feat(argo-cd): add gateway creation and gke objects

Signed-off-by: Tristan Duverger <tristan.duverger@gmail.com>

charts/argo-cd/templates/argocd-server/gateway-httproute.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.server.gatewayAPI.enabled }}
+{{- if eq (tpl (toString .Values.server.gateway.httpRoute.enabled) .) "true" }}
 apiVersion: gateway.networking.k8s.io/v1
 kind: HTTPRoute
 metadata:
@@ -6,10 +6,10 @@ metadata:
   namespace: {{ .Release.Namespace | quote }}
   labels:
     {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
-    {{- with .Values.server.gatewayAPI.labels }}
+    {{- with .Values.server.gateway.httpRoute.labels }}
       {{- toYaml . | nindent 4 }}
     {{- end }}
-  {{- with .Values.server.gatewayAPI.annotations }}
+  {{- with .Values.server.gateway.httpRoute.annotations }}
   annotations:
     {{- range $key, $value := . }}
     {{ $key }}: {{ $value | quote }}
@@ -19,13 +19,13 @@ spec:
   parentRefs:
     - group: gateway.networking.k8s.io
       kind: Gateway
-      name: {{ .Values.server.gatewayAPI.gateway }}
-      {{- with .Values.server.gatewayAPI.gatewaySection }}
+      name: {{ tpl .Values.server.gateway.name . }}
+      {{- with .Values.server.gateway.httpRoute.gatewaySection }}
       sectionName: {{ . }}
       {{- end }}
   hostnames:
-    - {{ .Values.server.gatewayAPI.hostname | default .Values.global.domain }}
-    {{- with .Values.server.gatewayAPI.extraHosts }}
+    - {{ .Values.server.gateway.httpRoute.hostname | default .Values.global.domain }}
+    {{- with .Values.server.gateway.httpRoute.extraHosts }}
       {{- toYaml . | nindent 4 }}
     {{- end }}
   rules:
@@ -34,11 +34,11 @@ spec:
     {{- end }}
     - matches:
         - path:
-            type: {{ .Values.server.gatewayAPI.pathType }}
-            value: {{ .Values.server.gatewayAPI.path }}
-        {{- range .Values.server.gatewayAPI.extraPaths }}
+            type: {{ .Values.server.gateway.httpRoute.pathType }}
+            value: {{ .Values.server.gateway.httpRoute.path }}
+        {{- range .Values.server.gateway.httpRoute.extraPaths }}
         - path:
-            type: {{ .type | default $.Values.gatewayAPI.pathType }}
+            type: {{ .type | default $.Values.server.gateway.httpRoute.pathType }}
             value: {{ .value }}
         {{- end }}
       backendRefs:

charts/argo-cd/templates/argocd-server/gateway.yaml

@@ -0,0 +1,27 @@
+{{- if and .Values.server.gateway.enabled (eq .Values.server.gateway.controller "gke") }}
+kind: Gateway
+apiVersion: gateway.networking.k8s.io/v1
+metadata:
+  name: {{ tpl .Values.server.gateway.name . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+    {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
+    {{- with .Values.server.gateway.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.server.gateway.annotations }}
+  annotations:
+    {{- range $key, $value := . }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+  {{- end }}
+spec:
+  {{- if not .Values.server.gateway.gatewayClassName }}
+    {{- fail ".Values.server.gateway.gatewayClassName must be defined" }}
+  {{- end }}
+  gatewayClassName: {{ .Values.server.gateway.gatewayClassName }}
+  listeners:
+    {{- with .Values.server.gateway.listeners }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+{{- end }}

charts/argo-cd/templates/argocd-server/gke/backend-policy.yaml

@@ -0,0 +1,27 @@
+{{- if and (eq .Values.server.gateway.controller "gke") (eq (tpl (toString .Values.server.gateway.httpRoute.enabled) .) "true") }}
+apiVersion: networking.gke.io/v1
+kind: GCPBackendPolicy
+metadata:
+  name: {{ include "argo-cd.server.fullname" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+    {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
+    {{- with .Values.server.gateway.gke.GCPBackendPolicy.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.server.gateway.gke.GCPBackendPolicy.annotations }}
+  annotations:
+    {{- range $key, $value := . }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+  {{- end }}
+spec:
+  default:
+    {{- with .Values.server.gateway.gke.GCPBackendPolicy.spec.default }}
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
+  targetRef:
+    group: ""
+    kind: Service
+    name: {{ template "argo-cd.server.fullname" . }}
+{{- end }}

charts/argo-cd/templates/argocd-server/gke/gateway-policy.yaml

@@ -0,0 +1,27 @@
+{{- if and .Values.server.gateway.enabled (eq .Values.server.gateway.controller "gke") }}
+apiVersion: networking.gke.io/v1
+kind: GCPGatewayPolicy
+metadata:
+  name: {{ include "argo-cd.server.fullname" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+    {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
+    {{- with .Values.server.gateway.gke.GCPGatewayPolicy.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.server.gateway.gke.GCPGatewayPolicy.annotations }}
+  annotations:
+    {{- range $key, $value := . }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+  {{- end }}
+spec:
+  default:
+    {{- with .Values.server.gateway.gke.GCPGatewayPolicy.spec.default }}
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
+  targetRef:
+    group: gateway.networking.k8s.io
+    kind: Gateway
+    name: {{ include "argo-cd.server.fullname" . }}
+{{- end }}

charts/argo-cd/templates/argocd-server/gke/healthcheck-policy.yaml

@@ -0,0 +1,27 @@
+{{- if and (eq .Values.server.gateway.controller "gke") (eq (tpl (toString .Values.server.gateway.httpRoute.enabled) .) "true") }}
+apiVersion: networking.gke.io/v1
+kind: HealthCheckPolicy
+metadata:
+  name: {{ include "argo-cd.server.fullname" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+    {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
+    {{- with .Values.server.gateway.gke.HealthCheckPolicy.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.server.gateway.gke.HealthCheckPolicy.annotations }}
+  annotations:
+    {{- range $key, $value := . }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+  {{- end }}
+spec:
+  default:
+    {{- with .Values.server.gateway.gke.HealthCheckPolicy.spec.default }}
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
+  targetRef:
+    group: ""
+    kind: Service
+    name: {{ template "argo-cd.server.fullname" . }}
+{{- end }}

charts/argo-cd/values.yaml

@@ -2151,53 +2151,116 @@ server:
     # -- Automount API credentials for the Service Account
     automountServiceAccountToken: true
 
-  # Argo CD server Gateway API HTTPRoute configuration
+  # Argo CD server Gateway API configuration
   # NOTE: Alpha feature, gRPC & TLS pass-through will not work
-  gatewayAPI:
-    # -- Enable a Gateway API resources for the Argo CD server
+  gateway:
+    # -- enable a gateway resource for ArgoCD
+    ## Note: you can already have an existing Gateway and just wanted to add a route and backend policy to that Gateway, let false in that case
     enabled: false
-    # -- Additional route labels
+    name: '{{ include "argo-cd.server.fullname" . }}'
+    # -- Specific implementation for gateway controller. Only `None` and `gke` are supported.
+    ## With `None`, the gateway is supposed to already exist and no specific object will be created
+    ## Additional configuration might be required in related configuration sections for `gke`
+    controller: None
+    # Argo CD server Gateway API HTTPRoute configuration
+    # NOTE: Alpha feature, gRPC & TLS pass-through will not work
+    # -- Additional gateway labels
     labels: {}
-    # -- Additional route annotations
+    # -- Additional gateway annotations
     annotations: {}
+    #  networking.gke.io/certmap: "CERTIFICATE_MAP"
+    gatewayClassName: ""
+    # @default -- `""` (See [values.yaml])
+    # gatewayClassName: gke-l7-global-external-managed
+    # gatewayClassName: gke-l7-rilb
+    listeners:
+      - name: http
+        protocol: HTTP
+        port: 80
+        allowedRoutes:
+          namespaces:
+            from: Same
+      # - name: https
+      #   protocol: HTTPS
+      #   port: 443
+      #   allowedRoutes:
+      #     namespaces:
+      #       from: Same
+    gke:
+      GCPGatewayPolicy:
+        # -- Additional gateway labels
+        labels: {}
+        # -- Additional gateway annotations
+        annotations: {}
+        spec:
+          default: {}
+      GCPBackendPolicy:
+        # -- Additional gateway labels
+        labels: {}
+        # -- Additional gateway annotations
+        annotations: {}
+        spec:
+          default: {}
+      HealthCheckPolicy:
+        # -- Additional gateway labels
+        labels: {}
+        # -- Additional gateway annotations
+        annotations: {}
+        spec:
+          default:
+            logConfig:
+              enabled: true
+          config:
+            type: HTTP
+            httpHealthCheck:
+              port: '{{ .Values.server.service.servicePortHttp }}'
+              requestPath: "/"
 
-    # -- Defines which Gateway will implement the resource
-    gateway: ""
+    httpRoute:
+      # -- Enable a Gateway HTTP route resources for the Argo CD server
+      enabled: "{{ .Values.server.gateway.enabled | default false }}"
+      # -- Additional route labels
+      labels: {}
+      # -- Additional route annotations
+      annotations: {}
 
-    # -- Defines which Gateway section will implement the resource
-    gatewaySection: ""
+      # -- Defines which Gateway will implement the resource
+      gateway: ""
 
-    # -- Argo CD server hostname
-    # @default -- `""` (defaults to global.domain)
-    hostname: ""
+      # -- Defines which Gateway section will implement the resource
+      gatewaySection: ""
 
-    # -- The path to Argo CD server
-    path: /
+      # -- Argo CD server hostname
+      # @default -- `""` (defaults to global.domain)
+      hostname: ""
 
-    # -- HTTP reoute path type. Either 'Exact' or `PathPrefix`
-    pathType: PathPrefix
+      # -- The path to Argo CD server
+      path: /
 
-    # -- The list of additional hostnames to be covered by API Gateway record
-    extraHosts: []
+      # -- HTTP reoute path type. Either 'Exact' or `PathPrefix`
+      pathType: PathPrefix
 
-    # -- Additional API Gateway paths
-    # @default -- `[]` (See [values.yaml])
-    ## Note: Supports use of custom Helm templates
-    extraPaths: []
-      # - type: PathPrefix
-      #   value: /*
+      # -- The list of additional hostnames to be covered by API Gateway record
+      extraHosts: []
 
-    # -- Additional routing rules
-    # @default -- `[]` (See [values.yaml])
-    ## Note: Supports use of custom Helm templates
-    extraRules: []
-      # - matches:
-      #   - path:
-      #       type: PathPrefix
-      #       value: /
-      #     backendRefs:
-      #       - name: '{{ include "argo-cd.server.fullname" . }}'
-      #         port: '{{ .Values.server.service.servicePortHttpName }}'
+      # -- Additional API Gateway paths
+      # @default -- `[]` (See [values.yaml])
+      ## Note: Supports use of custom Helm templates
+      extraPaths: []
+        # - type: PathPrefix
+        #   value: /*
+
+      # -- Additional routing rules
+      # @default -- `[]` (See [values.yaml])
+      ## Note: Supports use of custom Helm templates
+      extraRules: []
+        # - matches:
+        #   - path:
+        #       type: PathPrefix
+        #       value: /
+        #     backendRefs:
+        #       - name: '{{ include "argo-cd.server.fullname" . }}'
+        #         port: '{{ .Values.server.service.servicePortHttpName }}'
 
 
   # Argo CD server ingress configuration