DevFW-CICD/argocd-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'master' into ocp-clusterrole

Browse source
This commit is contained in:
John Kost 2020-10-08 08:42:08 -04:00 committed by GitHub
commit 828034c6a9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
55 changed files with 3662 additions and 714 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored
View file

@ -3,3 +3,4 @@ output
.DS_Store
.idea
**/*.tgz
**/charts/*/charts

4
charts/argo-cd/Chart.yaml
View file

@ -1,8 +1,8 @@
apiVersion: v1
appVersion: "1.6.2"
appVersion: 1.7.6
description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes.
name: argo-cd
version: 2.6.0
version: 2.9.0
home: https://github.com/argoproj/argo-helm
icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
keywords:

7
charts/argo-cd/README.md
View file

@ -62,7 +62,7 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i
|-----|------|---------|
| global.image.imagePullPolicy | If defined, a imagePullPolicy applied to all ArgoCD deployments. | `"IfNotPresent"` |
| global.image.repository | If defined, a repository applied to all ArgoCD deployments. | `"argoproj/argocd"` |
| global.image.tag | If defined, a tag applied to all ArgoCD deployments. | `"v1.6.1"` |
| global.image.tag | If defined, a tag applied to all ArgoCD deployments. | `"v1.7.6"` |
| global.securityContext | Toggle and define securityContext | See [values.yaml](values.yaml) |
| global.imagePullSecrets | If defined, uses a Secret to pull an image from a private Docker registry or repository. | `[]` |
| global.hostAliases | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | `[]` |
@ -273,6 +273,11 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i
| dex.initImage.repository | Argo CD init image repository. | `global.image.repository` |
| dex.initImage.imagePullPolicy | Argo CD init image imagePullPolicy | `global.image.imagePullPolicy` |
| dex.initImage.tag | Argo CD init image tag | `global.image.tag` |
| dex.metrics.enabled | Deploy metrics service | `false` |
| dex.metrics.service.annotations | Metrics service annotations | `{}` |
| dex.metrics.service.labels | Metrics service labels | `{}` |
| dex.metrics.serviceMonitor.enabled | Enable a prometheus ServiceMonitor. | `false` |
| dex.metrics.serviceMonitor.selector | Prometheus ServiceMonitor selector. | `{}` |
| dex.name | Dex name | `"dex-server"` |
| dex.env | Environment variables for the Dex server. | `[]` |
| dex.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` |

679
charts/argo-cd/crds/crd-application.yaml
View file

File diff suppressed because it is too large Load diff

162
charts/argo-cd/crds/crd-project.yaml
View file

@ -20,34 +20,37 @@ spec:
scope: Namespaced
validation:
openAPIV3Schema:
description: 'AppProject provides a logical grouping of applications, providing
controls for: * where the apps may deploy to (cluster whitelist) * what may
be deployed (repository whitelist, resource whitelist/blacklist) * who can
access these applications (roles, OIDC group claims bindings) * and what they
can do (RBAC policies) * automation access to these roles (JWT tokens)'
description: 'AppProject provides a logical grouping of applications, providing controls for: * where the apps may deploy to (cluster whitelist) * what may be deployed (repository whitelist, resource whitelist/blacklist) * who can access these applications (roles, OIDC group claims bindings) * and what they can do (RBAC policies) * automation access to these roles (JWT tokens)'
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AppProjectSpec is the specification of an AppProject
properties:
clusterResourceWhitelist:
description: ClusterResourceWhitelist contains list of whitelisted cluster
level resources
clusterResourceBlacklist:
description: ClusterResourceBlacklist contains list of blacklisted cluster level resources
items:
description: GroupKind specifies a Group and a Kind, but does not
force a version. This is useful for identifying concepts during
lookup stages without having partially valid types
description: GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types
properties:
group:
type: string
kind:
type: string
required:
- group
- kind
type: object
type: array
clusterResourceWhitelist:
description: ClusterResourceWhitelist contains list of whitelisted cluster level resources
items:
description: GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types
properties:
group:
type: string
@ -62,29 +65,25 @@ spec:
description: Description contains optional project description
type: string
destinations:
description: Destinations contains list of destinations available for
deployment
description: Destinations contains list of destinations available for deployment
items:
description: ApplicationDestination contains deployment destination
information
description: ApplicationDestination contains deployment destination information
properties:
name:
description: Name of the destination cluster which can be used instead of server (url) field
type: string
namespace:
description: Namespace overrides the environment namespace value
in the ksonnet app.yaml
description: Namespace overrides the environment namespace value in the ksonnet app.yaml
type: string
server:
description: Server overrides the environment server value in
the ksonnet app.yaml
description: Server overrides the environment server value in the ksonnet app.yaml
type: string
type: object
type: array
namespaceResourceBlacklist:
description: NamespaceResourceBlacklist contains list of blacklisted
namespace level resources
description: NamespaceResourceBlacklist contains list of blacklisted namespace level resources
items:
description: GroupKind specifies a Group and a Kind, but does not
force a version. This is useful for identifying concepts during
lookup stages without having partially valid types
description: GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types
properties:
group:
type: string
@ -96,12 +95,9 @@ spec:
type: object
type: array
namespaceResourceWhitelist:
description: NamespaceResourceWhitelist contains list of whitelisted
namespace level resources
description: NamespaceResourceWhitelist contains list of whitelisted namespace level resources
items:
description: GroupKind specifies a Group and a Kind, but does not
force a version. This is useful for identifying concepts during
lookup stages without having partially valid types
description: GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types
properties:
group:
type: string
@ -113,17 +109,25 @@ spec:
type: object
type: array
orphanedResources:
description: OrphanedResources specifies if controller should monitor
orphaned resources of apps in this project
description: OrphanedResources specifies if controller should monitor orphaned resources of apps in this project
properties:
ignore:
items:
properties:
group:
type: string
kind:
type: string
name:
type: string
type: object
type: array
warn:
description: Warn indicates if warning condition should be created
for apps which have orphaned resources
description: Warn indicates if warning condition should be created for apps which have orphaned resources
type: boolean
type: object
roles:
description: Roles are user defined RBAC roles associated with this
project
description: Roles are user defined RBAC roles associated with this project
items:
description: ProjectRole represents a role that has access to a project
properties:
@ -131,17 +135,14 @@ spec:
description: Description is a description of the role
type: string
groups:
description: Groups are a list of OIDC group claims bound to this
role
description: Groups are a list of OIDC group claims bound to this role
items:
type: string
type: array
jwtTokens:
description: JWTTokens are a list of generated JWT tokens bound
to this role
description: JWTTokens are a list of generated JWT tokens bound to this role
items:
description: JWTToken holds the issuedAt and expiresAt values
of a token
description: JWTToken holds the issuedAt and expiresAt values of a token
properties:
exp:
format: int64
@ -159,8 +160,7 @@ spec:
description: Name is a name for this role
type: string
policies:
description: Policies Stores a list of casbin formated strings
that define access policies for the role in the project
description: Policies Stores a list of casbin formated strings that define access policies for the role in the project
items:
type: string
type: array
@ -168,55 +168,83 @@ spec:
- name
type: object
type: array
signatureKeys:
description: List of PGP key IDs that commits to be synced to must be signed with
items:
description: SignatureKey is the specification of a key required to verify commit signatures with
properties:
keyID:
description: The ID of the key in hexadecimal notation
type: string
required:
- keyID
type: object
type: array
sourceRepos:
description: SourceRepos contains list of repository URLs which can
be used for deployment
description: SourceRepos contains list of repository URLs which can be used for deployment
items:
type: string
type: array
syncWindows:
description: SyncWindows controls when syncs can be run for apps in
this project
description: SyncWindows controls when syncs can be run for apps in this project
items:
description: SyncWindow contains the kind, time, duration and attributes
that are used to assign the syncWindows to apps
description: SyncWindow contains the kind, time, duration and attributes that are used to assign the syncWindows to apps
properties:
applications:
description: Applications contains a list of applications that
the window will apply to
description: Applications contains a list of applications that the window will apply to
items:
type: string
type: array
clusters:
description: Clusters contains a list of clusters that the window
will apply to
description: Clusters contains a list of clusters that the window will apply to
items:
type: string
type: array
duration:
description: Duration is the amount of time the sync window will
be open
description: Duration is the amount of time the sync window will be open
type: string
kind:
description: Kind defines if the window allows or blocks syncs
type: string
manualSync:
description: ManualSync enables manual syncs when they would otherwise
be blocked
description: ManualSync enables manual syncs when they would otherwise be blocked
type: boolean
namespaces:
description: Namespaces contains a list of namespaces that the
window will apply to
description: Namespaces contains a list of namespaces that the window will apply to
items:
type: string
type: array
schedule:
description: Schedule is the time the window will begin, specified
in cron format
description: Schedule is the time the window will begin, specified in cron format
type: string
type: object
type: array
type: object
status:
description: AppProjectStatus contains information about appproj
properties:
jwtTokensByRole:
additionalProperties:
properties:
items:
items:
description: JWTToken holds the issuedAt and expiresAt values of a token
properties:
exp:
format: int64
type: integer
iat:
format: int64
type: integer
id:
type: string
required:
- iat
type: object
type: array
type: object
type: object
type: object
required:
- metadata
- spec

2
charts/argo-cd/templates/argocd-application-controller/deployment.yaml
View file

@ -56,6 +56,8 @@ spec:
- {{ .Values.controller.args.appResyncPeriod | quote }}
- --repo-server
- {{ template "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }}
- --logformat
- {{ .Values.controller.logFormat }}
- --loglevel
- {{ .Values.controller.logLevel }}
{{- if or (and .Values.redis.enabled (not $redisHa.enabled)) (and $redisHa.enabled $redisHa.haproxy.enabled) }}

12
charts/argo-cd/templates/argocd-repo-server/deployment.yaml
View file

@ -52,14 +52,14 @@ spec:
image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default .Values.global.image.tag .Values.repoServer.image.tag }}
imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.repoServer.image.imagePullPolicy }}
command:
{{- if .Values.openshift.enabled }}
- uid_entrypoint.sh
{{- end }}
- argocd-repo-server
{{- if or (and .Values.redis.enabled (not $redisHa.enabled)) (and $redisHa.enabled $redisHa.haproxy.enabled) }}
- --redis
- {{ template "argo-cd.redis.fullname" . }}:{{ .Values.redis.servicePort }}
{{- end }}
- --logformat
- {{ .Values.repoServer.logFormat }}
- --loglevel
- {{ .Values.repoServer.logLevel }}
{{- with .Values.repoServer.extraArgs }}
@ -82,6 +82,10 @@ spec:
{{- if .Values.repoServer.volumeMounts }}
{{- toYaml .Values.repoServer.volumeMounts | nindent 8}}
{{- end }}
{{- if .Values.openshift.enabled }}
- mountPath: /app/config/gpg/keys
name: gpg-keyring
{{- end }}
{{- if .Values.configs.knownHosts }}
- mountPath: /app/config/ssh
name: ssh-known-hosts
@ -138,6 +142,10 @@ spec:
{{- if .Values.repoServer.volumes }}
{{- toYaml .Values.repoServer.volumes | nindent 6}}
{{- end }}
{{- if .Values.openshift.enabled }}
- emptyDir: {}
name: gpg-keyring
{{- end }}
{{- if .Values.configs.knownHosts }}
- configMap:
name: argocd-ssh-known-hosts-cm

4
charts/argo-cd/templates/argocd-server/certificate.yaml
View file

@ -1,5 +1,7 @@
{{- if .Values.server.certificate.enabled -}}
{{- if .Capabilities.APIVersions.Has "cert-manager.io/v1alpha3" }}
{{- if .Capabilities.APIVersions.Has "cert-manager.io/v1" }}
apiVersion: cert-manager.io/v1
{{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1alpha3" }}
apiVersion: cert-manager.io/v1alpha3
{{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1alpha2" }}
apiVersion: cert-manager.io/v1alpha2

2
charts/argo-cd/templates/argocd-server/deployment.yaml
View file

@ -61,6 +61,8 @@ spec:
- --dex-server
- http://{{ template "argo-cd.dex.fullname" . }}:{{ .Values.dex.servicePortHttp }}
{{- end }}
- --logformat
- {{ .Values.server.logFormat }}
- --loglevel
- {{ .Values.server.logLevel }}
{{- if or (and .Values.redis.enabled (not $redisHa.enabled)) (and $redisHa.enabled $redisHa.haproxy.enabled) }}

7
charts/argo-cd/templates/argocd-server/ingress-grpc.yaml
View file

@ -2,6 +2,7 @@
{{- $serviceName := include "argo-cd.server.fullname" . -}}
{{- $servicePort := ternary .Values.server.service.servicePortHttps .Values.server.service.servicePortHttp .Values.server.ingressGrpc.https -}}
{{- $paths := .Values.server.ingressGrpc.paths -}}
{{- $extraPaths := .Values.server.ingressGrpc.extraPaths -}}
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
apiVersion: networking.k8s.io/v1beta1
{{ else }}
@ -33,6 +34,9 @@ spec:
- host: {{ $host }}
http:
paths:
{{- if $extraPaths }}
{{- toYaml $extraPaths | nindent 10 }}
{{- end -}}
{{- range $p := $paths }}
- path: {{ $p }}
backend:
@ -43,6 +47,9 @@ spec:
{{- else }}
- http:
paths:
{{- if $extraPaths }}
{{- toYaml $extraPaths | nindent 10 }}
{{- end -}}
{{- range $p := $paths }}
- path: {{ $p }}
backend:

7
charts/argo-cd/templates/argocd-server/ingress.yaml
View file

@ -2,6 +2,7 @@
{{- $serviceName := include "argo-cd.server.fullname" . -}}
{{- $servicePort := ternary .Values.server.service.servicePortHttps .Values.server.service.servicePortHttp .Values.server.ingress.https -}}
{{- $paths := .Values.server.ingress.paths -}}
{{- $extraPaths := .Values.server.ingress.extraPaths -}}
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
apiVersion: networking.k8s.io/v1beta1
{{ else }}
@ -33,6 +34,9 @@ spec:
- host: {{ $host }}
http:
paths:
{{- if $extraPaths }}
{{- toYaml $extraPaths | nindent 10 }}
{{- end }}
{{- range $p := $paths }}
- path: {{ $p }}
backend:
@ -43,6 +47,9 @@ spec:
{{- else }}
- http:
paths:
{{- if $extraPaths }}
{{- toYaml $extraPaths | nindent 10 }}
{{- end }}
{{- range $p := $paths }}
- path: {{ $p }}
backend:

4
charts/argo-cd/templates/argocd-server/projects.yaml
View file

@ -46,5 +46,9 @@ items:
roles:
{{- toYaml .roles | nindent 8 }}
{{- end }}
{{- if .syncWindows }}
syncWindows:
{{- toYaml .syncWindows | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}

5
charts/argo-cd/templates/dex/deployment.yaml
View file

@ -80,6 +80,11 @@ spec:
- name: grpc
containerPort: {{ .Values.dex.containerPortGrpc }}
protocol: TCP
{{- if .Values.dex.metrics.enabled }}
- name: metrics
containerPort: {{ .Values.dex.containerPortMetrics }}
protocol: TCP
{{- end }}
{{- if .Values.dex.volumeMounts }}
volumeMounts:
{{- toYaml .Values.dex.volumeMounts | nindent 10 }}

6
charts/argo-cd/templates/dex/service.yaml
View file

@ -20,6 +20,12 @@ spec:
protocol: TCP
port: {{ .Values.dex.servicePortGrpc }}
targetPort: grpc
{{- if .Values.dex.metrics.enabled }}
- name: metrics
protocol: TCP
port: {{ .Values.dex.servicePortMetrics }}
targetPort: metrics
{{- end }}
selector:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.dex.name }}
app.kubernetes.io/instance: {{ .Release.Name }}

35
charts/argo-cd/templates/dex/servicemonitor.yaml Normal file
View file

@ -0,0 +1,35 @@
{{- if and .Values.dex.metrics.enabled .Values.dex.metrics.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "argo-cd.dex.fullname" . }}
{{- if .Values.dex.metrics.serviceMonitor.namespace }}
namespace: {{ .Values.dex.metrics.serviceMonitor.namespace }}
{{- end }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.dex.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.dex.name }}
{{- if .Values.dex.metrics.serviceMonitor.selector }}
{{- toYaml .Values.dex.metrics.serviceMonitor.selector | nindent 4 }}
{{- end }}
{{- if .Values.dex.metrics.serviceMonitor.additionalLabels }}
{{- toYaml .Values.dex.metrics.serviceMonitor.additionalLabels | nindent 4 }}
{{- end }}
spec:
endpoints:
- port: metrics
interval: 30s
path: /metrics
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
selector:
matchLabels:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.dex.name }}
app.kubernetes.io/component: {{ .Values.dex.name }}
{{- end }}

43
charts/argo-cd/values.yaml
View file

@ -10,7 +10,7 @@ installCRDs: true
global:
image:
repository: argoproj/argocd
tag: v1.6.2
tag: v1.7.6
imagePullPolicy: IfNotPresent
securityContext: {}
# runAsUser: 999
@ -28,7 +28,7 @@ controller:
image:
repository: # argoproj/argocd
tag: # v1.6.2
tag: # v1.7.6
imagePullPolicy: # IfNotPresent
## Argo controller commandline flags
@ -37,6 +37,8 @@ controller:
operationProcessors: "10"
appResyncPeriod: "180"
## Argo controller log format: text|json
logFormat: text
## Argo controller log level
logLevel: info
@ -172,6 +174,14 @@ dex:
enabled: true
name: dex-server
metrics:
enabled: false
service:
annotations: {}
labels: {}
serviceMonitor:
enabled: false
image:
repository: quay.io/dexidp/dex
tag: v2.22.0
@ -212,6 +222,8 @@ dex:
servicePortHttp: 5556
containerPortGrpc: 5557
servicePortGrpc: 5557
containerPortMetrics: 5558
servicePortMetrics: 5558
## Node selectors and tolerations for server scheduling to nodes with taints
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
@ -330,7 +342,7 @@ server:
image:
repository: # argoproj/argocd
tag: # v1.6.1
tag: # v1.7.6
imagePullPolicy: # IfNotPresent
## Additional command line arguments to pass to argocd-server
@ -342,6 +354,8 @@ server:
##
env: []
## Argo server log format: text|json
logFormat: text
## Argo server log level
logLevel: info
@ -454,6 +468,12 @@ server:
# - argocd.example.com
paths:
- /
extraPaths:
[]
# - path: /*
# backend:
# serviceName: ssl-redirect
# servicePort: use-annotation
tls:
[]
# - secretName: argocd-example-tls
@ -476,6 +496,12 @@ server:
# - argocd.example.com
paths:
- /
extraPaths:
[]
# - path: /*
# backend:
# serviceName: ssl-redirect
# servicePort: use-annotation
tls:
[]
# - secretName: argocd-example-tls
@ -604,6 +630,13 @@ server:
# kind: StatefulSet
# orphanedResources: {}
# roles: []
# syncWindows:
# - kind: allow
# schedule: '10 1 * * *'
# duration: 1h
# applications:
# - '*-prod'
# manualSync: true
## Enable Admin ClusterRole resources.
## Enable if you would like to grant rights to ArgoCD to deploy to the local Kubernetes cluster.
@ -635,7 +668,7 @@ repoServer:
image:
repository: # argoproj/argocd
tag: # v1.6.1
tag: # v1.7.6
imagePullPolicy: # IfNotPresent
## Additional command line arguments to pass to argocd-repo-server
@ -646,6 +679,8 @@ repoServer:
##
env: []
## Argo repoServer log format: text|json
logFormat: text
## Argo repoServer log level
logLevel: info

2
charts/argo-ci/Chart.yaml
View file

@ -1,7 +1,7 @@
apiVersion: v1
description: A Helm chart for Argo-CI
name: argo-ci
version: 0.1.6
version: 0.1.7
icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
appVersion: v1.0.0-alpha2
home: https://github.com/argoproj/argo-helm

4
charts/argo-ci/templates/ci-deployment.yaml
View file

@ -33,3 +33,7 @@ spec:
ports:
- containerPort: 8001
- containerPort: 8002
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}

3
charts/argo-ci/values.yaml
View file

@ -2,6 +2,9 @@ imageNamespace: argoproj
ciImage: argoci
imageTag: v1.0.0-alpha2
imagePullPolicy: Always
# Secrets with credentials to pull images from a private registry
imagePullSecrets: []
# - name: argo-pull-secret
workflowNamespace: default
argo:

4
charts/argo-events/Chart.yaml
View file

@ -1,7 +1,7 @@
apiVersion: v1
description: A Helm chart to install Argo-Events in k8s Cluster
name: argo-events
version: 0.17.0
version: 1.0.0
keywords:
- argo-events
- sensor-controller
@ -12,6 +12,6 @@ sources:
maintainers:
- name: VaibhavPage
- name: whynowy
appVersion: 0.17.0
appVersion: 1.0.0
icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
home: https://github.com/argoproj/argo-helm

4
charts/argo-events/templates/eventbus-controller-deployment.yaml
View file

@ -37,3 +37,7 @@ spec:
value: {{ .Values.eventbusController.natsStreamingImage }}
- name: NATS_METRICS_EXPORTER_IMAGE
value: {{ .Values.eventbusController.natsMetricsExporterImage }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}

3
charts/argo-events/templates/eventbus-crd.yaml
View file

@ -3,6 +3,9 @@ apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: eventbus.argoproj.io
annotations:
helm.sh/hook: crd-install
helm.sh/hook-delete-policy: before-hook-creation
spec:
group: argoproj.io
names:

4
charts/argo-events/templates/eventsource-controller-deployment.yaml
View file

@ -35,3 +35,7 @@ spec:
fieldPath: metadata.namespace
- name: EVENTSOURCE_IMAGE
value: "{{ .Values.registry }}/{{ .Values.eventsourceController.eventsourceImage }}:{{ .Values.eventsourceController.tag }}"
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}

3
charts/argo-events/templates/eventsource-crd.yaml
View file

@ -3,6 +3,9 @@ apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: eventsources.argoproj.io
annotations:
helm.sh/hook: crd-install
helm.sh/hook-delete-policy: before-hook-creation
spec:
group: argoproj.io
scope: Namespaced

4
charts/argo-events/templates/sensor-controller-deployment.yaml
View file

@ -35,3 +35,7 @@ spec:
fieldPath: metadata.namespace
- name: SENSOR_IMAGE
value: "{{ .Values.registry }}/{{ .Values.sensorController.sensorImage }}:{{ .Values.sensorController.tag }}"
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}

3
charts/argo-events/templates/sensor-crd.yaml
View file

@ -4,6 +4,9 @@ apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: sensors.argoproj.io
annotations:
helm.sh/hook: crd-install
helm.sh/hook-delete-policy: before-hook-creation
spec:
group: argoproj.io
names:

10
charts/argo-events/values.yaml
View file

@ -4,6 +4,10 @@ registry: argoproj
# The image pull policy
imagePullPolicy: Always
# Secrets with credentials to pull images from a private registry
imagePullSecrets: []
# - name: argo-pull-secret
# If set to false, skip installing the CRDs. Requires user to have them installed prior to helm chart installation.
installCRD: true
@ -42,21 +46,21 @@ singleNamespace: true
sensorController:
name: sensor-controller
image: sensor-controller
tag: v0.17.0
tag: v1.0.0
replicaCount: 1
sensorImage: sensor
eventsourceController:
name: eventsource-controller
image: eventsource-controller
tag: v0.17.0
tag: v1.0.0
replicaCount: 1
eventsourceImage: eventsource
eventbusController:
name: eventbus-controller
image: eventbus-controller
tag: v0.17.0
tag: v1.0.0
replicaCount: 1
natsStreamingImage: nats-streaming:0.17.0
natsMetricsExporterImage: synadia/prometheus-nats-exporter:0.6.2

4
charts/argo-rollouts/Chart.yaml
View file

@ -1,8 +1,8 @@
apiVersion: v1
appVersion: "0.8.0"
appVersion: "0.9.1"
description: A Helm chart for Argo Rollouts
name: argo-rollouts
version: 0.3.2
version: 0.3.7
icon: https://raw.githubusercontent.com/argoproj/argo/master/argo.png
home: https://github.com/argoproj/argo-helm
maintainers:

2
charts/argo-rollouts/README.md
View file

@ -2,7 +2,7 @@ Argo Rollouts Chart
=============
A Helm chart for Argo Rollouts, progressive delivery for Kubernetes.
Current chart version is `0.3.1`
Current chart version is `0.3.7`
Source code can be found [here](https://github.com/argoproj/argo-rollouts)

32
charts/argo-rollouts/templates/argo-rollouts-clusterrole.yaml
View file

@ -47,6 +47,12 @@ rules:
- watch
- update
- patch
- apiGroups:
- argoproj.io
resources:
- rollouts/finalizers
verbs:
- update
- apiGroups:
- argoproj.io
resources:
@ -60,10 +66,18 @@ rules:
- update
- patch
- delete
- apiGroups:
- argoproj.io
resources:
- analysisruns/finalizers
- experiments/finalizers
verbs:
- update
- apiGroups:
- argoproj.io
resources:
- analysistemplates
- clusteranalysistemplates
verbs:
- get
- list
@ -106,6 +120,24 @@ rules:
- watch
- get
- update
- list
- apiGroups:
- split.smi-spec.io
resources:
- trafficsplits
verbs:
- create
- watch
- get
- update
- patch
- apiGroups:
- ""
resources:
- pods
verbs:
- list
- delete
- apiGroups:
- "*"
resources:

4
charts/argo-rollouts/templates/argo-rollouts-metrics-service.yaml
View file

@ -6,6 +6,10 @@ metadata:
app.kubernetes.io/component: server
app.kubernetes.io/name: {{ .Release.Name }}-metrics
app.kubernetes.io/part-of: {{ .Release.Name }}
annotations:
{{- range $key, $value := .Values.serviceAnnotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
ports:
- name: metrics

38
charts/argo-rollouts/templates/argo-rollouts-role.yaml
View file

@ -28,6 +28,14 @@ rules:
- list
- watch
- patch
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- argoproj.io
resources:
@ -38,6 +46,12 @@ rules:
- watch
- update
- patch
- apiGroups:
- argoproj.io
resources:
- rollouts/finalizers
verbs:
- update
- apiGroups:
- argoproj.io
resources:
@ -51,10 +65,18 @@ rules:
- update
- patch
- delete
- apiGroups:
- argoproj.io
resources:
- analysisruns/finalizers
- experiments/finalizers
verbs:
- update
- apiGroups:
- argoproj.io
resources:
- analysistemplates
- clusteranalysistemplates
verbs:
- get
- list
@ -90,17 +112,9 @@ rules:
- update
- patch
- apiGroups:
- ""
- ""
resources:
- secrets
- pods
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- pods
verbs:
- list
- delete
- list
- delete

72
charts/argo-rollouts/templates/crds/analysis-run-crd.yaml
View file

@ -84,6 +84,15 @@ spec:
job:
properties:
metadata:
properties:
annotations:
additionalProperties:
type: string
type: object
labels:
additionalProperties:
type: string
type: object
type: object
spec:
properties:
@ -127,6 +136,15 @@ spec:
template:
properties:
metadata:
properties:
annotations:
additionalProperties:
type: string
type: object
labels:
additionalProperties:
type: string
type: object
type: object
spec:
properties:
@ -748,23 +766,6 @@ spec:
type: integer
type: object
resources:
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
type: object
securityContext:
properties:
@ -1304,23 +1305,6 @@ spec:
type: integer
type: object
resources:
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
type: object
securityContext:
properties:
@ -1864,23 +1848,6 @@ spec:
type: integer
type: object
resources:
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
type: object
securityContext:
properties:
@ -2740,6 +2707,8 @@ spec:
- value
type: object
type: array
insecure:
type: boolean
jsonPath:
type: string
timeoutSeconds:
@ -2747,7 +2716,6 @@ spec:
url:
type: string
required:
- jsonPath
- url
type: object
type: object

72
charts/argo-rollouts/templates/crds/analysis-template-crd.yaml
View file

@ -78,6 +78,15 @@ spec:
job:
properties:
metadata:
properties:
annotations:
additionalProperties:
type: string
type: object
labels:
additionalProperties:
type: string
type: object
type: object
spec:
properties:
@ -121,6 +130,15 @@ spec:
template:
properties:
metadata:
properties:
annotations:
additionalProperties:
type: string
type: object
labels:
additionalProperties:
type: string
type: object
type: object
spec:
properties:
@ -742,23 +760,6 @@ spec:
type: integer
type: object
resources:
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
type: object
securityContext:
properties:
@ -1298,23 +1299,6 @@ spec:
type: integer
type: object
resources:
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
type: object
securityContext:
properties:
@ -1858,23 +1842,6 @@ spec:
type: integer
type: object
resources:
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
type: object
securityContext:
properties:
@ -2734,6 +2701,8 @@ spec:
- value
type: object
type: array
insecure:
type: boolean
jsonPath:
type: string
timeoutSeconds:
@ -2741,7 +2710,6 @@ spec:
url:
type: string
required:
- jsonPath
- url
type: object
type: object

2734
charts/argo-rollouts/templates/crds/cluster-analysis-template-crd.yaml Normal file
View file

File diff suppressed because it is too large Load diff

62
charts/argo-rollouts/templates/crds/experiment-crd.yaml
View file

@ -59,6 +59,8 @@ spec:
- name
type: object
type: array
clusterScope:
type: boolean
name:
type: string
requiredForCompletion:
@ -112,6 +114,15 @@ spec:
template:
properties:
metadata:
properties:
annotations:
additionalProperties:
type: string
type: object
labels:
additionalProperties:
type: string
type: object
type: object
spec:
properties:
@ -733,23 +744,6 @@ spec:
type: integer
type: object
resources:
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
type: object
securityContext:
properties:
@ -1289,23 +1283,6 @@ spec:
type: integer
type: object
resources:
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
type: object
securityContext:
properties:
@ -1849,23 +1826,6 @@ spec:
type: integer
type: object
resources:
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
type: object
securityContext:
properties:

146
charts/argo-rollouts/templates/crds/rollout-crd.yaml
View file

@ -132,15 +132,17 @@ spec:
- name
type: object
type: array
clusterScope:
type: boolean
templateName:
type: string
templates:
items:
properties:
clusterScope:
type: boolean
templateName:
type: string
required:
- templateName
type: object
type: array
type: object
@ -162,15 +164,17 @@ spec:
- name
type: object
type: array
clusterScope:
type: boolean
templateName:
type: string
templates:
items:
properties:
clusterScope:
type: boolean
templateName:
type: string
required:
- templateName
type: object
type: array
type: object
@ -208,6 +212,8 @@ spec:
- name
type: object
type: array
clusterScope:
type: boolean
startingStep:
format: int32
type: integer
@ -216,10 +222,10 @@ spec:
templates:
items:
properties:
clusterScope:
type: boolean
templateName:
type: string
required:
- templateName
type: object
type: array
type: object
@ -271,15 +277,17 @@ spec:
- name
type: object
type: array
clusterScope:
type: boolean
templateName:
type: string
templates:
items:
properties:
clusterScope:
type: boolean
templateName:
type: string
required:
- templateName
type: object
type: array
type: object
@ -304,6 +312,8 @@ spec:
- name
type: object
type: array
clusterScope:
type: boolean
name:
type: string
templateName:
@ -388,6 +398,8 @@ spec:
type: string
ingress:
type: string
rootService:
type: string
servicePort:
format: int32
type: integer
@ -425,12 +437,28 @@ spec:
required:
- stableIngress
type: object
smi:
properties:
rootService:
type: string
trafficSplitName:
type: string
type: object
type: object
type: object
type: object
template:
properties:
metadata:
properties:
annotations:
additionalProperties:
type: string
type: object
labels:
additionalProperties:
type: string
type: object
type: object
spec:
properties:
@ -1052,23 +1080,6 @@ spec:
type: integer
type: object
resources:
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
type: object
securityContext:
properties:
@ -1608,23 +1619,6 @@ spec:
type: integer
type: object
resources:
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
type: object
securityContext:
properties:
@ -2168,23 +2162,6 @@ spec:
type: integer
type: object
resources:
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
type: object
securityContext:
properties:
@ -2935,6 +2912,9 @@ spec:
type: integer
abort:
type: boolean
abortedAt:
format: date-time
type: string
availableReplicas:
format: int32
type: integer
@ -2944,8 +2924,32 @@ spec:
type: string
postPromotionAnalysisRun:
type: string
postPromotionAnalysisRunStatus:
properties:
message:
type: string
name:
type: string
status:
type: string
required:
- name
- status
type: object
prePromotionAnalysisRun:
type: string
prePromotionAnalysisRunStatus:
properties:
message:
type: string
name:
type: string
status:
type: string
required:
- name
- status
type: object
previewSelector:
type: string
previousActiveSelector:
@ -2960,10 +2964,34 @@ spec:
properties:
currentBackgroundAnalysisRun:
type: string
currentBackgroundAnalysisRunStatus:
properties:
message:
type: string
name:
type: string
status:
type: string
required:
- name
- status
type: object
currentExperiment:
type: string
currentStepAnalysisRun:
type: string
currentStepAnalysisRunStatus:
properties:
message:
type: string
name:
type: string
status:
type: string
required:
- name
- status
type: object
stableRS:
type: string
type: object

12
charts/argo-rollouts/values.yaml
View file

@ -13,7 +13,7 @@ controller:
affinity: {}
image:
repository: argoproj/argo-rollouts
tag: v0.8.0
tag: v0.9.1
pullPolicy: IfNotPresent
resources: {}
@ -28,12 +28,18 @@ controller:
serviceAccount:
name: argo-rollouts
## Annotations to be added to the Redis server pods
## Annotations to be added to the Rollout pods
##
podAnnotations: {}
## Labels to be added to the Redis server pods
## Annotations to be added to the Rollout service
##
serviceAnnotations: {}
## Labels to be added to the Rollout pods
##
podLabels: {}
# Secrets with credentials to pull images from a private registry
imagePullSecrets: []
# - name: argo-pull-secret

2
charts/argo/Chart.yaml
View file

@ -2,7 +2,7 @@ apiVersion: v1
appVersion: v2.8.0
description: A Helm chart for Argo Workflows
name: argo
version: 0.9.8
version: 0.12.2
icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
home: https://github.com/argoproj/argo-helm
maintainers:

1
charts/argo/templates/server-cluster-roles.yaml
View file

@ -8,6 +8,7 @@ rules:
- ""
resources:
- configmaps
- events
verbs:
- get
- watch

2
charts/argo/templates/server-crb.yaml
View file

@ -1,4 +1,4 @@
{{- if .Values.server.enabled -}}
{{- if and .Values.server.enabled .Values.server.createServiceAccount -}}
apiVersion: rbac.authorization.k8s.io/v1
{{- if .Values.singleNamespace }}
kind: RoleBinding

8
charts/argo/templates/server-deployment.yaml
View file

@ -26,6 +26,10 @@ spec:
{{ toYaml .Values.server.podAnnotations | indent 8}}{{- end }}
spec:
serviceAccountName: {{ .Values.server.serviceAccount | quote }}
{{- if .Values.server.podSecurityContext }}
securityContext:
{{- toYaml .Values.server.podSecurityContext | nindent 8 }}
{{- end }}
containers:
- name: argo-server
args:
@ -67,6 +71,10 @@ spec:
volumeMounts:
{{- toYaml . | nindent 12}}
{{- end }}
{{- with .Values.images.pullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.server.volumes }}
volumes:
{{- toYaml . | nindent 8}}

2
charts/argo/templates/server-sa.yaml
View file

@ -1,4 +1,4 @@
{{- if .Values.server.enabled -}}
{{- if and .Values.server.enabled .Values.server.createServiceAccount -}}
apiVersion: v1
kind: ServiceAccount
metadata:

9
charts/argo/templates/workflow-controller-cluster-roles.yaml
View file

@ -73,6 +73,7 @@ rules:
- events
verbs:
- create
- patch
- apiGroups:
- ""
resources:
@ -80,6 +81,14 @@ rules:
verbs:
- get
- list
- apiGroups:
- "policy"
resources:
- poddisruptionbudgets
verbs:
- create
- get
- delete
{{- if .Values.controller.persistence }}
- apiGroups:
- ""

13
charts/argo/templates/workflow-controller-config-map.yaml
View file

@ -16,7 +16,7 @@ data:
{{- end }}
{{- end }}
containerRuntimeExecutor: {{ .Values.controller.containerRuntimeExecutor }}
{{- if or .Values.executor.resources .Values.executor.env }}
{{- if or .Values.executor.resources .Values.executor.env .Values.executor.securityContext}}
executor:
{{- with .Values.executor.resources }}
resources: {{- toYaml . | nindent 8 }}
@ -24,12 +24,19 @@ data:
{{- with .Values.executor.env }}
env: {{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.executor.securityContext }}
securityContext: {{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- if or .Values.minio.install .Values.useDefaultArtifactRepo }}
artifactRepository:
{{- if .Values.artifactRepository.archiveLogs }}
archiveLogs: {{ .Values.artifactRepository.archiveLogs }}
{{- end }}
{{- if .Values.artifactRepository.gcs }}
gcs:
{{ toYaml .Values.artifactRepository.gcs | indent 8}}
{{- else }}
s3:
{{- if .Values.useStaticCredentials }}
accessKeySecret:
@ -54,6 +61,7 @@ data:
{{- if .Values.artifactRepository.s3.useSDKCreds }}
useSDKCreds: {{ .Values.artifactRepository.s3.useSDKCreds }}
{{- end }}
{{- end }}
{{- end}}
{{- if .Values.controller.metricsConfig.enabled }}
metricsConfig:
@ -70,3 +78,6 @@ data:
{{- with .Values.server.sso }}
sso: {{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.controller.workflowRestrictions }}
workflowRestrictions: {{- toYaml . | nindent 6 }}
{{- end }}

8
charts/argo/templates/workflow-controller-deployment.yaml
View file

@ -26,6 +26,10 @@ spec:
{{ toYaml .Values.controller.podAnnotations | indent 8}}{{- end }}
spec:
serviceAccountName: {{ .Values.controller.serviceAccount | quote }}
{{- if .Values.controller.podSecurityContext }}
securityContext:
{{- toYaml .Values.controller.podSecurityContext | nindent 8 }}
{{- end }}
containers:
- name: controller
image: "{{ .Values.images.namespace }}/{{ .Values.images.controller }}:{{ default .Values.images.tag .Values.controller.image.tag }}"
@ -63,6 +67,10 @@ spec:
ports:
- containerPort: 8080
{{- end }}
{{- with .Values.images.pullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.controller.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}

19
charts/argo/templates/workflow-rb.yaml Normal file
View file

@ -0,0 +1,19 @@
{{- if .Values.workflow.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ .Release.Name }}-workflow
{{- if .Values.workflow.namespace }}
namespace: {{ .Values.workflow.namespace }}
{{- end }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ .Release.Name }}-workflow
subjects:
- kind: ServiceAccount
name: {{ .Values.workflow.serviceAccount.name }}
{{- if .Values.workflow.namespace }}
namespace: {{ .Values.workflow.namespace }}
{{- end }}
{{- end }}

25
charts/argo/templates/workflow-role.yaml Normal file
View file

@ -0,0 +1,25 @@
{{- if .Values.workflow.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ .Release.Name }}-workflow
{{- if .Values.workflow.namespace }}
namespace: {{ .Values.workflow.namespace }}
{{- end }}
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- watch
- patch
- apiGroups:
- ""
resources:
- pods/log
verbs:
- get
- watch
{{- end }}

13
charts/argo/templates/workflow-sa.yaml Normal file
View file

@ -0,0 +1,13 @@
{{- if .Values.workflow.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Values.workflow.serviceAccount.name }}
{{- if .Values.workflow.namespace }}
namespace: {{ .Values.workflow.namespace }}
{{- end }}
{{- with .Values.workflow.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

44
charts/argo/values.yaml
View file

@ -4,6 +4,9 @@ images:
server: argocli
executor: argoexec
pullPolicy: Always
# Secrets with credentials to pull images from a private registry
pullSecrets: []
# - name: argo-pull-secret
tag: v2.7.6
crdVersion: v1alpha1
@ -20,6 +23,15 @@ createAggregateRoles: true
# and start argo-cli with the --namespaced flag. Use it in clusters with strict access policy.
singleNamespace: false
workflow:
namespace: "" # Speficy namespace if workflows run in another namespace than argo. This controls where the service account and RBAC resources will be created.
serviceAccount:
create: false # Specifies whether a service account should be created
annotations: {}
name: "argo-workflow" # Service account which is used to run workflows
rbac:
create: false # adds Role and RoleBinding for the above specified service account to be able to run workflows
controller:
image:
# Overrides .images.tag if defined.
@ -28,6 +40,8 @@ controller:
podAnnotations: {}
# Optional labels to add to the controller pods
podLabels: {}
# SecurityContext to set on the controller pods
podSecurityContext: {}
# podPortName: http
metricsConfig:
enabled: false
@ -59,6 +73,8 @@ controller:
# secondsAfterCompletion: 84600
# workflowWorkers: 32
# podWorkers: 32
workflowRestrictions: {} # Only valid for 2.9+
# templateReferencing: Strict|Secure
telemetryConfig:
enabled: false
path: /telemetry
@ -105,7 +121,8 @@ controller:
## Node selectors and tolerations for server scheduling to nodes with taints
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
##
nodeSelector: {}
nodeSelector:
kubernetes.io/os: linux
tolerations: []
affinity: {}
@ -117,6 +134,8 @@ executor:
resources: {}
# Adds environment variables for the executor.
env: {}
# sets security context for the executor container
securityContext: {}
server:
enabled: true
@ -131,11 +150,16 @@ server:
podAnnotations: {}
# Optional labels to add to the UI pods
podLabels: {}
# SecurityContext to set on the server pods
podSecurityContext: {}
name: server
serviceType: ClusterIP
servicePort: 2746
# servicePortName: http
serviceAccount: argo-server
# Whether to create the service account with the name specified in
# server.serviceAccount and bind it to the server role.
createServiceAccount: true
# Service account annotations
serviceAccountAnnotations: {}
# Annotations to be applied to the UI Service
@ -157,7 +181,8 @@ server:
## Node selectors and tolerations for server scheduling to nodes with taints
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
##
nodeSelector: {}
nodeSelector:
kubernetes.io/os: linux
tolerations: []
affinity: {}
@ -240,6 +265,21 @@ artifactRepository:
# region:
# roleARN:
# useSDKCreds: true
# gcs:
# bucket: <project>-argo
# keyFormat: "{{workflow.namespace}}/{{workflow.name}}/"
# serviceAccountKeySecret is a secret selector.
# It references the k8s secret named 'my-gcs-credentials'.
# This secret is expected to have have the key 'serviceAccountKey',
# containing the base64 encoded credentials
# to the bucket.
#
# If it's running on GKE and Workload Identity is used,
# serviceAccountKeySecret is not needed.
# serviceAccountKeySecret:
# name: my-gcs-credentials
# key: serviceAccountKey
# NOTE: These are setting attributes for the `minio` optional dependency
minio:

2
charts/argocd-notifications/Chart.yaml
View file

@ -3,7 +3,7 @@ appVersion: 0.7.0
description: A Helm chart for ArgoCD notifications, an add-on to ArgoCD.
name: argocd-notifications
type: application
version: 1.0.9
version: 1.0.11
home: https://github.com/argoproj/argo-helm
icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
keywords:

3
charts/argocd-notifications/templates/bots/slack/deployment.yaml
View file

@ -30,6 +30,9 @@ spec:
command:
- /app/argocd-notifications
- bot
ports:
- containerPort: 8080
name: http
{{- with .Values.bots.slack.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}

6
charts/argocd-notifications/templates/bots/slack/service.yaml
View file

@ -9,10 +9,10 @@ metadata:
{{- end }}
spec:
ports:
- name: server
port: 80
- name: http
port: {{ .Values.bots.slack.service.port }}
protocol: TCP
targetPort: 8080
targetPort: http
selector:
{{- include "argocd-notifications.bots.slack.selectorLabels" . | nindent 4 }}
type: {{ .Values.bots.slack.service.type }}

6
charts/argocd-notifications/templates/deployment.yaml
View file

@ -12,6 +12,12 @@ spec:
{{- include "argocd-notifications.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- if .Values.podAnnotations }}
annotations:
{{- range $key, $value := .Values.podAnnotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
labels:
{{- include "argocd-notifications.selectorLabels" . | nindent 8 }}
spec:

3
charts/argocd-notifications/values.yaml
View file

@ -101,6 +101,8 @@ metrics:
# interval: 30s
# scrapeTimeout: 10s
podAnnotations: {}
resources: {}
# limits:
# cpu: 100m
@ -209,6 +211,7 @@ bots:
service:
annotations: {}
port: 80
type: LoadBalancer
serviceAccount: