diff --git a/charts/argo/README.md b/charts/argo/README.md new file mode 100644 index 00000000..8bd449b6 --- /dev/null +++ b/charts/argo/README.md @@ -0,0 +1,17 @@ +## Argo Chart +This chart is used to set up argo and it's needed dependencies through one command. This is used in conjunction with [helm](https://github.com/kubernetes/helm). + +If you want your deployment of this helm chart to most closely match the [argo CLI](https://github.com/argoproj/argo), you should deploy it in the `kube-system` namespace. + +## Values + +The `values.yaml` contains items used to tweak a deployment of this chart. +Fields to note: +* `controller.useReleaseAsInstanceID`: If set to true then chart set controller instance id to release name + - __Note:__ If this is set to false then `controller.instanceId` must be set +* `controller.workflowNamespaces`: This is a list of namespaces where workflows will be ran +* `ui.enableWebConsole`: Enables ability to SSH into pod using web UI +* `minio.install`: If this is true, we'll install [minio](https://github.com/kubernetes/charts/tree/master/stable/minio) and build out the artifactRepository section in workflow controller config map. +* `artifactRepository.s3.accessKeySecret` and `artifactRepository.s3.secretKeySecret` These by default have the minio default credentials in them. + + diff --git a/charts/argo/charts/minio-0.4.3.tgz b/charts/argo/charts/minio-0.4.3.tgz deleted file mode 100644 index 8ce44610..00000000 Binary files a/charts/argo/charts/minio-0.4.3.tgz and /dev/null differ diff --git a/charts/argo/charts/minio-1.3.3.tgz b/charts/argo/charts/minio-1.3.3.tgz new file mode 100644 index 00000000..97803de8 Binary files /dev/null and b/charts/argo/charts/minio-1.3.3.tgz differ diff --git a/charts/argo/requirements.lock b/charts/argo/requirements.lock index ef788117..c0b8525b 100644 --- a/charts/argo/requirements.lock +++ b/charts/argo/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: minio repository: https://kubernetes-charts.storage.googleapis.com/ - version: 0.4.3 -digest: sha256:2282e3be8457161f7fb79fe1a6a871a972146574b365e69b18d9c46e16d6c47d -generated: 2018-01-03T12:09:41.060101-08:00 + version: 1.3.3 +digest: sha256:d53e797d51304b850951bf6ecb57ad60d34cbccfa39a7d7bd0adf65435bbee78 +generated: 2018-06-01T10:03:04.087865-04:00 diff --git a/charts/argo/requirements.yaml b/charts/argo/requirements.yaml index fd789f07..452a3e76 100644 --- a/charts/argo/requirements.yaml +++ b/charts/argo/requirements.yaml @@ -1,5 +1,5 @@ dependencies: - name: minio - version: 0.4.3 + version: 1.3.3 repository: https://kubernetes-charts.storage.googleapis.com/ - condition: installMinio + condition: minio.install diff --git a/charts/argo/templates/NOTES.txt b/charts/argo/templates/NOTES.txt index d86b4b2d..4fc67e30 100644 --- a/charts/argo/templates/NOTES.txt +++ b/charts/argo/templates/NOTES.txt @@ -9,9 +9,9 @@ echo '{"apiVersion": "apiextensions.k8s.io/v1beta1","kind": "CustomResourceDefin kubectl get services -o wide | grep {{ .Release.Name }}-{{ .Values.uiName }} -{{ if .Values.installMinio }} +{{ if .Values.minio.install }} -3. Access Minio UI and create bucket '{{ .Values.minioBucketName }}'. Minio UI is available on port 9000 and available via external URL. URL might be retrieved using following +3. Access Minio UI and create bucket '{{ .Values.minio.defaultBucket.name }}'. Minio UI is available on port 9000 and available via external URL. URL might be retrieved using following command: kubectl get services -o wide | grep {{ .Release.Name }}-minio-svc diff --git a/charts/argo/templates/_helpers.tpl b/charts/argo/templates/_helpers.tpl index f0d83d2e..2e375b59 100644 --- a/charts/argo/templates/_helpers.tpl +++ b/charts/argo/templates/_helpers.tpl @@ -14,3 +14,23 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this {{- $name := default .Chart.Name .Values.nameOverride -}} {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} {{- end -}} + +{{- define "workflow-crd-json" }} +{ + "apiVersion": "apiextensions.k8s.io/v1beta1", + "kind": "CustomResourceDefinition", + "metadata": { + "name": "workflows.argoproj.io" + }, + "spec": { + "group": "argoproj.io", + "names": { + "kind": "Workflow", + "plural": "workflows", + "shortNames": ["wf"] + }, + "scope": "Namespaced", + "version": "v1alpha1" + } +} +{{- end}} diff --git a/charts/argo/templates/_workflow-crd.json b/charts/argo/templates/_workflow-crd.tpl similarity index 97% rename from charts/argo/templates/_workflow-crd.json rename to charts/argo/templates/_workflow-crd.tpl index ef26b415..29bc2b27 100644 --- a/charts/argo/templates/_workflow-crd.json +++ b/charts/argo/templates/_workflow-crd.tpl @@ -16,4 +16,4 @@ "version": "v1alpha1" } } -{{- end}} \ No newline at end of file +{{- end}} diff --git a/charts/argo/templates/ui-cluster-role.yaml b/charts/argo/templates/ui-cluster-role.yaml new file mode 100644 index 00000000..b66f29b8 --- /dev/null +++ b/charts/argo/templates/ui-cluster-role.yaml @@ -0,0 +1,29 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ .Release.name }}-{{ .Values.ui.name}}-cluster-role +rules: +- apiGroups: + - "" + resources: + - pods + - pods/exec + - pods/log + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch diff --git a/charts/argo/templates/ui-crb.yaml b/charts/argo/templates/ui-crb.yaml new file mode 100644 index 00000000..bb7ccd62 --- /dev/null +++ b/charts/argo/templates/ui-crb.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .Release.name }}-{{ .Values.ui.name}}-crb +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Release.name }}-{{ .Values.ui.name}}-cluster-role +subjects: +- kind: ServiceAccount + name: {{ .Values.ui.serviceAccount }} + namespace: {{ .Release.Name }} diff --git a/charts/argo/templates/ui-deployment.yaml b/charts/argo/templates/ui-deployment.yaml index bf237b6b..661ce610 100644 --- a/charts/argo/templates/ui-deployment.yaml +++ b/charts/argo/templates/ui-deployment.yaml @@ -1,21 +1,22 @@ apiVersion: extensions/v1beta1 kind: Deployment metadata: - name: {{ .Release.Name }}-{{ .Values.uiName}} + name: {{ .Release.Name }}-{{ .Values.ui.name}} labels: chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} + namspace: {{ .Release.Namespace }} spec: template: metadata: labels: - app: {{ .Release.Name }}-{{ .Values.uiName}} + app: {{ .Release.Name }}-{{ .Values.ui.name}} release: {{ .Release.Name }} spec: containers: - name: ui - image: "{{ .Values.imagesNamespace }}/{{ .Values.uiImage }}:{{ .Values.imagesTag }}" + image: "{{ .Values.images.namespace }}/{{ .Values.images.ui }}:{{ .Values.images.tag }}" env: - name: IN_CLUSTER value: "true" diff --git a/charts/argo/templates/ui-sa.yaml b/charts/argo/templates/ui-sa.yaml new file mode 100644 index 00000000..bba4b093 --- /dev/null +++ b/charts/argo/templates/ui-sa.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.ui.serviceAccount }} + namspace: {{ .Release.Namespace }} diff --git a/charts/argo/templates/ui-service.yaml b/charts/argo/templates/ui-service.yaml index 96e2c38f..83d0b25e 100644 --- a/charts/argo/templates/ui-service.yaml +++ b/charts/argo/templates/ui-service.yaml @@ -1,17 +1,18 @@ apiVersion: v1 kind: Service metadata: - name: {{ .Release.Name }}-{{ .Values.uiName}} + name: {{ .Release.Name }}-{{ .Values.ui.name}} labels: chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} + namspace: {{ .Release.Namespace }} spec: ports: - port: 80 protocol: TCP targetPort: 8001 selector: - app: {{ .Release.Name }}-{{ .Values.uiName}} + app: {{ .Release.Name }}-{{ .Values.ui.name }} sessionAffinity: None - type: {{ .Values.uiServiceType }} + type: {{ .Values.ui.serviceType }} diff --git a/charts/argo/templates/workflow-controller-clusterrole.yaml b/charts/argo/templates/workflow-controller-clusterrole.yaml new file mode 100644 index 00000000..7e6368ff --- /dev/null +++ b/charts/argo/templates/workflow-controller-clusterrole.yaml @@ -0,0 +1,42 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ .Release.name }}-{{ .Values.controller.name}}-cluster-role +rules: +- apiGroups: + - "" + resources: + - pods + - pods/exec + verbs: + - create + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch + - update + - patch diff --git a/charts/argo/templates/workflow-controller-config-map.yaml b/charts/argo/templates/workflow-controller-config-map.yaml index b0d9038f..081719f4 100644 --- a/charts/argo/templates/workflow-controller-config-map.yaml +++ b/charts/argo/templates/workflow-controller-config-map.yaml @@ -1,20 +1,21 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ .Release.Name }}-{{ .Values.controllerName }}-configmap + name: {{ .Release.Name }}-{{ .Values.controller.name }}-configmap labels: chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} + namespace: {{ .Release.Namespace }} data: config: | - {{- if .Values.useReleaseAsInstanceID }} + {{- if .Values.controller.useReleaseAsInstanceID }} instanceID: {{ .Release.Name }} {{- else }} - instanceID: {{ .Values.instanceID }} + instanceID: {{ .Values.controller.instanceID }} {{- end }} artifactRepository: - {{- if or .Values.installMinio .Values.useDefaultArtifactRepo }} + {{- if or .Values.minio.install .Values.useDefaultArtifactRepo }} s3: {{- if .Values.useStaticCredentials }} accessKeySecret: @@ -24,8 +25,8 @@ data: key: {{ .Values.artifactRepository.s3.secretKeySecret.key }} name: {{ .Values.artifactRepository.s3.secretKeySecret.name | default (printf "%s-%s" .Release.Name "minio-user") }} {{- end }} - bucket: {{ .Values.artifactRepository.s3.bucket | default .Values.minioBucketName }} + bucket: {{ .Values.artifactRepository.s3.bucket | default .Values.minio.defaultBucket.name }} endpoint: {{ .Values.artifactRepository.s3.endpoint | default (printf "%s-%s" .Release.Name "minio-svc:9000") }} insecure: {{ .Values.artifactRepository.s3.insecure }} {{- end}} - executorImage: "{{ .Values.imagesNamespace }}/{{ .Values.executorImage }}:{{ .Values.imagesTag }}" + executorImage: "{{ .Values.images.namespace }}/{{ .Values.images.executor }}:{{ .Values.images.tag }}" diff --git a/charts/argo/templates/workflow-controller-crb.yaml b/charts/argo/templates/workflow-controller-crb.yaml new file mode 100644 index 00000000..2af560f0 --- /dev/null +++ b/charts/argo/templates/workflow-controller-crb.yaml @@ -0,0 +1,23 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .Release.name }}-{{ .Values.controller.name}}-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Release.name }}-{{ .Values.controller.name}}-cluster-role +subjects: + - kind: ServiceAccount + name: {{ .Values.controller.serviceAccount }} + namespace: {{ .Release.Namespace }} +{{- if .Values.controller.workflowNamespaces }} +{{- $uiServiceAccount := .Values.controller.serviceAccount }} +{{- $namespace := .Release.Namespace }} +{{- range $key := .Values.controller.workflowNamespaces }} + {{- if not (eq $key $namespace) }} + - kind: ServiceAccount + name: {{ $uiServiceAccount }} + namespace: {{ $key }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/argo/templates/workflow-controller-deployment.yaml b/charts/argo/templates/workflow-controller-deployment.yaml index 808e57dd..d4291bd3 100644 --- a/charts/argo/templates/workflow-controller-deployment.yaml +++ b/charts/argo/templates/workflow-controller-deployment.yaml @@ -1,24 +1,25 @@ apiVersion: extensions/v1beta1 kind: Deployment metadata: - name: {{ .Release.Name }}-{{ .Values.controllerName}} + name: {{ .Release.Name }}-{{ .Values.controller.name}} labels: - app: {{ .Release.Name }}-{{ .Values.controllerName}} + app: {{ .Release.Name }}-{{ .Values.controller.name}} chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} heritage: {{ .Release.Service }} spec: template: metadata: labels: - app: {{ .Release.Name }}-{{ .Values.controllerName}} + app: {{ .Release.Name }}-{{ .Values.controller.name}} release: {{ .Release.Name }} spec: containers: - name: controller - image: "{{ .Values.imagesNamespace }}/{{ .Values.controllerImage }}:{{ .Values.imagesTag }}" + image: "{{ .Values.images.namespace }}/{{ .Values.images.controller }}:{{ .Values.images.tag }}" command: [ "workflow-controller" ] - args: ["--configmap", "{{ .Release.Name }}-{{ .Values.controllerName}}-configmap"] + args: ["--configmap", "{{ .Release.Name }}-{{ .Values.controller.name}}-configmap"] env: - name: ARGO_NAMESPACE valueFrom: diff --git a/charts/argo/templates/workflow-controller-sa.yaml b/charts/argo/templates/workflow-controller-sa.yaml new file mode 100644 index 00000000..c7fa24f0 --- /dev/null +++ b/charts/argo/templates/workflow-controller-sa.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.controller.serviceAccount }} + namespace: {{ .Release.Namespace }} diff --git a/charts/argo/values.yaml b/charts/argo/values.yaml index 22311334..0372a288 100644 --- a/charts/argo/values.yaml +++ b/charts/argo/values.yaml @@ -1,31 +1,44 @@ -imagesNamespace: argoproj -controllerImage: workflow-controller -uiImage: argoui -executorImage: argoexec -imagesTag: v2.1.0-alpha1 -controllerName: workflow-controller +images: + namespace: argoproj + controller: workflow-controller + ui: argoui + executor: argoexec + tag: v2.1.1 + +controller: + serviceAccount: argo + name: workflow-controller + workflowNamespaces: + - default + # If set to true then chart set controller instance id to release name + useReleaseAsInstanceID: true + instanceID: + +ui: + name: ui + serviceType: LoadBalancer + serviceAccount: argo-ui + # Enables ability to SSH into pod using web UI + enableWebConsole: false -# Enables ability to SSH into pod using web UI -enableWebConsole: false -uiName: ui -uiServiceType: LoadBalancer crdVersion: v1alpha1 -# If set to true then chart set controller instance id to release name -useReleaseAsInstanceID: false -instanceID: - useDefaultArtifactRepo: false useStaticCredentials: true # If set to true then chart installs minio and generate according artifactRepository section in workflow controller config map -installMinio: true -minioBucketName: argo-artifacts +minio: + # This is not used by the subchart, but makes sense to group here. + install: true + defaultBucket: + enabled: true + name: argo-artifacts artifactRepository: s3: + #default minio creds accessKeySecret: - key: accesskey + key: AKIAIOSFODNN7EXAMPLE secretKeySecret: - key: secretkey + key: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY insecure: true