Parameterize artifact repository settings (#4)

* Parameterize artifact configuration

**What**
- Add parameterization of artifact store configuration

**Why**
Enables configuration of artifact repo secrets or omitting for use with IAM credentials

* Add workflow CRD definition to argo chart

**Why**
The workflow CRD must exist in order for argo to function

* artifactRepository values follow tree structure

* Deploy CRD as a pre-install hook

**What**
Using `lachlanevenson/k8s-kubectl`, which appears to be the most popular, off the shelf container with `kubectl` applied, run a job to apply the `workflow` crd.

**Why**
CRD is not, and cannot, be parameterized with release and so attempting to deploy as a regular template causes failures when installing subsequent releases.

charts/argo/templates/_workflow-crd.json

@@ -0,0 +1,19 @@
+{{- define "workflow-crd-json" }}
+{
+  "apiVersion": "apiextensions.k8s.io/v1beta1",
+  "kind": "CustomResourceDefinition",
+  "metadata": {
+    "name": "workflows.argoproj.io"
+  },
+  "spec": {
+    "group": "argoproj.io",
+    "names": {
+      "kind": "Workflow",
+      "plural": "workflows",
+      "shortNames": ["wf"]
+    },
+    "scope": "Namespaced",
+    "version": "v1alpha1"
+  }
+}
+{{- end}}

charts/argo/templates/apply-workflow-crd-job.yaml

@@ -0,0 +1,18 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ .Release.Name }}-apply-workflow-crd
+  annotations:
+    helm.sh/hook: pre-install
+    helm.sh/hook-delete-policy: hook-succeeded
+spec:
+  backoffLimit: 5
+  activeDeadlineSeconds: 100
+  template:
+    spec:
+      containers:
+      - name: kubectl-apply
+        image: lachlanevenson/k8s-kubectl
+        command: ["/bin/sh"]
+        args: ["-c", 'echo ''{{- include "workflow-crd-json" .}}'' | kubectl apply -f -']
+      restartPolicy: Never

charts/argo/templates/ui-service.yaml

@@ -14,4 +14,4 @@ spec:
   selector:
     app: {{ .Release.Name }}-{{ .Values.uiName}}
   sessionAffinity: None
-  type: LoadBalancer
+  type: {{ .Values.uiServiceType }}

charts/argo/templates/workflow-controller-config-map.yaml

@@ -1,29 +1,31 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: {{ .Release.Name }}-{{ .Values.controllerName}}-configmap
+  name: {{ .Release.Name }}-{{ .Values.controllerName }}-configmap
   labels:
     chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
 data:
   config: |
-{{ if .Values.useReleaseAsInstanceID }}
+    {{- if .Values.useReleaseAsInstanceID }}
     instanceID: {{ .Release.Name }}
-{{ else }}
+    {{- else }}
     instanceID: {{ .Values.instanceID }}
-{{ end }}
+    {{- end }}
     artifactRepository:
-{{ if .Values.installMinio }}
+      {{- if or .Values.installMinio .Values.useDefaultArtifactRepo }}
       s3:
+        {{- if .Values.useStaticCredentials }}
         accessKeySecret:
-          key: accesskey
+          key: {{ .Values.artifactRepository.s3.accessKeySecret.key }}
-          name: {{ .Release.Name }}-minio-user
+          name: {{ .Values.artifactRepository.s3.accessKeySecret.name | default (printf "%s-%s" .Release.Name "minio-user") }}
-        bucket: {{ .Values.minioBucketName }}
-        endpoint: {{ .Release.Name }}-minio-svc:9000
-        insecure: true
         secretKeySecret:
-          key: secretkey
+          key: {{ .Values.artifactRepository.s3.secretKeySecret.key }}
-          name: {{ .Release.Name }}-minio-user
+          name: {{ .Values.artifactRepository.s3.secretKeySecret.name | default (printf "%s-%s" .Release.Name "minio-user") }}
-{{ end }}
+        {{- end }}
+        bucket: {{ .Values.artifactRepository.s3.bucket | default .Values.minioBucketName }}
+        endpoint: {{ .Values.artifactRepository.s3.endpoint | default (printf "%s-%s" .Release.Name "minio-svc:9000") }}
+        insecure: {{ .Values.artifactRepository.s3.insecure }}
+      {{- end}}
     executorImage: "{{ .Values.imagesNamespace }}/{{ .Values.executorImage }}:{{ .Values.imagesTag }}"

charts/argo/values.yaml

@@ -4,14 +4,28 @@ uiImage: argoui
 executorImage: argoexec
 imagesTag: v2.0.0-alpha3
 controllerName: workflow-controller
+
 # Enables ability to SSH into pod using web UI
 enableWebConsole: false
 uiName: ui
+uiServiceType: LoadBalancer
 crdVersion: v1alpha1
+
 # If set to true then chart set controller instance id to release name
 useReleaseAsInstanceID: false
 instanceID:
 
+useDefaultArtifactRepo: false
+useStaticCredentials: true
+
 # If set to true then chart installs minio and generate according artifactRepository section in workflow controller config map
 installMinio: true
 minioBucketName: argo-artifacts
+
+artifactRepository:
+  s3:
+    accessKeySecret:
+      key: accesskey
+    secretKeySecret:
+      key: secretkey
+    insecure: true