DevFW-CICD/argocd-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: Remove Argo Chart (#748)

Browse source 
Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>
This commit is contained in:
Oliver Bähler 2021-05-21 18:39:07 +02:00 committed by GitHub
parent 9a3077afe2
commit 60a42675cb
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
37 changed files with 0 additions and 1686 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
charts/argo/.helmignore
View file

@ -1,21 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj

6
charts/argo/Chart.lock
View file

@ -1,6 +0,0 @@
dependencies:
- name: minio
repository: https://helm.min.io/
version: 8.0.9
digest: sha256:0f43ad0a4b4e9af47615ef3da85054712eb28f154418d96b7b974a095cc19260
generated: "2021-01-13T15:31:40.823086-08:00"

13
charts/argo/Chart.yaml
View file

@ -1,13 +0,0 @@
apiVersion: v2
appVersion: v2.12.5
description: A Helm chart for Argo Workflows
name: argo
version: 1.0.0
icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
home: https://github.com/argoproj/argo-helm
dependencies:
- name: minio
version: 8.0.9
repository: https://helm.min.io/
condition: minio.install
deprecated: true

29
charts/argo/README.md
View file

@ -1,29 +0,0 @@
## Argo Workflows Chart
> ⚠ DEPRECATION WARNING: this chart is for v2 of Argo Workflows. For v3, a new chart is available at <https://github.com/argoproj/argo-helm/tree/master/charts/argo-workflows>
This is a **community maintained** chart. It is used to set up argo and it's needed dependencies through one command. This is used in conjunction with [helm](https://github.com/kubernetes/helm).
If you want your deployment of this helm chart to most closely match the [argo CLI](https://github.com/argoproj/argo-workflows), you should deploy it in the `kube-system` namespace.
## Pre-Requisites
This chart uses an install hook to configure the CRD definition. Installation of CRDs is a somewhat privileged process in itself and in RBAC enabled clusters the `default` service account for namespaces does not typically have the ability to do create these.
A few options are:
- Setup the CRD yourself manually and use `--set installCRD=false` when installing the helm chart. Find the CRDs in the [argo codebase](https://github.com/argoproj/argo-workflows/tree/master/manifests/base/crds/full)
- Manually create a ServiceAccount in the Namespace which your release will be deployed w/ appropriate bindings to perform this action and set the `init.serviceAccount` attribute
- Augment the `default` ServiceAccount permissions in the Namespace in which your Release is deployed to have the appropriate permissions
## Usage Notes:
This chart defaults to setting the `controller.instanceID.enabled` to `false` now, which means the deployed controller will act upon any workflow deployed to the cluster. If you would like to limit the behavior and deploy multiple workflow controllers, please use the `controller.instanceID.enabled` attribute along with one of it's configuration options to set the `instanceID` of the workflow controller to be properly scoped for your needs.
## Values
The `values.yaml` contains items used to tweak a deployment of this chart.
Fields to note:
* `controller.instanceID.enabled`: If set to true, the Argo Controller will **ONLY** monitor Workflow submissions with a `--instanceid` attribute
* `controller.instanceID.useReleaseName`: If set to true then chart set controller instance id to release name
* `controller.instanceID.explicitID`: Allows customization of an instance id for the workflow controller to monitor
* `controller.workflowNamespaces`: This is a list of namespaces where workflows will be ran
* `minio.install`: If this is true, we'll install [minio](https://github.com/kubernetes/charts/tree/master/stable/minio) and build out the artifactRepository section in workflow controller config map.
* `artifactRepository.s3.accessKeySecret` and `artifactRepository.s3.secretKeySecret` These by default link to minio default credentials stored in the secret deployed by the minio chart.

23
charts/argo/crds/cluster-workflow-template-crd.yaml
View file

@ -1,23 +0,0 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: clusterworkflowtemplates.argoproj.io
annotations:
helm.sh/hook: crd-install
helm.sh/hook-delete-policy: before-hook-creation
spec:
group: argoproj.io
version: v1alpha1
scope: Cluster
names:
kind: ClusterWorkflowTemplate
listKind: ClusterWorkflowTemplateList
plural: clusterworkflowtemplates
shortNames:
- clusterwftmpl
- cwft
singular: clusterworkflowtemplate
versions:
- name: v1alpha1
served: true
storage: true

23
charts/argo/crds/cron-workflow-crd.yaml
View file

@ -1,23 +0,0 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: cronworkflows.argoproj.io
annotations:
helm.sh/hook: crd-install
helm.sh/hook-delete-policy: before-hook-creation
spec:
group: argoproj.io
names:
kind: CronWorkflow
listKind: CronWorkflowList
plural: cronworkflows
shortNames:
- cwf
- cronwf
singular: cronworkflow
scope: Namespaced
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true

33
charts/argo/crds/workflow-crd.yaml
View file

@ -1,33 +0,0 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: workflows.argoproj.io
annotations:
helm.sh/hook: crd-install
helm.sh/hook-delete-policy: before-hook-creation
spec:
additionalPrinterColumns:
- JSONPath: .status.phase
description: Status of the workflow
name: Status
type: string
- JSONPath: .status.startedAt
description: When the workflow was started
format: date-time
name: Age
type: date
group: argoproj.io
names:
kind: Workflow
listKind: WorkflowList
plural: workflows
shortNames:
- wf
singular: workflow
scope: Namespaced
subresources: {}
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true

19
charts/argo/crds/workflow-eventbinding-crd.yaml
View file

@ -1,19 +0,0 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: workfloweventbindings.argoproj.io
spec:
group: argoproj.io
names:
kind: WorkflowEventBinding
listKind: WorkflowEventBindingList
plural: workfloweventbindings
shortNames:
- wfeb
singular: workfloweventbinding
scope: Namespaced
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true

22
charts/argo/crds/workflow-template-crd.yaml
View file

@ -1,22 +0,0 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: workflowtemplates.argoproj.io
annotations:
helm.sh/hook: crd-install
helm.sh/hook-delete-policy: before-hook-creation
spec:
group: argoproj.io
version: v1alpha1
scope: Namespaced
names:
kind: WorkflowTemplate
listKind: WorkflowTemplateList
plural: workflowtemplates
shortNames:
- wftmpl
singular: workflowtemplate
versions:
- name: v1alpha1
served: true
storage: true

16
charts/argo/templates/NOTES.txt
View file

@ -1,16 +0,0 @@
1. Get Argo Server external IP/domain by running:
kubectl --namespace {{ .Release.Namespace }} get services -o wide | grep {{ .Release.Name }}-{{ .Values.server.name }}
2. Submit the hello-world workflow by running:
argo submit https://raw.githubusercontent.com/argoproj/argo/master/examples/hello-world.yaml --watch
{{ if .Values.minio.install }}
3. Access Minio UI and create bucket '{{ .Values.minio.defaultBucket.name }}'. Minio UI is available on port 9000 and available via external URL. URL might be retrieved using following
command:
kubectl --namespace {{ .Release.Namespace }} get services -o wide | grep {{ .Release.Name }}-minio
{{ end }}

16
charts/argo/templates/_helpers.tpl
View file

@ -1,16 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "fullname" -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}

19
charts/argo/templates/cluster-workflow-template-crd.yaml
View file

@ -1,19 +0,0 @@
{{- if .Values.installCRD }}
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: clusterworkflowtemplates.argoproj.io
annotations:
helm.sh/hook: crd-install
helm.sh/hook-delete-policy: before-hook-creation
spec:
group: argoproj.io
version: v1alpha1
scope: Cluster
names:
kind: ClusterWorkflowTemplate
plural: clusterworkflowtemplates
shortNames:
- clusterwftmpl
- cwft
{{- end }}

19
charts/argo/templates/cron-workflow-crd.yaml
View file

@ -1,19 +0,0 @@
{{- if .Values.installCRD }}
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: cronworkflows.argoproj.io
annotations:
helm.sh/hook: crd-install
helm.sh/hook-delete-policy: before-hook-creation
spec:
group: argoproj.io
names:
kind: CronWorkflow
plural: cronworkflows
shortNames:
- cronwf
- cwf
scope: Namespaced
version: v1alpha1
{{- end }}

134
charts/argo/templates/server-cluster-roles.yaml
View file

@ -1,134 +0,0 @@
{{- if .Values.server.enabled }}
apiVersion: rbac.authorization.k8s.io/v1
{{- if .Values.singleNamespace }}
kind: Role
{{- else }}
kind: ClusterRole
{{- end }}
metadata:
name: {{ .Release.Name }}-{{ .Values.server.name }}
rules:
- apiGroups:
- ""
resources:
- configmaps
- events
verbs:
- get
- watch
- list
- apiGroups:
- ""
resources:
- pods
- pods/exec
- pods/log
verbs:
- get
- list
- watch
- delete
{{- if .Values.server.sso }}
- apiGroups:
- ""
resources:
- secrets
resourceNames:
- sso
verbs:
- get
- update
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
{{- end}}
{{- if .Values.server.sso }}
{{- if .Values.server.sso.rbac }}
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- get
- list
{{- end }}
{{- end }}
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
{{- if .Values.server.sso }}
{{- if .Values.server.sso.rbac }}
{{- with .Values.server.sso.rbac.secretWhitelist }}
resourceNames: {{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}
- apiGroups:
- ""
resources:
- events
verbs:
- watch
- create
- patch
{{- if .Values.controller.persistence }}
- apiGroups:
- ""
resources:
- secrets
resourceNames:
{{- with .Values.controller.persistence.postgresql }}
- {{ .userNameSecret.name }}
- {{ .passwordSecret.name }}
{{- end}}
{{- with .Values.controller.persistence.mysql }}
- {{ .userNameSecret.name }}
- {{ .passwordSecret.name }}
{{- end}}
verbs:
- get
{{- end}}
- apiGroups:
- argoproj.io
resources:
- workflows
- workfloweventbindings
- workflowtemplates
- cronworkflows
- cronworkflows/finalizers
- clusterworkflowtemplates
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ .Release.Name }}-{{ .Values.server.name }}-cluster-template
rules:
- apiGroups:
- argoproj.io
resources:
- clusterworkflowtemplates
verbs:
- get
- list
- watch
{{- if .Values.server.clusterWorkflowTemplates.enableEditing }}
- create
- update
- patch
- delete
{{- end }}
{{- end }}

35
charts/argo/templates/server-crb.yaml
View file

@ -1,35 +0,0 @@
{{- if and .Values.server.enabled .Values.server.createServiceAccount -}}
apiVersion: rbac.authorization.k8s.io/v1
{{- if .Values.singleNamespace }}
kind: RoleBinding
{{ else }}
kind: ClusterRoleBinding
{{- end }}
metadata:
name: {{ .Release.Name }}-{{ .Values.server.name}}
roleRef:
apiGroup: rbac.authorization.k8s.io
{{- if .Values.singleNamespace }}
kind: Role
{{ else }}
kind: ClusterRole
{{- end }}
name: {{ .Release.Name }}-{{ .Values.server.name}}
subjects:
- kind: ServiceAccount
name: {{ .Values.server.serviceAccount }}
namespace: {{ .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ .Release.Name }}-{{ .Values.server.name}}-cluster-template
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ .Release.Name }}-{{ .Values.server.name}}-cluster-template
subjects:
- kind: ServiceAccount
name: {{ .Values.server.serviceAccount }}
namespace: {{ .Release.Namespace }}
{{- end -}}

25
charts/argo/templates/server-deployment-pdb.yaml
View file

@ -1,25 +0,0 @@
{{- if .Values.server.enabled -}}
{{- if .Values.server.pdb.enabled -}}
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
name: {{ .Release.Name }}-{{ .Values.server.name}}
labels:
app: {{ .Release.Name }}-{{ .Values.server.name}}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
{{- if .Values.server.pdb.minAvailable }}
minAvailable: {{ .Values.server.pdb.minAvailable }}
{{- else if .Values.server.pdb.maxUnavailable }}
maxUnavailable: {{ .Values.server.pdb.maxUnavailable }}
{{- else }}
minAvailable: 0
{{- end }}
selector:
matchLabels:
app: {{ .Release.Name }}-{{ .Values.server.name}}
release: {{ .Release.Name }}
{{- end -}}
{{- end -}}

108
charts/argo/templates/server-deployment.yaml
View file

@ -1,108 +0,0 @@
{{- if .Values.server.enabled -}}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Release.Name }}-{{ .Values.server.name}}
labels:
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
replicas: {{ .Values.server.replicas }}
selector:
matchLabels:
app: {{ .Release.Name }}-{{ .Values.server.name}}
release: {{ .Release.Name }}
template:
metadata:
labels:
app: {{ .Release.Name }}-{{ .Values.server.name}}
release: {{ .Release.Name }}
{{- if .Values.server.podLabels }}
{{- toYaml .Values.server.podLabels | nindent 8 }}
{{- end }}
{{- if .Values.server.podAnnotations }}
annotations:
{{ toYaml .Values.server.podAnnotations | indent 8}}{{- end }}
spec:
serviceAccountName: {{ .Values.server.serviceAccount | quote }}
{{- if .Values.server.podSecurityContext }}
securityContext:
{{- toYaml .Values.server.podSecurityContext | nindent 8 }}
{{- end }}
containers:
- name: argo-server
args:
- server
- --configmap={{ .Release.Name }}-{{ .Values.controller.name }}-configmap
{{- if .Values.server.extraArgs }}
{{- toYaml .Values.server.extraArgs | nindent 10 }}
{{- end }}
{{- if .Values.server.secure }}
- "--secure"
{{- end }}
{{- if .Values.singleNamespace }}
- "--namespaced"
{{- end }}
image: "{{ .Values.images.namespace }}/{{ .Values.images.server }}:{{ default .Values.images.tag .Values.server.image.tag }}"
imagePullPolicy: {{ .Values.images.pullPolicy }}
{{- if .Values.server.podPortName }}
ports:
- name: {{ .Values.server.podPortName }}
containerPort: 2746
{{- end }}
readinessProbe:
httpGet:
path: /
port: 2746
{{- if .Values.server.secure }}
scheme: HTTPS
{{- else }}
scheme: HTTP
{{- end }}
initialDelaySeconds: 10
periodSeconds: 20
env:
- name: IN_CLUSTER
value: "true"
- name: ARGO_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: BASE_HREF
value: {{ .Values.server.baseHref | quote }}
resources:
{{- toYaml .Values.server.resources | nindent 12 }}
volumeMounts:
- name: tmp
mountPath: /tmp
{{- with .Values.server.volumeMounts }}
{{- toYaml . | nindent 10}}
{{- end }}
{{- with .Values.images.pullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
- name: tmp
emptyDir: {}
{{- with .Values.server.volumes }}
{{- toYaml . | nindent 6}}
{{- end }}
{{- with .Values.server.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.server.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.server.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.server.priorityClassName }}
priorityClassName: {{ .Values.server.priorityClassName }}
{{- end }}
{{- end -}}

46
charts/argo/templates/server-ingress.yaml
View file

@ -1,46 +0,0 @@
{{- if .Values.server.enabled -}}
{{- if .Values.server.ingress.enabled -}}
{{- $serviceName := printf "%s-%s" .Release.Name .Values.server.name -}}
{{- $servicePort := .Values.server.servicePort -}}
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
apiVersion: networking.k8s.io/v1beta1
{{ else }}
apiVersion: extensions/v1beta1
{{ end -}}
kind: Ingress
metadata:
name: {{ .Release.Name }}-{{ .Values.server.name }}
labels:
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- range $key, $value := .Values.server.ingress.labels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
annotations:
{{- range $key, $value := .Values.server.ingress.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
rules:
{{- range .Values.server.ingress.hosts }}
- host: {{ . }}
http:
paths:
{{- if $.Values.server.ingress.paths }}
{{- range $.Values.server.ingress.paths }}
- backend:
serviceName: {{ .serviceName }}
servicePort: {{ .servicePort }}
{{- end }}
{{- end }}
- backend:
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end -}}
{{- if .Values.server.ingress.tls }}
tls:
{{ toYaml .Values.server.ingress.tls | indent 4 }}
{{- end -}}
{{- end -}}
{{- end -}}

8
charts/argo/templates/server-sa.yaml
View file

@ -1,8 +0,0 @@
{{- if and .Values.server.enabled .Values.server.createServiceAccount -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Values.server.serviceAccount }}
annotations:
{{ toYaml .Values.server.serviceAccountAnnotations | indent 4 }}
{{- end -}}

33
charts/argo/templates/server-service.yaml
View file

@ -1,33 +0,0 @@
{{- if .Values.server.enabled -}}
apiVersion: v1
kind: Service
metadata:
name: {{ .Release.Name }}-{{ .Values.server.name }}
labels:
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- if .Values.server.serviceLabels }}
{{- toYaml .Values.server.serviceLabels | nindent 4 }}
{{- end }}
{{- if .Values.server.serviceAnnotations }}
annotations:
{{ toYaml .Values.server.serviceAnnotations | indent 4}}{{- end }}
spec:
ports:
- port: {{ .Values.server.servicePort }}
{{- if .Values.server.servicePortName }}
name: {{ .Values.server.servicePortName }}
{{- end }}
targetPort: 2746
selector:
app: {{ .Release.Name }}-{{ .Values.server.name }}
sessionAffinity: None
type: {{ .Values.server.serviceType }}
{{- if and (eq .Values.server.serviceType "LoadBalancer") .Values.server.loadBalancerIP }}
loadBalancerIP: {{ .Values.server.loadBalancerIP | quote }}
{{- end }}
{{- if and (eq .Values.server.serviceType "LoadBalancer") .Values.server.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{ toYaml .Values.server.loadBalancerSourceRanges | indent 4 }}{{- end }}
{{- end -}}

18
charts/argo/templates/worfkflow-controller-secrets-access.yaml
View file

@ -1,18 +0,0 @@
{{ if .Values.minio.install }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ .Release.Name }}-{{ .Values.controller.name}}-minio-secret
rules:
- apiGroups:
- ""
resources:
- secrets
resourceNames:
- {{ .Values.artifactRepository.s3.accessKeySecret.name | default (printf "%s-%s" .Release.Name "minio") | quote }}
- {{ .Values.artifactRepository.s3.secretKeySecret.name | default (printf "%s-%s" .Release.Name "minio") | quote }}
verbs:
- get
- watch
- list
{{- end }}

89
charts/argo/templates/workflow-aggregate-roles.yaml
View file

@ -1,89 +0,0 @@
{{- if .Values.createAggregateRoles }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
helm.sh/hook: pre-install
helm.sh/hook-delete-policy: before-hook-creation
name: argo-aggregate-to-view
labels:
rbac.authorization.k8s.io/aggregate-to-view: "true"
rules:
- apiGroups:
- argoproj.io
resources:
- workflows
- workflows/finalizers
- workflowtemplates
- workflowtemplates/finalizers
- cronworkflows
- cronworkflows/finalizers
- clusterworkflowtemplates
- clusterworkflowtemplates/finalizers
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
helm.sh/hook: pre-install
helm.sh/hook-delete-policy: before-hook-creation
name: argo-aggregate-to-edit
labels:
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rules:
- apiGroups:
- argoproj.io
resources:
- workflows
- workflows/finalizers
- workflowtemplates
- workflowtemplates/finalizers
- cronworkflows
- cronworkflows/finalizers
- clusterworkflowtemplates
- clusterworkflowtemplates/finalizers
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
helm.sh/hook: pre-install
helm.sh/hook-delete-policy: before-hook-creation
name: argo-aggregate-to-admin
labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rules:
- apiGroups:
- argoproj.io
resources:
- workflows
- workflows/finalizers
- workflowtemplates
- workflowtemplates/finalizers
- cronworkflows
- cronworkflows/finalizers
- clusterworkflowtemplates
- clusterworkflowtemplates/finalizers
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
{{- end }}

146
charts/argo/templates/workflow-controller-cluster-roles.yaml
View file

@ -1,146 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
{{- if .Values.singleNamespace }}
kind: Role
{{- else }}
kind: ClusterRole
{{- end }}
metadata:
name: {{ .Release.Name }}-{{ .Values.controller.name }}
rules:
- apiGroups:
- ""
resources:
- pods
- pods/exec
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- watch
- list
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- create
- delete
- apiGroups:
- argoproj.io
resources:
- workflows
- workflows/finalizers
verbs:
- get
- list
- watch
- update
- patch
- delete
- create
- apiGroups:
- argoproj.io
resources:
- workflowtemplates
- workflowtemplates/finalizers
- clusterworkflowtemplates
- clusterworkflowtemplates/finalizers
verbs:
- get
- list
- watch
- apiGroups:
- argoproj.io
resources:
- cronworkflows
- cronworkflows/finalizers
verbs:
- get
- list
- watch
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- get
- list
- apiGroups:
- "policy"
resources:
- poddisruptionbudgets
verbs:
- create
- get
- delete
{{- if .Values.controller.persistence }}
- apiGroups:
- ""
resources:
- secrets
resourceNames:
{{- if .Values.controller.persistence.postgresql }}
- {{ .Values.controller.persistence.postgresql.userNameSecret.name }}
- {{ .Values.controller.persistence.postgresql.passwordSecret.name }}
{{- end}}
{{- if .Values.controller.persistence.mysql }}
- {{ .Values.controller.persistence.mysql.userNameSecret.name }}
- {{ .Values.controller.persistence.mysql.passwordSecret.name }}
{{- end}}
verbs:
- get
{{- end}}
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- apiGroups:
- coordination.k8s.io
resources:
- leases
resourceNames:
- workflow-controller
- workflow-controller-lease
verbs:
- get
- watch
- update
- patch
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ .Release.Name }}-{{ .Values.controller.name }}-cluster-template
rules:
- apiGroups:
- argoproj.io
resources:
- clusterworkflowtemplates
- clusterworkflowtemplates/finalizers
verbs:
- get
- list
- watch

89
charts/argo/templates/workflow-controller-config-map.yaml
View file

@ -1,89 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}-{{ .Values.controller.name }}-configmap
labels:
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
data:
config: |
{{- if .Values.controller.instanceID.enabled }}
{{- if .Values.controller.instanceID.useReleaseName }}
instanceID: {{ .Release.Name }}
{{- else }}
instanceID: {{ .Values.controller.instanceID.explicitID }}
{{- end }}
{{- end }}
containerRuntimeExecutor: {{ .Values.controller.containerRuntimeExecutor }}
{{- if .Values.controller.parallelism }}
parallelism: {{ .Values.controller.parallelism }}
{{- end }}
{{- if or .Values.executor.resources .Values.executor.env .Values.executor.securityContext}}
executor:
{{- with .Values.executor.resources }}
resources: {{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.executor.env }}
env: {{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.executor.securityContext }}
securityContext: {{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- if or .Values.minio.install .Values.useDefaultArtifactRepo }}
artifactRepository:
{{- if .Values.artifactRepository.archiveLogs }}
archiveLogs: {{ .Values.artifactRepository.archiveLogs }}
{{- end }}
{{- if .Values.artifactRepository.gcs }}
gcs:
{{ toYaml .Values.artifactRepository.gcs | indent 8}}
{{- else }}
s3:
{{- if .Values.useStaticCredentials }}
accessKeySecret:
key: {{ .Values.artifactRepository.s3.accessKeySecret.key }}
name: {{ .Values.artifactRepository.s3.accessKeySecret.name | default (printf "%s-%s" .Release.Name "minio") }}
secretKeySecret:
key: {{ .Values.artifactRepository.s3.secretKeySecret.key }}
name: {{ .Values.artifactRepository.s3.secretKeySecret.name | default (printf "%s-%s" .Release.Name "minio") }}
{{- end }}
bucket: {{ .Values.artifactRepository.s3.bucket | default .Values.minio.defaultBucket.name }}
endpoint: {{ .Values.artifactRepository.s3.endpoint | default (printf "%s-%s" .Release.Name "minio:9000") }}
insecure: {{ .Values.artifactRepository.s3.insecure }}
{{- if .Values.artifactRepository.s3.keyFormat }}
keyFormat: {{ .Values.artifactRepository.s3.keyFormat | quote }}
{{- end }}
{{- if .Values.artifactRepository.s3.region }}
region: {{ .Values.artifactRepository.s3.region }}
{{- end }}
{{- if .Values.artifactRepository.s3.roleARN }}
roleARN: {{ .Values.artifactRepository.s3.roleARN }}
{{- end }}
{{- if .Values.artifactRepository.s3.useSDKCreds }}
useSDKCreds: {{ .Values.artifactRepository.s3.useSDKCreds }}
{{- end }}
{{- end }}
{{- end}}
{{- if .Values.controller.metricsConfig.enabled }}
metricsConfig:
{{ toYaml .Values.controller.metricsConfig | indent 6}}{{- end }}
{{- if .Values.controller.telemetryConfig.enabled }}
telemetryConfig:
{{ toYaml .Values.controller.telemetryConfig | indent 6}}{{- end }}
{{- if .Values.controller.persistence }}
persistence:
{{ toYaml .Values.controller.persistence | indent 6 }}{{- end }}
{{- if .Values.controller.workflowDefaults }}
workflowDefaults:
{{ toYaml .Values.controller.workflowDefaults | indent 6 }}{{- end }}
{{- with .Values.server.sso }}
sso: {{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.controller.workflowRestrictions }}
workflowRestrictions: {{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.controller.links }}
links: {{- toYaml . | nindent 6 }}
{{- end }}

44
charts/argo/templates/workflow-controller-crb.yaml
View file

@ -1,44 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
{{- if .Values.singleNamespace }}
kind: RoleBinding
{{ else }}
kind: ClusterRoleBinding
{{- end }}
metadata:
name: {{ .Release.Name }}-{{ .Values.controller.name }}
roleRef:
apiGroup: rbac.authorization.k8s.io
{{- if .Values.singleNamespace }}
kind: Role
{{ else }}
kind: ClusterRole
{{- end }}
name: {{ .Release.Name }}-{{ .Values.controller.name }}
subjects:
- kind: ServiceAccount
name: {{ .Values.controller.serviceAccount }}
namespace: {{ .Release.Namespace }}
{{- if .Values.controller.workflowNamespaces }}
{{- $uiServiceAccount := .Values.controller.serviceAccount }}
{{- $namespace := .Release.Namespace }}
{{- range $key := .Values.controller.workflowNamespaces }}
{{- if not (eq $key $namespace) }}
- kind: ServiceAccount
name: {{ $uiServiceAccount }}
namespace: {{ $key }}
{{- end }}
{{- end }}
{{- end }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ .Release.Name }}-{{ .Values.controller.name }}-cluster-template
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ .Release.Name }}-{{ .Values.controller.name }}-cluster-template
subjects:
- kind: ServiceAccount
name: {{ .Values.controller.serviceAccount }}
namespace: {{ .Release.Namespace }}

23
charts/argo/templates/workflow-controller-deployment-pdb.yaml
View file

@ -1,23 +0,0 @@
{{- if .Values.controller.pdb.enabled }}
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
name: {{ .Release.Name }}-{{ .Values.controller.name}}
labels:
app: {{ .Release.Name }}-{{ .Values.controller.name}}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
{{- if .Values.controller.pdb.minAvailable }}
minAvailable: {{ .Values.controller.pdb.minAvailable }}
{{- else if .Values.controller.pdb.maxUnavailable }}
maxUnavailable: {{ .Values.controller.pdb.maxUnavailable }}
{{- else }}
minAvailable: 0
{{- end }}
selector:
matchLabels:
app: {{ .Release.Name }}-{{ .Values.controller.name}}
release: {{ .Release.Name }}
{{- end }}

94
charts/argo/templates/workflow-controller-deployment.yaml
View file

@ -1,94 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Release.Name }}-{{ .Values.controller.name}}
labels:
app: {{ .Release.Name }}-{{ .Values.controller.name}}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
replicas: {{ .Values.controller.replicas }}
selector:
matchLabels:
app: {{ .Release.Name }}-{{ .Values.controller.name}}
release: {{ .Release.Name }}
template:
metadata:
labels:
app: {{ .Release.Name }}-{{ .Values.controller.name}}
release: {{ .Release.Name }}
{{- if .Values.controller.podLabels }}
{{ toYaml .Values.controller.podLabels | nindent 8}}
{{- end }}
{{- if .Values.controller.podAnnotations }}
annotations:
{{ toYaml .Values.controller.podAnnotations | indent 8}}{{- end }}
spec:
serviceAccountName: {{ .Values.controller.serviceAccount | quote }}
{{- if .Values.controller.podSecurityContext }}
securityContext:
{{- toYaml .Values.controller.podSecurityContext | nindent 8 }}
{{- end }}
containers:
- name: controller
image: "{{ .Values.images.namespace }}/{{ .Values.images.controller }}:{{ default .Values.images.tag .Values.controller.image.tag }}"
imagePullPolicy: {{ .Values.images.pullPolicy }}
command: [ "workflow-controller" ]
args:
- "--configmap"
- "{{ .Release.Name }}-{{ .Values.controller.name}}-configmap"
- "--executor-image"
- "{{ .Values.images.namespace }}/{{ .Values.images.executor }}:{{ default .Values.images.tag .Values.executor.image.tag }}"
- "--loglevel"
- "{{ .Values.controller.logging.level }}"
- "--gloglevel"
- "{{ .Values.controller.logging.globallevel }}"
{{- if .Values.singleNamespace }}
- "--namespaced"
{{- end }}
{{- with .Values.controller.workflowWorkers }}
- "--workflow-workers"
- {{ . | quote }}
{{- end }}
{{- with .Values.controller.podWorkers }}
- "--pod-workers"
- {{ . | quote }}
{{- end }}
{{- if .Values.controller.extraArgs }}
{{- toYaml .Values.controller.extraArgs | nindent 10 }}
{{- end }}
env:
- name: ARGO_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
{{- with .Values.controller.extraEnv }}
{{ toYaml . | nindent 10 }}
{{- end }}
resources:
{{- toYaml .Values.controller.resources | nindent 12 }}
{{- if .Values.controller.metricsConfig.enabled }}
ports:
- containerPort: 8080
{{- end }}
{{- with .Values.images.pullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.controller.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.controller.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.controller.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.controller.priorityClassName }}
priorityClassName: {{ .Values.controller.priorityClassName }}
{{- end }}

25
charts/argo/templates/workflow-controller-minio-secret-crb.yaml
View file

@ -1,25 +0,0 @@
{{ if .Values.minio.install }}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ .Release.Name }}-{{ .Values.controller.name}}-minio-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ .Release.Name }}-{{ .Values.controller.name}}-minio-secret
subjects:
- kind: ServiceAccount
name: {{ .Values.controller.serviceAccount }}
namespace: {{ .Release.Namespace }}
{{- if .Values.controller.workflowNamespaces }}
{{- $uiServiceAccount := .Values.controller.serviceAccount }}
{{- $namespace := .Release.Namespace }}
{{- range $key := .Values.controller.workflowNamespaces }}
{{- if not (eq $key $namespace) }}
- kind: ServiceAccount
name: {{ $uiServiceAccount }}
namespace: {{ $key }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

6
charts/argo/templates/workflow-controller-sa.yaml
View file

@ -1,6 +0,0 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Values.controller.serviceAccount }}
annotations:
{{ toYaml .Values.controller.serviceAccountAnnotations | indent 4 }}

38
charts/argo/templates/workflow-controller-service.yaml
View file

@ -1,38 +0,0 @@
{{- if or .Values.controller.metricsConfig.enabled .Values.controller.telemetryConfig.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ .Release.Name }}-{{ .Values.controller.name }}
labels:
app: {{ .Release.Name }}-{{ .Values.controller.name}}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- if .Values.controller.serviceLabels }}
{{ toYaml .Values.controller.serviceLabels | nindent 4}}
{{- end }}
{{- if .Values.controller.serviceAnnotations }}
annotations:
{{ toYaml .Values.controller.serviceAnnotations | indent 4}}{{- end }}
spec:
ports:
{{- if .Values.controller.metricsConfig.enabled }}
- name: {{ .Values.controller.metricsServicePortName }}
port: {{ .Values.controller.metricsServicePort }}
protocol: TCP
targetPort: {{ .Values.controller.metricsConfig.port }}
{{- end }}
{{- if .Values.controller.telemetryConfig.enabled }}
- name: {{ .Values.controller.telemetryServicePortName }}
port: {{ .Values.controller.telemetryServicePort }}
protocol: TCP
targetPort: {{ .Values.controller.telemetryConfig.port }}
{{- end }}
selector:
app: {{ .Release.Name }}-{{ .Values.controller.name }}
sessionAffinity: None
type: {{ .Values.controller.serviceType }}
{{- if and (eq .Values.controller.serviceType "LoadBalancer") .Values.controller.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{ toYaml .Values.controller.loadBalancerSourceRanges | indent 4 }}{{- end }}
{{- end -}}

33
charts/argo/templates/workflow-controller-servicemonitor.yaml
View file

@ -1,33 +0,0 @@
{{- if and (or .Values.controller.metricsConfig.enabled .Values.controller.telemetryConfig.enabled) .Values.controller.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ .Release.Name }}-{{ .Values.controller.name }}
labels:
app: {{ .Release.Name }}-{{ .Values.controller.name}}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- if .Values.controller.serviceMonitor.additionalLabels }}
{{ toYaml .Values.controller.serviceMonitor.additionalLabels | indent 4 }}
{{- end }}
spec:
endpoints:
{{- if .Values.controller.metricsConfig.enabled }}
- port: metrics
path: {{ .Values.controller.metricsConfig.path }}
interval: 30s
{{- end }}
{{- if .Values.controller.telemetryConfig.enabled }}
- port: telemetry
path: {{ .Values.controller.telemetryConfig.path }}
interval: 30s
{{- end }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
selector:
matchLabels:
app: {{ .Release.Name }}-{{ .Values.controller.name}}
release: {{ .Release.Name }}
{{- end }}

28
charts/argo/templates/workflow-crd.yaml
View file

@ -1,28 +0,0 @@
{{- if .Values.installCRD }}
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: workflows.argoproj.io
annotations:
helm.sh/hook: crd-install
helm.sh/hook-delete-policy: before-hook-creation
spec:
additionalPrinterColumns:
- JSONPath: .status.phase
description: Status of the workflow
name: Status
type: string
- JSONPath: .status.startedAt
description: When the workflow was started
format: date-time
name: Age
type: date
group: argoproj.io
names:
kind: Workflow
plural: workflows
shortNames:
- wf
scope: Namespaced
version: v1alpha1
{{- end }}

19
charts/argo/templates/workflow-rb.yaml
View file

@ -1,19 +0,0 @@
{{- if .Values.workflow.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ .Release.Name }}-workflow
{{- if .Values.workflow.namespace }}
namespace: {{ .Values.workflow.namespace }}
{{- end }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ .Release.Name }}-workflow
subjects:
- kind: ServiceAccount
name: {{ .Values.workflow.serviceAccount.name }}
{{- if .Values.workflow.namespace }}
namespace: {{ .Values.workflow.namespace }}
{{- end }}
{{- end }}

25
charts/argo/templates/workflow-role.yaml
View file

@ -1,25 +0,0 @@
{{- if .Values.workflow.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ .Release.Name }}-workflow
{{- if .Values.workflow.namespace }}
namespace: {{ .Values.workflow.namespace }}
{{- end }}
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- watch
- patch
- apiGroups:
- ""
resources:
- pods/log
verbs:
- get
- watch
{{- end }}

13
charts/argo/templates/workflow-sa.yaml
View file

@ -1,13 +0,0 @@
{{- if .Values.workflow.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Values.workflow.serviceAccount.name }}
{{- if .Values.workflow.namespace }}
namespace: {{ .Values.workflow.namespace }}
{{- end }}
{{- with .Values.workflow.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

18
charts/argo/templates/workflow-template-crd.yaml
View file

@ -1,18 +0,0 @@
{{- if .Values.installCRD }}
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: workflowtemplates.argoproj.io
annotations:
helm.sh/hook: crd-install
helm.sh/hook-delete-policy: before-hook-creation
spec:
group: argoproj.io
version: v1alpha1
scope: Namespaced
names:
kind: WorkflowTemplate
plural: workflowtemplates
shortNames:
- wftmpl
{{- end }}

330
charts/argo/values.yaml
View file

@ -1,330 +0,0 @@
images:
namespace: argoproj
controller: workflow-controller
server: argocli
executor: argoexec
pullPolicy: Always
# Secrets with credentials to pull images from a private registry
pullSecrets: []
# - name: argo-pull-secret
tag: v2.12.5
crdVersion: v1alpha1
installCRD: true
init:
# By default the installation will not set an explicit one, which will mean it uses `default` for the namespace the chart is
# being deployed to. In RBAC clusters, that will almost certainly fail. See the NOTES: section of the readme for more info.
serviceAccount: ""
createAggregateRoles: true
# Restrict Argo to only deploy into a single namespace by apply Roles and RoleBindings instead of the Cluster equivalents,
# and start argo-cli with the --namespaced flag. Use it in clusters with strict access policy.
singleNamespace: false
workflow:
namespace: "" # Specify namespace if workflows run in another namespace than argo. This controls where the service account and RBAC resources will be created.
serviceAccount:
create: false # Specifies whether a service account should be created
annotations: {}
name: "argo-workflow" # Service account which is used to run workflows
rbac:
create: false # adds Role and RoleBinding for the above specified service account to be able to run workflows
controller:
image:
# Overrides .images.tag if defined.
tag: ""
# parallelism dictates how many workflows can be running at the same time
parallelism:
# podAnnotations is an optional map of annotations to be applied to the controller Pods
podAnnotations: {}
# Optional labels to add to the controller pods
podLabels: {}
# SecurityContext to set on the controller pods
podSecurityContext: {}
# podPortName: http
metricsConfig:
enabled: false
path: /metrics
port: 8080
persistence: {}
# connectionPool:
# maxIdleConns: 100
# maxOpenConns: 0
# # save the entire workflow into etcd and DB
# nodeStatusOffLoad: false
# # enable archiving of old workflows
# archive: false
# postgresql:
# host: localhost
# port: 5432
# database: postgres
# tableName: argo_workflows
# # the database secrets must be in the same namespace of the controller
# userNameSecret:
# name: argo-postgres-config
# key: username
# passwordSecret:
# name: argo-postgres-config
# key: password
workflowDefaults: {} # Only valid for 2.7+
# spec:
# ttlStrategy:
# secondsAfterCompletion: 84600
# workflowWorkers: 32
# podWorkers: 32
workflowRestrictions: {} # Only valid for 2.9+
# templateReferencing: Strict|Secure
telemetryConfig:
enabled: false
path: /telemetry
port: 8081
serviceMonitor:
enabled: false
additionalLabels: {}
serviceAccount: argo
# Service account annotations
serviceAccountAnnotations: {}
name: workflow-controller
workflowNamespaces:
- default
containerRuntimeExecutor: docker
instanceID:
# `instanceID.enabled` configures the controller to filter workflow submissions
# to only those which have a matching instanceID attribute.
enabled: false
# NOTE: If `instanceID.enabled` is set to `true` then either `instanceID.userReleaseName`
# or `instanceID.explicitID` must be defined.
# useReleaseName: true
# explicitID: unique-argo-controller-identifier
logging:
level: info
globallevel: "0"
serviceType: ClusterIP
metricsServicePort: 8080
metricsServicePortName: metrics
telemetryServicePort: 8081
telemetryServicePortName: telemetry
# Annotations to be applied to the controller Service
serviceAnnotations: {}
# Optional labels to add to the controller Service
serviceLabels: {}
# Source ranges to allow access to service from. Only applies to
# service type `LoadBalancer`
loadBalancerSourceRanges: []
resources: {}
# The list of environment variable definitions to be added to the controller
# manages container verbatim.
extraEnv: []
# Extra arguments to be added to the controller
extraArgs: []
replicas: 1
pdb:
enabled: false
# minAvailable: 1
# maxUnavailable: 1
## Node selectors and tolerations for server scheduling to nodes with taints
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
##
nodeSelector:
kubernetes.io/os: linux
tolerations: []
affinity: {}
# Leverage a PriorityClass to ensure your pods survive resource shortages
# ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
# PriorityClass: system-cluster-critical
priorityClassName: ""
# https://argoproj.github.io/argo-workflows/links/
links: []
# executor controls how the init and wait container should be customized
executor:
image:
# Overrides .images.tag if defined.
tag: ""
resources: {}
# Adds environment variables for the executor.
env: {}
# sets security context for the executor container
securityContext: {}
server:
enabled: true
# only updates base url of resources on client side,
# it's expected that a proxy server rewrites the request URL and gets rid of this prefix
# https://github.com/argoproj/argo/issues/716#issuecomment-433213190
baseHref: /
image:
# Overrides .images.tag if defined.
tag: ""
# optional map of annotations to be applied to the ui Pods
podAnnotations: {}
# Optional labels to add to the UI pods
podLabels: {}
# SecurityContext to set on the server pods
podSecurityContext: {}
name: server
serviceType: ClusterIP
servicePort: 2746
# servicePortName: http
serviceAccount: argo-server
# Whether to create the service account with the name specified in
# server.serviceAccount and bind it to the server role.
createServiceAccount: true
# Service account annotations
serviceAccountAnnotations: {}
# Annotations to be applied to the UI Service
serviceAnnotations: {}
# Optional labels to add to the UI Service
serviceLabels: {}
# Static IP address to assign to loadBalancer
# service type `LoadBalancer`
loadBalancerIP: ""
# Source ranges to allow access to service from. Only applies to
# service type `LoadBalancer`
loadBalancerSourceRanges: []
resources: {}
replicas: 1
pdb:
enabled: false
# minAvailable: 1
# maxUnavailable: 1
## Node selectors and tolerations for server scheduling to nodes with taints
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
##
nodeSelector:
kubernetes.io/os: linux
tolerations: []
affinity: {}
# Leverage a PriorityClass to ensure your pods survive resource shortages
# ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
# PriorityClass: system-cluster-critical
priorityClassName: ""
# Run the argo server in "secure" mode. Configure this value instead of
# "--secure" in extraArgs. See the following documentation for more details
# on secure mode:
# https://argoproj.github.io/argo-workflows/tls/#encrypted
secure: false
# Extra arguments to provide to the Argo server binary.
extraArgs: []
## Additional volumes to the server main container.
volumeMounts: []
volumes: []
## Ingress configuration.
## ref: https://kubernetes.io/docs/user-guide/ingress/
##
ingress:
enabled: false
## Annotations to be added to the web ingress.
##
# annotations:
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
## Labels to be added to the web ingress.
##
# labels:
# use-cloudflare-solver: "true"
## Hostnames.
## Must be provided if Ingress is enabled.
##
# hosts:
# - argo.domain.com
## Additional Paths for each host
# paths:
# - serviceName: "ssl-redirect"
# servicePort: "use-annotation"
## TLS configuration.
## Secrets must be manually created in the namespace.
##
# tls:
# - secretName: argo-ui-tls
# hosts:
# - argo.domain.com
clusterWorkflowTemplates:
# Give the server permissions to edit ClusterWorkflowTemplates.
enableEditing: true
sso:
## SSO configuration when SSO is specified as a server auth mode.
## All the values are required. SSO is activated by adding --auth-mode=sso
## to the server command line.
#
## The root URL of the OIDC identity provider.
# issuer: https://accounts.google.com
## Name of a secret and a key in it to retrieve the app OIDC client ID from.
# clientId:
# name: argo-server-sso
# key: client-id
## Name of a secret and a key in it to retrieve the app OIDC client secret from.
# clientSecret:
# name: argo-server-sso
# key: client-secret
## The OIDC redirect URL. Should be in the form <argo-root-url>/oauth2/callback.
# redirectUrl: https://argo/oauth2/callback
# rbac:
# enabled: true
## When present, restricts secrets the server can read to a given list.
## You can use it to restrict the server to only be able to access the
## service account token secrets that are associated with service accounts
## used for authorization.
# secretWhitelist: []
## Scopes requested from the SSO ID provider. The 'groups' scope requests
## group membership information, which is usually used for authorization
## decisions.
# scopes:
# - groups
# Influences the creation of the ConfigMap for the workflow-controller itself.
useDefaultArtifactRepo: false
useStaticCredentials: true
artifactRepository:
# archiveLogs will archive the main container logs as an artifact
archiveLogs: false
s3:
# Note the `key` attribute is not the actual secret, it's the PATH to
# the contents in the associated secret, as defined by the `name` attribute.
accessKeySecret:
# name: <releaseName>-minio (default)
key: accesskey
secretKeySecret:
# name: <releaseName>-minio
key: secretkey
insecure: true
# bucket:
# endpoint:
# region:
# roleARN:
# useSDKCreds: true
# gcs:
# bucket: <project>-argo
# keyFormat: "{{workflow.namespace}}/{{workflow.name}}/"
# serviceAccountKeySecret is a secret selector.
# It references the k8s secret named 'my-gcs-credentials'.
# This secret is expected to have have the key 'serviceAccountKey',
# containing the base64 encoded credentials
# to the bucket.
#
# If it's running on GKE and Workload Identity is used,
# serviceAccountKeySecret is not needed.
# serviceAccountKeySecret:
# name: my-gcs-credentials
# key: serviceAccountKey
# NOTE: These are setting attributes for the `minio` optional dependency
minio:
# If set to true then chart installs minio and generate according artifactRepository section in workflow controller config map
install: false
defaultBucket:
enabled: true
name: argo-artifacts