adding argo-events-chart (#9)

charts/argo-events/.helmignore

@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj

charts/argo-events/Chart.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+description: A Helm chart to install Argo-Events in k8s Cluster
+name: argo-events
+version: 0.1.0
+keywords:
+- argo-events
+- sensor-controller
+sources:
+- https://github.com/argoproj/argo-events
+maintainers:
+- name: Matt Magaldi
+  email: mmagaldi@blackrock.com
+- name: Vaibhav Page
+  email: vpage@blackrock.com
+appVersion: 0.1.0

charts/argo-events/README.md

@@ -0,0 +1,13 @@
+# Argo-Events Helm Chart
+This helm chart installs the [argo-events](https://github.com/argoproj/argo-events) application. This application comes packaged with:
+- Sensor Custom Resource Definition
+- Sensor Controller Deployment
+- Sensor Controller ConfigMap
+- Sensor Controller Service Account
+- Sensor Controller Cluster Roles
+- Sensor Controller Cluster Role Bindings
+
+
+Note: the associated `argo-events` cluster role and cluster role bindings can be found in the [roles](https://blade-git.blackrock.com/cloud-native/roles) repository. The purpose that these aren't included in this Helm chart is that we do not have the required permissions to create these resources in the Kubernetes clusters. Reach out to `+Group Kubernetes Support` for help in setting up these roles.
+
+## Chart Values

charts/argo-events/templates/_helpers.tpl

@@ -0,0 +1,37 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "fullname" -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{- define "sensor-crd-json" }}
+{
+  "apiVersion": "apiextensions.k8s.io/v1beta1",
+  "kind": "CustomResourceDefinition",
+  "metadata": {
+    "name": "sensors.argoproj.io"
+  },
+  "spec": {
+    "group": "argoproj.io",
+    "names": {
+      "kind": "Sensor",
+      "listKind": "SensorList",
+      "plural": "sensors",
+      "singular": "sensor",
+    },
+    "scope": "Namespaced",
+    "version": "v1alpha1"
+  }
+}
+{{- end}}

charts/argo-events/templates/_sensor-crd.tpl

@@ -0,0 +1,20 @@
+{{- define "sensor-crd-json" }}
+{
+  "apiVersion": "apiextensions.k8s.io/v1beta1",
+  "kind": "CustomResourceDefinition",
+  "metadata": {
+    "name": "sensors.argoproj.io"
+  },
+  "spec": {
+    "group": "argoproj.io",
+    "names": {
+      "kind": "Sensor",
+      "listKind": "SensorList",
+      "plural": "sensors",
+      "singular": "sensor",
+    },
+    "scope": "Namespaced",
+    "version": "v1alpha1"
+  }
+}
+{{- end}}

charts/argo-events/templates/apply-sensor-crd-job.yaml

@@ -0,0 +1,18 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ .Release.Name }}-apply-sensor-crd
+  annotations:
+    helm.sh/hook: pre-install
+    helm.sh/hook-delete-policy: hook-succeeded
+spec:
+  backoffLimit: 5
+  activeDeadlineSeconds: 100
+  template:
+    spec:
+      containers:
+      - name: kubectl-apply
+        image: lachlanevenson/k8s-kubectl
+        command: ["/bin/sh"]
+        args: ["-c", 'echo ''{{- include "sensor-crd-json" .}}'' | kubectl apply -f -']
+      restartPolicy: Never

charts/argo-events/templates/sensor-controller-clusterrole.yaml

@@ -0,0 +1,15 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Release.name }}-{{ .Values.controller.name}}-cluster-role
+rules:
+- apiGroups: ["argoproj.io"]
+  resources: ["sensors"]
+  verbs: ["get", "list", "watch", "update", "patch"]
+# The following rules define what the triggers can do
+- apiGroups: ["argoproj.io"]
+  resources: ["workflows"]
+  verbs: ["create", "delete"]
+- apiGroups: [""]
+  resources: ["configmaps", "secrets", "pods"]
+  verbs: ["get", "watch", "list", "patch"]

charts/argo-events/templates/sensor-controller-configmap.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Release.Name }}-{{ .Values.controller.name }}-configmap
+  labels:
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+data:
+  config: |
+    namespace: {{ .Release.Namespace }}
+    {{- if .Values.useReleaseAsInstanceID }}
+    instanceID: {{ .Release.Name }}
+    {{- else }}
+    instanceID: {{ .Values.instanceID }}
+    {{- end }}

charts/argo-events/templates/sensor-controller-crb.yaml

@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ .Release.name }}-{{ .Values.controller.name}}-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Release.name }}-{{ .Values.controller.name}}-cluster-role
+subjects:
+- kind: ServiceAccount
+  name: {{ .Values.controller.serviceAccount }}
+  namespace: {{ .Release.Namespace }}

charts/argo-events/templates/sensor-controller-deployment.yaml

@@ -0,0 +1,33 @@
+apiVersion: apps/v1beta1
+kind: Deployment
+metadata:
+  name: {{ .Release.Name }}-{{ .Values.controller.name }}
+  labels:
+    app: {{ .Release.Name }}-{{ .Values.controller.name }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  replicas: {{ .Values.controller.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ .Release.Name }}-{{ .Values.controller.name }}
+      release: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app: {{ .Release.Name }}-{{ .Values.controller.name }}
+        release: {{ .Release.Name }}
+    spec:
+      serviceAccountName: {{ .Values.controller.serviceAccount }}
+      containers:
+        - name: {{ .Values.controller.name }}
+          image: "{{ .Values.registry }}/{{ .Values.controller.image }}:{{ .Values.controller.tag }}"
+          imagePullPolicy: {{ .Values.imagePullPolicy }}
+          env:
+            - name: SENSOR_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: SENSOR_CONFIG_MAP
+              value: {{ .Release.Name }}-{{ .Values.controller.name }}-configmap

charts/argo-events/templates/sensor-controller-sa.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Values.controller.serviceAccount }}

charts/argo-events/templates/signals-clusterrole.yaml

@@ -0,0 +1,11 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Release.name }}-signals-cluster-role
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["watch", "list", "patch"]
+- apiGroups: {{ .Values.signals.listenRoles.apiGroups }}
+  resources: {{ .Values.signals.listenRoles.resources }}
+  verbs: ["get", "list", "watch"]

charts/argo-events/templates/signals-crb.yaml

@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ .Release.name }}-signals-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Release.name }}-signals-cluster-role
+subjects:
+- kind: ServiceAccount
+  name: {{ .Values.signals.serviceAccount }}
+  namespace: {{ .Release.Namespace }}

charts/argo-events/templates/signals-sa.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Values.signals.serviceAccount }}

charts/argo-events/values.yaml

@@ -0,0 +1,25 @@
+registry: argoproj
+imagePullPolicy: Always
+
+# Version of the Sensor CRD
+crdVersion: v1alpha1
+
+# If set to true then chart set controller instance id to release name
+useReleaseAsInstanceID: true
+instanceID: 1
+
+# controller
+controller:
+  name: sensor-controller
+  image: sensor-controller
+  tag: latest
+  replicaCount: 1
+  serviceAccount: argo-events
+
+# signal microservices
+signals:
+  serviceAccount: argo-signals
+  # this controls what the resource signal pod can listen to
+  listenRoles:
+    apiGroups: ["argoproj.io", ""]
+    resources: ["sensors", "workflows", "pods"]