feat(argo-cd): add gateway creation and gke objects

Signed-off-by: Tristan Duverger <tristan.duverger@gmail.com>
2024-10-04 10:55:11 +02:00 · 2024-10-04 10:55:11 +02:00 · 59c226c2ca
commit 59c226c2ca
parent 5d0a8a2361
6 changed files with 217 additions and 46 deletions
--- a/charts/argo-cd/templates/argocd-server/gateway-httproute.yaml
+++ b/charts/argo-cd/templates/argocd-server/gateway-httproute.yaml
@ -1,4 +1,4 @@
-{{- if .Values.server.gatewayAPI.enabled }}
+{{- if eq (tpl (toString .Values.server.gateway.httpRoute.enabled) .) "true" }}
 apiVersion: gateway.networking.k8s.io/v1
 kind: HTTPRoute
 metadata:
@ -6,10 +6,10 @@ metadata:
  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
-    {{- with .Values.server.gatewayAPI.labels }}
+    {{- with .Values.server.gateway.httpRoute.labels }}
      {{- toYaml . | nindent 4 }}
    {{- end }}
-  {{- with .Values.server.gatewayAPI.annotations }}
+  {{- with .Values.server.gateway.httpRoute.annotations }}
  annotations:
    {{- range $key, $value := . }}
    {{ $key }}: {{ $value | quote }}
@ -19,13 +19,13 @@ spec:
  parentRefs:
    - group: gateway.networking.k8s.io
      kind: Gateway
-      name: {{ .Values.server.gatewayAPI.gateway }}
-      {{- with .Values.server.gatewayAPI.gatewaySection }}
+      name: {{ tpl .Values.server.gateway.name . }}
+      {{- with .Values.server.gateway.httpRoute.gatewaySection }}
      sectionName: {{ . }}
      {{- end }}
  hostnames:
-    - {{ .Values.server.gatewayAPI.hostname | default .Values.global.domain }}
-    {{- with .Values.server.gatewayAPI.extraHosts }}
+    - {{ .Values.server.gateway.httpRoute.hostname | default .Values.global.domain }}
+    {{- with .Values.server.gateway.httpRoute.extraHosts }}
      {{- toYaml . | nindent 4 }}
    {{- end }}
  rules:
@ -34,11 +34,11 @@ spec:
    {{- end }}
    - matches:
        - path:
-            type: {{ .Values.server.gatewayAPI.pathType }}
-            value: {{ .Values.server.gatewayAPI.path }}
-        {{- range .Values.server.gatewayAPI.extraPaths }}
+            type: {{ .Values.server.gateway.httpRoute.pathType }}
+            value: {{ .Values.server.gateway.httpRoute.path }}
+        {{- range .Values.server.gateway.httpRoute.extraPaths }}
        - path:
-            type: {{ .type | default $.Values.gatewayAPI.pathType }}
+            type: {{ .type | default $.Values.server.gateway.httpRoute.pathType }}
            value: {{ .value }}
        {{- end }}
      backendRefs:
--- a/charts/argo-cd/templates/argocd-server/gateway.yaml
+++ b/charts/argo-cd/templates/argocd-server/gateway.yaml
@ -0,0 +1,27 @@
+{{- if and .Values.server.gateway.enabled (eq .Values.server.gateway.controller "gke") }}
+kind: Gateway
+apiVersion: gateway.networking.k8s.io/v1
+metadata:
+  name: {{ tpl .Values.server.gateway.name . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+    {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
+    {{- with .Values.server.gateway.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.server.gateway.annotations }}
+  annotations:
+    {{- range $key, $value := . }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+  {{- end }}
+spec:
+  {{- if not .Values.server.gateway.gatewayClassName }}
+    {{- fail ".Values.server.gateway.gatewayClassName must be defined" }}
+  {{- end }}
+  gatewayClassName: {{ .Values.server.gateway.gatewayClassName }}
+  listeners:
+    {{- with .Values.server.gateway.listeners }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+{{- end }}
--- a/charts/argo-cd/templates/argocd-server/gke/backend-policy.yaml
+++ b/charts/argo-cd/templates/argocd-server/gke/backend-policy.yaml
@ -0,0 +1,27 @@
+{{- if and (eq .Values.server.gateway.controller "gke") (eq (tpl (toString .Values.server.gateway.httpRoute.enabled) .) "true") }}
+apiVersion: networking.gke.io/v1
+kind: GCPBackendPolicy
+metadata:
+  name: {{ include "argo-cd.server.fullname" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+    {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
+    {{- with .Values.server.gateway.gke.GCPBackendPolicy.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.server.gateway.gke.GCPBackendPolicy.annotations }}
+  annotations:
+    {{- range $key, $value := . }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+  {{- end }}
+spec:
+  default:
+    {{- with .Values.server.gateway.gke.GCPBackendPolicy.spec.default }}
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
+  targetRef:
+    group: ""
+    kind: Service
+    name: {{ template "argo-cd.server.fullname" . }}
+{{- end }}
--- a/charts/argo-cd/templates/argocd-server/gke/gateway-policy.yaml
+++ b/charts/argo-cd/templates/argocd-server/gke/gateway-policy.yaml
@ -0,0 +1,27 @@
+{{- if and .Values.server.gateway.enabled (eq .Values.server.gateway.controller "gke") }}
+apiVersion: networking.gke.io/v1
+kind: GCPGatewayPolicy
+metadata:
+  name: {{ include "argo-cd.server.fullname" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+    {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
+    {{- with .Values.server.gateway.gke.GCPGatewayPolicy.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.server.gateway.gke.GCPGatewayPolicy.annotations }}
+  annotations:
+    {{- range $key, $value := . }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+  {{- end }}
+spec:
+  default:
+    {{- with .Values.server.gateway.gke.GCPGatewayPolicy.spec.default }}
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
+  targetRef:
+    group: gateway.networking.k8s.io
+    kind: Gateway
+    name: {{ include "argo-cd.server.fullname" . }}
+{{- end }}
--- a/charts/argo-cd/templates/argocd-server/gke/healthcheck-policy.yaml
+++ b/charts/argo-cd/templates/argocd-server/gke/healthcheck-policy.yaml
@ -0,0 +1,27 @@
+{{- if and (eq .Values.server.gateway.controller "gke") (eq (tpl (toString .Values.server.gateway.httpRoute.enabled) .) "true") }}
+apiVersion: networking.gke.io/v1
+kind: HealthCheckPolicy
+metadata:
+  name: {{ include "argo-cd.server.fullname" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+    {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
+    {{- with .Values.server.gateway.gke.HealthCheckPolicy.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.server.gateway.gke.HealthCheckPolicy.annotations }}
+  annotations:
+    {{- range $key, $value := . }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+  {{- end }}
+spec:
+  default:
+    {{- with .Values.server.gateway.gke.HealthCheckPolicy.spec.default }}
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
+  targetRef:
+    group: ""
+    kind: Service
+    name: {{ template "argo-cd.server.fullname" . }}
+{{- end }}
--- a/charts/argo-cd/values.yaml
+++ b/charts/argo-cd/values.yaml
@ -2151,11 +2151,74 @@ server:
    # -- Automount API credentials for the Service Account
    automountServiceAccountToken: true

+  # Argo CD server Gateway API configuration
+  # NOTE: Alpha feature, gRPC & TLS pass-through will not work
+  gateway:
+    # -- enable a gateway resource for ArgoCD
+    ## Note: you can already have an existing Gateway and just wanted to add a route and backend policy to that Gateway, let false in that case
+    enabled: false
+    name: '{{ include "argo-cd.server.fullname" . }}'
+    # -- Specific implementation for gateway controller. Only `None` and `gke` are supported.
+    ## With `None`, the gateway is supposed to already exist and no specific object will be created
+    ## Additional configuration might be required in related configuration sections for `gke`
+    controller: None
    # Argo CD server Gateway API HTTPRoute configuration
    # NOTE: Alpha feature, gRPC & TLS pass-through will not work
-  gatewayAPI:
-    # -- Enable a Gateway API resources for the Argo CD server
-    enabled: false
+    # -- Additional gateway labels
+    labels: {}
+    # -- Additional gateway annotations
+    annotations: {}
+    #  networking.gke.io/certmap: "CERTIFICATE_MAP"
+    gatewayClassName: ""
+    # @default -- `""` (See [values.yaml])
+    # gatewayClassName: gke-l7-global-external-managed
+    # gatewayClassName: gke-l7-rilb
+    listeners:
+      - name: http
+        protocol: HTTP
+        port: 80
+        allowedRoutes:
+          namespaces:
+            from: Same
+      # - name: https
+      #   protocol: HTTPS
+      #   port: 443
+      #   allowedRoutes:
+      #     namespaces:
+      #       from: Same
+    gke:
+      GCPGatewayPolicy:
+        # -- Additional gateway labels
+        labels: {}
+        # -- Additional gateway annotations
+        annotations: {}
+        spec:
+          default: {}
+      GCPBackendPolicy:
+        # -- Additional gateway labels
+        labels: {}
+        # -- Additional gateway annotations
+        annotations: {}
+        spec:
+          default: {}
+      HealthCheckPolicy:
+        # -- Additional gateway labels
+        labels: {}
+        # -- Additional gateway annotations
+        annotations: {}
+        spec:
+          default:
+            logConfig:
+              enabled: true
+          config:
+            type: HTTP
+            httpHealthCheck:
+              port: '{{ .Values.server.service.servicePortHttp }}'
+              requestPath: "/"
+
+    httpRoute:
+      # -- Enable a Gateway HTTP route resources for the Argo CD server
+      enabled: "{{ .Values.server.gateway.enabled | default false }}"
      # -- Additional route labels
      labels: {}
      # -- Additional route annotations