DevFW-CICD/argocd-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(argo-workflows): fix merge conflicts

Browse source 
Signed-off-by: g-linville <53102776+g-linville@users.noreply.github.com>
This commit is contained in:
g-linville 2021-05-21 17:47:13 -04:00
commit 5dd1f4a84c
142 changed files with 2080 additions and 1427 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
.circleci/chart-testing.yaml
View file

@ -1,4 +0,0 @@
chart-repos:
- argo=https://argoproj.github.io/argo-helm
- minio=https://helm.min.io/
- dandydeveloper=https://dandydeveloper.github.io/charts/

29
.circleci/config.yml
View file

@ -5,32 +5,13 @@ jobs:
- image: quay.io/helmpack/chart-testing:v3.3.1
steps:
- checkout
- run: helm repo add stable https://charts.helm.sh/stable
- run: ct lint --config .circleci/chart-testing.yaml --lint-conf .circleci/lintconf.yaml
# Technically this only needs to be run on master, but it's good to have it run on every PR
# so that it is regularly tested.
- run: ct lint --config .github/configs/ct-lint.yaml --lint-conf .github/configs/lintconf.yaml
publish:
docker:
# We just need an image with `helm` on it. Handily we know of one already.
- image: quay.io/helmpack/chart-testing:v3.3.1
- image: bash
steps:
# install the additional keys needed to push to GitHub. Alex Collins owns these keys.
- add_ssh_keys
- run: git config --global user.email "nobody@circleci.com"
- run: git config --global user.name "Circle CI Build"
- checkout
- run: helm repo add stable https://charts.helm.sh/stable
- run: helm repo add minio https://helm.min.io/
- run: helm repo add dandydeveloper https://dandydeveloper.github.io/charts/
# Only actually publish charts on master.
- run: |
set -x
if [ "$CIRCLE_BRANCH" = "master" ]; then
export GIT_PUSH=true
else
export GIT_PUSH=false
fi
sh ./scripts/publish.sh
- run: echo "Replaced by Github Workflow - https://github.com/argoproj/argo-helm/actions/workflows/publish.yml"
workflows:
version: 2
workflow:
@ -38,4 +19,4 @@ workflows:
- lint
- publish:
requires:
- lint
- lint

2
.github/configs/cr.yaml vendored Normal file
View file

@ -0,0 +1,2 @@
## Reference: https://github.com/helm/chart-releaser
index-path: "./index.yaml"

19
.github/configs/ct-install.yaml vendored Normal file
View file

@ -0,0 +1,19 @@
## Reference: https://github.com/helm/chart-testing/blob/master/doc/ct_lint-and-install.md
# Don't add the 'debug' attribute, otherwise the workflow won't work anymore
# Only Used for the CT Install Stage
remote: origin
chart-dirs:
- charts
chart-repos:
- argo=https://argoproj.github.io/argo-helm
- minio=https://helm.min.io/
- dandydeveloper=https://dandydeveloper.github.io/charts/
- stable=https://charts.helm.sh/stable
- incubator=https://charts.helm.sh/incubator
helm-extra-args: "--timeout 600s"
validate-chart-schema: false
validate-maintainers: true
validate-yaml: true
exclude-deprecated: true
excluded-charts:
- "argocd-applicationset"

18
.github/configs/ct-lint.yaml vendored Normal file
View file

@ -0,0 +1,18 @@
## Reference: https://github.com/helm/chart-testing/blob/master/doc/ct_lint-and-install.md
# Don't add the 'debug' attribute, otherwise the workflow won't work anymore
# Only Used for the CT Lint Stage
remote: origin
chart-dirs:
- charts
chart-repos:
- argo=https://argoproj.github.io/argo-helm
- minio=https://helm.min.io/
- dandydeveloper=https://dandydeveloper.github.io/charts/
- stable=https://charts.helm.sh/stable
- incubator=https://charts.helm.sh/incubator
helm-extra-args: "--timeout 600s"
validate-chart-schema: false
validate-maintainers: true
validate-yaml: true
exclude-deprecated: true
excluded-charts: []

0
.circleci/lintconf.yaml → .github/configs/lintconf.yaml vendored
View file

1
.github/stale.yml vendored
View file

@ -1 +0,0 @@
# See https://github.com/probot/stale

45
.github/workflows/lint-and-test.yml vendored Normal file
View file

@ -0,0 +1,45 @@
## Reference: https://github.com/helm/chart-testing-action
---
name: Linting and Testing
on: pull_request
jobs:
chart-test:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Set up Helm
uses: azure/setup-helm@v1
- name: Set up python
uses: actions/setup-python@v2
with:
python-version: 3.7
- name: Setup Chart Linting
id: lint
uses: helm/chart-testing-action@v2.0.1
- name: List changed charts
id: list-changed
run: |
## If executed with debug this won't work anymore.
changed=$(ct --config ./.github/configs/ct-lint.yaml list-changed)
charts=$(echo "$changed" | tr '\n' ' ' | xargs)
if [[ -n "$changed" ]]; then
echo "::set-output name=changed::true"
echo "::set-output name=changed_charts::$charts"
fi
- name: Run chart-testing (lint)
run: ct lint --debug --config ./.github/configs/ct-lint.yaml --lint-conf ./.github/configs/lintconf.yaml
- name: Create kind cluster
uses: helm/kind-action@v1.1.0
if: steps.list-changed.outputs.changed == 'true'
- name: Run chart-testing (install)
run: ct install --config ./.github/configs/ct-install.yaml
if: steps.list-changed.outputs.changed == 'true'

14
.github/workflows/pr-sizing.yml vendored Normal file
View file

@ -0,0 +1,14 @@
## Reference: https://github.com/pascalgn/size-label-action
---
name: 'PR Size'
on:
pull_request_target:
types: [opened, synchronize, reopened]
jobs:
size-label:
runs-on: ubuntu-latest
steps:
- name: size-label
uses: "pascalgn/size-label-action@v0.4.2"
env:
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

42
.github/workflows/publish.yml vendored Normal file
View file

@ -0,0 +1,42 @@
---
name: Chart Publish
on:
push:
branches:
- master
- rewrite-build
jobs:
publish:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Install Helm
uses: azure/setup-helm@v1
- name: Add dependency chart repos
run: |
helm repo add argo https://argoproj.github.io/argo-helm
helm repo add minio https://helm.min.io/
helm repo add dandydeveloper https://dandydeveloper.github.io/charts/
helm repo add stable https://charts.helm.sh/stable
helm repo add incubator https://charts.helm.sh/incubator
- name: Configure Git
run: |
git config user.name "$GITHUB_ACTOR"
git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
## This is required to consider the old Circle-CI Index and to stay compatible with all the old releases.
- name: Fetch current Chart Index
run: |
git checkout origin/gh-pages index.yaml
- name: Run chart-releaser
uses: helm/chart-releaser-action@v1.2.0
with:
config: "./.github/configs/cr.yaml"
env:
CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

4
.github/workflows/stale.yml vendored
View file

@ -1,14 +1,10 @@
name: Mark stale issues and pull requests
on:
schedule:
- cron: "30 1 * * *"
jobs:
stale:
runs-on: ubuntu-latest
steps:
- uses: actions/stale@v3
with:

7
CODEOWNERS
View file

@ -1,16 +1,19 @@
# https://help.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners
# All charts
/charts/ @mkilchhofer
# Argo Workflows
/charts/argo @stefansedich @paguos @vladlosev @yann-soubeyrand @oliverbaehler
# Argo CD
/charts/argo-cd @seanson @spencergilbert @davidkarlsen @mr-sour @yann-soubeyrand @oliverbaehler
/charts/argo-cd @seanson @davidkarlsen @mr-sour @yann-soubeyrand @oliverbaehler
# Argo Events
/charts/argo-events @jbehling @VaibhavPage @oliverbaehler
# Argo Rollouts
/charts/argo-rollouts @cabrinha @oliverbaehler
/charts/argo-rollouts @oliverbaehler
# Argo CD Notifications
/charts/argocd-notifications @alexmt @andyfeller @oliverbaehler

17
CONTRIBUTING.md
View file

@ -22,6 +22,12 @@ helm delete argo-cd --purge
kubectl delete crd -l app.kubernetes.io/part-of=argocd
```
Pre-requisites:
```
helm repo add redis-ha https://dandydeveloper.github.io/charts/
helm dependency update
```
Minimally:
```
@ -80,7 +86,7 @@ As part of the Continuous Integration system we run Helm's [Chart Testing](https
The checks for this tool are stricter than the standard Helm requirements, where fields normally considered optional like `maintainer` are required in the standard spec and must be valid GitHub usernames.
Linting configuration can be found in [lintconf.yaml](.circleci/lintconf.yaml)
Linting configuration can be found in [ct-lint.yaml](./.github/configs/ct-lint.yaml)
The linting can be invoked manually with the following command:
@ -90,11 +96,4 @@ The linting can be invoked manually with the following command:
## Publishing Changes
Changes are automatically publish whenever a commit is merged to master. The CI job (see `.circleci/config.yaml`) runs this:
```
GIT_PUSH=true ./scripts/publish.sh
```
Script generates tar file for each chart in `charts` directory and push changes to `gh-pages` branch.
Write access to https://github.com/argoproj/argo-helm.git is required to publish changes.
Changes are automatically publish whenever a commit is merged to master. The CI job (see `./.github/workflows/publish.yml`).

2
README.md
View file

@ -1,5 +1,7 @@
# Argo Helm Charts
[![Chart Publish](https://github.com/argoproj/argo-helm/actions/workflows/publish.yml/badge.svg?branch=master)](https://github.com/argoproj/argo-helm/actions/workflows/publish.yml)
Argo Helm is a collection of **community maintained** charts for http://argoproj.io/ projects. The charts can be added using following command:
```

6
charts/argo-cd/Chart.lock
View file

@ -1,6 +1,6 @@
dependencies:
- name: redis-ha
repository: https://dandydeveloper.github.io/charts/
version: 4.10.1
digest: sha256:e1e0526ad009ecc065df937b48c4e0e5877e5194242c7888b1dc4467775f2663
generated: "2021-04-01T08:36:01.324672-07:00"
version: 4.12.14
digest: sha256:34275a4f4df92c570d07b0553da5d1fa200b6f057f7091746c853fd7399ee30a
generated: "2021-05-03T16:02:41.4356045-04:00"

6
charts/argo-cd/Chart.yaml
View file

@ -1,8 +1,8 @@
apiVersion: v2
appVersion: 2.0.0
appVersion: 2.0.1
description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes.
name: argo-cd
version: 3.0.0
version: 3.5.0
home: https://github.com/argoproj/argo-helm
icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
keywords:
@ -16,6 +16,6 @@ maintainers:
- name: seanson
dependencies:
- name: redis-ha
version: 4.10.1
version: 4.12.14
repository: https://dandydeveloper.github.io/charts/
condition: redis-ha.enabled

31
charts/argo-cd/README.md
View file

@ -12,6 +12,26 @@ The default installation is intended to be similar to the provided ArgoCD [relea
This chart currently installs the non-HA version of ArgoCD.
### Synchronizing Changes from Original Repository
In the original [ArgoCD repository](https://github.com/argoproj/argo-cd/) an [`manifests/install.yaml`](https://github.com/argoproj/argo-cd/blob/master/manifests/install.yaml) is generated using `kustomize`. It's the basis for the installation as [described in the docs](https://argo-cd.readthedocs.io/en/stable/getting_started/#1-install-argo-cd).
When installing ArgoCD using this helm chart the user should have a similar experience and configuration rolled out. Hence, it makes sense to try to achieve a similar output of rendered `.yaml` resources when calling `helm template` using the default settings in `values.yaml`.
To update the templates and default settings in `values.yaml` it may come in handy to look up the diff of the `manifests/install.yaml` between two versions accordingly. This can either be done directly via github and look for `manifests/install.yaml`:
https://github.com/argoproj/argo-cd/compare/v1.8.7...v2.0.0#files_bucket
Or you clone the repository and do a local `git-diff`:
```bash
git clone https://github.com/argoproj/argo-cd.git
cd argo-cd
git diff v1.8.7 v2.0.0 -- manifests/install.yaml
```
Changes in the `CustomResourceDefinition` resources shall be fixed easily by copying 1:1 from the [`manifests/crds` folder](https://github.com/argoproj/argo-cd/tree/master/manifests/crds) into this [`charts/argo-cd/crds` folder](https://github.com/argoproj/argo-helm/tree/master/charts/argo-cd/crds).
## Upgrading
### 3.0.0 and above
@ -20,7 +40,7 @@ Helm apiVersion switched to `v2`. Requires Helm `3.0.0` or above to install. [Re
### 2.14.7 and above
The `matchLabels` key in the ArgoCD Appliaction Controller is no longer hard-coded. Note that labels are immutable so caution should be exercised when making changes to this resource.
The `matchLabels` key in the ArgoCD Application Controller is no longer hard-coded. Note that labels are immutable so caution should be exercised when making changes to this resource.
### 2.10.x to 2.11.0
@ -80,6 +100,7 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i
| global.hostAliases | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | `[]` |
| nameOverride | Provide a name in place of `argocd` | `"argocd"` |
| installCRDs | Install CRDs if you are using Helm2. | `true` |
| configs.clusterCredentials | Provide one or multiple [external cluster credentials](https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#clusters) | `[]` (See [values.yaml](values.yaml)) |
| configs.knownHostsAnnotations | Known Hosts configmap annotations | `{}` |
| configs.knownHosts.data.ssh_known_hosts | Known Hosts | See [values.yaml](values.yaml) |
| configs.secret.annotations | Annotations for argocd-secret | `{}` |
@ -92,6 +113,7 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i
| configs.tlsCertsAnnotations | TLS certificate configmap annotations | `{}` |
| configs.tlsCerts.data."argocd.example.com" | TLS certificate | See [values.yaml](values.yaml) |
| configs.secret.extra | add additional secrets to be added to argocd-secret | `{}` |
| configs.styles | Define custom CSS styles for your argo instance ([Read More](https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/)). This Settings will automatically mount the provided css and reference it in the argo configuration. | `""` (See [values.yaml](values.yaml)) |
| openshift.enabled | enables using arbitrary uid for argo repo server | `false` |
## ArgoCD Controller
@ -226,12 +248,14 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i
| server.ingress.enabled | Enable an ingress resource for the server | `false` |
| server.ingress.hosts | List of ingress hosts | `[]` |
| server.ingress.labels | Additional ingress labels. | `{}` |
| server.ingress.ingressClassName | Defines which ingress controller will implement the resource | `""` |
| server.ingress.tls | Ingress TLS configuration. | `[]` |
| server.ingress.https | Uses `server.service.servicePortHttps` instead `server.service.servicePortHttp` | `false` |
| server.ingressGrpc.annotations | Additional ingress annotations for dedicated [gRPC-ingress] | `{}` |
| server.ingressGrpc.enabled | Enable an ingress resource for the server for dedicated [gRPC-ingress] | `false` |
| server.ingressGrpc.hosts | List of ingress hosts for dedicated [gRPC-ingress] | `[]` |
| server.ingressGrpc.labels | Additional ingress labels for dedicated [gRPC-ingress] | `{}` |
| server.ingressGrpc.ingressClassName | Defines which ingress controller will implement the resource [gRPC-ingress] | `""` |
| server.ingressGrpc.tls | Ingress TLS configuration for dedicated [gRPC-ingress] | `[]` |
| server.route.enabled | Enable a OpenShift route for the server | `false` |
| server.route.hostname | Hostname of OpenShift route | `""` |
@ -331,7 +355,8 @@ through `xxx.extraArgs`
| redis.enabled | Enable redis | `true` |
| redis.image.imagePullPolicy | Redis imagePullPolicy | `"IfNotPresent"` |
| redis.image.repository | Redis repository | `"redis"` |
| redis.image.tag | Redis tag | `"5.0.8"` |
| redis.image.tag | Redis tag | `"6.2.1-alpine"` |
| redis.extraArgs | Additional arguments for the `redis-server`. A list of flags. | `[]` |
| redis.name | Redis name | `"redis"` |
| redis.env | Environment variables for the Redis server. | `[]` |
| redis.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` |
@ -351,6 +376,6 @@ through `xxx.extraArgs`
| redis-ha.redis.config.save | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled | `""` |
| redis-ha.haproxy.enabled | Enabled HAProxy LoadBalancing/Proxy | `true` |
| redis-ha.haproxy.metrics.enabled | HAProxy enable prometheus metric scraping | `true` |
| redis-ha.image.tag | Redis tag | `"5.0.8-alpine"` |
| redis-ha.image.tag | Redis tag | `"6.2.1-alpine"` |
[gRPC-ingress]: https://argoproj.github.io/argo-cd/operator-manual/ingress/

506
charts/argo-cd/crds/crd-application.yaml
View file

File diff suppressed because it is too large Load diff

33
charts/argo-cd/crds/crd-project.yaml
View file

@ -20,8 +20,6 @@ spec:
scope: Namespaced
versions:
- name: v1alpha1
served: true
storage: true
schema:
openAPIV3Schema:
description: 'AppProject provides a logical grouping of applications, providing controls for: * where the apps may deploy to (cluster whitelist) * what may be deployed (repository whitelist, resource whitelist/blacklist) * who can access these applications (roles, OIDC group claims bindings) * and what they can do (RBAC policies) * automation access to these roles (JWT tokens)'
@ -71,16 +69,16 @@ spec:
destinations:
description: Destinations contains list of destinations available for deployment
items:
description: ApplicationDestination contains deployment destination information
description: ApplicationDestination holds information about the application's destination
properties:
name:
description: Name of the destination cluster which can be used instead of server (url) field
description: Name is an alternate way of specifying the target cluster by its symbolic name
type: string
namespace:
description: Namespace overrides the environment namespace value in the ksonnet app.yaml
description: Namespace specifies the target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace
type: string
server:
description: Server overrides the environment server value in the ksonnet app.yaml
description: Server specifies the URL of the target cluster and must be set to the Kubernetes control plane API
type: string
type: object
type: array
@ -116,7 +114,9 @@ spec:
description: OrphanedResources specifies if controller should monitor orphaned resources of apps in this project
properties:
ignore:
description: Ignore contains a list of resources that are to be excluded from orphaned resources monitoring
items:
description: OrphanedResourceKey is a reference to a resource to be ignored from
properties:
group:
type: string
@ -173,7 +173,7 @@ spec:
type: object
type: array
signatureKeys:
description: List of PGP key IDs that commits to be synced to must be signed with
description: SignatureKeys contains a list of PGP key IDs that commits in Git must be signed with in order to be allowed for sync
items:
description: SignatureKey is the specification of a key required to verify commit signatures with
properties:
@ -225,34 +225,35 @@ spec:
type: array
type: object
status:
description: Status of the AppProject
description: AppProjectStatus contains status information for AppProject CRs
properties:
jwtTokensByRole:
description: JWT Tokens issued for each of the roles in the project
additionalProperties:
description: JWTTokens represents a list of JWT tokens
properties:
items:
description: List of JWT Tokens issued for the role
items:
description: Holds the issuedAt and expiresAt values of the token
items:
items:
description: JWTToken holds the issuedAt and expiresAt values of a token
properties:
exp:
description: The expiresAt value of a token
format: int64
type: integer
iat:
description: The issuedAt value of a token
format: int64
type: integer
id:
description: ID of the token
type: string
required:
- iat
type: object
type: array
type: object
description: JWTTokensByRole contains a list of JWT tokens issued for a given role
type: object
type: object
required:
- metadata
- spec
type: object
served: true
storage: true

7
charts/argo-cd/templates/NOTES.txt
View file

@ -9,7 +9,8 @@ In order to access the server UI you have the following options:
- Add the `--insecure` flag to `server.extraArgs` in the values file and terminate SSL at your ingress: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ingress.md#option-2-multiple-ingress-objects-and-hosts
After reaching the UI the first time you can login with username: admin and the password will be the
name of the server pod. You can get the pod name by running:
After reaching the UI the first time you can login with username: admin and the random password generated during the installation. You can find the password by running:
kubectl get pods -n {{ .Release.Namespace }} -l app.kubernetes.io/name={{ include "argo-cd.name" . }}-server -o name | cut -d'/' -f 2
kubectl -n {{ .Release.Namespace }} get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
(You should delete the initial secret afterwards as suggested by the Getting Started Guide: https://github.com/argoproj/argo-cd/blob/master/docs/getting_started.md#4-login-using-the-cli)

33
charts/argo-cd/templates/_helpers.tpl
View file

@ -138,4 +138,35 @@ app.kubernetes.io/instance: {{ .context.Release.Name }}
{{- if .component }}
app.kubernetes.io/component: {{ .component }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Return the appropriate apiVersion for ingress
*/}}
{{- define "argo-cd.ingress.apiVersion" -}}
{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "extensions/v1beta1" -}}
{{- else if semverCompare "<1.19-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "networking.k8s.io/v1beta1" -}}
{{- else -}}
{{- print "networking.k8s.io/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Argo Configuration Preset Values (Incluenced by Values configuration)
*/}}
{{- define "argo-cd.config.presets" -}}
{{- if .Values.configs.styles }}
ui.cssurl: "./custom/custom.styles.css"
{{- end }}
{{- end -}}
{{/*
Merge Argo Configuration with Preset Configuration
*/}}
{{- define "argo-cd.config" -}}
{{- if .Values.server.configEnabled -}}
{{- toYaml (mergeOverwrite (default dict (fromYaml (include "argo-cd.config.presets" $))) .Values.server.config) }}
{{- end -}}
{{- end -}}

6
charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml
View file

@ -6,6 +6,9 @@ metadata:
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
rules:
{{- if .Values.controller.clusterRoleRules.enabled }}
{{- toYaml .Values.controller.clusterRoleRules.rules | nindent 2 }}
{{ else }}
- apiGroups:
- '*'
resources:
@ -16,4 +19,5 @@ rules:
- '*'
verbs:
- '*'
{{- end }}
{{- end }}
{{- end }}

28
charts/argo-cd/templates/argocd-application-controller/deployment.yaml
View file

@ -70,6 +70,9 @@ spec:
{{- if .Values.controller.env }}
env:
{{- toYaml .Values.controller.env | nindent 8 }}
{{- end }}
{{- with .Values.controller.envFrom }}
envFrom: {{- toYaml . | nindent 8 }}
{{- end }}
ports:
- name: controller
@ -92,10 +95,12 @@ spec:
timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.controller.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }}
{{- if .Values.controller.volumeMounts }}
volumeMounts:
{{- toYaml .Values.controller.volumeMounts | nindent 10}}
{{- end }}
- mountPath: /app/config/controller/tls
name: argocd-repo-server-tls
{{- with .Values.controller.volumeMounts }}
{{- toYaml . | nindent 8 }}
{{- end }}
resources:
{{- toYaml .Values.controller.resources | nindent 10 }}
{{- if .Values.controller.nodeSelector }}
@ -115,10 +120,21 @@ spec:
hostAliases:
{{ toYaml . | indent 6 }}
{{- end }}
{{- if .Values.controller.volumes }}
volumes:
{{- toYaml .Values.controller.volumes | nindent 8 }}
{{- end }}
- name: argocd-repo-server-tls
secret:
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
- key: ca.crt
path: ca.crt
optional: true
secretName: argocd-repo-server-tls
{{- with .Values.controller.volumes }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- if .Values.controller.priorityClassName }}
priorityClassName: {{ .Values.controller.priorityClassName }}
{{- end }}

4
charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml
View file

@ -17,7 +17,9 @@ metadata:
spec:
endpoints:
- port: metrics
interval: 30s
{{- with .Values.controller.metrics.serviceMonitor.interval }}
interval: {{ . }}
{{- end }}
path: /metrics
namespaceSelector:
matchNames:

3
charts/argo-cd/templates/argocd-configs/argocd-cm.yaml
View file

@ -11,6 +11,5 @@ metadata:
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
data:
{{- toYaml .Values.server.config | nindent 4 }}
data: {{- include "argo-cd.config" $ | nindent 4 }}
{{- end }}

11
charts/argo-cd/templates/argocd-configs/argocd-styles-cm.yaml Normal file
View file

@ -0,0 +1,11 @@
{{- if .Values.configs.styles }}
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-custom-styles
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
data:
custom.styles.css: |
{{- .Values.configs.styles | nindent 4 }}
{{- end }}

26
charts/argo-cd/templates/argocd-configs/cluster-secrets.yaml Normal file
View file

@ -0,0 +1,26 @@
{{- range .Values.configs.clusterCredentials }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ include "argo-cd.name" $ }}-cluster-{{ .name }}
labels:
{{- include "argo-cd.labels" (dict "context" $) | nindent 4 }}
{{- with .labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
argocd.argoproj.io/secret-type: cluster
{{- with .annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
type: Opaque
stringData:
name: {{ required "A valid .Values.configs.clusterCredentials[].name entry is required!" .name }}
server: {{ required "A valid .Values.configs.clusterCredentials[].server entry is required!" .server }}
{{- with .namespaces }}
namespaces: {{ . }}
{{- end }}
config: |
{{- required "A valid .Values.configs.clusterCredentials[].config entry is required!" .config | toPrettyJson | nindent 4 }}
{{- end }}

16
charts/argo-cd/templates/argocd-repo-server/deployment.yaml
View file

@ -67,6 +67,9 @@ spec:
value: argocd
{{- end }}
{{- end }}
{{- with .Values.openshift.envFrom }}
envFrom: {{- toYaml . | nindent 8 }}
{{- end }}
volumeMounts:
{{- if .Values.repoServer.volumeMounts }}
{{- toYaml .Values.repoServer.volumeMounts | nindent 8}}
@ -81,6 +84,8 @@ spec:
- mountPath: /app/config/tls
name: tls-certs
{{- end }}
- mountPath: /app/config/reposerver/tls
name: argocd-repo-server-tls
- mountPath: /tmp
name: tmp-dir
ports:
@ -143,6 +148,17 @@ spec:
name: argocd-tls-certs-cm
name: tls-certs
{{- end }}
- name: argocd-repo-server-tls
secret:
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
- key: ca.crt
path: ca.crt
optional: true
secretName: argocd-repo-server-tls
- emptyDir: {}
name: tmp-dir
{{- if .Values.repoServer.initContainers }}

4
charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml
View file

@ -17,7 +17,9 @@ metadata:
spec:
endpoints:
- port: metrics
interval: 30s
{{- with .Values.controller.metrics.serviceMonitor.interval }}
interval: {{ . }}
{{- end }}
path: /metrics
namespaceSelector:
matchNames:

26
charts/argo-cd/templates/argocd-server/deployment.yaml
View file

@ -67,6 +67,9 @@ spec:
{{- if .Values.server.env }}
env:
{{- toYaml .Values.server.env | nindent 8 }}
{{- end }}
{{- with .Values.server.envFrom }}
envFrom: {{- toYaml . | nindent 8 }}
{{- end }}
volumeMounts:
{{- if .Values.server.volumeMounts }}
@ -80,6 +83,13 @@ spec:
- mountPath: /app/config/tls
name: tls-certs
{{- end }}
- mountPath: /app/config/server/tls
name: argocd-repo-server-tls
{{- if .Values.configs.styles }}
- mountPath: "/shared/app/custom/custom.styles.css"
subPath: "custom.styles.css"
name: custom-styles
{{- end }}
ports:
- name: {{ .Values.server.name }}
containerPort: {{ .Values.server.containerPort }}
@ -139,6 +149,11 @@ spec:
{{- end }}
- emptyDir: {}
name: static-files
{{- if .Values.configs.styles }}
- configMap:
name: argocd-custom-styles
name: custom-styles
{{- end }}
{{- if .Values.configs.knownHosts }}
- configMap:
name: argocd-ssh-known-hosts-cm
@ -149,6 +164,17 @@ spec:
name: argocd-tls-certs-cm
name: tls-certs
{{- end }}
- name: argocd-repo-server-tls
secret:
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
- key: ca.crt
path: ca.crt
optional: true
secretName: argocd-repo-server-tls
{{- if .Values.server.priorityClassName }}
priorityClassName: {{ .Values.server.priorityClassName }}
{{- end }}

71
charts/argo-cd/templates/argocd-server/ingress-grpc.yaml
View file

@ -3,11 +3,7 @@
{{- $servicePort := ternary .Values.server.service.servicePortHttps .Values.server.service.servicePortHttp .Values.server.ingressGrpc.https -}}
{{- $paths := .Values.server.ingressGrpc.paths -}}
{{- $extraPaths := .Values.server.ingressGrpc.extraPaths -}}
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
apiVersion: networking.k8s.io/v1beta1
{{ else }}
apiVersion: extensions/v1beta1
{{ end -}}
apiVersion: {{ include "argo-cd.ingress.apiVersion" . }}
kind: Ingress
metadata:
{{- if .Values.server.ingressGrpc.annotations }}
@ -19,41 +15,74 @@ metadata:
name: {{ template "argo-cd.server.fullname" . }}-grpc
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
{{- if .Values.server.ingressGrpc.labels }}
{{- toYaml .Values.server.ingressGrpc.labels | nindent 4 }}
{{- end }}
{{- if .Values.server.ingressGrpc.labels }}
{{- toYaml .Values.server.ingressGrpc.labels | nindent 4 }}
{{- end }}
spec:
{{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }}
{{- with .Values.server.ingress.ingressClassName }}
ingressClassName: {{ . }}
{{- end }}
{{- end }}
rules:
{{- if .Values.server.ingressGrpc.hosts }}
{{- range $host := .Values.server.ingressGrpc.hosts }}
{{- range $host := .Values.server.ingressGrpc.hosts }}
- host: {{ $host }}
http:
paths:
{{- if $extraPaths }}
{{- toYaml $extraPaths | nindent 10 }}
{{- end -}}
{{- range $p := $paths }}
{{- if $extraPaths }}
{{- toYaml $extraPaths | nindent 10 }}
{{- end -}}
{{- range $p := $paths }}
- path: {{ $p }}
{{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }}
pathType: Prefix
{{- end }}
backend:
{{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }}
service:
name: {{ $serviceName }}
port:
{{- if kindIs "float64" $servicePort }}
number: {{ $servicePort }}
{{- else }}
name: {{ $servicePort }}
{{- end }}
{{- else }}
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end -}}
{{- end -}}
{{- end }}
{{- end -}}
{{- end -}}
{{- else }}
- http:
paths:
{{- if $extraPaths }}
{{- toYaml $extraPaths | nindent 10 }}
{{- end -}}
{{- range $p := $paths }}
{{- if $extraPaths }}
{{- toYaml $extraPaths | nindent 10 }}
{{- end -}}
{{- range $p := $paths }}
- path: {{ $p }}
{{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }}
pathType: Prefix
{{- end }}
backend:
{{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }}
service:
name: {{ $serviceName }}
port:
{{- if kindIs "float64" $servicePort }}
number: {{ $servicePort }}
{{- else }}
name: {{ $servicePort }}
{{- end }}
{{- else }}
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end -}}
{{- end }}
{{- end -}}
{{- end -}}
{{- if .Values.server.ingressGrpc.tls }}
tls:
{{- toYaml .Values.server.ingressGrpc.tls | nindent 4 }}
{{- toYaml .Values.server.ingressGrpc.tls | nindent 4 }}
{{- end -}}
{{- end -}}

71
charts/argo-cd/templates/argocd-server/ingress.yaml
View file

@ -3,11 +3,7 @@
{{- $servicePort := ternary .Values.server.service.servicePortHttps .Values.server.service.servicePortHttp .Values.server.ingress.https -}}
{{- $paths := .Values.server.ingress.paths -}}
{{- $extraPaths := .Values.server.ingress.extraPaths -}}
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
apiVersion: networking.k8s.io/v1beta1
{{ else }}
apiVersion: extensions/v1beta1
{{ end -}}
apiVersion: {{ include "argo-cd.ingress.apiVersion" . }}
kind: Ingress
metadata:
{{- if .Values.server.ingress.annotations }}
@ -19,41 +15,74 @@ metadata:
name: {{ template "argo-cd.server.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
{{- if .Values.server.ingress.labels }}
{{- toYaml .Values.server.ingress.labels | nindent 4 }}
{{- end }}
{{- if .Values.server.ingress.labels }}
{{- toYaml .Values.server.ingress.labels | nindent 4 }}
{{- end }}
spec:
{{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }}
{{- with .Values.server.ingress.ingressClassName }}
ingressClassName: {{ . }}
{{- end }}
{{- end }}
rules:
{{- if .Values.server.ingress.hosts }}
{{- range $host := .Values.server.ingress.hosts }}
{{- range $host := .Values.server.ingress.hosts }}
- host: {{ $host }}
http:
paths:
{{- if $extraPaths }}
{{- toYaml $extraPaths | nindent 10 }}
{{- end }}
{{- range $p := $paths }}
{{- if $extraPaths }}
{{- toYaml $extraPaths | nindent 10 }}
{{- end }}
{{- range $p := $paths }}
- path: {{ $p }}
{{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }}
pathType: Prefix
{{- end }}
backend:
{{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }}
service:
name: {{ $serviceName }}
port:
{{- if kindIs "float64" $servicePort }}
number: {{ $servicePort }}
{{- else }}
name: {{ $servicePort }}
{{- end }}
{{- else }}
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end -}}
{{- end -}}
{{- end }}
{{- end -}}
{{- end -}}
{{- else }}
- http:
paths:
{{- if $extraPaths }}
{{- toYaml $extraPaths | nindent 10 }}
{{- end }}
{{- range $p := $paths }}
{{- if $extraPaths }}
{{- toYaml $extraPaths | nindent 10 }}
{{- end }}
{{- range $p := $paths }}
- path: {{ $p }}
{{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }}
pathType: Prefix
{{- end }}
backend:
{{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }}
service:
name: {{ $serviceName }}
port:
{{- if kindIs "float64" $servicePort }}
number: {{ $servicePort }}
{{- else }}
name: {{ $servicePort }}
{{- end }}
{{- else }}
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end -}}
{{- end }}
{{- end -}}
{{- end -}}
{{- if .Values.server.ingress.tls }}
tls:
{{- toYaml .Values.server.ingress.tls | nindent 4 }}
{{- toYaml .Values.server.ingress.tls | nindent 4 }}
{{- end -}}
{{- end -}}

3
charts/argo-cd/templates/argocd-server/service.yaml
View file

@ -44,3 +44,6 @@ spec:
{{ toYaml .Values.server.service.loadBalancerSourceRanges | indent 4 }}
{{- end }}
{{- end -}}
{{- with .Values.server.service.externalTrafficPolicy }}
externalTrafficPolicy: {{ . }}
{{- end }}

4
charts/argo-cd/templates/argocd-server/servicemonitor.yaml
View file

@ -17,7 +17,9 @@ metadata:
spec:
endpoints:
- port: metrics
interval: 30s
{{- with .Values.controller.metrics.serviceMonitor.interval }}
interval: {{ . }}
{{- end }}
path: /metrics
namespaceSelector:
matchNames:

3
charts/argo-cd/templates/dex/deployment.yaml
View file

@ -62,6 +62,9 @@ spec:
{{- if .Values.dex.env }}
env:
{{- toYaml .Values.dex.env | nindent 8 }}
{{- end }}
{{- with .Values.dex.envFrom }}
envFrom: {{- toYaml . | nindent 8 }}
{{- end }}
ports:
- name: http

2
charts/argo-cd/templates/dex/serviceaccount.yaml
View file

@ -1,4 +1,4 @@
{{- if .Values.dex.serviceAccount.create }}
{{- if and .Values.dex.enabled .Values.dex.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: {{ .Values.dex.serviceAccount.automountServiceAccountToken }}

4
charts/argo-cd/templates/dex/servicemonitor.yaml
View file

@ -17,7 +17,9 @@ metadata:
spec:
endpoints:
- port: metrics
interval: 30s
{{- with .Values.controller.metrics.serviceMonitor.interval }}
interval: {{ . }}
{{- end }}
path: /metrics
namespaceSelector:
matchNames:

8
charts/argo-cd/templates/redis/deployment.yaml
View file

@ -41,14 +41,20 @@ spec:
- ""
- --appendonly
- "no"
{{- with .Values.redis.extraArgs }}
{{- . | toYaml | nindent 8 }}
{{- end }}
image: {{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }}
imagePullPolicy: {{ .Values.redis.image.imagePullPolicy}}
{{- if .Values.redis.containerSecurityContext }}
securityContext: {{- toYaml .Values.redis.containerSecurityContext | nindent 10 }}
{{- end }}
{{- end }}
{{- if .Values.redis.env }}
env:
{{- toYaml .Values.redis.env | nindent 8 }}
{{- end }}
{{- with .Values.redis.envFrom }}
envFrom: {{- toYaml . | nindent 8 }}
{{- end }}
ports:
- containerPort: {{ .Values.redis.containerPort }}

113
charts/argo-cd/values.yaml
View file

@ -9,8 +9,8 @@ installCRDs: true
global:
image:
repository: argoproj/argocd
tag: v2.0.0
repository: quay.io/argoproj/argocd
tag: v2.0.1
imagePullPolicy: IfNotPresent
securityContext: {}
# runAsUser: 999
@ -27,8 +27,8 @@ controller:
name: application-controller
image:
repository: # argoproj/argocd
tag: # v1.7.11
repository: # defaults to global.image.repository
tag: # defaults to global.image.tag
imagePullPolicy: # IfNotPresent
# If changing the number of replicas you must pass the number as ARGOCD_CONTROLLER_REPLICAS as an environment variable
@ -61,6 +61,14 @@ controller:
# - name: "ARGOCD_CONTROLLER_REPLICAS"
# value: ""
## envFrom to pass to argocd-controller
##
envFrom: []
# - configMapRef:
# name: config-map-name
# - secretRef:
# name: secret-name
## Annotations to be added to controller pods
##
podAnnotations: {}
@ -143,6 +151,7 @@ controller:
servicePort: 8082
serviceMonitor:
enabled: false
interval: 30s
# selector:
# prometheus: kube-prometheus
# namespace: monitoring
@ -183,6 +192,13 @@ controller:
## Enable if you would like to grant rights to ArgoCD to deploy to the local Kubernetes cluster.
clusterAdminAccess:
enabled: true
## Enable Custom Rules for the Application Controller's Cluster Role resource
## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource.
## Defaults to off
clusterRoleRules:
enabled: false
rules: []
## Dex
dex:
@ -196,6 +212,7 @@ dex:
labels: {}
serviceMonitor:
enabled: false
interval: 30s
image:
repository: quay.io/dexidp/dex
@ -210,6 +227,13 @@ dex:
##
env: []
## envFrom to pass to the Dex server
envFrom: []
# - configMapRef:
# name: config-map-name
# - secretRef:
# name: secret-name
## Annotations to be added to the Dex server pods
##
podAnnotations: {}
@ -276,9 +300,15 @@ redis:
image:
repository: redis
tag: 5.0.10-alpine
tag: 6.2.2-alpine
imagePullPolicy: IfNotPresent
## Additional command line arguments to pass to redis-server
##
extraArgs: []
# - --bind
# - "0.0.0.0"
containerPort: 6379
servicePort: 6379
@ -286,6 +316,14 @@ redis:
##
env: []
## envFrom to pass to the Redis server
##
envFrom: []
# - configMapRef:
# name: config-map-name
# - secretRef:
# name: secret-name
## Annotations to be added to the Redis server pods
##
podAnnotations: {}
@ -347,7 +385,7 @@ redis-ha:
metrics:
enabled: true
image:
tag: 5.0.8-alpine
tag: 6.2.2-alpine
## Server
server:
@ -363,8 +401,8 @@ server:
targetMemoryUtilizationPercentage: 50
image:
repository: # argoproj/argocd
tag: # v1.7.11
repository: # defaults to global.image.repository
tag: # defaults to global.image.tag
imagePullPolicy: # IfNotPresent
## Additional command line arguments to pass to argocd-server
@ -376,6 +414,14 @@ server:
##
env: []
## envFrom to pass to argocd-server
##
envFrom: []
# - configMapRef:
# name: config-map-name
# - secretRef:
# name: secret-name
## Specify postStart and preStop lifecycle hooks for your argo-cd-server container
##
lifecycle: {}
@ -466,6 +512,7 @@ server:
loadBalancerIP: ""
loadBalancerSourceRanges: []
externalIPs: []
externalTrafficPolicy: ""
## Server metrics service configuration
metrics:
@ -476,6 +523,7 @@ server:
servicePort: 8083
serviceMonitor:
enabled: false
interval: 30s
# selector:
# prometheus: kube-prometheus
# namespace: monitoring
@ -493,6 +541,7 @@ server:
enabled: false
annotations: {}
labels: {}
ingressClassName: ""
## Argo Ingress.
## Hostnames must be provided if Ingress is enabled.
@ -521,6 +570,7 @@ server:
enabled: false
annotations: {}
labels: {}
ingressClassName: ""
## Argo Ingress.
## Hostnames must be provided if Ingress is enabled.
@ -731,8 +781,8 @@ repoServer:
targetMemoryUtilizationPercentage: 50
image:
repository: # argoproj/argocd
tag: # v1.7.11
repository: # defaults to global.image.repository
tag: # defaults to global.image.tag
imagePullPolicy: # IfNotPresent
## Additional command line arguments to pass to argocd-repo-server
@ -743,6 +793,14 @@ repoServer:
##
env: []
## envFrom to pass to argocd-repo-server
##
envFrom: []
# - configMapRef:
# name: config-map-name
# - secretRef:
# name: secret-name
## Argo repoServer log format: text|json
logFormat: text
## Argo repoServer log level
@ -822,6 +880,7 @@ repoServer:
servicePort: 8084
serviceMonitor:
enabled: false
interval: 30s
# selector:
# prometheus: kube-prometheus
# namespace: monitoring
@ -872,6 +931,31 @@ repoServer:
## Argo Configs
configs:
## External Cluster Credentials
## reference:
## - https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#clusters
## - https://argoproj.github.io/argo-cd/operator-manual/security/#external-cluster-credentials
clusterCredentials: []
# - name: mycluster
# server: https://mycluster.com
# labels: {}
# annotations: {}
# config:
# bearerToken: "<authentication token>"
# tlsClientConfig:
# insecure: false
# caData: "<base64 encoded certificate>"
# - name: mycluster2
# server: https://mycluster2.com
# labels: {}
# annotations: {}
# namespaces: namespace1,namespace2
# config:
# bearerToken: "<authentication token>"
# tlsClientConfig:
# insecure: false
# caData: "<base64 encoded certificate>"
knownHostsAnnotations: {}
knownHosts:
data:
@ -975,9 +1059,16 @@ configs:
# Argo expects the password in the secret to be bcrypt hashed. You can create this hash with
# `htpasswd -nbBC 10 "" $ARGO_PWD | tr -d ':\n' | sed 's/$2y/$2a/'`
# argocdServerAdminPassword:
# argocdServerAdminPassword: ""
# Password modification time defaults to current time if not set
# argocdServerAdminPasswordMtime: "2006-01-02T15:04:05Z"
## Custom CSS Styles
## Reference: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/
# styles: |
# .nav-bar {
# background: linear-gradient(to bottom, #999, #777, #333, #222, #111);
# }
openshift:
enabled: false

11
charts/argo-ci/Chart.yaml
View file

@ -1,11 +0,0 @@
apiVersion: v1
description: A Helm chart for Argo-CI
name: argo-ci
version: 0.1.7
icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
appVersion: v1.0.0-alpha2
home: https://github.com/argoproj/argo-helm
maintainers:
- name: alexec
- name: alexmt
- name: jessesuen

3
charts/argo-ci/README.md
View file

@ -1,3 +0,0 @@
# Argo CI Chart
This is a **community maintained** chart.

6
charts/argo-ci/requirements.lock
View file

@ -1,6 +0,0 @@
dependencies:
- name: argo
repository: https://argoproj.github.io/argo-helm
version: 0.2.1
digest: sha256:af0f837200061b1720c0e05168dfc4a9537582f3004de62eeb5ef01b4c78db64
generated: 2018-10-23T14:50:47.570677461-07:00

4
charts/argo-ci/requirements.yaml
View file

@ -1,4 +0,0 @@
dependencies:
- name: argo
version: 0.2.1
repository: https://argoproj.github.io/argo-helm

0
charts/argo-ci/templates/NOTES.txt
View file

16
charts/argo-ci/templates/_helpers.tpl
View file

@ -1,16 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "fullname" -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}

39
charts/argo-ci/templates/ci-deployment.yaml
View file

@ -1,39 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Release.Name }}-ci
labels:
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
selector:
matchLabels:
app: {{ .Release.Name }}-ci
release: {{ .Release.Name }}
template:
metadata:
labels:
app: {{ .Release.Name }}-ci
release: {{ .Release.Name }}
spec:
containers:
- name: ci
image: "{{ .Values.imageNamespace }}/{{ .Values.ciImage }}:{{ .Values.imageTag }}"
imagePullPolicy: {{ .Values.imagePullPolicy }}
env:
- name: IN_CLUSTER
value: "true"
- name: NAMESPACE
value: {{ .Values.workflowNamespace }}
- name: ARGO_CI_IMAGE
value: "{{ .Values.imageNamespace }}/{{ .Values.ciImage }}:{{ .Values.imageTag }}"
- name: CONTROLLER_INSTANCE_ID
value: {{ .Release.Name }}
ports:
- containerPort: 8001
- containerPort: 8002
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}

17
charts/argo-ci/templates/ci-service.yaml
View file

@ -1,17 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: {{ .Release.Name }}-ci
labels:
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
ports:
- port: 80
protocol: TCP
targetPort: 8001
selector:
app: {{ .Release.Name }}-ci
sessionAffinity: None
type: LoadBalancer

14
charts/argo-ci/values.yaml
View file

@ -1,14 +0,0 @@
imageNamespace: argoproj
ciImage: argoci
imageTag: v1.0.0-alpha2
imagePullPolicy: Always
# Secrets with credentials to pull images from a private registry
imagePullSecrets: []
# - name: argo-pull-secret
workflowNamespace: default
argo:
imagesNamespace: argoproj
installMinio: true
minioBucketName: argo-artifacts
useReleaseAsInstanceID: true

4
charts/argo-events/Chart.yaml
View file

@ -1,7 +1,7 @@
apiVersion: v2
description: A Helm chart to install Argo-Events in k8s Cluster
name: argo-events
version: 1.2.4
version: 1.4.2
keywords:
- argo-events
- sensor-controller
@ -12,6 +12,6 @@ sources:
maintainers:
- name: VaibhavPage
- name: whynowy
appVersion: 1.2.3
appVersion: 1.3.1
icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
home: https://github.com/argoproj/argo-helm

3
charts/argo-events/ci/test-values.yaml
View file

@ -1,6 +1,3 @@
serviceAccount: argo-events-sa-test
additionalSaNamespaces:
- nsone
- nstwo
instanceID: test-argo-events
singleNamespace: false

3
charts/argo-events/templates/argo-events-cluster-roles.yaml
View file

@ -47,10 +47,13 @@ rules:
- workflowtemplates/finalizers
- sensors
- sensors/finalizers
- sensors/status
- eventsources
- eventsources/finalizers
- eventsources/status
- eventbus
- eventbus/finalizers
- eventbus/status
- apiGroups:
- ""
resources:

3
charts/argo-events/templates/argo-events-roles.yaml
View file

@ -49,10 +49,13 @@ rules:
- workflowtemplates/finalizers
- sensors
- sensors/finalizers
- sensors/status
- eventsources
- eventsources/finalizers
- eventsources/status
- eventbus
- eventbus/finalizers
- eventbus/status
- apiGroups:
- ""
resources:

9
charts/argo-events/templates/eventbus-controller-deployment.yaml
View file

@ -18,6 +18,12 @@ spec:
labels:
app: {{ .Release.Name }}-{{ .Values.eventbusController.name }}
release: {{ .Release.Name }}
{{- with .Values.eventbusController.podLabels }}
{{- tpl (toYaml .) $ | nindent 8 }}
{{- end }}
{{- with .Values.eventbusController.podAnnotations }}
annotations: {{- toYaml . | nindent 8 }}
{{- end }}
spec:
serviceAccountName: {{ .Values.serviceAccount }}
containers:
@ -49,6 +55,9 @@ spec:
port: 8081
initialDelaySeconds: 3
periodSeconds: 3
{{- with .Values.eventbusController.priorityClassName }}
priorityClassName: {{ . | quote }}
{{- end }}
{{- with .Values.securityContext }}
securityContext: {{- toYaml . | nindent 8 }}
{{- end }}

9
charts/argo-events/templates/eventsource-controller-deployment.yaml
View file

@ -18,6 +18,12 @@ spec:
labels:
app: {{ .Release.Name }}-{{ .Values.eventsourceController.name }}
release: {{ .Release.Name }}
{{- with .Values.eventsourceController.podLabels }}
{{- tpl (toYaml .) $ | nindent 8 }}
{{- end }}
{{- with .Values.eventsourceController.podAnnotations }}
annotations: {{- toYaml . | nindent 8 }}
{{- end }}
spec:
serviceAccountName: {{ .Values.serviceAccount }}
containers:
@ -47,6 +53,9 @@ spec:
port: 8081
initialDelaySeconds: 3
periodSeconds: 3
{{- with .Values.eventsourceController.priorityClassName }}
priorityClassName: {{ . | quote }}
{{- end }}
{{- with .Values.securityContext }}
securityContext: {{- toYaml . | nindent 8 }}
{{- end }}

9
charts/argo-events/templates/sensor-controller-deployment.yaml
View file

@ -18,6 +18,12 @@ spec:
labels:
app: {{ .Release.Name }}-{{ .Values.sensorController.name }}
release: {{ .Release.Name }}
{{- with .Values.sensorController.podLabels }}
{{- tpl (toYaml .) $ | nindent 8 }}
{{- end }}
{{- with .Values.sensorController.podAnnotations }}
annotations: {{- toYaml . | nindent 8 }}
{{- end }}
spec:
serviceAccountName: {{ .Values.serviceAccount }}
containers:
@ -47,6 +53,9 @@ spec:
port: 8081
initialDelaySeconds: 3
periodSeconds: 3
{{- with .Values.sensorController.priorityClassName }}
priorityClassName: {{ . | quote }}
{{- end }}
{{- with .Values.securityContext }}
securityContext: {{- toYaml . | nindent 8 }}
{{- end }}

21
charts/argo-events/values.yaml
View file

@ -45,30 +45,39 @@ singleNamespace: true
sensorController:
name: sensor-controller
image: sensor-controller
tag: v1.2.3
tag: v1.3.1
replicaCount: 1
sensorImage: sensor
podAnnotations: {}
nodeSelector: {}
tolerations: {}
podLabels: {}
priorityClassName: ""
tolerations: []
affinity: {}
eventsourceController:
name: eventsource-controller
image: eventsource-controller
tag: v1.2.3
tag: v1.3.1
replicaCount: 1
eventsourceImage: eventsource
podAnnotations: {}
nodeSelector: {}
tolerations: {}
podLabels: {}
priorityClassName: ""
tolerations: []
affinity: {}
eventbusController:
name: eventbus-controller
image: eventbus-controller
tag: v1.2.3
tag: v1.3.1
replicaCount: 1
podAnnotations: {}
nodeSelector: {}
tolerations: {}
podLabels: {}
priorityClassName: ""
tolerations: []
affinity: {}
natsStreamingImage: nats-streaming:0.17.0
natsMetricsExporterImage: synadia/prometheus-nats-exporter:0.6.2

2
charts/argo-rollouts/Chart.yaml
View file

@ -2,7 +2,7 @@ apiVersion: v1
appVersion: "0.10.2"
description: A Helm chart for Argo Rollouts
name: argo-rollouts
version: 0.5.0
version: 0.5.3
icon: https://raw.githubusercontent.com/argoproj/argo/master/argo.png
home: https://github.com/argoproj/argo-helm
maintainers:

1
charts/argo-rollouts/templates/argo-rollouts-clusterrole.yaml
View file

@ -130,6 +130,7 @@ rules:
- networking.istio.io
resources:
- virtualservices
- destinationrules
verbs:
- watch
- get

4
charts/argo-rollouts/templates/argo-rollouts-deployment.yaml
View file

@ -38,6 +38,10 @@ spec:
imagePullPolicy: {{ .Values.controller.image.pullPolicy }}
name: {{ .Values.controller.name }}
resources:
{{- toYaml .Values.controller.resources | nindent 10 }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
resources:
{{- toYaml .Values.controller.resources | nindent 10 }}
{{- if .Values.controller.nodeSelector }}
nodeSelector:

1
charts/argo-rollouts/templates/crds/analysis-run-crd.yaml
View file

@ -17,6 +17,7 @@ spec:
shortNames:
- ar
singular: analysisrun
preserveUnknownFields: false
scope: Namespaced
versions:
- additionalPrinterColumns:

1
charts/argo-rollouts/templates/crds/analysis-template-crd.yaml
View file

@ -17,6 +17,7 @@ spec:
shortNames:
- at
singular: analysistemplate
preserveUnknownFields: false
scope: Namespaced
versions:
- name: v1alpha1

1
charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml
View file

@ -17,6 +17,7 @@ spec:
shortNames:
- cat
singular: clusteranalysistemplate
preserveUnknownFields: false
scope: Cluster
versions:
- name: v1alpha1

1
charts/argo-rollouts/templates/crds/experiment-crd.yaml
View file

@ -17,6 +17,7 @@ spec:
shortNames:
- exp
singular: experiment
preserveUnknownFields: false
scope: Namespaced
versions:
- additionalPrinterColumns:

1
charts/argo-rollouts/templates/crds/rollout-crd.yaml
View file

@ -17,6 +17,7 @@ spec:
shortNames:
- ro
singular: rollout
preserveUnknownFields: false
scope: Namespaced
versions:
- additionalPrinterColumns:

0
charts/argo-ci/.helmignore → charts/argo-workflows/.helmignore
View file

15
charts/argo-workflows/Chart.yaml Normal file
View file

@ -0,0 +1,15 @@
apiVersion: v2
name: argo-workflows
description: A Helm chart for Argo Workflows
type: application
version: 0.1.2
appVersion: "v3.0.2"
icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png
home: https://github.com/argoproj/argo-helm
sources:
- https://github.com/argoproj/argo-workflows
maintainers:
- name: alexec
- name: alexmt
- name: jessesuen
- name: benjaminws

48
charts/argo-workflows/README.md Normal file
View file

@ -0,0 +1,48 @@
# Argo Workflows Chart
This is a **community maintained** chart. It is used to set up argo and it's needed dependencies through one command. This is used in conjunction with [helm](https://github.com/kubernetes/helm).
If you want your deployment of this helm chart to most closely match the [argo CLI](https://github.com/argoproj/argo-workflows), you should deploy it in the `kube-system` namespace.
## Pre-Requisites
This chart uses an install hook to configure the CRD definition. Installation of CRDs is a somewhat privileged process in itself and in RBAC enabled clusters the `default` service account for namespaces does not typically have the ability to do create these.
A few options are:
- Manually create a ServiceAccount in the Namespace which your release will be deployed w/ appropriate bindings to perform this action and set the `init.serviceAccount` attribute
- Augment the `default` ServiceAccount permissions in the Namespace in which your Release is deployed to have the appropriate permissions
## Usage Notes
This chart defaults to setting the `controller.instanceID.enabled` to `false` now, which means the deployed controller will act upon any workflow deployed to the cluster. If you would like to limit the behavior and deploy multiple workflow controllers, please use the `controller.instanceID.enabled` attribute along with one of it's configuration options to set the `instanceID` of the workflow controller to be properly scoped for your needs.
## Values
The `values.yaml` contains items used to tweak a deployment of this chart.
Fields to note:
- `controller.instanceID.enabled`: If set to true, the Argo Controller will **ONLY** monitor Workflow submissions with a `--instanceid` attribute
- `controller.instanceID.useReleaseName`: If set to true then chart set controller instance id to release name
- `controller.instanceID.explicitID`: Allows customization of an instance id for the workflow controller to monitor
- `controller.workflowNamespaces`: This is a list of namespaces where workflows will be ran
## Breaking changes from the deprecated `argo` chart
1. the `installCRD` value has been removed. CRDs are now only installed from the conventional crds/ directory
1. the CRDs were updated to `apiextensions.k8s.io/v1`
1. the container image registry/project/tag format was changed to be more in line with the more common
```yaml
image:
registry: quay.io
repository: argoproj/argocli
tag: v3.0.1
```
this also makes it easier for automatic update tooling (eg. renovate bot) to detect and update images.
1. switched to quay.io as the default registry for all images
1. removed any included usage of Minio
1. aligned the configuration of serviceAccounts with the argo-cd chart, ie: what used to be `server.createServiceAccount` is now `server.serviceAccount.create`
1. moved the previously known as `telemetryServicePort` inside the `telemetryConfig` as `telemetryConfig.servicePort` - same for `metricsConfig`

5
charts/argo-workflows/ci/enable-ingress-values.yaml Normal file
View file

@ -0,0 +1,5 @@
server:
ingress:
enabled: true
hosts:
- argo-workflows.127.0.0.1.xip.io

7
charts/argo-workflows/ci/enable-metrics-values.yaml Normal file
View file

@ -0,0 +1,7 @@
controller:
serviceMonitor:
enabled: false
metricsConfig:
enabled: true
telemetryConfig:
enabled: true

5
charts/argo-workflows/ci/enable-rbac-values.yaml Normal file
View file

@ -0,0 +1,5 @@
workflow:
serviceAccount:
create: true # Specifies whether a service account should be created
rbac:
create: true # adds Role and RoleBinding for the above specified service account to be able to run workflows

24
charts/argo/crds/cluster-workflow-template-crd.yaml → charts/argo-workflows/crds/argoproj.io_clusterworkflowtemplates.yaml
View file

@ -1,14 +1,9 @@
apiVersion: apiextensions.k8s.io/v1beta1
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: clusterworkflowtemplates.argoproj.io
annotations:
helm.sh/hook: crd-install
helm.sh/hook-delete-policy: before-hook-creation
spec:
group: argoproj.io
version: v1alpha1
scope: Cluster
names:
kind: ClusterWorkflowTemplate
listKind: ClusterWorkflowTemplateList
@ -17,7 +12,24 @@ spec:
- clusterwftmpl
- cwft
singular: clusterworkflowtemplate
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
type: string
kind:
type: string
metadata:
type: object
spec:
type: object
x-kubernetes-preserve-unknown-fields: true
required:
- metadata
- spec
type: object
served: true
storage: true

38
charts/argo-workflows/crds/argoproj.io_cronworkflows.yaml Normal file
View file

@ -0,0 +1,38 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: cronworkflows.argoproj.io
spec:
group: argoproj.io
names:
kind: CronWorkflow
listKind: CronWorkflowList
plural: cronworkflows
shortNames:
- cwf
- cronwf
singular: cronworkflow
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
type: string
kind:
type: string
metadata:
type: object
spec:
type: object
x-kubernetes-preserve-unknown-fields: true
status:
type: object
x-kubernetes-preserve-unknown-fields: true
required:
- metadata
- spec
type: object
served: true
storage: true

34
charts/argo-workflows/crds/argoproj.io_workfloweventbindings.yaml Normal file
View file

@ -0,0 +1,34 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: workfloweventbindings.argoproj.io
spec:
group: argoproj.io
names:
kind: WorkflowEventBinding
listKind: WorkflowEventBindingList
plural: workfloweventbindings
shortNames:
- wfeb
singular: workfloweventbinding
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
type: string
kind:
type: string
metadata:
type: object
spec:
type: object
x-kubernetes-preserve-unknown-fields: true
required:
- metadata
- spec
type: object
served: true
storage: true

48
charts/argo-workflows/crds/argoproj.io_workflows.yaml Normal file
View file

@ -0,0 +1,48 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: workflows.argoproj.io
spec:
group: argoproj.io
names:
kind: Workflow
listKind: WorkflowList
plural: workflows
shortNames:
- wf
singular: workflow
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Status of the workflow
jsonPath: .status.phase
name: Status
type: string
- description: When the workflow was started
format: date-time
jsonPath: .status.startedAt
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
type: string
kind:
type: string
metadata:
type: object
spec:
type: object
x-kubernetes-preserve-unknown-fields: true
status:
type: object
x-kubernetes-preserve-unknown-fields: true
required:
- metadata
- spec
type: object
served: true
storage: true
subresources: {}

34
charts/argo-workflows/crds/argoproj.io_workflowtemplates.yaml Normal file
View file

@ -0,0 +1,34 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: workflowtemplates.argoproj.io
spec:
group: argoproj.io
names:
kind: WorkflowTemplate
listKind: WorkflowTemplateList
plural: workflowtemplates
shortNames:
- wftmpl
singular: workflowtemplate
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
type: string
kind:
type: string
metadata:
type: object
spec:
type: object
x-kubernetes-preserve-unknown-fields: true
required:
- metadata
- spec
type: object
served: true
storage: true

7
charts/argo-workflows/templates/NOTES.txt Normal file
View file

@ -0,0 +1,7 @@
1. Get Argo Server external IP/domain by running:
kubectl --namespace {{ .Release.Namespace }} get services -o wide | grep {{ .Release.Name }}-{{ .Values.server.name }}
2. Submit the hello-world workflow by running:
argo submit https://raw.githubusercontent.com/argoproj/argo-workflows/master/examples/hello-world.yaml --watch

96
charts/argo-workflows/templates/_helpers.tpl Normal file
View file

@ -0,0 +1,96 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Create argo workflows server name and version as used by the chart label.
*/}}
{{- define "argo-workflows.server.fullname" -}}
{{- printf "%s-%s" (include "argo-workflows.fullname" .) .Values.server.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create controller name and version as used by the chart label.
*/}}
{{- define "argo-workflows.controller.fullname" -}}
{{- printf "%s-%s" (include "argo-workflows.fullname" .) .Values.controller.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Expand the name of the chart.
*/}}
{{- define "argo-workflows.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "argo-workflows.fullname" -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "argo-workflows.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Common labels
*/}}
{{- define "argo-workflows.labels" -}}
helm.sh/chart: {{ include "argo-workflows.chart" .context }}
{{ include "argo-workflows.selectorLabels" (dict "context" .context "component" .component "name" .name) }}
app.kubernetes.io/managed-by: {{ .context.Release.Service }}
app.kubernetes.io/part-of: argo-workflows
{{- end }}
{{/*
Selector labels
*/}}
{{- define "argo-workflows.selectorLabels" -}}
{{- if .name -}}
app.kubernetes.io/name: {{ include "argo-workflows.name" .context }}-{{ .name }}
{{ end -}}
app.kubernetes.io/instance: {{ .context.Release.Name }}
{{- if .component }}
app.kubernetes.io/component: {{ .component }}
{{- end }}
{{- end }}
{{/*
Create the name of the server service account to use
*/}}
{{- define "argo-workflows.serverServiceAccountName" -}}
{{- if .Values.server.serviceAccount.create -}}
{{ default (include "argo-workflows.fullname" .) .Values.server.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.server.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create the name of the controller service account to use
*/}}
{{- define "argo-workflows.controllerServiceAccountName" -}}
{{- if .Values.controller.serviceAccount.create -}}
{{ default (include "argo-workflows.fullname" .) .Values.controller.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.controller.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for ingress
*/}}
{{- define "argo-workflows.ingress.apiVersion" -}}
{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.Version -}}
{{- print "extensions/v1beta1" -}}
{{- else if semverCompare "<1.19-0" .Capabilities.KubeVersion.Version -}}
{{- print "networking.k8s.io/v1beta1" -}}
{{- else -}}
{{- print "networking.k8s.io/v1" -}}
{{- end -}}
{{- end -}}

12
charts/argo/templates/workflow-aggregate-roles.yaml → charts/argo-workflows/templates/controller/workflow-aggregate-roles.yaml
View file

@ -5,7 +5,7 @@ metadata:
annotations:
helm.sh/hook: pre-install
helm.sh/hook-delete-policy: before-hook-creation
name: argo-aggregate-to-view
name: argo-workflows-aggregate-to-view
labels:
rbac.authorization.k8s.io/aggregate-to-view: "true"
rules:
@ -14,6 +14,8 @@ rules:
resources:
- workflows
- workflows/finalizers
- workfloweventbindings
- workfloweventbindings/finalizers
- workflowtemplates
- workflowtemplates/finalizers
- cronworkflows
@ -31,7 +33,7 @@ metadata:
annotations:
helm.sh/hook: pre-install
helm.sh/hook-delete-policy: before-hook-creation
name: argo-aggregate-to-edit
name: argo-workflows-aggregate-to-edit
labels:
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rules:
@ -40,6 +42,8 @@ rules:
resources:
- workflows
- workflows/finalizers
- workfloweventbindings
- workfloweventbindings/finalizers
- workflowtemplates
- workflowtemplates/finalizers
- cronworkflows
@ -62,7 +66,7 @@ metadata:
annotations:
helm.sh/hook: pre-install
helm.sh/hook-delete-policy: before-hook-creation
name: argo-aggregate-to-admin
name: argo-workflows-aggregate-to-admin
labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rules:
@ -71,6 +75,8 @@ rules:
resources:
- workflows
- workflows/finalizers
- workfloweventbindings
- workfloweventbindings/finalizers
- workflowtemplates
- workflowtemplates/finalizers
- cronworkflows

6
charts/argo/templates/workflow-controller-cluster-roles.yaml → charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml
View file

@ -5,7 +5,9 @@ kind: Role
kind: ClusterRole
{{- end }}
metadata:
name: {{ .Release.Name }}-{{ .Values.controller.name }}
name: {{ template "argo-workflows.controller.fullname" . }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
rules:
- apiGroups:
- ""
@ -128,7 +130,6 @@ rules:
- patch
- delete
{{- if not .Values.singleNamespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
@ -144,4 +145,3 @@ rules:
- get
- list
- watch
{{- end }}

16
charts/argo/templates/workflow-controller-config-map.yaml → charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml
View file

@ -1,11 +1,9 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}-{{ .Values.controller.name }}-configmap
name: {{ template "argo-workflows.controller.fullname" . }}-configmap
labels:
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" "cm") | nindent 4 }}
data:
config: |
{{- if .Values.controller.instanceID.enabled }}
@ -31,7 +29,7 @@ data:
securityContext: {{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- if or .Values.minio.install .Values.useDefaultArtifactRepo }}
{{- if .Values.useDefaultArtifactRepo }}
artifactRepository:
{{- if .Values.artifactRepository.archiveLogs }}
archiveLogs: {{ .Values.artifactRepository.archiveLogs }}
@ -44,13 +42,13 @@ data:
{{- if .Values.useStaticCredentials }}
accessKeySecret:
key: {{ .Values.artifactRepository.s3.accessKeySecret.key }}
name: {{ .Values.artifactRepository.s3.accessKeySecret.name | default (printf "%s-%s" .Release.Name "minio") }}
name: {{ .Values.artifactRepository.s3.accessKeySecret.name }}
secretKeySecret:
key: {{ .Values.artifactRepository.s3.secretKeySecret.key }}
name: {{ .Values.artifactRepository.s3.secretKeySecret.name | default (printf "%s-%s" .Release.Name "minio") }}
name: {{ .Values.artifactRepository.s3.secretKeySecret.name }}
{{- end }}
bucket: {{ .Values.artifactRepository.s3.bucket | default .Values.minio.defaultBucket.name }}
endpoint: {{ .Values.artifactRepository.s3.endpoint | default (printf "%s-%s" .Release.Name "minio:9000") }}
bucket: {{ .Values.artifactRepository.s3.bucket }}
endpoint: {{ .Values.artifactRepository.s3.endpoint }}
insecure: {{ .Values.artifactRepository.s3.insecure }}
{{- if .Values.artifactRepository.s3.keyFormat }}
keyFormat: {{ .Values.artifactRepository.s3.keyFormat | quote }}

20
charts/argo/templates/workflow-controller-crb.yaml → charts/argo-workflows/templates/controller/workflow-controller-crb.yaml
View file

@ -5,7 +5,9 @@ kind: RoleBinding
kind: ClusterRoleBinding
{{- end }}
metadata:
name: {{ .Release.Name }}-{{ .Values.controller.name }}
name: {{ template "argo-workflows.controller.fullname" . }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
{{- if .Values.singleNamespace }}
@ -13,13 +15,13 @@ roleRef:
{{ else }}
kind: ClusterRole
{{- end }}
name: {{ .Release.Name }}-{{ .Values.controller.name }}
name: {{ template "argo-workflows.controller.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ .Values.controller.serviceAccount }}
name: {{ template "argo-workflows.controllerServiceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- if .Values.controller.workflowNamespaces }}
{{- $uiServiceAccount := .Values.controller.serviceAccount }}
{{- $uiServiceAccount := (include "argo-workflows.controllerServiceAccountName" .) }}
{{- $namespace := .Release.Namespace }}
{{- range $key := .Values.controller.workflowNamespaces }}
{{- if not (eq $key $namespace) }}
@ -30,18 +32,18 @@ subjects:
{{- end }}
{{- end }}
{{- if not .Values.singleNamespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ .Release.Name }}-{{ .Values.controller.name }}-cluster-template
name: {{ template "argo-workflows.controller.fullname" . }}-cluster-template
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ .Release.Name }}-{{ .Values.controller.name }}-cluster-template
name: {{ template "argo-workflows.controller.fullname" . }}-cluster-template
subjects:
- kind: ServiceAccount
name: {{ .Values.controller.serviceAccount }}
name: {{ template "argo-workflows.controllerServiceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}

10
charts/argo/templates/workflow-controller-deployment-pdb.yaml → charts/argo-workflows/templates/controller/workflow-controller-deployment-pdb.yaml
View file

@ -2,12 +2,9 @@
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
name: {{ .Release.Name }}-{{ .Values.controller.name}}
name: {{ template "argo-workflows.controller.fullname" . }}
labels:
app: {{ .Release.Name }}-{{ .Values.controller.name}}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
spec:
{{- if .Values.controller.pdb.minAvailable }}
minAvailable: {{ .Values.controller.pdb.minAvailable }}
@ -18,6 +15,5 @@ spec:
{{- end }}
selector:
matchLabels:
app: {{ .Release.Name }}-{{ .Values.controller.name}}
release: {{ .Release.Name }}
{{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }}
{{- end }}

104
charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml Normal file
View file

@ -0,0 +1,104 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "argo-workflows.controller.fullname" . }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.controller.image.tag | quote }}
spec:
replicas: {{ .Values.controller.replicas }}
selector:
matchLabels:
{{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }}
template:
metadata:
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 8 }}
app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.controller.image.tag | quote }}
{{- with.Values.controller.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.controller.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
serviceAccountName: {{ template "argo-workflows.controllerServiceAccountName" . }}
{{- with .Values.controller.podSecurityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: controller
image: "{{ .Values.controller.image.registry }}/{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.images.pullPolicy }}
command: [ "workflow-controller" ]
args:
- "--configmap"
- "{{ template "argo-workflows.controller.fullname" . }}-configmap"
- "--executor-image"
- "{{ .Values.executor.image.registry }}/{{ .Values.executor.image.repository }}:{{ .Values.executor.image.tag | default .Chart.AppVersion }}"
- "--loglevel"
- "{{ .Values.controller.logging.level }}"
- "--gloglevel"
- "{{ .Values.controller.logging.globallevel }}"
{{- if .Values.singleNamespace }}
- "--namespaced"
{{- end }}
{{- with .Values.controller.workflowWorkers }}
- "--workflow-workers"
- {{ . | quote }}
{{- end }}
{{- with .Values.controller.podWorkers }}
- "--pod-workers"
- {{ . | quote }}
{{- end }}
{{- with .Values.controller.extraArgs }}
{{- toYaml . | nindent 10 }}
{{- end }}
securityContext:
{{- toYaml .Values.controller.securityContext | nindent 12 }}
env:
- name: ARGO_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: LEADER_ELECTION_IDENTITY
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
{{- with .Values.controller.extraEnv }}
{{ toYaml . | nindent 10 }}
{{- end }}
resources:
{{- toYaml .Values.controller.resources | nindent 12 }}
ports:
- name: metrics
containerPort: {{ .Values.controller.metricsConfig.port }}
livenessProbe:
httpGet:
port: metrics
path: {{ .Values.controller.metricsConfig.path }}
initialDelaySeconds: 30
periodSeconds: 30
{{- with .Values.images.pullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.controller.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.controller.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.controller.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.controller.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}

8
charts/argo-workflows/templates/controller/workflow-controller-sa.yaml Normal file
View file

@ -0,0 +1,8 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "argo-workflows.controllerServiceAccountName" . }}
{{ with .Values.controller.serviceAccount.annotations }}
annotations:
{{- toYaml .| nindent 4 }}
{{- end }}

38
charts/argo-workflows/templates/controller/workflow-controller-service.yaml Normal file
View file

@ -0,0 +1,38 @@
{{- if or .Values.controller.metricsConfig.enabled .Values.controller.telemetryConfig.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "argo-workflows.controller.fullname" . }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.controller.image.tag | quote }}
{{- with .Values.controller.serviceLabels }}
{{ toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.controller.serviceAnnotations }}
annotations:
{{- toYaml . | nindent 4}}
{{- end }}
spec:
ports:
{{- if .Values.controller.metricsConfig.enabled }}
- name: {{ .Values.controller.metricsConfig.servicePortName }}
port: {{ .Values.controller.metricsConfig.servicePort }}
protocol: TCP
targetPort: {{ .Values.controller.metricsConfig.port }}
{{- end }}
{{- if .Values.controller.telemetryConfig.enabled }}
- name: {{ .Values.controller.telemetryConfig.servicePortName }}
port: {{ .Values.controller.telemetryConfig.servicePort }}
protocol: TCP
targetPort: {{ .Values.controller.telemetryConfig.port }}
{{- end }}
selector:
{{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 4 }}
sessionAffinity: None
type: {{ .Values.controller.serviceType }}
{{- if and (eq .Values.controller.serviceType "LoadBalancer") .Values.controller.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{- toYaml .Values.controller.loadBalancerSourceRanges | nindent 4 }}
{{- end }}
{{- end -}}

14
charts/argo/templates/workflow-controller-servicemonitor.yaml → charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml
View file

@ -2,14 +2,11 @@
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ .Release.Name }}-{{ .Values.controller.name }}
name: {{ template "argo-workflows.controller.fullname" . }}
labels:
app: {{ .Release.Name }}-{{ .Values.controller.name}}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- if .Values.controller.serviceMonitor.additionalLabels }}
{{ toYaml .Values.controller.serviceMonitor.additionalLabels | indent 4 }}
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
{{- with .Values.controller.serviceMonitor.additionalLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
endpoints:
@ -28,6 +25,5 @@ spec:
- {{ .Release.Namespace }}
selector:
matchLabels:
app: {{ .Release.Name }}-{{ .Values.controller.name}}
release: {{ .Release.Name }}
{{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }}
{{- end }}

14
charts/argo/templates/workflow-rb.yaml → charts/argo-workflows/templates/controller/workflow-rb.yaml
View file

@ -2,18 +2,18 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ .Release.Name }}-workflow
{{- if .Values.workflow.namespace }}
namespace: {{ .Values.workflow.namespace }}
{{- end }}
name: {{ template "argo-workflows.fullname" . }}-workflow
{{- with .Values.workflow.namespace }}
namespace: {{ . }}
{{- end }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ .Release.Name }}-workflow
name: {{ template "argo-workflows.fullname" . }}-workflow
subjects:
- kind: ServiceAccount
name: {{ .Values.workflow.serviceAccount.name }}
{{- if .Values.workflow.namespace }}
namespace: {{ .Values.workflow.namespace }}
{{- with .Values.workflow.namespace }}
namespace: {{ . }}
{{- end }}
{{- end }}

6
charts/argo/templates/workflow-role.yaml → charts/argo-workflows/templates/controller/workflow-role.yaml
View file

@ -2,9 +2,9 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ .Release.Name }}-workflow
{{- if .Values.workflow.namespace }}
namespace: {{ .Values.workflow.namespace }}
name: {{ template "argo-workflows.fullname" . }}-workflow
{{- with .Values.workflow.namespace }}
namespace: {{ . }}
{{- end }}
rules:
- apiGroups:

4
charts/argo/templates/workflow-sa.yaml → charts/argo-workflows/templates/controller/workflow-sa.yaml
View file

@ -3,8 +3,8 @@ apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Values.workflow.serviceAccount.name }}
{{- if .Values.workflow.namespace }}
namespace: {{ .Values.workflow.namespace }}
{{- with .Values.workflow.namespace }}
namespace: {{ . }}
{{- end }}
{{- with .Values.workflow.serviceAccount.annotations }}
annotations:

53
charts/argo/templates/server-cluster-roles.yaml → charts/argo-workflows/templates/server/server-cluster-roles.yaml
View file

@ -1,12 +1,14 @@
{{- if .Values.server.enabled }}
apiVersion: rbac.authorization.k8s.io/v1
{{- if .Values.singleNamespace }}
{{- if .Values.singleNamespace }}
kind: Role
{{- else }}
{{- else }}
kind: ClusterRole
{{- end }}
{{- end }}
metadata:
name: {{ .Release.Name }}-{{ .Values.server.name }}
name: {{ template "argo-workflows.server.fullname" . }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
rules:
- apiGroups:
- ""
@ -28,7 +30,7 @@ rules:
- list
- watch
- delete
{{- if .Values.server.sso }}
{{- if .Values.server.sso }}
- apiGroups:
- ""
resources:
@ -44,9 +46,7 @@ rules:
- secrets
verbs:
- create
{{- end}}
{{- if .Values.server.sso }}
{{- if .Values.server.sso.rbac }}
{{- if .Values.server.sso.rbac }}
- apiGroups:
- ""
resources:
@ -54,8 +54,8 @@ rules:
verbs:
- get
- list
{{- end }}
{{- end }}
{{- end }}
- apiGroups:
- ""
resources:
@ -95,29 +95,29 @@ rules:
- get
{{- end}}
- apiGroups:
- argoproj.io
- argoproj.io
resources:
- workflows
- workfloweventbindings
- workflowtemplates
- cronworkflows
- cronworkflows/finalizers
- clusterworkflowtemplates
- eventsources
- sensors
- workflows
- workfloweventbindings
- workflowtemplates
- cronworkflows
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
{{- if not .Values.singleNamespace }}
- create
- get
- list
- watch
- update
- patch
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ .Release.Name }}-{{ .Values.server.name }}-cluster-template
name: {{ template "argo-workflows.server.fullname" . }}-cluster-template
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
rules:
- apiGroups:
- argoproj.io
@ -134,4 +134,3 @@ rules:
- delete
{{- end }}
{{- end }}
{{- end }}

39
charts/argo-workflows/templates/server/server-crb.yaml Normal file
View file

@ -0,0 +1,39 @@
{{- if and .Values.server.enabled .Values.server.serviceAccount.create -}}
apiVersion: rbac.authorization.k8s.io/v1
{{- if .Values.singleNamespace }}
kind: RoleBinding
{{ else }}
kind: ClusterRoleBinding
{{- end }}
metadata:
name: {{ template "argo-workflows.server.fullname" . }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
{{- if .Values.singleNamespace }}
kind: Role
{{ else }}
kind: ClusterRole
{{- end }}
name: {{ template "argo-workflows.server.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "argo-workflows.serverServiceAccountName" . }}
namespace: {{ .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "argo-workflows.server.fullname" . }}-cluster-template
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "argo-workflows.server.fullname" . }}-cluster-template
subjects:
- kind: ServiceAccount
name: {{ template "argo-workflows.serverServiceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end -}}

19
charts/argo-workflows/templates/server/server-deployment-pdb.yaml Normal file
View file

@ -0,0 +1,19 @@
{{- if and .Values.server.enabled .Values.server.pdb.enabled -}}
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
name: {{ template "argo-workflows.server.fullname" . }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
spec:
{{- if .Values.server.pdb.minAvailable }}
minAvailable: {{ .Values.server.pdb.minAvailable }}
{{- else if .Values.server.pdb.maxUnavailable }}
maxUnavailable: {{ .Values.server.pdb.maxUnavailable }}
{{- else }}
minAvailable: 0
{{- end }}
selector:
matchLabels:
{{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 6 }}
{{- end -}}

53
charts/argo/templates/server-deployment.yaml → charts/argo-workflows/templates/server/server-deployment.yaml
View file

@ -2,55 +2,52 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Release.Name }}-{{ .Values.server.name}}
name: {{ template "argo-workflows.server.fullname" . }}
labels:
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.server.image.tag | quote }}
spec:
replicas: {{ .Values.server.replicas }}
selector:
matchLabels:
app: {{ .Release.Name }}-{{ .Values.server.name}}
release: {{ .Release.Name }}
{{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 6 }}
template:
metadata:
labels:
app: {{ .Release.Name }}-{{ .Values.server.name}}
release: {{ .Release.Name }}
{{- if .Values.server.podLabels }}
{{- toYaml .Values.server.podLabels | nindent 8 }}
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 8 }}
app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.server.image.tag | quote }}
{{- with .Values.server.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.server.podAnnotations }}
{{- with .Values.server.podAnnotations }}
annotations:
{{ toYaml .Values.server.podAnnotations | indent 8}}{{- end }}
{{- toYaml .Values.server.podAnnotations | nindent 8 }}
{{- end }}
spec:
serviceAccountName: {{ .Values.server.serviceAccount | quote }}
{{- if .Values.server.podSecurityContext }}
serviceAccountName: {{ template "argo-workflows.serverServiceAccountName" . }}
{{- with .Values.server.podSecurityContext }}
securityContext:
{{- toYaml .Values.server.podSecurityContext | nindent 8 }}
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: argo-server
image: "{{ .Values.server.image.registry }}/{{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.images.pullPolicy }}
securityContext:
{{- toYaml .Values.server.securityContext | nindent 12 }}
args:
- server
- --configmap={{ .Release.Name }}-{{ .Values.controller.name }}-configmap
{{- if .Values.server.extraArgs }}
{{- toYaml .Values.server.extraArgs | nindent 10 }}
{{- end }}
{{- if .Values.server.secure }}
- "--secure"
- --configmap={{ template "argo-workflows.controller.fullname" . }}-configmap
{{- with .Values.server.extraArgs }}
{{- toYaml . | nindent 10 }}
{{- end }}
- "--secure={{ .Values.server.secure }}"
{{- if .Values.singleNamespace }}
- "--namespaced"
{{- end }}
image: "{{ .Values.images.namespace }}/{{ .Values.images.server }}:{{ default .Values.images.tag .Values.server.image.tag }}"
imagePullPolicy: {{ .Values.images.pullPolicy }}
{{- if .Values.server.podPortName }}
ports:
- name: {{ .Values.server.podPortName }}
- name: web
containerPort: 2746
{{- end }}
readinessProbe:
httpGet:
path: /
@ -102,7 +99,7 @@ spec:
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.server.priorityClassName }}
priorityClassName: {{ .Values.server.priorityClassName }}
{{- with .Values.server.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}
{{- end -}}

88
charts/argo-workflows/templates/server/server-ingress.yaml Normal file
View file

@ -0,0 +1,88 @@
{{- if .Values.server.ingress.enabled -}}
{{- $serviceName := include "argo-workflows.server.fullname" . -}}
{{- $servicePort := .Values.server.servicePort -}}
{{- $paths := .Values.server.ingress.paths -}}
{{- $extraPaths := .Values.server.ingress.extraPaths -}}
apiVersion: {{ include "argo-workflows.ingress.apiVersion" . }}
kind: Ingress
metadata:
{{- if .Values.server.ingress.annotations }}
annotations:
{{- range $key, $value := .Values.server.ingress.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
name: {{ template "argo-workflows.server.fullname" . }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
{{- if .Values.server.ingress.labels }}
{{- toYaml .Values.server.ingress.labels | nindent 4 }}
{{- end }}
spec:
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
{{- with .Values.server.ingress.ingressClassName }}
ingressClassName: {{ . }}
{{- end }}
{{- end }}
rules:
{{- if .Values.server.ingress.hosts }}
{{- range $host := .Values.server.ingress.hosts }}
- host: {{ $host }}
http:
paths:
{{- if $extraPaths }}
{{- toYaml $extraPaths | nindent 10 }}
{{- end }}
{{- range $p := $paths }}
- path: {{ $p }}
{{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
pathType: Prefix
{{- end }}
backend:
{{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
service:
name: {{ $serviceName }}
port:
{{- if kindIs "float64" $servicePort }}
number: {{ $servicePort }}
{{- else }}
name: {{ $servicePort }}
{{- end }}
{{- else }}
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end }}
{{- end -}}
{{- end -}}
{{- else }}
- http:
paths:
{{- if $extraPaths }}
{{- toYaml $extraPaths | nindent 10 }}
{{- end }}
{{- range $p := $paths }}
- path: {{ $p }}
{{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
pathType: Prefix
{{- end }}
backend:
{{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
service:
name: {{ $serviceName }}
port:
{{- if kindIs "float64" $servicePort }}
number: {{ $servicePort }}
{{- else }}
name: {{ $servicePort }}
{{- end }}
{{- else }}
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end }}
{{- end -}}
{{- end -}}
{{- if .Values.server.ingress.tls }}
tls:
{{- toYaml .Values.server.ingress.tls | nindent 4 }}
{{- end -}}
{{- end -}}

10
charts/argo-workflows/templates/server/server-sa.yaml Normal file
View file

@ -0,0 +1,10 @@
{{- if and .Values.server.enabled .Values.server.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "argo-workflows.serverServiceAccountName" . }}
{{- with .Values.server.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end -}}

31
charts/argo-workflows/templates/server/server-service.yaml Normal file
View file

@ -0,0 +1,31 @@
{{- if .Values.server.enabled -}}
apiVersion: v1
kind: Service
metadata:
name: {{ template "argo-workflows.server.fullname" . }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
app.kubernetes.io/version: {{ default .Chart.AppVersion .Values.server.image.tag | quote }}
{{- with .Values.server.serviceAnnotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
ports:
- port: {{ .Values.server.servicePort }}
{{- with .Values.server.servicePortName }}
name: {{ . }}
{{- end }}
targetPort: 2746
selector:
{{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }}
sessionAffinity: None
type: {{ .Values.server.serviceType }}
{{- if and (eq .Values.server.serviceType "LoadBalancer") .Values.server.loadBalancerIP }}
loadBalancerIP: {{ .Values.server.loadBalancerIP | quote }}
{{- end }}
{{- if and (eq .Values.server.serviceType "LoadBalancer") .Values.server.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{- toYaml .Values.server.loadBalancerSourceRanges | nindent 4 }}
{{- end }}
{{- end -}}

169
charts/argo/values.yaml → charts/argo-workflows/values.yaml
View file

@ -1,16 +1,9 @@
images:
namespace: argoproj
controller: workflow-controller
server: argocli
executor: argoexec
# imagePullPolicy to apply to all containers
pullPolicy: Always
# Secrets with credentials to pull images from a private registry
pullSecrets: []
# - name: argo-pull-secret
tag: v2.12.5
crdVersion: v1alpha1
installCRD: true
init:
# By default the installation will not set an explicit one, which will mean it uses `default` for the namespace the chart is
@ -24,17 +17,19 @@ createAggregateRoles: true
singleNamespace: false
workflow:
namespace: "" # Specify namespace if workflows run in another namespace than argo. This controls where the service account and RBAC resources will be created.
namespace: "" # Specify namespace if workflows run in another namespace than argo. This controls where the service account and RBAC resources will be created.
serviceAccount:
create: false # Specifies whether a service account should be created
create: false # Specifies whether a service account should be created
annotations: {}
name: "argo-workflow" # Service account which is used to run workflows
name: "argo-workflow" # Service account which is used to run workflows
rbac:
create: false # adds Role and RoleBinding for the above specified service account to be able to run workflows
create: false # adds Role and RoleBinding for the above specified service account to be able to run workflows
controller:
image:
# Overrides .images.tag if defined.
registry: quay.io
repository: argoproj/workflow-controller
# Overrides the image tag whose default is the chart appVersion.
tag: ""
# parallelism dictates how many workflows can be running at the same time
parallelism:
@ -48,7 +43,17 @@ controller:
metricsConfig:
enabled: false
path: /metrics
port: 8080
port: 9090
servicePort: 8080
servicePortName: metrics
# the controller container's securityContext
securityContext:
readOnlyRootFilesystem: true
runAsNonRoot: true
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
persistence: {}
# connectionPool:
# maxIdleConns: 100
@ -69,24 +74,28 @@ controller:
# passwordSecret:
# name: argo-postgres-config
# key: password
workflowDefaults: {} # Only valid for 2.7+
workflowDefaults: {} # Only valid for 2.7+
# spec:
# ttlStrategy:
# secondsAfterCompletion: 84600
# workflowWorkers: 32
# podWorkers: 32
workflowRestrictions: {} # Only valid for 2.9+
workflowRestrictions: {} # Only valid for 2.9+
# templateReferencing: Strict|Secure
telemetryConfig:
enabled: false
path: /telemetry
port: 8081
servicePort: 8081
servicePortName: telemetry
serviceMonitor:
enabled: false
additionalLabels: {}
serviceAccount: argo
# Service account annotations
serviceAccountAnnotations: {}
serviceAccount:
create: true
name: argo
# Annotations applied to created service account
annotations: {}
name: workflow-controller
workflowNamespaces:
- default
@ -103,10 +112,6 @@ controller:
level: info
globallevel: "0"
serviceType: ClusterIP
metricsServicePort: 8080
metricsServicePortName: metrics
telemetryServicePort: 8081
telemetryServicePortName: telemetry
# Annotations to be applied to the controller Service
serviceAnnotations: {}
# Optional labels to add to the controller Service
@ -136,13 +141,15 @@ controller:
# ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
# PriorityClass: system-cluster-critical
priorityClassName: ""
# https://argoproj.github.io/argo/links/
# https://argoproj.github.io/argo-workflows/links/
links: []
# executor controls how the init and wait container should be customized
executor:
image:
# Overrides .images.tag if defined.
registry: quay.io
repository: argoproj/argoexec
# Overrides the image tag whose default is the chart appVersion.
tag: ""
resources: {}
# Adds environment variables for the executor.
@ -154,10 +161,12 @@ server:
enabled: true
# only updates base url of resources on client side,
# it's expected that a proxy server rewrites the request URL and gets rid of this prefix
# https://github.com/argoproj/argo/issues/716#issuecomment-433213190
# https://github.com/argoproj/argo-workflows/issues/716#issuecomment-433213190
baseHref: /
image:
# Overrides .images.tag if defined.
registry: quay.io
repository: argoproj/argocli
# Overrides the image tag whose default is the chart appVersion.
tag: ""
# optional map of annotations to be applied to the ui Pods
podAnnotations: {}
@ -165,16 +174,21 @@ server:
podLabels: {}
# SecurityContext to set on the server pods
podSecurityContext: {}
securityContext:
readOnlyRootFilesystem: false
runAsNonRoot: true
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
name: server
serviceType: ClusterIP
servicePort: 2746
# servicePortName: http
serviceAccount: argo-server
# Whether to create the service account with the name specified in
# server.serviceAccount and bind it to the server role.
createServiceAccount: true
# Service account annotations
serviceAccountAnnotations: {}
serviceAccount:
create: true
name: argo-server
annotations: {}
# Annotations to be applied to the UI Service
serviceAnnotations: {}
# Optional labels to add to the UI Service
@ -206,7 +220,7 @@ server:
# Run the argo server in "secure" mode. Configure this value instead of
# "--secure" in extraArgs. See the following documentation for more details
# on secure mode:
# https://argoproj.github.io/argo/tls/#encrypted
# https://argoproj.github.io/argo-workflows/tls/
secure: false
# Extra arguments to provide to the Argo server binary.
@ -221,36 +235,32 @@ server:
##
ingress:
enabled: false
annotations: {}
labels: {}
ingressClassName: ""
## Annotations to be added to the web ingress.
## Argo Workflows Server Ingress.
## Hostnames must be provided if Ingress is enabled.
## Secrets must be manually created in the namespace
##
# annotations:
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
[]
# - argocd.example.com
paths:
- /
extraPaths:
[]
# - path: /*
# backend:
# serviceName: ssl-redirect
# servicePort: use-annotation
tls:
[]
# - secretName: argocd-example-tls
# hosts:
# - argocd.example.com
https: false
## Labels to be added to the web ingress.
##
# labels:
# use-cloudflare-solver: "true"
## Hostnames.
## Must be provided if Ingress is enabled.
##
# hosts:
# - argo.domain.com
## Additional Paths for each host
# paths:
# - serviceName: "ssl-redirect"
# servicePort: "use-annotation"
## TLS configuration.
## Secrets must be manually created in the namespace.
##
# tls:
# - secretName: argo-ui-tls
# hosts:
# - argo.domain.com
clusterWorkflowTemplates:
# Give the server permissions to edit ClusterWorkflowTemplates.
enableEditing: true
@ -294,7 +304,7 @@ artifactRepository:
# Note the `key` attribute is not the actual secret, it's the PATH to
# the contents in the associated secret, as defined by the `name` attribute.
accessKeySecret:
# name: <releaseName>-minio (default)
# name: <releaseName>-minio
key: accesskey
secretKeySecret:
# name: <releaseName>-minio
@ -306,25 +316,16 @@ artifactRepository:
# roleARN:
# useSDKCreds: true
# gcs:
# bucket: <project>-argo
# keyFormat: "{{workflow.namespace}}/{{workflow.name}}/"
# serviceAccountKeySecret is a secret selector.
# It references the k8s secret named 'my-gcs-credentials'.
# This secret is expected to have have the key 'serviceAccountKey',
# containing the base64 encoded credentials
# to the bucket.
#
# If it's running on GKE and Workload Identity is used,
# serviceAccountKeySecret is not needed.
# serviceAccountKeySecret:
# name: my-gcs-credentials
# key: serviceAccountKey
# NOTE: These are setting attributes for the `minio` optional dependency
minio:
# If set to true then chart installs minio and generate according artifactRepository section in workflow controller config map
install: false
defaultBucket:
enabled: true
name: argo-artifacts
# bucket: <project>-argo
# keyFormat: "{{workflow.namespace}}/{{workflow.name}}/"
# serviceAccountKeySecret is a secret selector.
# It references the k8s secret named 'my-gcs-credentials'.
# This secret is expected to have have the key 'serviceAccountKey',
# containing the base64 encoded credentials
# to the bucket.
#
# If it's running on GKE and Workload Identity is used,
# serviceAccountKeySecret is not needed.
# serviceAccountKeySecret:
# name: my-gcs-credentials
# key: serviceAccountKey

21
charts/argo/.helmignore
View file

@ -1,21 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj

6
charts/argo/Chart.lock
View file

@ -1,6 +0,0 @@
dependencies:
- name: minio
repository: https://helm.min.io/
version: 8.0.9
digest: sha256:0f43ad0a4b4e9af47615ef3da85054712eb28f154418d96b7b974a095cc19260
generated: "2021-01-13T15:31:40.823086-08:00"

17
charts/argo/Chart.yaml
View file

@ -1,17 +0,0 @@
apiVersion: v2
appVersion: v2.12.5
description: A Helm chart for Argo Workflows
name: argo
version: 0.16.9
icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
home: https://github.com/argoproj/argo-helm
maintainers:
- name: alexec
- name: alexmt
- name: jessesuen
- name: benjaminws
dependencies:
- name: minio
version: 8.0.9
repository: https://helm.min.io/
condition: minio.install

Some files were not shown because too many files have changed in this diff Show more