Parameterize artifact repository settings (#4)

* Parameterize artifact configuration **What** - Add parameterization of artifact store configuration **Why** Enables configuration of artifact repo secrets or omitting for use with IAM credentials * Add workflow CRD definition to argo chart **Why** The workflow CRD must exist in order for argo to function * artifactRepository values follow tree structure * Deploy CRD as a pre-install hook **What** Using `lachlanevenson/k8s-kubectl`, which appears to be the most popular, off the shelf container with `kubectl` applied, run a job to apply the `workflow` crd. **Why** CRD is not, and cannot, be parameterized with release and so attempting to deploy as a regular template causes failures when installing subsequent releases.
2018-03-23 21:10:05 -07:00 · 2018-03-23 21:10:05 -07:00 · be46446e0c
commit be46446e0c
parent 7ac7a9b193
5 changed files with 67 additions and 14 deletions
--- a/charts/argo/templates/_workflow-crd.json
+++ b/charts/argo/templates/_workflow-crd.json
@ -0,0 +1,19 @@
+{{- define "workflow-crd-json" }}
+{
+  "apiVersion": "apiextensions.k8s.io/v1beta1",
+  "kind": "CustomResourceDefinition",
+  "metadata": {
+    "name": "workflows.argoproj.io"
+  },
+  "spec": {
+    "group": "argoproj.io",
+    "names": {
+      "kind": "Workflow",
+      "plural": "workflows",
+      "shortNames": ["wf"]
+    },
+    "scope": "Namespaced",
+    "version": "v1alpha1"
+  }
+}
+{{- end}}
--- a/charts/argo/templates/apply-workflow-crd-job.yaml
+++ b/charts/argo/templates/apply-workflow-crd-job.yaml
@ -0,0 +1,18 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ .Release.Name }}-apply-workflow-crd
+  annotations:
+    helm.sh/hook: pre-install
+    helm.sh/hook-delete-policy: hook-succeeded
+spec:
+  backoffLimit: 5
+  activeDeadlineSeconds: 100
+  template:
+    spec:
+      containers:
+      - name: kubectl-apply
+        image: lachlanevenson/k8s-kubectl
+        command: ["/bin/sh"]
+        args: ["-c", 'echo ''{{- include "workflow-crd-json" .}}'' | kubectl apply -f -']
+      restartPolicy: Never
--- a/charts/argo/templates/ui-service.yaml
+++ b/charts/argo/templates/ui-service.yaml
@ -14,4 +14,4 @@ spec:
  selector:
    app: {{ .Release.Name }}-{{ .Values.uiName}}
  sessionAffinity: None
-  type: LoadBalancer
+  type: {{ .Values.uiServiceType }}
--- a/charts/argo/templates/workflow-controller-config-map.yaml
+++ b/charts/argo/templates/workflow-controller-config-map.yaml
@ -1,29 +1,31 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: {{ .Release.Name }}-{{ .Values.controllerName}}-configmap
+  name: {{ .Release.Name }}-{{ .Values.controllerName }}-configmap
  labels:
    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
    release: {{ .Release.Name }}
    heritage: {{ .Release.Service }}
 data:
  config: |
-{{ if .Values.useReleaseAsInstanceID }}
+    {{- if .Values.useReleaseAsInstanceID }}
    instanceID: {{ .Release.Name }}
-{{ else }}
+    {{- else }}
    instanceID: {{ .Values.instanceID }}
-{{ end }}
+    {{- end }}
    artifactRepository:
-{{ if .Values.installMinio }}
+      {{- if or .Values.installMinio .Values.useDefaultArtifactRepo }}
      s3:
+        {{- if .Values.useStaticCredentials }}
        accessKeySecret:
-          key: accesskey
-          name: {{ .Release.Name }}-minio-user
-        bucket: {{ .Values.minioBucketName }}
-        endpoint: {{ .Release.Name }}-minio-svc:9000
-        insecure: true
+          key: {{ .Values.artifactRepository.s3.accessKeySecret.key }}
+          name: {{ .Values.artifactRepository.s3.accessKeySecret.name | default (printf "%s-%s" .Release.Name "minio-user") }}
        secretKeySecret:
-          key: secretkey
-          name: {{ .Release.Name }}-minio-user
-{{ end }}
+          key: {{ .Values.artifactRepository.s3.secretKeySecret.key }}
+          name: {{ .Values.artifactRepository.s3.secretKeySecret.name | default (printf "%s-%s" .Release.Name "minio-user") }}
+        {{- end }}
+        bucket: {{ .Values.artifactRepository.s3.bucket | default .Values.minioBucketName }}
+        endpoint: {{ .Values.artifactRepository.s3.endpoint | default (printf "%s-%s" .Release.Name "minio-svc:9000") }}
+        insecure: {{ .Values.artifactRepository.s3.insecure }}
+      {{- end}}
    executorImage: "{{ .Values.imagesNamespace }}/{{ .Values.executorImage }}:{{ .Values.imagesTag }}"
--- a/charts/argo/values.yaml
+++ b/charts/argo/values.yaml
@ -4,14 +4,28 @@ uiImage: argoui
 executorImage: argoexec
 imagesTag: v2.0.0-alpha3
 controllerName: workflow-controller
+
 # Enables ability to SSH into pod using web UI
 enableWebConsole: false
 uiName: ui
+uiServiceType: LoadBalancer
 crdVersion: v1alpha1
+
 # If set to true then chart set controller instance id to release name
 useReleaseAsInstanceID: false
 instanceID:

+useDefaultArtifactRepo: false
+useStaticCredentials: true
+
 # If set to true then chart installs minio and generate according artifactRepository section in workflow controller config map
 installMinio: true
 minioBucketName: argo-artifacts
+
+artifactRepository:
+  s3:
+    accessKeySecret:
+      key: accesskey
+    secretKeySecret:
+      key: secretkey
+    insecure: true