DevFW-CICD/argocd-helm
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: add kubernetes version tag and set container security capabilities (#203)

Browse source
This commit is contained in:
bartse 2020-01-13 06:18:35 +01:00 committed by Sean Johnson
parent 4b22128b4c
commit 69208d2a6f
7 changed files with 63 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
charts/argo-cd/Chart.yaml
View file

@ -2,7 +2,7 @@ apiVersion: v1
appVersion: "1.3.6" appVersion: "1.3.6"
description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes.
name: argo-cd name: argo-cd
version: 1.6.0 version: 1.6.1
home: https://github.com/argoproj/argo-helm home: https://github.com/argoproj/argo-helm
icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
keywords: keywords:

5
charts/argo-cd/templates/argocd-application-controller/deployment.yaml Normal file → Executable file
View file

@ -9,6 +9,7 @@ metadata:
app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.controller.name }} app.kubernetes.io/component: {{ .Values.controller.name }}
app.kubernetes.io/version: {{ .Values.controller.image.tag }}
spec: spec:
selector: selector:
matchLabels: matchLabels:
@ -31,6 +32,7 @@ spec:
app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.controller.name }} app.kubernetes.io/component: {{ .Values.controller.name }}
app.kubernetes.io/version: {{ .Values.controller.image.tag }}
{{- if .Values.controller.podLabels }} {{- if .Values.controller.podLabels }}
{{- toYaml .Values.controller.podLabels | nindent 8 }} {{- toYaml .Values.controller.podLabels | nindent 8 }}
{{- end }} {{- end }}
@ -63,6 +65,9 @@ spec:
image: {{ default .Values.global.image.repository .Values.controller.image.repository }}:{{ default .Values.global.image.tag .Values.controller.image.tag }} image: {{ default .Values.global.image.repository .Values.controller.image.repository }}:{{ default .Values.global.image.tag .Values.controller.image.tag }}
imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.controller.image.imagePullPolicy }} imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.controller.image.imagePullPolicy }}
name: {{ .Values.controller.name }} name: {{ .Values.controller.name }}
{{- if .Values.controller.containerSecurityContext }}
securityContext: {{- toYaml .Values.controller.containerSecurityContext | nindent 10 }}
{{- end }}
{{- if .Values.controller.env }} {{- if .Values.controller.env }}
env: env:
{{- toYaml .Values.controller.env | nindent 8 }} {{- toYaml .Values.controller.env | nindent 8 }}

5
charts/argo-cd/templates/argocd-repo-server/deployment.yaml Normal file → Executable file
View file

@ -9,6 +9,7 @@ metadata:
app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.repoServer.name }} app.kubernetes.io/component: {{ .Values.repoServer.name }}
app.kubernetes.io/version: {{ .Values.repoServer.image.tag }}
spec: spec:
selector: selector:
matchLabels: matchLabels:
@ -31,6 +32,7 @@ spec:
app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.repoServer.name }} app.kubernetes.io/component: {{ .Values.repoServer.name }}
app.kubernetes.io/version: {{ .Values.repoServer.image.tag }}
{{- if .Values.controller.podLabels }} {{- if .Values.controller.podLabels }}
{{- toYaml .Values.controller.podLabels | nindent 8 }} {{- toYaml .Values.controller.podLabels | nindent 8 }}
{{- end }} {{- end }}
@ -57,6 +59,9 @@ spec:
- --{{ $key }} - --{{ $key }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- if .Values.repoServer.containerSecurityContext }}
securityContext: {{- toYaml .Values.repoServer.containerSecurityContext | nindent 10 }}
{{- end }}
{{- if .Values.repoServer.env }} {{- if .Values.repoServer.env }}
env: env:
{{- toYaml .Values.repoServer.env | nindent 8 }} {{- toYaml .Values.repoServer.env | nindent 8 }}

5
charts/argo-cd/templates/argocd-server/deployment.yaml Normal file → Executable file
View file

@ -9,6 +9,7 @@ metadata:
app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.server.name }} app.kubernetes.io/component: {{ .Values.server.name }}
app.kubernetes.io/version: {{ .Values.server.image.tag }}
spec: spec:
selector: selector:
matchLabels: matchLabels:
@ -31,6 +32,7 @@ spec:
app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.server.name }} app.kubernetes.io/component: {{ .Values.server.name }}
app.kubernetes.io/version: {{ .Values.server.image.tag }}
{{- if .Values.controller.podLabels }} {{- if .Values.controller.podLabels }}
{{- toYaml .Values.controller.podLabels | nindent 8 }} {{- toYaml .Values.controller.podLabels | nindent 8 }}
{{- end }} {{- end }}
@ -65,6 +67,9 @@ spec:
- --{{ $key }} - --{{ $key }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- if .Values.server.containerSecurityContext }}
securityContext: {{- toYaml .Values.server.containerSecurityContext | nindent 10 }}
{{- end }}
{{- if .Values.server.env }} {{- if .Values.server.env }}
env: env:
{{- toYaml .Values.server.env | nindent 8 }} {{- toYaml .Values.server.env | nindent 8 }}

10
charts/argo-cd/templates/dex/deployment.yaml Normal file → Executable file
View file

@ -10,6 +10,7 @@ metadata:
app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.dex.name }} app.kubernetes.io/component: {{ .Values.dex.name }}
app.kubernetes.io/version: {{ .Values.dex.image.tag }}
spec: spec:
selector: selector:
matchLabels: matchLabels:
@ -24,11 +25,17 @@ spec:
app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.dex.name }} app.kubernetes.io/component: {{ .Values.dex.name }}
app.kubernetes.io/version: {{ .Values.dex.image.tag }}
spec: spec:
initContainers: initContainers:
- name: copyutil - name: copyutil
image: {{ default .Values.global.image.repository .Values.dex.initImage.repository }}:{{ default .Values.global.image.tag .Values.dex.initImage.tag }} image: {{ default .Values.global.image.repository .Values.dex.initImage.repository }}:{{ default .Values.global.image.tag .Values.dex.initImage.tag }}
imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.dex.initImage.imagePullPolicy }} imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.dex.initImage.imagePullPolicy }}
resources:
{{- toYaml .Values.dex.resources | nindent 10 }}
{{- if .Values.dex.containerSecurityContext }}
securityContext: {{- toYaml .Values.dex.containerSecurityContext | nindent 10 }}
{{- end }}
command: command:
- cp - cp
- /usr/local/bin/argocd-util - /usr/local/bin/argocd-util
@ -43,6 +50,9 @@ spec:
command: command:
- /shared/argocd-util - /shared/argocd-util
- rundex - rundex
{{- if .Values.dex.containerSecurityContext }}
securityContext: {{- toYaml .Values.dex.containerSecurityContext | nindent 10 }}
{{- end }}
{{- if .Values.dex.env }} {{- if .Values.dex.env }}
env: env:
{{- toYaml .Values.dex.env | nindent 8 }} {{- toYaml .Values.dex.env | nindent 8 }}

5
charts/argo-cd/templates/redis/deployment.yaml Normal file → Executable file
View file

@ -10,6 +10,7 @@ metadata:
app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.redis.name }} app.kubernetes.io/component: {{ .Values.redis.name }}
app.kubernetes.io/version: {{ .Values.redis.image.tag }}
spec: spec:
selector: selector:
matchLabels: matchLabels:
@ -23,6 +24,7 @@ spec:
app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.redis.name }} app.kubernetes.io/component: {{ .Values.redis.name }}
app.kubernetes.io/version: {{ .Values.redis.image.tag }}
spec: spec:
automountServiceAccountToken: false automountServiceAccountToken: false
{{- if .Values.global.securityContext }} {{- if .Values.global.securityContext }}
@ -37,6 +39,9 @@ spec:
- "no" - "no"
image: {{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }} image: {{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }}
imagePullPolicy: {{ .Values.redis.image.imagePullPolicy}} imagePullPolicy: {{ .Values.redis.image.imagePullPolicy}}
{{- if .Values.redis.containerSecurityContext }}
securityContext: {{- toYaml .Values.redis.containerSecurityContext | nindent 10 }}
{{- end }}
{{- if .Values.redis.env }} {{- if .Values.redis.env }}
env: env:
{{- toYaml .Values.redis.env | nindent 8 }} {{- toYaml .Values.redis.env | nindent 8 }}

32
charts/argo-cd/values.yaml Normal file → Executable file
View file

@ -50,6 +50,12 @@ controller:
## ##
podLabels: {} podLabels: {}
## Labels to set container specific security contexts
containerSecurityContext: {}
# capabilities:
# drop:
# - all
## Configures the controller port ## Configures the controller port
containerPort: 8082 containerPort: 8082
@ -199,6 +205,13 @@ dex:
priorityClassName: "" priorityClassName: ""
## Labels to set container specific security contexts
containerSecurityContext: {}
# capabilities:
# drop:
# - all
resources: {} resources: {}
# limits: # limits:
# cpu: 50m # cpu: 50m
@ -233,6 +246,13 @@ redis:
priorityClassName: "" priorityClassName: ""
## Labels to set container specific security contexts
containerSecurityContext: {}
# capabilities:
# drop:
# - all
resources: {} resources: {}
# limits: # limits:
# cpu: 200m # cpu: 200m
@ -307,6 +327,12 @@ server:
priorityClassName: "" priorityClassName: ""
## Labels to set container specific security contexts
containerSecurityContext: {}
# capabilities:
# drop:
# - all
resources: {} resources: {}
# limits: # limits:
# cpu: 100m # cpu: 100m
@ -541,6 +567,12 @@ repoServer:
priorityClassName: "" priorityClassName: ""
## Labels to set container specific security contexts
containerSecurityContext: {}
# capabilities:
# drop:
# - all
resources: {} resources: {}
# limits: # limits:
# cpu: 50m # cpu: 50m