From be46446e0c81f30b838a32575c409a815928a956 Mon Sep 17 00:00:00 2001 From: Lukasz Lempart Date: Fri, 23 Mar 2018 21:10:05 -0700 Subject: [PATCH] Parameterize artifact repository settings (#4) * Parameterize artifact configuration **What** - Add parameterization of artifact store configuration **Why** Enables configuration of artifact repo secrets or omitting for use with IAM credentials * Add workflow CRD definition to argo chart **Why** The workflow CRD must exist in order for argo to function * artifactRepository values follow tree structure * Deploy CRD as a pre-install hook **What** Using `lachlanevenson/k8s-kubectl`, which appears to be the most popular, off the shelf container with `kubectl` applied, run a job to apply the `workflow` crd. **Why** CRD is not, and cannot, be parameterized with release and so attempting to deploy as a regular template causes failures when installing subsequent releases. --- charts/argo/templates/_workflow-crd.json | 19 +++++++++++++ .../templates/apply-workflow-crd-job.yaml | 18 ++++++++++++ charts/argo/templates/ui-service.yaml | 2 +- .../workflow-controller-config-map.yaml | 28 ++++++++++--------- charts/argo/values.yaml | 14 ++++++++++ 5 files changed, 67 insertions(+), 14 deletions(-) create mode 100644 charts/argo/templates/_workflow-crd.json create mode 100644 charts/argo/templates/apply-workflow-crd-job.yaml diff --git a/charts/argo/templates/_workflow-crd.json b/charts/argo/templates/_workflow-crd.json new file mode 100644 index 00000000..ef26b415 --- /dev/null +++ b/charts/argo/templates/_workflow-crd.json @@ -0,0 +1,19 @@ +{{- define "workflow-crd-json" }} +{ + "apiVersion": "apiextensions.k8s.io/v1beta1", + "kind": "CustomResourceDefinition", + "metadata": { + "name": "workflows.argoproj.io" + }, + "spec": { + "group": "argoproj.io", + "names": { + "kind": "Workflow", + "plural": "workflows", + "shortNames": ["wf"] + }, + "scope": "Namespaced", + "version": "v1alpha1" + } +} +{{- end}} \ No newline at end of file diff --git a/charts/argo/templates/apply-workflow-crd-job.yaml b/charts/argo/templates/apply-workflow-crd-job.yaml new file mode 100644 index 00000000..313a05f2 --- /dev/null +++ b/charts/argo/templates/apply-workflow-crd-job.yaml @@ -0,0 +1,18 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Release.Name }}-apply-workflow-crd + annotations: + helm.sh/hook: pre-install + helm.sh/hook-delete-policy: hook-succeeded +spec: + backoffLimit: 5 + activeDeadlineSeconds: 100 + template: + spec: + containers: + - name: kubectl-apply + image: lachlanevenson/k8s-kubectl + command: ["/bin/sh"] + args: ["-c", 'echo ''{{- include "workflow-crd-json" .}}'' | kubectl apply -f -'] + restartPolicy: Never \ No newline at end of file diff --git a/charts/argo/templates/ui-service.yaml b/charts/argo/templates/ui-service.yaml index 103167d0..96e2c38f 100644 --- a/charts/argo/templates/ui-service.yaml +++ b/charts/argo/templates/ui-service.yaml @@ -14,4 +14,4 @@ spec: selector: app: {{ .Release.Name }}-{{ .Values.uiName}} sessionAffinity: None - type: LoadBalancer + type: {{ .Values.uiServiceType }} diff --git a/charts/argo/templates/workflow-controller-config-map.yaml b/charts/argo/templates/workflow-controller-config-map.yaml index ad630c18..b0d9038f 100644 --- a/charts/argo/templates/workflow-controller-config-map.yaml +++ b/charts/argo/templates/workflow-controller-config-map.yaml @@ -1,29 +1,31 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ .Release.Name }}-{{ .Values.controllerName}}-configmap + name: {{ .Release.Name }}-{{ .Values.controllerName }}-configmap labels: chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} data: config: | -{{ if .Values.useReleaseAsInstanceID }} + {{- if .Values.useReleaseAsInstanceID }} instanceID: {{ .Release.Name }} -{{ else }} + {{- else }} instanceID: {{ .Values.instanceID }} -{{ end }} + {{- end }} artifactRepository: -{{ if .Values.installMinio }} + {{- if or .Values.installMinio .Values.useDefaultArtifactRepo }} s3: + {{- if .Values.useStaticCredentials }} accessKeySecret: - key: accesskey - name: {{ .Release.Name }}-minio-user - bucket: {{ .Values.minioBucketName }} - endpoint: {{ .Release.Name }}-minio-svc:9000 - insecure: true + key: {{ .Values.artifactRepository.s3.accessKeySecret.key }} + name: {{ .Values.artifactRepository.s3.accessKeySecret.name | default (printf "%s-%s" .Release.Name "minio-user") }} secretKeySecret: - key: secretkey - name: {{ .Release.Name }}-minio-user -{{ end }} + key: {{ .Values.artifactRepository.s3.secretKeySecret.key }} + name: {{ .Values.artifactRepository.s3.secretKeySecret.name | default (printf "%s-%s" .Release.Name "minio-user") }} + {{- end }} + bucket: {{ .Values.artifactRepository.s3.bucket | default .Values.minioBucketName }} + endpoint: {{ .Values.artifactRepository.s3.endpoint | default (printf "%s-%s" .Release.Name "minio-svc:9000") }} + insecure: {{ .Values.artifactRepository.s3.insecure }} + {{- end}} executorImage: "{{ .Values.imagesNamespace }}/{{ .Values.executorImage }}:{{ .Values.imagesTag }}" diff --git a/charts/argo/values.yaml b/charts/argo/values.yaml index 3ed21dc1..5020feae 100644 --- a/charts/argo/values.yaml +++ b/charts/argo/values.yaml @@ -4,14 +4,28 @@ uiImage: argoui executorImage: argoexec imagesTag: v2.0.0-alpha3 controllerName: workflow-controller + # Enables ability to SSH into pod using web UI enableWebConsole: false uiName: ui +uiServiceType: LoadBalancer crdVersion: v1alpha1 + # If set to true then chart set controller instance id to release name useReleaseAsInstanceID: false instanceID: +useDefaultArtifactRepo: false +useStaticCredentials: true + # If set to true then chart installs minio and generate according artifactRepository section in workflow controller config map installMinio: true minioBucketName: argo-artifacts + +artifactRepository: + s3: + accessKeySecret: + key: accesskey + secretKeySecret: + key: secretkey + insecure: true