DevFW-CICD/argocd-helm
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add ApplicationSet chart (#577)

Browse source 
Co-authored-by: Alex Collins <alexec@users.noreply.github.com>
This commit is contained in:
Matteo Ruina 2021-03-31 19:37:15 +02:00 committed by GitHub
parent af0d6b8957
commit 37cd1ef042
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
11 changed files with 2201 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
charts/argo-applicationset/.helmignore Normal file
View file

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

14
charts/argo-applicationset/Chart.yaml Normal file
View file

@ -0,0 +1,14 @@
apiVersion: v2
name: argocd-applicationset
description: A Helm chart for installing ArgoCD ApplicationSet
type: application
version: 0.1.0
appVersion: "v0.1.0-prerelease"
home: https://github.com/argoproj/argo-helm
icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
keywords:
- argoproj
- appset
- gitops
maintainers:
- name: maruina

60
charts/argo-applicationset/README.md Normal file
View file

@ -0,0 +1,60 @@
# Argo CD ApplicationSet Chart
A Helm chart for Argo CD ApplicationSet, a controller to programmatically generate Argo CD Application.
Source code can be found [here](https://github.com/argoproj-labs/applicationset/)
## Additional Information
This is a **community maintained** chart. This chart installs the [applicationset](https://github.com/argoproj-labs/applicationset) controller.
This chart currently installs the non-HA version of Argo CD ApplicationSet.
## Installing the Chart
To install the chart with the release name `my-release`:
```console
$ helm repo add argo https://argoproj.github.io/argo-helm
"argo" has been added to your repositories
$ helm install --name my-release argo/argo-applicationset
NAME: my-release
...
```
### Helm v3 Compatibility
Users of Helm v3 should set the `installCRDs` value to `false` to avoid warnings about nonexistent webhooks.
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| affinity | object | `{}` | [Assign custom affinity rules to the deployment](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) |
| args.metricsAddr | int | `8080` | The default metric address |
| args.probeBindAddr | int | `8081` | The default health check port |
| args.enableLeaderElection | bool | `false` | The default leader election setting |
| args.namespace | string | `argocd` | The default Argo CD repo namespace |
| args.argocdRepoServer | string | `argocd-repo-server:8081` | The default Argo CD repo server address |
| args.policy | string | `sync` | How application is synced between the generator and the cluster |
| args.debug | bool | `false` | Print debug logs |
| args.dryRun | bool | `false` | Enable dry run mode |
| fullnameOverride | string | `""` | Override the default fully qualified app name |
| image.pullPolicy | string | `"IfNotPresent"` | Image pull policy |
| image.repository | string | `"quay.io/argocdapplicationset/argocd-applicationset"` | If defined, a repository applied to the ApplicationSet deployment. |
| image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. |
| imagePullSecrets | list | `[]` | If defined, uses a Secret to pull an image from a private Docker registry or repository. |
| installCRDs | bool | `true` | Install Custom Resource Definition |
| nameOverride | string | `""` | Provide a name in place of `argo-applicationset` |
| nodeSelector | object | `{}` | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) |
| podAnnotations | object | `{}` | Annotations for the controller pods |
| podSecurityContext | object | `{}` | Pod Security Context |
| rbac.pspEnabled | bool | `true` | Enable Pod Security Policy |
| replicaCount | int | `1` | The number of controller pods to run |
| resources | object | `{}` | Resource limits and requests for the controller pods. |
| securityContext | object | `{}` | Security Context |
| serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
| serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
| tolerations | list | `[]` | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) |

1740
charts/argo-applicationset/crds/crd-applicationset.yaml Normal file
View file

File diff suppressed because it is too large Load diff

65
charts/argo-applicationset/templates/_helpers.tpl Normal file
View file

@ -0,0 +1,65 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "argo-applicationset.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "argo-applicationset.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "argo-applicationset.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "argo-applicationset.labels" -}}
helm.sh/chart: {{ include "argo-applicationset.chart" . }}
{{ include "argo-applicationset.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/name: {{ include "argo-applicationset.name" . }}
app.kubernetes.io/part-of: argo-cd-applicationset
app.kubernetes.io/component: controller
{{- end }}
{{/*
Selector labels
*/}}
{{- define "argo-applicationset.selectorLabels" -}}
app.kubernetes.io/name: {{ include "argo-applicationset.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "argo-applicationset.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "argo-applicationset.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

6
charts/argo-applicationset/templates/crds.yaml Normal file
View file

@ -0,0 +1,6 @@
{{- if .Values.installCRDs }}
{{- range $path, $_ := .Files.Glob "crds/*.yaml" }}
{{ $.Files.Get $path }}
---
{{- end }}
{{- end }}

63
charts/argo-applicationset/templates/deployment.yaml Normal file
View file

@ -0,0 +1,63 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "argo-applicationset.fullname" . }}
labels:
{{- include "argo-applicationset.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
{{- include "argo-applicationset.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "argo-applicationset.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "argo-applicationset.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
command:
- applicationset-controller
- --metrics-addr={{ .Values.args.metricsAddr }}
- --probe-addr={{ .Values.args.probeBindAddr }}
{{- if or (gt ( .Values.replicaCount | int64) 1) .Values.args.enableLeaderElection }}
- --enable-leader-election=true
{{- end }}
- --namespace={{ .Values.args.namespace }}
- --argocd-repo-server={{ .Values.args.argocdRepoServer }}
- --policy={{ .Values.args.policy }}
- --debug={{ .Values.args.debug }}
- --dry-run={{ .Values.args.dryRun }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: http
containerPort: {{ (split ":" .Values.args.probeBindAddr)._1 }}
protocol: TCP
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

57
charts/argo-applicationset/templates/psp.yaml Normal file
View file

@ -0,0 +1,57 @@
{{- if .Values.rbac.pspEnabled }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ template "argo-applicationset.fullname" . }}
labels:
{{- include "argo-applicationset.labels" . | nindent 4 }}
annotations:
seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
spec:
privileged: false
hostIPC: false
hostNetwork: false
hostPID: false
readOnlyRootFilesystem: false
allowPrivilegeEscalation: false
allowedCapabilities:
- '*'
fsGroup:
rule: RunAsAny
runAsUser:
rule: RunAsAny
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
volumes:
- '*'
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ template "argo-applicationset.fullname" . }}-psp
labels:
{{- include "argo-applicationset.labels" . | nindent 4 }}
rules:
- apiGroups: ['policy']
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames:
- {{ template "argo-applicationset.fullname" . }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "argo-applicationset.fullname" . }}-psp
labels:
{{- include "argo-applicationset.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "argo-applicationset.fullname" . }}-psp
subjects:
- kind: ServiceAccount
name: {{ template "argo-applicationset.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}

89
charts/argo-applicationset/templates/rbac.yaml Normal file
View file

@ -0,0 +1,89 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "argo-applicationset.fullname" . }}
labels:
{{- include "argo-applicationset.labels" . | nindent 4 }}
rules:
- apiGroups:
- argoproj.io
resources:
- applications
- applicationsets
- applicationsets/finalizers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- argoproj.io
resources:
- applicationsets/status
verbs:
- get
- patch
- update
- apiGroups:
- ''
resources:
- events
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ''
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- ''
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ''
resources:
- configmaps/status
verbs:
- get
- update
- patch
- apiGroups:
- ''
resources:
- events
verbs:
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "argo-applicationset.fullname" . }}
labels:
{{- include "argo-applicationset.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "argo-applicationset.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ include "argo-applicationset.serviceAccountName" . }}

12
charts/argo-applicationset/templates/serviceaccount.yaml Normal file
View file

@ -0,0 +1,12 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "argo-applicationset.serviceAccountName" . }}
labels:
{{- include "argo-applicationset.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

72
charts/argo-applicationset/values.yaml Normal file
View file

@ -0,0 +1,72 @@
# Default values for argo-applicationset.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
installCRDs: true
image:
# The image repository
repository: quay.io/argocdapplicationset/argocd-applicationset
# Image pull policy
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: ""
args:
metricsAddr: :8080
probeBindAddr: :8081
enableLeaderElection: false
namespace: argocd
argocdRepoServer: argocd-repo-server:8081
policy: sync
debug: false
dryRun: false
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
podAnnotations: {}
rbac:
pspEnabled: true
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}