DevFW-CICD/argocd-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Decouple AWS and GKE ALB from generic ingress

Browse source 
Signed-off-by: Petr Drastil <petr.drastil@gmail.com>
This commit is contained in:
Petr Drastil 2024-01-21 23:22:05 +01:00
parent f26e3f0d44
commit 3705a4014d
No known key found for this signature in database
GPG key ID: B147517F4051E6ED
13 changed files with 319 additions and 103 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
charts/argo-cd/Chart.yaml
View file

@ -32,6 +32,8 @@ annotations:
description: Wildcard catch all ingress rule description: Wildcard catch all ingress rule
- kind: added - kind: added
description: Ingress extra rules to allow custom ingress custom rules description: Ingress extra rules to allow custom ingress custom rules
- kind: added
description: Dedicated ingress implementation for AWS and GKE Application Load Balancers
- kind: changed - kind: changed
description: Support for multiple ingress hosts and paths refactored into `extraHosts` and `extraPaths` description: Support for multiple ingress hosts and paths refactored into `extraHosts` and `extraPaths`

65
charts/argo-cd/README.md
View file

@ -129,6 +129,54 @@ Please review your setup and adjust to new configuration options:
* additional hostnames and routing can be provided via `extraHosts` configuration section * additional hostnames and routing can be provided via `extraHosts` configuration section
* additional TLS secrets can be provided via `extraTls` configuration section * additional TLS secrets can be provided via `extraTls` configuration section
Specific ingress implementations for cloud providers were decoupled from generic ingress resource.
To configure AWS Application Load Balancer:
```yaml
server:
ingress:
enabled: true
controller: aws
annotations:
alb.ingress.kubernetes.io/backend-protocol: HTTPS
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
aws:
backendProtocolVersion: HTTP2
serviceType: NodePort
```
To configure GKE Application Load Balancer:
```yaml
configs:
params:
"server.insecure": true
server:
service:
annotations:
cloud.google.com/neg: '{"ingress": true}'
cloud.google.com/backend-config: '{"ports": {"http":"argocd-server"}}'
ingress:
enabled: true
controller: gke
gke:
backendConfig:
healthCheck:
checkIntervalSec: 30
timeoutSec: 5
healthyThreshold: 1
unhealthyThreshold: 2
type: HTTP
requestPath: /healthz
port: 8080
frontendConfig:
redirectToHttps:
enabled: true
```
### 5.53.0 ### 5.53.0
Argocd-repo-server can now optionally use Persistent Volumes for its mountpoints instead of only emptydir() Argocd-repo-server can now optionally use Persistent Volumes for its mountpoints instead of only emptydir()
@ -425,7 +473,7 @@ NAME: my-release
| Key | Type | Default | Description | | Key | Type | Default | Description |
|-----|------|---------|-------------| |-----|------|---------|-------------|
| apiVersionOverrides.cloudgoogle | string | `""` | String to override apiVersion of GKE resources rendered by this helm chart | | apiVersionOverrides | object | `{}` | |
| crds.additionalLabels | object | `{}` | Addtional labels to be added to all CRDs | | crds.additionalLabels | object | `{}` | Addtional labels to be added to all CRDs |
| crds.annotations | object | `{}` | Annotations to be added to all CRDs | | crds.annotations | object | `{}` | Annotations to be added to all CRDs |
| crds.install | bool | `true` | Install and upgrade CRDs | | crds.install | bool | `true` | Install and upgrade CRDs |
@ -710,12 +758,6 @@ NAME: my-release
| Key | Type | Default | Description | | Key | Type | Default | Description |
|-----|------|---------|-------------| |-----|------|---------|-------------|
| server.GKEbackendConfig.enabled | bool | `false` | Enable BackendConfig custom resource for Google Kubernetes Engine |
| server.GKEbackendConfig.spec | object | `{}` | [BackendConfigSpec] |
| server.GKEfrontendConfig.enabled | bool | `false` | Enable FrontConfig custom resource for Google Kubernetes Engine |
| server.GKEfrontendConfig.spec | object | `{}` | [FrontendConfigSpec] |
| server.GKEmanagedCertificate.domains | list | `["argocd.example.com"]` | Domains for the Google Managed Certificate |
| server.GKEmanagedCertificate.enabled | bool | `false` | Enable ManagedCertificate custom resource for Google Kubernetes Engine. |
| server.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment | | server.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment |
| server.autoscaling.behavior | object | `{}` | Configures the scaling behavior of the target in both Up and Down directions. | | server.autoscaling.behavior | object | `{}` | Configures the scaling behavior of the target in both Up and Down directions. |
| server.autoscaling.enabled | bool | `false` | Enable Horizontal Pod Autoscaler ([HPA]) for the Argo CD server | | server.autoscaling.enabled | bool | `false` | Enable Horizontal Pod Autoscaler ([HPA]) for the Argo CD server |
@ -768,11 +810,18 @@ NAME: my-release
| server.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the Argo CD server | | server.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the Argo CD server |
| server.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | server.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry |
| server.ingress.annotations | object | `{}` | Additional ingress annotations | | server.ingress.annotations | object | `{}` | Additional ingress annotations |
| server.ingress.aws.backendProtocolVersion | string | `"HTTP2"` | Backend protocol version for the AWS ALB gRPC service |
| server.ingress.aws.serviceType | string | `"NodePort"` | Service type for the AWS ALB gRPC service |
| server.ingress.controller | string | `"generic"` | Specific implementation for ingress controller. One of `generic`, `aws` or `gke` |
| server.ingress.enabled | bool | `true` | Enable an ingress resource for the Argo CD server | | server.ingress.enabled | bool | `true` | Enable an ingress resource for the Argo CD server |
| server.ingress.extraHosts | list | `[]` (See [values.yaml]) | The list of additional hostnames to be covered by ingress record | | server.ingress.extraHosts | list | `[]` (See [values.yaml]) | The list of additional hostnames to be covered by ingress record |
| server.ingress.extraPaths | list | `[]` (See [values.yaml]) | Additional ingress paths | | server.ingress.extraPaths | list | `[]` (See [values.yaml]) | Additional ingress paths |
| server.ingress.extraRules | list | `[]` (See [values.yaml]) | Additional ingress rules | | server.ingress.extraRules | list | `[]` (See [values.yaml]) | Additional ingress rules |
| server.ingress.extraTls | list | `[]` (See [values.yaml]) | Additional TLS configuration | | server.ingress.extraTls | list | `[]` (See [values.yaml]) | Additional TLS configuration |
| server.ingress.gke.backendConfig | object | `{}` (See [values.yaml]) | Google [BackendConfig] resource, for use with the GKE Ingress Controller |
| server.ingress.gke.frontendConfig | object | `{}` (See [values.yaml]) | Google [FrontendConfig] resource, for use with the GKE Ingress Controller |
| server.ingress.gke.managedCertificate.create | bool | `true` | Create ManagedCertificate resource and annotations for Google Load balancer |
| server.ingress.gke.managedCertificate.extraDomains | list | `[]` | Additional domains for ManagedCertificate resource |
| server.ingress.hostname | string | `"argocd.server.local"` | Argo CD server hostname | | server.ingress.hostname | string | `"argocd.server.local"` | Argo CD server hostname |
| server.ingress.ingressClassName | string | `""` | Defines which ingress controller will implement the resource | | server.ingress.ingressClassName | string | `""` | Defines which ingress controller will implement the resource |
| server.ingress.labels | object | `{}` | Additional ingress labels | | server.ingress.labels | object | `{}` | Additional ingress labels |
@ -780,8 +829,6 @@ NAME: my-release
| server.ingress.pathType | string | `"Prefix"` | Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` | | server.ingress.pathType | string | `"Prefix"` | Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` |
| server.ingress.tls | bool | `false` | Enable TLS configuration for the hostname defined at `server.ingress.hostname` | | server.ingress.tls | bool | `false` | Enable TLS configuration for the hostname defined at `server.ingress.hostname` |
| server.ingressGrpc.annotations | object | `{}` | Additional ingress annotations for dedicated [gRPC-ingress] | | server.ingressGrpc.annotations | object | `{}` | Additional ingress annotations for dedicated [gRPC-ingress] |
| server.ingressGrpc.awsALB.backendProtocolVersion | string | `"HTTP2"` | Backend protocol version for the AWS ALB gRPC service |
| server.ingressGrpc.awsALB.serviceType | string | `"NodePort"` | Service type for the AWS ALB gRPC service |
| server.ingressGrpc.enabled | bool | `false` | Enable an ingress resource for the Argo CD server for dedicated [gRPC-ingress] | | server.ingressGrpc.enabled | bool | `false` | Enable an ingress resource for the Argo CD server for dedicated [gRPC-ingress] |
| server.ingressGrpc.extraHosts | list | `[]` (See [values.yaml]) | The list of additional hostnames to be covered by ingress record | | server.ingressGrpc.extraHosts | list | `[]` (See [values.yaml]) | The list of additional hostnames to be covered by ingress record |
| server.ingressGrpc.extraPaths | list | `[]` (See [values.yaml]) | Additional ingress paths for dedicated [gRPC-ingress] | | server.ingressGrpc.extraPaths | list | `[]` (See [values.yaml]) | Additional ingress paths for dedicated [gRPC-ingress] |

47
charts/argo-cd/README.md.gotmpl
View file

@ -128,6 +128,53 @@ Please review your setup and adjust to new configuration options:
* additional hostnames and routing can be provided via `extraHosts` configuration section * additional hostnames and routing can be provided via `extraHosts` configuration section
* additional TLS secrets can be provided via `extraTls` configuration section * additional TLS secrets can be provided via `extraTls` configuration section
Specific ingress implementations for cloud providers were decoupled from generic ingress resource.
To configure AWS Application Load Balancer:
```yaml
server:
ingress:
enabled: true
controller: aws
annotations:
alb.ingress.kubernetes.io/backend-protocol: HTTPS
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
aws:
backendProtocolVersion: HTTP2
serviceType: NodePort
```
To configure GKE Application Load Balancer:
```yaml
configs:
params:
"server.insecure": true
server:
service:
annotations:
cloud.google.com/neg: '{"ingress": true}'
cloud.google.com/backend-config: '{"ports": {"http":"argocd-server"}}'
ingress:
enabled: true
controller: gke
gke:
backendConfig:
healthCheck:
checkIntervalSec: 30
timeoutSec: 5
healthyThreshold: 1
unhealthyThreshold: 2
type: HTTP
requestPath: /healthz
port: 8080
frontendConfig:
redirectToHttps:
enabled: true
```
### 5.53.0 ### 5.53.0

13
charts/argo-cd/templates/_versions.tpl
View file

@ -5,16 +5,3 @@ Return the target Kubernetes version
{{- define "argo-cd.kubeVersion" -}} {{- define "argo-cd.kubeVersion" -}}
{{- default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride }} {{- default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride }}
{{- end }} {{- end }}
{{/*
Return the appropriate apiVersion for GKE resources
*/}}
{{- define "argo-cd.apiVersions.cloudgoogle" -}}
{{- if .Values.apiVersionOverrides.cloudgoogle -}}
{{- print .Values.apiVersionOverrides.cloudgoogle -}}
{{- else if .Capabilities.APIVersions.Has "cloud.google.com/v1" -}}
{{- print "cloud.google.com/v1" -}}
{{- else -}}
{{- print "cloud.google.com/v1beta1" -}}
{{- end -}}
{{- end -}}

71
charts/argo-cd/templates/argocd-server/aws/ingress.yaml Normal file
View file

@ -0,0 +1,71 @@
{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "aws") }}
{{- $insecure := index .Values.configs.params "server.insecure" | toString -}}
{{- $servicePort := eq $insecure "true" | ternary .Values.server.service.servicePortHttp .Values.server.service.servicePortHttps -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "argo-cd.server.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
{{- with .Values.server.ingress.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
alb.ingress.kubernetes.io/conditions.{{ include "argo-cd.server.fullname" . }}-grpc: |
[{"field":"http-header","httpHeaderConfig":{"httpHeaderName": "Content-Type", "values":["application/grpc"]}}]
{{- range $key, $value := .Values.server.ingress.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
{{- with .Values.server.ingress.ingressClassName }}
ingressClassName: {{ . }}
{{- end }}
rules:
- host: {{ .Values.server.ingress.hostname }}
http:
paths:
{{- with .Values.server.ingress.extraPaths }}
{{- toYaml . | nindent 10 }}
{{- end }}
- path: {{ .Values.server.ingress.path }}
pathType: {{ $.Values.server.ingress.pathType }}
backend:
service:
name: {{ include "argo-cd.server.fullname" . }}
port:
number: {{ $servicePort }}
- path: {{ .Values.server.ingress.path }}
pathType: {{ $.Values.server.ingressGrpc.pathType }}
backend:
service:
name: {{ include "argo-cd.server.fullname" $ }}-grpc
port:
number: {{ $servicePort }}
{{- range .Values.server.ingress.extraHosts }}
- host: {{ .name | quote }}
http:
paths:
- path: {{ default .Values.server.ingress.path .path }}
pathType: {{ default .Values.server.ingress.pathType .pathType }}
backend:
service:
name: {{ include "argo-cd.server.fullname" . }}
port:
number: {{ $servicePort }}
{{- end }}
{{- with .Values.server.ingress.extraRules }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if or .Values.server.ingress.tls .Values.server.ingress.extraTls }}
tls:
{{- if .Values.server.ingress.tls }}
- hosts:
- {{ .Values.server.ingress.hostname }}
secretName: argocd-server-tls
{{- end }}
{{- with .Values.server.ingress.extraTls }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

6
charts/argo-cd/templates/argocd-server/aws/service.yaml
View file

@ -1,9 +1,9 @@
{{- if and .Values.server.ingressGrpc.enabled .Values.server.ingressGrpc.isAWSALB -}} {{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "aws") }}
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata: metadata:
annotations: annotations:
alb.ingress.kubernetes.io/backend-protocol-version: {{ .Values.server.ingressGrpc.awsALB.backendProtocolVersion }} alb.ingress.kubernetes.io/backend-protocol-version: {{ .Values.server.ingress.aws.backendProtocolVersion }}
labels: labels:
{{- include "argo-cd.labels" (dict "context" . "component" (print .Values.server.name "-gprc") "name" (print .Values.server.name "-grpc")) | nindent 4 }} {{- include "argo-cd.labels" (dict "context" . "component" (print .Values.server.name "-gprc") "name" (print .Values.server.name "-grpc")) | nindent 4 }}
name: {{ template "argo-cd.server.fullname" . }}-grpc name: {{ template "argo-cd.server.fullname" . }}-grpc
@ -21,5 +21,5 @@ spec:
selector: selector:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }} {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }}
sessionAffinity: None sessionAffinity: None
type: {{ .Values.server.ingressGrpc.awsALB.serviceType }} type: {{ .Values.server.ingress.aws.serviceType }}
{{- end -}} {{- end -}}

10
charts/argo-cd/templates/argocd-server/gke/backendconfig.yaml
View file

@ -1,11 +1,13 @@
{{- if .Values.server.GKEbackendConfig.enabled }} {{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "gke") .Values.server.ingress.gke.backendConfig }}
apiVersion: {{ include "argo-cd.apiVersions.cloudgoogle" . }} apiVersion: cloud.google.com/v1
kind: BackendConfig kind: BackendConfig
metadata: metadata:
name: {{ template "argo-cd.server.fullname" . }} name: {{ include "argo-cd.server.fullname" . }}
namespace: {{ .Release.Namespace | quote }} namespace: {{ .Release.Namespace | quote }}
labels: labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
{{- with .Values.server.ingress.gke.backendConfig }}
spec: spec:
{{- toYaml .Values.server.GKEbackendConfig.spec | nindent 2 }} {{- toYaml . | nindent 2 }}
{{- end }}
{{- end }} {{- end }}

8
charts/argo-cd/templates/argocd-server/gke/frontendconfig.yaml
View file

@ -1,11 +1,13 @@
{{- if .Values.server.GKEfrontendConfig.enabled }} {{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "gke") .Values.server.ingress.gke.frontendConfig }}
apiVersion: networking.gke.io/v1beta1 apiVersion: networking.gke.io/v1beta1
kind: FrontendConfig kind: FrontendConfig
metadata: metadata:
name: {{ template "argo-cd.server.fullname" . }} name: {{ include "argo-cd.server.fullname" . }}
namespace: {{ .Release.Namespace | quote }} namespace: {{ .Release.Namespace | quote }}
labels: labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
{{- with .Values.server.ingress.gke.frontendConfig }}
spec: spec:
{{- toYaml .Values.server.GKEfrontendConfig.spec | nindent 2 }} {{- toYaml . | nindent 2 }}
{{- end }}
{{- end }} {{- end }}

69
charts/argo-cd/templates/argocd-server/gke/ingress.yaml Normal file
View file

@ -0,0 +1,69 @@
{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "gke") }}
{{- $insecure := index .Values.configs.params "server.insecure" | toString -}}
{{- $servicePort := eq $insecure "true" | ternary .Values.server.service.servicePortHttp .Values.server.service.servicePortHttps -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "argo-cd.server.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
{{- with .Values.server.ingress.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
ingressClassName: "gce"
{{- if .Values.server.ingress.gke.managedCertificate.create }}
networking.gke.io/managed-certificates: {{ include "argo-cd.server.fullname" . }}
{{- end }}
{{- if .Values.server.ingress.gke.frontendConfig }}
networking.gke.io/v1beta1.FrontendConfig: {{ include "argo-cd.server.fullname" . }}
{{- end }}
{{- range $key, $value := .Values.server.ingress.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
{{- with .Values.server.ingress.ingressClassName }}
ingressClassName: {{ . }}
{{- end }}
rules:
- host: {{ .Values.server.ingress.hostname }}
http:
paths:
{{- with .Values.server.ingress.extraPaths }}
{{- toYaml . | nindent 10 }}
{{- end }}
- path: {{ .Values.server.ingress.path }}
pathType: {{ .Values.server.ingress.pathType }}
backend:
service:
name: {{ include "argo-cd.server.fullname" . }}
port:
number: {{ $servicePort }}
{{- range .Values.server.ingress.extraHosts }}
- host: {{ .name | quote }}
http:
paths:
- path: {{ default .Values.server.ingress.path .path }}
pathType: {{ default .Values.server.ingress.pathType .pathType }}
backend:
service:
name: {{ include "argo-cd.server.fullname" . }}
port:
number: {{ $servicePort }}
{{- end }}
{{- with .Values.server.ingress.extraRules }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if or .Values.server.ingress.tls .Values.server.ingress.extraTls }}
tls:
{{- if .Values.server.ingress.tls }}
- hosts:
- {{ .Values.server.ingress.hostname }}
secretName: argocd-server-tls
{{- end }}
{{- with .Values.server.ingress.extraTls }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

11
charts/argo-cd/templates/argocd-server/gke/managedcertificate.yaml
View file

@ -1,12 +1,15 @@
{{- if .Values.server.GKEmanagedCertificate.enabled }} {{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "gke") .Values.server.ingress.gke.managedCertificate.create }}
apiVersion: networking.gke.io/v1 apiVersion: networking.gke.io/v1
kind: ManagedCertificate kind: ManagedCertificate
metadata: metadata:
name: {{ template "argo-cd.server.fullname" . }} name: {{ include "argo-cd.server.fullname" . }}
namespace: {{ .Release.Namespace | quote }} namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
spec: spec:
domains: domains:
{{- with .Values.server.GKEmanagedCertificate.domains }} - {{ .Values.server.ingress.hostname }}
{{- toYaml . | nindent 4 }} {{- with .Values.server.ingress.gke.managedCertificate.extraDomains }}
{{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
{{- end }} {{- end }}

4
charts/argo-cd/templates/argocd-server/ingress-grpc.yaml
View file

@ -1,5 +1,5 @@
{{- if and .Values.server.ingressGrpc.enabled (not .Values.server.ingressGrpc.isAWSALB) -}} {{- if and .Values.server.ingressGrpc.enabled (eq .Values.server.ingress.controller "generic") -}}
{{- $hostname := default (printf "grpc.%s" .Values.server.ingress.hostname) .Values.server.ingressGrpc.hostname -}} {{- $hostname := .Values.server.ingressGrpc.hostname | default (printf "grpc.%s" .Values.server.ingress.hostname) -}}
{{- $insecure := index .Values.configs.params "server.insecure" | toString -}} {{- $insecure := index .Values.configs.params "server.insecure" | toString -}}
{{- $servicePort := eq $insecure "true" | ternary .Values.server.service.servicePortHttp .Values.server.service.servicePortHttps -}} {{- $servicePort := eq $insecure "true" | ternary .Values.server.service.servicePortHttp .Values.server.service.servicePortHttps -}}
apiVersion: networking.k8s.io/v1 apiVersion: networking.k8s.io/v1

19
charts/argo-cd/templates/argocd-server/ingress.yaml
View file

@ -1,4 +1,4 @@
{{- if .Values.server.ingress.enabled }} {{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "generic") }}
{{- $insecure := index .Values.configs.params "server.insecure" | toString -}} {{- $insecure := index .Values.configs.params "server.insecure" | toString -}}
{{- $servicePort := eq $insecure "true" | ternary .Values.server.service.servicePortHttp .Values.server.service.servicePortHttps -}} {{- $servicePort := eq $insecure "true" | ternary .Values.server.service.servicePortHttp .Values.server.service.servicePortHttps -}}
apiVersion: networking.k8s.io/v1 apiVersion: networking.k8s.io/v1
@ -11,15 +11,11 @@ metadata:
{{- with .Values.server.ingress.labels }} {{- with .Values.server.ingress.labels }}
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
{{- if .Values.server.ingress.annotations }} {{- with .Values.server.ingress.annotations }}
annotations: annotations:
{{- range $key, $value := .Values.server.ingress.annotations }} {{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }} {{ $key }}: {{ $value | quote }}
{{- end }} {{- end }}
{{- if and .Values.server.ingressGrpc.isAWSALB .Values.server.ingressGrpc.enabled }}
alb.ingress.kubernetes.io/conditions.{{ template "argo-cd.server.fullname" . }}-grpc: |
[{"field":"http-header","httpHeaderConfig":{"httpHeaderName": "Content-Type", "values":["application/grpc"]}}]
{{- end }}
{{- end }} {{- end }}
spec: spec:
{{- with .Values.server.ingress.ingressClassName }} {{- with .Values.server.ingress.ingressClassName }}
@ -39,15 +35,6 @@ spec:
name: {{ include "argo-cd.server.fullname" . }} name: {{ include "argo-cd.server.fullname" . }}
port: port:
number: {{ $servicePort }} number: {{ $servicePort }}
{{- if and .Values.server.ingressGrpc.isAWSALB .Values.server.ingressGrpc.enabled }}
- path: {{ .Values.server.ingress.path }}
pathType: {{ $.Values.server.ingressGrpc.pathType }}
backend:
service:
name: {{ include "argo-cd.server.fullname" $ }}-grpc
port:
number: {{ $servicePort }}
{{- end }}
{{- range .Values.server.ingress.extraHosts }} {{- range .Values.server.ingress.extraHosts }}
- host: {{ .name | quote }} - host: {{ .name | quote }}
http: http:

97
charts/argo-cd/values.yaml
View file

@ -11,9 +11,7 @@ kubeVersionOverride: ""
# Override APIVersions # Override APIVersions
# If you want to template helm charts but cannot access k8s API server # If you want to template helm charts but cannot access k8s API server
# you can set api versions here # you can set api versions here
apiVersionOverrides: apiVersionOverrides: {}
# -- String to override apiVersion of GKE resources rendered by this helm chart
cloudgoogle: "" # cloud.google.com/v1
# -- Create aggregated roles that extend existing cluster roles to interact with argo-cd resources # -- Create aggregated roles that extend existing cluster roles to interact with argo-cd resources
## Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles ## Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles
@ -1904,6 +1902,9 @@ server:
ingress: ingress:
# -- Enable an ingress resource for the Argo CD server # -- Enable an ingress resource for the Argo CD server
enabled: true #false enabled: true #false
# -- Specific implementation for ingress controller. One of `generic`, `aws` or `gke`
## Additional configuration might be required in related configuration sections
controller: generic
# -- Additional ingress labels # -- Additional ingress labels
labels: {} labels: {}
# -- Additional ingress annotations # -- Additional ingress annotations
@ -1920,7 +1921,6 @@ server:
hostname: argocd.server.local hostname: argocd.server.local
# -- The path to Argo CD server # -- The path to Argo CD server
## NOTE: You may need to set this to `/*` in order to use this with GKE ingress controller
path: / path: /
# -- Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` # -- Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific`
@ -1967,7 +1967,50 @@ server:
# - argocd.example.com # - argocd.example.com
# secretName: your-certificate-name # secretName: your-certificate-name
# Dedicated ingress for gRPC as documented at # AWS specific options for Application Load Balancer
# Applies only when `serv.ingress.controller` is set to `aws`
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#aws-application-load-balancers-albs-and-classic-elb-http-mode
aws:
# -- Backend protocol version for the AWS ALB gRPC service
## This tells AWS to send traffic from the ALB using HTTP2. Can use gRPC as well if you want to leverage gRPC specific features
backendProtocolVersion: HTTP2
# -- Service type for the AWS ALB gRPC service
## Can be of type NodePort or ClusterIP depending on which mode you are running.
## Instance mode needs type NodePort, IP mode needs type ClusterIP
## Ref: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/how-it-works/#ingress-traffic
serviceType: NodePort
# Google specific options for Google Application Load Balancer
# Applies only when `server.ingress.controller` is set to `gke`
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#google-cloud-load-balancers-with-kubernetes-ingress
gke:
# -- Google [BackendConfig] resource, for use with the GKE Ingress Controller
# @default -- `{}` (See [values.yaml])
## Ref: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters
backendConfig: {}
# iap:
# enabled: true
# oauthclientCredentials:
# secretName: argocd-secret
# -- Google [FrontendConfig] resource, for use with the GKE Ingress Controller
# @default -- `{}` (See [values.yaml])
## Ref: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters
frontendConfig: {}
# redirectToHttps:
# enabled: true
# responseCodeName: RESPONSE_CODE
# Managed GKE certificate for ingress hostname
managedCertificate:
# -- Create ManagedCertificate resource and annotations for Google Load balancer
## Ref: https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs
create: true
# -- Additional domains for ManagedCertificate resource
extraDomains: []
# - argocd.example.com
# Dedicated gRPC ingress for ingress controllers that supports only single backend protocol per Ingress resource
# Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-2-multiple-ingress-objects-and-hosts # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-2-multiple-ingress-objects-and-hosts
ingressGrpc: ingressGrpc:
# -- Enable an ingress resource for the Argo CD server for dedicated [gRPC-ingress] # -- Enable an ingress resource for the Argo CD server for dedicated [gRPC-ingress]
@ -1981,18 +2024,6 @@ server:
# -- Defines which ingress controller will implement the resource [gRPC-ingress] # -- Defines which ingress controller will implement the resource [gRPC-ingress]
ingressClassName: "" ingressClassName: ""
awsALB:
# -- Service type for the AWS ALB gRPC service
## Service Type if isAWSALB is set to true
## Can be of type NodePort or ClusterIP depending on which mode you are
## are running. Instance mode needs type NodePort, IP mode needs type
## ClusterIP
## Ref: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/how-it-works/#ingress-traffic
serviceType: NodePort
# -- Backend protocol version for the AWS ALB gRPC service
## This tells AWS to send traffic from the ALB using HTTP2. Can use gRPC as well if you want to leverage gRPC specific features
backendProtocolVersion: HTTP2
# -- Argo CD server hostname for dedicated [gRPC-ingress] # -- Argo CD server hostname for dedicated [gRPC-ingress]
hostname: "" hostname: ""
@ -2058,38 +2089,6 @@ server:
# -- Termination policy of Openshift Route # -- Termination policy of Openshift Route
termination_policy: None termination_policy: None
GKEbackendConfig:
# -- Enable BackendConfig custom resource for Google Kubernetes Engine
enabled: false
# -- [BackendConfigSpec]
spec: {}
# spec:
# iap:
# enabled: true
# oauthclientCredentials:
# secretName: argocd-secret
## Create a Google Managed Certificate for use with the GKE Ingress Controller
## https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs
GKEmanagedCertificate:
# -- Enable ManagedCertificate custom resource for Google Kubernetes Engine.
enabled: false
# -- Domains for the Google Managed Certificate
domains:
- argocd.example.com
## Create a Google FrontendConfig Custom Resource, for use with the GKE Ingress Controller
## https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters
GKEfrontendConfig:
# -- Enable FrontConfig custom resource for Google Kubernetes Engine
enabled: false
# -- [FrontendConfigSpec]
spec: {}
# spec:
# redirectToHttps:
# enabled: true
# responseCodeName: RESPONSE_CODE
## Repo Server ## Repo Server
repoServer: repoServer:
# -- Repo server name # -- Repo server name