From 30889df4767f9f15c41eb228090307b43acf046c Mon Sep 17 00:00:00 2001 From: Jaret Date: Mon, 4 Nov 2019 16:17:25 -0800 Subject: [PATCH] init v1.0.0 (#129) --- CONTRIBUTING.md | 4 +- charts/argo-cd/.helmignore | 21 - charts/argo-cd/Chart.yaml | 14 +- charts/argo-cd/README.md | 273 +++++-- charts/argo-cd/requirements.yaml | 0 charts/argo-cd/templates/NOTES.txt | 10 +- charts/argo-cd/templates/_helpers.tpl | 70 +- ...ocd-application-controller-deployment.yaml | 51 -- ...pplication-controller-metrics-service.yaml | 19 - ...argocd-application-controller-service.yaml | 17 - .../clusterrole.yaml} | 8 +- .../clusterrolebinding.yaml | 21 + .../deployment.yaml | 106 +++ .../metrics-service.yaml | 31 + .../role.yaml} | 9 +- .../rolebinding.yaml} | 11 +- .../service.yaml | 25 + .../serviceaccount.yaml} | 6 +- .../servicemonitor.yaml | 32 + charts/argo-cd/templates/argocd-cm.yaml | 48 -- .../argocd-cm.yaml} | 10 +- .../argocd-configs/argocd-rbac-cm.yaml | 13 + .../argocd-configs/argocd-secret.yaml | 27 + .../argocd-ssh-known-hosts-cm.yaml | 12 + .../argocd-configs/argocd-tls-certs-cm.yaml | 14 + .../argocd-dex-server-deployment.yaml | 54 -- .../templates/argocd-dex-server-service.yaml | 23 - charts/argo-cd/templates/argocd-rbac-cm.yaml | 21 - .../templates/argocd-redis-deployment.yaml | 38 - .../argocd-repo-server-deployment.yaml | 69 -- .../templates/argocd-repo-server-service.yaml | 17 - .../argocd-repo-server/deployment.yaml | 121 ++++ .../argocd-repo-server/metrics-service.yaml | 31 + .../templates/argocd-repo-server/service.yaml | 26 + .../argocd-repo-server/servicemonitor.yaml | 33 + charts/argo-cd/templates/argocd-secret.yaml | 26 - .../argocd-server-clusterrolebinding.yaml | 21 - .../templates/argocd-server-deployment.yaml | 77 -- .../templates/argocd-server-ingress.yaml | 33 - .../templates/argocd-server-metrics.yaml | 19 - .../templates/argocd-server-service.yaml | 28 - .../templates/argocd-server/applications.yaml | 42 ++ .../certificate.yaml} | 12 +- .../clusterrole.yaml} | 10 +- .../clusterrolebinding.yaml} | 14 +- .../templates/argocd-server/deployment.yaml | 134 ++++ .../templates/argocd-server/ingress.yaml | 53 ++ .../argocd-server/metrics-service.yaml | 31 + .../templates/argocd-server/projects.yaml | 46 ++ .../role.yaml} | 8 +- .../rolebinding.yaml} | 11 +- .../templates/argocd-server/service.yaml | 31 + .../serviceaccount.yaml} | 6 +- .../argocd-server/servicemonitor.yaml | 33 + .../templates/argocd-ssh-known-hosts-cm.yaml | 19 - .../templates/argocd-tls-certs-cm.yaml | 11 - charts/argo-cd/templates/dex/deployment.yaml | 76 ++ .../role.yaml} | 10 +- .../rolebinding.yaml} | 14 +- charts/argo-cd/templates/dex/service.yaml | 26 + .../argo-cd/templates/dex/serviceaccount.yaml | 13 + .../argo-cd/templates/redis/deployment.yaml | 61 ++ .../service.yaml} | 10 +- charts/argo-cd/values.yaml | 682 +++++++++++++----- 64 files changed, 1909 insertions(+), 933 deletions(-) delete mode 100644 charts/argo-cd/.helmignore create mode 100644 charts/argo-cd/requirements.yaml delete mode 100644 charts/argo-cd/templates/argocd-application-controller-deployment.yaml delete mode 100644 charts/argo-cd/templates/argocd-application-controller-metrics-service.yaml delete mode 100644 charts/argo-cd/templates/argocd-application-controller-service.yaml rename charts/argo-cd/templates/{argocd-application-controller-clusterrole.yaml => argocd-application-controller/clusterrole.yaml} (61%) create mode 100644 charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml create mode 100644 charts/argo-cd/templates/argocd-application-controller/deployment.yaml create mode 100644 charts/argo-cd/templates/argocd-application-controller/metrics-service.yaml rename charts/argo-cd/templates/{argocd-application-controller-role.yaml => argocd-application-controller/role.yaml} (74%) rename charts/argo-cd/templates/{argocd-dex-server-rolebinding.yaml => argocd-application-controller/rolebinding.yaml} (52%) create mode 100644 charts/argo-cd/templates/argocd-application-controller/service.yaml rename charts/argo-cd/templates/{argocd-application-controller-sa.yaml => argocd-application-controller/serviceaccount.yaml} (56%) create mode 100644 charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml delete mode 100644 charts/argo-cd/templates/argocd-cm.yaml rename charts/argo-cd/templates/{argocd-dex-server-sa.yaml => argocd-configs/argocd-cm.yaml} (55%) create mode 100644 charts/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml create mode 100644 charts/argo-cd/templates/argocd-configs/argocd-secret.yaml create mode 100644 charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml create mode 100644 charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml delete mode 100644 charts/argo-cd/templates/argocd-dex-server-deployment.yaml delete mode 100644 charts/argo-cd/templates/argocd-dex-server-service.yaml delete mode 100644 charts/argo-cd/templates/argocd-rbac-cm.yaml delete mode 100644 charts/argo-cd/templates/argocd-redis-deployment.yaml delete mode 100644 charts/argo-cd/templates/argocd-repo-server-deployment.yaml delete mode 100644 charts/argo-cd/templates/argocd-repo-server-service.yaml create mode 100644 charts/argo-cd/templates/argocd-repo-server/deployment.yaml create mode 100644 charts/argo-cd/templates/argocd-repo-server/metrics-service.yaml create mode 100644 charts/argo-cd/templates/argocd-repo-server/service.yaml create mode 100644 charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml delete mode 100644 charts/argo-cd/templates/argocd-secret.yaml delete mode 100644 charts/argo-cd/templates/argocd-server-clusterrolebinding.yaml delete mode 100644 charts/argo-cd/templates/argocd-server-deployment.yaml delete mode 100644 charts/argo-cd/templates/argocd-server-ingress.yaml delete mode 100644 charts/argo-cd/templates/argocd-server-metrics.yaml delete mode 100644 charts/argo-cd/templates/argocd-server-service.yaml create mode 100644 charts/argo-cd/templates/argocd-server/applications.yaml rename charts/argo-cd/templates/{argocd-server-certificate.yaml => argocd-server/certificate.yaml} (61%) rename charts/argo-cd/templates/{argocd-server-clusterrole.yaml => argocd-server/clusterrole.yaml} (73%) rename charts/argo-cd/templates/{argocd-application-controller-clusterrolebinding.yaml => argocd-server/clusterrolebinding.yaml} (54%) create mode 100644 charts/argo-cd/templates/argocd-server/deployment.yaml create mode 100644 charts/argo-cd/templates/argocd-server/ingress.yaml create mode 100644 charts/argo-cd/templates/argocd-server/metrics-service.yaml create mode 100644 charts/argo-cd/templates/argocd-server/projects.yaml rename charts/argo-cd/templates/{argocd-server-role.yaml => argocd-server/role.yaml} (76%) rename charts/argo-cd/templates/{argocd-application-controller-rolebinding.yaml => argocd-server/rolebinding.yaml} (53%) create mode 100644 charts/argo-cd/templates/argocd-server/service.yaml rename charts/argo-cd/templates/{argocd-server-sa.yaml => argocd-server/serviceaccount.yaml} (57%) create mode 100644 charts/argo-cd/templates/argocd-server/servicemonitor.yaml delete mode 100644 charts/argo-cd/templates/argocd-ssh-known-hosts-cm.yaml delete mode 100644 charts/argo-cd/templates/argocd-tls-certs-cm.yaml create mode 100644 charts/argo-cd/templates/dex/deployment.yaml rename charts/argo-cd/templates/{argocd-dex-server-role.yaml => dex/role.yaml} (62%) rename charts/argo-cd/templates/{argocd-server-rolebinding.yaml => dex/rolebinding.yaml} (51%) create mode 100644 charts/argo-cd/templates/dex/service.yaml create mode 100644 charts/argo-cd/templates/dex/serviceaccount.yaml create mode 100644 charts/argo-cd/templates/redis/deployment.yaml rename charts/argo-cd/templates/{argocd-redis-service.yaml => redis/service.yaml} (54%) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 528deb77..3bdd1cd3 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -26,7 +26,7 @@ Minimally: ``` helm install charts/argo-cd --namespace argocd -n argo-cd -kubectl port-forward svc/argocd-server -n argocd 8080:443 +kubectl port-forward service/argo-cd-argocd-server -n argocd 8080:443 ``` In a new terminal: @@ -40,6 +40,8 @@ kubectl -n argocd patch secret argocd-secret \ "admin.passwordMtime": "'$(date +%FT%T%Z)'" }}' argocd login localhost:8080 --username admin --password 'Password1!' + +# WARNING: server certificate had error: x509: certificate signed by unknown authority. Proceed insecurely (y/n)? y ``` Create and sync app: diff --git a/charts/argo-cd/.helmignore b/charts/argo-cd/.helmignore deleted file mode 100644 index f0c13194..00000000 --- a/charts/argo-cd/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index cf7caac9..414cdea8 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,6 +1,16 @@ apiVersion: v1 appVersion: "1.2.4" -description: A Helm chart for Argo-CD +description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 0.7.2 +version: 1.0.0 +home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/argo.png +keywords: + - argoproj + - argocd + - gitops +maintainers: + - name: alexec + - name: alexmt + - name: jessesuen + - name: seanson diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 2a1d7a02..4c21d029 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1,5 +1,12 @@ -# Argo CD Chart +Argo CD Chart +====== +A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. +Current chart version is `1.0.0` + +Source code can be found [here](https://argoproj.github.io/argo-cd/) + +## Additional Information This is a **community maintained** chart. This chart installs [argo-cd](https://argoproj.github.io/argo-cd/), a declarative, GitOps continuous delivery tool for Kubernetes. The default installation is intended to be similar to the provided ArgoCD [releases](https://github.com/argoproj/argo-cd/releases). @@ -19,73 +26,201 @@ $ helm repo add argo https://argoproj.github.io/argo-helm $ helm install --name my-release argo/argo-cd ``` + ## Chart Values -| Key | Type | Default | Description | -| -------------------------------------- | ------ | ---------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| applicationController.containerPort | int | `8082` | Container port for application controller server and metrics | -| applicationController.image.pullPolicy | string | `"Always"` | Docker image pull policy | -| applicationController.image.repository | string | `"argoproj/argocd"` | Docker image repo | -| applicationController.image.tag | string | `"v1.2.4"` | Docker image tag | -| applicationController.servicePort | int | `8082` | Service port for applicaiton controller server | -| applicationController.volumeMounts | list | `[]` | Additional volume mounts | -| applicationController.volumes | list | `[]` | Additional volumes | -| certificate.enabled | bool | `false` | Enable certificate (requires cert-manager) | -| clusterAdminAccess.enabled | bool | `true` | Standard Argo CD installation with cluster-admin access. Set this true if you plan to use Argo CD to deploy applications in the same cluster that Argo CD runs in (i.e. kubernetes.svc.default). Will still be able to deploy to external clusters with inputted credentials. | -| config.configManagementPlugins | string | `nil` | List of custom config management plugins, see [values.yaml](./values.yaml) for format | -| config.createSecret | bool | `true` | Creates the argocd-secret secret, set to false to manage externally | -| config.dexConfig | string | `nil` | Configuration for external auth and URL, see [values.yaml](./values.yaml) for format | -| config.helmRepositories | string | `nil` | Configuration for external Helm charts, see [values.yaml](./values.yaml) for format | -| config.oidcConfig | string | `nil` | Configuration for OpenID connect, see [values.yaml](./values.yaml) for format | -| config.repositories | string | `nil` | Configuration for remote Git repositories for Applications, see [values.yaml](./values.yaml) for format | -| config.resourceCustomizations | string | `nil` | resourceCustomizations can be used to create custom health checks for resources [https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/health.md#way-1-define-a-custom-health-check-in-argocd-cm-configmap] | -| config.url | string | `nil` | External URL for ArgoCD | -| config.instanceLabelKey | string | `nil` | Custom instance label key | -| config.webhook.bitbucketSecret | string | `nil` | BitBucket incoming webhook secret | -| config.webhook.githubSecret | string | `nil` | GitHub incoming webhook secret | -| config.webhook.gitlabSecret | string | `nil` | GitLab incoming webhook secret | -| dexServer.containerPortGrpc | int | `5557` | Container port for Dex Server GRPC | -| dexServer.containerPortHttp | int | `5556` | Container port for Dex Server HTTP | -| dexServer.image.pullPolicy | string | `"Always"` | Docker image pull policy | -| dexServer.image.repository | string | `"quay.io/dexidp/dex"` | Docker image repo | -| dexServer.image.tag | string | `"v2.12.0"` | Docker image tag | -| dexServer.initImage.pullPolicy | string | `"Always"` | Docker image pull policy | -| dexServer.initImage.repository | string | `"argoproj/argocd"` | Docker image repo | -| dexServer.initImage.tag | string | `"v1.2.0"` | Docker image tag | -| dexServer.servicePortGrpc | int | `5557` | Service port for Dex Server GRPC | -| dexServer.servicePortHttp | int | `5556` | Service port for Dex Server GRPC | -| dexServer.volumeMounts | list | `[]` | Additional volume mounts | -| dexServer.volumes | list | `[]` | Additional volumes | -| ingress.additionalHosts | list | `[]` | Ingress additional hosts | -| ingress.annotations | object | `{}` | Annotations for ingress object, set `nginx.ingress.kubernetes.io/force-ssl-redirect: "true"` and `nginx.ingress.kubernetes.io/ssl-passthrough: "true"` if serving GRPC and HTTPS on the same ingress | -| ingress.enabled | bool | `false` | Enable ingress | -| ingress.tls | object | `{}` | Ingress TLS configuration | -| rbac.policyCsv | string | `nil` | RBAC policy in CSV, see [values.yaml](./values.yaml) for format | -| rbac.policyDefault | string | `nil` | The default role Argo CD will fall back to, when authorizing API requests, ie: `role:readonly` | -| rbac.scopes | string | `nil` | Scopes controls which OIDC scopes to examine during rbac enforcement (in addition to `sub` scope). ie: `[groups]` | -| redis.containerPort | int | `6379` | Container port for Redis | -| redis.image.pullPolicy | string | `"Always"` | Docker image pull policy | -| redis.image.repository | string | `"redis"` | Docker image repo | -| redis.image.tag | string | `"5.0.3"` | Docker image tag | -| redis.servicePort | int | `6379` | Service port for Redis | -| repoServer.containerPort | int | `8081` | Container port for repo server | -| repoServer.image.pullPolicy | string | `"Always"` | Docker image pull policy | -| repoServer.image.repository | string | `"argoproj/argocd"` | Docker image repo | -| repoServer.image.tag | string | `"v1.2.0"` | Docker image tag | -| repoServer.servicePort | int | `8081` | Service port for repo server | -| repoServer.volumeMounts | list | `[]` | Additional volume mounts | -| repoServer.volumes | list | `[]` | Additional volumes | -| repoServer.initContainers | list | `[]` | Initialisation containers, see [values.yaml](./values.yaml) for syntax for Helm v2.12.3 | -| repoServer.imagePullSecrets | list | `[]` | List of image pull secrets, see [values.yaml](./values.yaml) for syntax for a secret called "docker-auth-secret" | -| server.annotations | object | `{}` | Annotations for the server deployment | -| server.containerPort | int | `8080` | Container port for server | -| server.extraArgs | list | `[]` | Add additional arguments | -| server.image.pullPolicy | string | `"Always"` | Docker image pull policy | -| server.image.repository | string | `"argoproj/argocd"` | Docker image repo | -| server.image.tag | string | `"v1.2.0"` | Docker image tag | -| server.metricsPort | int | `8083` | Container port for server metrics | -| server.serviceAnnotations | object | `{}` | Annotations for server service | -| server.servicePortHttp | int | `80` | HTTP Container port for server | -| server.servicePortHttps | int | `443` | HTTPS Container port for server | -| server.volumeMounts | list | `[]` | Additional volume mounts, see [values.yaml](./values.yaml) for syntax for SSH known hosts | -| server.volumes | list | `[]` | Additional volumes, see [values.yaml](./values.yaml) for syntax for SSH known hosts | +| Parameter | Description | Default | +|-----|------|---------| +| global.image.imagePullPolicy | If defined, a imagePullPolicy applied to all ArgoCD deployments. | `"IfNotPresent"` | +| global.image.repository | If defined, a repository applied to all ArgoCD deployments. | `"argoproj/argocd"` | +| global.image.tag | If defined, a tag applied to all ArgoCD deployments. | `"v1.2.3"` | +| nameOverride | Provide a name in place of `argocd` | `"argocd"` | +| configs.knownHosts.data.ssh_known_hosts | Known Hosts | See [values.yaml](values.yaml) | +| configs.secret.bitbucketSecret | BitBucket incoming webhook secret | `""` | +| configs.secret.createSecret | Create the argocd-secret. | `true` | +| configs.secret.githubSecret | GitHub incoming webhook secret | `""` | +| configs.secret.gitlabSecret | GitLab incoming webhook secret | `""` | +| configs.tlsCerts.data."argocd.example.com" | TLS certificate | See [values.yaml](values.yaml) | + +## ArgoCD Controller + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| controller.affinity | Assign custom affinity rules to the deployment https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ | `{}` | +| controller.args.operationProcessors | define the controller `--operation-processors` | `"10"` | +| controller.args.statusProcessors | define the controller `--status-processors` | `"20"` | +| controller.clusterAdminAccess.enabled | Enable RBAC for local cluster deployments. | `true` | +| controller.containerPort | Controller listening port. | `8082` | +| controller.extraArgs | Additional arguments for the controller. | `[]` | +| controller.image.repository | Repository to use for the controller | `global.image.repository` | +| controller.image.imagePullPolicy | Image pull policy for the controller | `global.image.imagePullPolicy` | +| controller.image.tag | Tag to use for the controller | `global.image.tag` | +| controller.livenessProbe.failureThreshold | int | `3` | +| controller.livenessProbe.initialDelaySeconds | int | `10` | +| controller.livenessProbe.periodSeconds | int | `10` | +| controller.livenessProbe.successThreshold | int | `1` | +| controller.livenessProbe.timeoutSeconds | int | `1` | +| controller.logLevel | Controller log level | `"info"` | +| controller.metrics.enabled | Deploy metrics service | `false` | +| controller.metrics.service.annotations | Metrics service annotations | `{}` | +| controller.metrics.service.labels | Metrics service labels | `{}` | +| controller.metrics.service.servicePort | Metrics service port | `8082` | +| controller.metrics.serviceMonitor.enabled | Enable a prometheus ServiceMonitor. | `false` | +| controller.metrics.serviceMonitor.selector | Prometheus ServiceMonitor selector. | `{}` | +| controller.name | Controller name string. | `"application-controller"` | +| controller.nodeSelector | controller node selector https://kubernetes.io/docs/user-guide/node-selection/ | `{}` | +| controller.podAnnotations | Annotations for the controller pods | `{}` | +| controller.podLabels | Labels for the controller pods | `{}` | +| controller.priorityClassName | Priority class for the controller pods | `""` | +| controller.readinessProbe.failureThreshold | int | `3` | +| controller.readinessProbe.initialDelaySeconds | int | `10` | +| controller.readinessProbe.periodSeconds | int | `10` | +| controller.readinessProbe.successThreshold | int | `1` | +| controller.readinessProbe.timeoutSeconds | int | `1` | +| controller.resources | Resource limits and requests for the controller pods. | `{}` | +| controller.service.annotations | Controller service annotations. | `{}` | +| controller.service.labels | Controller service labels. | `{}` | +| controller.service.port | Controller service port. | `8082` | +| controller.serviceAccount.create | Create a service account for the controller | `true` | +| controller.serviceAccount.name | Service account name. | `"argocd-application-controller"` | +| controller.tolerations | Tolerations for use with node taints https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | `{}` | +| controller.volumeMounts | Controller volume mounts | `[]` | +| controller.volumes | Controller volumes | `[]` | + +## Argo Repo Server + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| repoServer.affinity | Assign custom affinity rules to the deployment https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ | `{}` | +| repoServer.containerPort | Repo server port | `8081` | +| repoServer.extraArgs | Additional arguments for the repo server | `[]` | +| repoServer.image.repository | Repository to use for the repo server | `global.image.repository` | +| repoServer.image.imagePullPolicy | Image pull policy for the repo server | `global.image.imagePullPolicy` | +| repoServer.image.tag | Tag to use for the repo server | `global.image.tag` | +| repoServer.livenessProbe.failureThreshold | int | `3` | +| repoServer.livenessProbe.initialDelaySeconds | int | `10` | +| repoServer.livenessProbe.periodSeconds | int | `10` | +| repoServer.livenessProbe.successThreshold | int | `1` | +| repoServer.livenessProbe.timeoutSeconds | int | `1` | +| repoServer.logLevel | Log level | `"info"` | +| repoServer.metrics.enabled | Deploy metrics service | `false` | +| repoServer.metrics.service.annotations | Metrics service annotations | `{}` | +| repoServer.metrics.service.labels | Metrics service labels | `{}` | +| repoServer.metrics.service.servicePort | Metrics service port | `8082` | +| repoServer.metrics.serviceMonitor.enabled | Enable a prometheus ServiceMonitor. | `false` | +| repoServer.metrics.serviceMonitor.selector | Prometheus ServiceMonitor selector. | `{}` | +| repoServer.name | Repo server name | `"repo-server"` | +| repoServer.nodeSelector | controller node selector https://kubernetes.io/docs/user-guide/node-selection/ | `{}` | +| repoServer.podAnnotations | Annotations for the repo server pods | `{}` | +| repoServer.podLabels | Labels for the repo server pods | `{}` | +| repoServer.priorityClassName | Priority class for the repo server | `""` | +| repoServer.readinessProbe.failureThreshold | int | `3` | +| repoServer.readinessProbe.initialDelaySeconds | int | `10` | +| repoServer.readinessProbe.periodSeconds | int | `10` | +| repoServer.readinessProbe.successThreshold | int | `1` | +| repoServer.readinessProbe.timeoutSeconds | int | `1` | +| repoServer.resources | Resource limits and requests for the repo server pods. | `{}` | +| repoServer.service.annotations | Repo server service annotations. | `{}` | +| repoServer.service.labels | Repo server service labels. | `{}` | +| repoServer.service.port | Repo server service port. | `8081` | +| repoServer.tolerations | Tolerations for use with node taints https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | `{}` | +| repoServer.volumeMounts | Repo server volume mounts | `[]` | +| repoServer.volumes | Repo server volumes | `[]` | + +## Argo Server + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| server.affinity | Assign custom affinity rules to the deployment https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ | `{}` | +| server.certificate.additionalHosts | Certificate manager additional hosts | `[]` | +| server.certificate.domain | Certificate manager domain | `"argocd.example.com"` | +| server.certificate.enabled | Enables a certificate manager certificate. | `false` | +| server.certificate.issuer | Certificate manager issuer | `{}` | +| server.config | URL for Argo CD | `{}` | +| server.containerPort | Server container port. | `8080` | +| server.extraArgs | Additional arguments for the server | `[]` | +| server.image.repository | Repository to use for the server | `global.image.repository` | +| server.image.imagePullPolicy | Image pull policy for the server | `global.image.imagePullPolicy` | +| server.image.tag | Tag to use for the repo server | `global.image.tag` | +| server.ingress.annotations | Additional ingress annotations | `{}` | +| server.ingress.enabled | Enable an ingress resource for the server | `false` | +| server.ingress.hosts | List of ingress hosts | `[]` | +| server.ingress.labels | Additional ingress labels. | `{}` | +| server.ingress.tls | Ingress TLS configuration. | `[]` | +| server.livenessProbe.failureThreshold | int | `3` | +| server.livenessProbe.initialDelaySeconds | int | `10` | +| server.livenessProbe.periodSeconds | int | `10` | +| server.livenessProbe.successThreshold | int | `1` | +| server.livenessProbe.timeoutSeconds | int | `1` | +| server.logLevel | Log level | `"info"` | +| server.metrics.enabled | Deploy metrics service | `false` | +| server.metrics.service.annotations | Metrics service annotations | `{}` | +| server.metrics.service.labels | Metrics service labels | `{}` | +| server.metrics.service.servicePort | Metrics service port | `8082` | +| server.metrics.serviceMonitor.enabled | Enable a prometheus ServiceMonitor. | `false` | +| server.metrics.serviceMonitor.selector | Prometheus ServiceMonitor selector. | `{}` | +| server.name | Argo CD server name | `"server"` | +| server.nodeSelector | controller node selector https://kubernetes.io/docs/user-guide/node-selection/ | `{}` | +| server.podAnnotations | Annotations for the repo server pods | `{}` | +| server.podLabels | Labels for the repo server pods | `{}` | +| server.priorityClassName | Priority class for the repo server | `""` | +| server.rbacConfig | Argo CD RBAC policy https://argoproj.github.io/argo-cd/operator-manual/rbac/ | `See [values.yaml](values.yaml)` | +| server.readinessProbe.failureThreshold | int | `3` | +| server.readinessProbe.initialDelaySeconds | int | `10` | +| server.readinessProbe.periodSeconds | int | `10` | +| server.readinessProbe.successThreshold | int | `1` | +| server.readinessProbe.timeoutSeconds | int | `1` | +| server.resources | Resource limits and requests for the server | `{}` | +| server.service.annotations | Server service annotations | `{}` | +| server.service.labels | Server service labels | `{}` | +| server.service.servicePortHttp | Server service http port | `80` | +| server.service.servicePortHttps | Server service https port | `443` | +| server.service.type | Server service type | `"ClusterIP"` | +| server.serviceAccount.create | Create server service account | `true` | +| server.serviceAccount.name | Server service account name | `"argocd-server"` | +| server.tolerations | Tolerations for use with node taints https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | `{}` | +| server.volumeMounts | Server volume mounts | `[]` | +| server.volumes | Server volumes | `[]` | + +## Dex + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| dex.affinity | Assign custom affinity rules to the deployment https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ | `{}` | +| dex.containerPortGrpc | GRPC container port | `5557` | +| dex.containerPortHttp | HTTP container port | `5556` | +| dex.enabled | Enable dex | `true` | +| dex.image.imagePullPolicy | Dex imagePullPolicy | `"IfNotPresent"` | +| dex.image.repository | Dex image repository | `"quay.io/dexidp/dex"` | +| dex.image.tag | Dex image tag | `"v2.14.0"` | +| dex.initImage.repository | Argo CD init image repository. | `global.image.repository` | +| dex.initImage.imagePullPolicy | Argo CD init image imagePullPolicy | `global.image.imagePullPolicy` | +| dex.initImage.tag | Argo CD init image tag | `global.image.tag` | +| dex.name | Dex name | `"dex-server"` | +| dex.nodeSelector | Dex node selector https://kubernetes.io/docs/user-guide/node-selection/ | `{}` | +| dex.priorityClassName | Priority class for dex | `""` | +| dex.resources | Resource limits and requests for dex | `{}` | +| dex.serviceAccount.create | Create dex service account | `true` | +| dex.serviceAccount.name | Dex service account name | `"argocd-dex-server"` | +| dex.servicePortGrpc | Server GRPC port | `5557` | +| dex.servicePortHttp | Server HTTP port | `5556` | +| dex.tolerations | Tolerations for use with node taints https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | `{}` | +| dex.volumeMounts | Dex volume mounts | `"/shared"` | +| dex.volumes | Dex volumes | `{}` | + +## Redis + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| redis.affinity | Assign custom affinity rules to the deployment https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ | `{}` | +| redis.containerPort | Redis container port | `6379` | +| redis.enabled | Enable redis | `false` | +| redis.image.imagePullPolicy | Redis imagePullPolicy | `"IfNotPresent"` | +| redis.image.repository | Redis repository | `"redis"` | +| redis.image.tag | Redis tag | `"5.0.3"` | +| redis.name | Redis name | `"redis"` | +| redis.nodeSelector | Redis node selector https://kubernetes.io/docs/user-guide/node-selection/ | `{}` | +| redis.priorityClassName | Priority class for redis | `""` | +| redis.resources | Resource limits and requests for redis | `{}` | +| redis.servicePort | Redis service port | `6379` | +| redis.tolerations | Tolerations for use with node taints https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | `{}` | diff --git a/charts/argo-cd/requirements.yaml b/charts/argo-cd/requirements.yaml new file mode 100644 index 00000000..e69de29b diff --git a/charts/argo-cd/templates/NOTES.txt b/charts/argo-cd/templates/NOTES.txt index 36ade656..451727d6 100644 --- a/charts/argo-cd/templates/NOTES.txt +++ b/charts/argo-cd/templates/NOTES.txt @@ -1,13 +1,15 @@ In order to access the server UI you have the following options: -1. kubectl port-forward svc/argocd-server -n argocd 8080:443 +1. kubectl port-forward service/argo-cd-argocd-server -n argocd 8080:443 and then open the browser on http://localhost:8080 and accept the certificate -2. enable ingress and check the first option ssl passthrough: - https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ingress.md#option-1-ssl-passthrough +2. enable ingress in the values file `service.ingress.enabled` and either + - Add the annotation for ssl passthrough: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ingress.md#option-1-ssl-passthrough + - Add the `insecure: ""` flag to `server.extraArgs` in the values file and terminate SSL at your ingress: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ingress.md#option-2-multiple-ingress-objects-and-hosts + After reaching the UI the first time you can login with username: admin and the password will be the name of the server pod. You can get the pod name by running: -kubectl get pods -n argocd -l app.kubernetes.io/name={{ include "argo-cd.name" . }}-server -o name | cut -d'/' -f 2 +kubectl get pods -n argocd -l app.kubernetes.io/name={{ include "argo-cd.name" . }}-server -o name | cut -d'/' -f 2 \ No newline at end of file diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index bd65c45c..2c892a75 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -24,9 +24,77 @@ If release name contains chart name it will be used as a full name. {{- end -}} {{- end -}} +{{/* +Create controller name and version as used by the chart label. +*/}} +{{- define "argo-cd.controller.fullname" -}} +{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.controller.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create dex name and version as used by the chart label. +*/}} +{{- define "argo-cd.dex.fullname" -}} +{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.dex.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create redis name and version as used by the chart label. +*/}} +{{- define "argo-cd.redis.fullname" -}} +{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.redis.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create argocd server name and version as used by the chart label. +*/}} +{{- define "argo-cd.server.fullname" -}} +{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.server.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create argocd repo-server name and version as used by the chart label. +*/}} +{{- define "argo-cd.repoServer.fullname" -}} +{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.repoServer.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the controller service account to use +*/}} +{{- define "argo-cd.controllerServiceAccountName" -}} +{{- if .Values.controller.serviceAccount.create -}} + {{ default (include "argo-cd.fullname" .) .Values.controller.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.controller.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the dex service account to use +*/}} +{{- define "argo-cd.dexServiceAccountName" -}} +{{- if .Values.dex.serviceAccount.create -}} + {{ default (include "argo-cd.fullname" .) .Values.dex.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.dex.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the ArgoCD server service account to use +*/}} +{{- define "argo-cd.serverServiceAccountName" -}} +{{- if .Values.server.serviceAccount.create -}} + {{ default (include "argo-cd.fullname" .) .Values.server.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.server.serviceAccount.name }} +{{- end -}} +{{- end -}} + {{/* Create chart name and version as used by the chart label. */}} {{- define "argo-cd.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-application-controller-deployment.yaml b/charts/argo-cd/templates/argocd-application-controller-deployment.yaml deleted file mode 100644 index 73da5728..00000000 --- a/charts/argo-cd/templates/argocd-application-controller-deployment.yaml +++ /dev/null @@ -1,51 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: argocd-application-controller - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-application-controller - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} - app.kubernetes.io/component: application-controller -spec: - selector: - matchLabels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-application-controller - template: - metadata: - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-application-controller - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} - app.kubernetes.io/component: application-controller - spec: - containers: - - command: - - argocd-application-controller - - --status-processors - - "20" - - --operation-processors - - "10" - image: {{ .Values.applicationController.image.repository }}:{{ .Values.applicationController.image.tag }} - imagePullPolicy: {{ .Values.applicationController.image.pullPolicy }} - name: argocd-application-controller - ports: - - containerPort: {{ .Values.applicationController.containerPort }} - readinessProbe: - tcpSocket: - port: {{ .Values.applicationController.containerPort }} - initialDelaySeconds: 5 - periodSeconds: 10 - volumeMounts: - {{- if .Values.applicationController.volumeMounts }} - {{ toYaml .Values.applicationController.volumeMounts | nindent 8 | trim }} - {{- end }} - serviceAccountName: argocd-application-controller - volumes: - {{- if .Values.applicationController.volumes }} - {{ toYaml .Values.applicationController.volumes | nindent 6 | trim }} - {{- end }} diff --git a/charts/argo-cd/templates/argocd-application-controller-metrics-service.yaml b/charts/argo-cd/templates/argocd-application-controller-metrics-service.yaml deleted file mode 100644 index 853c467e..00000000 --- a/charts/argo-cd/templates/argocd-application-controller-metrics-service.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-metrics - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} - app.kubernetes.io/component: application-controller - name: argocd-metrics -spec: - ports: - - name: metrics - protocol: TCP - port: {{ .Values.applicationController.servicePort }} - targetPort: {{ .Values.applicationController.containerPort }} - selector: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-application-controller diff --git a/charts/argo-cd/templates/argocd-application-controller-service.yaml b/charts/argo-cd/templates/argocd-application-controller-service.yaml deleted file mode 100644 index 76b8b701..00000000 --- a/charts/argo-cd/templates/argocd-application-controller-service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: argocd-application-controller - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-application-controller - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} - app.kubernetes.io/component: application-controller -spec: - ports: - - port: {{ .Values.applicationController.servicePort }} - targetPort: {{ .Values.applicationController.containerPort }} - selector: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-application-controller diff --git a/charts/argo-cd/templates/argocd-application-controller-clusterrole.yaml b/charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml similarity index 61% rename from charts/argo-cd/templates/argocd-application-controller-clusterrole.yaml rename to charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml index 83a31835..32416869 100644 --- a/charts/argo-cd/templates/argocd-application-controller-clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml @@ -1,15 +1,15 @@ -{{- if .Values.clusterAdminAccess.enabled }} +{{- if .Values.controller.clusterAdminAccess.enabled }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: argocd-application-controller + name: {{ template "argo-cd.controller.fullname" . }} labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-application-controller + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }} helm.sh/chart: {{ include "argo-cd.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} - app.kubernetes.io/component: application-controller + app.kubernetes.io/component: {{ .Values.controller.name }} rules: - apiGroups: - '*' diff --git a/charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml new file mode 100644 index 00000000..79905319 --- /dev/null +++ b/charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml @@ -0,0 +1,21 @@ +{{- if .Values.controller.clusterAdminAccess.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "argo-cd.controller.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: {{ .Values.controller.name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "argo-cd.controller.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ template "argo-cd.controllerServiceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml new file mode 100644 index 00000000..0cf0b2b2 --- /dev/null +++ b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml @@ -0,0 +1,106 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "argo-cd.controller.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: {{ .Values.controller.name }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-application-controller + app.kubernetes.io/instance: {{ .Release.Name }} + revisionHistoryLimit: 5 + replicas: 1 + template: + metadata: + {{- if .Values.controller.podAnnotations }} + annotations: + {{- range $key, $value := .Values.controller.podAnnotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: {{ .Values.controller.name }} + {{- if .Values.controller.podLabels }} +{{- toYaml .Values.controller.podLabels | nindent 8 }} + {{- end }} + spec: + containers: + - command: + - argocd-application-controller + - --status-processors + - {{ .Values.controller.args.statusProcessors | quote }} + - --operation-processors + - {{ .Values.controller.args.operationProcessors | quote }} + - --repo-server + - {{ template "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }} + - --loglevel + - {{ .Values.controller.logLevel }} + {{- if .Values.redis.enabled }} + - --redis + - {{ template "argo-cd.redis.fullname" . }}:{{ .Values.redis.servicePort }} + {{- end }} + {{- range $key, $value := .Values.controller.extraArgs }} + {{- if $value }} + - --{{ $key }}={{ $value }} + {{- else }} + - --{{ $key }} + {{- end }} + {{- end }} + image: {{ default .Values.global.image.repository .Values.controller.image.repository }}:{{ default .Values.global.image.tag .Values.controller.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.controller.image.imagePullPolicy }} + name: {{ .Values.controller.name }} + ports: + - name: controller + containerPort: {{ .Values.controller.containerPort }} + protocol: TCP + livenessProbe: + httpGet: + path: /healthz + port: {{ .Values.controller.containerPort }} + initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.controller.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }} + readinessProbe: + tcpSocket: + port: {{ .Values.controller.containerPort }} + initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.controller.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} +{{- if .Values.controller.volumeMounts }} + volumeMounts: +{{- toYaml .Values.controller.volumeMounts | nindent 10}} +{{- end }} + resources: +{{- toYaml .Values.controller.resources | nindent 10 }} + {{- if .Values.controller.nodeSelector }} + nodeSelector: +{{- toYaml .Values.controller.nodeSelector | nindent 8 }} + {{- end }} + {{- if .Values.controller.tolerations }} + tolerations: +{{- toYaml .Values.controller.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.controller.affinity }} + affinity: +{{- toYaml .Values.controller.affinity | nindent 8 }} + {{- end }} + serviceAccountName: {{ template "argo-cd.controllerServiceAccountName" . }} +{{- if .Values.controller.volumes }} + volumes: +{{- toYaml .Values.controller.volumes | nindent 8 }} +{{- end }} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-application-controller/metrics-service.yaml b/charts/argo-cd/templates/argocd-application-controller/metrics-service.yaml new file mode 100644 index 00000000..092eb4c1 --- /dev/null +++ b/charts/argo-cd/templates/argocd-application-controller/metrics-service.yaml @@ -0,0 +1,31 @@ +{{- if .Values.controller.metrics.enabled}} +apiVersion: v1 +kind: Service +metadata: +{{- if .Values.controller.metrics.service.annotations }} + annotations: + {{- range $key, $value := .Values.controller.metrics.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- end }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-metrics + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: {{ .Values.controller.name }} +{{- if .Values.controller.metrics.service.labels }} +{{- toYaml .Values.controller.metrics.service.labels | nindent 4 }} +{{- end }} + name: {{ template "argo-cd.controller.fullname" . }}-metrics +spec: + ports: + - name: metrics + protocol: TCP + port: {{ .Values.controller.metrics.service.servicePort }} + targetPort: controller + selector: + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }} +{{- end }} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-application-controller-role.yaml b/charts/argo-cd/templates/argocd-application-controller/role.yaml similarity index 74% rename from charts/argo-cd/templates/argocd-application-controller-role.yaml rename to charts/argo-cd/templates/argocd-application-controller/role.yaml index e6418a4f..24ed4b07 100644 --- a/charts/argo-cd/templates/argocd-application-controller-role.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/role.yaml @@ -1,14 +1,14 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: argocd-application-controller + name: {{ template "argo-cd.controller.fullname" . }} labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-application-controller + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }} helm.sh/chart: {{ include "argo-cd.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} - app.kubernetes.io/component: application-controller + app.kubernetes.io/component: {{ .Values.controller.name }} rules: - apiGroups: - "" @@ -38,5 +38,4 @@ rules: - events verbs: - create - - list - + - list \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-dex-server-rolebinding.yaml b/charts/argo-cd/templates/argocd-application-controller/rolebinding.yaml similarity index 52% rename from charts/argo-cd/templates/argocd-dex-server-rolebinding.yaml rename to charts/argo-cd/templates/argocd-application-controller/rolebinding.yaml index 1db56ffe..fe99c47e 100644 --- a/charts/argo-cd/templates/argocd-dex-server-rolebinding.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/rolebinding.yaml @@ -1,18 +1,19 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: argocd-dex-server + name: {{ template "argo-cd.controller.fullname" . }} labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-dex-server + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }} helm.sh/chart: {{ include "argo-cd.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} - app.kubernetes.io/component: dex-server + app.kubernetes.io/component: {{ .Values.controller.name }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: argocd-dex-server + name: {{ template "argo-cd.controller.fullname" . }} subjects: - kind: ServiceAccount - name: argocd-dex-server \ No newline at end of file + name: {{ template "argo-cd.controllerServiceAccountName" . }} + namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-application-controller/service.yaml b/charts/argo-cd/templates/argocd-application-controller/service.yaml new file mode 100644 index 00000000..82e304d9 --- /dev/null +++ b/charts/argo-cd/templates/argocd-application-controller/service.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: Service +metadata: +{{- if .Values.controller.service.annotations }} + annotations: + {{- range $key, $value := .Values.controller.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- end }} + name: {{ template "argo-cd.controller.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: {{ .Values.controller.name }} +spec: + ports: + - name: {{ .Values.controller.name }} + port: {{ .Values.controller.service.port }} + targetPort: {{ .Values.controller.containerPort }} + selector: + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-application-controller-sa.yaml b/charts/argo-cd/templates/argocd-application-controller/serviceaccount.yaml similarity index 56% rename from charts/argo-cd/templates/argocd-application-controller-sa.yaml rename to charts/argo-cd/templates/argocd-application-controller/serviceaccount.yaml index bd1890b7..2d03fb2b 100644 --- a/charts/argo-cd/templates/argocd-application-controller-sa.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/serviceaccount.yaml @@ -1,11 +1,11 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: argocd-application-controller + name: {{ template "argo-cd.controllerServiceAccountName" . }} labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-application-controller + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }} helm.sh/chart: {{ include "argo-cd.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} - app.kubernetes.io/component: application-controller + app.kubernetes.io/component: {{ .Values.controller.name }} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml b/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml new file mode 100644 index 00000000..0a797afb --- /dev/null +++ b/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml @@ -0,0 +1,32 @@ +{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "argo-cd.controller.fullname" . }} + {{- if .Values.controller.metrics.serviceMonitor.namespace }} + namespace: {{ .Values.controller.metrics.serviceMonitor.namespace }} + {{- end }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: {{ .Values.controller.name }} +{{- toYaml .Values.controller.metrics.serviceMonitor.selector | nindent 4 }} + {{- if .Values.controller.metrics.serviceMonitor.additionalLabels }} +{{- toYaml .Values.controller.metrics.serviceMonitor.additionalLabels | nindent 4 }} + {{- end }} +spec: + endpoints: + - port: metrics + interval: 30s + path: /metrics + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-metrics + app.kubernetes.io/component: {{ .Values.controller.name }} +{{- end }} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-cm.yaml b/charts/argo-cd/templates/argocd-cm.yaml deleted file mode 100644 index e89ab72e..00000000 --- a/charts/argo-cd/templates/argocd-cm.yaml +++ /dev/null @@ -1,48 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: argocd-cm - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }} - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: argocd -data: -{{- if .Values.config.enableAnonymousAccess }} - users.anonymous.enabled: "{{ .Values.config.enableAnonymousAccess }}" -{{- end }} -{{- if .Values.config.helmRepositories }} - helm.repositories: | -{{ toYaml .Values.config.helmRepositories | indent 4 }} -{{- end }} -{{- if .Values.config.repositories }} - repositories: | -{{ toYaml .Values.config.repositories | indent 4 }} -{{- end }} -{{- if .Values.config.dexConfig }} - dex.config: | -{{ toYaml .Values.config.dexConfig | indent 4 }} -{{- end }} -{{- if .Values.config.url }} - url: {{ .Values.config.url }} -{{- end }} -{{- if .Values.config.instanceLabelKey }} - application.instanceLabelKey: {{ .Values.config.instanceLabelKey }} -{{- end }} -{{- if .Values.config.oidcConfig }} - oidc.config: | -{{ toYaml .Values.config.oidcConfig | indent 4 }} -{{- end }} -{{- if .Values.config.resourceCustomizations }} - resource.customizations: | -{{ toYaml .Values.config.resourceCustomizations | indent 4 }} -{{- end }} -{{- if .Values.config.resourceExclusions }} - resource.exclusions: | -{{ toYaml .Values.config.resourceExclusions | indent 4 }} -{{- end }} -{{- if .Values.config.configManagementPlugins }} - configManagementPlugins: | -{{ toYaml .Values.config.configManagementPlugins | indent 4 }} -{{- end }} diff --git a/charts/argo-cd/templates/argocd-dex-server-sa.yaml b/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml similarity index 55% rename from charts/argo-cd/templates/argocd-dex-server-sa.yaml rename to charts/argo-cd/templates/argocd-configs/argocd-cm.yaml index 9fa6a3bd..ee1f90af 100644 --- a/charts/argo-cd/templates/argocd-dex-server-sa.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml @@ -1,11 +1,13 @@ apiVersion: v1 -kind: ServiceAccount +kind: ConfigMap metadata: - name: argocd-dex-server + name: argocd-cm labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-dex-server + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-cm helm.sh/chart: {{ include "argo-cd.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} - app.kubernetes.io/component: dex-server \ No newline at end of file + app.kubernetes.io/component: {{ .Values.server.name }} +data: +{{- toYaml .Values.server.config | nindent 4 }} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml new file mode 100644 index 00000000..44b1db4b --- /dev/null +++ b/charts/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: argocd-rbac-cm + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-rbac-cm + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: {{ .Values.server.name }} +data: +{{- toYaml .Values.server.rbacConfig | nindent 4 }} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml b/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml new file mode 100644 index 00000000..3bb94c5f --- /dev/null +++ b/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml @@ -0,0 +1,27 @@ +{{- if .Values.configs.secret.createSecret }} +apiVersion: v1 +kind: Secret +metadata: + name: argocd-secret + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-secret + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: {{ .Values.server.name }} +type: Opaque +{{- if or .Values.configs.secret.githubSecret (or .Values.configs.secret.gitlabSecret .Values.configs.secret.bitbucketSecret) }} +# Setting a blank data again will wipe admin password/key/cert +data: + {{- if .Values.configs.secret.githubSecret }} + github.webhook.secret: {{ .Values.configs.secret.githubSecret | b64enc }} + {{- end }} + {{- if .Values.configs.secret.gitlabSecret }} + gitlab.webhook.secret: {{ .Values.configs.secret.gitlabSecret | b64enc }} + {{- end }} + {{- if .Values.configs.secret.bitbucketSecret }} + bitbucket.webhook.uuid: {{ .Values.configs.secret.bitbucketSecret | b64enc }} + {{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml new file mode 100644 index 00000000..30d6502c --- /dev/null +++ b/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +{{- toYaml .Values.configs.knownHosts | nindent 0 }} +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-ssh-known-hosts-cm + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: {{ .Values.server.name }} + name: argocd-ssh-known-hosts-cm \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml new file mode 100644 index 00000000..01922612 --- /dev/null +++ b/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +{{- if .Values.configs.tlsCerts }} +{{- toYaml .Values.configs.tlsCerts | nindent 0 }} +{{- end }} +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-tls-certs-cm + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: {{ .Values.server.name }} + name: argocd-tls-certs-cm \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-dex-server-deployment.yaml b/charts/argo-cd/templates/argocd-dex-server-deployment.yaml deleted file mode 100644 index 0b04870a..00000000 --- a/charts/argo-cd/templates/argocd-dex-server-deployment.yaml +++ /dev/null @@ -1,54 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: argocd-dex-server - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-dex-server - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} - app.kubernetes.io/component: dex-server -spec: - selector: - matchLabels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-dex-server - template: - metadata: - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-dex-server - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} - app.kubernetes.io/component: dex-server - spec: - serviceAccountName: argocd-dex-server - initContainers: - - name: copyutil - image: {{ .Values.dexServer.initImage.repository }}:{{ .Values.dexServer.initImage.tag }} - imagePullPolicy: {{ .Values.dexServer.initImage.pullPolicy }} - command: [cp, /usr/local/bin/argocd-util, /shared] - volumeMounts: - - mountPath: /shared - name: static-files - containers: - - name: dex - image: {{ .Values.dexServer.image.repository }}:{{ .Values.dexServer.image.tag }} - imagePullPolicy: {{ .Values.dexServer.image.pullPolicy }} - command: [/shared/argocd-util, rundex] - ports: - - containerPort: {{ .Values.dexServer.containerPortHttp }} - - containerPort: {{ .Values.dexServer.containerPortGrpc }} - volumeMounts: - - mountPath: /shared - name: static-files - {{- if .Values.dexServer.volumeMounts }} - {{ toYaml .Values.dexServer.volumeMounts | nindent 8 | trim }} - {{- end }} - volumes: - - emptyDir: {} - name: static-files - {{- if .Values.dexServer.volumes }} - {{ toYaml .Values.dexServer.volumes | nindent 6 | trim }} - {{- end }} diff --git a/charts/argo-cd/templates/argocd-dex-server-service.yaml b/charts/argo-cd/templates/argocd-dex-server-service.yaml deleted file mode 100644 index 87402f40..00000000 --- a/charts/argo-cd/templates/argocd-dex-server-service.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: argocd-dex-server - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-dex-server - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} - app.kubernetes.io/component: dex-server -spec: - ports: - - name: http - protocol: TCP - port: {{ .Values.dexServer.servicePortHttp }} - targetPort: {{ .Values.dexServer.containerPortHttp }} - - name: grpc - protocol: TCP - port: {{ .Values.dexServer.servicePortGrpc }} - targetPort: {{ .Values.dexServer.containerPortGrpc }} - selector: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-dex-server \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-rbac-cm.yaml b/charts/argo-cd/templates/argocd-rbac-cm.yaml deleted file mode 100644 index 84e791da..00000000 --- a/charts/argo-cd/templates/argocd-rbac-cm.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: argocd-rbac-cm - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }} - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: argocd -data: -{{- if .Values.rbac.policyDefault }} - policy.default: {{ .Values.rbac.policyDefault }} -{{- end }} -{{- if .Values.rbac.policyCsv }} - policy.csv: -{{- toYaml .Values.rbac.policyCsv | indent 4 }} -{{- end }} -{{- if .Values.rbac.scopes }} - scopes: {{ .Values.rbac.scopes }} -{{- end }} diff --git a/charts/argo-cd/templates/argocd-redis-deployment.yaml b/charts/argo-cd/templates/argocd-redis-deployment.yaml deleted file mode 100644 index 383520fe..00000000 --- a/charts/argo-cd/templates/argocd-redis-deployment.yaml +++ /dev/null @@ -1,38 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: argocd-redis - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-redis - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} - app.kubernetes.io/component: redis -spec: - selector: - matchLabels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-redis - template: - metadata: - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-redis - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} - app.kubernetes.io/component: redis - spec: - automountServiceAccountToken: false - containers: - - name: redis - args: - - --save - - "" - - --appendonly - - "no" - image: {{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }} - imagePullPolicy: {{ .Values.redis.image.pullPolicy}} - ports: - - containerPort: {{ .Values.redis.containerPort }} - diff --git a/charts/argo-cd/templates/argocd-repo-server-deployment.yaml b/charts/argo-cd/templates/argocd-repo-server-deployment.yaml deleted file mode 100644 index 51c28d62..00000000 --- a/charts/argo-cd/templates/argocd-repo-server-deployment.yaml +++ /dev/null @@ -1,69 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: argocd-repo-server - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-repo-server - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} - app.kubernetes.io/component: repo-server -spec: - selector: - matchLabels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-repo-server - template: - metadata: - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-repo-server - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} - app.kubernetes.io/component: repo-server - spec: - automountServiceAccountToken: false - containers: - - name: argocd-repo-server - image: {{ .Values.repoServer.image.repository }}:{{ .Values.repoServer.image.tag }} - imagePullPolicy: {{ .Values.repoServer.image.pullPolicy}} - command: [argocd-repo-server] - ports: - - containerPort: {{ .Values.repoServer.containerPort }} - livenessProbe: - initialDelaySeconds: 5 - periodSeconds: 10 - tcpSocket: - port: {{ .Values.repoServer.containerPort }} - readinessProbe: - tcpSocket: - port: {{ .Values.repoServer.containerPort }} - initialDelaySeconds: 5 - periodSeconds: 10 - volumeMounts: - - mountPath: /app/config/ssh - name: ssh-known-hosts - - mountPath: /app/config/tls - name: tls-certs - {{- if .Values.repoServer.volumeMounts }} - {{ toYaml .Values.repoServer.volumeMounts | nindent 8 | trim }} - {{- end }} - volumes: - - configMap: - name: argocd-ssh-known-hosts-cm - name: ssh-known-hosts - - configMap: - name: argocd-tls-certs-cm - name: tls-certs - {{- if .Values.repoServer.volumes }} - {{ toYaml .Values.repoServer.volumes | nindent 6 | trim }} - {{- end }} - {{- if .Values.repoServer.initContainers }} - initContainers: - {{ toYaml .Values.repoServer.initContainers | nindent 6 | trim }} - {{- end }} - {{- if .Values.repoServer.imagePullSecrets }} - imagePullSecrets: - {{ toYaml .Values.repoServer.imagePullSecrets | nindent 6 | trim }} - {{- end }} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-repo-server-service.yaml b/charts/argo-cd/templates/argocd-repo-server-service.yaml deleted file mode 100644 index 68b80200..00000000 --- a/charts/argo-cd/templates/argocd-repo-server-service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: argocd-repo-server - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-repo-server - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} - app.kubernetes.io/component: repo-server -spec: - ports: - - port: {{ .Values.repoServer.servicePort }} - targetPort: {{ .Values.repoServer.servicePort }} - selector: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-repo-server diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml new file mode 100644 index 00000000..af4689a1 --- /dev/null +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -0,0 +1,121 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "argo-cd.repoServer.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: {{ .Values.repoServer.name }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }} + app.kubernetes.io/instance: {{ .Release.Name }} + revisionHistoryLimit: 5 + replicas: 1 + template: + metadata: + {{- if .Values.repoServer.podAnnotations }} + annotations: + {{- range $key, $value := .Values.repoServer.podAnnotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: {{ .Values.repoServer.name }} + {{- if .Values.controller.podLabels }} +{{- toYaml .Values.controller.podLabels | nindent 8 }} + {{- end }} + spec: + containers: + - name: {{ .Values.repoServer.name }} + image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default .Values.global.image.tag .Values.repoServer.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.repoServer.image.imagePullPolicy }} + command: + - argocd-repo-server + {{- if .Values.redis.enabled }} + - --redis + - {{ template "argo-cd.redis.fullname" . }}:{{ .Values.redis.servicePort }} + {{- end }} + - --loglevel + - {{ .Values.repoServer.logLevel }} + {{- range $key, $value := .Values.repoServer.extraArgs }} + {{- if $value }} + - --{{ $key }}={{ $value }} + {{- else }} + - --{{ $key }} + {{- end }} + {{- end }} + volumeMounts: + {{- if .Values.repoServer.volumeMounts }} +{{- toYaml .Values.repoServer.volumeMounts | nindent 10}} + {{- end }} + {{- if .Values.configs.knownHosts }} + - mountPath: /app/config/ssh + name: ssh-known-hosts + {{- end }} + {{- if .Values.configs.tlsCerts }} + - mountPath: /app/config/tls + name: tls-certs + {{- end }} + ports: + - name: repo-server + containerPort: {{ .Values.repoServer.containerPort }} + protocol: TCP + {{ if .Values.repoServer.metrics.enabled }} + - name: metrics + containerPort: 8084 + protocol: TCP + {{- end }} + livenessProbe: + tcpSocket: + port: {{ .Values.repoServer.containerPort }} + initialDelaySeconds: {{ .Values.repoServer.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.repoServer.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.repoServer.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.repoServer.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.repoServer.livenessProbe.failureThreshold }} + readinessProbe: + tcpSocket: + port: {{ .Values.repoServer.containerPort }} + initialDelaySeconds: {{ .Values.repoServer.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.repoServer.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.repoServer.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.repoServer.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.repoServer.readinessProbe.failureThreshold }} + resources: +{{- toYaml .Values.repoServer.resources | nindent 10 }} + {{- if .Values.repoServer.nodeSelector }} + nodeSelector: +{{- toYaml .Values.repoServer.nodeSelector | nindent 8 }} + {{- end }} + {{- if .Values.repoServer.tolerations }} + tolerations: +{{- toYaml .Values.repoServer.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.repoServer.affinity }} + affinity: +{{- toYaml .Values.repoServer.affinity | nindent 8 }} + {{- end }} + volumes: + {{- if .Values.repoServer.volumes }} +{{- toYaml .Values.repoServer.volumes | nindent 8}} + {{- end }} + {{- if .Values.configs.knownHosts }} + - configMap: + name: argocd-ssh-known-hosts-cm + name: ssh-known-hosts + {{- end }} + {{- if .Values.configs.tlsCerts }} + - configMap: + name: argocd-tls-certs-cm + name: tls-certs + {{- end }} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-repo-server/metrics-service.yaml b/charts/argo-cd/templates/argocd-repo-server/metrics-service.yaml new file mode 100644 index 00000000..eee0008f --- /dev/null +++ b/charts/argo-cd/templates/argocd-repo-server/metrics-service.yaml @@ -0,0 +1,31 @@ +{{- if .Values.repoServer.metrics.enabled}} +apiVersion: v1 +kind: Service +metadata: +{{- if .Values.repoServer.metrics.service.annotations }} + annotations: + {{- range $key, $value := .Values.repoServer.metrics.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- end }} + labels: + app.kubernetes.io/name: {{ template "argo-cd.repoServer.fullname" . }}-metrics + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: {{ .Values.repoServer.name }} +{{- if .Values.repoServer.metrics.service.labels }} +{{- toYaml .Values.repoServer.metrics.service.labels | nindent 4 }} +{{- end }} + name: {{ template "argo-cd.repoServer.fullname" . }}-metrics +spec: + ports: + - name: metrics + protocol: TCP + port: {{ .Values.repoServer.metrics.service.servicePort }} + targetPort: metrics + selector: + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }} +{{- end }} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-repo-server/service.yaml b/charts/argo-cd/templates/argocd-repo-server/service.yaml new file mode 100644 index 00000000..0b5db2d9 --- /dev/null +++ b/charts/argo-cd/templates/argocd-repo-server/service.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: Service +metadata: +{{- if .Values.repoServer.service.annotations }} + annotations: + {{- range $key, $value := .Values.repoServer.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- end }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: {{ .Values.repoServer.name }} + name: {{ template "argo-cd.repoServer.fullname" . }} +spec: + ports: + - name: repo-server + protocol: TCP + port: {{ .Values.repoServer.service.port }} + targetPort: repo-server + selector: + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml b/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml new file mode 100644 index 00000000..910d6b60 --- /dev/null +++ b/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml @@ -0,0 +1,33 @@ +{{- if and .Values.repoServer.metrics.enabled .Values.repoServer.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "argo-cd.repoServer.fullname" . }} + {{- if .Values.repoServer.metrics.serviceMonitor.namespace }} + namespace: {{ .Values.repoServer.metrics.serviceMonitor.namespace }} + {{- end }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: {{ .Values.repoServer.name }} +{{- toYaml .Values.repoServer.metrics.serviceMonitor.selector | nindent 4 }} + {{- if .Values.repoServer.metrics.serviceMonitor.additionalLabels }} +{{- toYaml .Values.repoServer.metrics.serviceMonitor.additionalLabels | nindent 4 }} + {{- end }} +spec: + endpoints: + - port: metrics + interval: 30s + path: /metrics + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/name: {{ template "argo-cd.repoServer.fullname" . }}-metrics + app.kubernetes.io/component: {{ .Values.repoServer.name }} +{{- end }} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-secret.yaml b/charts/argo-cd/templates/argocd-secret.yaml deleted file mode 100644 index 19ad78de..00000000 --- a/charts/argo-cd/templates/argocd-secret.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if .Values.config.createSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: argocd-secret - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }} - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} -type: Opaque -{{- if or .Values.config.webhook.githubSecret (or .Values.config.webhook.gitlabSecret .Values.config.webhook.bitbucketSecret) }} -# Setting a blank data again will wipe admin password/key/cert -data: -{{- if .Values.config.webhook.githubSecret }} - github.webhook.secret: {{ .Values.config.webhook.githubSecret }} -{{- end }} -{{- if .Values.config.webhook.gitlabSecret }} - gitlab.webhook.secret: {{ .Values.config.webhook.gitlabSecret }} -{{- end }} -{{- if .Values.config.webhook.bitbucketSecret }} - bitbucket.webhook.uuid: {{ .Values.config.webhook.bitbucketSecret }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/argo-cd/templates/argocd-server-clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-server-clusterrolebinding.yaml deleted file mode 100644 index 34a92829..00000000 --- a/charts/argo-cd/templates/argocd-server-clusterrolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.clusterAdminAccess.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: argocd-server - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-server - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} - app.kubernetes.io/component: server -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: argocd-server -subjects: - - kind: ServiceAccount - name: argocd-server - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/argo-cd/templates/argocd-server-deployment.yaml b/charts/argo-cd/templates/argocd-server-deployment.yaml deleted file mode 100644 index 1a94ecba..00000000 --- a/charts/argo-cd/templates/argocd-server-deployment.yaml +++ /dev/null @@ -1,77 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: argocd-server - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-server - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} - app.kubernetes.io/component: server -spec: - selector: - matchLabels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-server - template: - metadata: - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-server - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} - app.kubernetes.io/component: server - annotations: - {{- range $key, $value := .Values.server.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - spec: - serviceAccountName: argocd-server - containers: - - name: argocd-server - image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag }} - imagePullPolicy: {{ .Values.server.image.pullPolicy }} - command: - - argocd-server - - --staticassets - - /shared/app - {{- range .Values.server.extraArgs }} - - {{. | quote }} - {{- end }} - volumeMounts: - - mountPath: /app/config/ssh - name: ssh-known-hosts - - mountPath: /app/config/tls - name: tls-certs - {{- if .Values.server.volumeMounts }} - {{ toYaml .Values.server.volumeMounts | nindent 8 | trim }} - {{- end }} - ports: - - containerPort: {{ .Values.server.containerPort }} - - containerPort: {{ .Values.server.metricsPort }} - livenessProbe: - httpGet: - path: /healthz - port: {{ .Values.server.containerPort }} - initialDelaySeconds: 3 - periodSeconds: 30 - readinessProbe: - httpGet: - path: /healthz - port: {{ .Values.server.containerPort }} - initialDelaySeconds: 3 - periodSeconds: 30 - volumes: - - emptyDir: {} - name: static-files - - configMap: - name: argocd-ssh-known-hosts-cm - name: ssh-known-hosts - - configMap: - name: argocd-tls-certs-cm - name: tls-certs - {{- if .Values.server.volumes }} - {{ toYaml .Values.server.volumes | nindent 6 | trim }} - {{- end }} - diff --git a/charts/argo-cd/templates/argocd-server-ingress.yaml b/charts/argo-cd/templates/argocd-server-ingress.yaml deleted file mode 100644 index 1649ea85..00000000 --- a/charts/argo-cd/templates/argocd-server-ingress.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $host := regexReplaceAll "^https?://([^/]+)(/.*)?$" .Values.config.url "${1}" }} -{{- $path := default "/" (regexReplaceAll "^https?://([^/]+)(/.*)?$" .Values.config.url "${2}") }} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: argocd-server - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }} - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} -{{- with .Values.ingress.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} -spec: - rules: - {{- range prepend .Values.ingress.additionalHosts $host }} - - host: {{ . | quote }} - http: - paths: - - path: {{ $path | quote }} - backend: - serviceName: argocd-server - servicePort: https - {{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end -}} -{{- end }} diff --git a/charts/argo-cd/templates/argocd-server-metrics.yaml b/charts/argo-cd/templates/argocd-server-metrics.yaml deleted file mode 100644 index c1956906..00000000 --- a/charts/argo-cd/templates/argocd-server-metrics.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-server - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} - app.kubernetes.io/component: server - name: argocd-server-metrics -spec: - ports: - - name: metrics - protocol: TCP - port: {{ .Values.server.servicePortHttp }} - targetPort: {{ .Values.server.metricsPort }} - selector: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-server diff --git a/charts/argo-cd/templates/argocd-server-service.yaml b/charts/argo-cd/templates/argocd-server-service.yaml deleted file mode 100644 index be127fa2..00000000 --- a/charts/argo-cd/templates/argocd-server-service.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: argocd-server - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-server - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} - app.kubernetes.io/component: server - {{- if .Values.server.serviceAnnotations }} - annotations: -{{ toYaml .Values.server.serviceAnnotations | indent 4}}{{- end }} -spec: - type: {{ .Values.server.serviceType }} - ports: - - name: http - protocol: TCP - port: {{ .Values.server.servicePortHttp }} - targetPort: {{ .Values.server.containerPort }} - - name: https - protocol: TCP - port: {{ .Values.server.servicePortHttps }} - targetPort: {{ .Values.server.containerPort }} - selector: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-server - diff --git a/charts/argo-cd/templates/argocd-server/applications.yaml b/charts/argo-cd/templates/argocd-server/applications.yaml new file mode 100644 index 00000000..1b9d424a --- /dev/null +++ b/charts/argo-cd/templates/argocd-server/applications.yaml @@ -0,0 +1,42 @@ +{{- if .Values.server.additionalApplications }} +apiVersion: v1 +kind: List +items: +{{- range .Values.server.additionalApplications }} + - apiVersion: argoproj.io/v1alpha1 + kind: Application + metadata: + {{- if .additionalAnnotations }} + annotations: + {{- range $key, $value := .additionalAnnotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- if .additionalLabels }} + labels: +{{- toYaml .additionalLabels | nindent 8 }} + {{- end }} + name: {{ .name }} + {{- if .namespace }} + namespace: {{ .namespace }} + {{- end }} + {{- if .finalizers }} + finalizers: +{{- toYaml .finalizers | nindent 8 }} + {{- end }} + spec: + project: {{ tpl .project $ }} + source: +{{- toYaml .source | nindent 8 }} + destination: +{{- toYaml .destination | nindent 8 }} + {{- if .syncPolicy }} + syncPolicy: +{{- toYaml .syncPolicy | nindent 8 }} + {{- end }} + {{- if .ignoreDifferences }} + ignoreDifferences: +{{- toYaml .ignoreDifferences | nindent 8 }} + {{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-server-certificate.yaml b/charts/argo-cd/templates/argocd-server/certificate.yaml similarity index 61% rename from charts/argo-cd/templates/argocd-server-certificate.yaml rename to charts/argo-cd/templates/argocd-server/certificate.yaml index e72c7db3..ffc98066 100644 --- a/charts/argo-cd/templates/argocd-server-certificate.yaml +++ b/charts/argo-cd/templates/argocd-server/certificate.yaml @@ -1,19 +1,19 @@ -{{- if .Values.certificate.enabled -}} -{{- $commonName := regexReplaceAll "^https?://([^/]+)(/.*)?$" .Values.config.url "${1}" }} +{{- if .Values.server.certificate.enabled -}} apiVersion: certmanager.k8s.io/v1alpha1 kind: Certificate metadata: - name: argocd-server + name: {{ template "argo-cd.server.fullname" . }} labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }} + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }} helm.sh/chart: {{ include "argo-cd.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: {{ .Values.server.name }} spec: - commonName: {{ $commonName | quote }} + commonName: {{ .Values.server.certificate.domain | quote }} dnsNames: - - {{ $commonName | quote }} + - {{ .Values.server.certificate.domain | quote }} {{- range .Values.ingress.additionalHosts }} - {{ . | quote }} {{- end }} diff --git a/charts/argo-cd/templates/argocd-server-clusterrole.yaml b/charts/argo-cd/templates/argocd-server/clusterrole.yaml similarity index 73% rename from charts/argo-cd/templates/argocd-server-clusterrole.yaml rename to charts/argo-cd/templates/argocd-server/clusterrole.yaml index 703e953e..d89a76f0 100644 --- a/charts/argo-cd/templates/argocd-server-clusterrole.yaml +++ b/charts/argo-cd/templates/argocd-server/clusterrole.yaml @@ -1,15 +1,14 @@ -{{- if .Values.clusterAdminAccess.enabled }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: argocd-server + name: {{ template "argo-cd.server.fullname" . }} labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-server + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }} helm.sh/chart: {{ include "argo-cd.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} - app.kubernetes.io/component: server + app.kubernetes.io/component: {{ .Values.server.name }} rules: - apiGroups: - '*' @@ -31,5 +30,4 @@ rules: - pods - pods/log verbs: - - get -{{- end }} + - get \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-application-controller-clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml similarity index 54% rename from charts/argo-cd/templates/argocd-application-controller-clusterrolebinding.yaml rename to charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml index 114b6572..12797de8 100644 --- a/charts/argo-cd/templates/argocd-application-controller-clusterrolebinding.yaml +++ b/charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml @@ -1,21 +1,19 @@ -{{- if .Values.clusterAdminAccess.enabled }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: argocd-application-controller + name: {{ template "argo-cd.server.fullname" . }} labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-application-controller + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }} helm.sh/chart: {{ include "argo-cd.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} - app.kubernetes.io/component: application-controller + app.kubernetes.io/component: {{ .Values.server.name }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: argocd-application-controller + name: {{ template "argo-cd.server.fullname" . }} subjects: - kind: ServiceAccount - name: argocd-application-controller - namespace: {{ .Release.Namespace }} -{{- end -}} \ No newline at end of file + name: {{ template "argo-cd.serverServiceAccountName" . }} + namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml new file mode 100644 index 00000000..fb8fa416 --- /dev/null +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -0,0 +1,134 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "argo-cd.server.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: {{ .Values.server.name }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }} + app.kubernetes.io/instance: {{ .Release.Name }} + revisionHistoryLimit: 5 + replicas: 1 + template: + metadata: + {{- if .Values.server.podAnnotations }} + annotations: + {{- range $key, $value := .Values.server.podAnnotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: {{ .Values.server.name }} + {{- if .Values.controller.podLabels }} +{{- toYaml .Values.controller.podLabels | nindent 8 }} + {{- end }} + spec: + containers: + - name: {{ .Values.server.name }} + image: {{ default .Values.global.image.repository .Values.server.image.repository }}:{{ default .Values.global.image.tag .Values.server.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.server.image.imagePullPolicy }} + command: + - argocd-server + - --staticassets + - /shared/app + - --repo-server + - {{ template "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }} + {{- if .Values.dex.enabled }} + - --dex-server + - http://{{ template "argo-cd.dex.fullname" . }}:{{ .Values.dex.servicePortHttp }} + {{- end }} + - --loglevel + - {{ .Values.server.logLevel }} + {{- if .Values.redis.enabled }} + - --redis + - {{ template "argo-cd.redis.fullname" . }}:{{ .Values.redis.servicePort }} + {{- end }} + {{- range $key, $value := .Values.server.extraArgs }} + {{- if $value }} + - --{{ $key }}={{ $value }} + {{- else }} + - --{{ $key }} + {{- end }} + {{- end }} + volumeMounts: + {{- if .Values.server.volumeMounts }} +{{- toYaml .Values.server.volumeMounts | nindent 10}} + {{- end }} + {{- if .Values.configs.knownHosts }} + - mountPath: /app/config/ssh + name: ssh-known-hosts + {{- end }} + {{- if .Values.configs.tlsCerts }} + - mountPath: /app/config/tls + name: tls-certs + {{- end }} + ports: + - name: {{ .Values.server.name }} + containerPort: {{ .Values.server.containerPort }} + protocol: TCP + {{ if .Values.server.metrics.enabled }} + - name: metrics + containerPort: 8083 + protocol: TCP + {{- end }} + livenessProbe: + httpGet: + path: /healthz + port: {{ .Values.server.containerPort }} + initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.server.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }} + readinessProbe: + httpGet: + path: /healthz + port: {{ .Values.server.containerPort }} + initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.server.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }} + resources: +{{- toYaml .Values.server.resources | nindent 10 }} + {{- if .Values.server.nodeSelector }} + nodeSelector: +{{- toYaml .Values.server.nodeSelector | nindent 8 }} + {{- end }} + {{- if .Values.server.tolerations }} + tolerations: +{{- toYaml .Values.server.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.server.affinity }} + affinity: +{{- toYaml .Values.server.affinity | nindent 8 }} + {{- end }} + serviceAccountName: {{ template "argo-cd.serverServiceAccountName" . }} + volumes: + {{- if .Values.server.volumes }} +{{- toYaml .Values.server.volumes | nindent 8}} + {{- end }} + - emptyDir: {} + name: static-files + {{- if .Values.configs.knownHosts }} + - configMap: + name: argocd-ssh-known-hosts-cm + name: ssh-known-hosts + {{- end }} + {{- if .Values.configs.tlsCerts }} + - configMap: + name: argocd-tls-certs-cm + name: tls-certs + {{- end }} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-server/ingress.yaml b/charts/argo-cd/templates/argocd-server/ingress.yaml new file mode 100644 index 00000000..792af88a --- /dev/null +++ b/charts/argo-cd/templates/argocd-server/ingress.yaml @@ -0,0 +1,53 @@ +{{- if .Values.server.ingress.enabled -}} +{{- $serviceName := include "argo-cd.server.fullname" . -}} +{{- $servicePort := .Values.server.name -}} +{{- $paths := .Values.server.ingress.paths -}} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: +{{- if .Values.server.ingress.annotations }} + annotations: + {{- range $key, $value := .Values.server.ingress.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- end }} + name: {{ template "argo-cd.server.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: {{ .Values.server.name }} +{{- if .Values.server.ingress.labels }} +{{- toYaml .Values.server.ingress.labels | nindent 4 }} +{{- end }} +spec: + rules: + {{- if .Values.server.ingress.hosts }} + {{- range $host := .Values.server.ingress.hosts }} + - host: {{ $host }} + http: + paths: + {{- range $p := $paths }} + - path: {{ $p }} + backend: + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + {{- end -}} + {{- end -}} + {{- else }} + - http: + paths: + {{- range $p := $paths }} + - path: {{ $p }} + backend: + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + {{- end -}} + {{- end -}} + {{- if .Values.server.ingress.tls }} + tls: +{{- toYaml .Values.server.ingress.tls | nindent 4 }} + {{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-server/metrics-service.yaml b/charts/argo-cd/templates/argocd-server/metrics-service.yaml new file mode 100644 index 00000000..fd470257 --- /dev/null +++ b/charts/argo-cd/templates/argocd-server/metrics-service.yaml @@ -0,0 +1,31 @@ +{{- if .Values.server.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + {{- if .Values.server.metrics.service.annotations }} + annotations: + {{- range $key, $value := .Values.server.metrics.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- end }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}-metrics + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: {{ .Values.server.name }} +{{- if .Values.server.metrics.service.labels }} +{{- toYaml .Values.server.metrics.service.labels | nindent 4 }} +{{- end }} + name: {{ template "argo-cd.server.fullname" . }}-metrics +spec: + ports: + - name: metrics + protocol: TCP + port: {{ .Values.server.metrics.service.servicePort }} + targetPort: metrics + selector: + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }} +{{- end }} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-server/projects.yaml b/charts/argo-cd/templates/argocd-server/projects.yaml new file mode 100644 index 00000000..4f70d58d --- /dev/null +++ b/charts/argo-cd/templates/argocd-server/projects.yaml @@ -0,0 +1,46 @@ +{{- if .Values.server.additionalProjects }} +apiVersion: v1 +kind: List +items: +{{- range .Values.server.additionalProjects }} + - apiVersion: argoproj.io/v1alpha1 + kind: AppProject + metadata: + {{- if .additionalProjects }} + annotations: + {{- range $key, $value := .additionalProjects }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- if .additionalLabels }} + labels: +{{- toYaml .additionalLabels | nindent 8 }} + {{- end }} + name: {{ .name }} + {{- if .namespace }} + namespace: {{ .namespace }} + {{- end }} + spec: + description: {{ .description }} + sourceRepos: +{{- toYaml .sourceRepos | nindent 8 }} + destinations: +{{- toYaml .destinations | nindent 8 }} + {{- if .clusterResourceWhitelist }} + clusterResourceWhitelist: +{{- toYaml .clusterResourceWhitelist | nindent 8 }} + {{- end }} + {{- if .namespaceResourceBlacklist }} + namespaceResourceBlacklist: +{{- toYaml .namespaceResourceBlacklist | nindent 8 }} + {{- end }} + {{- if .orphanedResources }} + orphanedResources: +{{- toYaml .orphanedResources | nindent 8 }} + {{- end }} + {{- if .roles }} + roles: +{{- toYaml .roles | nindent 8 }} + {{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-server-role.yaml b/charts/argo-cd/templates/argocd-server/role.yaml similarity index 76% rename from charts/argo-cd/templates/argocd-server-role.yaml rename to charts/argo-cd/templates/argocd-server/role.yaml index 832ca5c4..e966f52b 100644 --- a/charts/argo-cd/templates/argocd-server-role.yaml +++ b/charts/argo-cd/templates/argocd-server/role.yaml @@ -1,14 +1,14 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: argocd-server + name: {{ template "argo-cd.server.fullname" . }} labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-server + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }} helm.sh/chart: {{ include "argo-cd.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} - app.kubernetes.io/component: server + app.kubernetes.io/component: {{ .Values.server.name }} rules: - apiGroups: - "" @@ -42,4 +42,4 @@ rules: - events verbs: - create - - list + - list \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-application-controller-rolebinding.yaml b/charts/argo-cd/templates/argocd-server/rolebinding.yaml similarity index 53% rename from charts/argo-cd/templates/argocd-application-controller-rolebinding.yaml rename to charts/argo-cd/templates/argocd-server/rolebinding.yaml index 530475ec..524e30bf 100644 --- a/charts/argo-cd/templates/argocd-application-controller-rolebinding.yaml +++ b/charts/argo-cd/templates/argocd-server/rolebinding.yaml @@ -1,18 +1,19 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: argocd-application-controller + name: {{ template "argo-cd.server.fullname" . }} labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-application-controller + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }} helm.sh/chart: {{ include "argo-cd.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} - app.kubernetes.io/component: application-controller + app.kubernetes.io/component: {{ .Values.server.name }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: argocd-application-controller + name: {{ template "argo-cd.server.fullname" . }} subjects: - kind: ServiceAccount - name: argocd-application-controller + name: {{ template "argo-cd.serverServiceAccountName" . }} + namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-server/service.yaml b/charts/argo-cd/templates/argocd-server/service.yaml new file mode 100644 index 00000000..40acff4a --- /dev/null +++ b/charts/argo-cd/templates/argocd-server/service.yaml @@ -0,0 +1,31 @@ +apiVersion: v1 +kind: Service +metadata: +{{- if .Values.server.service.annotations }} + annotations: + {{- range $key, $value := .Values.server.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- end }} + name: {{ template "argo-cd.server.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: {{ .Values.server.name }} +spec: + type: {{ .Values.server.service.type }} + ports: + - name: http + protocol: TCP + port: {{ .Values.server.service.servicePortHttp }} + targetPort: {{ .Values.server.name }} + - name: https + protocol: TCP + port: {{ .Values.server.service.servicePortHttps }} + targetPort: {{ .Values.server.name }} + selector: + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-server-sa.yaml b/charts/argo-cd/templates/argocd-server/serviceaccount.yaml similarity index 57% rename from charts/argo-cd/templates/argocd-server-sa.yaml rename to charts/argo-cd/templates/argocd-server/serviceaccount.yaml index d764c65f..18285a05 100644 --- a/charts/argo-cd/templates/argocd-server-sa.yaml +++ b/charts/argo-cd/templates/argocd-server/serviceaccount.yaml @@ -1,11 +1,11 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: argocd-server + name: {{ template "argo-cd.serverServiceAccountName" . }} labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-server + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }} helm.sh/chart: {{ include "argo-cd.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} - app.kubernetes.io/component: server + app.kubernetes.io/component: {{ .Values.server.name }} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-server/servicemonitor.yaml b/charts/argo-cd/templates/argocd-server/servicemonitor.yaml new file mode 100644 index 00000000..338b69ed --- /dev/null +++ b/charts/argo-cd/templates/argocd-server/servicemonitor.yaml @@ -0,0 +1,33 @@ +{{- if and .Values.server.metrics.enabled .Values.server.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "argo-cd.server.fullname" . }} + {{- if .Values.server.metrics.serviceMonitor.namespace }} + namespace: {{ .Values.controller.metrics.serviceMonitor.namespace }} + {{- end }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: {{ .Values.server.name }} +{{- toYaml .Values.server.metrics.serviceMonitor.selector | nindent 4 }} + {{- if .Values.server.metrics.serviceMonitor.additionalLabels }} +{{- toYaml .Values.server.metrics.serviceMonitor.additionalLabels | nindent 4 }} + {{- end }} +spec: + endpoints: + - port: metrics + interval: 30s + path: /metrics + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}-metrics + app.kubernetes.io/component: {{ .Values.server.name }} +{{- end }} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-ssh-known-hosts-cm.yaml b/charts/argo-cd/templates/argocd-ssh-known-hosts-cm.yaml deleted file mode 100644 index 84aeb7d5..00000000 --- a/charts/argo-cd/templates/argocd-ssh-known-hosts-cm.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -data: - ssh_known_hosts: | - bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw== - github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ== - gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY= - gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf - gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9 - ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H - vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }} - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: argocd - name: argocd-ssh-known-hosts-cm diff --git a/charts/argo-cd/templates/argocd-tls-certs-cm.yaml b/charts/argo-cd/templates/argocd-tls-certs-cm.yaml deleted file mode 100644 index 602879af..00000000 --- a/charts/argo-cd/templates/argocd-tls-certs-cm.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -data: null -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }} - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: argocd - name: argocd-tls-certs-cm diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml new file mode 100644 index 00000000..92576db1 --- /dev/null +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -0,0 +1,76 @@ +{{- if .Values.dex.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "argo-cd.dex.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.dex.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: {{ .Values.dex.name }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.dex.name }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.dex.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: {{ .Values.dex.name }} + spec: + initContainers: + - name: copyutil + image: {{ default .Values.global.image.repository .Values.dex.initImage.repository }}:{{ default .Values.global.image.tag .Values.dex.initImage.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.dex.initImage.pullPolicy }} + command: + - cp + - /usr/local/bin/argocd-util + - /shared + volumeMounts: + - mountPath: /shared + name: static-files + containers: + - name: {{ .Values.dex.name }} + image: {{ .Values.dex.image.repository }}:{{ .Values.dex.image.tag }} + imagePullPolicy: {{ .Values.dex.image.pullPolicy }} + command: + - /shared/argocd-util + - rundex + ports: + - name: http + containerPort: {{ .Values.dex.containerPortHttp }} + protocol: TCP + - name: grpc + containerPort: {{ .Values.dex.containerPortGrpc }} + protocol: TCP +{{- if .Values.dex.volumeMounts }} + volumeMounts: +{{- toYaml .Values.dex.volumeMounts | nindent 10 }} +{{- end }} + resources: +{{- toYaml .Values.dex.resources | nindent 10 }} + {{- if .Values.dex.nodeSelector }} + nodeSelector: +{{- toYaml .Values.dex.nodeSelector | nindent 8 }} + {{- end }} + {{- if .Values.dex.tolerations }} + tolerations: +{{- toYaml .Values.dex.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.dex.affinity }} + affinity: +{{- toYaml .Values.dex.affinity | nindent 8 }} + {{- end }} + serviceAccountName: {{ template "argo-cd.dexServiceAccountName" . }} +{{- if .Values.dex.volumes }} + volumes: +{{- toYaml .Values.dex.volumes | nindent 8}} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-dex-server-role.yaml b/charts/argo-cd/templates/dex/role.yaml similarity index 62% rename from charts/argo-cd/templates/argocd-dex-server-role.yaml rename to charts/argo-cd/templates/dex/role.yaml index 16076248..ee2bf02f 100644 --- a/charts/argo-cd/templates/argocd-dex-server-role.yaml +++ b/charts/argo-cd/templates/dex/role.yaml @@ -1,14 +1,15 @@ +{{- if .Values.dex.enabled }} apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: argocd-dex-server + name: {{ template "argo-cd.dex.fullname" . }} labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-dex-server + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.dex.name }} helm.sh/chart: {{ include "argo-cd.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} - app.kubernetes.io/component: dex-server + app.kubernetes.io/component: {{ .Values.dex.name }} rules: - apiGroups: - "" @@ -18,4 +19,5 @@ rules: verbs: - get - list - - watch \ No newline at end of file + - watch +{{- end }} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-server-rolebinding.yaml b/charts/argo-cd/templates/dex/rolebinding.yaml similarity index 51% rename from charts/argo-cd/templates/argocd-server-rolebinding.yaml rename to charts/argo-cd/templates/dex/rolebinding.yaml index 4c53b979..508ec0dd 100644 --- a/charts/argo-cd/templates/argocd-server-rolebinding.yaml +++ b/charts/argo-cd/templates/dex/rolebinding.yaml @@ -1,19 +1,21 @@ +{{- if .Values.dex.enabled }} apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: argocd-server + name: {{ template "argo-cd.dex.fullname" . }} labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-server + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.dex.name }} helm.sh/chart: {{ include "argo-cd.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} - app.kubernetes.io/component: server - + app.kubernetes.io/component: {{ .Values.dex.name }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: argocd-server + name: {{ template "argo-cd.dex.fullname" . }} subjects: - kind: ServiceAccount - name: argocd-server + name: {{ template "argo-cd.dexServiceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} \ No newline at end of file diff --git a/charts/argo-cd/templates/dex/service.yaml b/charts/argo-cd/templates/dex/service.yaml new file mode 100644 index 00000000..2e1899c4 --- /dev/null +++ b/charts/argo-cd/templates/dex/service.yaml @@ -0,0 +1,26 @@ +{{- if .Values.dex.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "argo-cd.dex.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.dex.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: {{ .Values.dex.name }} +spec: + ports: + - name: http + protocol: TCP + port: {{ .Values.dex.servicePortHttp }} + targetPort: http + - name: grpc + protocol: TCP + port: {{ .Values.dex.servicePortGrpc }} + targetPort: grpc + selector: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.dex.name }} + app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} \ No newline at end of file diff --git a/charts/argo-cd/templates/dex/serviceaccount.yaml b/charts/argo-cd/templates/dex/serviceaccount.yaml new file mode 100644 index 00000000..bdd9f1b0 --- /dev/null +++ b/charts/argo-cd/templates/dex/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.dex.enabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "argo-cd.dexServiceAccountName" . }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.dex.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: {{ .Values.dex.name }} +{{- end }} \ No newline at end of file diff --git a/charts/argo-cd/templates/redis/deployment.yaml b/charts/argo-cd/templates/redis/deployment.yaml new file mode 100644 index 00000000..67e0acfc --- /dev/null +++ b/charts/argo-cd/templates/redis/deployment.yaml @@ -0,0 +1,61 @@ +{{- if .Values.redis.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "argo-cd.redis.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.redis.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: {{ .Values.redis.name }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.redis.name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.redis.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: {{ .Values.redis.name }} + spec: + automountServiceAccountToken: false + containers: + - name: {{ template "argo-cd.redis.fullname" . }} + args: + - --save + - "" + - --appendonly + - "no" + image: {{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }} + imagePullPolicy: {{ .Values.redis.image.imagePullPolicy}} + ports: + - containerPort: {{ .Values.redis.containerPort }} +{{- if .Values.redis.volumeMounts }} + volumeMounts: +{{- toYaml .Values.redis.volumeMounts | nindent 10 }} +{{- end }} + resources: +{{- toYaml .Values.redis.resources | nindent 10 }} + {{- if .Values.redis.nodeSelector }} + nodeSelector: +{{- toYaml .Values.redis.nodeSelector | nindent 8 }} + {{- end }} + {{- if .Values.redis.tolerations }} + tolerations: +{{- toYaml .Values.redis.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.redis.affinity }} + affinity: +{{- toYaml .Values.redis.affinity | nindent 8 }} + {{- end }} +{{- if .Values.redis.volumes }} + volumes: +{{- toYaml .Values.redis.volumes | nindent 8}} +{{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-redis-service.yaml b/charts/argo-cd/templates/redis/service.yaml similarity index 54% rename from charts/argo-cd/templates/argocd-redis-service.yaml rename to charts/argo-cd/templates/redis/service.yaml index 01883d75..4eeaef15 100644 --- a/charts/argo-cd/templates/argocd-redis-service.yaml +++ b/charts/argo-cd/templates/redis/service.yaml @@ -1,17 +1,19 @@ +{{- if .Values.redis.enabled }} apiVersion: v1 kind: Service metadata: - name: argocd-redis + name: {{ template "argo-cd.redis.fullname" . }} labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-redis + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.redis.name }} helm.sh/chart: {{ include "argo-cd.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} - app.kubernetes.io/component: redis + app.kubernetes.io/component: {{ .Values.redis.name }} spec: ports: - port: {{ .Values.redis.servicePort }} targetPort: {{ .Values.redis.servicePort }} selector: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-redis + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.redis.name }} +{{- end }} \ No newline at end of file diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 8b64ab8d..546aa849 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1,198 +1,526 @@ -applicationController: - containerPort: 8082 - servicePort: 8082 - image: - repository: argoproj/argocd - tag: v1.2.4 - pullPolicy: Always - volumeMounts: [] - volumes: [] +## ArgoCD configuration +## Ref: https://github.com/argoproj/argo-cd +## +nameOverride: argocd -server: - containerPort: 8080 - metricsPort: 8083 - servicePortHttp: 80 - servicePortHttps: 443 - serviceAnnotations: {} +global: image: repository: argoproj/argocd tag: v1.2.4 - pullPolicy: Always - serviceType: ClusterIP + imagePullPolicy: IfNotPresent + +## Controller +controller: + name: application-controller + + image: {} + # repository: argoproj/argocd + # tag: v1.2.1 + # imagePullPolicy: IfNotPresent + + ## Argo controller commandline flags + args: + statusProcessors: "20" + operationProcessors: "10" + + ## Argo controller log level + logLevel: info + + ## Additional command line arguments to pass to argocd-controller extraArgs: [] - volumeMounts: [] - # - name: ssh-known-hosts - # mountPath: /app/config/ssh - volumes: [] - # - name: ssh-known-hosts - # configMap: - # name: argocd-ssh-known-hosts-cm - annotations: {} -repoServer: - containerPort: 8081 - servicePort: 8081 - image: - repository: argoproj/argocd - tag: v1.2.4 - pullPolicy: Always - volumeMounts: [] - volumes: [] - # - name: custom-tools - # emptyDir: {} - initContainers: [] - # - name: download-tools - # image: alpine:3.8 - # command: [sh, -c] - # args: - # - wget -qO- https://storage.googleapis.com/kubernetes-helm/helm-v2.12.3-linux-amd64.tar.gz | tar -xvzf - && - # mv linux-amd64/helm /custom-tools/ - # volumeMounts: - # - mountPath: /custom-tools - # name: custom-tools - imagePullSecrets: [] - # - name: docker-auth-secret + ## Annotations to be added to controller pods + ## + podAnnotations: {} + + ## Labels to be added to controller pods + ## + podLabels: {} + + ## Configures the controller port + containerPort: 8082 + + ## Readiness and liveness probes for default backend + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## + readinessProbe: + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + livenessProbe: + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + + ## Additional volumeMounts to the controller main container. + volumeMounts: [] + + ## Additional volumes to the controller pod. + volumes: [] + + ## Controller service configuration + service: + annotations: {} + labels: {} + port: 8082 + + ## Node selectors and tolerations for server scheduling to nodes with taints + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + nodeSelector: {} + tolerations: {} + affinity: {} + + priorityClassName: "" + + resources: {} + # limits: + # cpu: 500m + # memory: 512Mi + # requests: + # cpu: 250m + # memory: 256Mi + + serviceAccount: + create: true + name: argocd-application-controller + + ## Server metrics controller configuration + metrics: + enabled: false + service: + annotations: {} + labels: {} + servicePort: 8082 + serviceMonitor: + enabled: false + # selector: + # prometheus: kube-prometheus + # namespace: monitoring + # additionalLabels: {} + + ## Enable Admin ClusterRole resources. + ## Enable if you would like to grant rights to ArgoCD to deploy to the local kuberentes cluster. + clusterAdminAccess: + enabled: true + +## Dex +dex: + enabled: true + name: dex-server -dexServer: - containerPortHttp: 5556 - containerPortGrpc: 5557 - servicePortHttp: 5556 - servicePortGrpc: 5557 image: repository: quay.io/dexidp/dex - tag: v2.19.0 - pullPolicy: Always - initImage: - repository: argoproj/argocd - tag: v1.2.4 - pullPolicy: Always - volumeMounts: [] - volumes: [] + tag: v2.14.0 + imagePullPolicy: IfNotPresent + initImage: {} -# terminate tls at ArgoCD level -ingress: - enabled: false - annotations: - {} - # kubernetes.io/ingress.class: nginx - # nginx.ingress.kubernetes.io/force-ssl-redirect: "true" - # nginx.ingress.kubernetes.io/ssl-passthrough: "true" - path: / - additionalHosts: [] - tls: - # Secrets must be manually created in the namespace. - # - secretName: chart-example-tls - # hosts: - # - chart-example.local + serviceAccount: + create: true + name: argocd-dex-server -certificate: - enabled: false - issuer: - kind: # ClusterIssuer - name: # letsencrypt + ## Additional volumeMounts to the controller main container. + volumeMounts: + - name: static-files + mountPath: /shared -clusterAdminAccess: - enabled: true + ## Additional volumes to the controller pod. + volumes: + - name: static-files + emptyDir: {} -config: - createSecret: true - enableAnonymousAccess: false - resourceExclusions: - # - apiGroups: - # - "*" - # kinds: - # - "*" - # clusters: - # - https://192.168.0.20 - helmRepositories: - # - name: privateRepo - # url: http://chartmuseum.privatecloud.com - # usernameSecret: - # name: private-chartmuseum - # key: username - # passwordSecret: - # name: private-chartmuseum - # key: password - # - name: incubator - # url: https://kubernetes-charts-incubator.storage.googleapis.com/ - repositories: - # - url: git@gitlab.com:usersprivategroup/users-gitops-config.git - # sshPrivateKeySecret: - # key: privateKey - # name: argocd-dev-key - # - url: git@gitlab.com:accountingprivategroup/accounting-gitops-config.git - # sshPrivateKeySecret: - # key: privateKey - # name: argocd-dev-key - dexConfig: - # # Argo CD's externally facing base URL. Required for configuring SSO - # # url: https://argo-cd-demo.argoproj.io - # - # # A dex connector configuration. See documentation on how to configure SSO: - # # https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/sso.md#2-configure-argo-cd-for-sso - # connectors: - # # GitHub example - # - type: github - # id: github - # name: GitHub - # config: - # clientID: aabbccddeeff00112233 - # clientSecret: $dex.github.clientSecret - # orgs: - # - name: your-github-org - # teams: - url: # https://argocd.example.com/ - oidcConfig: - # name: Okta - # issuer: https://dev-123456.oktapreview.com - # clientID: aaaabbbbccccddddeee - # clientSecret: $oidc.okta.clientSecret - # The following keys hold the shared secret for authenticating GitHub/GitLab/BitBucket webhook - # events. To enable webhooks, configure one or more of the following keys with the shared git - # provider webhook secret. The payload URL configured in the git provider should use the - # /api/webhook endpoint of your Argo CD instance (e.g. https://argocd.example.com/api/webhook) - webhook: - githubSecret: - gitlabSecret: - bitbucketSecret: - resourceCustomizations: - # certmanager.k8s.io/Certificate: - # health.lua: | - # hs = {} - # ... - # return hs - configManagementPlugins: - # - name: pluginName - # init: # Optional command to initialize application source directory - # command: ["sample command"] - # args: ["sample args"] - # generate: # Command to generate manifests YAML - # command: ["sample command"] - # args: ["sample args"] + ## Dex deployment container ports + containerPortHttp: 5556 + servicePortHttp: 5556 + containerPortGrpc: 5557 + servicePortGrpc: 5557 -rbac: - # # An RBAC policy .csv file containing additional policy and role definitions. - # # See https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md on how to write RBAC policies. - # policy.csv: | - # # Give all members of "my-org:team-alpha" the ability to sync apps in "my-project" - # p, my-org:team-alpha, applications, sync, my-project/*, allow - # # Make all members of "my-org:team-beta" admins - # g, my-org:team-beta, role:admin - policyCsv: #| - # p, role:org-admin, applications, *, */*, allow - # p, role:org-admin, clusters, get, *, allow - # p, role:org-admin, repositories, get, *, allow - # p, role:org-admin, repositories, create, *, allow - # p, role:org-admin, repositories, update, *, allow - # p, role:org-admin, repositories, delete, *, allow - # g, your-github-org:your-team, role:org-admin - policyDefault: #role:readonly - scopes: #[groups] + ## Node selectors and tolerations for server scheduling to nodes with taints + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + nodeSelector: {} + tolerations: {} + affinity: {} + priorityClassName: "" + + resources: {} + # limits: + # cpu: 50m + # memory: 64Mi + # requests: + # cpu: 10m + # memory: 32Mi + +## Redis redis: + enabled: false + name: redis + image: repository: redis tag: 5.0.3 - pullPolicy: Always + imagePullPolicy: IfNotPresent + containerPort: 6379 servicePort: 6379 + + ## Node selectors and tolerations for server scheduling to nodes with taints + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + nodeSelector: {} + tolerations: {} + affinity: {} + + priorityClassName: "" + + resources: {} + # limits: + # cpu: 200m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 64Mi + +## Server +server: + name: server + + image: {} + # repository: argoproj/argocd + # tag: v1.2.1 + # imagePullPolicy: IfNotPresent + + ## Additional command line arguments to pass to argocd-server + # extraArgs: [] + # - insecure + extraArgs: [] + + ## Argo server log level + logLevel: info + + ## Annotations to be added to controller pods + ## + podAnnotations: {} + + ## Labels to be added to controller pods + ## + podLabels: {} + + ## Configures the server port + containerPort: 8080 + + ## Readiness and liveness probes for default backend + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## + readinessProbe: + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + livenessProbe: + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + + ## Additional volumeMounts to the server main container. + volumeMounts: [] + + ## Additional volumes to the controller pod. + volumes: [] + + ## Node selectors and tolerations for server scheduling to nodes with taints + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + nodeSelector: {} + tolerations: {} + affinity: {} + + priorityClassName: "" + + resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 50m + # memory: 64Mi + + ## Certificate configuration + certificate: + enabled: false + domain: argocd.example.com + issuer: {} + additionalHosts: [] + + ## Server service configuration + service: + annotations: {} + labels: {} + type: ClusterIP + servicePortHttp: 80 + servicePortHttps: 443 + + ## Server metrics service configuration + metrics: + enabled: false + service: + annotations: {} + labels: {} + servicePort: 8083 + serviceMonitor: + enabled: false + # selector: + # prometheus: kube-prometheus + # namespace: monitoring + # additionalLabels: {} + + serviceAccount: + create: true + name: argocd-server + + ingress: + enabled: false + annotations: {} + labels: {} + + ## Argo Ingress. + ## Hostnames must be provided if Ingress is enabled. + ## Secrets must be manually created in the namespace + ## + hosts: [] + # - argocd.example.com + paths: + - / + tls: [] + # - secretName: argocd-example-tls + # hosts: + # - argocd.example.com + + ## ArgoCD config + ## reference https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cm.yaml + config: + # Argo CD's externally facing base URL (optional). Required when configuring SSO + url: https://argocd.example.com + # Argo CD instance label key + application.instanceLabelKey: argocd.argoproj.io/instance + + ## ArgoCD rbac config + ## reference https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md + rbacConfig: + # policy.csv is an file containing user-defined RBAC policies and role definitions (optional). + # Policy rules are in the form: + # p, subject, resource, action, object, effect + # Role definitions and bindings are in the form: + # g, subject, inherited-subject + # See https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md for additional information. + policy.csv: | + # Grant all members of the group 'my-org:team-alpha; the ability to sync apps in 'my-project' + p, my-org:team-alpha, applications, sync, my-project/*, allow + # Grant all members of 'my-org:team-beta' admins + g, my-org:team-beta, role:admin + # policy.default is the name of the default role which Argo CD will falls back to, when + # authorizing API requests (optional). If omitted or empty, users may be still be able to login, + # but will see no apps, projects, etc... + policy.default: role:readonly + + # scopes controls which OIDC scopes to examine during rbac enforcement (in addition to `sub` scope). + # If omitted, defaults to: '[groups]'. The scope value can be a string, or a list of strings. + scopes: '[cognito:groups, email]' + + ## Not well tested and not well supported on release v1.0.0. + ## Applications + ## reference: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ + additionalApplications: [] + # - name: guestbook + # namespace: argocd + # additionalLabels: {} + # additionalAnnotations: {} + # project: guestbook + # source: + # repoURL: https://github.com/argoproj/argocd-example-apps.git + # targetRevision: HEAD + # path: guestbook + # directory: + # recurse: true + # destination: + # server: https://kubernetes.default.svc + # namespace: guestbook + # syncPolicy: + # automated: + # prune: false + # selfHeal: false + + ## Projects + ## reference: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ + additionalProjects: [] + # - name: guestbook + # namespace: argocd + # additionalLabels: {} + # additionalAnnotations: {} + # description: Example Project + # sourceRepos: + # - '*' + # destinations: + # - namespace: guestbook + # server: https://kubernetes.default.svc + # clusterResourceWhitelist: [] + # namespaceResourceBlacklist: + # - group: '' + # kind: ResourceQuota + # - group: '' + # kind: LimitRange + # - group: '' + # kind: NetworkPolicy + # orphanedResources: {} + # roles: [] + # orphanedResources: {} + # roles: [] + +## Repo Server +repoServer: + name: repo-server + + image: {} + # repository: argoproj/argocd + # tag: v1.2.1 + # imagePullPolicy: IfNotPresent + + ## Additional command line arguments to pass to argocd-repo-server + ## + extraArgs: [] + + ## Argo repoServer log level + logLevel: info + + ## Annotations to be added to repo server pods + ## + podAnnotations: {} + + ## Labels to be added to repo server pods + ## + podLabels: {} + + ## Configures the repo server port + containerPort: 8081 + + ## Readiness and liveness probes for default backend + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## + readinessProbe: + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + livenessProbe: + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + + ## Additional volumeMounts to the repo server main container. + volumeMounts: [] + + ## Additional volumes to the repo server pod. + volumes: [] + + ## Node selectors and tolerations for server scheduling to nodes with taints + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + nodeSelector: {} + tolerations: {} + affinity: {} + + priorityClassName: "" + + resources: {} + # limits: + # cpu: 50m + # memory: 128Mi + # requests: + # cpu: 10m + # memory: 64Mi + + ## Repo server service configuration + service: + annotations: {} + labels: {} + port: 8081 + + ## Repo server metrics service configuration + metrics: + enabled: false + service: + annotations: {} + labels: {} + servicePort: 8084 + serviceMonitor: + enabled: false + # selector: + # prometheus: kube-prometheus + # namespace: monitoring + # additionalLabels: {} + +## Argo Configs +configs: + knownHosts: + data: + ssh_known_hosts: | + bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw== + github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ== + gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY= + gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf + gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9 + ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H + vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H + tlsCerts: {} + # data: + # argocd.example.com: | + # -----BEGIN CERTIFICATE----- + # MIIF1zCCA7+gAwIBAgIUQdTcSHY2Sxd3Tq/v1eIEZPCNbOowDQYJKoZIhvcNAQEL + # BQAwezELMAkGA1UEBhMCREUxFTATBgNVBAgMDExvd2VyIFNheG9ueTEQMA4GA1UE + # BwwHSGFub3ZlcjEVMBMGA1UECgwMVGVzdGluZyBDb3JwMRIwEAYDVQQLDAlUZXN0 + # c3VpdGUxGDAWBgNVBAMMD2Jhci5leGFtcGxlLmNvbTAeFw0xOTA3MDgxMzU2MTda + # Fw0yMDA3MDcxMzU2MTdaMHsxCzAJBgNVBAYTAkRFMRUwEwYDVQQIDAxMb3dlciBT + # YXhvbnkxEDAOBgNVBAcMB0hhbm92ZXIxFTATBgNVBAoMDFRlc3RpbmcgQ29ycDES + # MBAGA1UECwwJVGVzdHN1aXRlMRgwFgYDVQQDDA9iYXIuZXhhbXBsZS5jb20wggIi + # MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCv4mHMdVUcafmaSHVpUM0zZWp5 + # NFXfboxA4inuOkE8kZlbGSe7wiG9WqLirdr39Ts+WSAFA6oANvbzlu3JrEQ2CHPc + # CNQm6diPREFwcDPFCe/eMawbwkQAPVSHPts0UoRxnpZox5pn69ghncBR+jtvx+/u + # P6HdwW0qqTvfJnfAF1hBJ4oIk2AXiip5kkIznsAh9W6WRy6nTVCeetmIepDOGe0G + # ZJIRn/OfSz7NzKylfDCat2z3EAutyeT/5oXZoWOmGg/8T7pn/pR588GoYYKRQnp+ + # YilqCPFX+az09EqqK/iHXnkdZ/Z2fCuU+9M/Zhrnlwlygl3RuVBI6xhm/ZsXtL2E + # Gxa61lNy6pyx5+hSxHEFEJshXLtioRd702VdLKxEOuYSXKeJDs1x9o6cJ75S6hko + # Ml1L4zCU+xEsMcvb1iQ2n7PZdacqhkFRUVVVmJ56th8aYyX7KNX6M9CD+kMpNm6J + # kKC1li/Iy+RI138bAvaFplajMF551kt44dSvIoJIbTr1LigudzWPqk31QaZXV/4u + # kD1n4p/XMc9HYU/was/CmQBFqmIZedTLTtK7clkuFN6wbwzdo1wmUNgnySQuMacO + # gxhHxxzRWxd24uLyk9Px+9U3BfVPaRLiOPaPoC58lyVOykjSgfpgbus7JS69fCq7 + # bEH4Jatp/10zkco+UQIDAQABo1MwUTAdBgNVHQ4EFgQUjXH6PHi92y4C4hQpey86 + # r6+x1ewwHwYDVR0jBBgwFoAUjXH6PHi92y4C4hQpey86r6+x1ewwDwYDVR0TAQH/ + # BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAFE4SdKsX9UsLy+Z0xuHSxhTd0jfn + # Iih5mtzb8CDNO5oTw4z0aMeAvpsUvjJ/XjgxnkiRACXh7K9hsG2r+ageRWGevyvx + # CaRXFbherV1kTnZw4Y9/pgZTYVWs9jlqFOppz5sStkfjsDQ5lmPJGDii/StENAz2 + # XmtiPOgfG9Upb0GAJBCuKnrU9bIcT4L20gd2F4Y14ccyjlf8UiUi192IX6yM9OjT + # +TuXwZgqnTOq6piVgr+FTSa24qSvaXb5z/mJDLlk23npecTouLg83TNSn3R6fYQr + # d/Y9eXuUJ8U7/qTh2Ulz071AO9KzPOmleYPTx4Xty4xAtWi1QE5NHW9/Ajlv5OtO + # OnMNWIs7ssDJBsB7VFC8hcwf79jz7kC0xmQqDfw51Xhhk04kla+v+HZcFW2AO9so + # 6ZdVHHQnIbJa7yQJKZ+hK49IOoBR6JgdB5kymoplLLiuqZSYTcwSBZ72FYTm3iAr + # jzvt1hxpxVDmXvRnkhRrIRhK4QgJL0jRmirBjDY+PYYd7bdRIjN7WNZLFsgplnS8 + # 9w6CwG32pRlm0c8kkiQ7FXA6BYCqOsDI8f1VGQv331OpR2Ck+FTv+L7DAmg6l37W + # +LB9LGh4OAp68ImTjqf6ioGKG0RBSznwME+r4nXtT1S/qLR6ASWUS4ViWRhbRlNK + # XWyb96wrUlv+E8I= + # -----END CERTIFICATE----- + secret: + createSecret: true + githubSecret: "" + gitlabSecret: "" + bitbucketSecret: ""