Update Argo Events chart (#35)

charts/argo-events/Chart.yaml

@@ -1,15 +1,14 @@
 apiVersion: v1
 description: A Helm chart to install Argo-Events in k8s Cluster
 name: argo-events
-version: 0.2.0
+version: 0.3.0
 keywords:
 - argo-events
 - sensor-controller
+- gateway-controller
 sources:
 - https://github.com/argoproj/argo-events
 maintainers:
-- name: Matt Magaldi
-  email: mmagaldi@blackrock.com
 - name: Vaibhav Page
-  email: vpage@blackrock.com
+- name: Matt Magaldi
-appVersion: 0.1.0
+appVersion: 0.7.0

charts/argo-events/README.md

@@ -1,13 +1,11 @@
 # Argo-Events Helm Chart
 This helm chart installs the [argo-events](https://github.com/argoproj/argo-events) application. This application comes packaged with:
 - Sensor Custom Resource Definition
+- Gateway Custom Resource Definition
 - Sensor Controller Deployment
 - Sensor Controller ConfigMap
-- Sensor Controller Service Account
+- Gateway Controller Deployment
-- Sensor Controller Cluster Roles
+- Gateway Controller ConfigMap
-- Sensor Controller Cluster Role Bindings
+- Service Account
-
+- Cluster Roles
-
+- Cluster Role Bindings
-Note: the associated `argo-events` cluster role and cluster role bindings can be found in the [roles](https://blade-git.blackrock.com/cloud-native/roles) repository. The purpose that these aren't included in this Helm chart is that we do not have the required permissions to create these resources in the Kubernetes clusters. Reach out to `+Group Kubernetes Support` for help in setting up these roles.
-
-## Chart Values

charts/argo-events/templates/_helpers.tpl

@@ -14,24 +14,3 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
 {{- $name := default .Chart.Name .Values.nameOverride -}}
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
-
-{{- define "sensor-crd-json" }}
-{
-  "apiVersion": "apiextensions.k8s.io/v1beta1",
-  "kind": "CustomResourceDefinition",
-  "metadata": {
-    "name": "sensors.argoproj.io"
-  },
-  "spec": {
-    "group": "argoproj.io",
-    "names": {
-      "kind": "Sensor",
-      "listKind": "SensorList",
-      "plural": "sensors",
-      "singular": "sensor"
-    },
-    "scope": "Namespaced",
-    "version": "v1alpha1"
-  }
-}
-{{- end}}

charts/argo-events/templates/_sensor-crd.tpl

@@ -1,20 +0,0 @@
-{{- define "sensor-crd-json" }}
-{
-  "apiVersion": "apiextensions.k8s.io/{{ .Values.crd.version }}",
-  "kind": "CustomResourceDefinition",
-  "metadata": {
-    "name": "sensors.argoproj.io"
-  },
-  "spec": {
-    "group": "argoproj.io",
-    "names": {
-      "kind": "Sensor",
-      "listKind": "SensorList",
-      "plural": "sensors",
-      "singular": "sensor"
-    },
-    "scope": "Namespaced",
-    "version": "v1alpha1"
-  }
-}
-{{- end}}

charts/argo-events/templates/apply-sensor-crd-job.yaml

@@ -1,19 +0,0 @@
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: {{ .Release.Name }}-apply-sensor-crd
-  annotations:
-    helm.sh/hook: pre-install
-    helm.sh/hook-delete-policy: hook-succeeded
-spec:
-  backoffLimit: 5
-  activeDeadlineSeconds: 100
-  template:
-    spec:
-      serviceAccountName: {{ .Values.crd.jobServiceAccount }}
-      containers:
-      - name: kubectl-apply
-        image: lachlanevenson/k8s-kubectl
-        command: ["/bin/sh"]
-        args: ["-c", 'echo ''{{- include "sensor-crd-json" .}}'' | kubectl apply -f -']
-      restartPolicy: Never

charts/argo-events/templates/argo-events-cluster-roles.yaml

@@ -0,0 +1,94 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: argo-events-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: argo-events-role
+subjects:
+  - kind: ServiceAccount
+    name: argo-events-sa
+    namespace: argo-events
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: argo-events-role
+rules:
+  - apiGroups:
+      - apiextensions.k8s.io
+      - apiextensions.k8s.io/v1beta1
+    verbs:
+      - create
+      - delete
+      - deletecollection
+      - get
+      - list
+      - patch
+      - update
+      - watch
+    resources:
+      - customresourcedefinitions
+  - apiGroups:
+      - argoproj.io
+    verbs:
+      - create
+      - delete
+      - deletecollection
+      - get
+      - list
+      - patch
+      - update
+      - watch
+    resources:
+      - workflows
+      - workflows/finalizers
+      - gateways
+      - gateways/finalizers
+      - sensors
+      - sensors/finalizers
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+      - pods/exec
+      - configmaps
+      - secrets
+      - services
+      - events
+      - persistentvolumeclaims
+    verbs:
+      - create
+      - get
+      - list
+      - watch
+      - update
+      - patch
+      - delete
+  - apiGroups:
+      - "batch"
+    resources:
+      - jobs
+    verbs:
+      - create
+      - get
+      - list
+      - watch
+      - update
+      - patch
+      - delete
+  - apiGroups:
+      - "apps/v1"
+      - "apps/v1beta2"
+      - "apps/v1beta1"
+    resources:
+      - deployments
+    verbs:
+      - create
+      - get
+      - list
+      - watch
+      - update
+      - patch
+      - delete

charts/argo-events/templates/argo-events-sa.yaml

@@ -0,0 +1,7 @@
+# All argo-events services are bound to the "argo-events" service account. 
+# In RBAC enabled setups, this SA is bound to specific roles.
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: argo-events-sa
+  namespace: argo-events

charts/argo-events/templates/gateway-controller-configmap.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Release.Name }}-{{ .Values.gatewayController.name }}-configmap
+  labels:
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+data:
+  config: |
+    instanceID: {{ .Values.instanceID }}
+    namespace: {{ .Values.namespace }}

charts/argo-events/templates/gateway-controller-deployment.yaml

@@ -0,0 +1,33 @@
+apiVersion: apps/v1beta1
+kind: Deployment
+metadata:
+  name: {{ .Release.Name }}-{{ .Values.gatewayController.name }}
+  labels:
+    app: {{ .Release.Name }}-{{ .Values.gatewayController.name }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  replicas: {{ .Values.gatewayController.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ .Release.Name }}-{{ .Values.gatewayController.name }}
+      release: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app: {{ .Release.Name }}-{{ .Values.gatewayController.name }}
+        release: {{ .Release.Name }}
+    spec:
+      serviceAccountName: {{ .Values.serviceAccount }}
+      containers:
+        - name: {{ .Values.gatewayController.name }}
+          image: "{{ .Values.registry }}/{{ .Values.gatewayController.image }}:{{ .Values.gatewayController.tag }}"
+          imagePullPolicy: {{ .Values.imagePullPolicy }}
+          env:
+            - name: GATEWAY_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: GATEWAY_CONTROLLER_CONFIG_MAP
+              value: {{ .Release.Name }}-{{ .Values.gatewayController.name }}-configmap

charts/argo-events/templates/gateway-crd.yaml

@@ -0,0 +1,14 @@
+# Define a "gateway" custom resource definition
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: gateways.argoproj.io
+spec:
+  group: argoproj.io
+  names:
+    kind: Gateway
+    listKind: GatewayList
+    plural: gateways
+    singular: gateway
+  scope: Namespaced
+  version: v1alpha1

charts/argo-events/templates/sensor-controller-clusterrole.yaml

@@ -1,15 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ .Release.name }}-{{ .Values.controller.name}}-cluster-role
-rules:
-- apiGroups: ["argoproj.io"]
-  resources: ["sensors"]
-  verbs: ["get", "list", "watch", "update", "patch"]
-# The following rules define what the triggers can do
-- apiGroups: ["argoproj.io"]
-  resources: ["workflows"]
-  verbs: ["create", "delete"]
-- apiGroups: [""]
-  resources: ["configmaps", "secrets", "pods"]
-  verbs: ["get", "watch", "list", "patch"]

charts/argo-events/templates/sensor-controller-configmap.yaml

@@ -1,16 +1,12 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: {{ .Release.Name }}-{{ .Values.controller.name }}-configmap
+  name: {{ .Release.Name }}-{{ .Values.sensorController.name }}-configmap
   labels:
     chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
 data:
   config: |
-    namespace: {{ .Release.Namespace }}
-    {{- if .Values.useReleaseAsInstanceID }}
-    instanceID: {{ .Release.Name }}
-    {{- else }}
     instanceID: {{ .Values.instanceID }}
-    {{- end }}
+    namespace: {{ .Values.namespace }}

charts/argo-events/templates/sensor-controller-crb.yaml

@@ -1,12 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ .Release.name }}-{{ .Values.controller.name}}-binding
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ .Release.name }}-{{ .Values.controller.name}}-cluster-role
-subjects:
-- kind: ServiceAccount
-  name: {{ .Values.controller.serviceAccount }}
-  namespace: {{ .Release.Namespace }}

charts/argo-events/templates/sensor-controller-deployment.yaml

@@ -1,28 +1,28 @@
 apiVersion: apps/v1beta1
 kind: Deployment
 metadata:
-  name: {{ .Release.Name }}-{{ .Values.controller.name }}
+  name: {{ .Release.Name }}-{{ .Values.sensorController.name }}
   labels:
-    app: {{ .Release.Name }}-{{ .Values.controller.name }}
+    app: {{ .Release.Name }}-{{ .Values.sensorController.name }}
     chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
 spec:
-  replicas: {{ .Values.controller.replicaCount }}
+  replicas: {{ .Values.sensorController.replicaCount }}
   selector:
     matchLabels:
-      app: {{ .Release.Name }}-{{ .Values.controller.name }}
+      app: {{ .Release.Name }}-{{ .Values.sensorController.name }}
       release: {{ .Release.Name }}
   template:
     metadata:
       labels:
-        app: {{ .Release.Name }}-{{ .Values.controller.name }}
+        app: {{ .Release.Name }}-{{ .Values.sensorController.name }}
         release: {{ .Release.Name }}
     spec:
-      serviceAccountName: {{ .Values.controller.serviceAccount }}
+      serviceAccountName: {{ .Values.serviceAccount }}
       containers:
-        - name: {{ .Values.controller.name }}
+        - name: {{ .Values.sensorController.name }}
-          image: "{{ .Values.registry }}/{{ .Values.controller.image }}:{{ .Values.controller.tag }}"
+          image: "{{ .Values.registry }}/{{ .Values.sensorController.image }}:{{ .Values.sensorController.tag }}"
           imagePullPolicy: {{ .Values.imagePullPolicy }}
           env:
             - name: SENSOR_NAMESPACE
@@ -30,4 +30,4 @@ spec:
                 fieldRef:
                   fieldPath: metadata.namespace
             - name: SENSOR_CONFIG_MAP
-              value: {{ .Release.Name }}-{{ .Values.controller.name }}-configmap
+              value: {{ .Release.Name }}-{{ .Values.sensorController.name }}-configmap

charts/argo-events/templates/sensor-controller-sa.yaml

@@ -1,4 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ .Values.controller.serviceAccount }}

charts/argo-events/templates/sensor-crd.yaml

@@ -0,0 +1,14 @@
+# Define a "sensor" custom resource definition
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: sensors.argoproj.io
+spec:
+  group: argoproj.io
+  names:
+    kind: Sensor
+    listKind: SensorList
+    plural: sensors
+    singular: sensor
+  scope: Namespaced
+  version: v1alpha1

charts/argo-events/templates/signals-clusterrole.yaml

@@ -1,11 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ .Release.name }}-signals-cluster-role
-rules:
-- apiGroups: [""]
-  resources: ["pods"]
-  verbs: ["watch", "list", "patch"]
-- apiGroups: {{ .Values.signals.listenRoles.apiGroups }}
-  resources: {{ .Values.signals.listenRoles.resources }}
-  verbs: ["get", "list", "watch"]

charts/argo-events/templates/signals-crb.yaml

@@ -1,12 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ .Release.name }}-signals-binding
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ .Release.name }}-signals-cluster-role
-subjects:
-- kind: ServiceAccount
-  name: {{ .Values.signals.serviceAccount }}
-  namespace: {{ .Release.Namespace }}

charts/argo-events/templates/signals-sa.yaml

@@ -1,4 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ .Values.signals.serviceAccount }}

charts/argo-events/values.yaml

@@ -1,27 +1,25 @@
+# docker registry
 registry: argoproj
+
+# The image pull policy
 imagePullPolicy: Always
 
-# Version of the Sensor CRD
+# ServiceAccount to use for running controller.
-crd:
+serviceAccount: argo-events-sa
-  version: v1beta1
-  jobServiceAccount: default
 
-# If set to true then chart set controller instance id to release name
+instanceID: argo-events
-useReleaseAsInstanceID: true
-instanceID: 1
 
-# controller
+namespace: argo-events
-controller:
+
+# sensor controller
+sensorController:
   name: sensor-controller
   image: sensor-controller
   tag: latest
   replicaCount: 1
-  serviceAccount: argo-events
 
-# signal microservices
+gatewayController:
-signals:
+  name: gateway-controller
-  serviceAccount: argo-signals
+  image: gateway-controller
-  # this controls what the resource signal pod can listen to
+  tag: latest
-  listenRoles:
+  replicaCount: 1
-    apiGroups: ["argoproj.io", ""]
-    resources: ["sensors", "workflows", "pods"]