DevFW-CICD/argocd-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'master' into fix-readme-insecure-example

Browse source
This commit is contained in:
Sean Johnson 2020-04-27 14:07:02 +10:00 committed by GitHub
commit 544f4081c8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
73 changed files with 3531 additions and 3761 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
.circleci/config.yml
View file

@ -2,7 +2,7 @@ version: 2.1
jobs:
lint:
docker:
- image: gcr.io/kubernetes-charts-ci/test-image:v3.0.1
- image: gcr.io/kubernetes-charts-ci/test-image:v3.1.0
steps:
- checkout
- run: ct lint --config .circleci/chart-testing.yaml --lint-conf .circleci/lintconf.yaml
@ -11,7 +11,7 @@ jobs:
publish:
docker:
# We just need an image with `helm` on it. Handily we know of one already.
- image: gcr.io/kubernetes-charts-ci/test-image:v3.0.1
- image: gcr.io/kubernetes-charts-ci/test-image:v3.1.0
steps:
# install the additional keys needed to push to Github. Alex Collins owns these keys.
- add_ssh_keys

2
.gitignore vendored
View file

@ -1,4 +1,4 @@
output
.vscode
.DS_Store
*.tgz
**/*.tgz

4
charts/argo-cd/Chart.yaml
View file

@ -1,8 +1,8 @@
apiVersion: v1
appVersion: "1.4.2"
appVersion: "1.5.2"
description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes.
name: argo-cd
version: 2.0.0
version: 2.2.9
home: https://github.com/argoproj/argo-helm
icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
keywords:

185
charts/argo-cd/README.md
View file

@ -1,10 +1,11 @@
Argo CD Chart
======
# Argo CD Chart
A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes.
Source code can be found [here](https://argoproj.github.io/argo-cd/)
## Additional Information
This is a **community maintained** chart. This chart installs [argo-cd](https://argoproj.github.io/argo-cd/), a declarative, GitOps continuous delivery tool for Kubernetes.
The default installation is intended to be similar to the provided ArgoCD [releases](https://github.com/argoproj/argo-cd/releases).
@ -13,20 +14,20 @@ This chart currently installs the non-HA version of ArgoCD.
## Upgrading
### 1.8.7 to 2.0.0
### 1.8.7 to 2.x.x
`controller.extraArgs`, `repoServer.extraArgs` and `server.extraArgs` are not arrays of strings intead of a map
What was
```
server:
```yaml
controller:
extraArgs:
insecure: ""
```
is now
```
```yaml
server:
extraArgs:
- --insecure
@ -42,12 +43,16 @@ To install the chart with the release name `my-release`:
```console
$ helm repo add argo https://argoproj.github.io/argo-helm
"argo" has been added to your repositories
$ helm install --name my-release argo/argo-cd
NAME: my-release
...
```
### Helm v3 Compatability
Requires chart version 1.5.1 or newer.
Requires chart version 1.5.2 or newer.
Helm v3 has removed the `install-crds` hook so CRDs are now populated by files in the [crds](./crds) directory. Users of Helm v3 should set the `installCRDs` value to `false` to avoid warnings about nonexistant webhooks.
@ -57,12 +62,14 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i
|-----|------|---------|
| global.image.imagePullPolicy | If defined, a imagePullPolicy applied to all ArgoCD deployments. | `"IfNotPresent"` |
| global.image.repository | If defined, a repository applied to all ArgoCD deployments. | `"argoproj/argocd"` |
| global.image.tag | If defined, a tag applied to all ArgoCD deployments. | `"v1.4.2"` |
| global.securityContext | Toggle and define securityContext | See [values.yaml](values.yaml) | 
| global.imagePullSecrets | If defined, uses a Secret to pull an image from a private Docker registry or repository. | `[]` | 
| global.image.tag | If defined, a tag applied to all ArgoCD deployments. | `"v1.5.2"` |
| global.securityContext | Toggle and define securityContext | See [values.yaml](values.yaml) |
| global.imagePullSecrets | If defined, uses a Secret to pull an image from a private Docker registry or repository. | `[]` |
| global.hostAliases | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | `[]` |
| nameOverride | Provide a name in place of `argocd` | `"argocd"` |
| installCRDs | bool | `true` | Install CRDs if you are using Helm2. |
| installCRDs | Install CRDs if you are using Helm2. | `true` |
| configs.knownHosts.data.ssh_known_hosts | Known Hosts | See [values.yaml](values.yaml) |
| configs.secret.annotations | Annotations for argocd-secret | `{}` |
| configs.secret.argocdServerAdminPassword | Admin password | `null` |
| configs.secret.argocdServerAdminPasswordMtime | Admin password modification time | `date "2006-01-02T15:04:05Z" now` if configs.secret.argocdServerAdminPassword is set |
| configs.secret.bitbucketSecret | BitBucket incoming webhook secret | `""` |
@ -74,9 +81,9 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i
## ArgoCD Controller
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| controller.affinity | Assign custom affinity rules to the deployment https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ | `{}` |
| Parameter | Description | Default |
|-----|---------|-------------|
| controller.affinity | [Assign custom affinity rules to the deployment](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) | `{}` |
| controller.args.operationProcessors | define the controller `--operation-processors` | `"10"` |
| controller.args.statusProcessors | define the controller `--status-processors` | `"20"` |
| controller.clusterAdminAccess.enabled | Enable RBAC for local cluster deployments. | `true` |
@ -86,11 +93,11 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i
| controller.image.repository | Repository to use for the controller | `global.image.repository` |
| controller.image.imagePullPolicy | Image pull policy for the controller | `global.image.imagePullPolicy` |
| controller.image.tag | Tag to use for the controller | `global.image.tag` |
| controller.livenessProbe.failureThreshold | int | `3` |
| controller.livenessProbe.initialDelaySeconds | int | `10` |
| controller.livenessProbe.periodSeconds | int | `10` |
| controller.livenessProbe.successThreshold | int | `1` |
| controller.livenessProbe.timeoutSeconds | int | `1` |
| controller.livenessProbe.failureThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `3` |
| controller.livenessProbe.initialDelaySeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` |
| controller.livenessProbe.periodSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` |
| controller.livenessProbe.successThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` |
| controller.livenessProbe.timeoutSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` |
| controller.logLevel | Controller log level | `"info"` |
| controller.metrics.enabled | Deploy metrics service | `false` |
| controller.metrics.service.annotations | Metrics service annotations | `{}` |
@ -99,46 +106,46 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i
| controller.metrics.serviceMonitor.enabled | Enable a prometheus ServiceMonitor. | `false` |
| controller.metrics.serviceMonitor.selector | Prometheus ServiceMonitor selector. | `{}` |
| controller.name | Controller name string. | `"application-controller"` |
| controller.nodeSelector | controller node selector https://kubernetes.io/docs/user-guide/node-selection/ | `{}` |
| controller.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` |
| controller.podAnnotations | Annotations for the controller pods | `{}` |
| controller.podLabels | Labels for the controller pods | `{}` |
| controller.priorityClassName | Priority class for the controller pods | `""` |
| controller.readinessProbe.failureThreshold | int | `3` |
| controller.readinessProbe.initialDelaySeconds | int | `10` |
| controller.readinessProbe.periodSeconds | int | `10` |
| controller.readinessProbe.successThreshold | int | `1` |
| controller.readinessProbe.timeoutSeconds | int | `1` |
| controller.readinessProbe.failureThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `3` |
| controller.readinessProbe.initialDelaySeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` |
| controller.readinessProbe.periodSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` |
| controller.readinessProbe.successThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` |
| controller.readinessProbe.timeoutSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` |
| controller.resources | Resource limits and requests for the controller pods. | `{}` |
| controller.service.annotations | Controller service annotations. | `{}` |
| controller.service.labels | Controller service labels. | `{}` |
| controller.service.port | Controller service port. | `8082` |
| controller.serviceAccount.create | Create a service account for the controller | `true` |
| controller.serviceAccount.name | Service account name. | `"argocd-application-controller"` |
| controller.tolerations | Tolerations for use with node taints https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | `[]` |
| controller.tolerations | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` |
| controller.volumeMounts | Controller volume mounts | `[]` |
| controller.volumes | Controller volumes | `[]` |
## Argo Repo Server
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| repoServer.affinity | Assign custom affinity rules to the deployment https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ | `{}` |
| repoServer.autoscaling.enabled | Enable Horizontal Pod Autoscaler (HPA) for the repo server | `false` |
| repoServer.autoscaling.minReplicas | Minimum number of replicas for the repo server HPA | `1` |
| repoServer.autoscaling.maxReplicas | Maximum number of replicas for the repo server HPA | `5` |
| repoServer.autoscaling.targetCPUUtilizationPercentage | Average CPU utilization percentage for the repo server HPA | `50` |
| repoServer.autoscaling.targetMemoryUtilizationPercentage | Average memory utilization percentage for the repo server HPA | `50` |
| Property | Description | Default |
|-----|---------|-------------|
| repoServer.affinity | [Assign custom affinity rules to the deployment](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) | `{}` |
| repoServer.autoscaling.enabled | Enable Horizontal Pod Autoscaler ([HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/)) for the repo server | `false` |
| repoServer.autoscaling.minReplicas | Minimum number of replicas for the repo server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `1` |
| repoServer.autoscaling.maxReplicas | Maximum number of replicas for the repo server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `5` |
| repoServer.autoscaling.targetCPUUtilizationPercentage | Average CPU utilization percentage for the repo server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `50` |
| repoServer.autoscaling.targetMemoryUtilizationPercentage | Average memory utilization percentage for the repo server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `50` |
| repoServer.containerPort | Repo server port | `8081` |
| repoServer.extraArgs | Additional arguments for the repo server. A list of flags. | `[]` |
| repoServer.env | Environment variables for the repo server. | `[]` |
| repoServer.image.repository | Repository to use for the repo server | `global.image.repository` |
| repoServer.image.imagePullPolicy | Image pull policy for the repo server | `global.image.imagePullPolicy` |
| repoServer.image.tag | Tag to use for the repo server | `global.image.tag` |
| repoServer.livenessProbe.failureThreshold | int | `3` |
| repoServer.livenessProbe.initialDelaySeconds | int | `10` |
| repoServer.livenessProbe.periodSeconds | int | `10` |
| repoServer.livenessProbe.successThreshold | int | `1` |
| repoServer.livenessProbe.timeoutSeconds | int | `1` |
| repoServer.livenessProbe.failureThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `3` |
| repoServer.livenessProbe.initialDelaySeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` |
| repoServer.livenessProbe.periodSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` |
| repoServer.livenessProbe.successThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` |
| repoServer.livenessProbe.timeoutSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` |
| repoServer.logLevel | Log level | `"info"` |
| repoServer.metrics.enabled | Deploy metrics service | `false` |
| repoServer.metrics.service.annotations | Metrics service annotations | `{}` |
@ -147,34 +154,36 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i
| repoServer.metrics.serviceMonitor.enabled | Enable a prometheus ServiceMonitor. | `false` |
| repoServer.metrics.serviceMonitor.selector | Prometheus ServiceMonitor selector. | `{}` |
| repoServer.name | Repo server name | `"repo-server"` |
| repoServer.nodeSelector | controller node selector https://kubernetes.io/docs/user-guide/node-selection/ | `{}` |
| repoServer.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` |
| repoServer.podAnnotations | Annotations for the repo server pods | `{}` |
| repoServer.podLabels | Labels for the repo server pods | `{}` |
| repoServer.priorityClassName | Priority class for the repo server | `""` |
| repoServer.readinessProbe.failureThreshold | int | `3` |
| repoServer.readinessProbe.initialDelaySeconds | int | `10` |
| repoServer.readinessProbe.periodSeconds | int | `10` |
| repoServer.readinessProbe.successThreshold | int | `1` |
| repoServer.readinessProbe.timeoutSeconds | int | `1` |
| repoServer.readinessProbe.failureThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `3` |
| repoServer.readinessProbe.initialDelaySeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` |
| repoServer.readinessProbe.periodSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` |
| repoServer.readinessProbe.successThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` |
| repoServer.readinessProbe.timeoutSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` |
| repoServer.replicas | The number of repo server pods to run | `1` |
| repoServer.resources | Resource limits and requests for the repo server pods. | `{}` |
| repoServer.service.annotations | Repo server service annotations. | `{}` |
| repoServer.service.labels | Repo server service labels. | `{}` |
| repoServer.service.port | Repo server service port. | `8081` |
| repoServer.tolerations | Tolerations for use with node taints https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | `[]` |
| repoServer.tolerations | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` |
| repoServer.volumeMounts | Repo server volume mounts | `[]` |
| repoServer.volumes | Repo server volumes | `[]` |
## Argo Server
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| server.affinity | Assign custom affinity rules to the deployment https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ | `{}` |
| server.autoscaling.enabled | Enable Horizontal Pod Autoscaler (HPA) for the server | `false` |
| server.autoscaling.minReplicas | Minimum number of replicas for the server HPA | `1` |
| server.autoscaling.maxReplicas | Maximum number of replicas for the server HPA | `5` |
| server.autoscaling.targetCPUUtilizationPercentage | Average CPU utilization percentage for the server HPA | `50` |
| server.autoscaling.targetMemoryUtilizationPercentage | Average memory utilization percentage for the server HPA | `50` |
| Parameter | Description | Default |
|-----|---------|-------------|
| server.affinity | [Assign custom affinity rules to the deployment](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) | `{}` |
| server.autoscaling.enabled | Enable Horizontal Pod Autoscaler ([HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/)) for the server | `false` |
| server.autoscaling.minReplicas | Minimum number of replicas for the server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `1` |
| server.autoscaling.maxReplicas | Maximum number of replicas for the server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `5` |
| server.autoscaling.targetCPUUtilizationPercentage | Average CPU utilization percentage for the server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `50` |
| server.autoscaling.targetMemoryUtilizationPercentage | Average memory utilization percentage for the server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `50` |
| server.GKEbackendConfig.enabled | Enable BackendConfig custom resource for Google Kubernetes Engine. | `false` |
| server.GKEbackendConfig.spec | [BackendConfigSpec](https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom) | `{}` |
| server.certificate.additionalHosts | Certificate manager additional hosts | `[]` |
| server.certificate.domain | Certificate manager domain | `"argocd.example.com"` |
| server.certificate.enabled | Enables a certificate manager certificate. | `false` |
@ -186,7 +195,7 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i
| server.env | Environment variables for the server. | `[]` |
| server.image.repository | Repository to use for the server | `global.image.repository` |
| server.image.imagePullPolicy | Image pull policy for the server | `global.image.imagePullPolicy` |
| server.image.tag | Tag to use for the repo server | `global.image.tag` |
| server.image.tag | Tag to use for the server | `global.image.tag` |
| server.ingress.annotations | Additional ingress annotations | `{}` |
| server.ingress.enabled | Enable an ingress resource for the server | `false` |
| server.ingress.hosts | List of ingress hosts | `[]` |
@ -194,11 +203,11 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i
| server.ingress.tls | Ingress TLS configuration. | `[]` |
| server.route.enabled | Enable a OpenShift route for the server | `false` |
| server.route.hostname | Hostname of OpenShift route | `""` |
| server.livenessProbe.failureThreshold | int | `3` |
| server.livenessProbe.initialDelaySeconds | int | `10` |
| server.livenessProbe.periodSeconds | int | `10` |
| server.livenessProbe.successThreshold | int | `1` |
| server.livenessProbe.timeoutSeconds | int | `1` |
| server.livenessProbe.failureThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `3` |
| server.livenessProbe.initialDelaySeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` |
| server.livenessProbe.periodSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` |
| server.livenessProbe.successThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` |
| server.livenessProbe.timeoutSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` |
| server.logLevel | Log level | `"info"` |
| server.metrics.enabled | Deploy metrics service | `false` |
| server.metrics.service.annotations | Metrics service annotations | `{}` |
@ -207,34 +216,35 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i
| server.metrics.serviceMonitor.enabled | Enable a prometheus ServiceMonitor. | `false` |
| server.metrics.serviceMonitor.selector | Prometheus ServiceMonitor selector. | `{}` |
| server.name | Argo CD server name | `"server"` |
| server.nodeSelector | controller node selector https://kubernetes.io/docs/user-guide/node-selection/ | `{}` |
| server.podAnnotations | Annotations for the repo server pods | `{}` |
| server.podLabels | Labels for the repo server pods | `{}` |
| server.priorityClassName | Priority class for the repo server | `""` |
| server.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` |
| server.podAnnotations | Annotations for the server pods | `{}` |
| server.podLabels | Labels for the server pods | `{}` |
| server.priorityClassName | Priority class for the server | `""` |
| server.rbacConfig | [Argo CD RBAC policy](https://argoproj.github.io/argo-cd/operator-manual/rbac/) | `{}` |
| server.readinessProbe.failureThreshold | int | `3` |
| server.readinessProbe.initialDelaySeconds | int | `10` |
| server.readinessProbe.periodSeconds | int | `10` |
| server.readinessProbe.successThreshold | int | `1` |
| server.readinessProbe.timeoutSeconds | int | `1` |
| server.readinessProbe.failureThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `3` |
| server.readinessProbe.initialDelaySeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` |
| server.readinessProbe.periodSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` |
| server.readinessProbe.successThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` |
| server.readinessProbe.timeoutSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` |
| server.replicas | The number of server pods to run | `1` |
| server.resources | Resource limits and requests for the server | `{}` |
| server.service.annotations | Server service annotations | `{}` |
| server.service.labels | Server service labels | `{}` |
| server.service.servicePortHttp | Server service http port | `80` |
| server.service.servicePortHttps | Server service https port | `443` |
| server.service.loadBalancerSourceRanges | Source IP ranges to allow access to service from. | `[]` |
| server.service.type | Server service type | `"ClusterIP"` |
| server.serviceAccount.create | Create server service account | `true` |
| server.serviceAccount.name | Server service account name | `"argocd-server"` |
| server.tolerations | Tolerations for use with node taints https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | `[]` |
| server.tolerations | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` |
| server.volumeMounts | Server volume mounts | `[]` |
| server.volumes | Server volumes | `[]` |
## Dex
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| dex.affinity | Assign custom affinity rules to the deployment https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ | `{}` |
| Property | Description | Default |
|-----|---------|-------------|
| dex.affinity | [Assign custom affinity rules to the deployment](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) | `{}` |
| dex.containerPortGrpc | GRPC container port | `5557` |
| dex.containerPortHttp | HTTP container port | `5556` |
| dex.enabled | Enable dex | `true` |
@ -246,7 +256,7 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i
| dex.initImage.tag | Argo CD init image tag | `global.image.tag` |
| dex.name | Dex name | `"dex-server"` |
| dex.env | Environment variables for the Dex server. | `[]` |
| dex.nodeSelector | Dex node selector https://kubernetes.io/docs/user-guide/node-selection/ | `{}` |
| dex.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` |
| dex.podAnnotations | Annotations for the Dex server pods | `{}` |
| dex.podLabels | Labels for the Dex server pods | `{}` |
| dex.priorityClassName | Priority class for dex | `""` |
@ -255,15 +265,21 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i
| dex.serviceAccount.name | Dex service account name | `"argocd-dex-server"` |
| dex.servicePortGrpc | Server GRPC port | `5557` |
| dex.servicePortHttp | Server HTTP port | `5556` |
| dex.tolerations | Tolerations for use with node taints https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | `[]` |
| dex.tolerations | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` |
| dex.volumeMounts | Dex volume mounts | `"/shared"` |
| dex.volumes | Dex volumes | `{}` |
## Redis
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| redis.affinity | Assign custom affinity rules to the deployment https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ | `{}` |
When Redis is completely disabled from the chart (`redis.enabled=false`) and
an external Redis instance wants to be used or
when Redis HA subcart is enabled (`redis.enabled=true and redis-ha.enabled=true`)
but HA proxy is disabled `redis-ha.haproxy.enabled=false` Redis flags need to be specified
through `xxx.extraArgs`
| Parameter | Description | Default |
|-----|---------|-------------|
| redis.affinity | [Assign custom affinity rules to the deployment](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) | `{}` |
| redis.containerPort | Redis container port | `6379` |
| redis.enabled | Enable redis | `true` |
| redis.image.imagePullPolicy | Redis imagePullPolicy | `"IfNotPresent"` |
@ -271,10 +287,19 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i
| redis.image.tag | Redis tag | `"5.0.3"` |
| redis.name | Redis name | `"redis"` |
| redis.env | Environment variables for the Redis server. | `[]` |
| redis.nodeSelector | Redis node selector https://kubernetes.io/docs/user-guide/node-selection/ | `{}` |
| redis.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` |
| redis.podAnnotations | Annotations for the Redis server pods | `{}` |
| redis.podLabels | Labels for the Redis server pods | `{}` |
| redis.priorityClassName | Priority class for redis | `""` |
| redis.resources | Resource limits and requests for redis | `{}` |
| redis.servicePort | Redis service port | `6379` |
| redis.tolerations | Tolerations for use with node taints https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | `[]` |
| redis.tolerations | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` |
| redis-ha | Configures [Redis HA subchart](https://github.com/helm/charts/tree/master/stable/redis-ha) The properties below have been changed from the subchart defaults | |
| redis-ha.enabled | Enables the Redis HA subchart and disables the custom Redis single node deployment| `false` |
| redis-ha.exporter.enabled | If `true`, the prometheus exporter sidecar is enabled | `true` |
| redis-ha.persistentVolume.enabled | Configures persistency on Redis nodes | `false`
| redis-ha.redis.masterGroupName | Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated | `argocd`
| redis-ha.redis.config | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) | `` |
| redis-ha.redis.config.save | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled | `""` |
| redis-ha.haproxy.enabled | Enabled HAProxy LoadBalancing/Proxy | `true` |
| redis-ha.haproxy.metrics.enabled | HAProxy enable prometheus metric scraping | `true` |

21
charts/argo-cd/charts/redis-ha/Chart.yaml Normal file
View file

@ -0,0 +1,21 @@
apiVersion: v1
appVersion: 5.0.6
description: Highly available Kubernetes implementation of Redis
engine: gotpl
home: http://redis.io/
icon: https://upload.wikimedia.org/wikipedia/en/thumb/6/6b/Redis_Logo.svg/1200px-Redis_Logo.svg.png
keywords:
- redis
- keyvalue
- database
maintainers:
- email: salimsalaues@gmail.com
name: ssalaues
- email: aaron.layfield@gmail.com
name: dandydeveloper
name: redis-ha
sources:
- https://redis.io/download
- https://github.com/scality/Zenko/tree/development/1.0/kubernetes/zenko/charts/redis-ha
- https://github.com/oliver006/redis_exporter
version: 4.4.2

6
charts/argo-cd/charts/redis-ha/OWNERS Normal file
View file

@ -0,0 +1,6 @@
approvers:
- ssalaues
- dandydeveloper
reviewers:
- ssalaues
- dandydeveloper

230
charts/argo-cd/charts/redis-ha/README.md Normal file
View file

@ -0,0 +1,230 @@
# Redis
[Redis](http://redis.io/) is an advanced key-value cache and store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets, sorted sets, bitmaps and hyperloglogs.
## TL;DR;
```bash
$ helm install stable/redis-ha
```
By default this chart install 3 pods total:
* one pod containing a redis master and sentinel container (optional prometheus metrics exporter sidecar available)
* two pods each containing a redis slave and sentinel containers (optional prometheus metrics exporter sidecars available)
## Introduction
This chart bootstraps a [Redis](https://redis.io) highly available master/slave statefulset in a [Kubernetes](http://kubernetes.io) cluster using the Helm package manager.
## Prerequisites
- Kubernetes 1.8+ with Beta APIs enabled
- PV provisioner support in the underlying infrastructure
## Upgrading the Chart
Please note that there have been a number of changes simplifying the redis management strategy (for better failover and elections) in the 3.x version of this chart. These changes allow the use of official [redis](https://hub.docker.com/_/redis/) images that do not require special RBAC or ServiceAccount roles. As a result when upgrading from version >=2.0.1 to >=3.0.0 of this chart, `Role`, `RoleBinding`, and `ServiceAccount` resources should be deleted manually.
### Upgrading the chart from 3.x to 4.x
Starting from version `4.x` HAProxy sidecar prometheus-exporter removed and replaced by the embedded [HAProxy metrics endpoint](https://github.com/haproxy/haproxy/tree/master/contrib/prometheus-exporter), as a result when upgrading from version 3.x to 4.x section `haproxy.exporter` should be removed and the `haproxy.metrics` need to be configured for fit your needs.
## Installing the Chart
To install the chart
```bash
$ helm install stable/redis-ha
```
The command deploys Redis on the Kubernetes cluster in the default configuration. By default this chart install one master pod containing redis master container and sentinel container along with 2 redis slave pods each containing their own sentinel sidecars. The [configuration](#configuration) section lists the parameters that can be configured during installation.
> **Tip**: List all releases using `helm list`
## Uninstalling the Chart
To uninstall/delete the deployment:
```bash
$ helm delete <chart-name>
```
The command removes all the Kubernetes components associated with the chart and deletes the release.
## Configuration
The following table lists the configurable parameters of the Redis chart and their default values.
| Parameter | Description | Default |
|:--------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-------------------------------------------------------------------------------------------|
| `image` | Redis image | `redis` |
| `imagePullSecrets` | Reference to one or more secrets to be used when pulling redis images | [] |
| `tag` | Redis tag | `5.0.6-alpine` |
| `replicas` | Number of redis master/slave pods | `3` |
| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` |
| `serviceAccount.name` | The name of the ServiceAccount to create | Generated using the redis-ha.fullname template |
| `rbac.create` | Create and use RBAC resources | `true` |
| `redis.port` | Port to access the redis service | `6379` |
| `redis.masterGroupName` | Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated | `mymaster` |
| `redis.config` | Any valid redis config options in this section will be applied to each server (see below) | see values.yaml |
| `redis.customConfig` | Allows for custom redis.conf files to be applied. If this is used then `redis.config` is ignored | `` |
| `redis.resources` | CPU/Memory for master/slave nodes resource requests/limits | `{}` |
| `sentinel.port` | Port to access the sentinel service | `26379` |
| `sentinel.quorum` | Minimum number of servers necessary to maintain quorum | `2` |
| `sentinel.config` | Valid sentinel config options in this section will be applied as config options to each sentinel (see below) | see values.yaml |
| `sentinel.customConfig` | Allows for custom sentinel.conf files to be applied. If this is used then `sentinel.config` is ignored | `` |
| `sentinel.resources` | CPU/Memory for sentinel node resource requests/limits | `{}` |
| `init.resources` | CPU/Memory for init Container node resource requests/limits | `{}` |
| `auth` | Enables or disables redis AUTH (Requires `redisPassword` to be set) | `false` |
| `redisPassword` | A password that configures a `requirepass` and `masterauth` in the conf parameters (Requires `auth: enabled`) | `` |
| `authKey` | The key holding the redis password in an existing secret. | `auth` |
| `existingSecret` | An existing secret containing a key defined by `authKey` that configures `requirepass` and `masterauth` in the conf parameters (Requires `auth: enabled`, cannot be used in conjunction with `.Values.redisPassword`) | `` |
| `nodeSelector` | Node labels for pod assignment | `{}` |
| `tolerations` | Toleration labels for pod assignment | `[]` |
| `hardAntiAffinity` | Whether the Redis server pods should be forced to run on separate nodes. | `true` |
| `additionalAffinities` | Additional affinities to add to the Redis server pods. | `{}` |
| `securityContext` | Security context to be added to the Redis server pods. | `{runAsUser: 1000, fsGroup: 1000, runAsNonRoot: true}` |
| `affinity` | Override all other affinity settings with a string. | `""` |
| `persistentVolume.size` | Size for the volume | 10Gi |
| `persistentVolume.annotations` | Annotations for the volume | `{}` |
| `persistentVolume.reclaimPolicy` | Method used to reclaim an obsoleted volume. `Delete` or `Retain` | `""` |
| `emptyDir` | Configuration of `emptyDir`, used only if persistentVolume is disabled and no hostPath specified | `{}` |
| `exporter.enabled` | If `true`, the prometheus exporter sidecar is enabled | `false` |
| `exporter.image` | Exporter image | `oliver006/redis_exporter` |
| `exporter.tag` | Exporter tag | `v0.31.0` |
| `exporter.port` | Exporter port | `9121` |
| `exporter.annotations` | Prometheus scrape annotations | `{prometheus.io/path: /metrics, prometheus.io/port: "9121", prometheus.io/scrape: "true"}` |
| `exporter.extraArgs` | Additional args for the exporter | `{}` |
| `exporter.script` | A custom custom Lua script that will be mounted to exporter for collection of custom metrics. Creates a ConfigMap and sets env var `REDIS_EXPORTER_SCRIPT`. | |
| `exporter.serviceMonitor.enabled` | Use servicemonitor from prometheus operator | `false` |
| `exporter.serviceMonitor.namespace` | Namespace the service monitor is created in | `default` |
| `exporter.serviceMonitor.interval` | Scrape interval, If not set, the Prometheus default scrape interval is used | `nil` |
| `exporter.serviceMonitor.telemetryPath` | Path to redis-exporter telemetry-path | `/metrics` |
| `exporter.serviceMonitor.labels` | Labels for the servicemonitor passed to Prometheus Operator | `{}` |
| `exporter.serviceMonitor.timeout` | How long until a scrape request times out. If not set, the Prometheus default scape timeout is used | `nil` |
| `haproxy.enabled` | Enabled HAProxy LoadBalancing/Proxy | `false` |
| `haproxy.replicas` | Number of HAProxy instances | `3` |
| `haproxy.image.repository`| HAProxy Image Repository | `haproxy` |
| `haproxy.image.tag` | HAProxy Image Tag | `2.0.1` |
| `haproxy.image.pullPolicy`| HAProxy Image PullPolicy | `IfNotPresent` |
| `haproxy.imagePullSecrets`| Reference to one or more secrets to be used when pulling haproxy images | [] |
| `haproxy.annotations` | HAProxy template annotations | `{}` |
| `haproxy.customConfig` | Allows for custom config-haproxy.cfg file to be applied. If this is used then default config will be overwriten | `` |
| `haproxy.extraConfig` | Allows to place any additional configuration section to add to the default config-haproxy.cfg | `` |
| `haproxy.resources` | HAProxy resources | `{}` |
| `haproxy.emptyDir` | Configuration of `emptyDir` | `{}` |
| `haproxy.service.type` | HAProxy service type "ClusterIP", "LoadBalancer" or "NodePort" | `ClusterIP` |
| `haproxy.service.nodePort` | HAProxy service nodePort value (haproxy.service.type must be NodePort) | not set |
| `haproxy.service.annotations` | HAProxy service annotations | `{}` |
| `haproxy.stickyBalancing` | HAProxy sticky load balancing to Redis nodes. Helps with connections shutdown. | `false` |
| `haproxy.hapreadport.enable` | Enable a read only port for redis slaves | `false` |
| `haproxy.hapreadport.port` | Haproxy port for read only redis slaves | `6380` |
| `haproxy.metrics.enabled` | HAProxy enable prometheus metric scraping | `false` |
| `haproxy.metrics.port` | HAProxy prometheus metrics scraping port | `9101` |
| `haproxy.metrics.portName` | HAProxy metrics scraping port name | `exporter-port` |
| `haproxy.metrics.scrapePath` | HAProxy prometheus metrics scraping port | `/metrics` |
| `haproxy.metrics.serviceMonitor.enabled` | Use servicemonitor from prometheus operator for HAProxy metrics | `false` |
| `haproxy.metrics.serviceMonitor.namespace` | Namespace the service monitor for HAProxy metrics is created in | `default` |
| `haproxy.metrics.serviceMonitor.interval` | Scrape interval, If not set, the Prometheus default scrape interval is used | `nil` |
| `haproxy.metrics.serviceMonitor.telemetryPath` | Path to HAProxy metrics telemetry-path | `/metrics` |
| `haproxy.metrics.serviceMonitor.labels` | Labels for the HAProxy metrics servicemonitor passed to Prometheus Operator | `{}` |
| `haproxy.metrics.serviceMonitor.timeout` | How long until a scrape request times out. If not set, the Prometheus default scape timeout is used | `nil` |
| `haproxy.init.resources` | Extra init resources | `{}` |
| `haproxy.timeout.connect` | haproxy.cfg `timeout connect` setting | `4s` |
| `haproxy.timeout.server` | haproxy.cfg `timeout server` setting | `30s` |
| `haproxy.timeout.client` | haproxy.cfg `timeout client` setting | `30s` |
| `haproxy.timeout.check` | haproxy.cfg `timeout check` setting | `2s` |
| `haproxy.priorityClassName` | priorityClassName for `haproxy` deployment | not set |
| `haproxy.securityContext` | Security context to be added to the HAProxy deployment. | `{runAsUser: 1000, fsGroup: 1000, runAsNonRoot: true}` |
| `haproxy.hardAntiAffinity` | Whether the haproxy pods should be forced to run on separate nodes. | `true` |
| `haproxy.affinity` | Override all other haproxy affinity settings with a string. | `""` |
| `haproxy.additionalAffinities` | Additional affinities to add to the haproxy server pods. | `{}` |
| `podDisruptionBudget` | Pod Disruption Budget rules | `{}` |
| `priorityClassName` | priorityClassName for `redis-ha-statefulset` | not set |
| `hostPath.path` | Use this path on the host for data storage | not set |
| `hostPath.chown` | Run an init-container as root to set ownership on the hostPath | `true` |
| `sysctlImage.enabled` | Enable an init container to modify Kernel settings | `false` |
| `sysctlImage.command` | sysctlImage command to execute | [] |
| `sysctlImage.registry` | sysctlImage Init container registry | `docker.io` |
| `sysctlImage.repository` | sysctlImage Init container name | `busybox` |
| `sysctlImage.tag` | sysctlImage Init container tag | `1.31.1` |
| `sysctlImage.pullPolicy` | sysctlImage Init container pull policy | `Always` |
| `sysctlImage.mountHostSys`| Mount the host `/sys` folder to `/host-sys` | `false` |
| `sysctlImage.resources` | sysctlImage resources | `{}` |
| `schedulerName` | Alternate scheduler name | `nil` |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
```bash
$ helm install \
--set image=redis \
--set tag=5.0.5-alpine \
stable/redis-ha
```
The above command sets the Redis server within `default` namespace.
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
```bash
$ helm install -f values.yaml stable/redis-ha
```
> **Tip**: You can use the default [values.yaml](values.yaml)
## Custom Redis and Sentinel config options
This chart allows for most redis or sentinel config options to be passed as a key value pair through the `values.yaml` under `redis.config` and `sentinel.config`. See links below for all available options.
[Example redis.conf](http://download.redis.io/redis-stable/redis.conf)
[Example sentinel.conf](http://download.redis.io/redis-stable/sentinel.conf)
For example `repl-timeout 60` would be added to the `redis.config` section of the `values.yaml` as:
```yml
repl-timeout: "60"
```
Note:
1. Some config options should be renamed by redis versione.g.:
```
# In redis 5.xsee https://raw.githubusercontent.com/antirez/redis/5.0/redis.conf
min-replicas-to-write: 1
min-replicas-max-lag: 5
# In redis 4.x and redis 3.xsee https://raw.githubusercontent.com/antirez/redis/4.0/redis.conf and https://raw.githubusercontent.com/antirez/redis/3.0/redis.conf
min-slaves-to-write 1
min-slaves-max-lag 5
```
Sentinel options supported must be in the the `sentinel <option> <master-group-name> <value>` format. For example, `sentinel down-after-milliseconds 30000` would be added to the `sentinel.config` section of the `values.yaml` as:
```yml
down-after-milliseconds: 30000
```
If more control is needed from either the redis or sentinel config then an entire config can be defined under `redis.customConfig` or `sentinel.customConfig`. Please note that these values will override any configuration options under their respective section. For example, if you define `sentinel.customConfig` then the `sentinel.config` is ignored.
## Host Kernel Settings
Redis may require some changes in the kernel of the host machine to work as expected, in particular increasing the `somaxconn` value and disabling transparent huge pages.
To do so, you can set up a privileged initContainer with the `sysctlImage` config values, for example:
```
sysctlImage:
enabled: true
mountHostSys: true
command:
- /bin/sh
- -xc
- |-
sysctl -w net.core.somaxconn=10000
echo never > /host-sys/kernel/mm/transparent_hugepage/enabled
```
## HAProxy startup
When HAProxy is enabled, it will attempt to connect to each announce-service of each redis replica instance in its init container before starting.
It will fail if announce-service IP is not available fast enough (10 seconds max by announce-service).
A such case could happen if the orchestator is pending the nomination of redis pods.
Risk is limited because announce-service is using `publishNotReadyAddresses: true`, although, in such case, HAProxy pod will be rescheduled afterward by the orchestrator.

10
charts/argo-cd/charts/redis-ha/ci/haproxy-enabled-values.yaml Normal file
View file

@ -0,0 +1,10 @@
---
## Enable HAProxy to manage Load Balancing
haproxy:
enabled: true
annotations:
any.domain/key: "value"
serviceAccount:
create: true
metrics:
enabled: true

25
charts/argo-cd/charts/redis-ha/templates/NOTES.txt Normal file
View file

@ -0,0 +1,25 @@
Redis can be accessed via port {{ .Values.redis.port }} and Sentinel can be accessed via port {{ .Values.sentinel.port }} on the following DNS name from within your cluster:
{{ template "redis-ha.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local
To connect to your Redis server:
{{- if .Values.auth }}
1. To retrieve the redis password:
echo $(kubectl get secret {{ template "redis-ha.fullname" . }} -o "jsonpath={.data['auth']}" | base64 --decode)
2. Connect to the Redis master pod that you can use as a client. By default the {{ template "redis-ha.fullname" . }}-server-0 pod is configured as the master:
kubectl exec -it {{ template "redis-ha.fullname" . }}-server-0 sh -n {{ .Release.Namespace }}
3. Connect using the Redis CLI (inside container):
redis-cli -a <REDIS-PASS-FROM-SECRET>
{{- else }}
1. Run a Redis pod that you can use as a client:
kubectl exec -it {{ template "redis-ha.fullname" . }}-server-0 sh -n {{ .Release.Namespace }}
2. Connect using the Redis CLI:
redis-cli -h {{ template "redis-ha.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local
{{- end }}

275
charts/argo-cd/charts/redis-ha/templates/_configs.tpl Normal file
View file

@ -0,0 +1,275 @@
{{/* vim: set filetype=mustache: */}}
{{- define "config-redis.conf" }}
{{- if .Values.redis.customConfig }}
{{ tpl .Values.redis.customConfig . | indent 4 }}
{{- else }}
dir "/data"
port {{ .Values.redis.port }}
{{- range $key, $value := .Values.redis.config }}
{{ $key }} {{ $value }}
{{- end }}
{{- if .Values.auth }}
requirepass replace-default-auth
masterauth replace-default-auth
{{- end }}
{{- end }}
{{- end }}
{{- define "config-sentinel.conf" }}
{{- if .Values.sentinel.customConfig }}
{{ tpl .Values.sentinel.customConfig . | indent 4 }}
{{- else }}
dir "/data"
{{- range $key, $value := .Values.sentinel.config }}
{{- if eq "maxclients" $key }}
{{ $key }} {{ $value }}
{{- else }}
sentinel {{ $key }} {{ template "redis-ha.masterGroupName" $ }} {{ $value }}
{{- end }}
{{- end }}
{{- if .Values.auth }}
sentinel auth-pass {{ template "redis-ha.masterGroupName" . }} replace-default-auth
{{- end }}
{{- end }}
{{- end }}
{{- define "config-init.sh" }}
HOSTNAME="$(hostname)"
INDEX="${HOSTNAME##*-}"
MASTER="$(redis-cli -h {{ template "redis-ha.fullname" . }} -p {{ .Values.sentinel.port }} sentinel get-master-addr-by-name {{ template "redis-ha.masterGroupName" . }} | grep -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}')"
MASTER_GROUP="{{ template "redis-ha.masterGroupName" . }}"
QUORUM="{{ .Values.sentinel.quorum }}"
REDIS_CONF=/data/conf/redis.conf
REDIS_PORT={{ .Values.redis.port }}
SENTINEL_CONF=/data/conf/sentinel.conf
SENTINEL_PORT={{ .Values.sentinel.port }}
SERVICE={{ template "redis-ha.fullname" . }}
set -eu
sentinel_update() {
echo "Updating sentinel config with master $MASTER"
eval MY_SENTINEL_ID="\${SENTINEL_ID_$INDEX}"
sed -i "1s/^/sentinel myid $MY_SENTINEL_ID\\n/" "$SENTINEL_CONF"
sed -i "2s/^/sentinel monitor $MASTER_GROUP $1 $REDIS_PORT $QUORUM \\n/" "$SENTINEL_CONF"
echo "sentinel announce-ip $ANNOUNCE_IP" >> $SENTINEL_CONF
echo "sentinel announce-port $SENTINEL_PORT" >> $SENTINEL_CONF
}
redis_update() {
echo "Updating redis config"
echo "slaveof $1 $REDIS_PORT" >> "$REDIS_CONF"
echo "slave-announce-ip $ANNOUNCE_IP" >> $REDIS_CONF
echo "slave-announce-port $REDIS_PORT" >> $REDIS_CONF
}
copy_config() {
cp /readonly-config/redis.conf "$REDIS_CONF"
cp /readonly-config/sentinel.conf "$SENTINEL_CONF"
}
setup_defaults() {
echo "Setting up defaults"
if [ "$INDEX" = "0" ]; then
echo "Setting this pod as the default master"
redis_update "$ANNOUNCE_IP"
sentinel_update "$ANNOUNCE_IP"
sed -i "s/^.*slaveof.*//" "$REDIS_CONF"
else
DEFAULT_MASTER="$(getent hosts "$SERVICE-announce-0" | awk '{ print $1 }')"
if [ -z "$DEFAULT_MASTER" ]; then
echo "Unable to resolve host"
exit 1
fi
echo "Setting default slave config.."
redis_update "$DEFAULT_MASTER"
sentinel_update "$DEFAULT_MASTER"
fi
}
find_master() {
echo "Attempting to find master"
if [ "$(redis-cli -h "$MASTER"{{ if .Values.auth }} -a "$AUTH"{{ end }} ping)" != "PONG" ]; then
echo "Can't ping master, attempting to force failover"
if redis-cli -h "$SERVICE" -p "$SENTINEL_PORT" sentinel failover "$MASTER_GROUP" | grep -q 'NOGOODSLAVE' ; then
setup_defaults
return 0
fi
sleep 10
MASTER="$(redis-cli -h $SERVICE -p $SENTINEL_PORT sentinel get-master-addr-by-name $MASTER_GROUP | grep -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}')"
if [ "$MASTER" ]; then
sentinel_update "$MASTER"
redis_update "$MASTER"
else
echo "Could not failover, exiting..."
exit 1
fi
else
echo "Found reachable master, updating config"
sentinel_update "$MASTER"
redis_update "$MASTER"
fi
}
mkdir -p /data/conf/
echo "Initializing config.."
copy_config
ANNOUNCE_IP=$(getent hosts "$SERVICE-announce-$INDEX" | awk '{ print $1 }')
if [ -z "$ANNOUNCE_IP" ]; then
"Could not resolve the announce ip for this pod"
exit 1
elif [ "$MASTER" ]; then
find_master
else
setup_defaults
fi
if [ "${AUTH:-}" ]; then
echo "Setting auth values"
ESCAPED_AUTH=$(echo "$AUTH" | sed -e 's/[\/&]/\\&/g');
sed -i "s/replace-default-auth/${ESCAPED_AUTH}/" "$REDIS_CONF" "$SENTINEL_CONF"
fi
echo "Ready..."
{{- end }}
{{- define "config-haproxy.cfg" }}
{{- if .Values.haproxy.customConfig }}
{{ .Values.haproxy.customConfig | indent 4}}
{{- else }}
defaults REDIS
mode tcp
timeout connect {{ .Values.haproxy.timeout.connect }}
timeout server {{ .Values.haproxy.timeout.server }}
timeout client {{ .Values.haproxy.timeout.client }}
timeout check {{ .Values.haproxy.timeout.check }}
listen health_check_http_url
bind :8888
mode http
monitor-uri /healthz
option dontlognull
{{- $root := . }}
{{- $fullName := include "redis-ha.fullname" . }}
{{- $replicas := int (toString .Values.replicas) }}
{{- $masterGroupName := include "redis-ha.masterGroupName" . }}
{{- range $i := until $replicas }}
# Check Sentinel and whether they are nominated master
backend check_if_redis_is_master_{{ $i }}
mode tcp
option tcp-check
tcp-check connect
{{- if $root.auth }}
tcp-check send AUTH\ {{ $root.redisPassword }}\r\n
tcp-check expect string +OK
{{- end }}
tcp-check send PING\r\n
tcp-check expect string +PONG
tcp-check send SENTINEL\ get-master-addr-by-name\ {{ $masterGroupName }}\r\n
tcp-check expect string REPLACE_ANNOUNCE{{ $i }}
tcp-check send QUIT\r\n
tcp-check expect string +OK
{{- range $i := until $replicas }}
server R{{ $i }} {{ $fullName }}-announce-{{ $i }}:26379 check inter 1s
{{- end }}
{{- end }}
# decide redis backend to use
#master
frontend ft_redis_master
bind *:{{ $root.Values.redis.port }}
use_backend bk_redis_master
{{- if .Values.haproxy.readOnly.enabled }}
#slave
frontend ft_redis_slave
bind *:{{ .Values.haproxy.readOnly.port }}
use_backend bk_redis_slave
{{- end }}
# Check all redis servers to see if they think they are master
backend bk_redis_master
{{- if .Values.haproxy.stickyBalancing }}
balance source
hash-type consistent
{{- end }}
mode tcp
option tcp-check
tcp-check connect
{{- if .Values.auth }}
tcp-check send AUTH\ REPLACE_AUTH_SECRET\r\n
tcp-check expect string +OK
{{- end }}
tcp-check send PING\r\n
tcp-check expect string +PONG
tcp-check send info\ replication\r\n
tcp-check expect string role:master
tcp-check send QUIT\r\n
tcp-check expect string +OK
{{- range $i := until $replicas }}
use-server R{{ $i }} if { srv_is_up(R{{ $i }}) } { nbsrv(check_if_redis_is_master_{{ $i }}) ge 2 }
server R{{ $i }} {{ $fullName }}-announce-{{ $i }}:{{ $root.Values.redis.port }} check inter 1s fall 1 rise 1
{{- end }}
{{- if .Values.haproxy.readOnly.enabled }}
backend bk_redis_slave
{{- if .Values.haproxy.stickyBalancing }}
balance source
hash-type consistent
{{- end }}
mode tcp
option tcp-check
tcp-check connect
{{- if .Values.auth }}
tcp-check send AUTH\ REPLACE_AUTH_SECRET\r\n
tcp-check expect string +OK
{{- end }}
tcp-check send PING\r\n
tcp-check expect string +PONG
tcp-check send info\ replication\r\n
tcp-check expect string role:slave
tcp-check send QUIT\r\n
tcp-check expect string +OK
{{- range $i := until $replicas }}
server R{{ $i }} {{ $fullName }}-announce-{{ $i }}:{{ $root.Values.redis.port }} check inter 1s fall 1 rise 1
{{- end }}
{{- end }}
{{- if .Values.haproxy.metrics.enabled }}
frontend metrics
mode http
bind *:{{ .Values.haproxy.metrics.port }}
option http-use-htx
http-request use-service prometheus-exporter if { path {{ .Values.haproxy.metrics.scrapePath }} }
{{- end }}
{{- if .Values.haproxy.extraConfig }}
# Additional configuration
{{ .Values.haproxy.extraConfig | indent 4 }}
{{- end }}
{{- end }}
{{- end }}
{{- define "config-haproxy_init.sh" }}
HAPROXY_CONF=/data/haproxy.cfg
cp /readonly/haproxy.cfg "$HAPROXY_CONF"
{{- $fullName := include "redis-ha.fullname" . }}
{{- $replicas := int (toString .Values.replicas) }}
{{- range $i := until $replicas }}
for loop in $(seq 1 10); do
getent hosts {{ $fullName }}-announce-{{ $i }} && break
echo "Waiting for service {{ $fullName }}-announce-{{ $i }} to be ready ($loop) ..." && sleep 1
done
ANNOUNCE_IP{{ $i }}=$(getent hosts "{{ $fullName }}-announce-{{ $i }}" | awk '{ print $1 }')
if [ -z "$ANNOUNCE_IP{{ $i }}" ]; then
echo "Could not resolve the announce ip for {{ $fullName }}-announce-{{ $i }}"
exit 1
fi
sed -i "s/REPLACE_ANNOUNCE{{ $i }}/$ANNOUNCE_IP{{ $i }}/" "$HAPROXY_CONF"
if [ "${AUTH:-}" ]; then
echo "Setting auth values"
ESCAPED_AUTH=$(echo "$AUTH" | sed -e 's/[\/&]/\\&/g');
sed -i "s/REPLACE_AUTH_SECRET/${ESCAPED_AUTH}/" "$HAPROXY_CONF"
fi
{{- end }}
{{- end }}

83
charts/argo-cd/charts/redis-ha/templates/_helpers.tpl Normal file
View file

@ -0,0 +1,83 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "redis-ha.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "redis-ha.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Return sysctl image
*/}}
{{- define "redis.sysctl.image" -}}
{{- $registryName := default "docker.io" .Values.sysctlImage.registry -}}
{{- $tag := default "latest" .Values.sysctlImage.tag | toString -}}
{{- printf "%s/%s:%s" $registryName .Values.sysctlImage.repository $tag -}}
{{- end -}}
{{- /*
Credit: @technosophos
https://github.com/technosophos/common-chart/
labels.standard prints the standard Helm labels.
The standard labels are frequently used in metadata.
*/ -}}
{{- define "labels.standard" -}}
app: {{ template "redis-ha.name" . }}
heritage: {{ .Release.Service | quote }}
release: {{ .Release.Name | quote }}
chart: {{ template "chartref" . }}
{{- end -}}
{{- /*
Credit: @technosophos
https://github.com/technosophos/common-chart/
chartref prints a chart name and version.
It does minimal escaping for use in Kubernetes labels.
Example output:
zookeeper-1.2.3
wordpress-3.2.1_20170219
*/ -}}
{{- define "chartref" -}}
{{- replace "+" "_" .Chart.Version | printf "%s-%s" .Chart.Name -}}
{{- end -}}
{{/*
Create the name of the service account to use
*/}}
{{- define "redis-ha.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "redis-ha.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{- define "redis-ha.masterGroupName" -}}
{{- $masterGroupName := tpl ( .Values.redis.masterGroupName | default "") . -}}
{{- $validMasterGroupName := regexMatch "^[\\w-\\.]+$" $masterGroupName -}}
{{- if $validMasterGroupName -}}
{{ $masterGroupName }}
{{- else -}}
{{ required "A valid .Values.redis.masterGroupName entry is required (matching ^[\\w-\\.]+$)" ""}}
{{- end -}}
{{- end -}}

12
charts/argo-cd/charts/redis-ha/templates/redis-auth-secret.yaml Normal file
View file

@ -0,0 +1,12 @@
{{- if and .Values.auth (not .Values.existingSecret) -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "redis-ha.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{ include "labels.standard" . | indent 4 }}
type: Opaque
data:
{{ .Values.authKey }}: {{ .Values.redisPassword | b64enc | quote }}
{{- end -}}

41
charts/argo-cd/charts/redis-ha/templates/redis-ha-announce-service.yaml Normal file
View file

@ -0,0 +1,41 @@
{{- $fullName := include "redis-ha.fullname" . }}
{{- $namespace := .Release.Namespace -}}
{{- $replicas := int (toString .Values.replicas) }}
{{- $root := . }}
{{- range $i := until $replicas }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ $fullName }}-announce-{{ $i }}
namespace: {{ $namespace }}
labels:
{{ include "labels.standard" $root | indent 4 }}
annotations:
service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
{{- if $root.Values.serviceAnnotations }}
{{ toYaml $root.Values.serviceAnnotations | indent 4 }}
{{- end }}
spec:
publishNotReadyAddresses: true
type: ClusterIP
ports:
- name: server
port: {{ $root.Values.redis.port }}
protocol: TCP
targetPort: redis
- name: sentinel
port: {{ $root.Values.sentinel.port }}
protocol: TCP
targetPort: sentinel
{{- if $root.Values.exporter.enabled }}
- name: exporter
port: {{ $root.Values.exporter.port }}
protocol: TCP
targetPort: exporter-port
{{- end }}
selector:
release: {{ $root.Release.Name }}
app: {{ include "redis-ha.name" $root }}
"statefulset.kubernetes.io/pod-name": {{ $fullName }}-server-{{ $i }}
{{- end }}

25
charts/argo-cd/charts/redis-ha/templates/redis-ha-configmap.yaml Normal file
View file

@ -0,0 +1,25 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "redis-ha.fullname" . }}-configmap
namespace: {{ .Release.Namespace }}
labels:
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
app: {{ template "redis-ha.fullname" . }}
data:
redis.conf: |
{{- include "config-redis.conf" . }}
sentinel.conf: |
{{- include "config-sentinel.conf" . }}
init.sh: |
{{- include "config-init.sh" . }}
{{ if .Values.haproxy.enabled }}
haproxy.cfg: |-
{{- include "config-haproxy.cfg" . }}
{{- end }}
haproxy_init.sh: |
{{- include "config-haproxy_init.sh" . }}

11
charts/argo-cd/charts/redis-ha/templates/redis-ha-exporter-script-configmap.yaml Normal file
View file

@ -0,0 +1,11 @@
{{- if .Values.exporter.script }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "redis-ha.fullname" . }}-exporter-script-configmap
namespace: {{ .Release.Namespace }}
labels:
{{ include "labels.standard" . | indent 4 }}
data:
script: {{ toYaml .Values.exporter.script | indent 2 }}
{{- end }}

15
charts/argo-cd/charts/redis-ha/templates/redis-ha-pdb.yaml Normal file
View file

@ -0,0 +1,15 @@
{{- if .Values.podDisruptionBudget -}}
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
name: {{ template "redis-ha.fullname" . }}-pdb
namespace: {{ .Release.Namespace }}
labels:
{{ include "labels.standard" . | indent 4 }}
spec:
selector:
matchLabels:
release: {{ .Release.Name }}
app: {{ template "redis-ha.name" . }}
{{ toYaml .Values.podDisruptionBudget | indent 2 }}
{{- end -}}

19
charts/argo-cd/charts/redis-ha/templates/redis-ha-role.yaml Normal file
View file

@ -0,0 +1,19 @@
{{- if and .Values.serviceAccount.create .Values.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ template "redis-ha.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
app: {{ template "redis-ha.fullname" . }}
rules:
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
{{- end }}

19
charts/argo-cd/charts/redis-ha/templates/redis-ha-rolebinding.yaml Normal file
View file

@ -0,0 +1,19 @@
{{- if and .Values.serviceAccount.create .Values.rbac.create }}
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ template "redis-ha.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
app: {{ template "redis-ha.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "redis-ha.serviceAccountName" . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "redis-ha.fullname" . }}
{{- end }}

35
charts/argo-cd/charts/redis-ha/templates/redis-ha-service.yaml Normal file
View file

@ -0,0 +1,35 @@
apiVersion: v1
kind: Service
metadata:
name: {{ template "redis-ha.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{ include "labels.standard" . | indent 4 }}
{{- if and ( .Values.exporter.enabled ) ( .Values.exporter.serviceMonitor.enabled ) }}
servicemonitor: enabled
{{- end }}
annotations:
{{- if .Values.serviceAnnotations }}
{{ toYaml .Values.serviceAnnotations | indent 4 }}
{{- end }}
spec:
type: ClusterIP
clusterIP: None
ports:
- name: server
port: {{ .Values.redis.port }}
protocol: TCP
targetPort: redis
- name: sentinel
port: {{ .Values.sentinel.port }}
protocol: TCP
targetPort: sentinel
{{- if .Values.exporter.enabled }}
- name: exporter-port
port: {{ .Values.exporter.port }}
protocol: TCP
targetPort: exporter-port
{{- end }}
selector:
release: {{ .Release.Name }}
app: {{ template "redis-ha.name" . }}

12
charts/argo-cd/charts/redis-ha/templates/redis-ha-serviceaccount.yaml Normal file
View file

@ -0,0 +1,12 @@
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "redis-ha.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
labels:
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
app: {{ template "redis-ha.fullname" . }}
{{- end }}

35
charts/argo-cd/charts/redis-ha/templates/redis-ha-servicemonitor.yaml Normal file
View file

@ -0,0 +1,35 @@
{{- if and ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) ( .Values.exporter.serviceMonitor.enabled ) ( .Values.exporter.enabled ) }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
{{- if .Values.exporter.serviceMonitor.labels }}
labels:
{{ toYaml .Values.exporter.serviceMonitor.labels | indent 4}}
{{- end }}
name: {{ template "redis-ha.fullname" . }}
namespace: {{ .Release.Namespace }}
{{- if .Values.exporter.serviceMonitor.namespace }}
namespace: {{ .Values.exporter.serviceMonitor.namespace }}
{{- end }}
spec:
endpoints:
- targetPort: {{ .Values.exporter.port }}
{{- if .Values.exporter.serviceMonitor.interval }}
interval: {{ .Values.exporter.serviceMonitor.interval }}
{{- end }}
{{- if .Values.exporter.serviceMonitor.telemetryPath }}
path: {{ .Values.exporter.serviceMonitor.telemetryPath }}
{{- end }}
{{- if .Values.exporter.serviceMonitor.timeout }}
scrapeTimeout: {{ .Values.exporter.serviceMonitor.timeout }}
{{- end }}
jobLabel: {{ template "redis-ha.fullname" . }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
selector:
matchLabels:
app: {{ template "redis-ha.name" . }}
release: {{ .Release.Name }}
servicemonitor: enabled
{{- end }}

319
charts/argo-cd/charts/redis-ha/templates/redis-ha-statefulset.yaml Normal file
View file

@ -0,0 +1,319 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ template "redis-ha.fullname" . }}-server
namespace: {{ .Release.Namespace }}
labels:
{{ template "redis-ha.fullname" . }}: replica
{{ include "labels.standard" . | indent 4 }}
spec:
selector:
matchLabels:
release: {{ .Release.Name }}
app: {{ template "redis-ha.name" . }}
serviceName: {{ template "redis-ha.fullname" . }}
replicas: {{ .Values.replicas }}
podManagementPolicy: OrderedReady
updateStrategy:
type: RollingUpdate
template:
metadata:
annotations:
checksum/init-config: {{ print (include "config-redis.conf" .) (include "config-init.sh" .) | sha256sum }}
{{- if .Values.podAnnotations }}
{{ toYaml .Values.podAnnotations | indent 8 }}
{{- end }}
{{- if .Values.exporter.enabled }}
prometheus.io/port: "{{ .Values.exporter.port }}"
prometheus.io/scrape: "true"
prometheus.io/path: {{ .Values.exporter.scrapePath }}
{{- end }}
labels:
release: {{ .Release.Name }}
app: {{ template "redis-ha.name" . }}
{{ template "redis-ha.fullname" . }}: replica
{{- range $key, $value := .Values.labels }}
{{ $key }}: {{ $value }}
{{- end }}
spec:
{{- if .Values.schedulerName }}
schedulerName: "{{ .Values.schedulerName }}"
{{- end }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.tolerations }}
tolerations:
{{ toYaml .Values.tolerations | indent 8 }}
{{- end }}
affinity:
{{- if .Values.affinity }}
{{- with .Values.affinity }}
{{ tpl . $ | indent 8 }}
{{- end }}
{{- else }}
{{- if .Values.additionalAffinities }}
{{ toYaml .Values.additionalAffinities | indent 8 }}
{{- end }}
podAntiAffinity:
{{- if .Values.hardAntiAffinity }}
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app: {{ template "redis-ha.name" . }}
release: {{ .Release.Name }}
{{ template "redis-ha.fullname" . }}: replica
topologyKey: kubernetes.io/hostname
{{- else }}
preferredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app: {{ template "redis-ha.name" . }}
release: {{ .Release.Name }}
{{ template "redis-ha.fullname" . }}: replica
topologyKey: kubernetes.io/hostname
{{- end }}
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchLabels:
app: {{ template "redis-ha.name" . }}
release: {{ .Release.Name }}
{{ template "redis-ha.fullname" . }}: replica
topologyKey: failure-domain.beta.kubernetes.io/zone
{{- end }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }}
{{- end }}
securityContext:
{{ toYaml .Values.securityContext | indent 8 }}
serviceAccountName: {{ template "redis-ha.serviceAccountName" . }}
initContainers:
{{- if .Values.sysctlImage.enabled }}
- name: init-sysctl
image: {{ template "redis.sysctl.image" . }}
imagePullPolicy: {{ .Values.sysctlImage.pullPolicy }}
resources:
{{ toYaml .Values.sysctlImage.resources | indent 10 }}
{{- if .Values.sysctlImage.mountHostSys }}
volumeMounts:
- name: host-sys
mountPath: /host-sys
{{- end }}
command:
{{ toYaml .Values.sysctlImage.command | indent 10 }}
securityContext:
runAsNonRoot: false
privileged: true
runAsUser: 0
{{- end }}
{{- if and .Values.hostPath.path .Values.hostPath.chown }}
- name: hostpath-chown
image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
securityContext:
runAsNonRoot: false
runAsUser: 0
command:
- chown
- "{{ .Values.securityContext.runAsUser }}"
- /data
volumeMounts:
- name: data
mountPath: /data
{{- end }}
- name: config-init
image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
resources:
{{ toYaml .Values.init.resources | indent 10 }}
command:
- sh
args:
- /readonly-config/init.sh
env:
{{- $replicas := int (toString .Values.replicas) -}}
{{- range $i := until $replicas }}
- name: SENTINEL_ID_{{ $i }}
value: {{ printf "%s\n%s\nindex: %d" (include "redis-ha.name" $) ($.Release.Name) $i | sha1sum }}
{{ end -}}
{{- if .Values.auth }}
- name: AUTH
valueFrom:
secretKeyRef:
{{- if .Values.existingSecret }}
name: {{ .Values.existingSecret }}
{{- else }}
name: {{ template "redis-ha.fullname" . }}
{{- end }}
key: {{ .Values.authKey }}
{{- end }}
volumeMounts:
- name: config
mountPath: /readonly-config
readOnly: true
- name: data
mountPath: /data
containers:
- name: redis
image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- redis-server
args:
- /data/conf/redis.conf
env:
{{- if .Values.auth }}
- name: AUTH
valueFrom:
secretKeyRef:
{{- if .Values.existingSecret }}
name: {{ .Values.existingSecret }}
{{- else }}
name: {{ template "redis-ha.fullname" . }}
{{- end }}
key: {{ .Values.authKey }}
{{- end }}
livenessProbe:
tcpSocket:
port: {{ .Values.redis.port }}
initialDelaySeconds: 15
resources:
{{ toYaml .Values.redis.resources | indent 10 }}
ports:
- name: redis
containerPort: {{ .Values.redis.port }}
volumeMounts:
- mountPath: /data
name: data
- name: sentinel
image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- redis-sentinel
args:
- /data/conf/sentinel.conf
{{- if .Values.auth }}
env:
- name: AUTH
valueFrom:
secretKeyRef:
{{- if .Values.existingSecret }}
name: {{ .Values.existingSecret }}
{{- else }}
name: {{ template "redis-ha.fullname" . }}
{{- end }}
key: {{ .Values.authKey }}
{{- end }}
livenessProbe:
tcpSocket:
port: {{ .Values.sentinel.port }}
initialDelaySeconds: 15
resources:
{{ toYaml .Values.sentinel.resources | indent 10 }}
ports:
- name: sentinel
containerPort: {{ .Values.sentinel.port }}
volumeMounts:
- mountPath: /data
name: data
{{- if .Values.exporter.enabled }}
- name: redis-exporter
image: "{{ .Values.exporter.image }}:{{ .Values.exporter.tag }}"
imagePullPolicy: {{ .Values.exporter.pullPolicy }}
args:
{{- range $key, $value := .Values.exporter.extraArgs }}
- --{{ $key }}={{ $value }}
{{- end }}
env:
- name: REDIS_ADDR
value: redis://localhost:{{ .Values.redis.port }}
{{- if .Values.auth }}
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
{{- if .Values.existingSecret }}
name: {{ .Values.existingSecret }}
{{- else }}
name: {{ template "redis-ha.fullname" . }}
{{- end }}
key: {{ .Values.authKey }}
{{- end }}
{{- if .Values.exporter.script }}
- name: REDIS_EXPORTER_SCRIPT
value: /script/script.lua
{{- end }}
livenessProbe:
httpGet:
path: {{ .Values.exporter.scrapePath }}
port: {{ .Values.exporter.port }}
initialDelaySeconds: 15
timeoutSeconds: 1
periodSeconds: 15
resources:
{{ toYaml .Values.exporter.resources | indent 10 }}
ports:
- name: exporter-port
containerPort: {{ .Values.exporter.port }}
{{- if .Values.exporter.script }}
volumeMounts:
- mountPath: /script
name: script-mount
{{- end }}
{{- end }}
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName }}
{{- end }}
volumes:
- name: config
configMap:
name: {{ template "redis-ha.fullname" . }}-configmap
{{- if .Values.sysctlImage.mountHostSys }}
- name: host-sys
hostPath:
path: /sys
{{- end }}
{{- if .Values.exporter.script }}
- name: script-mount
configMap:
name: {{ template "redis-ha.fullname" . }}-exporter-script-configmap
items:
- key: script
path: script.lua
{{- end }}
{{- if .Values.persistentVolume.enabled }}
volumeClaimTemplates:
- metadata:
name: data
annotations:
{{- range $key, $value := .Values.persistentVolume.annotations }}
{{ $key }}: {{ $value }}
{{- end }}
spec:
accessModes:
{{- range .Values.persistentVolume.accessModes }}
- {{ . | quote }}
{{- end }}
resources:
requests:
storage: {{ .Values.persistentVolume.size | quote }}
{{- if .Values.persistentVolume.storageClass }}
{{- if (eq "-" .Values.persistentVolume.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.persistentVolume.storageClass }}"
{{- end }}
{{- end }}
{{- if .Values.persistentVolume.reclaimPolicy }}
persistentVolumeReclaimPolicy: "{{ .Values.persistentVolume.reclaimPolicy }}"
{{- end }}
{{- else if .Values.hostPath.path }}
- name: data
hostPath:
path: {{ tpl .Values.hostPath.path .}}
{{- else }}
- name: data
emptyDir:
{{ toYaml .Values.emptyDir | indent 10 }}
{{- end }}

151
charts/argo-cd/charts/redis-ha/templates/redis-haproxy-deployment.yaml Normal file
View file

@ -0,0 +1,151 @@
{{- if .Values.haproxy.enabled }}
kind: Deployment
apiVersion: apps/v1
metadata:
name: {{ template "redis-ha.fullname" . }}-haproxy
namespace: {{ .Release.Namespace }}
labels:
{{ include "labels.standard" . | indent 4 }}
spec:
strategy:
type: RollingUpdate
revisionHistoryLimit: 1
replicas: {{ .Values.haproxy.replicas }}
selector:
matchLabels:
app: {{ template "redis-ha.name" . }}-haproxy
release: {{ .Release.Name }}
template:
metadata:
name: {{ template "redis-ha.fullname" . }}-haproxy
labels:
app: {{ template "redis-ha.name" . }}-haproxy
release: {{ .Release.Name }}
annotations:
{{- if .Values.haproxy.metrics.enabled }}
prometheus.io/port: "{{ .Values.haproxy.metrics.port }}"
prometheus.io/scrape: "true"
prometheus.io/path: "{{ .Values.haproxy.metrics.scrapePath }}"
{{- end }}
checksum/config: {{ print (include "config-haproxy.cfg" .) (include "config-haproxy_init.sh" .) | sha256sum }}
{{- if .Values.haproxy.annotations }}
{{ toYaml .Values.haproxy.annotations | indent 8 }}
{{- end }}
spec:
# Needed when using unmodified rbac-setup.yml
{{ if .Values.haproxy.serviceAccount.create }}
serviceAccountName: {{ template "redis-ha.serviceAccountName" . }}-haproxy
{{ end }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
tolerations:
{{ toYaml .Values.tolerations | indent 8 }}
affinity:
{{- if .Values.haproxy.affinity }}
{{- with .Values.haproxy.affinity }}
{{ tpl . $ | indent 8 }}
{{- end }}
{{- else }}
{{- if .Values.haproxy.additionalAffinities }}
{{ toYaml .Values.haproxy.additionalAffinities | indent 8 }}
{{- end }}
podAntiAffinity:
{{- if .Values.haproxy.hardAntiAffinity }}
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app: {{ template "redis-ha.name" . }}-haproxy
release: {{ .Release.Name }}
topologyKey: kubernetes.io/hostname
{{- else }}
preferredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app: {{ template "redis-ha.name" . }}-haproxy
release: {{ .Release.Name }}
topologyKey: kubernetes.io/hostname
{{- end }}
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchLabels:
app: {{ template "redis-ha.name" . }}-haproxy
release: {{ .Release.Name }}
topologyKey: failure-domain.beta.kubernetes.io/zone
{{- end }}
initContainers:
- name: config-init
image: {{ .Values.haproxy.image.repository }}:{{ .Values.haproxy.image.tag }}
imagePullPolicy: {{ .Values.haproxy.image.pullPolicy }}
resources:
{{ toYaml .Values.haproxy.init.resources | indent 10 }}
command:
- sh
args:
- /readonly/haproxy_init.sh
{{- if .Values.auth }}
env:
- name: AUTH
valueFrom:
secretKeyRef:
{{- if .Values.existingSecret }}
name: {{ .Values.existingSecret }}
{{- else }}
name: {{ template "redis-ha.fullname" . }}
{{- end }}
key: {{ .Values.authKey }}
{{- end }}
volumeMounts:
- name: config-volume
mountPath: /readonly
readOnly: true
- name: data
mountPath: /data
{{- if .Values.haproxy.imagePullSecrets }}
imagePullSecrets: {{ toYaml .Values.haproxy.imagePullSecrets | nindent 8 }}
{{- end }}
securityContext:
{{ toYaml .Values.haproxy.securityContext | indent 8 }}
containers:
- name: haproxy
image: {{ .Values.haproxy.image.repository }}:{{ .Values.haproxy.image.tag }}
imagePullPolicy: {{ .Values.haproxy.image.pullPolicy }}
livenessProbe:
httpGet:
path: /healthz
port: 8888
initialDelaySeconds: 5
periodSeconds: 3
ports:
- name: redis
containerPort: {{ default "6379" .Values.redis.port }}
{{- if .Values.haproxy.readOnly.enabled }}
- name: readonlyport
containerPort: {{ default "6380" .Values.haproxy.readOnly.port }}
{{- end }}
{{- if .Values.haproxy.metrics.enabled }}
- name: metrics-port
containerPort: {{ default "9101" .Values.haproxy.metrics.port }}
{{- end }}
resources:
{{ toYaml .Values.haproxy.resources | indent 10 }}
volumeMounts:
- name: data
mountPath: /usr/local/etc/haproxy
- name: shared-socket
mountPath: /run/haproxy
{{- if .Values.haproxy.priorityClassName }}
priorityClassName: {{ .Values.haproxy.priorityClassName }}
{{- end }}
volumes:
- name: config-volume
configMap:
name: {{ template "redis-ha.fullname" . }}-configmap
- name: shared-socket
emptyDir:
{{ toYaml .Values.haproxy.emptyDir | indent 10 }}
- name: data
emptyDir:
{{ toYaml .Values.haproxy.emptyDir | indent 10 }}
{{- end }}

42
charts/argo-cd/charts/redis-ha/templates/redis-haproxy-service.yaml Normal file
View file

@ -0,0 +1,42 @@
{{- if .Values.haproxy.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "redis-ha.fullname" . }}-haproxy
namespace: {{ .Release.Namespace }}
labels:
{{ include "labels.standard" . | indent 4 }}
component: {{ template "redis-ha.fullname" . }}-haproxy
annotations:
{{- if .Values.haproxy.service.annotations }}
{{ toYaml .Values.haproxy.service.annotations | indent 4 }}
{{- end }}
spec:
type: {{ default "ClusterIP" .Values.haproxy.service.type }}
{{- if and (eq .Values.haproxy.service.type "LoadBalancer") .Values.haproxy.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.haproxy.service.loadBalancerIP }}
{{- end }}
ports:
- name: haproxy
port: {{ .Values.redis.port }}
protocol: TCP
targetPort: redis
{{- if and (eq .Values.haproxy.service.type "NodePort") .Values.haproxy.service.nodePort }}
nodePort: {{ .Values.haproxy.service.nodePort }}
{{- end }}
{{- if .Values.haproxy.readOnly.enabled }}
- name: haproxyreadonly
port: {{ .Values.haproxy.readOnly.port }}
protocol: TCP
targetPort: {{ .Values.haproxy.readOnly.port }}
{{- end }}
{{- if .Values.haproxy.metrics.enabled }}
- name: {{ .Values.haproxy.metrics.portName }}
port: {{ .Values.haproxy.metrics.port }}
protocol: TCP
targetPort: metrics-port
{{- end }}
selector:
release: {{ .Release.Name }}
app: {{ template "redis-ha.name" . }}-haproxy
{{- end }}

12
charts/argo-cd/charts/redis-ha/templates/redis-haproxy-serviceaccount.yaml Normal file
View file

@ -0,0 +1,12 @@
{{- if and .Values.haproxy.serviceAccount.create .Values.haproxy.enabled }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "redis-ha.serviceAccountName" . }}-haproxy
namespace: {{ .Release.Namespace }}
labels:
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
app: {{ template "redis-ha.fullname" . }}
{{- end }}

34
charts/argo-cd/charts/redis-ha/templates/redis-haproxy-servicemonitor.yaml Normal file
View file

@ -0,0 +1,34 @@
{{- if and ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) ( .Values.haproxy.metrics.serviceMonitor.enabled ) ( .Values.haproxy.metrics.enabled ) }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
{{- with .Values.haproxy.metrics.serviceMonitor.labels }}
labels: {{ toYaml . | nindent 4}}
{{- end }}
name: {{ template "redis-ha.fullname" . }}-haproxy
namespace: {{ .Release.Namespace }}
{{- if .Values.haproxy.metrics.serviceMonitor.namespace }}
namespace: {{ .Values.haproxy.metrics.serviceMonitor.namespace }}
{{- end }}
spec:
endpoints:
- targetPort: {{ .Values.haproxy.metrics.port }}
{{- if .Values.haproxy.metrics.serviceMonitor.interval }}
interval: {{ .Values.haproxy.metrics.serviceMonitor.interval }}
{{- end }}
{{- if .Values.haproxy.metrics.serviceMonitor.telemetryPath }}
path: {{ .Values.haproxy.metrics.serviceMonitor.telemetryPath }}
{{- end }}
{{- if .Values.haproxy.metrics.serviceMonitor.timeout }}
scrapeTimeout: {{ .Values.haproxy.metrics.serviceMonitor.timeout }}
{{- end }}
jobLabel: {{ template "redis-ha.fullname" . }}-haproxy
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
selector:
matchLabels:
app: {{ template "redis-ha.name" . }}
release: {{ .Release.Name }}
component: {{ template "redis-ha.fullname" . }}-haproxy
{{- end }}

27
charts/argo-cd/charts/redis-ha/templates/tests/test-redis-ha-configmap.yaml Normal file
View file

@ -0,0 +1,27 @@
apiVersion: v1
kind: Pod
metadata:
name: {{ template "redis-ha.fullname" . }}-configmap-test
labels:
{{ include "labels.standard" . | indent 4 }}
annotations:
"helm.sh/hook": test-success
spec:
containers:
- name: check-init
image: koalaman/shellcheck:v0.5.0
args:
- --shell=sh
- /readonly-config/init.sh
volumeMounts:
- name: config
mountPath: /readonly-config
readOnly: true
{{- if .Values.imagePullSecrets }}
imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 4 }}
{{- end }}
restartPolicy: Never
volumes:
- name: config
configMap:
name: {{ template "redis-ha.fullname" . }}-configmap

20
charts/argo-cd/charts/redis-ha/templates/tests/test-redis-ha-pod.yaml Normal file
View file

@ -0,0 +1,20 @@
apiVersion: v1
kind: Pod
metadata:
name: {{ template "redis-ha.fullname" . }}-service-test
labels:
{{ include "labels.standard" . | indent 4 }}
annotations:
"helm.sh/hook": test-success
spec:
containers:
- name: "{{ .Release.Name }}-service-test"
image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
command:
- sh
- -c
- redis-cli -h {{ template "redis-ha.fullname" . }} -p {{ .Values.redis.port }} info server
{{- if .Values.imagePullSecrets }}
imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 4 }}
{{- end }}
restartPolicy: Never

362
charts/argo-cd/charts/redis-ha/values.yaml Normal file
View file

@ -0,0 +1,362 @@
## Configure resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
image:
repository: redis
tag: 5.0.6-alpine
pullPolicy: IfNotPresent
## Reference to one or more secrets to be used when pulling images
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## This imagePullSecrets is only for redis images
##
imagePullSecrets: []
# - name: "image-pull-secret"
## replicas number for each component
replicas: 3
## Kubernetes priorityClass name for the redis-ha-server pod
# priorityClassName: ""
## Custom labels for the redis pod
labels: {}
## Pods Service Account
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
serviceAccount:
## Specifies whether a ServiceAccount should be created
##
create: true
## The name of the ServiceAccount to use.
## If not set and create is true, a name is generated using the redis-ha.fullname template
# name:
## Enables a HA Proxy for better LoadBalancing / Sentinel Master support. Automatically proxies to Redis master.
## Recommend for externally exposed Redis clusters.
## ref: https://cbonte.github.io/haproxy-dconv/1.9/intro.html
haproxy:
enabled: false
# Enable if you want a dedicated port in haproxy for redis-slaves
readOnly:
enabled: false
port: 6380
replicas: 3
image:
repository: haproxy
tag: 2.0.4
pullPolicy: IfNotPresent
## Reference to one or more secrets to be used when pulling images
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
imagePullSecrets: []
# - name: "image-pull-secret"
annotations: {}
resources: {}
emptyDir: {}
## Enable sticky sessions to Redis nodes via HAProxy
## Very useful for long-living connections as in case of Sentry for example
stickyBalancing: false
## Kubernetes priorityClass name for the haproxy pod
# priorityClassName: ""
## Service type for HAProxy
##
service:
type: ClusterIP
loadBalancerIP:
annotations: {}
serviceAccount:
create: true
## Official HAProxy embedded prometheus metrics settings.
## Ref: https://github.com/haproxy/haproxy/tree/master/contrib/prometheus-exporter
##
metrics:
enabled: false
# prometheus port & scrape path
port: 9101
portName: exporter-port
scrapePath: /metrics
serviceMonitor:
# When set true then use a ServiceMonitor to configure scraping
enabled: false
# Set the namespace the ServiceMonitor should be deployed
# namespace: monitoring
# Set how frequently Prometheus should scrape
# interval: 30s
# Set path to redis-exporter telemtery-path
# telemetryPath: /metrics
# Set labels for the ServiceMonitor, use this to define your scrape label for Prometheus Operator
# labels: {}
# Set timeout for scrape
# timeout: 10s
init:
resources: {}
timeout:
connect: 4s
server: 30s
client: 30s
check: 2s
securityContext:
runAsUser: 1000
fsGroup: 1000
runAsNonRoot: true
## Whether the haproxy pods should be forced to run on separate nodes.
hardAntiAffinity: true
## Additional affinities to add to the haproxy pods.
additionalAffinities: {}
## Override all other affinity settings for the haproxy pods with a string.
affinity: |
## Custom config-haproxy.cfg files used to override default settings. If this file is
## specified then the config-haproxy.cfg above will be ignored.
# customConfig: |-
# Define configuration here
## Place any additional configuration section to add to the default config-haproxy.cfg
# extraConfig: |-
# Define configuration here
## Role Based Access
## Ref: https://kubernetes.io/docs/admin/authorization/rbac/
##
rbac:
create: true
sysctlImage:
enabled: false
command: []
registry: docker.io
repository: busybox
tag: 1.31.1
pullPolicy: Always
mountHostSys: false
resources: {}
## Use an alternate scheduler, e.g. "stork".
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
# schedulerName:
## Redis specific configuration options
redis:
port: 6379
masterGroupName: "mymaster" # must match ^[\\w-\\.]+$) and can be templated
config:
## Additional redis conf options can be added below
## For all available options see http://download.redis.io/redis-stable/redis.conf
min-replicas-to-write: 1
min-replicas-max-lag: 5 # Value in seconds
maxmemory: "0" # Max memory to use for each redis instance. Default is unlimited.
maxmemory-policy: "volatile-lru" # Max memory policy to use for each redis instance. Default is volatile-lru.
# Determines if scheduled RDB backups are created. Default is false.
# Please note that local (on-disk) RDBs will still be created when re-syncing with a new slave. The only way to prevent this is to enable diskless replication.
save: "900 1"
# When enabled, directly sends the RDB over the wire to slaves, without using the disk as intermediate storage. Default is false.
repl-diskless-sync: "yes"
rdbcompression: "yes"
rdbchecksum: "yes"
## Custom redis.conf files used to override default settings. If this file is
## specified then the redis.config above will be ignored.
# customConfig: |-
# Define configuration here
resources: {}
# requests:
# memory: 200Mi
# cpu: 100m
# limits:
# memory: 700Mi
## Sentinel specific configuration options
sentinel:
port: 26379
quorum: 2
config:
## Additional sentinel conf options can be added below. Only options that
## are expressed in the format simialar to 'sentinel xxx mymaster xxx' will
## be properly templated expect maxclients option.
## For available options see http://download.redis.io/redis-stable/sentinel.conf
down-after-milliseconds: 10000
## Failover timeout value in milliseconds
failover-timeout: 180000
parallel-syncs: 5
maxclients: 10000
## Custom sentinel.conf files used to override default settings. If this file is
## specified then the sentinel.config above will be ignored.
# customConfig: |-
# Define configuration here
resources: {}
# requests:
# memory: 200Mi
# cpu: 100m
# limits:
# memory: 200Mi
securityContext:
runAsUser: 1000
fsGroup: 1000
runAsNonRoot: true
## Node labels, affinity, and tolerations for pod assignment
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
nodeSelector: {}
## Whether the Redis server pods should be forced to run on separate nodes.
## This is accomplished by setting their AntiAffinity with requiredDuringSchedulingIgnoredDuringExecution as opposed to preferred.
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity-beta-feature
##
hardAntiAffinity: true
## Additional affinities to add to the Redis server pods.
##
## Example:
## nodeAffinity:
## preferredDuringSchedulingIgnoredDuringExecution:
## - weight: 50
## preference:
## matchExpressions:
## - key: spot
## operator: NotIn
## values:
## - "true"
##
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
additionalAffinities: {}
## Override all other affinity settings for the Redis server pods with a string.
##
## Example:
## affinity: |
## podAntiAffinity:
## requiredDuringSchedulingIgnoredDuringExecution:
## - labelSelector:
## matchLabels:
## app: {{ template "redis-ha.name" . }}
## release: {{ .Release.Name }}
## topologyKey: kubernetes.io/hostname
## preferredDuringSchedulingIgnoredDuringExecution:
## - weight: 100
## podAffinityTerm:
## labelSelector:
## matchLabels:
## app: {{ template "redis-ha.name" . }}
## release: {{ .Release.Name }}
## topologyKey: failure-domain.beta.kubernetes.io/zone
##
affinity: |
# Prometheus exporter specific configuration options
exporter:
enabled: false
image: oliver006/redis_exporter
tag: v1.3.2
pullPolicy: IfNotPresent
# prometheus port & scrape path
port: 9121
scrapePath: /metrics
# cpu/memory resource limits/requests
resources: {}
# Additional args for redis exporter
extraArgs: {}
# Used to mount a LUA-Script via config map and use it for metrics-collection
# script: |
# -- Example script copied from: https://github.com/oliver006/redis_exporter/blob/master/contrib/sample_collect_script.lua
# -- Example collect script for -script option
# -- This returns a Lua table with alternating keys and values.
# -- Both keys and values must be strings, similar to a HGETALL result.
# -- More info about Redis Lua scripting: https://redis.io/commands/eval
#
# local result = {}
#
# -- Add all keys and values from some hash in db 5
# redis.call("SELECT", 5)
# local r = redis.call("HGETALL", "some-hash-with-stats")
# if r ~= nil then
# for _,v in ipairs(r) do
# table.insert(result, v) -- alternating keys and values
# end
# end
#
# -- Set foo to 42
# table.insert(result, "foo")
# table.insert(result, "42") -- note the string, use tostring() if needed
#
# return result
serviceMonitor:
# When set true then use a ServiceMonitor to configure scraping
enabled: false
# Set the namespace the ServiceMonitor should be deployed
# namespace: monitoring
# Set how frequently Prometheus should scrape
# interval: 30s
# Set path to redis-exporter telemtery-path
# telemetryPath: /metrics
# Set labels for the ServiceMonitor, use this to define your scrape label for Prometheus Operator
# labels: {}
# Set timeout for scrape
# timeout: 10s
podDisruptionBudget: {}
# maxUnavailable: 1
# minAvailable: 1
## Configures redis with AUTH (requirepass & masterauth conf params)
auth: false
# redisPassword:
## Use existing secret containing key `authKey` (ignores redisPassword)
# existingSecret:
## Defines the key holding the redis password in existing secret.
authKey: auth
persistentVolume:
enabled: true
## redis-ha data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
# storageClass: "-"
accessModes:
- ReadWriteOnce
size: 10Gi
annotations: {}
# reclaimPolicy per https://kubernetes.io/docs/concepts/storage/persistent-volumes/#reclaiming
reclaimPolicy: ""
init:
resources: {}
# To use a hostPath for data, set persistentVolume.enabled to false
# and define hostPath.path.
# Warning: this might overwrite existing folders on the host system!
hostPath:
## path is evaluated as template so placeholders are replaced
# path: "/data/{{ .Release.Name }}"
# if chown is true, an init-container with root permissions is launched to
# change the owner of the hostPath folder to the user defined in the
# security context
chown: true
emptyDir: {}

1186
charts/argo-cd/crds/crd-application.yaml
View file

File diff suppressed because it is too large Load diff

508
charts/argo-cd/crds/crd-project.yaml
View file

@ -5,514 +5,126 @@ metadata:
app.kubernetes.io/name: appprojects.argoproj.io
app.kubernetes.io/part-of: argocd
name: appprojects.argoproj.io
annotations:
helm.sh/hook: crd-install
spec:
group: argoproj.io
names:
kind: AppProject
listKind: AppProjectList
plural: appprojects
shortNames:
- appproj
- appprojs
- appproj
- appprojs
singular: appproject
scope: Namespaced
validation:
openAPIV3Schema:
description:
"AppProject provides a logical grouping of applications, providing
description: 'AppProject provides a logical grouping of applications, providing
controls for: * where the apps may deploy to (cluster whitelist) * what may
be deployed (repository whitelist, resource whitelist/blacklist) * who can
access these applications (roles, OIDC group claims bindings) * and what they
can do (RBAC policies) * automation access to these roles (JWT tokens)"
can do (RBAC policies) * automation access to these roles (JWT tokens)'
properties:
apiVersion:
description:
"APIVersion defines the versioned schema of this representation
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources"
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description:
"Kind is a string value representing the REST resource this
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds"
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
properties:
annotations:
additionalProperties:
type: string
description:
"Annotations is an unstructured key value map stored with
a resource that may be set by external tools to store and retrieve
arbitrary metadata. They are not queryable and should be preserved
when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"
type: object
clusterName:
description:
The name of the cluster which the object belongs to. This
is used to distinguish resources with same name and namespace in different
clusters. This field is not set anywhere right now and apiserver is
going to ignore it if set in create or update request.
type: string
deletionGracePeriodSeconds:
description:
Number of seconds allowed for this object to gracefully
terminate before it will be removed from the system. Only set when
deletionTimestamp is also set. May only be shortened. Read-only.
format: int64
type: integer
deletionTimestamp:
description:
"DeletionTimestamp is RFC 3339 date and time at which this
resource will be deleted. This field is set by the server when a graceful
deletion is requested by the user, and is not directly settable by
a client. The resource is expected to be deleted (no longer visible
from resource lists, and not reachable by name) after the time in
this field, once the finalizers list is empty. As long as the finalizers
list contains items, deletion is blocked. Once the deletionTimestamp
is set, this value may not be unset or be set further into the future,
although it may be shortened or the resource may be deleted prior
to this time. For example, a user may request that a pod is deleted
in 30 seconds. The Kubelet will react by sending a graceful termination
signal to the containers in the pod. After that 30 seconds, the Kubelet
will send a hard termination signal (SIGKILL) to the container and
after cleanup, remove the pod from the API. In the presence of network
partitions, this object may still exist after this timestamp, until
an administrator or automated process can determine the resource is
fully terminated. If not set, graceful deletion of the object has
not been requested. \n Populated by the system when a graceful deletion
is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata"
format: date-time
type: string
finalizers:
description:
Must be empty before the object is deleted from the registry.
Each entry is an identifier for the responsible component that will
remove the entry from the list. If the deletionTimestamp of the object
is non-nil, entries in this list can only be removed.
items:
type: string
type: array
generateName:
description:
"GenerateName is an optional prefix, used by the server,
to generate a unique name ONLY IF the Name field has not been provided.
If this field is used, the name returned to the client will be different
than the name passed. This value will also be combined with a unique
suffix. The provided value has the same validation rules as the Name
field, and may be truncated by the length of the suffix required to
make the value unique on the server. \n If this field is specified
and the generated name exists, the server will NOT return a 409 -
instead, it will either return 201 Created or 500 with Reason ServerTimeout
indicating a unique name could not be found in the time allotted,
and the client should retry (optionally after the time indicated in
the Retry-After header). \n Applied only if Name is not specified.
More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#idempotency"
type: string
generation:
description:
A sequence number representing a specific generation of
the desired state. Populated by the system. Read-only.
format: int64
type: integer
initializers:
description:
"An initializer is a controller which enforces some system
invariant at object creation time. This field is a list of initializers
that have not yet acted on this object. If nil or empty, this object
has been completely initialized. Otherwise, the object is considered
uninitialized and is hidden (in list/watch and get calls) from clients
that haven't explicitly asked to observe uninitialized objects. \n
When an object is created, the system will populate this list with
the current set of initializers. Only privileged users may set or
modify this list. Once it is empty, it may not be modified further
by any user. \n DEPRECATED - initializers are an alpha field and will
be removed in v1.15."
properties:
pending:
description:
Pending is a list of initializers that must execute
in order before this object is visible. When the last pending
initializer is removed, and no failing result is set, the initializers
struct will be set to nil and the object is considered as initialized
and visible to all clients.
items:
properties:
name:
description:
name of the process that is responsible for initializing
this object.
type: string
required:
- name
type: object
type: array
result:
description:
If result is set with the Failure field, the object
will be persisted to storage and then deleted, ensuring that other
clients can observe the deletion.
properties:
apiVersion:
description:
"APIVersion defines the versioned schema of this
representation of an object. Servers should convert recognized
schemas to the latest internal value, and may reject unrecognized
values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources"
type: string
code:
description:
Suggested HTTP return code for this status, 0 if
not set.
format: int32
type: integer
details:
description:
Extended data associated with the reason. Each
reason may define its own extended details. This field is
optional and the data returned is not guaranteed to conform
to any schema except that defined by the reason type.
properties:
causes:
description:
The Causes array includes more details associated
with the StatusReason failure. Not all StatusReasons may
provide detailed causes.
items:
properties:
field:
description:
"The field of the resource that has caused
this error, as named by its JSON serialization.
May include dot and postfix notation for nested
attributes. Arrays are zero-indexed. Fields may
appear more than once in an array of causes due
to fields having multiple errors. Optional. \n Examples:
\ \"name\" - the field \"name\" on the current
resource \"items[0].name\" - the field \"name\"
on the first array entry in \"items\""
type: string
message:
description:
A human-readable description of the cause
of the error. This field may be presented as-is
to a reader.
type: string
reason:
description:
A machine-readable description of the
cause of the error. If this value is empty there
is no information available.
type: string
type: object
type: array
group:
description:
The group attribute of the resource associated
with the status StatusReason.
type: string
kind:
description:
"The kind attribute of the resource associated
with the status StatusReason. On some operations may differ
from the requested resource Kind. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds"
type: string
name:
description:
The name attribute of the resource associated
with the status StatusReason (when there is a single name
which can be described).
type: string
retryAfterSeconds:
description:
If specified, the time in seconds before the
operation should be retried. Some errors may indicate
the client must take an alternate action - for those errors
this field may indicate how long to wait before taking
the alternate action.
format: int32
type: integer
uid:
description:
"UID of the resource. (when there is a single
resource which can be described). More info: http://kubernetes.io/docs/user-guide/identifiers#uids"
type: string
type: object
kind:
description:
"Kind is a string value representing the REST resource
this object represents. Servers may infer this from the endpoint
the client submits requests to. Cannot be updated. In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds"
type: string
message:
description:
A human-readable description of the status of this
operation.
type: string
metadata:
description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds"
properties:
continue:
description:
continue may be set if the user set a limit
on the number of items returned, and indicates that the
server has more data available. The value is opaque and
may be used to issue another request to the endpoint that
served this list to retrieve the next set of available
objects. Continuing a consistent list may not be possible
if the server configuration has changed or more than a
few minutes have passed. The resourceVersion field returned
when using this continue value will be identical to the
value in the first response, unless you have received
this token from an error message.
type: string
resourceVersion:
description:
"String that identifies the server's internal
version of this object that can be used by clients to
determine when objects have changed. Value must be treated
as opaque by clients and passed unmodified back to the
server. Populated by the system. Read-only. More info:
https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency"
type: string
selfLink:
description:
selfLink is a URL representing this object.
Populated by the system. Read-only.
type: string
type: object
reason:
description:
A machine-readable description of why this operation
is in the "Failure" status. If this value is empty there is
no information available. A Reason clarifies an HTTP status
code but does not override it.
type: string
status:
description:
'Status of the operation. One of: "Success" or
"Failure". More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status'
type: string
type: object
required:
- pending
type: object
labels:
additionalProperties:
type: string
description:
"Map of string keys and values that can be used to organize
and categorize (scope and select) objects. May match selectors of
replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"
type: object
managedFields:
description:
"ManagedFields maps workflow-id and version to the set
of fields that are managed by that workflow. This is mostly for internal
housekeeping, and users typically shouldn't need to set or understand
this field. A workflow can be the user's name, a controller's name,
or the name of a specific apply path like \"ci-cd\". The set of fields
is always in the version that the workflow used when modifying the
object. \n This field is alpha and can be changed or removed without
notice."
items:
properties:
apiVersion:
description:
APIVersion defines the version of this resource that
this field set applies to. The format is "group/version" just
like the top-level APIVersion field. It is necessary to track
the version of a field set because it cannot be automatically
converted.
type: string
fields:
additionalProperties: true
description: Fields identifies a set of fields.
type: object
manager:
description:
Manager is an identifier of the workflow managing
these fields.
type: string
operation:
description:
Operation is the type of operation which lead to
this ManagedFieldsEntry being created. The only valid values
for this field are 'Apply' and 'Update'.
type: string
time:
description:
Time is timestamp of when these fields were set.
It should always be empty if Operation is 'Apply'
format: date-time
type: string
type: object
type: array
name:
description:
"Name must be unique within a namespace. Is required when
creating resources, although some resources may allow a client to
request the generation of an appropriate name automatically. Name
is primarily intended for creation idempotence and configuration definition.
Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"
type: string
namespace:
description:
"Namespace defines the space within each name must be unique.
An empty namespace is equivalent to the \"default\" namespace, but
\"default\" is the canonical representation. Not all objects are required
to be scoped to a namespace - the value of this field for those objects
will be empty. \n Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces"
type: string
ownerReferences:
description:
List of objects depended by this object. If ALL objects
in the list have been deleted, this object will be garbage collected.
If this object is managed by a controller, then an entry in this list
will point to this controller, with the controller field set to true.
There cannot be more than one managing controller.
items:
properties:
apiVersion:
description: API version of the referent.
type: string
blockOwnerDeletion:
description:
If true, AND if the owner has the "foregroundDeletion"
finalizer, then the owner cannot be deleted from the key-value
store until this reference is removed. Defaults to false. To
set this field, a user needs "delete" permission of the owner,
otherwise 422 (Unprocessable Entity) will be returned.
type: boolean
controller:
description: If true, this reference points to the managing controller.
type: boolean
kind:
description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds"
type: string
name:
description: "Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names"
type: string
uid:
description: "UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"
type: string
required:
- apiVersion
- kind
- name
- uid
type: object
type: array
resourceVersion:
description:
"An opaque value that represents the internal version of
this object that can be used by clients to determine when objects
have changed. May be used for optimistic concurrency, change detection,
and the watch operation on a resource or set of resources. Clients
must treat these values as opaque and passed unmodified back to the
server. They may only be valid for a particular resource or set of
resources. \n Populated by the system. Read-only. Value must be treated
as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency"
type: string
selfLink:
description:
SelfLink is a URL representing this object. Populated by
the system. Read-only.
type: string
uid:
description:
"UID is the unique in time and space value for this object.
It is typically generated by the server on successful creation of
a resource and is not allowed to change on PUT operations. \n Populated
by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"
type: string
type: object
spec:
description: AppProjectSpec is the specification of an AppProject
properties:
clusterResourceWhitelist:
description:
ClusterResourceWhitelist contains list of whitelisted cluster
description: ClusterResourceWhitelist contains list of whitelisted cluster
level resources
items:
description: GroupKind specifies a Group and a Kind, but does not
force a version. This is useful for identifying concepts during
lookup stages without having partially valid types
properties:
group:
type: string
kind:
type: string
required:
- group
- kind
- group
- kind
type: object
type: array
description:
description: Description contains optional project description
type: string
destinations:
description:
Destinations contains list of destinations available for
description: Destinations contains list of destinations available for
deployment
items:
description: ApplicationDestination contains deployment destination
information
properties:
namespace:
description:
Namespace overrides the environment namespace value
description: Namespace overrides the environment namespace value
in the ksonnet app.yaml
type: string
server:
description:
Server overrides the environment server value in
description: Server overrides the environment server value in
the ksonnet app.yaml
type: string
type: object
type: array
namespaceResourceBlacklist:
description:
NamespaceResourceBlacklist contains list of blacklisted
description: NamespaceResourceBlacklist contains list of blacklisted
namespace level resources
items:
description: GroupKind specifies a Group and a Kind, but does not
force a version. This is useful for identifying concepts during
lookup stages without having partially valid types
properties:
group:
type: string
kind:
type: string
required:
- group
- kind
- group
- kind
type: object
type: array
orphanedResources:
description:
OrphanedResources specifies if controller should monitor
description: OrphanedResources specifies if controller should monitor
orphaned resources of apps in this project
properties:
warn:
description:
Warn indicates if warning condition should be created
description: Warn indicates if warning condition should be created
for apps which have orphaned resources
type: boolean
type: object
roles:
description:
Roles are user defined RBAC roles associated with this
description: Roles are user defined RBAC roles associated with this
project
items:
description: ProjectRole represents a role that has access to a project
properties:
description:
description: Description is a description of the role
type: string
groups:
description:
Groups are a list of OIDC group claims bound to this
description: Groups are a list of OIDC group claims bound to this
role
items:
type: string
type: array
jwtTokens:
description:
JWTTokens are a list of generated JWT tokens bound
description: JWTTokens are a list of generated JWT tokens bound
to this role
items:
description: JWTToken holds the issuedAt and expiresAt values
of a token
properties:
exp:
format: int64
@ -521,83 +133,77 @@ spec:
format: int64
type: integer
required:
- iat
- iat
type: object
type: array
name:
description: Name is a name for this role
type: string
policies:
description:
Policies Stores a list of casbin formated strings
description: Policies Stores a list of casbin formated strings
that define access policies for the role in the project
items:
type: string
type: array
required:
- name
- name
type: object
type: array
sourceRepos:
description:
SourceRepos contains list of repository URLs which can
description: SourceRepos contains list of repository URLs which can
be used for deployment
items:
type: string
type: array
syncWindows:
description:
SyncWindows controls when syncs can be run for apps in
description: SyncWindows controls when syncs can be run for apps in
this project
items:
description: SyncWindow contains the kind, time, duration and attributes
that are used to assign the syncWindows to apps
properties:
applications:
description:
Applications contains a list of applications that
description: Applications contains a list of applications that
the window will apply to
items:
type: string
type: array
clusters:
description:
Clusters contains a list of clusters that the window
description: Clusters contains a list of clusters that the window
will apply to
items:
type: string
type: array
duration:
description:
Duration is the amount of time the sync window will
description: Duration is the amount of time the sync window will
be open
type: string
kind:
description: Kind defines if the window allows or blocks syncs
type: string
manualSync:
description:
ManualSync enables manual syncs when they would otherwise
description: ManualSync enables manual syncs when they would otherwise
be blocked
type: boolean
namespaces:
description:
Namespaces contains a list of namespaces that the
description: Namespaces contains a list of namespaces that the
window will apply to
items:
type: string
type: array
schedule:
description:
Schedule is the time the window will begin, specified
description: Schedule is the time the window will begin, specified
in cron format
type: string
type: object
type: array
type: object
required:
- metadata
- spec
- metadata
- spec
type: object
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true
- name: v1alpha1
served: true
storage: true

6
charts/argo-cd/requirements.lock Normal file
View file

@ -0,0 +1,6 @@
dependencies:
- name: redis-ha
repository: https://kubernetes-charts.storage.googleapis.com
version: 4.4.2
digest: sha256:70fdd035c3aa3b7185882f12a73143c58ab32f04262dda2cf34a2b1a52116d96
generated: "2020-03-29T14:37:59.349371452+01:00"

5
charts/argo-cd/requirements.yaml
View file

@ -0,0 +1,5 @@
dependencies:
- name: redis-ha
version: 4.4.2
repository: https://kubernetes-charts.storage.googleapis.com
condition: redis-ha.enabled

7
charts/argo-cd/templates/_helpers.tpl
View file

@ -42,8 +42,15 @@ Create dex name and version as used by the chart label.
Create redis name and version as used by the chart label.
*/}}
{{- define "argo-cd.redis.fullname" -}}
{{ $redisHa := (index .Values "redis-ha") }}
{{- if $redisHa.enabled -}}
{{- if $redisHa.haproxy.enabled -}}
{{- printf "%s-redis-ha-haproxy" .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- else -}}
{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.redis.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{/*
Create argocd server name and version as used by the chart label.

8
charts/argo-cd/templates/argocd-application-controller/deployment.yaml
View file

@ -1,4 +1,4 @@
{{- $redisHa := (index .Values "redis-ha") -}}
apiVersion: apps/v1
kind: Deployment
metadata:
@ -56,7 +56,7 @@ spec:
- {{ template "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }}
- --loglevel
- {{ .Values.controller.logLevel }}
{{- if .Values.redis.enabled }}
{{- if or (and .Values.redis.enabled (not $redisHa.enabled)) (and $redisHa.enabled $redisHa.haproxy.enabled) }}
- --redis
- {{ template "argo-cd.redis.fullname" . }}:{{ .Values.redis.servicePort }}
{{- end }}
@ -113,6 +113,10 @@ spec:
{{- toYaml .Values.controller.affinity | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "argo-cd.controllerServiceAccountName" . }}
{{- with .Values.global.hostAliases }}
hostAliases:
{{ toYaml . | indent 6 }}
{{- end }}
{{- if .Values.controller.volumes }}
volumes:
{{- toYaml .Values.controller.volumes | nindent 8 }}

6
charts/argo-cd/templates/argocd-configs/argocd-secret.yaml
View file

@ -10,6 +10,12 @@ metadata:
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.server.name }}
{{- if .Values.configs.secret.annotations }}
annotations:
{{- range $key, $value := .Values.configs.secret.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
type: Opaque
{{- if or .Values.configs.secret.githubSecret (or .Values.configs.secret.gitlabSecret .Values.configs.secret.bitbucketUUID .Values.configs.secret.bitbucketServerSecret .Values.configs.secret.gogsSecret .Values.configs.secret.argocdServerAdminPassword .Values.configs.secret.argocdServerTlsConfig .Values.configs.secret.extra) }}
# Setting a blank data again will wipe admin password/key/cert

20
charts/argo-cd/templates/argocd-repo-server/deployment.yaml
View file

@ -1,3 +1,4 @@
{{- $redisHa := (index .Values "redis-ha") -}}
apiVersion: apps/v1
kind: Deployment
metadata:
@ -52,7 +53,10 @@ spec:
imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.repoServer.image.imagePullPolicy }}
command:
- argocd-repo-server
{{- if .Values.redis.enabled }}
{{- if .Values.openshift.enabled }}
- uid_entrypoint.sh
{{- end }}
{{- if or (and .Values.redis.enabled (not $redisHa.enabled)) (and $redisHa.enabled $redisHa.haproxy.enabled) }}
- --redis
- {{ template "argo-cd.redis.fullname" . }}:{{ .Values.redis.servicePort }}
{{- end }}
@ -64,10 +68,16 @@ spec:
{{- if .Values.repoServer.containerSecurityContext }}
securityContext: {{- toYaml .Values.repoServer.containerSecurityContext | nindent 10 }}
{{- end }}
{{- if .Values.repoServer.env }}
{{- if or (.Values.repoServer.env) (.Values.openshift.enabled) }}
env:
{{- if .Values.repoServer.env }}
{{- toYaml .Values.repoServer.env | nindent 8 }}
{{- end }}
{{- end }}
{{- if .Values.openshift.enabled }}
- name: USER_NAME
value: argocd
{{- end }}
{{- end }}
volumeMounts:
{{- if .Values.repoServer.volumeMounts }}
{{- toYaml .Values.repoServer.volumeMounts | nindent 8}}
@ -120,6 +130,10 @@ spec:
{{- toYaml .Values.repoServer.affinity | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "argo-cd.repoServerServiceAccountName" . }}
{{- with .Values.global.hostAliases }}
hostAliases:
{{ toYaml . | indent 6 }}
{{- end }}
volumes:
{{- if .Values.repoServer.volumes }}
{{- toYaml .Values.repoServer.volumes | nindent 6}}

15
charts/argo-cd/templates/argocd-server/backendconfig.yaml Normal file
View file

@ -0,0 +1,15 @@
{{- if .Values.server.GKEbackendConfig.enabled }}
apiVersion: cloud.google.com/v1beta1
kind: BackendConfig
metadata:
name: {{ template "argo-cd.server.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.server.name }}
spec:
{{- toYaml .Values.server.GKEbackendConfig.spec | nindent 2 }}
{{- end }}

4
charts/argo-cd/templates/argocd-server/certificate.yaml
View file

@ -1,5 +1,7 @@
{{- if .Values.server.certificate.enabled -}}
{{- if .Capabilities.APIVersions.Has "cert-manager.io/v1alpha2" }}
{{- if .Capabilities.APIVersions.Has "cert-manager.io/v1alpha3" }}
apiVersion: cert-manager.io/v1alpha3
{{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1alpha2" }}
apiVersion: cert-manager.io/v1alpha2
{{- else }}
apiVersion: certmanager.k8s.io/v1alpha1

7
charts/argo-cd/templates/argocd-server/deployment.yaml
View file

@ -1,3 +1,4 @@
{{- $redisHa := (index .Values "redis-ha") -}}
apiVersion: apps/v1
kind: Deployment
metadata:
@ -62,7 +63,7 @@ spec:
{{- end }}
- --loglevel
- {{ .Values.server.logLevel }}
{{- if .Values.redis.enabled }}
{{- if or (and .Values.redis.enabled (not $redisHa.enabled)) (and $redisHa.enabled $redisHa.haproxy.enabled) }}
- --redis
- {{ template "argo-cd.redis.fullname" . }}:{{ .Values.redis.servicePort }}
{{- end }}
@ -130,6 +131,10 @@ spec:
{{- toYaml .Values.server.affinity | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "argo-cd.serverServiceAccountName" . }}
{{- with .Values.global.hostAliases }}
hostAliases:
{{ toYaml . | indent 6 }}
{{- end }}
volumes:
{{- if .Values.server.volumes }}
{{- toYaml .Values.server.volumes | nindent 6}}

4
charts/argo-cd/templates/argocd-server/ingress.yaml
View file

@ -2,7 +2,11 @@
{{- $serviceName := include "argo-cd.server.fullname" . -}}
{{- $servicePort := .Values.server.service.servicePortHttp -}}
{{- $paths := .Values.server.ingress.paths -}}
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
apiVersion: networking.k8s.io/v1beta1
{{ else }}
apiVersion: extensions/v1beta1
{{ end -}}
kind: Ingress
metadata:
{{- if .Values.server.ingress.annotations }}

6
charts/argo-cd/templates/argocd-server/projects.yaml
View file

@ -6,9 +6,9 @@ items:
- apiVersion: argoproj.io/v1alpha1
kind: AppProject
metadata:
{{- if .additionalProjects }}
{{- if .additionalAnnotations }}
annotations:
{{- range $key, $value := .additionalProjects }}
{{- range $key, $value := .additionalAnnotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
@ -43,4 +43,4 @@ items:
{{- toYaml .roles | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

6
charts/argo-cd/templates/argocd-server/route.yaml
View file

@ -23,7 +23,9 @@ spec:
port:
targetPort: https
tls:
termination: passthrough
insecureEdgeTerminationPolicy: None
termination: {{ .Values.server.route.termination_type | default "passthrough" }}
insecureEdgeTerminationPolicy: {{ .Values.server.route.termination_policy | default "None" }}
wildcardPolicy: None
status:
ingress: []
{{- end }}

14
charts/argo-cd/templates/argocd-server/service.yaml
View file

@ -15,6 +15,9 @@ metadata:
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.server.name }}
{{- if .Values.server.service.labels }}
{{- toYaml .Values.server.service.labels | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.server.service.type }}
ports:
@ -28,4 +31,13 @@ spec:
targetPort: {{ .Values.server.name }}
selector:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}
{{- if eq .Values.server.service.type "LoadBalancer" }}
{{- if .Values.server.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.server.service.loadBalancerIP | quote }}
{{- end }}
{{- if .Values.server.service.loadBalancerSourceRanges }}
loadBalancerSourceranges:
{{ toYaml .Values.server.service.loadBalancerSourceRanges | indent 4 }}
{{- end }}
{{- end -}}

6
charts/argo-cd/templates/crds.yaml Normal file
View file

@ -0,0 +1,6 @@
{{- if .Values.installCRDs }}
{{- range $path, $_ := .Files.Glob "crds/*.yaml" }}
{{ $.Files.Get $path }}
---
{{- end }}
{{- end }}

1762
charts/argo-cd/templates/crds/application-crd.yaml
View file

File diff suppressed because it is too large Load diff

544
charts/argo-cd/templates/crds/appproject-crd.yaml
View file

@ -1,544 +0,0 @@
{{- if .Values.installCRDs }}
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/part-of: argocd
name: appprojects.argoproj.io
annotations:
"helm.sh/hook": crd-install
"helm.sh/hook-delete-policy": before-hook-creation
spec:
group: argoproj.io
names:
kind: AppProject
plural: appprojects
shortNames:
- appproj
- appprojs
scope: Namespaced
validation:
openAPIV3Schema:
description: 'AppProject provides a logical grouping of applications, providing
controls for: * where the apps may deploy to (cluster whitelist) * what may
be deployed (repository whitelist, resource whitelist/blacklist) * who can
access these applications (roles, OIDC group claims bindings) * and what they
can do (RBAC policies) * automation access to these roles (JWT tokens)'
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
metadata:
properties:
annotations:
additionalProperties:
type: string
description: 'Annotations is an unstructured key value map stored with
a resource that may be set by external tools to store and retrieve
arbitrary metadata. They are not queryable and should be preserved
when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations'
type: object
clusterName:
description: The name of the cluster which the object belongs to. This
is used to distinguish resources with same name and namespace in different
clusters. This field is not set anywhere right now and apiserver is
going to ignore it if set in create or update request.
type: string
deletionGracePeriodSeconds:
description: Number of seconds allowed for this object to gracefully
terminate before it will be removed from the system. Only set when
deletionTimestamp is also set. May only be shortened. Read-only.
format: int64
type: integer
deletionTimestamp:
description: "DeletionTimestamp is RFC 3339 date and time at which this
resource will be deleted. This field is set by the server when a graceful
deletion is requested by the user, and is not directly settable by
a client. The resource is expected to be deleted (no longer visible
from resource lists, and not reachable by name) after the time in
this field, once the finalizers list is empty. As long as the finalizers
list contains items, deletion is blocked. Once the deletionTimestamp
is set, this value may not be unset or be set further into the future,
although it may be shortened or the resource may be deleted prior
to this time. For example, a user may request that a pod is deleted
in 30 seconds. The Kubelet will react by sending a graceful termination
signal to the containers in the pod. After that 30 seconds, the Kubelet
will send a hard termination signal (SIGKILL) to the container and
after cleanup, remove the pod from the API. In the presence of network
partitions, this object may still exist after this timestamp, until
an administrator or automated process can determine the resource is
fully terminated. If not set, graceful deletion of the object has
not been requested. \n Populated by the system when a graceful deletion
is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata"
format: date-time
type: string
finalizers:
description: Must be empty before the object is deleted from the registry.
Each entry is an identifier for the responsible component that will
remove the entry from the list. If the deletionTimestamp of the object
is non-nil, entries in this list can only be removed.
items:
type: string
type: array
generateName:
description: "GenerateName is an optional prefix, used by the server,
to generate a unique name ONLY IF the Name field has not been provided.
If this field is used, the name returned to the client will be different
than the name passed. This value will also be combined with a unique
suffix. The provided value has the same validation rules as the Name
field, and may be truncated by the length of the suffix required to
make the value unique on the server. \n If this field is specified
and the generated name exists, the server will NOT return a 409 -
instead, it will either return 201 Created or 500 with Reason ServerTimeout
indicating a unique name could not be found in the time allotted,
and the client should retry (optionally after the time indicated in
the Retry-After header). \n Applied only if Name is not specified.
More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#idempotency"
type: string
generation:
description: A sequence number representing a specific generation of
the desired state. Populated by the system. Read-only.
format: int64
type: integer
initializers:
description: "An initializer is a controller which enforces some system
invariant at object creation time. This field is a list of initializers
that have not yet acted on this object. If nil or empty, this object
has been completely initialized. Otherwise, the object is considered
uninitialized and is hidden (in list/watch and get calls) from clients
that haven't explicitly asked to observe uninitialized objects. \n
When an object is created, the system will populate this list with
the current set of initializers. Only privileged users may set or
modify this list. Once it is empty, it may not be modified further
by any user. \n DEPRECATED - initializers are an alpha field and will
be removed in v1.15."
properties:
pending:
description: Pending is a list of initializers that must execute
in order before this object is visible. When the last pending
initializer is removed, and no failing result is set, the initializers
struct will be set to nil and the object is considered as initialized
and visible to all clients.
items:
properties:
name:
description: name of the process that is responsible for initializing
this object.
type: string
required:
- name
type: object
type: array
result:
description: If result is set with the Failure field, the object
will be persisted to storage and then deleted, ensuring that other
clients can observe the deletion.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this
representation of an object. Servers should convert recognized
schemas to the latest internal value, and may reject unrecognized
values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
type: string
code:
description: Suggested HTTP return code for this status, 0 if
not set.
format: int32
type: integer
details:
description: Extended data associated with the reason. Each
reason may define its own extended details. This field is
optional and the data returned is not guaranteed to conform
to any schema except that defined by the reason type.
properties:
causes:
description: The Causes array includes more details associated
with the StatusReason failure. Not all StatusReasons may
provide detailed causes.
items:
properties:
field:
description: "The field of the resource that has caused
this error, as named by its JSON serialization.
May include dot and postfix notation for nested
attributes. Arrays are zero-indexed. Fields may
appear more than once in an array of causes due
to fields having multiple errors. Optional. \n Examples:
\ \"name\" - the field \"name\" on the current
resource \"items[0].name\" - the field \"name\"
on the first array entry in \"items\""
type: string
message:
description: A human-readable description of the cause
of the error. This field may be presented as-is
to a reader.
type: string
reason:
description: A machine-readable description of the
cause of the error. If this value is empty there
is no information available.
type: string
type: object
type: array
group:
description: The group attribute of the resource associated
with the status StatusReason.
type: string
kind:
description: 'The kind attribute of the resource associated
with the status StatusReason. On some operations may differ
from the requested resource Kind. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
name:
description: The name attribute of the resource associated
with the status StatusReason (when there is a single name
which can be described).
type: string
retryAfterSeconds:
description: If specified, the time in seconds before the
operation should be retried. Some errors may indicate
the client must take an alternate action - for those errors
this field may indicate how long to wait before taking
the alternate action.
format: int32
type: integer
uid:
description: 'UID of the resource. (when there is a single
resource which can be described). More info: http://kubernetes.io/docs/user-guide/identifiers#uids'
type: string
type: object
kind:
description: 'Kind is a string value representing the REST resource
this object represents. Servers may infer this from the endpoint
the client submits requests to. Cannot be updated. In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
message:
description: A human-readable description of the status of this
operation.
type: string
metadata:
description: 'Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
properties:
continue:
description: continue may be set if the user set a limit
on the number of items returned, and indicates that the
server has more data available. The value is opaque and
may be used to issue another request to the endpoint that
served this list to retrieve the next set of available
objects. Continuing a consistent list may not be possible
if the server configuration has changed or more than a
few minutes have passed. The resourceVersion field returned
when using this continue value will be identical to the
value in the first response, unless you have received
this token from an error message.
type: string
resourceVersion:
description: 'String that identifies the server''s internal
version of this object that can be used by clients to
determine when objects have changed. Value must be treated
as opaque by clients and passed unmodified back to the
server. Populated by the system. Read-only. More info:
https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency'
type: string
selfLink:
description: selfLink is a URL representing this object.
Populated by the system. Read-only.
type: string
type: object
reason:
description: A machine-readable description of why this operation
is in the "Failure" status. If this value is empty there is
no information available. A Reason clarifies an HTTP status
code but does not override it.
type: string
status:
description: 'Status of the operation. One of: "Success" or
"Failure". More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status'
type: string
type: object
required:
- pending
type: object
labels:
additionalProperties:
type: string
description: 'Map of string keys and values that can be used to organize
and categorize (scope and select) objects. May match selectors of
replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels'
type: object
managedFields:
description: "ManagedFields maps workflow-id and version to the set
of fields that are managed by that workflow. This is mostly for internal
housekeeping, and users typically shouldn't need to set or understand
this field. A workflow can be the user's name, a controller's name,
or the name of a specific apply path like \"ci-cd\". The set of fields
is always in the version that the workflow used when modifying the
object. \n This field is alpha and can be changed or removed without
notice."
items:
properties:
apiVersion:
description: APIVersion defines the version of this resource that
this field set applies to. The format is "group/version" just
like the top-level APIVersion field. It is necessary to track
the version of a field set because it cannot be automatically
converted.
type: string
fields:
additionalProperties: true
description: Fields identifies a set of fields.
type: object
manager:
description: Manager is an identifier of the workflow managing
these fields.
type: string
operation:
description: Operation is the type of operation which lead to
this ManagedFieldsEntry being created. The only valid values
for this field are 'Apply' and 'Update'.
type: string
time:
description: Time is timestamp of when these fields were set.
It should always be empty if Operation is 'Apply'
format: date-time
type: string
type: object
type: array
name:
description: 'Name must be unique within a namespace. Is required when
creating resources, although some resources may allow a client to
request the generation of an appropriate name automatically. Name
is primarily intended for creation idempotence and configuration definition.
Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names'
type: string
namespace:
description: "Namespace defines the space within each name must be unique.
An empty namespace is equivalent to the \"default\" namespace, but
\"default\" is the canonical representation. Not all objects are required
to be scoped to a namespace - the value of this field for those objects
will be empty. \n Must be a DNS_LABEL. Cannot be updated. More info:
http://kubernetes.io/docs/user-guide/namespaces"
type: string
ownerReferences:
description: List of objects depended by this object. If ALL objects
in the list have been deleted, this object will be garbage collected.
If this object is managed by a controller, then an entry in this list
will point to this controller, with the controller field set to true.
There cannot be more than one managing controller.
items:
properties:
apiVersion:
description: API version of the referent.
type: string
blockOwnerDeletion:
description: If true, AND if the owner has the "foregroundDeletion"
finalizer, then the owner cannot be deleted from the key-value
store until this reference is removed. Defaults to false. To
set this field, a user needs "delete" permission of the owner,
otherwise 422 (Unprocessable Entity) will be returned.
type: boolean
controller:
description: If true, this reference points to the managing controller.
type: boolean
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names'
type: string
uid:
description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids'
type: string
required:
- apiVersion
- kind
- name
- uid
type: object
type: array
resourceVersion:
description: "An opaque value that represents the internal version of
this object that can be used by clients to determine when objects
have changed. May be used for optimistic concurrency, change detection,
and the watch operation on a resource or set of resources. Clients
must treat these values as opaque and passed unmodified back to the
server. They may only be valid for a particular resource or set of
resources. \n Populated by the system. Read-only. Value must be treated
as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency"
type: string
selfLink:
description: SelfLink is a URL representing this object. Populated by
the system. Read-only.
type: string
uid:
description: "UID is the unique in time and space value for this object.
It is typically generated by the server on successful creation of
a resource and is not allowed to change on PUT operations. \n Populated
by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"
type: string
type: object
spec:
properties:
clusterResourceWhitelist:
description: ClusterResourceWhitelist contains list of whitelisted cluster
level resources
items:
properties:
group:
type: string
kind:
type: string
required:
- group
- kind
type: object
type: array
description:
description: Description contains optional project description
type: string
destinations:
description: Destinations contains list of destinations available for
deployment
items:
properties:
namespace:
description: Namespace overrides the environment namespace value
in the ksonnet app.yaml
type: string
server:
description: Server overrides the environment server value in
the ksonnet app.yaml
type: string
type: object
type: array
namespaceResourceBlacklist:
description: NamespaceResourceBlacklist contains list of blacklisted
namespace level resources
items:
properties:
group:
type: string
kind:
type: string
required:
- group
- kind
type: object
type: array
orphanedResources:
description: OrphanedResources specifies if controller should monitor
orphaned resources of apps in this project
properties:
warn:
description: Warn indicates if warning condition should be created
for apps which have orphaned resources
type: boolean
type: object
roles:
description: Roles are user defined RBAC roles associated with this
project
items:
properties:
description:
description: Description is a description of the role
type: string
groups:
description: Groups are a list of OIDC group claims bound to this
role
items:
type: string
type: array
jwtTokens:
description: JWTTokens are a list of generated JWT tokens bound
to this role
items:
properties:
exp:
format: int64
type: integer
iat:
format: int64
type: integer
required:
- iat
type: object
type: array
name:
description: Name is a name for this role
type: string
policies:
description: Policies Stores a list of casbin formated strings
that define access policies for the role in the project
items:
type: string
type: array
required:
- name
type: object
type: array
sourceRepos:
description: SourceRepos contains list of repository URLs which can
be used for deployment
items:
type: string
type: array
syncWindows:
description: SyncWindows controls when syncs can be run for apps in
this project
items:
properties:
applications:
description: Applications contains a list of applications that
the window will apply to
items:
type: string
type: array
clusters:
description: Clusters contains a list of clusters that the window
will apply to
items:
type: string
type: array
duration:
description: Duration is the amount of time the sync window will
be open
type: string
kind:
description: Kind defines if the window allows or blocks syncs
type: string
manualSync:
description: ManualSync enables manual syncs when they would otherwise
be blocked
type: boolean
namespaces:
description: Namespaces contains a list of namespaces that the
window will apply to
items:
type: string
type: array
schedule:
description: Schedule is the time the window will begin, specified
in cron format
type: string
type: object
type: array
type: object
required:
- metadata
- spec
type: object
versions:
- name: v1alpha1
served: true
storage: true
{{- end }}

3
charts/argo-cd/templates/redis/deployment.yaml
View file

@ -1,4 +1,5 @@
{{- if .Values.redis.enabled }}
{{- $redisHa := (index .Values "redis-ha") -}}
{{- if and .Values.redis.enabled (not $redisHa.enabled) -}}
apiVersion: apps/v1
kind: Deployment
metadata:

3
charts/argo-cd/templates/redis/service.yaml
View file

@ -1,4 +1,5 @@
{{- if .Values.redis.enabled }}
{{- $redisHa := (index .Values "redis-ha") -}}
{{- if and .Values.redis.enabled (not $redisHa.enabled) -}}
apiVersion: v1
kind: Service
metadata:

66
charts/argo-cd/values.yaml
View file

@ -10,13 +10,17 @@ installCRDs: true
global:
image:
repository: argoproj/argocd
tag: v1.4.2
tag: v1.5.2
imagePullPolicy: IfNotPresent
securityContext: {}
# runAsUser: 999
# runAsGroup: 999
# fsGroup: 999
imagePullSecrets: []
hostAliases: []
# - ip: 10.20.30.40
# hostnames:
# - git.myhostname
## Controller
controller:
@ -24,7 +28,7 @@ controller:
image:
repository: # argoproj/argocd
tag: # v1.4.2
tag: # v1.5.2
imagePullPolicy: # IfNotPresent
## Argo controller commandline flags
@ -36,8 +40,8 @@ controller:
logLevel: info
## Additional command line arguments to pass to argocd-controller
## key: value
extraArgs: {}
##
extraArgs: []
## Environment variables to pass to argocd-controller
##
@ -167,7 +171,7 @@ dex:
image:
repository: quay.io/dexidp/dex
tag: v2.14.0
tag: v2.22.0
imagePullPolicy: IfNotPresent
initImage:
repository:
@ -282,6 +286,24 @@ redis:
volumeMounts: []
volumes: []
# This key configures Redis-HA subchart and when enabled (redis-ha.enabled=true)
# the custom redis deployment is omitted
redis-ha:
enabled: false
# Check the redis-ha chart for more properties
exporter:
enabled: true
persistentVolume:
enabled: false
redis:
masterGroupName: argocd
config:
save: "\"\""
haproxy:
enabled: true
metrics:
enabled: true
## Server
server:
name: server
@ -297,13 +319,13 @@ server:
image:
repository: # argoproj/argocd
tag: # v1.4.2
tag: # v1.5.2
imagePullPolicy: # IfNotPresent
## Additional command line arguments to pass to argocd-server
## key: value
extraArgs: {}
# insecure: true
##
extraArgs: []
# - --insecure
## Environment variables to pass to argocd-server
##
@ -382,6 +404,8 @@ server:
type: ClusterIP
servicePortHttp: 80
servicePortHttps: 443
loadBalancerIP: ""
loadBalancerSourceRanges: []
## Server metrics service configuration
metrics:
@ -537,6 +561,16 @@ server:
clusterAdminAccess:
enabled: true
## Enable BackendConfig custom resource for Google Kubernetes Engine
GKEbackendConfig:
enabled: false
spec: {}
# spec:
# iap:
# enabled: true
# oauthclientCredentials:
# secretName: argocd-secret
## Repo Server
repoServer:
name: repo-server
@ -552,12 +586,12 @@ repoServer:
image:
repository: # argoproj/argocd
tag: # v1.4.2
tag: # v1.5.2
imagePullPolicy: # IfNotPresent
## Additional command line arguments to pass to argocd-repo-server
## key: value
extraArgs: {}
##
extraArgs: []
## Environment variables to pass to argocd-repo-server
##
@ -755,12 +789,15 @@ configs:
# -----END RSA PRIVATE KEY-----
secret:
createSecret: true
## Annotations to be added to argocd-secret
##
annotations: {}
# Webhook Configs
githubSecret: ""
gitlabSecret: ""
bitbucketServerSecret: ""
bitbucketUUÌD: ""
bitbucketUUID: ""
gogsSecret: ""
# Custom secrets. Useful for injecting SSO secrets into environment variables.
@ -786,3 +823,6 @@ configs:
# argocdServerAdminPassword:
# Password modification time defaults to current time if not set
# argocdServerAdminPasswordMtime: "2006-01-02T15:04:05Z"
openshift:
enabled: false

BIN
charts/argo-ci/charts/argo-0.5.2.tgz
View file

Binary file not shown.

5
charts/argo-events/Chart.yaml
View file

@ -1,7 +1,7 @@
apiVersion: v1
description: A Helm chart to install Argo-Events in k8s Cluster
name: argo-events
version: 0.7.0
version: 0.14.0
keywords:
- argo-events
- sensor-controller
@ -10,7 +10,6 @@ sources:
- https://github.com/argoproj/argo-events
maintainers:
- name: VaibhavPage
- name: magaldima
appVersion: 0.12
appVersion: 0.14.0
icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
home: https://github.com/argoproj/argo-helm

6
charts/argo-events/README.md
View file

@ -3,6 +3,7 @@
This is a **community maintained** chart. It installs the [argo-events](https://github.com/argoproj/argo-events) application. This application comes packaged with:
- Sensor Custom Resource Definition (See CRD Notes)
- Gateway Custom Resource Definition (See CRD Notes)
- EventSource Custom Resource Definition (See CRD Notes)
- Sensor Controller Deployment
- Sensor Controller ConfigMap
- Gateway Controller Deployment
@ -18,6 +19,7 @@ Some users would prefer to install the CRDs _outside_ of the chart. You can disa
You can install the CRDs manually like so:
```
kubectl apply -f https://github.com/argoproj/argo-events/raw/v0.11/hack/k8s/manifests/sensor-crd.yaml
kubectl apply -f https://github.com/argoproj/argo-events/raw/v0.11/hack/k8s/manifests/gateway-crd.yaml
kubectl apply -f https://github.com/argoproj/argo-events/raw/v0.14.0/hack/k8s/manifests/sensor-crd.yaml
kubectl apply -f https://github.com/argoproj/argo-events/raw/v0.14.0/hack/k8s/manifests/gateway-crd.yaml
kubectl apply -f https://github.com/argoproj/argo-events/raw/v0.14.0/hack/k8s/manifests/event-source-crd.yaml
```

4
charts/argo-events/values.yaml
View file

@ -42,11 +42,11 @@ singleNamespace: true
sensorController:
name: sensor-controller
image: sensor-controller
tag: v0.12
tag: v0.14.0
replicaCount: 1
gatewayController:
name: gateway-controller
image: gateway-controller
tag: v0.12
tag: v0.14.0
replicaCount: 1

21
charts/argo-rollouts/.helmignore Normal file
View file

@ -0,0 +1,21 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj

4
charts/argo-rollouts/Chart.yaml
View file

@ -1,8 +1,8 @@
apiVersion: v1
appVersion: "0.7"
appVersion: "0.8.0"
description: A Helm chart for Argo Rollouts
name: argo-rollouts
version: 0.1.1
version: 0.3.0
icon: https://raw.githubusercontent.com/argoproj/argo/master/argo.png
home: https://github.com/argoproj/argo-helm
maintainers:

7
charts/argo-rollouts/README.md
View file

@ -2,7 +2,7 @@ Argo Rollouts Chart
=============
A Helm chart for Argo Rollouts, progressive delivery for Kubernetes.
Current chart version is `0.1.0`
Current chart version is `0.3.0`
Source code can be found [here](https://github.com/argoproj/argo-rollouts)
@ -33,7 +33,10 @@ $ helm install --name my-release argo/argo-rollouts
| controller.component | string | `"rollouts-controller"` | |
| controller.image.pullPolicy | string | `"IfNotPresent"` | |
| controller.image.repository | string | `"argoproj/argo-rollouts"` | |
| controller.image.tag | string | `"v0.7.0"` | |
| controller.image.tag | string | `"v0.8.0"` | |
| controller.name | string | `"argo-rollouts"` | |
| imagePullSecrets | list | `[]` | |
| installCRDs | bool | `true` | |
| podAnnotations | object | `{}` | |
| podLabels | object | `{}` | |
| serviceAccount.name | string | `"argo-rollouts"` | |

18
charts/argo-rollouts/templates/argo-rollouts-clusterrole.yaml
View file

@ -29,6 +29,14 @@ rules:
- list
- watch
- patch
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- argoproj.io
resources:
@ -72,6 +80,16 @@ rules:
- update
- patch
- delete
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- create
- get
- list
- watch
- patch
- apiGroups:
- ""
resources:

13
charts/argo-rollouts/templates/argo-rollouts-deployment.yaml
View file

@ -2,10 +2,19 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Release.Name }}
{{- if .Values.podAnnotations }}
annotations:
{{- range $key, $value := .Values.podAnnotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
labels:
app.kubernetes.io/component: {{ .Values.controller.component }}
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- if .Values.podLabels }}
{{- toYaml .Values.podLabels | nindent 4 }}
{{- end }}
spec:
selector:
matchLabels:
@ -15,6 +24,10 @@ spec:
labels:
app.kubernetes.io/name: {{ .Release.Name }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ .Values.serviceAccount.name }}
containers:
- command:

25
charts/argo-rollouts/templates/argo-rollouts-role.yaml
View file

@ -71,6 +71,16 @@ rules:
- update
- patch
- delete
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- create
- get
- list
- watch
- patch
- apiGroups:
- ""
resources:
@ -80,8 +90,17 @@ rules:
- update
- patch
- apiGroups:
- ""
- ""
resources:
- secrets
- secrets
verbs:
- get
- get
- list
- watch
- apiGroups:
- ""
resources:
- pods
verbs:
- list
- delete

188
charts/argo-rollouts/templates/crds/analysis-run-crd.yaml
View file

@ -2,6 +2,8 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.2.5
name: analysisruns.argoproj.io
spec:
additionalPrinterColumns:
@ -14,6 +16,8 @@ spec:
kind: AnalysisRun
listKind: AnalysisRunList
plural: analysisruns
shortNames:
- ar
singular: analysisrun
scope: Namespaced
subresources: {}
@ -35,6 +39,19 @@ spec:
type: string
value:
type: string
valueFrom:
properties:
secretKeyRef:
properties:
key:
type: string
name:
type: string
required:
- key
- name
type: object
type: object
required:
- name
type: object
@ -425,7 +442,11 @@ spec:
containerName:
type: string
divisor:
type: string
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
type: string
required:
@ -503,8 +524,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -516,8 +538,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -551,8 +574,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -564,8 +588,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -603,8 +628,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -625,8 +651,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -687,8 +714,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -709,8 +737,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -719,6 +748,23 @@ spec:
type: integer
type: object
resources:
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
type: object
securityContext:
properties:
@ -802,8 +848,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -824,8 +871,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -950,7 +998,11 @@ spec:
containerName:
type: string
divisor:
type: string
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
type: string
required:
@ -1028,8 +1080,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -1041,8 +1094,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -1076,8 +1130,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -1089,8 +1144,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -1128,8 +1184,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -1150,8 +1207,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -1212,8 +1270,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -1234,8 +1293,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -1244,6 +1304,23 @@ spec:
type: integer
type: object
resources:
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
type: object
securityContext:
properties:
@ -1327,8 +1404,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -1349,8 +1427,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -1479,7 +1558,11 @@ spec:
containerName:
type: string
divisor:
type: string
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
type: string
required:
@ -1557,8 +1640,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -1570,8 +1654,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -1605,8 +1690,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -1618,8 +1704,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -1657,8 +1744,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -1679,8 +1767,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -1741,8 +1830,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -1763,8 +1853,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -1773,6 +1864,23 @@ spec:
type: integer
type: object
resources:
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
type: object
securityContext:
properties:
@ -1856,8 +1964,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -1878,8 +1987,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -1943,7 +2053,11 @@ spec:
type: object
overhead:
additionalProperties:
type: string
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
preemptionPolicy:
type: string
@ -2194,7 +2308,11 @@ spec:
medium:
type: string
sizeLimit:
type: string
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
fc:
properties:

188
charts/argo-rollouts/templates/crds/analysis-template-crd.yaml
View file

@ -2,6 +2,8 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.2.5
name: analysistemplates.argoproj.io
spec:
group: argoproj.io
@ -9,6 +11,8 @@ spec:
kind: AnalysisTemplate
listKind: AnalysisTemplateList
plural: analysistemplates
shortNames:
- at
singular: analysistemplate
scope: Namespaced
validation:
@ -29,6 +33,19 @@ spec:
type: string
value:
type: string
valueFrom:
properties:
secretKeyRef:
properties:
key:
type: string
name:
type: string
required:
- key
- name
type: object
type: object
required:
- name
type: object
@ -419,7 +436,11 @@ spec:
containerName:
type: string
divisor:
type: string
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
type: string
required:
@ -497,8 +518,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -510,8 +532,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -545,8 +568,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -558,8 +582,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -597,8 +622,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -619,8 +645,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -681,8 +708,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -703,8 +731,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -713,6 +742,23 @@ spec:
type: integer
type: object
resources:
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
type: object
securityContext:
properties:
@ -796,8 +842,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -818,8 +865,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -944,7 +992,11 @@ spec:
containerName:
type: string
divisor:
type: string
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
type: string
required:
@ -1022,8 +1074,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -1035,8 +1088,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -1070,8 +1124,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -1083,8 +1138,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -1122,8 +1178,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -1144,8 +1201,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -1206,8 +1264,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -1228,8 +1287,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -1238,6 +1298,23 @@ spec:
type: integer
type: object
resources:
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
type: object
securityContext:
properties:
@ -1321,8 +1398,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -1343,8 +1421,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -1473,7 +1552,11 @@ spec:
containerName:
type: string
divisor:
type: string
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
type: string
required:
@ -1551,8 +1634,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -1564,8 +1648,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -1599,8 +1684,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -1612,8 +1698,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -1651,8 +1738,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -1673,8 +1761,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -1735,8 +1824,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -1757,8 +1847,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -1767,6 +1858,23 @@ spec:
type: integer
type: object
resources:
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
type: object
securityContext:
properties:
@ -1850,8 +1958,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -1872,8 +1981,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -1937,7 +2047,11 @@ spec:
type: object
overhead:
additionalProperties:
type: string
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
preemptionPolicy:
type: string
@ -2188,7 +2302,11 @@ spec:
medium:
type: string
sizeLimit:
type: string
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
fc:
properties:

186
charts/argo-rollouts/templates/crds/experiment-crd.yaml
View file

@ -2,6 +2,8 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.2.5
name: experiments.argoproj.io
spec:
additionalPrinterColumns:
@ -40,6 +42,19 @@ spec:
type: string
value:
type: string
valueFrom:
properties:
secretKeyRef:
properties:
key:
type: string
name:
type: string
required:
- key
- name
type: object
type: object
required:
- name
type: object
@ -412,7 +427,11 @@ spec:
containerName:
type: string
divisor:
type: string
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
type: string
required:
@ -490,8 +509,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -503,8 +523,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -538,8 +559,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -551,8 +573,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -590,8 +613,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -612,8 +636,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -674,8 +699,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -696,8 +722,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -706,6 +733,23 @@ spec:
type: integer
type: object
resources:
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
type: object
securityContext:
properties:
@ -789,8 +833,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -811,8 +856,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -937,7 +983,11 @@ spec:
containerName:
type: string
divisor:
type: string
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
type: string
required:
@ -1015,8 +1065,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -1028,8 +1079,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -1063,8 +1115,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -1076,8 +1129,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -1115,8 +1169,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -1137,8 +1192,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -1199,8 +1255,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -1221,8 +1278,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -1231,6 +1289,23 @@ spec:
type: integer
type: object
resources:
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
type: object
securityContext:
properties:
@ -1314,8 +1389,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -1336,8 +1412,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -1466,7 +1543,11 @@ spec:
containerName:
type: string
divisor:
type: string
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
type: string
required:
@ -1544,8 +1625,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -1557,8 +1639,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -1592,8 +1675,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -1605,8 +1689,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -1644,8 +1729,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -1666,8 +1752,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -1728,8 +1815,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -1750,8 +1838,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -1760,6 +1849,23 @@ spec:
type: integer
type: object
resources:
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
type: object
securityContext:
properties:
@ -1843,8 +1949,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -1865,8 +1972,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -1930,7 +2038,11 @@ spec:
type: object
overhead:
additionalProperties:
type: string
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
preemptionPolicy:
type: string
@ -2181,7 +2293,11 @@ spec:
medium:
type: string
sizeLimit:
type: string
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
fc:
properties:

331
charts/argo-rollouts/templates/crds/rollout-crd.yaml
View file

@ -2,6 +2,8 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.2.5
name: rollouts.argoproj.io
spec:
additionalPrinterColumns:
@ -59,6 +61,9 @@ spec:
replicas:
format: int32
type: integer
restartAt:
format: date-time
type: string
revisionHistoryLimit:
format: int32
type: integer
@ -91,11 +96,84 @@ spec:
properties:
activeService:
type: string
antiAffinity:
properties:
preferredDuringSchedulingIgnoredDuringExecution:
properties:
weight:
format: int32
type: integer
required:
- weight
type: object
requiredDuringSchedulingIgnoredDuringExecution:
type: object
type: object
autoPromotionEnabled:
type: boolean
autoPromotionSeconds:
format: int32
type: integer
postPromotionAnalysis:
properties:
args:
items:
properties:
name:
type: string
value:
type: string
valueFrom:
properties:
podTemplateHashValue:
type: string
type: object
required:
- name
type: object
type: array
templateName:
type: string
templates:
items:
properties:
templateName:
type: string
required:
- templateName
type: object
type: array
type: object
prePromotionAnalysis:
properties:
args:
items:
properties:
name:
type: string
value:
type: string
valueFrom:
properties:
podTemplateHashValue:
type: string
type: object
required:
- name
type: object
type: array
templateName:
type: string
templates:
items:
properties:
templateName:
type: string
required:
- templateName
type: object
type: array
type: object
previewReplicaCount:
format: int32
type: integer
@ -135,19 +213,41 @@ spec:
type: integer
templateName:
type: string
required:
- templateName
templates:
items:
properties:
templateName:
type: string
required:
- templateName
type: object
type: array
type: object
antiAffinity:
properties:
preferredDuringSchedulingIgnoredDuringExecution:
properties:
weight:
format: int32
type: integer
required:
- weight
type: object
requiredDuringSchedulingIgnoredDuringExecution:
type: object
type: object
canaryService:
type: string
maxSurge:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
maxUnavailable:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
stableService:
type: string
steps:
@ -173,8 +273,15 @@ spec:
type: array
templateName:
type: string
required:
- templateName
templates:
items:
properties:
templateName:
type: string
required:
- templateName
type: object
type: array
type: object
experiment:
properties:
@ -263,8 +370,10 @@ spec:
pause:
properties:
duration:
format: int32
type: integer
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
type: object
setWeight:
format: int32
@ -273,6 +382,19 @@ spec:
type: array
trafficRouting:
properties:
alb:
properties:
annotationPrefix:
type: string
ingress:
type: string
servicePort:
format: int32
type: integer
required:
- ingress
- servicePort
type: object
istio:
properties:
virtualService:
@ -290,6 +412,19 @@ spec:
required:
- virtualService
type: object
nginx:
properties:
additionalIngressAnnotations:
additionalProperties:
type: string
type: object
annotationPrefix:
type: string
stableIngress:
type: string
required:
- stableIngress
type: object
type: object
type: object
type: object
@ -611,7 +746,11 @@ spec:
containerName:
type: string
divisor:
type: string
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
type: string
required:
@ -689,8 +828,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -702,8 +842,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -737,8 +878,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -750,8 +892,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -789,8 +932,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -811,8 +955,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -873,8 +1018,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -895,8 +1041,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -905,6 +1052,23 @@ spec:
type: integer
type: object
resources:
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
type: object
securityContext:
properties:
@ -988,8 +1152,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -1010,8 +1175,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -1136,7 +1302,11 @@ spec:
containerName:
type: string
divisor:
type: string
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
type: string
required:
@ -1214,8 +1384,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -1227,8 +1398,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -1262,8 +1434,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -1275,8 +1448,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -1314,8 +1488,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -1336,8 +1511,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -1398,8 +1574,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -1420,8 +1597,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -1430,6 +1608,23 @@ spec:
type: integer
type: object
resources:
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
type: object
securityContext:
properties:
@ -1513,8 +1708,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -1535,8 +1731,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -1665,7 +1862,11 @@ spec:
containerName:
type: string
divisor:
type: string
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
type: string
required:
@ -1743,8 +1944,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -1756,8 +1958,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -1791,8 +1994,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -1804,8 +2008,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -1843,8 +2048,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -1865,8 +2071,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -1927,8 +2134,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -1949,8 +2157,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -1959,6 +2168,23 @@ spec:
type: integer
type: object
resources:
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
type: object
securityContext:
properties:
@ -2042,8 +2268,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
scheme:
type: string
required:
@ -2064,8 +2291,9 @@ spec:
type: string
port:
anyOf:
- type: string
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- port
type: object
@ -2129,7 +2357,11 @@ spec:
type: object
overhead:
additionalProperties:
type: string
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
preemptionPolicy:
type: string
@ -2380,7 +2612,11 @@ spec:
medium:
type: string
sizeLimit:
type: string
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
fc:
properties:
@ -2706,6 +2942,10 @@ spec:
properties:
activeSelector:
type: string
postPromotionAnalysisRun:
type: string
prePromotionAnalysisRun:
type: string
previewSelector:
type: string
previousActiveSelector:
@ -2786,8 +3026,13 @@ spec:
replicas:
format: int32
type: integer
restartedAt:
format: date-time
type: string
selector:
type: string
stableRS:
type: string
updatedReplicas:
format: int32
type: integer

12
charts/argo-rollouts/values.yaml
View file

@ -7,8 +7,18 @@ controller:
component: rollouts-controller
image:
repository: argoproj/argo-rollouts
tag: v0.7.0
tag: v0.8.0
pullPolicy: IfNotPresent
serviceAccount:
name: argo-rollouts
## Annotations to be added to the Redis server pods
##
podAnnotations: {}
## Labels to be added to the Redis server pods
##
podLabels: {}
imagePullSecrets: []

2
charts/argo/Chart.yaml
View file

@ -2,7 +2,7 @@ apiVersion: v1
appVersion: "v2.6.1"
description: A Helm chart for Argo Workflows
name: argo
version: 0.7.2
version: 0.7.5
icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
home: https://github.com/argoproj/argo-helm
maintainers:

BIN
charts/argo/charts/minio-5.0.6.tgz
View file

Binary file not shown.

3
charts/argo/templates/server-deployment.yaml
View file

@ -31,6 +31,9 @@ spec:
- name: argo-server
args:
- server
{{- if .Values.server.extraArgs }}
{{- toYaml .Values.server.extraArgs | nindent 10 }}
{{- end }}
image: "{{ .Values.images.namespace }}/{{ .Values.images.server }}:{{ default .Values.images.tag .Values.server.image.tag }}"
imagePullPolicy: {{ .Values.images.pullPolicy }}
{{- if .Values.server.podPortName }}

4
charts/argo/templates/server-ingress.yaml
View file

@ -2,7 +2,11 @@
{{- if .Values.server.ingress.enabled -}}
{{- $serviceName := printf "%s-%s" .Release.Name .Values.server.name -}}
{{- $servicePort := .Values.server.servicePort -}}
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
apiVersion: networking.k8s.io/v1beta1
{{ else }}
apiVersion: extensions/v1beta1
{{ end -}}
kind: Ingress
metadata:
name: {{ .Release.Name }}-{{ .Values.server.name }}

3
charts/argo/templates/workflow-controller-config-map.yaml
View file

@ -36,6 +36,9 @@ data:
{{- if .Values.artifactRepository.s3.keyPrefix }}
keyPrefix: {{ .Values.artifactRepository.s3.keyPrefix }}
{{- end }}
{{- if .Values.artifactRepository.s3.region }}
region: {{ .Values.artifactRepository.s3.region }}
{{- end }}
{{- end}}
{{- if .Values.controller.metricsConfig.enabled }}
metricsConfig:

4
charts/argo/values.yaml
View file

@ -143,6 +143,9 @@ server:
tolerations: []
affinity: {}
# Extra arguments to provide to the Argo server binary.
extraArgs: []
## Ingress configuration.
## ref: https://kubernetes.io/docs/user-guide/ingress/
##
@ -187,6 +190,7 @@ artifactRepository:
insecure: true
# bucket:
# endpoint:
# region:
# NOTE: These are setting attributes for the `minio` optional dependency
minio:

21
scripts/lint.sh
View file

@ -5,14 +5,15 @@ SRCROOT="$(cd "$(dirname "$0")/.." && pwd)"
for dir in $(find $SRCROOT/charts -mindepth 1 -maxdepth 1 -type d);
do
name=$(basename $dir)
echo "Running Helm linting for $name"
docker run \
-v "$SRCROOT:/workdir" \
gcr.io/kubernetes-charts-ci/test-image:v3.0.1 \
ct \
lint \
--config .circleci/chart-testing.yaml \
--lint-conf .circleci/lintconf.yaml \
--charts "/workdir/charts/${name}"
rm -rf $dir/charts
name=$(basename $dir)
echo "Running Helm linting for $name"
docker run \
-v "$SRCROOT:/workdir" \
gcr.io/kubernetes-charts-ci/test-image:v3.1.0 \
ct \
lint \
--config .circleci/chart-testing.yaml \
--lint-conf .circleci/lintconf.yaml \
--charts "/workdir/charts/${name}"
done

25
scripts/publish.sh
View file

@ -6,11 +6,32 @@ GIT_PUSH=${GIT_PUSH:-false}
rm -rf $SRCROOT/output && git clone -b gh-pages git@github.com:argoproj/argo-helm.git $SRCROOT/output
helm repo add stable https://kubernetes-charts.storage.googleapis.com
helm repo add argoproj https://argoproj.github.io/argo-helm
for dir in $(find $SRCROOT/charts -mindepth 1 -maxdepth 1 -type d);
do
echo "Processing $dir"
helm package $dir
rm -rf $dir/charts
name=$(basename $dir)
if [ $(helm dep list $dir 2>/dev/null| wc -l) -gt 1 ]
then
# Bug with Helm subcharts with hyphen on them
# https://github.com/argoproj/argo-helm/pull/270#issuecomment-608695684
if [ "$name" == "argo-cd" ]
then
echo "Restore ArgoCD RedisHA subchart"
git checkout $dir
fi
echo "Processing chart dependencies"
helm --debug dep build $dir
fi
echo "Processing $dir"
helm --debug package $dir
done
cp $SRCROOT/*.tgz output/
cd $SRCROOT/output && helm repo index .