DevFW-CICD/argocd-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

merge

Browse source
This commit is contained in:
konstantin.kiess 2019-11-29 10:17:51 +01:00
commit 619cc0f654
23 changed files with 349 additions and 82 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
CONTRIBUTING.md
View file

@ -19,7 +19,7 @@ Clean-up:
```
helm delete argo-cd --purge
kubectl delete crd -l app.kubernetes.io/part-of=argo-cd
kubectl delete crd -l app.kubernetes.io/part-of=argocd
```
Minimally:
@ -32,7 +32,7 @@ kubectl port-forward service/argo-cd-argocd-server -n argocd 8080:443
In a new terminal:
```
argocd version
argocd version --server localhost:8080 --insecure
# reset password to 'Password1!'
kubectl -n argocd patch secret argocd-secret \
-p '{"stringData": {

2
charts/argo-cd/.helmignore Normal file
View file

@ -0,0 +1,2 @@
*.tgz
output

4
charts/argo-cd/Chart.yaml
View file

@ -1,8 +1,8 @@
apiVersion: v1
appVersion: "1.3.0-rc4"
appVersion: "1.3.0"
description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes.
name: argo-cd
version: 1.0.8
version: 1.2.5
home: https://github.com/argoproj/argo-helm
icon: https://raw.githubusercontent.com/argoproj/argo/master/argo.png
keywords:

10
charts/argo-cd/README.md
View file

@ -2,8 +2,6 @@ Argo CD Chart
======
A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes.
Current chart version is `1.0.4`
Source code can be found [here](https://argoproj.github.io/argo-cd/)
## Additional Information
@ -51,7 +49,7 @@ $ helm install --name my-release argo/argo-cd
| controller.args.statusProcessors | define the controller `--status-processors` | `"20"` |
| controller.clusterAdminAccess.enabled | Enable RBAC for local cluster deployments. | `true` |
| controller.containerPort | Controller listening port. | `8082` |
| controller.extraArgs | Additional arguments for the controller. | `[]` |
| controller.extraArgs | Additional arguments for the controller. A list of key:value pairs | `[]` |
| controller.image.repository | Repository to use for the controller | `global.image.repository` |
| controller.image.imagePullPolicy | Image pull policy for the controller | `global.image.imagePullPolicy` |
| controller.image.tag | Tag to use for the controller | `global.image.tag` |
@ -93,7 +91,7 @@ $ helm install --name my-release argo/argo-cd
|-----|------|---------|-------------|
| repoServer.affinity | Assign custom affinity rules to the deployment https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ | `{}` |
| repoServer.containerPort | Repo server port | `8081` |
| repoServer.extraArgs | Additional arguments for the repo server | `[]` |
| repoServer.extraArgs | Additional arguments for the repo server. A list of key:value pairs. | `[]` |
| repoServer.image.repository | Repository to use for the repo server | `global.image.repository` |
| repoServer.image.imagePullPolicy | Image pull policy for the repo server | `global.image.imagePullPolicy` |
| repoServer.image.tag | Tag to use for the repo server | `global.image.tag` |
@ -138,7 +136,7 @@ $ helm install --name my-release argo/argo-cd
| server.certificate.issuer | Certificate manager issuer | `{}` |
| server.config | URL for Argo CD | `{}` |
| server.containerPort | Server container port. | `8080` |
| server.extraArgs | Additional arguments for the server | `[]` |
| server.extraArgs | Additional arguments for the server. A list of key:value pairs. | `[]` |
| server.image.repository | Repository to use for the server | `global.image.repository` |
| server.image.imagePullPolicy | Image pull policy for the server | `global.image.imagePullPolicy` |
| server.image.tag | Tag to use for the repo server | `global.image.tag` |
@ -216,7 +214,7 @@ $ helm install --name my-release argo/argo-cd
|-----|------|---------|-------------|
| redis.affinity | Assign custom affinity rules to the deployment https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ | `{}` |
| redis.containerPort | Redis container port | `6379` |
| redis.enabled | Enable redis | `false` |
| redis.enabled | Enable redis | `true` |
| redis.image.imagePullPolicy | Redis imagePullPolicy | `"IfNotPresent"` |
| redis.image.repository | Redis repository | `"redis"` |
| redis.image.tag | Redis tag | `"5.0.3"` |

4
charts/argo-cd/templates/NOTES.txt
View file

@ -1,6 +1,6 @@
In order to access the server UI you have the following options:
1. kubectl port-forward service/argo-cd-argocd-server -n argocd 8080:443
1. kubectl port-forward service/{{include "argo-cd.fullname" . }}-server -n {{ .Release.Namespace }} 8080:443
and then open the browser on http://localhost:8080 and accept the certificate
@ -12,4 +12,4 @@ In order to access the server UI you have the following options:
After reaching the UI the first time you can login with username: admin and the password will be the
name of the server pod. You can get the pod name by running:
kubectl get pods -n argocd -l app.kubernetes.io/name={{ include "argo-cd.name" . }}-server -o name | cut -d'/' -f 2
kubectl get pods -n {{ .Release.Namespace }} -l app.kubernetes.io/name={{ include "argo-cd.name" . }}-server -o name | cut -d'/' -f 2

11
charts/argo-cd/templates/_helpers.tpl
View file

@ -92,6 +92,17 @@ Create the name of the ArgoCD server service account to use
{{- end -}}
{{- end -}}
{{/*
Create the name of the repo-server service account to use
*/}}
{{- define "argo-cd.repoServerServiceAccountName" -}}
{{- if .Values.repoServer.serviceAccount.create -}}
{{ default (include "argo-cd.fullname" .) .Values.repoServer.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.repoServer.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}

2
charts/argo-cd/templates/argocd-configs/argocd-secret.yaml
View file

@ -25,7 +25,7 @@ data:
{{- end }}
{{- if .Values.configs.secret.argocdServerTlsConfig }}
tls.key: {{ .Values.configs.secret.argocdServerTlsConfig.key | b64enc }}
tls.cert: {{ .Values.configs.secret.argocdServerTlsConfig.cert | b64enc }}
tls.crt: {{ .Values.configs.secret.argocdServerTlsConfig.crt | b64enc }}
{{- end }}
{{- if .Values.configs.secret.argocdServerAdminPassword }}

1
charts/argo-cd/templates/argocd-repo-server/deployment.yaml
View file

@ -105,6 +105,7 @@ spec:
affinity:
{{- toYaml .Values.repoServer.affinity | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "argo-cd.repoServerServiceAccountName" . }}
volumes:
{{- if .Values.repoServer.volumes }}
{{- toYaml .Values.repoServer.volumes | nindent 8}}

18
charts/argo-cd/templates/argocd-repo-server/repository-credentials-secret.yaml Normal file
View file

@ -0,0 +1,18 @@
{{- if .Values.configs.repositoryCredentials }}
apiVersion: v1
kind: Secret
metadata:
name: argocd-repository-credentials
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-secret
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.server.name }}
type: Opaque
data:
{{- range $key, $value := .Values.configs.repositoryCredentials }}
{{ $key }}: {{ $value | b64enc }}
{{- end }}
{{- end }}

17
charts/argo-cd/templates/argocd-repo-server/role.yaml Normal file
View file

@ -0,0 +1,17 @@
{{- if .Values.repoServer.serviceAccount.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ template "argo-cd.repoServer.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.repoServer.name }}
rules:
{{- if .Values.repoServer.rbac }}
{{toYaml .Values.repoServer.rbac }}
{{- end }}
{{- end }}

21
charts/argo-cd/templates/argocd-repo-server/rolebinding.yaml Normal file
View file

@ -0,0 +1,21 @@
{{- if .Values.repoServer.serviceAccount.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "argo-cd.repoServer.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.repoServer.name }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "argo-cd.repoServer.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "argo-cd.repoServerServiceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}

19
charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml Normal file
View file

@ -0,0 +1,19 @@
{{- if .Values.repoServer.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "argo-cd.repoServerServiceAccountName" . }}
{{- if .Values.repoServer.serviceAccount.annotations }}
annotations:
{{- range $key, $value := .Values.repoServer.serviceAccount.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.repoServer.name }}
{{- end }}

2
charts/argo-cd/templates/argocd-server/ingress.yaml
View file

@ -1,6 +1,6 @@
{{- if .Values.server.ingress.enabled -}}
{{- $serviceName := include "argo-cd.server.fullname" . -}}
{{- $servicePort := .Values.server.name -}}
{{- $servicePort := .Values.server.service.servicePortHttp -}}
{{- $paths := .Values.server.ingress.paths -}}
apiVersion: extensions/v1beta1
kind: Ingress

98
charts/argo-cd/templates/crds/application-crd.yaml
View file

@ -1,3 +1,4 @@
{{- if .Values.installCRDs }}
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
@ -416,7 +417,7 @@ spec:
type: object
type: array
revision:
description: Revision is the git revision in which to sync the application
description: Revision is the revision in which to sync the application
to. If omitted, will use the revision specified in app spec.
type: string
source:
@ -424,6 +425,9 @@ spec:
This is typically set in a Rollback operation and nil during a
Sync operation
properties:
chart:
description: Chart is a Helm chart name
type: string
directory:
description: Directory holds path/directory specific options
properties:
@ -492,6 +496,10 @@ spec:
items:
type: string
type: array
values:
description: Values is Helm values, typically defined as
a block
type: string
type: object
ksonnet:
description: Ksonnet holds ksonnet specific options
@ -536,8 +544,7 @@ spec:
type: string
type: object
path:
description: Path is a directory path within the repository
containing a
description: Path is a directory path within the Git repository
type: string
plugin:
description: ConfigManagementPlugin holds config management
@ -561,7 +568,7 @@ spec:
type: string
type: object
repoURL:
description: RepoURL is the git repository URL of the application
description: RepoURL is the repository URL of the application
manifests
type: string
targetRevision:
@ -571,7 +578,6 @@ spec:
type: string
required:
- repoURL
- path
type: object
syncStrategy:
description: SyncStrategy describes how to perform the sync
@ -634,7 +640,6 @@ spec:
namespace:
type: string
required:
- group
- kind
- jsonPointers
type: object
@ -661,6 +666,9 @@ spec:
description: Source is a reference to the location ksonnet application
definition
properties:
chart:
description: Chart is a Helm chart name
type: string
directory:
description: Directory holds path/directory specific options
properties:
@ -729,6 +737,9 @@ spec:
items:
type: string
type: array
values:
description: Values is Helm values, typically defined as a block
type: string
type: object
ksonnet:
description: Ksonnet holds ksonnet specific options
@ -773,8 +784,7 @@ spec:
type: string
type: object
path:
description: Path is a directory path within the repository containing
a
description: Path is a directory path within the Git repository
type: string
plugin:
description: ConfigManagementPlugin holds config management plugin
@ -798,8 +808,7 @@ spec:
type: string
type: object
repoURL:
description: RepoURL is the git repository URL of the application
manifests
description: RepoURL is the repository URL of the application manifests
type: string
targetRevision:
description: TargetRevision defines the commit, tag, or branch in
@ -807,7 +816,6 @@ spec:
type: string
required:
- repoURL
- path
type: object
syncPolicy:
description: SyncPolicy controls when a sync will be performed
@ -867,6 +875,9 @@ spec:
type: string
source:
properties:
chart:
description: Chart is a Helm chart name
type: string
directory:
description: Directory holds path/directory specific options
properties:
@ -936,6 +947,10 @@ spec:
items:
type: string
type: array
values:
description: Values is Helm values, typically defined
as a block
type: string
type: object
ksonnet:
description: Ksonnet holds ksonnet specific options
@ -980,8 +995,7 @@ spec:
type: string
type: object
path:
description: Path is a directory path within the repository
containing a
description: Path is a directory path within the Git repository
type: string
plugin:
description: ConfigManagementPlugin holds config management
@ -1005,7 +1019,7 @@ spec:
type: string
type: object
repoURL:
description: RepoURL is the git repository URL of the application
description: RepoURL is the repository URL of the application
manifests
type: string
targetRevision:
@ -1015,7 +1029,6 @@ spec:
type: string
required:
- repoURL
- path
type: object
required:
- revision
@ -1024,6 +1037,8 @@ spec:
type: object
type: array
observedAt:
description: ObservedAt indicates when the application state was updated
without querying latest git state
format: date-time
type: string
operationState:
@ -1071,15 +1086,18 @@ spec:
type: object
type: array
revision:
description: Revision is the git revision in which to sync
the application to. If omitted, will use the revision
specified in app spec.
description: Revision is the revision in which to sync the
application to. If omitted, will use the revision specified
in app spec.
type: string
source:
description: Source overrides the source definition set
in the application. This is typically set in a Rollback
operation and nil during a Sync operation
properties:
chart:
description: Chart is a Helm chart name
type: string
directory:
description: Directory holds path/directory specific
options
@ -1155,6 +1173,10 @@ spec:
items:
type: string
type: array
values:
description: Values is Helm values, typically defined
as a block
type: string
type: object
ksonnet:
description: Ksonnet holds ksonnet specific options
@ -1200,8 +1222,8 @@ spec:
type: string
type: object
path:
description: Path is a directory path within the repository
containing a
description: Path is a directory path within the Git
repository
type: string
plugin:
description: ConfigManagementPlugin holds config management
@ -1225,8 +1247,8 @@ spec:
type: string
type: object
repoURL:
description: RepoURL is the git repository URL of the
application manifests
description: RepoURL is the repository URL of the application
manifests
type: string
targetRevision:
description: TargetRevision defines the commit, tag,
@ -1235,7 +1257,6 @@ spec:
type: string
required:
- repoURL
- path
type: object
syncStrategy:
description: SyncStrategy describes how to perform the sync
@ -1322,12 +1343,15 @@ spec:
type: object
type: array
revision:
description: Revision holds the git commit SHA of the sync
description: Revision holds the revision of the sync
type: string
source:
description: Source records the application source information
of the sync, used for comparing auto-sync
properties:
chart:
description: Chart is a Helm chart name
type: string
directory:
description: Directory holds path/directory specific options
properties:
@ -1399,6 +1423,10 @@ spec:
items:
type: string
type: array
values:
description: Values is Helm values, typically defined
as a block
type: string
type: object
ksonnet:
description: Ksonnet holds ksonnet specific options
@ -1444,8 +1472,7 @@ spec:
type: string
type: object
path:
description: Path is a directory path within the repository
containing a
description: Path is a directory path within the Git repository
type: string
plugin:
description: ConfigManagementPlugin holds config management
@ -1469,7 +1496,7 @@ spec:
type: string
type: object
repoURL:
description: RepoURL is the git repository URL of the application
description: RepoURL is the repository URL of the application
manifests
type: string
targetRevision:
@ -1479,7 +1506,6 @@ spec:
type: string
required:
- repoURL
- path
type: object
required:
- revision
@ -1490,6 +1516,8 @@ spec:
- startedAt
type: object
reconciledAt:
description: ReconciledAt indicates when the application state was reconciled
using the latest git version
format: date-time
type: string
resources:
@ -1553,6 +1581,9 @@ spec:
type: object
source:
properties:
chart:
description: Chart is a Helm chart name
type: string
directory:
description: Directory holds path/directory specific options
properties:
@ -1624,6 +1655,10 @@ spec:
items:
type: string
type: array
values:
description: Values is Helm values, typically defined
as a block
type: string
type: object
ksonnet:
description: Ksonnet holds ksonnet specific options
@ -1669,8 +1704,7 @@ spec:
type: string
type: object
path:
description: Path is a directory path within the repository
containing a
description: Path is a directory path within the Git repository
type: string
plugin:
description: ConfigManagementPlugin holds config management
@ -1694,7 +1728,7 @@ spec:
type: string
type: object
repoURL:
description: RepoURL is the git repository URL of the application
description: RepoURL is the repository URL of the application
manifests
type: string
targetRevision:
@ -1704,7 +1738,6 @@ spec:
type: string
required:
- repoURL
- path
type: object
required:
- source
@ -1726,3 +1759,4 @@ spec:
- name: v1alpha1
served: true
storage: true
{{- end }}

55
charts/argo-cd/templates/crds/appproject-crd.yaml
View file

@ -1,3 +1,4 @@
{{- if .Values.installCRDs }}
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
@ -434,6 +435,15 @@ spec:
- kind
type: object
type: array
orphanedResources:
description: OrphanedResources specifies if controller should monitor
orphaned resources of apps in this project
properties:
warn:
description: Warn indicates if warning condition should be created
for apps which have orphaned resources
type: boolean
type: object
roles:
description: Roles are user defined RBAC roles associated with this
project
@ -477,11 +487,51 @@ spec:
type: object
type: array
sourceRepos:
description: SourceRepos contains list of git repository URLs which
can be used for deployment
description: SourceRepos contains list of repository URLs which can
be used for deployment
items:
type: string
type: array
syncWindows:
description: SyncWindows controls when syncs can be run for apps in
this project
items:
properties:
applications:
description: Applications contains a list of applications that
the window will apply to
items:
type: string
type: array
clusters:
description: Clusters contains a list of clusters that the window
will apply to
items:
type: string
type: array
duration:
description: Duration is the amount of time the sync window will
be open
type: string
kind:
description: Kind defines if the window allows or blocks syncs
type: string
manualSync:
description: ManualSync enables manual syncs when they would otherwise
be blocked
type: boolean
namespaces:
description: Namespaces contains a list of namespaces that the
window will apply to
items:
type: string
type: array
schedule:
description: Schedule is the time the window will begin, specified
in cron format
type: string
type: object
type: array
type: object
required:
- metadata
@ -491,3 +541,4 @@ spec:
- name: v1alpha1
served: true
storage: true
{{- end }}

4
charts/argo-cd/templates/dex/deployment.yaml
View file

@ -28,7 +28,7 @@ spec:
initContainers:
- name: copyutil
image: {{ default .Values.global.image.repository .Values.dex.initImage.repository }}:{{ default .Values.global.image.tag .Values.dex.initImage.tag }}
imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.dex.initImage.pullPolicy }}
imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.dex.initImage.imagePullPolicy }}
command:
- cp
- /usr/local/bin/argocd-util
@ -73,4 +73,4 @@ spec:
volumes:
{{- toYaml .Values.dex.volumes | nindent 8}}
{{- end }}
{{- end }}
{{- end }}

126
charts/argo-cd/values.yaml
View file

@ -2,21 +2,25 @@
## Ref: https://github.com/argoproj/argo-cd
##
nameOverride: argocd
fullnameOverride: ""
# Optional CRD installation for those without Helm hooks
installCRDs: true
global:
image:
repository: argoproj/argocd
tag: v1.2.4
tag: v1.3.0
imagePullPolicy: IfNotPresent
## Controller
controller:
name: application-controller
image: {}
# repository: argoproj/argocd
# tag: v1.2.1
# imagePullPolicy: IfNotPresent
image:
repository: # argoproj/argocd
tag: # v1.3.0
imagePullPolicy: # IfNotPresent
## Argo controller commandline flags
args:
@ -27,6 +31,7 @@ controller:
logLevel: info
## Additional command line arguments to pass to argocd-controller
## key: value
extraArgs: []
## Annotations to be added to controller pods
@ -117,7 +122,10 @@ dex:
repository: quay.io/dexidp/dex
tag: v2.14.0
imagePullPolicy: IfNotPresent
initImage: {}
initImage:
repository:
tag:
imagePullPolicy:
serviceAccount:
create: true
@ -158,7 +166,7 @@ dex:
## Redis
redis:
enabled: false
enabled: true
name: redis
image:
@ -186,18 +194,22 @@ redis:
# cpu: 100m
# memory: 64Mi
volumeMounts: []
volumes: []
## Server
server:
name: server
image: {}
# repository: argoproj/argocd
# tag: v1.2.1
# imagePullPolicy: IfNotPresent
image:
repository: # argoproj/argocd
tag: # v1.3.0
imagePullPolicy: # IfNotPresent
## Additional command line arguments to pass to argocd-server
## key: value
# extraArgs: []
# - insecure
# insecure: true
extraArgs: []
## Argo server log level
@ -295,11 +307,13 @@ server:
## Hostnames must be provided if Ingress is enabled.
## Secrets must be manually created in the namespace
##
hosts: []
hosts:
[]
# - argocd.example.com
paths:
- /
tls: []
- /
tls:
[]
# - secretName: argocd-example-tls
# hosts:
# - argocd.example.com
@ -319,10 +333,34 @@ server:
url: https://argocd.example.com
# Argo CD instance label key
application.instanceLabelKey: argocd.argoproj.io/instance
# repositories: |
# - url: git@github.com:group/repo.git
# sshPrivateKeySecret:
# name: secret-name
# key: sshPrivateKey
# - type: helm
# url: https://kubernetes-charts.storage.googleapis.com
# name: stable
# - type: helm
# url: https://argoproj.github.io/argo-helm
# name: argo
# oidc.config: |
# name: AzureAD
# issuer: https://login.microsoftonline.com/TENANT_ID/v2.0
# clientID: CLIENT_ID
# clientSecret: $oidc.azuread.clientSecret
# requestedIDTokenClaims:
# groups:
# essential: true
# requestedScopes:
# - openid
# - profile
# - email
## ArgoCD rbac config
## reference https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md
rbacConfig: {}
rbacConfig:
{}
# policy.csv is an file containing user-defined RBAC policies and role definitions (optional).
# Policy rules are in the form:
# p, subject, resource, action, object, effect
@ -338,7 +376,6 @@ server:
# authorizing API requests (optional). If omitted or empty, users may be still be able to login,
# but will see no apps, projects, etc...
# policy.default: role:readonly
# scopes controls which OIDC scopes to examine during rbac enforcement (in addition to `sub` scope).
# If omitted, defaults to: '[groups]'. The scope value can be a string, or a list of strings.
# scopes: '[cognito:groups, email]'
@ -396,13 +433,13 @@ server:
repoServer:
name: repo-server
image: {}
# repository: argoproj/argocd
# tag: v1.2.1
# imagePullPolicy: IfNotPresent
image:
repository: # argoproj/argocd
tag: # v1.3.0
imagePullPolicy: # IfNotPresent
## Additional command line arguments to pass to argocd-repo-server
##
## key: value
extraArgs: []
## Argo repoServer log level
@ -478,6 +515,25 @@ repoServer:
# namespace: monitoring
# additionalLabels: {}
## Repo server service account
## If create is set to true, make sure to uncomment the name and update the rbac section below
serviceAccount:
create: false
# name: argocd-repo-server
## Annotations applied to created service account
annotations: {}
## Repo server rbac rules
# rbac:
# - apiGroups:
# - argoproj.io
# resources:
# - applications
# verbs:
# - get
# - list
# - watch
## Argo Configs
configs:
knownHosts:
@ -490,7 +546,8 @@ configs:
gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9
ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H
vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H
tlsCerts: {}
tlsCerts:
{}
# data:
# argocd.example.com: |
# -----BEGIN CERTIFICATE-----
@ -527,6 +584,25 @@ configs:
# +LB9LGh4OAp68ImTjqf6ioGKG0RBSznwME+r4nXtT1S/qLR6ASWUS4ViWRhbRlNK
# XWyb96wrUlv+E8I=
# -----END CERTIFICATE-----
# Creates a secret with optional repository credentials
repositoryCredentials:
{}
# sample-ssh-key: |
# -----BEGIN RSA PRIVATE KEY-----
# MIICXAIBAAKBgQCcmiVJXGUvL8zqWmRRETbCKgFadtjJ9WDQpSwiZzMiktpYBo0N
# z0cThzGQfWqvdiJYEy72MrKCaSYssV3eHP5zTffk4VBDktNfdl1kgkOpqnh7tQO4
# nBONRLzcK6KEbKUsmiTbW8Jb4UFYDhyyyveby7y3vYePmaRQIrlEenVfKwIDAQAB
# AoGAbbg+WZjnt9jYzHWKhZX29LDzg8ty9oT6URT4yB3gIOAdJMFqQHuyg8cb/e0x
# O0AcrfK623oHwgEj4vpeFwnfaBdtM5GfH9zaj6pnXV7VZc3oBHrBnHUgFT3NEYUe
# tt6rtatIguBH61Aj/pyij9sOfF0xDj0s1nwFTbdHtZR/31kCQQDIwcVTqhKkDNW6
# cvdz+Wt3v9x1wNg+VhZhyA/pKILz3+qtn3GogLrQqhpVi+Y7tdvEv9FvgKaCjUp8
# 6Lfp6dDFAkEAx7HpQbXFdrtcveOi9kosKRDX1PT4zdhB08jAXGlV8jr0jkrZazVM
# hV5rVCuu35Vh6x1fiyGwwiVsqhgWE+KPLwJAWrDemasM/LsnmjDxhJy6ZcBwsWlK
# xu5Q8h9UwLmiXtVayNBsofh1bGpLtzWZ7oN7ImidDkgJ8JQvgDoJS0xrGQJBALPJ
# FkMFnrjtqGqBVkc8shNqyZY90v6oM2OzupO4dht2PpUZCDPAMZtlTWXjSjabbCPc
# NxexBk1UmkdtFftjHxsCQGjG+nhRYH92MsmrbvZyFzgxg9SIOu6xel7D3Dq9l5Le
# XG+bpHPF4SiCpAxthP5WNa17zuvk+CDsMZgZNuhYNMo=
# -----END RSA PRIVATE KEY-----
secret:
createSecret: true
githubSecret: ""
@ -534,5 +610,7 @@ configs:
bitbucketSecret: ""
# argocdServerTlsConfig:
# key:
# cert:
# crt:
# Argo expects the password in the secret to be bcrypt hashed. You can create this hash with
# `htpasswd -nbBC 10 "" $ARGO_PWD | tr -d ':\n' | sed 's/$2y/$2a/'`
# argocdServerAdminPassword:

4
charts/argo-events/Chart.yaml
View file

@ -1,7 +1,7 @@
apiVersion: v1
description: A Helm chart to install Argo-Events in k8s Cluster
name: argo-events
version: 0.5.2
version: 0.6.0
keywords:
- argo-events
- sensor-controller
@ -11,6 +11,6 @@ sources:
maintainers:
- name: VaibhavPage
- name: magaldima
appVersion: 0.10
appVersion: 0.11
icon: https://raw.githubusercontent.com/argoproj/argo/master/argo.png
home: https://github.com/argoproj/argo-helm

7
charts/argo-events/README.md
View file

@ -14,3 +14,10 @@ This is a **community maintained** chart. It installs the [argo-events](https://
## Notes on CRD Installation
Some users would prefer to install the CRDs _outside_ of the chart. You can disable the CRD installation of this chart by using `--set installCRD=false` when installing the chart.
You can install the CRDs manually like so:
```
kubectl apply -f https://github.com/argoproj/argo-events/raw/v0.11/hack/k8s/manifests/sensor-crd.yaml
kubectl apply -f https://github.com/argoproj/argo-events/raw/v0.11/hack/k8s/manifests/gateway-crd.yaml
```

6
charts/argo-events/ci/test-values.yaml Normal file
View file

@ -0,0 +1,6 @@
serviceAccount: argo-events-sa-test
additionalSaNamespaces:
- nsone
- nstwo
instanceID: test-argo-events
singleNamespace: false

5
charts/argo-events/templates/argo-events-cluster-roles.yaml
View file

@ -11,9 +11,10 @@ subjects:
name: {{ .Values.serviceAccount }}
namespace: {{ .Release.Namespace }}
{{- if .Values.additionalSaNamespaces }}
{{ $sa := .Values.serviceAccount }}
{{- range $namespace := .Values.additionalSaNamespaces }}
- kind: ServiceAccount
name: {{ .Values.serviceAccount }}
name: {{ $sa }}
namespace: {{ $namespace }}
{{- end }}
{{- end }}
@ -51,6 +52,8 @@ rules:
resources:
- workflows
- workflows/finalizers
- workflowtemplates
- workflowtemplates/finalizers
- gateways
- gateways/finalizers
- sensors

7
charts/argo-events/templates/argo-events-sa.yaml
View file

@ -1,4 +1,4 @@
# All argo-events services are bound to the "argo-events" service account.
# All argo-events services are bound to the "argo-events" service account.
# In RBAC enabled setups, this SA is bound to specific roles.
apiVersion: v1
kind: ServiceAccount
@ -6,12 +6,13 @@ metadata:
name: {{ .Values.serviceAccount }}
namespace: {{ .Release.Namespace }}
{{- if .Values.additionalSaNamespaces }}
{{ $sa := .Values.serviceAccount }}
{{- range $namespace := .Values.additionalSaNamespaces }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Values.serviceAccount }}
name: {{ $sa }}
namespace: {{ $namespace }}
{{- end }}
{{- end }}
{{- end }}

4
charts/argo-events/values.yaml
View file

@ -26,11 +26,11 @@ singleNamespace: true
sensorController:
name: sensor-controller
image: sensor-controller
tag: v0.10
tag: v0.11
replicaCount: 1
gatewayController:
name: gateway-controller
image: gateway-controller
tag: v0.10
tag: v0.11
replicaCount: 1