feat(argo-cd): add gateway creation and gke objects

Signed-off-by: Tristan Duverger <tristan.duverger@gmail.com>

charts/argo-cd/templates/argocd-server/gateway-httproute.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.server.gatewayAPI.enabled }}
+{{- if eq (tpl (toString .Values.server.gateway.httpRoute.enabled) .) "true" }}
 apiVersion: gateway.networking.k8s.io/v1
 kind: HTTPRoute
 metadata:
@@ -6,10 +6,10 @@ metadata:
   namespace: {{ .Release.Namespace | quote }}
   labels:
     {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
-    {{- with .Values.server.gatewayAPI.labels }}
+    {{- with .Values.server.gateway.httpRoute.labels }}
       {{- toYaml . | nindent 4 }}
     {{- end }}
-  {{- with .Values.server.gatewayAPI.annotations }}
+  {{- with .Values.server.gateway.httpRoute.annotations }}
   annotations:
     {{- range $key, $value := . }}
     {{ $key }}: {{ $value | quote }}
@@ -19,13 +19,13 @@ spec:
   parentRefs:
     - group: gateway.networking.k8s.io
       kind: Gateway
-      name: {{ .Values.server.gatewayAPI.gateway }}
+      name: {{ tpl .Values.server.gateway.name . }}
-      {{- with .Values.server.gatewayAPI.gatewaySection }}
+      {{- with .Values.server.gateway.httpRoute.gatewaySection }}
       sectionName: {{ . }}
       {{- end }}
   hostnames:
-    - {{ .Values.server.gatewayAPI.hostname | default .Values.global.domain }}
+    - {{ .Values.server.gateway.httpRoute.hostname | default .Values.global.domain }}
-    {{- with .Values.server.gatewayAPI.extraHosts }}
+    {{- with .Values.server.gateway.httpRoute.extraHosts }}
       {{- toYaml . | nindent 4 }}
     {{- end }}
   rules:
@@ -34,11 +34,11 @@ spec:
     {{- end }}
     - matches:
         - path:
-            type: {{ .Values.server.gatewayAPI.pathType }}
+            type: {{ .Values.server.gateway.httpRoute.pathType }}
-            value: {{ .Values.server.gatewayAPI.path }}
+            value: {{ .Values.server.gateway.httpRoute.path }}
-        {{- range .Values.server.gatewayAPI.extraPaths }}
+        {{- range .Values.server.gateway.httpRoute.extraPaths }}
         - path:
-            type: {{ .type | default $.Values.gatewayAPI.pathType }}
+            type: {{ .type | default $.Values.server.gateway.httpRoute.pathType }}
             value: {{ .value }}
         {{- end }}
       backendRefs:

charts/argo-cd/templates/argocd-server/gateway.yaml

@@ -0,0 +1,27 @@
+{{- if and .Values.server.gateway.enabled (eq .Values.server.gateway.controller "gke") }}
+kind: Gateway
+apiVersion: gateway.networking.k8s.io/v1
+metadata:
+  name: {{ tpl .Values.server.gateway.name . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+    {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
+    {{- with .Values.server.gateway.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.server.gateway.annotations }}
+  annotations:
+    {{- range $key, $value := . }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+  {{- end }}
+spec:
+  {{- if not .Values.server.gateway.gatewayClassName }}
+    {{- fail ".Values.server.gateway.gatewayClassName must be defined" }}
+  {{- end }}
+  gatewayClassName: {{ .Values.server.gateway.gatewayClassName }}
+  listeners:
+    {{- with .Values.server.gateway.listeners }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+{{- end }}

charts/argo-cd/templates/argocd-server/gke/backend-policy.yaml

@@ -0,0 +1,27 @@
+{{- if and (eq .Values.server.gateway.controller "gke") (eq (tpl (toString .Values.server.gateway.httpRoute.enabled) .) "true") }}
+apiVersion: networking.gke.io/v1
+kind: GCPBackendPolicy
+metadata:
+  name: {{ include "argo-cd.server.fullname" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+    {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
+    {{- with .Values.server.gateway.gke.GCPBackendPolicy.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.server.gateway.gke.GCPBackendPolicy.annotations }}
+  annotations:
+    {{- range $key, $value := . }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+  {{- end }}
+spec:
+  default:
+    {{- with .Values.server.gateway.gke.GCPBackendPolicy.spec.default }}
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
+  targetRef:
+    group: ""
+    kind: Service
+    name: {{ template "argo-cd.server.fullname" . }}
+{{- end }}

charts/argo-cd/templates/argocd-server/gke/gateway-policy.yaml

@@ -0,0 +1,27 @@
+{{- if and .Values.server.gateway.enabled (eq .Values.server.gateway.controller "gke") }}
+apiVersion: networking.gke.io/v1
+kind: GCPGatewayPolicy
+metadata:
+  name: {{ include "argo-cd.server.fullname" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+    {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
+    {{- with .Values.server.gateway.gke.GCPGatewayPolicy.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.server.gateway.gke.GCPGatewayPolicy.annotations }}
+  annotations:
+    {{- range $key, $value := . }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+  {{- end }}
+spec:
+  default:
+    {{- with .Values.server.gateway.gke.GCPGatewayPolicy.spec.default }}
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
+  targetRef:
+    group: gateway.networking.k8s.io
+    kind: Gateway
+    name: {{ include "argo-cd.server.fullname" . }}
+{{- end }}

charts/argo-cd/templates/argocd-server/gke/healthcheck-policy.yaml

@@ -0,0 +1,27 @@
+{{- if and (eq .Values.server.gateway.controller "gke") (eq (tpl (toString .Values.server.gateway.httpRoute.enabled) .) "true") }}
+apiVersion: networking.gke.io/v1
+kind: HealthCheckPolicy
+metadata:
+  name: {{ include "argo-cd.server.fullname" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+    {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
+    {{- with .Values.server.gateway.gke.HealthCheckPolicy.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.server.gateway.gke.HealthCheckPolicy.annotations }}
+  annotations:
+    {{- range $key, $value := . }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+  {{- end }}
+spec:
+  default:
+    {{- with .Values.server.gateway.gke.HealthCheckPolicy.spec.default }}
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
+  targetRef:
+    group: ""
+    kind: Service
+    name: {{ template "argo-cd.server.fullname" . }}
+{{- end }}

charts/argo-cd/values.yaml

@@ -2151,11 +2151,74 @@ server:
     # -- Automount API credentials for the Service Account
     automountServiceAccountToken: true
 
+  # Argo CD server Gateway API configuration
+  # NOTE: Alpha feature, gRPC & TLS pass-through will not work
+  gateway:
+    # -- enable a gateway resource for ArgoCD
+    ## Note: you can already have an existing Gateway and just wanted to add a route and backend policy to that Gateway, let false in that case
+    enabled: false
+    name: '{{ include "argo-cd.server.fullname" . }}'
+    # -- Specific implementation for gateway controller. Only `None` and `gke` are supported.
+    ## With `None`, the gateway is supposed to already exist and no specific object will be created
+    ## Additional configuration might be required in related configuration sections for `gke`
+    controller: None
     # Argo CD server Gateway API HTTPRoute configuration
     # NOTE: Alpha feature, gRPC & TLS pass-through will not work
-  gatewayAPI:
+    # -- Additional gateway labels
-    # -- Enable a Gateway API resources for the Argo CD server
+    labels: {}
-    enabled: false
+    # -- Additional gateway annotations
+    annotations: {}
+    #  networking.gke.io/certmap: "CERTIFICATE_MAP"
+    gatewayClassName: ""
+    # @default -- `""` (See [values.yaml])
+    # gatewayClassName: gke-l7-global-external-managed
+    # gatewayClassName: gke-l7-rilb
+    listeners:
+      - name: http
+        protocol: HTTP
+        port: 80
+        allowedRoutes:
+          namespaces:
+            from: Same
+      # - name: https
+      #   protocol: HTTPS
+      #   port: 443
+      #   allowedRoutes:
+      #     namespaces:
+      #       from: Same
+    gke:
+      GCPGatewayPolicy:
+        # -- Additional gateway labels
+        labels: {}
+        # -- Additional gateway annotations
+        annotations: {}
+        spec:
+          default: {}
+      GCPBackendPolicy:
+        # -- Additional gateway labels
+        labels: {}
+        # -- Additional gateway annotations
+        annotations: {}
+        spec:
+          default: {}
+      HealthCheckPolicy:
+        # -- Additional gateway labels
+        labels: {}
+        # -- Additional gateway annotations
+        annotations: {}
+        spec:
+          default:
+            logConfig:
+              enabled: true
+          config:
+            type: HTTP
+            httpHealthCheck:
+              port: '{{ .Values.server.service.servicePortHttp }}'
+              requestPath: "/"
+
+    httpRoute:
+      # -- Enable a Gateway HTTP route resources for the Argo CD server
+      enabled: "{{ .Values.server.gateway.enabled | default false }}"
       # -- Additional route labels
       labels: {}
       # -- Additional route annotations