From 1dad68d4f433ba73f518b6a3b7c8f883970d1b1f Mon Sep 17 00:00:00 2001 From: Marco Kilchhofer Date: Fri, 13 Aug 2021 18:37:06 +0200 Subject: [PATCH 1/5] Mount emptDir for /tmp and add extraVolumes support (#866) Signed-off-by: Marco Kilchhofer --- charts/argocd-applicationset/Chart.yaml | 7 +++---- charts/argocd-applicationset/README.md | 2 ++ charts/argocd-applicationset/templates/deployment.yaml | 10 ++++++++++ charts/argocd-applicationset/values.yaml | 9 +++++++++ 4 files changed, 24 insertions(+), 4 deletions(-) diff --git a/charts/argocd-applicationset/Chart.yaml b/charts/argocd-applicationset/Chart.yaml index b91b1441..c93d4cef 100644 --- a/charts/argocd-applicationset/Chart.yaml +++ b/charts/argocd-applicationset/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: argocd-applicationset description: A Helm chart for installing ArgoCD ApplicationSet type: application -version: 1.0.0 +version: 1.1.0 appVersion: "v0.1.0" home: https://github.com/argoproj/argo-helm icon: https://argocd-applicationset.readthedocs.io/en/stable/assets/logo.png @@ -14,6 +14,5 @@ maintainers: - name: maruina annotations: artifacthub.io/changes: | - - "[Removed]: CRD installation via templates folder. CRDs are now only handled via the '/crds' folder in the same way like the ArgoCD chart." - - "[Removed]: Exclude '/ci' folder from being packaged into the final chart archive." - - "[Changed]: Fix icon url" + - "[Added]: /tmp is an emptyDir now (enables users to use readOnlyRootFilesystem)" + - "[Added]: Ability to add extraVolumes and extraVolumeMounts" diff --git a/charts/argocd-applicationset/README.md b/charts/argocd-applicationset/README.md index 0b59414b..0996b234 100644 --- a/charts/argocd-applicationset/README.md +++ b/charts/argocd-applicationset/README.md @@ -65,6 +65,8 @@ kubectl apply -k https://github.com/argoproj-labs/applicationset.git/manifests/c | args.policy | string | `sync` | How application is synced between the generator and the cluster | | args.debug | bool | `false` | Print debug logs | | args.dryRun | bool | `false` | Enable dry run mode | +| extraVolumeMounts | list | `[]` | List of extra mounts to add (normally used with extraVolumes) | +| extraVolumes | list | `[]` | List of extra volumes to add | | fullnameOverride | string | `""` | Override the default fully qualified app name | | image.pullPolicy | string | `"IfNotPresent"` | Image pull policy | | image.repository | string | `"quay.io/argocdapplicationset/argocd-applicationset"` | If defined, a repository applied to the ApplicationSet deployment. | diff --git a/charts/argocd-applicationset/templates/deployment.yaml b/charts/argocd-applicationset/templates/deployment.yaml index 4840bd65..beb34680 100644 --- a/charts/argocd-applicationset/templates/deployment.yaml +++ b/charts/argocd-applicationset/templates/deployment.yaml @@ -50,6 +50,8 @@ spec: resources: {{- toYaml .Values.resources | nindent 12 }} volumeMounts: + - mountPath: /tmp + name: tmp-dir {{- if .Values.mountSSHKnownHostsVolume }} - mountPath: /app/config/ssh name: ssh-known-hosts @@ -66,7 +68,12 @@ spec: - mountPath: /app/config/gpg/keys name: gpg-keyring {{- end }} + {{- with .Values.extraVolumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} volumes: + - emptyDir: {} + name: tmp-dir {{- if .Values.mountSSHKnownHostsVolume }} - configMap: name: argocd-ssh-known-hosts-cm @@ -86,6 +93,9 @@ spec: - emptyDir: {} name: gpg-keyring {{- end }} + {{- with .Values.extraVolumes }} + {{- toYaml . | nindent 6 }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/argocd-applicationset/values.yaml b/charts/argocd-applicationset/values.yaml index ac4b3bd9..e5b12272 100644 --- a/charts/argocd-applicationset/values.yaml +++ b/charts/argocd-applicationset/values.yaml @@ -75,3 +75,12 @@ mountSSHKnownHostsVolume: true mountTLSCertsVolume: true mountGPGKeysVolume: false mountGPGKeyringVolume: true + +# -- List of extra mounts to add (normally used with extraVolumes) +extraVolumeMounts: [] + # - mountPath: /tmp/foobar + # name: foobar +# -- List of extra volumes to add +extraVolumes: [] + # - name: foobar + # emptyDir: {} From a795074dd1e25a4b8c666e5579344b04620d5314 Mon Sep 17 00:00:00 2001 From: Christian Strack Date: Fri, 13 Aug 2021 22:15:02 +0200 Subject: [PATCH 2/5] feat(argo-cd): Add support for aggregation clusterroles (#865) * feat(argo-cd): Add support for aggregation clusterroles * feat: Add support for aggregation clusterroles Signed-off-by: Christian Strack * fix(argo-cd): Remove redundant whitespace from README.md Signed-off-by: Christian Strack Co-authored-by: Marko Bevc * fix(argo-cd): Remove component labels from aggregation roles Signed-off-by: Christian Strack Co-authored-by: Marco Kilchhofer * fix(argo-cd): Use value `createAggregateRoles` to control role creation * fix: Use value `createAggregateRoles` to control role creation * bump version to 3.12.0 * update chart README.md accordingly Signed-off-by: Christian Strack Co-authored-by: Marko Bevc Co-authored-by: Marco Kilchhofer --- charts/argo-cd/Chart.yaml | 4 +- charts/argo-cd/README.md | 1 + .../templates/argocd-aggregate-roles.yaml | 67 +++++++++++++++++++ charts/argo-cd/values.yaml | 4 ++ 4 files changed, 74 insertions(+), 2 deletions(-) create mode 100644 charts/argo-cd/templates/argocd-aggregate-roles.yaml diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 90cde221..2def2ed8 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 2.0.5 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.11.5 +version: 3.12.0 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-cd/assets/logo.png keywords: @@ -21,4 +21,4 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - "[Fixed]: Can't login when using configs.secret.argocdServerAdminPassword" + - "[Added]: Support for aggregation clusterroles" diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 5672d677..c73299f9 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -148,6 +148,7 @@ NAME: my-release | fullnameOverride | String to fully override `"argo-cd.fullname"` | `""` | | apiVersionOverrides.certmanager | String to override apiVersion of certmanager resources rendered by this helm chart | `""` | | apiVersionOverrides.ingress | String to override apiVersion of ingresses rendered by this helm chart | `""` | +| createAggregateRoles | Create clusterroles that extend aggregated roles to use argo-cd crds | `false` | | configs.clusterCredentials | Provide one or multiple [external cluster credentials](https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#clusters) | `[]` (See [values.yaml](values.yaml)) | | configs.gpgKeysAnnotations | GnuPG key ring annotations | `{}` | | configs.gpgKeys | [GnuPG](https://argoproj.github.io/argo-cd/user-guide/gpg-verification/) keys to add to the key ring | `{}` (See [values.yaml](values.yaml)) | diff --git a/charts/argo-cd/templates/argocd-aggregate-roles.yaml b/charts/argo-cd/templates/argocd-aggregate-roles.yaml new file mode 100644 index 00000000..d11329a3 --- /dev/null +++ b/charts/argo-cd/templates/argocd-aggregate-roles.yaml @@ -0,0 +1,67 @@ +{{- if .Values.createAggregateRoles }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "argo-cd.fullname" . }}-aggregate-to-view + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" + {{- include "argo-cd.labels" (dict "context" .) | nindent 4 }} +rules: +- apiGroups: + - argoproj.io + resources: + - applications + - appprojects + verbs: + - get + - list + - watch + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "argo-cd.fullname" . }}-aggregate-to-edit + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" + {{- include "argo-cd.labels" (dict "context" .) | nindent 4 }} +rules: +- apiGroups: + - argoproj.io + resources: + - applications + - appprojects + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "argo-cd.fullname" . }}-aggregate-to-admin + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + {{- include "argo-cd.labels" (dict "context" .) | nindent 4 }} +rules: +- apiGroups: + - argoproj.io + resources: + - applications + - appprojects + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +{{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 6edc9201..4a6172ef 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -31,6 +31,10 @@ apiVersionOverrides: certmanager: "" # cert-manager.io/v1 ingress: "" # networking.k8s.io/v1beta1 +## Create clusterroles that extend existing clusterroles to interact with argo-cd crds +## Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles +createAggregateRoles: false + ## Controller controller: name: application-controller From d0efbc458a65bc56b432b989d03090e01096216f Mon Sep 17 00:00:00 2001 From: Thomas Petit Date: Sat, 14 Aug 2021 13:03:26 +0200 Subject: [PATCH 3/5] fix(argo-cd): Fix (full)nameOverride redis-ha sub-chart (#725) Signed-off-by: Marco Kilchhofer Co-authored-by: Marco Kilchhofer --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/templates/_helpers.tpl | 5 +++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 2def2ed8..322cd0c0 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 2.0.5 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.12.0 +version: 3.12.1 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-cd/assets/logo.png keywords: @@ -21,4 +21,4 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - "[Added]: Support for aggregation clusterroles" + - "[Fixed]: redis-ha.nameOverride / redis-ha.fullnameOverride breaks the ArgoCD helm chart" diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index c5d2adab..be2927c2 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -42,10 +42,11 @@ Create dex name and version as used by the chart label. Create redis name and version as used by the chart label. */}} {{- define "argo-cd.redis.fullname" -}} -{{ $redisHa := (index .Values "redis-ha") }} +{{- $redisHa := (index .Values "redis-ha") -}} +{{- $redisHaContext := dict "Chart" (dict "Name" "redis-ha") "Release" .Release "Values" $redisHa -}} {{- if $redisHa.enabled -}} {{- if $redisHa.haproxy.enabled -}} - {{- printf "%s-redis-ha-haproxy" .Release.Name | trunc 63 | trimSuffix "-" -}} + {{- printf "%s-haproxy" (include "redis-ha.fullname" $redisHaContext) | trunc 63 | trimSuffix "-" -}} {{- end -}} {{- else -}} {{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.redis.name | trunc 63 | trimSuffix "-" -}} From 879453808c9ada59d758200fe2bf2170dde1804d Mon Sep 17 00:00:00 2001 From: Wylie Hobbs Date: Mon, 16 Aug 2021 09:23:02 -0600 Subject: [PATCH 4/5] feat(argo-cd): Add argocd image updater (#477) * Add argocd-image-updater chart Signed-off-by: Wylie Hobbs * Add maintainers Signed-off-by: Wylie Hobbs * update rbac and chart metadata Signed-off-by: Wylie Hobbs * fix chompstyle Signed-off-by: Wylie Hobbs * add README/template with helm-docs Signed-off-by: Wylie Hobbs * Use correct icon url and use a generic maintainer section Signed-off-by: Marco Kilchhofer Co-authored-by: Marco Kilchhofer --- charts/argocd-image-updater/.helmignore | 23 ++++ charts/argocd-image-updater/Chart.yaml | 18 ++++ charts/argocd-image-updater/README.md | 86 +++++++++++++++ charts/argocd-image-updater/README.md.gotmpl | 58 ++++++++++ .../templates/_helpers.tpl | 63 +++++++++++ .../templates/configmap.yaml | 13 +++ .../templates/deployment.yaml | 95 ++++++++++++++++ .../argocd-image-updater/templates/rbac.yaml | 48 +++++++++ .../templates/serviceaccount.yaml | 12 +++ charts/argocd-image-updater/values.yaml | 102 ++++++++++++++++++ 10 files changed, 518 insertions(+) create mode 100644 charts/argocd-image-updater/.helmignore create mode 100644 charts/argocd-image-updater/Chart.yaml create mode 100644 charts/argocd-image-updater/README.md create mode 100644 charts/argocd-image-updater/README.md.gotmpl create mode 100644 charts/argocd-image-updater/templates/_helpers.tpl create mode 100644 charts/argocd-image-updater/templates/configmap.yaml create mode 100644 charts/argocd-image-updater/templates/deployment.yaml create mode 100644 charts/argocd-image-updater/templates/rbac.yaml create mode 100644 charts/argocd-image-updater/templates/serviceaccount.yaml create mode 100644 charts/argocd-image-updater/values.yaml diff --git a/charts/argocd-image-updater/.helmignore b/charts/argocd-image-updater/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/charts/argocd-image-updater/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/argocd-image-updater/Chart.yaml b/charts/argocd-image-updater/Chart.yaml new file mode 100644 index 00000000..1ace2616 --- /dev/null +++ b/charts/argocd-image-updater/Chart.yaml @@ -0,0 +1,18 @@ +apiVersion: v2 +name: argocd-image-updater +description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD +type: application +version: 0.1.0 +appVersion: v0.10.1 +home: https://github.com/argoproj-labs/argocd-image-updater +icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png +keywords: + - argoproj + - argocd + - gitops +maintainers: + - name: argoproj + url: https://argoproj.github.io/ +annotations: + artifacthub.io/changes: | + - "[Added]: First chart release" diff --git a/charts/argocd-image-updater/README.md b/charts/argocd-image-updater/README.md new file mode 100644 index 00000000..d3440dd6 --- /dev/null +++ b/charts/argocd-image-updater/README.md @@ -0,0 +1,86 @@ +# argocd-image-updater + +A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD + +To regenerate this document, from the root of this chart directory run: +```shell +docker run --rm --volume "$(pwd):/helm-docs" -u $(id -u) jnorwood/helm-docs:latest +``` + +## Installation + +```console +helm repo add argo https://argoproj.github.io/argo-helm +helm install argocd-image-updater argo/argocd-image-updater +``` + +You will also need to run through the [secret setup documentation](https://argocd-image-updater.readthedocs.io/en/stable/install/start/#connect-using-argo-cd-api-server) so ArgoCD ImageUpdater can talk to the ArgoCD API (until its automated in this chart). + +## TODO + +- Automate setting up the ArgoCD API Authentication user/secret using a Helm Hook or something. + +## Prerequisites + +* Helm v3.0.0+ + +## Configuration options + +In order for your deployment of ArgoCD Image Updater to be successful, you will need to make sure you set the correct configuration options described in detail on the [argocd-image-updater flags page](https://argocd-image-updater.readthedocs.io/en/stable/install/running/#flags). + +All of the `argocd-` prefixed flags, which tell `argocd-image-updater` how your ArgoCD instance is setup, are set in the `config.argocd` values block. For instance: + +```yaml +config: + argocd: + grpcWeb: false + serverAddress: "http://argocd.argo" + insecure: true + plaintext: true +``` + +Any additional arguments mentioned on the [argocd-image-updater flags page](https://argocd-image-updater.readthedocs.io/en/stable/install/running/#flags) can be configured using the `extraArgs` value, like so. + +### Registries + +ArgoCD Image Updater natively supports the following registries (as mentioned in [the documentation](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/)): + +- Docker Hub +- Google Container Registry +- RedHat Quay +- GitHub Container Registry +- GitHub Docker Packages + +If you need support for ECR, you can reference [this issue](https://github.com/argoproj-labs/argocd-image-updater/issues/112) for configuration. + +The `config.registries` value can be used exactly as it looks in the documentation as it gets dumped directly into a configmap in this chart. + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{}` | Kubernetes affinity settings for the deployment | +| config.argocd.grpcWeb | bool | `true` | Use the gRPC-web protocol to connect to the Argo CD API | +| config.argocd.insecure | bool | `false` | If specified, the certificate of the Argo CD API server is not verified. | +| config.argocd.plaintext | bool | `false` | If specified, use an unencrypted HTTP connection to the ArgoCD API instead of TLS. | +| config.argocd.serverAddress | string | `""` | Connect to the Argo CD API server at server address | +| config.logLevel | string | `"info"` | ArgoCD Image Update log level | +| config.registries | list | `[]` | ArgoCD Image Updater registries list configuration. More information [here](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/) | +| extraArgs | list | `[]` | Extra arguments for argocd-image-updater not defined in config.argocd | +| fullnameOverride | string | `""` | Global fullname (argocd-image-updater.fullname in _helpers.tpl) override | +| image.pullPolicy | string | `"Always"` | Default image pull policy | +| image.repository | string | `"argoprojlabs/argocd-image-updater"` | Default image repository | +| image.tag | string | `"v0.10.1"` | Default image tag | +| imagePullSecrets | list | `[]` | ImagePullSecrets for the image updater deployment | +| nameOverride | string | `""` | Global name (argocd-image-updater.name in _helpers.tpl) override | +| nodeSelector | object | `{}` | Kubernetes nodeSelector settings for the deployment | +| podAnnotations | object | `{}` | Pod Annotations for the deployment | +| podSecurityContext | object | `{}` | Pod security context settings for the deployment | +| rbac.enabled | bool | `true` | Enable RBAC creation | +| replicaCount | int | `1` | Replica count for the deployment. It is not advised to run more than one replica. | +| resources | object | `{}` | Pod memory and cpu resource settings for the deployment | +| securityContext | object | `{}` | Security context settings for the deployment | +| serviceAccount.annotations | object | `{}` | Annotations to add to the service account | +| serviceAccount.create | bool | `true` | Specifies whether a service account should be created | +| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | +| tolerations | list | `[]` | Kubernetes toleration settings for the deployment | diff --git a/charts/argocd-image-updater/README.md.gotmpl b/charts/argocd-image-updater/README.md.gotmpl new file mode 100644 index 00000000..eab46779 --- /dev/null +++ b/charts/argocd-image-updater/README.md.gotmpl @@ -0,0 +1,58 @@ +{{ template "chart.header" . }} + +{{ template "chart.description" . }} + +To regenerate this document, from the root of this chart directory run: +```shell +docker run --rm --volume "$(pwd):/helm-docs" -u $(id -u) jnorwood/helm-docs:latest +``` + +## Installation + +```console +helm repo add argo https://argoproj.github.io/argo-helm +helm install argocd-image-updater argo/argocd-image-updater +``` + +You will also need to run through the [secret setup documentation](https://argocd-image-updater.readthedocs.io/en/stable/install/start/#connect-using-argo-cd-api-server) so ArgoCD ImageUpdater can talk to the ArgoCD API (until its automated in this chart). + +## TODO + +- Automate setting up the ArgoCD API Authentication user/secret using a Helm Hook or something. + +## Prerequisites + +* Helm v3.0.0+ + +## Configuration options + +In order for your deployment of ArgoCD Image Updater to be successful, you will need to make sure you set the correct configuration options described in detail on the [argocd-image-updater flags page](https://argocd-image-updater.readthedocs.io/en/stable/install/running/#flags). + +All of the `argocd-` prefixed flags, which tell `argocd-image-updater` how your ArgoCD instance is setup, are set in the `config.argocd` values block. For instance: + +```yaml +config: + argocd: + grpcWeb: false + serverAddress: "http://argocd.argo" + insecure: true + plaintext: true +``` + +Any additional arguments mentioned on the [argocd-image-updater flags page](https://argocd-image-updater.readthedocs.io/en/stable/install/running/#flags) can be configured using the `extraArgs` value, like so. + +### Registries + +ArgoCD Image Updater natively supports the following registries (as mentioned in [the documentation](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/)): + +- Docker Hub +- Google Container Registry +- RedHat Quay +- GitHub Container Registry +- GitHub Docker Packages + +If you need support for ECR, you can reference [this issue](https://github.com/argoproj-labs/argocd-image-updater/issues/112) for configuration. + +The `config.registries` value can be used exactly as it looks in the documentation as it gets dumped directly into a configmap in this chart. + +{{ template "chart.valuesSection" . }} diff --git a/charts/argocd-image-updater/templates/_helpers.tpl b/charts/argocd-image-updater/templates/_helpers.tpl new file mode 100644 index 00000000..5c0be1da --- /dev/null +++ b/charts/argocd-image-updater/templates/_helpers.tpl @@ -0,0 +1,63 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "argocd-image-updater.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "argocd-image-updater.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "argocd-image-updater.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "argocd-image-updater.labels" -}} +helm.sh/chart: {{ include "argocd-image-updater.chart" . }} +{{ include "argocd-image-updater.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "argocd-image-updater.selectorLabels" -}} +app.kubernetes.io/name: {{ include "argocd-image-updater.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "argocd-image-updater.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "argocd-image-updater.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/charts/argocd-image-updater/templates/configmap.yaml b/charts/argocd-image-updater/templates/configmap.yaml new file mode 100644 index 00000000..dab468a2 --- /dev/null +++ b/charts/argocd-image-updater/templates/configmap.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + {{- include "argocd-image-updater.labels" . | nindent 4 }} + name: argocd-image-updater-config +data: + registries.conf: | + {{- with .Values.config.registries }} + registries: + {{- toYaml . | nindent 6 }} + {{- end }} diff --git a/charts/argocd-image-updater/templates/deployment.yaml b/charts/argocd-image-updater/templates/deployment.yaml new file mode 100644 index 00000000..cfc350ec --- /dev/null +++ b/charts/argocd-image-updater/templates/deployment.yaml @@ -0,0 +1,95 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "argocd-image-updater.fullname" . }} + labels: + {{- include "argocd-image-updater.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "argocd-image-updater.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + labels: + {{- include "argocd-image-updater.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "argocd-image-updater.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + command: + - /usr/local/bin/argocd-image-updater + - run + {{- with .Values.extraArgs }} + {{- toYaml . | nindent 12 }} + {{- end }} + env: + - name: ARGOCD_GRPC_WEB + value: {{ .Values.config.argocd.grpcWeb | quote }} + - name: ARGOCD_SERVER + value: {{ .Values.config.argocd.serverAddress }} + - name: ARGOCD_INSECURE + value: {{ .Values.config.argocd.insecure | quote }} + - name: ARGOCD_PLAINTEXT + value: {{ .Values.config.argocd.plaintext | quote }} + - name: ARGOCD_TOKEN + valueFrom: + secretKeyRef: + key: argocd.token + name: argocd-image-updater-secret + optional: true + - name: IMAGE_UPDATER_LOGLEVEL + value: {{ .Values.config.logLevel }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - containerPort: 8080 + readinessProbe: + httpGet: + path: /healthz + port: 8080 + initialDelaySeconds: 3 + periodSeconds: 30 + livenessProbe: + httpGet: + path: /healthz + port: 8080 + initialDelaySeconds: 3 + periodSeconds: 30 + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumeMounts: + - mountPath: /app/config + name: registries-conf + volumes: + - configMap: + items: + - key: registries.conf + path: registries.conf + name: argocd-image-updater-config + name: registries-conf + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/argocd-image-updater/templates/rbac.yaml b/charts/argocd-image-updater/templates/rbac.yaml new file mode 100644 index 00000000..cb508a43 --- /dev/null +++ b/charts/argocd-image-updater/templates/rbac.yaml @@ -0,0 +1,48 @@ +{{- if .Values.rbac.enabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + {{ include "argocd-image-updater.labels" . | nindent 4 }} + name: {{ include "argocd-image-updater.fullname" . }} +rules: + - apiGroups: + - '' + resources: + - secrets + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - argoproj.io + resources: + - applications + verbs: + - get + - list + - update + - patch + - apiGroups: + - "" + resources: + - events + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + {{ include "argocd-image-updater.labels" . | nindent 4 }} + name: {{ include "argocd-image-updater.fullname" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "argocd-image-updater.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "argocd-image-updater.serviceAccountName" . }} +{{- end }} diff --git a/charts/argocd-image-updater/templates/serviceaccount.yaml b/charts/argocd-image-updater/templates/serviceaccount.yaml new file mode 100644 index 00000000..c208ee69 --- /dev/null +++ b/charts/argocd-image-updater/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "argocd-image-updater.serviceAccountName" . }} + labels: + {{- include "argocd-image-updater.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/argocd-image-updater/values.yaml b/charts/argocd-image-updater/values.yaml new file mode 100644 index 00000000..f939137c --- /dev/null +++ b/charts/argocd-image-updater/values.yaml @@ -0,0 +1,102 @@ +# -- Replica count for the deployment. It is not advised to run more than one replica. +replicaCount: 1 +image: + # -- Default image repository + repository: argoprojlabs/argocd-image-updater + # -- Default image pull policy + pullPolicy: Always + # -- Default image tag + tag: v0.10.1 + +# -- ImagePullSecrets for the image updater deployment +imagePullSecrets: [] +# -- Global name (argocd-image-updater.name in _helpers.tpl) override +nameOverride: "" +# -- Global fullname (argocd-image-updater.fullname in _helpers.tpl) override +fullnameOverride: "" + +# -- Extra arguments for argocd-image-updater not defined in config.argocd +extraArgs: [] + # - --disable-kubernetes + # - --dry-run + # - --health-port 8080 + # - --interval 2m + # - --kubeconfig ~/.kube/config + # - --match-application-name staging-* + # - --max-concurrency 5 + # - --once + # - --registries-conf-path /app/config/registries.conf + +config: + # Described in detail here https://argocd-image-updater.readthedocs.io/en/stable/install/running/#flags + argocd: + # -- Use the gRPC-web protocol to connect to the Argo CD API + grpcWeb: true + # -- Connect to the Argo CD API server at server address + serverAddress: "" + # -- If specified, the certificate of the Argo CD API server is not verified. + insecure: false + # -- If specified, use an unencrypted HTTP connection to the ArgoCD API instead of TLS. + plaintext: false + + # -- ArgoCD Image Update log level + logLevel: "info" + + # -- ArgoCD Image Updater registries list configuration. More information [here](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/) + registries: [] + # - name: Docker Hub + # api_url: https://registry-1.docker.io + # ping: yes + # credentials: secret:foo/bar#creds + # defaultns: library + # - name: Google Container Registry + # api_url: https://gcr.io + # prefix: gcr.io + # ping: no + # credentials: pullsecret:foo/bar + # - name: RedHat Quay + # api_url: https://quay.io + # ping: no + # prefix: quay.io + # credentials: env:REGISTRY_SECRET + +serviceAccount: + # -- Specifies whether a service account should be created + create: true + # -- Annotations to add to the service account + annotations: {} + # -- The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +# -- Pod Annotations for the deployment +podAnnotations: {} + +# -- Pod security context settings for the deployment +podSecurityContext: {} + # fsGroup: 2000 + +# -- Security context settings for the deployment +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +rbac: + # -- Enable RBAC creation + enabled: true + +# -- Pod memory and cpu resource settings for the deployment +resources: {} + +# -- Kubernetes nodeSelector settings for the deployment +nodeSelector: {} + +# -- Kubernetes toleration settings for the deployment +tolerations: [] + +# -- Kubernetes affinity settings for the deployment +affinity: {} From 3053af0500b942df4f0759ad29553b2938882c86 Mon Sep 17 00:00:00 2001 From: cskh Date: Mon, 16 Aug 2021 11:27:24 -0400 Subject: [PATCH 5/5] feat(argo-rollouts): add dashboard (#798) * feat(argo-rollouts): add dashboard deployment and service credit: the implemention is inspired by the work from Andrii Perenesenko . Signed-off-by: Hui Kang * Apply suggestions from code review Signed-off-by: Marco Kilchhofer * Add components to selectlabels Signed-off-by: Hui Kang * Bump major version and add upgrading note Signed-off-by: Hui Kang * fix: Documentation on dashboard values, change annotations Signed-off-by: Hui Kang * feat: Enable dashboard during chart testing Signed-off-by: Marco Kilchhofer Co-authored-by: Hui Kang Co-authored-by: Marco Kilchhofer --- charts/argo-rollouts/.helmignore | 1 + charts/argo-rollouts/Chart.yaml | 5 +- charts/argo-rollouts/README.md | 24 ++++++++ charts/argo-rollouts/ci/test-values.yaml | 2 + .../templates/argo-rollouts-deployment.yaml | 2 + .../argo-rollouts-metrics-service.yaml | 5 +- .../templates/dashboard/clusterrole.yaml | 58 ++++++++++++++++++ .../dashboard/clusterrolebinding.yaml | 17 ++++++ .../templates/dashboard/deployment.yaml | 59 +++++++++++++++++++ .../argo-rollouts/templates/dashboard/sa.yaml | 13 ++++ .../templates/dashboard/service.yaml | 22 +++++++ charts/argo-rollouts/values.yaml | 25 ++++++++ 12 files changed, 228 insertions(+), 5 deletions(-) create mode 100644 charts/argo-rollouts/ci/test-values.yaml create mode 100644 charts/argo-rollouts/templates/dashboard/clusterrole.yaml create mode 100644 charts/argo-rollouts/templates/dashboard/clusterrolebinding.yaml create mode 100644 charts/argo-rollouts/templates/dashboard/deployment.yaml create mode 100644 charts/argo-rollouts/templates/dashboard/sa.yaml create mode 100644 charts/argo-rollouts/templates/dashboard/service.yaml diff --git a/charts/argo-rollouts/.helmignore b/charts/argo-rollouts/.helmignore index f0c13194..b4af6c20 100644 --- a/charts/argo-rollouts/.helmignore +++ b/charts/argo-rollouts/.helmignore @@ -19,3 +19,4 @@ .project .idea/ *.tmproj +ci/ diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml index c92e4c62..7bdb6ea9 100644 --- a/charts/argo-rollouts/Chart.yaml +++ b/charts/argo-rollouts/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: "v1.0.2" description: A Helm chart for Argo Rollouts name: argo-rollouts -version: 1.0.4 +version: 2.0.0 icon: https://argoproj.github.io/argo-rollouts/assets/logo.png home: https://github.com/argoproj/argo-helm maintainers: @@ -11,5 +11,4 @@ maintainers: - name: jessesuen annotations: artifacthub.io/changes: | - - "[Fixed]: Add missing liveness and readiness probes" - - "[Changed]: Fix icon url" + - "[Added]: Dashboard manifests" diff --git a/charts/argo-rollouts/README.md b/charts/argo-rollouts/README.md index 8916a86c..9fcd862a 100644 --- a/charts/argo-rollouts/README.md +++ b/charts/argo-rollouts/README.md @@ -25,6 +25,9 @@ $ helm repo add argo https://argoproj.github.io/argo-helm $ helm install my-release argo/argo-rollouts ``` +If dashboard is installed by `--set dashboard.enabled=true`, checkout the argo-rollouts dashboard by +`kubectl port-forward service/argo-rollouts-dashboard 31000:3100` and pointing the browser to `localhost:31000` + ## Chart Values | Key | Type | Default | Description | @@ -53,9 +56,30 @@ $ helm install my-release argo/argo-rollouts | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | | podSecurityContext | object | `{"runAsNonRoot": true}` | Security Context to set on pod level | | containerSecurityContext | object | `{}` | Security Context to set on container level | +| dashboard.enabled | bool | `false` | Deploy dashboard server | +| dashboard.component | string | `"rollouts-dashboard"` | Value of label `app.kubernetes.io/component` | +| dashboard.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy | +| dashboard.image.registry | string | `quay.io` | Registry to use | +| dashboard.image.repository | string | `"argoproj/kubectl-argo-rollouts"` | Repository to use | +| dashboard.image.tag | string | `""` | Overrides the image tag (default is the chart appVersion) | +| dashboard.resources | object | `{}` | Resource limits and requests for the dashboard pods. | +| dashboard.tolerations | list | `[]` | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | +| dashboard.affinity | object | `{}` | [Assign custom affinity rules to the deployment](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) | +| dashboard.nodeSelector | object | `{}` | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | +| dashboard.podSecurityContext | object | `{"runAsNonRoot": true}` | Security Context to set on pod level | +| dashboard.containerSecurityContext | object | `{}` | Security Context to set on container level | +| dashboard.serviceAccount.create | bool | `true` | Specifies whether a dashboard service account should be created | +| dashboard.serviceAccount.annotations | object | `{}` | Annotations to add to the dashboard service account | +| dashboard.serviceAccount.name | string | `""` | The name of the dashboard service account to use. If not set and create is true, a name is generated using the fullname template | ## Upgrading +### To 2.0.0 + +* The argo-rollouts dashboard is added to the template and can be enabled by setting `dashboard.enabled=true`. +* There is a breaking change where the selector label `app.kubernetes.io/component: {{ .Values.controller.component }}` is added to rollout's deployment and service in order to distinguish between the controller and the dashboard component. + To upgrade an existing installation, please **add the `--force` parameter** to the `helm upgrade` command or **delete the Deployment and Service resource** before you upgrade. This is necessary because Deployment's label selector is immutable. + ### To 1.0.0 * This is a breaking change which only supports Helm v3.0.0+ now. If you still use Helm v2, please consider upgrading because v2 is EOL since November 2020. diff --git a/charts/argo-rollouts/ci/test-values.yaml b/charts/argo-rollouts/ci/test-values.yaml new file mode 100644 index 00000000..7ea0c4c8 --- /dev/null +++ b/charts/argo-rollouts/ci/test-values.yaml @@ -0,0 +1,2 @@ +dashboard: + enabled: true diff --git a/charts/argo-rollouts/templates/argo-rollouts-deployment.yaml b/charts/argo-rollouts/templates/argo-rollouts-deployment.yaml index 4acb0cee..71d73352 100644 --- a/charts/argo-rollouts/templates/argo-rollouts-deployment.yaml +++ b/charts/argo-rollouts/templates/argo-rollouts-deployment.yaml @@ -8,6 +8,7 @@ metadata: spec: selector: matchLabels: + app.kubernetes.io/component: {{ .Values.controller.component }} {{- include "argo-rollouts.selectorLabels" . | nindent 6 }} strategy: type: Recreate @@ -19,6 +20,7 @@ spec: {{- end }} labels: {{- include "argo-rollouts.selectorLabels" . | nindent 8 }} + app.kubernetes.io/component: {{ .Values.controller.component }} {{- range $key, $value := .Values.podLabels }} {{ $key }}: {{ $value | quote }} {{- end }} diff --git a/charts/argo-rollouts/templates/argo-rollouts-metrics-service.yaml b/charts/argo-rollouts/templates/argo-rollouts-metrics-service.yaml index 6f2c975f..5e380347 100644 --- a/charts/argo-rollouts/templates/argo-rollouts-metrics-service.yaml +++ b/charts/argo-rollouts/templates/argo-rollouts-metrics-service.yaml @@ -4,7 +4,7 @@ kind: Service metadata: name: {{ include "argo-rollouts.fullname" . }}-metrics labels: - app.kubernetes.io/component: server + app.kubernetes.io/component: {{ .Values.controller.component }} {{- include "argo-rollouts.labels" . | nindent 4 }} {{- with .Values.serviceAnnotations }} annotations: @@ -17,5 +17,6 @@ spec: port: 8090 targetPort: 8090 selector: - {{- include "argo-rollouts.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: {{ .Values.controller.component }} + {{- include "argo-rollouts.selectorLabels" . | nindent 4 }} {{- end }} diff --git a/charts/argo-rollouts/templates/dashboard/clusterrole.yaml b/charts/argo-rollouts/templates/dashboard/clusterrole.yaml new file mode 100644 index 00000000..071ba962 --- /dev/null +++ b/charts/argo-rollouts/templates/dashboard/clusterrole.yaml @@ -0,0 +1,58 @@ +{{- if and .Values.dashboard.enabled .Values.clusterInstall }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "argo-rollouts.fullname" . }}-dashboard + labels: + app.kubernetes.io/component: {{ .Values.dashboard.component }} + {{- include "argo-rollouts.labels" . | nindent 4 }} +rules: + - apiGroups: + - argoproj.io + resources: + - rollouts + - rollouts/status + - rollouts/finalizers + verbs: + - get + - list + - watch + - update + - patch + - apiGroups: + - argoproj.io + resources: + - analysisruns + - analysisruns/finalizers + - experiments + - experiments/finalizers + verbs: + - create + - get + - list + - watch + - apiGroups: + - argoproj.io + resources: + - analysistemplates + - clusteranalysistemplates + verbs: + - get + - list + - watch + - apiGroups: + - apps + resources: + - replicasets + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - list + - watch +{{- end }} diff --git a/charts/argo-rollouts/templates/dashboard/clusterrolebinding.yaml b/charts/argo-rollouts/templates/dashboard/clusterrolebinding.yaml new file mode 100644 index 00000000..331fbe4e --- /dev/null +++ b/charts/argo-rollouts/templates/dashboard/clusterrolebinding.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.dashboard.enabled .Values.clusterInstall }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "argo-rollouts.fullname" . }}-dashboard + labels: + app.kubernetes.io/component: {{ .Values.dashboard.component }} + {{- include "argo-rollouts.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "argo-rollouts.fullname" . }}-dashboard +subjects: +- kind: ServiceAccount + name: {{ include "argo-rollouts.serviceAccountName" . }}-dashboard + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/charts/argo-rollouts/templates/dashboard/deployment.yaml b/charts/argo-rollouts/templates/dashboard/deployment.yaml new file mode 100644 index 00000000..48364587 --- /dev/null +++ b/charts/argo-rollouts/templates/dashboard/deployment.yaml @@ -0,0 +1,59 @@ +{{- if .Values.dashboard.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "argo-rollouts.fullname" . }}-dashboard + labels: + app.kubernetes.io/component: {{ .Values.dashboard.component }} + {{- include "argo-rollouts.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "argo-rollouts.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: {{ .Values.dashboard.component }} + strategy: + type: Recreate + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "argo-rollouts.selectorLabels" . | nindent 8 }} + app.kubernetes.io/component: {{ .Values.dashboard.component }} + {{- range $key, $value := .Values.podLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "argo-rollouts.serviceAccountName" . }}-dashboard + containers: + - image: "{{ .Values.dashboard.image.registry }}/{{ .Values.dashboard.image.repository }}:{{ default .Chart.AppVersion .Values.dashboard.image.tag }}" + imagePullPolicy: {{ .Values.dashboard.image.pullPolicy }} + name: argo-rollouts-dashboard + ports: + - containerPort: 3100 + name: dashboard + securityContext: + {{- toYaml .Values.dashboard.containerSecurityContext | nindent 10 }} + resources: + {{- toYaml .Values.dashboard.resources | nindent 10 }} + {{- if .Values.dashboard.nodeSelector }} + nodeSelector: + {{- toYaml .Values.dashboard.nodeSelector | nindent 8 }} + {{- end }} + securityContext: + {{- toYaml .Values.dashboard.podSecurityContext | nindent 8 }} + {{- if .Values.dashboard.tolerations }} + tolerations: + {{- toYaml .Values.dashboard.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.dashboard.affinity }} + affinity: + {{- toYaml .Values.dashboard.affinity | nindent 8 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/argo-rollouts/templates/dashboard/sa.yaml b/charts/argo-rollouts/templates/dashboard/sa.yaml new file mode 100644 index 00000000..ff0c7300 --- /dev/null +++ b/charts/argo-rollouts/templates/dashboard/sa.yaml @@ -0,0 +1,13 @@ +{{- if and .Values.dashboard.enabled .Values.dashboard.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "argo-rollouts.serviceAccountName" . }}-dashboard + labels: + app.kubernetes.io/component: {{ .Values.dashboard.component }} + {{- include "argo-rollouts.labels" . | nindent 4 }} + {{- with .Values.dashboard.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/argo-rollouts/templates/dashboard/service.yaml b/charts/argo-rollouts/templates/dashboard/service.yaml new file mode 100644 index 00000000..d2bd432b --- /dev/null +++ b/charts/argo-rollouts/templates/dashboard/service.yaml @@ -0,0 +1,22 @@ +{{- if .Values.dashboard.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "argo-rollouts.fullname" . }}-dashboard + labels: + app.kubernetes.io/component: {{ .Values.dashboard.component }} + {{- include "argo-rollouts.labels" . | nindent 4 }} + {{- with .Values.serviceAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + ports: + - name: dashboard + protocol: TCP + port: 3100 + targetPort: 3100 + selector: + app.kubernetes.io/component: {{ .Values.dashboard.component }} + {{- include "argo-rollouts.selectorLabels" . | nindent 4 }} +{{- end }} diff --git a/charts/argo-rollouts/values.yaml b/charts/argo-rollouts/values.yaml index e52e8902..4c288b98 100644 --- a/charts/argo-rollouts/values.yaml +++ b/charts/argo-rollouts/values.yaml @@ -94,3 +94,28 @@ podLabels: {} # Secrets with credentials to pull images from a private registry imagePullSecrets: [] # - name: argo-pull-secret + +dashboard: + enabled: false + component: rollouts-dashboard + ## Node selectors and tolerations for server scheduling to nodes with taints + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + nodeSelector: {} + tolerations: [] + affinity: {} + image: + registry: quay.io + repository: argoproj/kubectl-argo-rollouts + tag: "" + pullPolicy: IfNotPresent + resources: {} + podSecurityContext: + runAsNonRoot: true + containerSecurityContext: {} + serviceAccount: + create: true + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: ""