diff --git a/.circleci/config.yml b/.circleci/config.yml index 072c6736..4156df56 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -2,7 +2,7 @@ version: 2.1 jobs: lint: docker: - - image: gcr.io/kubernetes-charts-ci/test-image:v3.0.1 + - image: gcr.io/kubernetes-charts-ci/test-image:v3.1.0 steps: - checkout - run: ct lint --config .circleci/chart-testing.yaml --lint-conf .circleci/lintconf.yaml @@ -11,7 +11,7 @@ jobs: publish: docker: # We just need an image with `helm` on it. Handily we know of one already. - - image: gcr.io/kubernetes-charts-ci/test-image:v3.0.1 + - image: gcr.io/kubernetes-charts-ci/test-image:v3.1.0 steps: # install the additional keys needed to push to Github. Alex Collins owns these keys. - add_ssh_keys diff --git a/.gitignore b/.gitignore index ad3d67a1..f501fc92 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,4 @@ output .vscode .DS_Store -*.tgz +**/*.tgz diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 0b013dfa..e7863f8f 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 -appVersion: "1.4.2" +appVersion: "1.5.2" description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 2.0.0 +version: 2.2.9 home: https://github.com/argoproj/argo-helm icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png keywords: diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index db891655..84418176 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1,10 +1,11 @@ -Argo CD Chart -====== +# Argo CD Chart + A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. Source code can be found [here](https://argoproj.github.io/argo-cd/) ## Additional Information + This is a **community maintained** chart. This chart installs [argo-cd](https://argoproj.github.io/argo-cd/), a declarative, GitOps continuous delivery tool for Kubernetes. The default installation is intended to be similar to the provided ArgoCD [releases](https://github.com/argoproj/argo-cd/releases). @@ -13,20 +14,20 @@ This chart currently installs the non-HA version of ArgoCD. ## Upgrading -### 1.8.7 to 2.0.0 +### 1.8.7 to 2.x.x `controller.extraArgs`, `repoServer.extraArgs` and `server.extraArgs` are not arrays of strings intead of a map What was -``` -server: +```yaml +controller: extraArgs: insecure: "" ``` is now -``` +```yaml server: extraArgs: - --insecure @@ -42,12 +43,16 @@ To install the chart with the release name `my-release`: ```console $ helm repo add argo https://argoproj.github.io/argo-helm +"argo" has been added to your repositories + $ helm install --name my-release argo/argo-cd +NAME: my-release +... ``` ### Helm v3 Compatability -Requires chart version 1.5.1 or newer. +Requires chart version 1.5.2 or newer. Helm v3 has removed the `install-crds` hook so CRDs are now populated by files in the [crds](./crds) directory. Users of Helm v3 should set the `installCRDs` value to `false` to avoid warnings about nonexistant webhooks. @@ -57,12 +62,14 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i |-----|------|---------| | global.image.imagePullPolicy | If defined, a imagePullPolicy applied to all ArgoCD deployments. | `"IfNotPresent"` | | global.image.repository | If defined, a repository applied to all ArgoCD deployments. | `"argoproj/argocd"` | -| global.image.tag | If defined, a tag applied to all ArgoCD deployments. | `"v1.4.2"` | -| global.securityContext | Toggle and define securityContext | See [values.yaml](values.yaml) |  -| global.imagePullSecrets | If defined, uses a Secret to pull an image from a private Docker registry or repository. | `[]` |  +| global.image.tag | If defined, a tag applied to all ArgoCD deployments. | `"v1.5.2"` | +| global.securityContext | Toggle and define securityContext | See [values.yaml](values.yaml) | +| global.imagePullSecrets | If defined, uses a Secret to pull an image from a private Docker registry or repository. | `[]` | +| global.hostAliases | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | `[]` | | nameOverride | Provide a name in place of `argocd` | `"argocd"` | -| installCRDs | bool | `true` | Install CRDs if you are using Helm2. | +| installCRDs | Install CRDs if you are using Helm2. | `true` | | configs.knownHosts.data.ssh_known_hosts | Known Hosts | See [values.yaml](values.yaml) | +| configs.secret.annotations | Annotations for argocd-secret | `{}` | | configs.secret.argocdServerAdminPassword | Admin password | `null` | | configs.secret.argocdServerAdminPasswordMtime | Admin password modification time | `date "2006-01-02T15:04:05Z" now` if configs.secret.argocdServerAdminPassword is set | | configs.secret.bitbucketSecret | BitBucket incoming webhook secret | `""` | @@ -74,9 +81,9 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i ## ArgoCD Controller -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| controller.affinity | Assign custom affinity rules to the deployment https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ | `{}` | +| Parameter | Description | Default | +|-----|---------|-------------| +| controller.affinity | [Assign custom affinity rules to the deployment](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) | `{}` | | controller.args.operationProcessors | define the controller `--operation-processors` | `"10"` | | controller.args.statusProcessors | define the controller `--status-processors` | `"20"` | | controller.clusterAdminAccess.enabled | Enable RBAC for local cluster deployments. | `true` | @@ -86,11 +93,11 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i | controller.image.repository | Repository to use for the controller | `global.image.repository` | | controller.image.imagePullPolicy | Image pull policy for the controller | `global.image.imagePullPolicy` | | controller.image.tag | Tag to use for the controller | `global.image.tag` | -| controller.livenessProbe.failureThreshold | int | `3` | -| controller.livenessProbe.initialDelaySeconds | int | `10` | -| controller.livenessProbe.periodSeconds | int | `10` | -| controller.livenessProbe.successThreshold | int | `1` | -| controller.livenessProbe.timeoutSeconds | int | `1` | +| controller.livenessProbe.failureThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `3` | +| controller.livenessProbe.initialDelaySeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | +| controller.livenessProbe.periodSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | +| controller.livenessProbe.successThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | +| controller.livenessProbe.timeoutSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | | controller.logLevel | Controller log level | `"info"` | | controller.metrics.enabled | Deploy metrics service | `false` | | controller.metrics.service.annotations | Metrics service annotations | `{}` | @@ -99,46 +106,46 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i | controller.metrics.serviceMonitor.enabled | Enable a prometheus ServiceMonitor. | `false` | | controller.metrics.serviceMonitor.selector | Prometheus ServiceMonitor selector. | `{}` | | controller.name | Controller name string. | `"application-controller"` | -| controller.nodeSelector | controller node selector https://kubernetes.io/docs/user-guide/node-selection/ | `{}` | +| controller.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` | | controller.podAnnotations | Annotations for the controller pods | `{}` | | controller.podLabels | Labels for the controller pods | `{}` | | controller.priorityClassName | Priority class for the controller pods | `""` | -| controller.readinessProbe.failureThreshold | int | `3` | -| controller.readinessProbe.initialDelaySeconds | int | `10` | -| controller.readinessProbe.periodSeconds | int | `10` | -| controller.readinessProbe.successThreshold | int | `1` | -| controller.readinessProbe.timeoutSeconds | int | `1` | +| controller.readinessProbe.failureThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `3` | +| controller.readinessProbe.initialDelaySeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | +| controller.readinessProbe.periodSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | +| controller.readinessProbe.successThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | +| controller.readinessProbe.timeoutSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | | controller.resources | Resource limits and requests for the controller pods. | `{}` | | controller.service.annotations | Controller service annotations. | `{}` | | controller.service.labels | Controller service labels. | `{}` | | controller.service.port | Controller service port. | `8082` | | controller.serviceAccount.create | Create a service account for the controller | `true` | | controller.serviceAccount.name | Service account name. | `"argocd-application-controller"` | -| controller.tolerations | Tolerations for use with node taints https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | `[]` | +| controller.tolerations | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` | | controller.volumeMounts | Controller volume mounts | `[]` | | controller.volumes | Controller volumes | `[]` | ## Argo Repo Server -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| repoServer.affinity | Assign custom affinity rules to the deployment https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ | `{}` | -| repoServer.autoscaling.enabled | Enable Horizontal Pod Autoscaler (HPA) for the repo server | `false` | -| repoServer.autoscaling.minReplicas | Minimum number of replicas for the repo server HPA | `1` | -| repoServer.autoscaling.maxReplicas | Maximum number of replicas for the repo server HPA | `5` | -| repoServer.autoscaling.targetCPUUtilizationPercentage | Average CPU utilization percentage for the repo server HPA | `50` | -| repoServer.autoscaling.targetMemoryUtilizationPercentage | Average memory utilization percentage for the repo server HPA | `50` | +| Property | Description | Default | +|-----|---------|-------------| +| repoServer.affinity | [Assign custom affinity rules to the deployment](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) | `{}` | +| repoServer.autoscaling.enabled | Enable Horizontal Pod Autoscaler ([HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/)) for the repo server | `false` | +| repoServer.autoscaling.minReplicas | Minimum number of replicas for the repo server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `1` | +| repoServer.autoscaling.maxReplicas | Maximum number of replicas for the repo server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `5` | +| repoServer.autoscaling.targetCPUUtilizationPercentage | Average CPU utilization percentage for the repo server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `50` | +| repoServer.autoscaling.targetMemoryUtilizationPercentage | Average memory utilization percentage for the repo server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `50` | | repoServer.containerPort | Repo server port | `8081` | | repoServer.extraArgs | Additional arguments for the repo server. A list of flags. | `[]` | | repoServer.env | Environment variables for the repo server. | `[]` | | repoServer.image.repository | Repository to use for the repo server | `global.image.repository` | | repoServer.image.imagePullPolicy | Image pull policy for the repo server | `global.image.imagePullPolicy` | | repoServer.image.tag | Tag to use for the repo server | `global.image.tag` | -| repoServer.livenessProbe.failureThreshold | int | `3` | -| repoServer.livenessProbe.initialDelaySeconds | int | `10` | -| repoServer.livenessProbe.periodSeconds | int | `10` | -| repoServer.livenessProbe.successThreshold | int | `1` | -| repoServer.livenessProbe.timeoutSeconds | int | `1` | +| repoServer.livenessProbe.failureThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `3` | +| repoServer.livenessProbe.initialDelaySeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | +| repoServer.livenessProbe.periodSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | +| repoServer.livenessProbe.successThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | +| repoServer.livenessProbe.timeoutSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | | repoServer.logLevel | Log level | `"info"` | | repoServer.metrics.enabled | Deploy metrics service | `false` | | repoServer.metrics.service.annotations | Metrics service annotations | `{}` | @@ -147,34 +154,36 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i | repoServer.metrics.serviceMonitor.enabled | Enable a prometheus ServiceMonitor. | `false` | | repoServer.metrics.serviceMonitor.selector | Prometheus ServiceMonitor selector. | `{}` | | repoServer.name | Repo server name | `"repo-server"` | -| repoServer.nodeSelector | controller node selector https://kubernetes.io/docs/user-guide/node-selection/ | `{}` | +| repoServer.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` | | repoServer.podAnnotations | Annotations for the repo server pods | `{}` | | repoServer.podLabels | Labels for the repo server pods | `{}` | | repoServer.priorityClassName | Priority class for the repo server | `""` | -| repoServer.readinessProbe.failureThreshold | int | `3` | -| repoServer.readinessProbe.initialDelaySeconds | int | `10` | -| repoServer.readinessProbe.periodSeconds | int | `10` | -| repoServer.readinessProbe.successThreshold | int | `1` | -| repoServer.readinessProbe.timeoutSeconds | int | `1` | +| repoServer.readinessProbe.failureThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `3` | +| repoServer.readinessProbe.initialDelaySeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | +| repoServer.readinessProbe.periodSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | +| repoServer.readinessProbe.successThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | +| repoServer.readinessProbe.timeoutSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | | repoServer.replicas | The number of repo server pods to run | `1` | | repoServer.resources | Resource limits and requests for the repo server pods. | `{}` | | repoServer.service.annotations | Repo server service annotations. | `{}` | | repoServer.service.labels | Repo server service labels. | `{}` | | repoServer.service.port | Repo server service port. | `8081` | -| repoServer.tolerations | Tolerations for use with node taints https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | `[]` | +| repoServer.tolerations | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` | | repoServer.volumeMounts | Repo server volume mounts | `[]` | | repoServer.volumes | Repo server volumes | `[]` | ## Argo Server -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| server.affinity | Assign custom affinity rules to the deployment https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ | `{}` | -| server.autoscaling.enabled | Enable Horizontal Pod Autoscaler (HPA) for the server | `false` | -| server.autoscaling.minReplicas | Minimum number of replicas for the server HPA | `1` | -| server.autoscaling.maxReplicas | Maximum number of replicas for the server HPA | `5` | -| server.autoscaling.targetCPUUtilizationPercentage | Average CPU utilization percentage for the server HPA | `50` | -| server.autoscaling.targetMemoryUtilizationPercentage | Average memory utilization percentage for the server HPA | `50` | +| Parameter | Description | Default | +|-----|---------|-------------| +| server.affinity | [Assign custom affinity rules to the deployment](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) | `{}` | +| server.autoscaling.enabled | Enable Horizontal Pod Autoscaler ([HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/)) for the server | `false` | +| server.autoscaling.minReplicas | Minimum number of replicas for the server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `1` | +| server.autoscaling.maxReplicas | Maximum number of replicas for the server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `5` | +| server.autoscaling.targetCPUUtilizationPercentage | Average CPU utilization percentage for the server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `50` | +| server.autoscaling.targetMemoryUtilizationPercentage | Average memory utilization percentage for the server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `50` | +| server.GKEbackendConfig.enabled | Enable BackendConfig custom resource for Google Kubernetes Engine. | `false` | +| server.GKEbackendConfig.spec | [BackendConfigSpec](https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom) | `{}` | | server.certificate.additionalHosts | Certificate manager additional hosts | `[]` | | server.certificate.domain | Certificate manager domain | `"argocd.example.com"` | | server.certificate.enabled | Enables a certificate manager certificate. | `false` | @@ -186,7 +195,7 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i | server.env | Environment variables for the server. | `[]` | | server.image.repository | Repository to use for the server | `global.image.repository` | | server.image.imagePullPolicy | Image pull policy for the server | `global.image.imagePullPolicy` | -| server.image.tag | Tag to use for the repo server | `global.image.tag` | +| server.image.tag | Tag to use for the server | `global.image.tag` | | server.ingress.annotations | Additional ingress annotations | `{}` | | server.ingress.enabled | Enable an ingress resource for the server | `false` | | server.ingress.hosts | List of ingress hosts | `[]` | @@ -194,11 +203,11 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i | server.ingress.tls | Ingress TLS configuration. | `[]` | | server.route.enabled | Enable a OpenShift route for the server | `false` | | server.route.hostname | Hostname of OpenShift route | `""` | -| server.livenessProbe.failureThreshold | int | `3` | -| server.livenessProbe.initialDelaySeconds | int | `10` | -| server.livenessProbe.periodSeconds | int | `10` | -| server.livenessProbe.successThreshold | int | `1` | -| server.livenessProbe.timeoutSeconds | int | `1` | +| server.livenessProbe.failureThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `3` | +| server.livenessProbe.initialDelaySeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | +| server.livenessProbe.periodSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | +| server.livenessProbe.successThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | +| server.livenessProbe.timeoutSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | | server.logLevel | Log level | `"info"` | | server.metrics.enabled | Deploy metrics service | `false` | | server.metrics.service.annotations | Metrics service annotations | `{}` | @@ -207,34 +216,35 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i | server.metrics.serviceMonitor.enabled | Enable a prometheus ServiceMonitor. | `false` | | server.metrics.serviceMonitor.selector | Prometheus ServiceMonitor selector. | `{}` | | server.name | Argo CD server name | `"server"` | -| server.nodeSelector | controller node selector https://kubernetes.io/docs/user-guide/node-selection/ | `{}` | -| server.podAnnotations | Annotations for the repo server pods | `{}` | -| server.podLabels | Labels for the repo server pods | `{}` | -| server.priorityClassName | Priority class for the repo server | `""` | +| server.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` | +| server.podAnnotations | Annotations for the server pods | `{}` | +| server.podLabels | Labels for the server pods | `{}` | +| server.priorityClassName | Priority class for the server | `""` | | server.rbacConfig | [Argo CD RBAC policy](https://argoproj.github.io/argo-cd/operator-manual/rbac/) | `{}` | -| server.readinessProbe.failureThreshold | int | `3` | -| server.readinessProbe.initialDelaySeconds | int | `10` | -| server.readinessProbe.periodSeconds | int | `10` | -| server.readinessProbe.successThreshold | int | `1` | -| server.readinessProbe.timeoutSeconds | int | `1` | +| server.readinessProbe.failureThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `3` | +| server.readinessProbe.initialDelaySeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | +| server.readinessProbe.periodSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | +| server.readinessProbe.successThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | +| server.readinessProbe.timeoutSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | | server.replicas | The number of server pods to run | `1` | | server.resources | Resource limits and requests for the server | `{}` | | server.service.annotations | Server service annotations | `{}` | | server.service.labels | Server service labels | `{}` | | server.service.servicePortHttp | Server service http port | `80` | | server.service.servicePortHttps | Server service https port | `443` | +| server.service.loadBalancerSourceRanges | Source IP ranges to allow access to service from. | `[]` | | server.service.type | Server service type | `"ClusterIP"` | | server.serviceAccount.create | Create server service account | `true` | | server.serviceAccount.name | Server service account name | `"argocd-server"` | -| server.tolerations | Tolerations for use with node taints https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | `[]` | +| server.tolerations | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` | | server.volumeMounts | Server volume mounts | `[]` | | server.volumes | Server volumes | `[]` | ## Dex -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| dex.affinity | Assign custom affinity rules to the deployment https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ | `{}` | +| Property | Description | Default | +|-----|---------|-------------| +| dex.affinity | [Assign custom affinity rules to the deployment](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) | `{}` | | dex.containerPortGrpc | GRPC container port | `5557` | | dex.containerPortHttp | HTTP container port | `5556` | | dex.enabled | Enable dex | `true` | @@ -246,7 +256,7 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i | dex.initImage.tag | Argo CD init image tag | `global.image.tag` | | dex.name | Dex name | `"dex-server"` | | dex.env | Environment variables for the Dex server. | `[]` | -| dex.nodeSelector | Dex node selector https://kubernetes.io/docs/user-guide/node-selection/ | `{}` | +| dex.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` | | dex.podAnnotations | Annotations for the Dex server pods | `{}` | | dex.podLabels | Labels for the Dex server pods | `{}` | | dex.priorityClassName | Priority class for dex | `""` | @@ -255,15 +265,21 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i | dex.serviceAccount.name | Dex service account name | `"argocd-dex-server"` | | dex.servicePortGrpc | Server GRPC port | `5557` | | dex.servicePortHttp | Server HTTP port | `5556` | -| dex.tolerations | Tolerations for use with node taints https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | `[]` | +| dex.tolerations | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` | | dex.volumeMounts | Dex volume mounts | `"/shared"` | | dex.volumes | Dex volumes | `{}` | ## Redis -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| redis.affinity | Assign custom affinity rules to the deployment https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ | `{}` | +When Redis is completely disabled from the chart (`redis.enabled=false`) and +an external Redis instance wants to be used or +when Redis HA subcart is enabled (`redis.enabled=true and redis-ha.enabled=true`) +but HA proxy is disabled `redis-ha.haproxy.enabled=false` Redis flags need to be specified +through `xxx.extraArgs` + +| Parameter | Description | Default | +|-----|---------|-------------| +| redis.affinity | [Assign custom affinity rules to the deployment](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) | `{}` | | redis.containerPort | Redis container port | `6379` | | redis.enabled | Enable redis | `true` | | redis.image.imagePullPolicy | Redis imagePullPolicy | `"IfNotPresent"` | @@ -271,10 +287,19 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i | redis.image.tag | Redis tag | `"5.0.3"` | | redis.name | Redis name | `"redis"` | | redis.env | Environment variables for the Redis server. | `[]` | -| redis.nodeSelector | Redis node selector https://kubernetes.io/docs/user-guide/node-selection/ | `{}` | +| redis.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` | | redis.podAnnotations | Annotations for the Redis server pods | `{}` | | redis.podLabels | Labels for the Redis server pods | `{}` | | redis.priorityClassName | Priority class for redis | `""` | | redis.resources | Resource limits and requests for redis | `{}` | | redis.servicePort | Redis service port | `6379` | -| redis.tolerations | Tolerations for use with node taints https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | `[]` | +| redis.tolerations | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` | +| redis-ha | Configures [Redis HA subchart](https://github.com/helm/charts/tree/master/stable/redis-ha) The properties below have been changed from the subchart defaults | | +| redis-ha.enabled | Enables the Redis HA subchart and disables the custom Redis single node deployment| `false` | +| redis-ha.exporter.enabled | If `true`, the prometheus exporter sidecar is enabled | `true` | +| redis-ha.persistentVolume.enabled | Configures persistency on Redis nodes | `false` +| redis-ha.redis.masterGroupName | Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated | `argocd` +| redis-ha.redis.config | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) | `` | +| redis-ha.redis.config.save | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled | `""` | +| redis-ha.haproxy.enabled | Enabled HAProxy LoadBalancing/Proxy | `true` | +| redis-ha.haproxy.metrics.enabled | HAProxy enable prometheus metric scraping | `true` | diff --git a/charts/argo-cd/charts/redis-ha/Chart.yaml b/charts/argo-cd/charts/redis-ha/Chart.yaml new file mode 100644 index 00000000..04a04fdf --- /dev/null +++ b/charts/argo-cd/charts/redis-ha/Chart.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +appVersion: 5.0.6 +description: Highly available Kubernetes implementation of Redis +engine: gotpl +home: http://redis.io/ +icon: https://upload.wikimedia.org/wikipedia/en/thumb/6/6b/Redis_Logo.svg/1200px-Redis_Logo.svg.png +keywords: +- redis +- keyvalue +- database +maintainers: +- email: salimsalaues@gmail.com + name: ssalaues +- email: aaron.layfield@gmail.com + name: dandydeveloper +name: redis-ha +sources: +- https://redis.io/download +- https://github.com/scality/Zenko/tree/development/1.0/kubernetes/zenko/charts/redis-ha +- https://github.com/oliver006/redis_exporter +version: 4.4.2 diff --git a/charts/argo-cd/charts/redis-ha/OWNERS b/charts/argo-cd/charts/redis-ha/OWNERS new file mode 100644 index 00000000..cf4f87d5 --- /dev/null +++ b/charts/argo-cd/charts/redis-ha/OWNERS @@ -0,0 +1,6 @@ +approvers: +- ssalaues +- dandydeveloper +reviewers: +- ssalaues +- dandydeveloper \ No newline at end of file diff --git a/charts/argo-cd/charts/redis-ha/README.md b/charts/argo-cd/charts/redis-ha/README.md new file mode 100644 index 00000000..ba93ce0f --- /dev/null +++ b/charts/argo-cd/charts/redis-ha/README.md @@ -0,0 +1,230 @@ +# Redis + +[Redis](http://redis.io/) is an advanced key-value cache and store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets, sorted sets, bitmaps and hyperloglogs. + +## TL;DR; + +```bash +$ helm install stable/redis-ha +``` + +By default this chart install 3 pods total: + * one pod containing a redis master and sentinel container (optional prometheus metrics exporter sidecar available) + * two pods each containing a redis slave and sentinel containers (optional prometheus metrics exporter sidecars available) + +## Introduction + +This chart bootstraps a [Redis](https://redis.io) highly available master/slave statefulset in a [Kubernetes](http://kubernetes.io) cluster using the Helm package manager. + +## Prerequisites + +- Kubernetes 1.8+ with Beta APIs enabled +- PV provisioner support in the underlying infrastructure + +## Upgrading the Chart + +Please note that there have been a number of changes simplifying the redis management strategy (for better failover and elections) in the 3.x version of this chart. These changes allow the use of official [redis](https://hub.docker.com/_/redis/) images that do not require special RBAC or ServiceAccount roles. As a result when upgrading from version >=2.0.1 to >=3.0.0 of this chart, `Role`, `RoleBinding`, and `ServiceAccount` resources should be deleted manually. + +### Upgrading the chart from 3.x to 4.x + +Starting from version `4.x` HAProxy sidecar prometheus-exporter removed and replaced by the embedded [HAProxy metrics endpoint](https://github.com/haproxy/haproxy/tree/master/contrib/prometheus-exporter), as a result when upgrading from version 3.x to 4.x section `haproxy.exporter` should be removed and the `haproxy.metrics` need to be configured for fit your needs. + +## Installing the Chart + +To install the chart + +```bash +$ helm install stable/redis-ha +``` + +The command deploys Redis on the Kubernetes cluster in the default configuration. By default this chart install one master pod containing redis master container and sentinel container along with 2 redis slave pods each containing their own sentinel sidecars. The [configuration](#configuration) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the deployment: + +```bash +$ helm delete +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Configuration + +The following table lists the configurable parameters of the Redis chart and their default values. + +| Parameter | Description | Default | +|:--------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-------------------------------------------------------------------------------------------| +| `image` | Redis image | `redis` | +| `imagePullSecrets` | Reference to one or more secrets to be used when pulling redis images | [] | +| `tag` | Redis tag | `5.0.6-alpine` | +| `replicas` | Number of redis master/slave pods | `3` | +| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `serviceAccount.name` | The name of the ServiceAccount to create | Generated using the redis-ha.fullname template | +| `rbac.create` | Create and use RBAC resources | `true` | +| `redis.port` | Port to access the redis service | `6379` | +| `redis.masterGroupName` | Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated | `mymaster` | +| `redis.config` | Any valid redis config options in this section will be applied to each server (see below) | see values.yaml | +| `redis.customConfig` | Allows for custom redis.conf files to be applied. If this is used then `redis.config` is ignored | `` | +| `redis.resources` | CPU/Memory for master/slave nodes resource requests/limits | `{}` | +| `sentinel.port` | Port to access the sentinel service | `26379` | +| `sentinel.quorum` | Minimum number of servers necessary to maintain quorum | `2` | +| `sentinel.config` | Valid sentinel config options in this section will be applied as config options to each sentinel (see below) | see values.yaml | +| `sentinel.customConfig` | Allows for custom sentinel.conf files to be applied. If this is used then `sentinel.config` is ignored | `` | +| `sentinel.resources` | CPU/Memory for sentinel node resource requests/limits | `{}` | +| `init.resources` | CPU/Memory for init Container node resource requests/limits | `{}` | +| `auth` | Enables or disables redis AUTH (Requires `redisPassword` to be set) | `false` | +| `redisPassword` | A password that configures a `requirepass` and `masterauth` in the conf parameters (Requires `auth: enabled`) | `` | +| `authKey` | The key holding the redis password in an existing secret. | `auth` | +| `existingSecret` | An existing secret containing a key defined by `authKey` that configures `requirepass` and `masterauth` in the conf parameters (Requires `auth: enabled`, cannot be used in conjunction with `.Values.redisPassword`) | `` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `tolerations` | Toleration labels for pod assignment | `[]` | +| `hardAntiAffinity` | Whether the Redis server pods should be forced to run on separate nodes. | `true` | +| `additionalAffinities` | Additional affinities to add to the Redis server pods. | `{}` | +| `securityContext` | Security context to be added to the Redis server pods. | `{runAsUser: 1000, fsGroup: 1000, runAsNonRoot: true}` | +| `affinity` | Override all other affinity settings with a string. | `""` | +| `persistentVolume.size` | Size for the volume | 10Gi | +| `persistentVolume.annotations` | Annotations for the volume | `{}` | +| `persistentVolume.reclaimPolicy` | Method used to reclaim an obsoleted volume. `Delete` or `Retain` | `""` | +| `emptyDir` | Configuration of `emptyDir`, used only if persistentVolume is disabled and no hostPath specified | `{}` | +| `exporter.enabled` | If `true`, the prometheus exporter sidecar is enabled | `false` | +| `exporter.image` | Exporter image | `oliver006/redis_exporter` | +| `exporter.tag` | Exporter tag | `v0.31.0` | +| `exporter.port` | Exporter port | `9121` | +| `exporter.annotations` | Prometheus scrape annotations | `{prometheus.io/path: /metrics, prometheus.io/port: "9121", prometheus.io/scrape: "true"}` | +| `exporter.extraArgs` | Additional args for the exporter | `{}` | +| `exporter.script` | A custom custom Lua script that will be mounted to exporter for collection of custom metrics. Creates a ConfigMap and sets env var `REDIS_EXPORTER_SCRIPT`. | | +| `exporter.serviceMonitor.enabled` | Use servicemonitor from prometheus operator | `false` | +| `exporter.serviceMonitor.namespace` | Namespace the service monitor is created in | `default` | +| `exporter.serviceMonitor.interval` | Scrape interval, If not set, the Prometheus default scrape interval is used | `nil` | +| `exporter.serviceMonitor.telemetryPath` | Path to redis-exporter telemetry-path | `/metrics` | +| `exporter.serviceMonitor.labels` | Labels for the servicemonitor passed to Prometheus Operator | `{}` | +| `exporter.serviceMonitor.timeout` | How long until a scrape request times out. If not set, the Prometheus default scape timeout is used | `nil` | +| `haproxy.enabled` | Enabled HAProxy LoadBalancing/Proxy | `false` | +| `haproxy.replicas` | Number of HAProxy instances | `3` | +| `haproxy.image.repository`| HAProxy Image Repository | `haproxy` | +| `haproxy.image.tag` | HAProxy Image Tag | `2.0.1` | +| `haproxy.image.pullPolicy`| HAProxy Image PullPolicy | `IfNotPresent` | +| `haproxy.imagePullSecrets`| Reference to one or more secrets to be used when pulling haproxy images | [] | +| `haproxy.annotations` | HAProxy template annotations | `{}` | +| `haproxy.customConfig` | Allows for custom config-haproxy.cfg file to be applied. If this is used then default config will be overwriten | `` | +| `haproxy.extraConfig` | Allows to place any additional configuration section to add to the default config-haproxy.cfg | `` | +| `haproxy.resources` | HAProxy resources | `{}` | +| `haproxy.emptyDir` | Configuration of `emptyDir` | `{}` | +| `haproxy.service.type` | HAProxy service type "ClusterIP", "LoadBalancer" or "NodePort" | `ClusterIP` | +| `haproxy.service.nodePort` | HAProxy service nodePort value (haproxy.service.type must be NodePort) | not set | +| `haproxy.service.annotations` | HAProxy service annotations | `{}` | +| `haproxy.stickyBalancing` | HAProxy sticky load balancing to Redis nodes. Helps with connections shutdown. | `false` | +| `haproxy.hapreadport.enable` | Enable a read only port for redis slaves | `false` | +| `haproxy.hapreadport.port` | Haproxy port for read only redis slaves | `6380` | +| `haproxy.metrics.enabled` | HAProxy enable prometheus metric scraping | `false` | +| `haproxy.metrics.port` | HAProxy prometheus metrics scraping port | `9101` | +| `haproxy.metrics.portName` | HAProxy metrics scraping port name | `exporter-port` | +| `haproxy.metrics.scrapePath` | HAProxy prometheus metrics scraping port | `/metrics` | +| `haproxy.metrics.serviceMonitor.enabled` | Use servicemonitor from prometheus operator for HAProxy metrics | `false` | +| `haproxy.metrics.serviceMonitor.namespace` | Namespace the service monitor for HAProxy metrics is created in | `default` | +| `haproxy.metrics.serviceMonitor.interval` | Scrape interval, If not set, the Prometheus default scrape interval is used | `nil` | +| `haproxy.metrics.serviceMonitor.telemetryPath` | Path to HAProxy metrics telemetry-path | `/metrics` | +| `haproxy.metrics.serviceMonitor.labels` | Labels for the HAProxy metrics servicemonitor passed to Prometheus Operator | `{}` | +| `haproxy.metrics.serviceMonitor.timeout` | How long until a scrape request times out. If not set, the Prometheus default scape timeout is used | `nil` | +| `haproxy.init.resources` | Extra init resources | `{}` | +| `haproxy.timeout.connect` | haproxy.cfg `timeout connect` setting | `4s` | +| `haproxy.timeout.server` | haproxy.cfg `timeout server` setting | `30s` | +| `haproxy.timeout.client` | haproxy.cfg `timeout client` setting | `30s` | +| `haproxy.timeout.check` | haproxy.cfg `timeout check` setting | `2s` | +| `haproxy.priorityClassName` | priorityClassName for `haproxy` deployment | not set | +| `haproxy.securityContext` | Security context to be added to the HAProxy deployment. | `{runAsUser: 1000, fsGroup: 1000, runAsNonRoot: true}` | +| `haproxy.hardAntiAffinity` | Whether the haproxy pods should be forced to run on separate nodes. | `true` | +| `haproxy.affinity` | Override all other haproxy affinity settings with a string. | `""` | +| `haproxy.additionalAffinities` | Additional affinities to add to the haproxy server pods. | `{}` | +| `podDisruptionBudget` | Pod Disruption Budget rules | `{}` | +| `priorityClassName` | priorityClassName for `redis-ha-statefulset` | not set | +| `hostPath.path` | Use this path on the host for data storage | not set | +| `hostPath.chown` | Run an init-container as root to set ownership on the hostPath | `true` | +| `sysctlImage.enabled` | Enable an init container to modify Kernel settings | `false` | +| `sysctlImage.command` | sysctlImage command to execute | [] | +| `sysctlImage.registry` | sysctlImage Init container registry | `docker.io` | +| `sysctlImage.repository` | sysctlImage Init container name | `busybox` | +| `sysctlImage.tag` | sysctlImage Init container tag | `1.31.1` | +| `sysctlImage.pullPolicy` | sysctlImage Init container pull policy | `Always` | +| `sysctlImage.mountHostSys`| Mount the host `/sys` folder to `/host-sys` | `false` | +| `sysctlImage.resources` | sysctlImage resources | `{}` | +| `schedulerName` | Alternate scheduler name | `nil` | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```bash +$ helm install \ + --set image=redis \ + --set tag=5.0.5-alpine \ + stable/redis-ha +``` + +The above command sets the Redis server within `default` namespace. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```bash +$ helm install -f values.yaml stable/redis-ha +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Custom Redis and Sentinel config options + +This chart allows for most redis or sentinel config options to be passed as a key value pair through the `values.yaml` under `redis.config` and `sentinel.config`. See links below for all available options. + +[Example redis.conf](http://download.redis.io/redis-stable/redis.conf) +[Example sentinel.conf](http://download.redis.io/redis-stable/sentinel.conf) + +For example `repl-timeout 60` would be added to the `redis.config` section of the `values.yaml` as: + +```yml + repl-timeout: "60" +``` + +Note: + +1. Some config options should be renamed by redis version,e.g.: + + ``` + # In redis 5.x,see https://raw.githubusercontent.com/antirez/redis/5.0/redis.conf + min-replicas-to-write: 1 + min-replicas-max-lag: 5 + + # In redis 4.x and redis 3.x,see https://raw.githubusercontent.com/antirez/redis/4.0/redis.conf and https://raw.githubusercontent.com/antirez/redis/3.0/redis.conf + min-slaves-to-write 1 + min-slaves-max-lag 5 + ``` + +Sentinel options supported must be in the the `sentinel