volumes }}
volumes:
{{- toYaml .Values.controller.volumes | nindent 8 }}
{{- end }}
{{- end }}

27
charts/argo-cd/templates/argocd-application-controller/prometheusrule.yaml Normal file
View file

@ -0,0 +1,27 @@
{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.rules.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: {{ template "argo-cd.controller.fullname" . }}
{{- if .Values.controller.metrics.rules.namespace }}
namespace: {{ .Values.controller.metrics.rules.namespace }}
{{- end }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.controller.name }}
{{- if .Values.controller.metrics.rules.selector }}
{{- toYaml .Values.controller.metrics.rules.selector | nindent 4 }}
{{- end }}
{{- if .Values.controller.metrics.rules.additionalLabels }}
{{- toYaml .Values.controller.metrics.rules.additionalLabels | nindent 4 }}
{{- end }}
spec:
groups:
- name: argocd
rules:
{{- toYaml .Values.controller.metrics.rules.spec | nindent 4 }}
{{- end }}

5
charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml
View file

@ -13,7 +13,9 @@ metadata:
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.controller.name }}
{{- if .Values.controller.metrics.serviceMonitor.selector }}
{{- toYaml .Values.controller.metrics.serviceMonitor.selector | nindent 4 }}
{{- end }}
{{- if .Values.controller.metrics.serviceMonitor.additionalLabels }}
{{- toYaml .Values.controller.metrics.serviceMonitor.additionalLabels | nindent 4 }}
{{- end }}
@ -29,4 +31,5 @@ spec:
matchLabels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-metrics
app.kubernetes.io/component: {{ .Values.controller.name }}
{{- end }}
{{- end }}

27
charts/argo-cd/templates/argocd-configs/argocd-secret.yaml
View file

@ -11,27 +11,34 @@ metadata:
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.server.name }}
type: Opaque
{{- if or .Values.configs.secret.githubSecret (or .Values.configs.secret.gitlabSecret .Values.configs.secret.bitbucketSecret) }}
{{- if or .Values.configs.secret.githubSecret (or .Values.configs.secret.gitlabSecret .Values.configs.secret.bitbucketUUID .Values.configs.secret.bitbucketServerSecret .Values.configs.secret.gogsSecret .Values.configs.secret.argocdServerAdminPassword .Values.configs.secret.argocdServerTlsConfig .Values.configs.secret.extra) }}
# Setting a blank data again will wipe admin password/key/cert
data:
{{- if .Values.configs.secret.githubSecret }}
github.webhook.secret: {{ .Values.configs.secret.githubSecret | b64enc }}
webhook.github.secret: {{ .Values.configs.secret.githubSecret | b64enc }}
{{- end }}
{{- if .Values.configs.secret.gitlabSecret }}
gitlab.webhook.secret: {{ .Values.configs.secret.gitlabSecret | b64enc }}
webhook.gitlab.secret: {{ .Values.configs.secret.gitlabSecret | b64enc }}
{{- end }}
{{- if .Values.configs.secret.bitbucketSecret }}
bitbucket.webhook.uuid: {{ .Values.configs.secret.bitbucketSecret | b64enc }}
{{- if .Values.configs.secret.bitbucketServerSecret }}
webhook.bitbucketserver.secret: {{ .Values.configs.secret.bitbucketServerSecret | b64enc }}
{{- end }}
{{- if and .Values.configs.secret.argocdServerTlsConfig.key (.Values.configs.secret.argocdServerTlsConfig.cert) }}
{{- if .Values.configs.secret.bitbucketUUID }}
webhook.bitbucket.uuid: {{ .Values.configs.secret.bitbucketUUID | b64enc }}
{{- end }}
{{- if .Values.configs.secret.gogsSecret }}
webhook.gogs.secret: {{ .Values.configs.secret.gogsSecret | b64enc }}
{{- end }}
{{- if .Values.configs.secret.argocdServerTlsConfig }}
tls.key: {{ .Values.configs.secret.argocdServerTlsConfig.key | b64enc }}
tls.cert: {{ .Values.configs.secret.argocdServerTlsConfig.cert | b64enc }}
tls.crt: {{ .Values.configs.secret.argocdServerTlsConfig.crt | b64enc }}
{{- end }}
{{- if .Values.configs.secret.argocdServerAdminPassword }}
admin.password: {{ .Values.configs.secret.argocdServerAdminPassword | b64enc }}
admin.passwordMtime: {{ date "2006-01-02T15:04:05Z" now | b64enc }}
{{- end }}
{{- range $key, $value := .Values.configs.secret.extra }}
{{ $key }}: {{ $value | b64enc }}
{{- end }}
{{- end }}
{{- end }}

23
charts/argo-cd/templates/argocd-repo-server/deployment.yaml Normal file → Executable file
View file

@ -9,6 +9,7 @@ metadata:
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.repoServer.name }}
app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.repoServer.image.tag | quote }}
spec:
selector:
matchLabels:
@ -31,10 +32,14 @@ spec:
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.repoServer.name }}
app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.repoServer.image.tag | quote }}
{{- if .Values.controller.podLabels }}
{{- toYaml .Values.controller.podLabels | nindent 8 }}
{{- end }}
spec:
{{- if .Values.global.securityContext }}
securityContext: {{- toYaml .Values.global.securityContext | nindent 8 }}
{{- end }}
containers:
- name: {{ .Values.repoServer.name }}
image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default .Values.global.image.tag .Values.repoServer.image.tag }}
@ -54,9 +59,16 @@ spec:
- --{{ $key }}
{{- end }}
{{- end }}
{{- if .Values.repoServer.containerSecurityContext }}
securityContext: {{- toYaml .Values.repoServer.containerSecurityContext | nindent 10 }}
{{- end }}
{{- if .Values.repoServer.env }}
env:
{{- toYaml .Values.repoServer.env | nindent 8 }}
{{- end }}
volumeMounts:
{{- if .Values.repoServer.volumeMounts }}
{{- toYaml .Values.repoServer.volumeMounts | nindent 10}}
{{- toYaml .Values.repoServer.volumeMounts | nindent 8}}
{{- end }}
{{- if .Values.configs.knownHosts }}
- mountPath: /app/config/ssh
@ -105,9 +117,10 @@ spec:
affinity:
{{- toYaml .Values.repoServer.affinity | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "argo-cd.repoServerServiceAccountName" . }}
volumes:
{{- if .Values.repoServer.volumes }}
{{- toYaml .Values.repoServer.volumes | nindent 8}}
{{- toYaml .Values.repoServer.volumes | nindent 6}}
{{- end }}
{{- if .Values.configs.knownHosts }}
- configMap:
@ -118,4 +131,8 @@ spec:
- configMap:
name: argocd-tls-certs-cm
name: tls-certs
{{- end }}
{{- end }}
{{- if .Values.repoServer.initContainers }}
initContainers:
{{- toYaml .Values.repoServer.initContainers | nindent 6 }}
{{- end }}

18
charts/argo-cd/templates/argocd-repo-server/repository-credentials-secret.yaml Normal file
View file

@ -0,0 +1,18 @@
{{- if .Values.configs.repositoryCredentials }}
apiVersion: v1
kind: Secret
metadata:
name: argocd-repository-credentials
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-secret
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.server.name }}
type: Opaque
data:
{{- range $key, $value := .Values.configs.repositoryCredentials }}
{{ $key }}: {{ $value | b64enc }}
{{- end }}
{{- end }}

17
charts/argo-cd/templates/argocd-repo-server/role.yaml Normal file
View file

@ -0,0 +1,17 @@
{{- if .Values.repoServer.serviceAccount.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ template "argo-cd.repoServer.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.repoServer.name }}
rules:
{{- if .Values.repoServer.rbac }}
{{toYaml .Values.repoServer.rbac }}
{{- end }}
{{- end }}

21
charts/argo-cd/templates/argocd-repo-server/rolebinding.yaml Normal file
View file

@ -0,0 +1,21 @@
{{- if .Values.repoServer.serviceAccount.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "argo-cd.repoServer.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.repoServer.name }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "argo-cd.repoServer.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "argo-cd.repoServerServiceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}

19
charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml Normal file
View file

@ -0,0 +1,19 @@
{{- if .Values.repoServer.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "argo-cd.repoServerServiceAccountName" . }}
{{- if .Values.repoServer.serviceAccount.annotations }}
annotations:
{{- range $key, $value := .Values.repoServer.serviceAccount.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.repoServer.name }}
{{- end }}

5
charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml
View file

@ -13,7 +13,9 @@ metadata:
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.repoServer.name }}
{{- if .Values.repoServer.metrics.serviceMonitor.selector }}
{{- toYaml .Values.repoServer.metrics.serviceMonitor.selector | nindent 4 }}
{{- end }}
{{- if .Values.repoServer.metrics.serviceMonitor.additionalLabels }}
{{- toYaml .Values.repoServer.metrics.serviceMonitor.additionalLabels | nindent 4 }}
{{- end }}
@ -30,4 +32,5 @@ spec:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ template "argo-cd.repoServer.fullname" . }}-metrics
app.kubernetes.io/component: {{ .Values.repoServer.name }}
{{- end }}
{{- end }}

6
charts/argo-cd/templates/argocd-server/certificate.yaml
View file

@ -14,11 +14,11 @@ spec:
commonName: {{ .Values.server.certificate.domain | quote }}
dnsNames:
- {{ .Values.server.certificate.domain | quote }}
{{- range .Values.ingress.additionalHosts }}
{{- range .Values.server.certificate.additionalHosts }}
- {{ . | quote }}
{{- end }}
issuerRef:
kind: {{ .Values.certificate.issuer.kind | quote }}
name: {{ .Values.certificate.issuer.name | quote }}
kind: {{ .Values.server.certificate.issuer.kind | quote }}
name: {{ .Values.server.certificate.issuer.name | quote }}
secretName: argocd-secret
{{- end }}

14
charts/argo-cd/templates/argocd-server/deployment.yaml Normal file → Executable file
View file

@ -9,6 +9,7 @@ metadata:
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.server.name }}
app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.server.image.tag | quote }}
spec:
selector:
matchLabels:
@ -31,10 +32,14 @@ spec:
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.server.name }}
app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.server.image.tag | quote }}
{{- if .Values.controller.podLabels }}
{{- toYaml .Values.controller.podLabels | nindent 8 }}
{{- end }}
spec:
{{- if .Values.global.securityContext }}
securityContext: {{- toYaml .Values.global.securityContext | nindent 8 }}
{{- end }}
containers:
- name: {{ .Values.server.name }}
image: {{ default .Values.global.image.repository .Values.server.image.repository }}:{{ default .Values.global.image.tag .Values.server.image.tag }}
@ -62,6 +67,13 @@ spec:
- --{{ $key }}
{{- end }}
{{- end }}
{{- if .Values.server.containerSecurityContext }}
securityContext: {{- toYaml .Values.server.containerSecurityContext | nindent 10 }}
{{- end }}
{{- if .Values.server.env }}
env:
{{- toYaml .Values.server.env | nindent 8 }}
{{- end }}
volumeMounts:
{{- if .Values.server.volumeMounts }}
{{- toYaml .Values.server.volumeMounts | nindent 10}}
@ -131,4 +143,4 @@ spec:
- configMap:
name: argocd-tls-certs-cm
name: tls-certs
{{- end }}
{{- end }}

2
charts/argo-cd/templates/argocd-server/ingress.yaml
View file

@ -1,6 +1,6 @@
{{- if .Values.server.ingress.enabled -}}
{{- $serviceName := include "argo-cd.server.fullname" . -}}
{{- $servicePort := .Values.server.name -}}
{{- $servicePort := .Values.server.service.servicePortHttp -}}
{{- $paths := .Values.server.ingress.paths -}}
apiVersion: extensions/v1beta1
kind: Ingress

29
charts/argo-cd/templates/argocd-server/route.yaml Normal file
View file

@ -0,0 +1,29 @@
{{- if .Values.server.route.enabled -}}
apiVersion: route.openshift.io/v1
kind: Route
metadata:
name: {{ template "argo-cd.server.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.server.name }}
{{- with .Values.server.route.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
spec:
host: {{ .Values.server.route.hostname | quote }}
to:
kind: Service
name: {{ template "argo-cd.server.fullname" . }}
weight: 100
port:
targetPort: https
tls:
termination: passthrough
insecureEdgeTerminationPolicy: None
wildcardPolicy: None
{{- end }}

5
charts/argo-cd/templates/argocd-server/servicemonitor.yaml
View file

@ -13,7 +13,9 @@ metadata:
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.server.name }}
{{- if .Values.server.metrics.serviceMonitor.selector }}
{{- toYaml .Values.server.metrics.serviceMonitor.selector | nindent 4 }}
{{- end }}
{{- if .Values.server.metrics.serviceMonitor.additionalLabels }}
{{- toYaml .Values.server.metrics.serviceMonitor.additionalLabels | nindent 4 }}
{{- end }}
@ -30,4 +32,5 @@ spec:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}-metrics
app.kubernetes.io/component: {{ .Values.server.name }}
{{- end }}
{{- end }}

98
charts/argo-cd/templates/crds/application-crd.yaml
View file

@ -1,3 +1,4 @@
{{- if .Values.installCRDs }}
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
@ -416,7 +417,7 @@ spec:
type: object
type: array
revision:
description: Revision is the git revision in which to sync the application
description: Revision is the revision in which to sync the application
to. If omitted, will use the revision specified in app spec.
type: string
source:
@ -424,6 +425,9 @@ spec:
This is typically set in a Rollback operation and nil during a
Sync operation
properties:
chart:
description: Chart is a Helm chart name
type: string
directory:
description: Directory holds path/directory specific options
properties:
@ -492,6 +496,10 @@ spec:
items:
type: string
type: array
values:
description: Values is Helm values, typically defined as
a block
type: string
type: object
ksonnet:
description: Ksonnet holds ksonnet specific options
@ -536,8 +544,7 @@ spec:
type: string
type: object
path:
description: Path is a directory path within the repository
containing a
description: Path is a directory path within the Git repository
type: string
plugin:
description: ConfigManagementPlugin holds config management
@ -561,7 +568,7 @@ spec:
type: string
type: object
repoURL:
description: RepoURL is the git repository URL of the application
description: RepoURL is the repository URL of the application
manifests
type: string
targetRevision:
@ -571,7 +578,6 @@ spec:
type: string
required:
- repoURL
- path
type: object
syncStrategy:
description: SyncStrategy describes how to perform the sync
@ -634,7 +640,6 @@ spec:
namespace:
type: string
required:
- group
- kind
- jsonPointers
type: object
@ -661,6 +666,9 @@ spec:
description: Source is a reference to the location ksonnet application
definition
properties:
chart:
description: Chart is a Helm chart name
type: string
directory:
description: Directory holds path/directory specific options
properties:
@ -729,6 +737,9 @@ spec:
items:
type: string
type: array
values:
description: Values is Helm values, typically defined as a block
type: string
type: object
ksonnet:
description: Ksonnet holds ksonnet specific options
@ -773,8 +784,7 @@ spec:
type: string
type: object
path:
description: Path is a directory path within the repository containing
a
description: Path is a directory path within the Git repository
type: string
plugin:
description: ConfigManagementPlugin holds config management plugin
@ -798,8 +808,7 @@ spec:
type: string
type: object
repoURL:
description: RepoURL is the git repository URL of the application
manifests
description: RepoURL is the repository URL of the application manifests
type: string
targetRevision:
description: TargetRevision defines the commit, tag, or branch in
@ -807,7 +816,6 @@ spec:
type: string
required:
- repoURL
- path
type: object
syncPolicy:
description: SyncPolicy controls when a sync will be performed
@ -867,6 +875,9 @@ spec:
type: string
source:
properties:
chart:
description: Chart is a Helm chart name
type: string
directory:
description: Directory holds path/directory specific options
properties:
@ -936,6 +947,10 @@ spec:
items:
type: string
type: array
values:
description: Values is Helm values, typically defined
as a block
type: string
type: object
ksonnet:
description: Ksonnet holds ksonnet specific options
@ -980,8 +995,7 @@ spec:
type: string
type: object
path:
description: Path is a directory path within the repository
containing a
description: Path is a directory path within the Git repository
type: string
plugin:
description: ConfigManagementPlugin holds config management
@ -1005,7 +1019,7 @@ spec:
type: string
type: object
repoURL:
description: RepoURL is the git repository URL of the application
description: RepoURL is the repository URL of the application
manifests
type: string
targetRevision:
@ -1015,7 +1029,6 @@ spec:
type: string
required:
- repoURL
- path
type: object
required:
- revision
@ -1024,6 +1037,8 @@ spec:
type: object
type: array
observedAt:
description: ObservedAt indicates when the application state was updated
without querying latest git state
format: date-time
type: string
operationState:
@ -1071,15 +1086,18 @@ spec:
type: object
type: array
revision:
description: Revision is the git revision in which to sync
the application to. If omitted, will use the revision
specified in app spec.
description: Revision is the revision in which to sync the
application to. If omitted, will use the revision specified
in app spec.
type: string
source:
description: Source overrides the source definition set
in the application. This is typically set in a Rollback
operation and nil during a Sync operation
properties:
chart:
description: Chart is a Helm chart name
type: string
directory:
description: Directory holds path/directory specific
options
@ -1155,6 +1173,10 @@ spec:
items:
type: string
type: array
values:
description: Values is Helm values, typically defined
as a block
type: string
type: object
ksonnet:
description: Ksonnet holds ksonnet specific options
@ -1200,8 +1222,8 @@ spec:
type: string
type: object
path:
description: Path is a directory path within the repository
containing a
description: Path is a directory path within the Git
repository
type: string
plugin:
description: ConfigManagementPlugin holds config management
@ -1225,8 +1247,8 @@ spec:
type: string
type: object
repoURL:
description: RepoURL is the git repository URL of the
application manifests
description: RepoURL is the repository URL of the application
manifests
type: string
targetRevision:
description: TargetRevision defines the commit, tag,
@ -1235,7 +1257,6 @@ spec:
type: string
required:
- repoURL
- path
type: object
syncStrategy:
description: SyncStrategy describes how to perform the sync
@ -1322,12 +1343,15 @@ spec:
type: object
type: array
revision:
description: Revision holds the git commit SHA of the sync
description: Revision holds the revision of the sync
type: string
source:
description: Source records the application source information
of the sync, used for comparing auto-sync
properties:
chart:
description: Chart is a Helm chart name
type: string
directory:
description: Directory holds path/directory specific options
properties:
@ -1399,6 +1423,10 @@ spec:
items:
type: string
type: array
values:
description: Values is Helm values, typically defined
as a block
type: string
type: object
ksonnet:
description: Ksonnet holds ksonnet specific options
@ -1444,8 +1472,7 @@ spec:
type: string
type: object
path:
description: Path is a directory path within the repository
containing a
description: Path is a directory path within the Git repository
type: string
plugin:
description: ConfigManagementPlugin holds config management
@ -1469,7 +1496,7 @@ spec:
type: string
type: object
repoURL:
description: RepoURL is the git repository URL of the application
description: RepoURL is the repository URL of the application
manifests
type: string
targetRevision:
@ -1479,7 +1506,6 @@ spec:
type: string
required:
- repoURL
- path
type: object
required:
- revision
@ -1490,6 +1516,8 @@ spec:
- startedAt
type: object
reconciledAt:
description: ReconciledAt indicates when the application state was reconciled
using the latest git version
format: date-time
type: string
resources:
@ -1553,6 +1581,9 @@ spec:
type: object
source:
properties:
chart:
description: Chart is a Helm chart name
type: string
directory:
description: Directory holds path/directory specific options
properties:
@ -1624,6 +1655,10 @@ spec:
items:
type: string
type: array
values:
description: Values is Helm values, typically defined
as a block
type: string
type: object
ksonnet:
description: Ksonnet holds ksonnet specific options
@ -1669,8 +1704,7 @@ spec:
type: string
type: object
path:
description: Path is a directory path within the repository
containing a
description: Path is a directory path within the Git repository
type: string
plugin:
description: ConfigManagementPlugin holds config management
@ -1694,7 +1728,7 @@ spec:
type: string
type: object
repoURL:
description: RepoURL is the git repository URL of the application
description: RepoURL is the repository URL of the application
manifests
type: string
targetRevision:
@ -1704,7 +1738,6 @@ spec:
type: string
required:
- repoURL
- path
type: object
required:
- source
@ -1726,3 +1759,4 @@ spec:
- name: v1alpha1
served: true
storage: true
{{- end }}

55
charts/argo-cd/templates/crds/appproject-crd.yaml
View file

@ -1,3 +1,4 @@
{{- if .Values.installCRDs }}
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
@ -434,6 +435,15 @@ spec:
- kind
type: object
type: array
orphanedResources:
description: OrphanedResources specifies if controller should monitor
orphaned resources of apps in this project
properties:
warn:
description: Warn indicates if warning condition should be created
for apps which have orphaned resources
type: boolean
type: object
roles:
description: Roles are user defined RBAC roles associated with this
project
@ -477,11 +487,51 @@ spec:
type: object
type: array
sourceRepos:
description: SourceRepos contains list of git repository URLs which
can be used for deployment
description: SourceRepos contains list of repository URLs which can
be used for deployment
items:
type: string
type: array
syncWindows:
description: SyncWindows controls when syncs can be run for apps in
this project
items:
properties:
applications:
description: Applications contains a list of applications that
the window will apply to
items:
type: string
type: array
clusters:
description: Clusters contains a list of clusters that the window
will apply to
items:
type: string
type: array
duration:
description: Duration is the amount of time the sync window will
be open
type: string
kind:
description: Kind defines if the window allows or blocks syncs
type: string
manualSync:
description: ManualSync enables manual syncs when they would otherwise
be blocked
type: boolean
namespaces:
description: Namespaces contains a list of namespaces that the
window will apply to
items:
type: string
type: array
schedule:
description: Schedule is the time the window will begin, specified
in cron format
type: string
type: object
type: array
type: object
required:
- metadata
@ -491,3 +541,4 @@ spec:
- name: v1alpha1
served: true
storage: true
{{- end }}

20
charts/argo-cd/templates/dex/deployment.yaml Normal file → Executable file
View file

@ -10,6 +10,7 @@ metadata:
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.dex.name }}
app.kubernetes.io/version: {{ .Values.dex.image.tag }}
spec:
selector:
matchLabels:
@ -24,11 +25,17 @@ spec:
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.dex.name }}
app.kubernetes.io/version: {{ .Values.dex.image.tag }}
spec:
initContainers:
- name: copyutil
image: {{ default .Values.global.image.repository .Values.dex.initImage.repository }}:{{ default .Values.global.image.tag .Values.dex.initImage.tag }}
imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.dex.initImage.pullPolicy }}
imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.dex.initImage.imagePullPolicy }}
resources:
{{- toYaml .Values.dex.resources | nindent 10 }}
{{- if .Values.dex.containerSecurityContext }}
securityContext: {{- toYaml .Values.dex.containerSecurityContext | nindent 10 }}
{{- end }}
command:
- cp
- /usr/local/bin/argocd-util
@ -39,10 +46,17 @@ spec:
containers:
- name: {{ .Values.dex.name }}
image: {{ .Values.dex.image.repository }}:{{ .Values.dex.image.tag }}
imagePullPolicy: {{ .Values.dex.image.pullPolicy }}
imagePullPolicy: {{ .Values.dex.image.imagePullPolicy }}
command:
- /shared/argocd-util
- rundex
{{- if .Values.dex.containerSecurityContext }}
securityContext: {{- toYaml .Values.dex.containerSecurityContext | nindent 10 }}
{{- end }}
{{- if .Values.dex.env }}
env:
{{- toYaml .Values.dex.env | nindent 8 }}
{{- end }}
ports:
- name: http
containerPort: {{ .Values.dex.containerPortHttp }}
@ -73,4 +87,4 @@ spec:
volumes:
{{- toYaml .Values.dex.volumes | nindent 8}}
{{- end }}
{{- end }}
{{- end }}

13
charts/argo-cd/templates/redis/deployment.yaml Normal file → Executable file
View file

@ -10,6 +10,7 @@ metadata:
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.redis.name }}
app.kubernetes.io/version: {{ .Values.redis.image.tag }}
spec:
selector:
matchLabels:
@ -23,8 +24,12 @@ spec:
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.redis.name }}
app.kubernetes.io/version: {{ .Values.redis.image.tag }}
spec:
automountServiceAccountToken: false
{{- if .Values.global.securityContext }}
securityContext: {{- toYaml .Values.global.securityContext | nindent 8 }}
{{- end }}
containers:
- name: {{ template "argo-cd.redis.fullname" . }}
args:
@ -34,9 +39,17 @@ spec:
- "no"
image: {{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }}
imagePullPolicy: {{ .Values.redis.image.imagePullPolicy}}
{{- if .Values.redis.containerSecurityContext }}
securityContext: {{- toYaml .Values.redis.containerSecurityContext | nindent 10 }}
{{- end }}
{{- if .Values.redis.env }}
env:
{{- toYaml .Values.redis.env | nindent 8 }}
{{- end }}
ports:
- containerPort: {{ .Values.redis.containerPort }}
{{- if .Values.redis.volumeMounts }}
volumeMounts:
{{- toYaml .Values.redis.volumeMounts | nindent 10 }}
{{- end }}

287
charts/argo-cd/values.yaml Normal file → Executable file
View file

@ -2,21 +2,29 @@
## Ref: https://github.com/argoproj/argo-cd
##
nameOverride: argocd
fullnameOverride: ""
# Optional CRD installation for those without Helm hooks
installCRDs: true
global:
image:
repository: argoproj/argocd
tag: v1.2.4
tag: v1.3.6
imagePullPolicy: IfNotPresent
securityContext: {}
# runAsUser: 999
# runAsGroup: 999
# fsGroup: 999
## Controller
controller:
name: application-controller
image: {}
# repository: argoproj/argocd
# tag: v1.2.1
# imagePullPolicy: IfNotPresent
image:
repository: # argoproj/argocd
tag: # v1.3.6
imagePullPolicy: # IfNotPresent
## Argo controller commandline flags
args:
@ -27,7 +35,12 @@ controller:
logLevel: info
## Additional command line arguments to pass to argocd-controller
extraArgs: []
## key: value
extraArgs: {}
## Environment variables to pass to argocd-controller
##
env: []
## Annotations to be added to controller pods
##
@ -37,6 +50,12 @@ controller:
##
podLabels: {}
## Labels to set container specific security contexts
containerSecurityContext: {}
# capabilities:
# drop:
# - all
## Configures the controller port
containerPort: 8082
@ -72,7 +91,7 @@ controller:
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
##
nodeSelector: {}
tolerations: {}
tolerations: []
affinity: {}
priorityClassName: ""
@ -102,6 +121,37 @@ controller:
# prometheus: kube-prometheus
# namespace: monitoring
# additionalLabels: {}
rules:
enabled: false
spec: []
# - alert: ArgoAppMissing
# expr: |
# absent(argocd_app_info)
# for: 15m
# labels:
# severity: critical
# annotations:
# summary: "[ArgoCD] No reported applications"
# description: >
# ArgoCD has not reported any applications data for the past 15 minutes which
# means that it must be down or not functioning properly. This needs to be
# resolved for this cloud to continue to maintain state.
# - alert: ArgoAppNotSynced
# expr: |
# argocd_app_sync_status{sync_status!="Synced"} == 1
# for: 12h
# labels:
# severity: warning
# annotations:
# summary: "[{{`{{$labels.name}}`}}] Application not synchronized"
# description: >
# The application [{{`{{$labels.name}}`}} has not been synchronized for over
# 12 hours which means that the state of this cloud has drifted away from the
# state inside Git.
# selector:
# prometheus: kube-prometheus
# namespace: monitoring
# additionalLabels: {}
## Enable Admin ClusterRole resources.
## Enable if you would like to grant rights to ArgoCD to deploy to the local kuberentes cluster.
@ -117,7 +167,14 @@ dex:
repository: quay.io/dexidp/dex
tag: v2.14.0
imagePullPolicy: IfNotPresent
initImage: {}
initImage:
repository:
tag:
imagePullPolicy:
## Environment variables to pass to the Dex server
##
env: []
serviceAccount:
create: true
@ -143,11 +200,18 @@ dex:
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
##
nodeSelector: {}
tolerations: {}
tolerations: []
affinity: {}
priorityClassName: ""
## Labels to set container specific security contexts
containerSecurityContext: {}
# capabilities:
# drop:
# - all
resources: {}
# limits:
# cpu: 50m
@ -158,7 +222,7 @@ dex:
## Redis
redis:
enabled: false
enabled: true
name: redis
image:
@ -169,15 +233,26 @@ redis:
containerPort: 6379
servicePort: 6379
## Environment variables to pass to the Redis server
##
env: []
## Node selectors and tolerations for server scheduling to nodes with taints
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
##
nodeSelector: {}
tolerations: {}
tolerations: []
affinity: {}
priorityClassName: ""
## Labels to set container specific security contexts
containerSecurityContext: {}
# capabilities:
# drop:
# - all
resources: {}
# limits:
# cpu: 200m
@ -186,19 +261,26 @@ redis:
# cpu: 100m
# memory: 64Mi
volumeMounts: []
volumes: []
## Server
server:
name: server
image: {}
# repository: argoproj/argocd
# tag: v1.2.1
# imagePullPolicy: IfNotPresent
image:
repository: # argoproj/argocd
tag: # v1.3.6
imagePullPolicy: # IfNotPresent
## Additional command line arguments to pass to argocd-server
# extraArgs: []
# - insecure
extraArgs: []
## key: value
extraArgs: {}
# insecure: true
## Environment variables to pass to argocd-server
##
env: []
## Argo server log level
logLevel: info
@ -240,11 +322,17 @@ server:
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
##
nodeSelector: {}
tolerations: {}
tolerations: []
affinity: {}
priorityClassName: ""
## Labels to set container specific security contexts
containerSecurityContext: {}
# capabilities:
# drop:
# - all
resources: {}
# limits:
# cpu: 100m
@ -295,15 +383,25 @@ server:
## Hostnames must be provided if Ingress is enabled.
## Secrets must be manually created in the namespace
##
hosts: []
hosts:
[]
# - argocd.example.com
paths:
- /
tls: []
- /
tls:
[]
# - secretName: argocd-example-tls
# hosts:
# - argocd.example.com
# Create a OpenShift Route with SSL passthrough for UI and CLI
# Consider setting 'hostname' e.g. https://argocd.apps-crc.testing/ using your Default Ingress Controller Domain
# Find your domain with: kubectl describe --namespace=openshift-ingress-operator ingresscontroller/default | grep Domain:
# If 'hostname' is an empty string "" OpenShift will create a hostname for you.
route:
enabled: false
hostname: ""
## ArgoCD config
## reference https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cm.yaml
config:
@ -311,10 +409,34 @@ server:
url: https://argocd.example.com
# Argo CD instance label key
application.instanceLabelKey: argocd.argoproj.io/instance
# repositories: |
# - url: git@github.com:group/repo.git
# sshPrivateKeySecret:
# name: secret-name
# key: sshPrivateKey
# - type: helm
# url: https://kubernetes-charts.storage.googleapis.com
# name: stable
# - type: helm
# url: https://argoproj.github.io/argo-helm
# name: argo
# oidc.config: |
# name: AzureAD
# issuer: https://login.microsoftonline.com/TENANT_ID/v2.0
# clientID: CLIENT_ID
# clientSecret: $oidc.azuread.clientSecret
# requestedIDTokenClaims:
# groups:
# essential: true
# requestedScopes:
# - openid
# - profile
# - email
## ArgoCD rbac config
## reference https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md
rbacConfig: {}
rbacConfig:
{}
# policy.csv is an file containing user-defined RBAC policies and role definitions (optional).
# Policy rules are in the form:
# p, subject, resource, action, object, effect
@ -330,7 +452,6 @@ server:
# authorizing API requests (optional). If omitted or empty, users may be still be able to login,
# but will see no apps, projects, etc...
# policy.default: role:readonly
# scopes controls which OIDC scopes to examine during rbac enforcement (in addition to `sub` scope).
# If omitted, defaults to: '[groups]'. The scope value can be a string, or a list of strings.
# scopes: '[cognito:groups, email]'
@ -388,14 +509,18 @@ server:
repoServer:
name: repo-server
image: {}
# repository: argoproj/argocd
# tag: v1.2.1
# imagePullPolicy: IfNotPresent
image:
repository: # argoproj/argocd
tag: # v1.3.6
imagePullPolicy: # IfNotPresent
## Additional command line arguments to pass to argocd-repo-server
## key: value
extraArgs: {}
## Environment variables to pass to argocd-repo-server
##
extraArgs: []
env: []
## Argo repoServer log level
logLevel: info
@ -437,11 +562,17 @@ repoServer:
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
##
nodeSelector: {}
tolerations: {}
tolerations: []
affinity: {}
priorityClassName: ""
## Labels to set container specific security contexts
containerSecurityContext: {}
# capabilities:
# drop:
# - all
resources: {}
# limits:
# cpu: 50m
@ -470,6 +601,47 @@ repoServer:
# namespace: monitoring
# additionalLabels: {}
## Repo server service account
## If create is set to true, make sure to uncomment the name and update the rbac section below
serviceAccount:
create: false
# name: argocd-repo-server
## Annotations applied to created service account
annotations: {}
## Repo server rbac rules
# rbac:
# - apiGroups:
# - argoproj.io
# resources:
# - applications
# verbs:
# - get
# - list
# - watch
## Use init containers to configure custom tooling
## https://argoproj.github.io/argo-cd/operator-manual/custom_tools/
## When using the volumes & volumeMounts section bellow, please comment out those above.
# volumes:
# - name: custom-tools
# emptyDir: {}
#
# initContainers:
# - name: download-tools
# image: alpine:3.8
# command: [sh, -c]
# args:
# - wget -qO- https://get.helm.sh/helm-v2.16.1-linux-amd64.tar.gz | tar -xvzf - &&
# mv linux-amd64/helm /custom-tools/
# volumeMounts:
# - mountPath: /custom-tools
# name: custom-tools
# volumeMounts:
# - mountPath: /usr/local/bin/helm
# name: custom-tools
# subPath: helm
## Argo Configs
configs:
knownHosts:
@ -482,7 +654,8 @@ configs:
gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9
ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H
vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H
tlsCerts: {}
tlsCerts:
{}
# data:
# argocd.example.com: |
# -----BEGIN CERTIFICATE-----
@ -519,13 +692,53 @@ configs:
# +LB9LGh4OAp68ImTjqf6ioGKG0RBSznwME+r4nXtT1S/qLR6ASWUS4ViWRhbRlNK
# XWyb96wrUlv+E8I=
# -----END CERTIFICATE-----
# Creates a secret with optional repository credentials
repositoryCredentials:
{}
# sample-ssh-key: |
# -----BEGIN RSA PRIVATE KEY-----
# MIICXAIBAAKBgQCcmiVJXGUvL8zqWmRRETbCKgFadtjJ9WDQpSwiZzMiktpYBo0N
# z0cThzGQfWqvdiJYEy72MrKCaSYssV3eHP5zTffk4VBDktNfdl1kgkOpqnh7tQO4
# nBONRLzcK6KEbKUsmiTbW8Jb4UFYDhyyyveby7y3vYePmaRQIrlEenVfKwIDAQAB
# AoGAbbg+WZjnt9jYzHWKhZX29LDzg8ty9oT6URT4yB3gIOAdJMFqQHuyg8cb/e0x
# O0AcrfK623oHwgEj4vpeFwnfaBdtM5GfH9zaj6pnXV7VZc3oBHrBnHUgFT3NEYUe
# tt6rtatIguBH61Aj/pyij9sOfF0xDj0s1nwFTbdHtZR/31kCQQDIwcVTqhKkDNW6
# cvdz+Wt3v9x1wNg+VhZhyA/pKILz3+qtn3GogLrQqhpVi+Y7tdvEv9FvgKaCjUp8
# 6Lfp6dDFAkEAx7HpQbXFdrtcveOi9kosKRDX1PT4zdhB08jAXGlV8jr0jkrZazVM
# hV5rVCuu35Vh6x1fiyGwwiVsqhgWE+KPLwJAWrDemasM/LsnmjDxhJy6ZcBwsWlK
# xu5Q8h9UwLmiXtVayNBsofh1bGpLtzWZ7oN7ImidDkgJ8JQvgDoJS0xrGQJBALPJ
# FkMFnrjtqGqBVkc8shNqyZY90v6oM2OzupO4dht2PpUZCDPAMZtlTWXjSjabbCPc
# NxexBk1UmkdtFftjHxsCQGjG+nhRYH92MsmrbvZyFzgxg9SIOu6xel7D3Dq9l5Le
# XG+bpHPF4SiCpAxthP5WNa17zuvk+CDsMZgZNuhYNMo=
# -----END RSA PRIVATE KEY-----
secret:
createSecret: true
# Webhook Configs
githubSecret: ""
gitlabSecret: ""
bitbucketSecret: ""
# argocdServerTlsConfig:
# key:
# cert:
# argocdServerAdminPassword:
bitbucketServerSecret: ""
bitbucketUUÌD: ""
gogsSecret: ""
# Custom secrets. Useful for injecting SSO secrets into environment variables.
# Ref: https://argoproj.github.io/argo-cd/operator-manual/sso/
# Note that all values must be non-empty.
extra: {}
# LDAP_PASSWORD: "mypassword"
# Argo TLS Data.
argocdServerTlsConfig:
{}
# key:
# crt: |
# -----BEGIN CERTIFICATE-----
# <cert data>
# -----END CERTIFICATE-----
# -----BEGIN CERTIFICATE-----
# <ca cert data>
# -----END CERTIFICATE-----
# Argo expects the password in the secret to be bcrypt hashed. You can create this hash with
# `htpasswd -nbBC 10 "" $ARGO_PWD | tr -d ':\n' | sed 's/$2y/$2a/'`
# argocdServerAdminPassword:

4
charts/argo-ci/Chart.yaml
View file

@ -1,8 +1,8 @@
apiVersion: v1
description: A Helm chart for Argo-CI
name: argo-ci
version: 0.1.5
icon: https://raw.githubusercontent.com/argoproj/argo/master/argo.png
version: 0.1.6
icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
appVersion: v1.0.0-alpha2
home: https://github.com/argoproj/argo-helm
maintainers:

6
charts/argo-events/Chart.yaml
View file

@ -1,7 +1,7 @@
apiVersion: v1
description: A Helm chart to install Argo-Events in k8s Cluster
name: argo-events
version: 0.5.2
version: 0.6.1
keywords:
- argo-events
- sensor-controller
@ -11,6 +11,6 @@ sources:
maintainers:
- name: VaibhavPage
- name: magaldima
appVersion: 0.10
icon: https://raw.githubusercontent.com/argoproj/argo/master/argo.png
appVersion: 0.11
icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
home: https://github.com/argoproj/argo-helm

7
charts/argo-events/README.md
View file

@ -14,3 +14,10 @@ This is a **community maintained** chart. It installs the [argo-events](https://
## Notes on CRD Installation
Some users would prefer to install the CRDs _outside_ of the chart. You can disable the CRD installation of this chart by using `--set installCRD=false` when installing the chart.
You can install the CRDs manually like so:
```
kubectl apply -f https://github.com/argoproj/argo-events/raw/v0.11/hack/k8s/manifests/sensor-crd.yaml
kubectl apply -f https://github.com/argoproj/argo-events/raw/v0.11/hack/k8s/manifests/gateway-crd.yaml
```

6
charts/argo-events/ci/test-values.yaml Normal file
View file

@ -0,0 +1,6 @@
serviceAccount: argo-events-sa-test
additionalSaNamespaces:
- nsone
- nstwo
instanceID: test-argo-events
singleNamespace: false

5
charts/argo-events/templates/argo-events-cluster-roles.yaml
View file

@ -11,9 +11,10 @@ subjects:
name: {{ .Values.serviceAccount }}
namespace: {{ .Release.Namespace }}
{{- if .Values.additionalSaNamespaces }}
{{ $sa := .Values.serviceAccount }}
{{- range $namespace := .Values.additionalSaNamespaces }}
- kind: ServiceAccount
name: {{ .Values.serviceAccount }}
name: {{ $sa }}
namespace: {{ $namespace }}
{{- end }}
{{- end }}
@ -51,6 +52,8 @@ rules:
resources:
- workflows
- workflows/finalizers
- workflowtemplates
- workflowtemplates/finalizers
- gateways
- gateways/finalizers
- sensors

7
charts/argo-events/templates/argo-events-sa.yaml
View file

@ -1,4 +1,4 @@
# All argo-events services are bound to the "argo-events" service account.
# All argo-events services are bound to the "argo-events" service account.
# In RBAC enabled setups, this SA is bound to specific roles.
apiVersion: v1
kind: ServiceAccount
@ -6,12 +6,13 @@ metadata:
name: {{ .Values.serviceAccount }}
namespace: {{ .Release.Namespace }}
{{- if .Values.additionalSaNamespaces }}
{{ $sa := .Values.serviceAccount }}
{{- range $namespace := .Values.additionalSaNamespaces }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Values.serviceAccount }}
name: {{ $sa }}
namespace: {{ $namespace }}
{{- end }}
{{- end }}
{{- end }}

4
charts/argo-events/values.yaml
View file

@ -26,11 +26,11 @@ singleNamespace: true
sensorController:
name: sensor-controller
image: sensor-controller
tag: v0.10
tag: v0.11
replicaCount: 1
gatewayController:
name: gateway-controller
image: gateway-controller
tag: v0.10
tag: v0.11
replicaCount: 1

6
charts/argo/Chart.yaml
View file

@ -1,9 +1,9 @@
apiVersion: v1
appVersion: "v2.4.2"
appVersion: "v2.4.3"
description: A Helm chart for Argo Workflows
name: argo
version: 0.6.3
icon: https://raw.githubusercontent.com/argoproj/argo/master/argo.png
version: 0.6.5
icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
home: https://github.com/argoproj/argo-helm
maintainers:
- name: alexec

2
charts/argo/values.yaml
View file

@ -4,7 +4,7 @@ images:
ui: argoui
executor: argoexec
pullPolicy: Always
tag: v2.4.2
tag: v2.4.3
crdVersion: v1alpha1
installCRD: true