DevFW-CICD/argocd-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'master' into master

Browse source
This commit is contained in:
Marco Kilchhofer 2021-07-13 09:06:56 +02:00 committed by GitHub
commit c2e90e0a6e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
19 changed files with 239 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
charts/argo-cd/Chart.yaml
View file

@ -2,9 +2,9 @@ apiVersion: v2
appVersion: 2.0.4
description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes.
name: argo-cd
version: 3.9.0
version: 3.10.0
home: https://github.com/argoproj/argo-helm
icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
icon: https://argoproj.github.io/argo-cd/assets/logo.png
keywords:
- argoproj
- argocd

30
charts/argo-cd/README.md
View file

@ -34,6 +34,34 @@ Changes in the `CustomResourceDefinition` resources shall be fixed easily by cop
## Upgrading
### 3.8.1
This bugfix version potentially introduces a rename (and recreation) of one or more ServiceAccounts. It _only happens_ when you use one of these customization:
```yaml
# Case 1) - only happens when you do not specify a custom name (repoServer.serviceAccount.name)
repoServer:
serviceAccount:
create: true
# Case 2)
controller:
serviceAccount:
name: "" # or <nil>
# Case 3)
dex:
serviceAccount:
name: "" # or <nil>
# Case 4)
server:
serviceAccount:
name: "" # or <nil>
```
Please check if you are affected by one of these cases **before you upgrade**, especially when you use **cloud IAM roles for service accounts.** (eg. IRSA on AWS or Workload Identity for GKE)
### 3.2.*
With this minor version we introduced the evaluation for the ingress manifest (depending on the capabilities version), See [Pull Request](https://github.com/argoproj/argo-helm/pull/637).
@ -108,6 +136,8 @@ NAME: my-release
| global.securityContext | Toggle and define securityContext | See [values.yaml](values.yaml) |
| global.imagePullSecrets | If defined, uses a Secret to pull an image from a private Docker registry or repository. | `[]` |
| global.hostAliases | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | `[]` |
| global.networkPolicy.create | Create NetworkPolicy objects for all components | `false` |
| global.networkPolicy.defaultDenyIngress | Default deny all ingress traffic | `false` |
| kubeVersionOverride | Override the Kubernetes version, which is used to evaluate certain manifests | `""` |
| nameOverride | Provide a name in place of `argocd` | `"argocd"` |
| fullnameOverride | String to fully override `"argo-cd.fullname"` | `""` |

19
charts/argo-cd/templates/_helpers.tpl
View file

@ -71,7 +71,7 @@ Create the name of the controller service account to use
*/}}
{{- define "argo-cd.controllerServiceAccountName" -}}
{{- if .Values.controller.serviceAccount.create -}}
{{ default (include "argo-cd.fullname" .) .Values.controller.serviceAccount.name }}
{{ default (include "argo-cd.controller.fullname" .) .Values.controller.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.controller.serviceAccount.name }}
{{- end -}}
@ -82,18 +82,29 @@ Create the name of the dex service account to use
*/}}
{{- define "argo-cd.dexServiceAccountName" -}}
{{- if .Values.dex.serviceAccount.create -}}
{{ default (include "argo-cd.fullname" .) .Values.dex.serviceAccount.name }}
{{ default (include "argo-cd.dex.fullname" .) .Values.dex.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.dex.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create the name of the redis service account to use
*/}}
{{- define "argo-cd.redisServiceAccountName" -}}
{{- if .Values.redis.serviceAccount.create -}}
{{ default (include "argo-cd.redis.fullname" .) .Values.redis.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.redis.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create the name of the ArgoCD server service account to use
*/}}
{{- define "argo-cd.serverServiceAccountName" -}}
{{- if .Values.server.serviceAccount.create -}}
{{ default (include "argo-cd.fullname" .) .Values.server.serviceAccount.name }}
{{ default (include "argo-cd.server.fullname" .) .Values.server.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.server.serviceAccount.name }}
{{- end -}}
@ -104,7 +115,7 @@ Create the name of the repo-server service account to use
*/}}
{{- define "argo-cd.repoServerServiceAccountName" -}}
{{- if .Values.repoServer.serviceAccount.create -}}
{{ default (include "argo-cd.fullname" .) .Values.repoServer.serviceAccount.name }}
{{ default (include "argo-cd.repoServer.fullname" .) .Values.repoServer.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.repoServer.serviceAccount.name }}
{{- end -}}

19
charts/argo-cd/templates/argocd-application-controller/networkpolicy.yaml Normal file
View file

@ -0,0 +1,19 @@
{{- if .Values.global.networkPolicy.create }}
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
name: {{ template "argo-cd.controller.fullname" . }}
spec:
ingress:
- from:
- namespaceSelector: {}
ports:
- port: controller
podSelector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }}
policyTypes:
- Ingress
{{- end }}

31
charts/argo-cd/templates/argocd-repo-server/networkpolicy.yaml Normal file
View file

@ -0,0 +1,31 @@
{{- if .Values.global.networkPolicy.create }}
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
name: {{ template "argo-cd.repoServer.fullname" . }}
spec:
ingress:
- from:
- podSelector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 10 }}
- podSelector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 10 }}
ports:
- port: repo-server
protocol: TCP
{{- if .Values.repoServer.metrics.enabled }}
- from:
- namespaceSelector: {}
ports:
- port: metrics
{{- end }}
podSelector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 6 }}
policyTypes:
- Ingress
{{- end }}

16
charts/argo-cd/templates/argocd-server/networkpolicy.yaml Normal file
View file

@ -0,0 +1,16 @@
{{- if .Values.global.networkPolicy.create }}
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
name: {{ template "argo-cd.server.fullname" . }}
spec:
ingress:
- {}
podSelector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 6 }}
policyTypes:
- Ingress
{{- end }}

31
charts/argo-cd/templates/dex/networkpolicy.yaml Normal file
View file

@ -0,0 +1,31 @@
{{- if and .Values.global.networkPolicy.create .Values.dex.enabled }}
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }}
name: {{ template "argo-cd.dex.fullname" . }}
spec:
ingress:
- from:
- podSelector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 10 }}
ports:
- port: http
protocol: TCP
- port: grpc
protocol: TCP
{{- if .Values.dex.metrics.enabled }}
- from:
- namespaceSelector: {}
ports:
- port: metrics
protocol: TCP
{{- end }}
podSelector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.dex.name) | nindent 6 }}
policyTypes:
- Ingress
{{- end }}

12
charts/argo-cd/templates/networkpolicy-default-deny.yaml Normal file
View file

@ -0,0 +1,12 @@
{{- if and .Values.global.networkPolicy.create .Values.global.networkPolicy.defaultDenyIngress }}
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
{{- include "argo-cd.labels" (dict "context" .) | nindent 4 }}
name: {{ template "argo-cd.fullname" . }}-default-deny
spec:
podSelector: {}
policyTypes:
- Ingress
{{- end }}

5
charts/argo-cd/templates/redis/deployment.yaml
View file

@ -30,7 +30,8 @@ spec:
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
automountServiceAccountToken: false
automountServiceAccountToken: {{ .Values.redis.serviceAccount.automountServiceAccountToken }}
serviceAccountName: {{ template "argo-cd.redisServiceAccountName" . }}
{{- if .Values.redis.securityContext }}
securityContext: {{- toYaml .Values.redis.securityContext | nindent 8 }}
{{- end }}
@ -58,8 +59,8 @@ spec:
{{- end }}
ports:
- containerPort: {{ .Values.redis.containerPort }}
name: redis
{{- if .Values.redis.volumeMounts }}
volumeMounts:
{{- toYaml .Values.redis.volumeMounts | nindent 10 }}
{{- end }}

29
charts/argo-cd/templates/redis/networkpolicy.yaml Normal file
View file

@ -0,0 +1,29 @@
{{- $redisHa := (index .Values "redis-ha") -}}
{{- if and .Values.global.networkPolicy.create .Values.redis.enabled (not $redisHa.enabled) }}
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }}
name: {{ template "argo-cd.redis.fullname" . }}
spec:
ingress:
- from:
- podSelector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 10 }}
- podSelector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 10 }}
- podSelector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 10 }}
ports:
- port: redis
protocol: TCP
podSelector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.redis.name) | nindent 6 }}
policyTypes:
- Ingress
{{- end }}

15
charts/argo-cd/templates/redis/serviceaccount.yaml Normal file
View file

@ -0,0 +1,15 @@
{{- if and .Values.redis.enabled .Values.redis.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: {{ .Values.redis.serviceAccount.automountServiceAccountToken }}
metadata:
name: {{ template "argo-cd.redisServiceAccountName" . }}
{{- if .Values.redis.serviceAccount.annotations }}
annotations:
{{- range $key, $value := .Values.redis.serviceAccount.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }}
{{- end }}

12
charts/argo-cd/values.yaml
View file

@ -20,6 +20,10 @@ global:
# hostnames:
# - git.myhostname
networkPolicy:
create: false
defaultDenyIngress: false
# Override APIVersions
# If you want to template helm charts but cannot access k8s API server
# you can set api versions here
@ -365,6 +369,14 @@ redis:
fsGroup: 1000
runAsNonRoot: true
serviceAccount:
create: false
name: ""
## Annotations applied to created service account
annotations: {}
## Automount API credentials for the Service Account
automountServiceAccountToken: false
resources: {}
# limits:
# cpu: 200m

1
charts/argocd-applicationset/.helmignore
View file

@ -21,3 +21,4 @@
.idea/
*.tmproj
.vscode/
ci/

8
charts/argocd-applicationset/Chart.yaml
View file

@ -2,10 +2,10 @@ apiVersion: v2
name: argocd-applicationset
description: A Helm chart for installing ArgoCD ApplicationSet
type: application
version: 0.1.7
version: 1.0.0
appVersion: "v0.1.0"
home: https://github.com/argoproj/argo-helm
icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
icon: https://argocd-applicationset.readthedocs.io/en/stable/assets/logo.png
keywords:
- argoproj
- appset
@ -14,4 +14,6 @@ maintainers:
- name: maruina
annotations:
artifacthub.io/changes: |
- "[Added]: Initialize Changelog"
- "[Removed]: CRD installation via templates folder. CRDs are now only handled via the '/crds' folder in the same way like the ArgoCD chart."
- "[Removed]: Exclude '/ci' folder from being packaged into the final chart archive."
- "[Changed]: Fix icon url"

23
charts/argocd-applicationset/README.md
View file

@ -10,6 +10,11 @@ This is a **community maintained** chart. This chart installs the [applicationse
This chart currently installs the non-HA version of Argo CD ApplicationSet.
## Prerequisites
- Helm v3.0.0+
- The ApplicationSet controller **must** be installed into the same namespace as the Argo CD it is targetting.
## Installing the Chart
To install the chart with the release name `my-release`:
@ -23,10 +28,6 @@ NAME: my-release
...
```
### Helm v3 Compatibility
Users of Helm v3 should set the `installCRDs` value to `false` to avoid warnings about nonexistent webhooks.
### Testing
Users can test the chart with [kind](https://kind.sigs.k8s.io/) and [ct](https://github.com/helm/chart-testing).
@ -38,6 +39,19 @@ kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/st
ct install --namespace argocd
```
## Notes on CRD Installation
Some users would prefer to install the CRDs _outside_ of the chart. You can disable the CRD installation of this chart by using `--skip-crds` when installing the chart.
You then can install the CRDs manually from `crds` folder or via the manifests from the upstream project repo:
```console
kubectl apply -k https://github.com/argoproj-labs/applicationset.git/manifests/crds?ref=<appVersion>
# Eg. version v0.1.0
kubectl apply -k https://github.com/argoproj-labs/applicationset.git/manifests/crds?ref=v0.1.0
```
## Values
| Key | Type | Default | Description |
@ -56,7 +70,6 @@ ct install --namespace argocd
| image.repository | string | `"quay.io/argocdapplicationset/argocd-applicationset"` | If defined, a repository applied to the ApplicationSet deployment. |
| image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. |
| imagePullSecrets | list | `[]` | If defined, uses a Secret to pull an image from a private Docker registry or repository. |
| installCRDs | bool | `true` | Install Custom Resource Definition |
| mountSSHKnownHostsVolume | bool | `true` | Mount the `argocd-ssh-known-hosts-cm` volume |
| mountTLSCertsVolume | bool | `true` | Mount the `argocd-tls-certs-cm` volume |
| mountGPGKeysVolume | bool | `false` | Mount the `argocd-gpg-keys-cm` volume |

2
charts/argocd-applicationset/ci/default-values.yaml
View file

@ -4,8 +4,6 @@
replicaCount: 1
installCRDs: false # this needs to be false with ct
image:
# The image repository
repository: quay.io/argocdapplicationset/argocd-applicationset

2
charts/argocd-applicationset/ci/leader-election-values.yaml
View file

@ -2,5 +2,3 @@ args:
enableLeaderElection: true
replicaCount: 3
installCRDs: false

6
charts/argocd-applicationset/templates/crds.yaml
View file

@ -1,6 +0,0 @@
{{- if .Values.installCRDs }}
{{- range $path, $_ := .Files.Glob "crds/*.yaml" }}
{{ $.Files.Get $path }}
---
{{- end }}
{{- end }}

2
charts/argocd-applicationset/values.yaml
View file

@ -4,8 +4,6 @@
replicaCount: 1
installCRDs: true
image:
# The image repository
repository: quay.io/argocdapplicationset/argocd-applicationset