DevFW-CICD/argocd-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Save Progress

Browse source 
Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>
This commit is contained in:
Oliver Bähler 2021-03-31 22:01:02 +02:00
parent 37cd1ef042
commit b5a455648d
No known key found for this signature in database
GPG key ID: 7AE0B2618ECDC1B6
4 changed files with 258 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
charts/argo/Chart.lock
View file

@ -2,5 +2,11 @@ dependencies:
- name: minio
repository: https://helm.min.io/
version: 8.0.9
digest: sha256:0f43ad0a4b4e9af47615ef3da85054712eb28f154418d96b7b974a095cc19260
generated: "2021-01-13T15:31:40.823086-08:00"
- name: minio-operator
repository: https://operator.min.io/
version: 4.0.3
- name: raw
repository: https://bedag.github.io/helm-charts/
version: 1.1.0
digest: sha256:1eb53999d4d102849fd5599ce4d78627a2e1405c2226b8bd5ec1f781436aa220
generated: "2021-03-31T21:50:26.349679125+02:00"

9
charts/argo/Chart.yaml
View file

@ -15,3 +15,12 @@ dependencies:
version: 8.0.9
repository: https://helm.min.io/
condition: minio.install
- name: minio-operator
version: 4.0.3
repository: https://operator.min.io/
condition: minio-operator.install
- name: raw
version: 1.1.0
repository: https://bedag.github.io/helm-charts/
condition: raw.enabled

14
charts/argo/test.yaml Normal file
View file

@ -0,0 +1,14 @@
minio:
# If set to true then chart installs minio and generate according artifactRepository section in workflow controller config map
install: false
defaultBucket:
enabled: true
name: argo-artifacts
# Minio Operator: https://github.com/minio/operator/tree/master/helm/minio-operator
# This deploys the minio operator with argo as dependency. This might not be suitable for production environments, since the minio-operator might already be deployed and managed by another helm release. In this case you should provision a new minio tenants with the extraResources key.
minio-operator:
install: true
raw:
enabled: true

227
charts/argo/values.yaml
View file

@ -322,9 +322,236 @@ artifactRepository:
# NOTE: These are setting attributes for the `minio` optional dependency
# According to Minio, deploying Minio with this dependency chart is no longer supported. Therefor we recommend using the minio-operator chart or provision minio tenants as standalone manifests (raw Chart).
# More information: https://helm.min.io/
# This dependency might be removed in the future
minio:
# If set to true then chart installs minio and generate according artifactRepository section in workflow controller config map
install: false
defaultBucket:
enabled: true
name: argo-artifacts
# Minio Operator: https://github.com/minio/operator/tree/master/helm/minio-operator
# This deploys the minio operator with argo as dependency. This might not be suitable for production environments, since the minio-operator might already be deployed and managed by another helm release. In this case you should provision a new minio tenants with the extraResources key.
minio-operator:
install: false
# Raw Chart: https://artifacthub.io/packages/helm/main/raw
# Allows to add standalone kubernetes manifests into a helm release.
raw:
enabled: false
# Converted Example Minio Tenant Example
# Reference: https://github.com/minio/operator/blob/master/examples/tenant.yaml
resources:
## Secret to be used as MinIO Root Credentials
- |
apiVersion: v1
kind: Secret
metadata:
name: minio-creds-secret
type: Opaque
data:
## Access Key for MinIO Tenant, base64 encoded (echo -n 'minio' | base64)
accesskey: bWluaW8=
## Secret Key for MinIO Tenant, base64 encoded (echo -n 'minio123' | base64)
secretkey: bWluaW8xMjM=
## Secret to be used for MinIO Console
- |
apiVersion: v1
kind: Secret
metadata:
name: console-secret
type: Opaque
data:
## Passphrase to encrypt jwt payload, base64 encoded (echo -n 'SECRET' | base64)
CONSOLE_PBKDF_PASSPHRASE: U0VDUkVU
## Salt to encrypt jwt payload, base64 encoded (echo -n 'SECRET' | base64)
CONSOLE_PBKDF_SALT: U0VDUkVU
## MinIO User Access Key (used for Console Login), base64 encoded (echo -n 'YOURCONSOLEACCESS' | base64)
CONSOLE_ACCESS_KEY: WU9VUkNPTlNPTEVBQ0NFU1M=
## MinIO User Secret Key (used for Console Login), base64 encoded (echo -n 'YOURCONSOLESECRET' | base64)
CONSOLE_SECRET_KEY: WU9VUkNPTlNPTEVTRUNSRVQ=
## MinIO Tenant Definition
- |
apiVersion: minio.min.io/v2
kind: Tenant
metadata:
name: minio
## Optionally pass labels to be applied to the statefulset pods
labels:
app: minio
## Annotations for MinIO Tenant Pods
annotations:
prometheus.io/path: /minio/prometheus/metrics
prometheus.io/port: "9000"
prometheus.io/scrape: "true"
## If a scheduler is specified here, Tenant pods will be dispatched by specified scheduler.
## If not specified, the Tenant pods will be dispatched by default scheduler.
# scheduler:
# name: my-custom-scheduler
spec:
## Registry location and Tag to download MinIO Server image
image: minio/minio:RELEASE.2021-03-01T04-20-55Z
imagePullPolicy: IfNotPresent
## Secret with credentials to be used by MinIO Tenant.
## Refers to the secret object created above.
credsSecret:
name: minio-creds-secret
## Specification for MinIO Pool(s) in this Tenant.
pools:
## Servers specifies the number of MinIO Tenant Pods / Servers in this pool.
## For standalone mode, supply 1. For distributed mode, supply 4 or more.
## Note that the operator does not support upgrading from standalone to distributed mode.
- servers: 4
## volumesPerServer specifies the number of volumes attached per MinIO Tenant Pod / Server.
volumesPerServer: 4
## This VolumeClaimTemplate is used across all the volumes provisioned for MinIO Tenant in this
## Pool.
volumeClaimTemplate:
metadata:
name: data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Ti
## Used to specify a toleration for a pod
# tolerations:
# - effect: NoSchedule
# key: dedicated
# operator: Equal
# value: storage
## nodeSelector parameters for MinIO Pods. It specifies a map of key-value pairs. For the pod to be
## eligible to run on a node, the node must have each of the
## indicated key-value pairs as labels.
## Read more here: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
# nodeSelector:
# disktype: ssd
## Affinity settings for MinIO pods. Read more about affinity
## here: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity.
# affinity:
# nodeAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# nodeSelectorTerms:
# - matchExpressions:
# - key: kubernetes.io/hostname
# operator: In
# values:
# - hostname1
# - hostname2
# podAntiAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# - labelSelector:
# matchExpressions:
# - key: app
# operator: In
# values:
# - store
# topologyKey: "kubernetes.io/hostname"
## Configure resource requests and limits for MinIO containers
# resources:
# requests:
# cpu: 250m
# memory: 16Gi
# limits:
# cpu: 500m
# memory: 16Gi
## Configure security context
securityContext:
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
## Mount path where PV will be mounted inside container(s).
mountPath: /export
## Sub path inside Mount path where MinIO stores data.
# subPath: /data
## Use this field to provide a list of Secrets with external certificates. This can be used to to configure
## TLS for MinIO Tenant pods. Create secrets as explained here:
## https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret
# externalCertSecret:
# - name: tls-ssl-minio
# type: kubernetes.io/tls
## Enable automatic Kubernetes based certificate generation and signing as explained in
## https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster
requestAutoCert: true
## Enable S3 specific features such as Bucket DNS which would allow `buckets` to be
## accessible as DNS entries of form `<bucketname>.minio.default.svc.cluster.local`
s3:
## This feature is turned off by default
bucketDNS: false
## This field is used only when "requestAutoCert" is set to true. Use this field to set CommonName
## for the auto-generated certificate. Internal DNS name for the pod will be used if CommonName is
## not provided. DNS name format is *.minio.default.svc.cluster.local
certConfig:
commonName: ""
organizationName: []
dnsNames: []
## PodManagement policy for MinIO Tenant Pods. Can be "OrderedReady" or "Parallel"
## Refer https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy
## for details.
podManagementPolicy: Parallel
## serviceMetadata allows passing additional labels and annotations to MinIO and Console specific
## services created by the operator.
serviceMetadata:
minioServiceLabels:
label: minio-svc
minioServiceAnnotations:
v2.min.io: minio-svc
consoleServiceLabels:
label: console-svc
consoleServiceAnnotations:
v2.min.io: console-svc
## Add environment variables to be set in MinIO container (https://github.com/minio/minio/tree/master/docs/config)
# env:
# - name: MINIO_BROWSER
# value: "off" # to turn-off browser
# - name: MINIO_STORAGE_CLASS_STANDARD
# value: "EC:2"
## PriorityClassName indicates the Pod priority and hence importance of a Pod relative to other Pods.
## This is applied to MinIO pods only.
## Refer Kubernetes documentation for details https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass/
# priorityClassName: high-priority
## Define configuration for Console (Graphical user interface for MinIO)
## Refer https://github.com/minio/console
console:
image: minio/console:v0.6.3
replicas: 2
consoleSecret:
name: console-secret
securityContext:
runAsUser: 1000
runAsGroup: 2000
runAsNonRoot: true