diff --git a/charts/argo-events/Chart.yaml b/charts/argo-events/Chart.yaml index 977749af..118d287e 100644 --- a/charts/argo-events/Chart.yaml +++ b/charts/argo-events/Chart.yaml @@ -1,20 +1,27 @@ apiVersion: v2 -description: A Helm chart to install Argo-Events in k8s Cluster +appVersion: v1.7.0 +description: A Helm chart for Argo Events, the event-driven workflow automation framework name: argo-events -version: 1.13.0 +version: 2.0.0 +home: https://github.com/argoproj/argo-helm +icon: https://argoproj.github.io/argo-events/assets/logo.png keywords: + - argoproj - argo-events - - sensor-controller - - eventsource-controller - - eventbus-controller sources: - https://github.com/argoproj/argo-events maintainers: - name: VaibhavPage - name: whynowy -appVersion: v1.6.0 -icon: https://argoproj.github.io/argo-events/assets/logo.png -home: https://github.com/argoproj/argo-helm annotations: artifacthub.io/changes: | - - "[Added]: Additional RBAC for leader election" + - "[Added]: Argo events controller for v1.7.0" + - "[Added]: Argo events addmission webhook deployment" + - "[Added]: Global configuration options for all deployments" + - "[Added]: Pod disruption budgets for HA deployments" + - "[Added]: Support for Prometheus metrics on controller deployment" + - "[Changed]: Enable cluster-wide deployment by default" + - "[Removed]: Deprecated EventBus controller deployment" + - "[Removed]: Deprecated EventSource controller deployment" + - "[Removed]: Deprecated Sensor controller deployment" + - "[Removed]: Removed RBAC that allowed controller to create / modify CRDs" diff --git a/charts/argo-events/README.md b/charts/argo-events/README.md index b6c9a407..0acdf2ff 100644 --- a/charts/argo-events/README.md +++ b/charts/argo-events/README.md @@ -1,29 +1,43 @@ # Argo-Events Chart This is a **community maintained** chart. It installs the [argo-events](https://github.com/argoproj/argo-events) application. This application comes packaged with: + - Sensor Custom Resource Definition (See CRD Notes) - EventSource Custom Resource Definition (See CRD Notes) - EventBus Custom Resource Definition (See CRD Notes) -- Sensor Controller Deployment -- EventSource Controller Deployment -- EventBus Controller Deployment -- Service Account -- Roles -- Role Bindings -- Cluster Roles -- Cluster Role Bindings +- Controller Deployment +- Validation Webhook Deployment +- Service Accounts +- Roles / Cluster Roles +- Role Bindings / Cluster Role Bindings -To regenerate this document, from the root of this chart directory run: +To regenerate this document, please run: ```shell -docker run --rm --volume "$(pwd):/helm-docs" -u $(id -u) jnorwood/helm-docs:latest +./scripts/helm-docs.sh ``` -## Notes on CRD Installation +## Upgrading -Some users would prefer to install the CRDs _outside_ of the chart. You can disable the CRD installation of this chart by using `--skip-crds` when installing the chart. +### Custom resource definitions -You can install the CRDs manually from `crds` folder. +Some users would prefer to install the CRDs _outside_ of the chart. You can disable the CRD installation of this chart by using `--set crds.install=false` when installing the chart. + +You can install the CRDs manually from `templates/crds` folder. + +### 2.0.* + +Custom resource definitions were moved to `templates` folder so they can be managed by Helm. + +To adopt already created CRDs please use following command: + +```bash +for crd in "eventbus.argoproj.io" "eventsources.argoproj.io" "sensors.argoproj.io"; do + kubectl label --overwrite crd $crd app.kubernetes.io/managed-by=Helm + kubectl annotate --overwrite crd $crd meta.helm.sh/release-namespace= + kubectl annotate --overwrite crd $crd meta.helm.sh/release-name= +done +``` ## Values @@ -31,81 +45,135 @@ You can install the CRDs manually from `crds` folder. | Key | Type | Default | Description | |-----|------|---------|-------------| -| additionalSaNamespaces | list | `[]` | Create service accounts in additional namespaces specified The SA will always be created in the release namespaces | -| additionalServiceAccountRules | list | (See [values.yaml]) | Additional rules | -| createAggregateRoles | bool | `true` | Create clusterroles that extend existing clusterroles to interact with argo-events CRDs. Only applies for cluster-wide installation (`singleNamespace: true`) | +| configs.jetstream.settings.maxFileStore | int | `-1` | Maximum size of the file storage (e.g. 20G) | +| configs.jetstream.settings.maxMemoryStore | int | `-1` | Maximum size of the memory storage (e.g. 1G) | +| configs.jetstream.streamConfig.duplicates | string | `"300s"` | Not documented at the moment | +| configs.jetstream.streamConfig.maxAge | string | `"72h"` | Maximum age of existing messages, i.e. “72h”, “4h35m” | +| configs.jetstream.streamConfig.maxBytes | string | `"1GB"` | | +| configs.jetstream.streamConfig.maxMsgs | int | `1000000` | Maximum number of messages before expiring oldest message | +| configs.jetstream.streamConfig.replicas | int | `3` | Number of replicas, defaults to 3 and requires minimal 3 | +| configs.jetstream.versions | list | `[]` | | +| configs.nats.versions | list | `[]` (See [values.yaml]) | Supported versions of NATS event bus | +| crds.annotations | object | `{}` | Annotations to be added to all CRDs | +| crds.install | bool | `true` | Install and upgrade CRDs | +| crds.keep | bool | `true` | Keep CRDs on chart uninstall | +| createAggregateRoles | bool | `false` | Create clusterroles that extend existing clusterroles to interact with argo-events crds Only applies for cluster-wide installation (`controller.rbac.namespaced: false`) | | fullnameOverride | string | `""` | String to fully override "argo-events.fullname" template | -| imagePullPolicy | string | `"Always"` | The image pull policy | -| imagePullSecrets | list | `[]` | Secrets with credentials to pull images from a private registry | -| nameOverride | string | `""` | String to partially override "argo-events.fullname" template | -| registry | string | `"quay.io"` | docker registry | -| securityContext | object | `{"runAsNonRoot":true,"runAsUser":9731}` | Common PodSecurityContext for all controllers | -| serviceAccount | string | `"argo-events-sa"` | ServiceAccount to use for running controller. | -| serviceAccountAnnotations | object | `{}` | Annotations applied to created service account. Can be used to enable GKE workload identity, or other use-cases | -| singleNamespace | bool | `true` | Whether to run in namespaced scope. Set `singleNamespace` to false to have the controllers listen on all namespaces. Otherwise the controllers will listen on the namespace where the chart is installed in. | +| global.additionalLabels | object | `{}` | Additional labels to add to all resources | +| global.hostAliases | list | `[]` | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | +| global.image.imagePullPolicy | string | `"IfNotPresent"` | If defined, a imagePullPolicy applied to all Argo Events deployments | +| global.image.repository | string | `"quay.io/argoproj/argo-events"` | If defined, a repository applied to all Argo Events deployments | +| global.image.tag | string | `""` | Overrides the global Argo Events image tag whose default is the chart appVersion | +| global.imagePullSecrets | list | `[]` | If defined, uses a Secret to pull an image from a private Docker registry or repository | +| global.podAnnotations | object | `{}` | Annotations for the all deployed pods | +| global.podLabels | object | `{}` | Labels for the all deployed pods | +| global.securityContext | object | `{}` | Toggle and define securityContext. See [values.yaml] | +| nameOverride | string | `"argo-events"` | Provide a name in place of `argo-events` | +| openshift | bool | `false` | Deploy on OpenShift | -### Event Bus Controller +### Controller | Key | Type | Default | Description | |-----|------|---------|-------------| -| eventbusController.affinity | object | `{}` | Assign custom [affinity] rules to the event bus controller | -| eventbusController.containerSecurityContext | object | `{}` | Event bus controller container-level security context | -| eventbusController.extraEnv | list | `[]` | Additional environment variables to pass to event bus controller | -| eventbusController.image | string | `"argoproj/argo-events"` | Repository to use for the event bus controller | -| eventbusController.name | string | `"eventbus-controller"` | Event bus controller name | -| eventbusController.natsMetricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.8.0"` | NATS metrics exporter container image to use for the event bus | -| eventbusController.natsStreamingImage | string | `"nats-streaming:0.22.1"` | NATS streaming container image to use for the event bus | -| eventbusController.nodeSelector | object | `{}` | [Node selector] | -| eventbusController.podAnnotations | object | `{}` | Annotations to be added to event bus controller pods | -| eventbusController.podLabels | object | `{}` | Labels to be added to event event bus controller pods | -| eventbusController.priorityClassName | string | `""` | Priority class for the event bus controller | -| eventbusController.replicaCount | int | `1` | The number of event bus controller pods to run | -| eventbusController.resources | object | `{}` | Resource limits and requests for the event bus controller pods | -| eventbusController.tag | string | `""` (default is the chart appVersion) | Overrides the image tag | -| eventbusController.tolerations | list | `[]` | [Tolerations] for use with node taints | +| controller.affinity | object | `{}` | Assign custom [affinity] rules to the deployment | +| controller.containerSecurityContext | object | `{}` | Events controller container-level security context | +| controller.env | list | `[]` | Environment variables to pass to events controller | +| controller.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to events controller | +| controller.extraContainers | list | `[]` | Additional containers to be added to the events controller pods | +| controller.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the events controller | +| controller.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the events controller | +| controller.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the events controller | +| controller.initContainers | list | `[]` | Init containers to add to the events controller pods | +| controller.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| controller.livenessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | +| controller.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| controller.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| controller.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| controller.metrics.enabled | bool | `false` | Deploy metrics service | +| controller.metrics.service.annotations | object | `{}` | Metrics service annotations | +| controller.metrics.service.labels | object | `{}` | Metrics service labels | +| controller.metrics.service.servicePort | int | `8082` | Metrics service port | +| controller.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | +| controller.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| controller.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval | +| controller.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | +| controller.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | +| controller.metrics.serviceMonitor.relabelings | list | `[]` | Prometheus [RelabelConfigs] to apply to samples before scraping | +| controller.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | +| controller.name | string | `"controller-manager"` | Argo Events controller name string | +| controller.nodeSelector | object | `{}` | [Node selector] | +| controller.pdb.annotations | object | `{}` | Annotations to be added to events controller pdb | +| controller.pdb.enabled | bool | `false` | Deploy a PodDisruptionBudget for the events controller | +| controller.pdb.labels | object | `{}` | Labels to be added to events controller pdb | +| controller.podAnnotations | object | `{}` | Annotations to be added to events controller pods | +| controller.podLabels | object | `{}` | Labels to be added to events controller pods | +| controller.priorityClassName | string | `""` | Priority class for the events controller pods | +| controller.rbac.enabled | bool | `true` | Create events controller RBAC | +| controller.rbac.namespaced | bool | `false` | Restrict events controller to operate only in a single namespace instead of cluster-wide scope. | +| controller.rbac.rules | list | `[]` | Additional user rules for event controller's rbac | +| controller.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| controller.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | +| controller.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| controller.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| controller.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| controller.replicas | int | `1` | The number of events controller pods to run. | +| controller.resources | object | `{}` | Resource limits and requests for the events controller pods | +| controller.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | +| controller.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | +| controller.serviceAccount.create | bool | `true` | Create a service account for the events controller | +| controller.serviceAccount.name | string | `""` | Service account name | +| controller.tolerations | list | `[]` | [Tolerations] for use with node taints | +| controller.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the events controller | +| controller.volumeMounts | list | `[]` | Additional volumeMounts to the events controller main container | +| controller.volumes | list | `[]` | Additional volumes to the events controller pod | -### Event Source Controller +### Webhook | Key | Type | Default | Description | |-----|------|---------|-------------| -| eventsourceController.affinity | object | `{}` | Assign custom [affinity] rules to the event source controller | -| eventsourceController.containerSecurityContext | object | `{}` | Event source controller container-level security context | -| eventsourceController.eventsourceImage | string | `"argoproj/argo-events"` | Repository to use for the event source image | -| eventsourceController.extraEnv | list | `[]` | Additional environment variables to pass to event source controller | -| eventsourceController.image | string | `"argoproj/argo-events"` | Repository to use for the event source controller | -| eventsourceController.name | string | `"eventsource-controller"` | Event source controller name | -| eventsourceController.nodeSelector | object | `{}` | [Node selector] | -| eventsourceController.podAnnotations | object | `{}` | Annotations to be added to event source controller pods | -| eventsourceController.podLabels | object | `{}` | Labels to be added to event source controller pods | -| eventsourceController.priorityClassName | string | `""` | Priority class for the event source controller | -| eventsourceController.replicaCount | int | `1` | The number of event source controller pods to run | -| eventsourceController.resources | object | `{}` | Resource limits and requests for the event source controller pods | -| eventsourceController.tag | string | `""` (default is the chart appVersion) | Overrides the image tag | -| eventsourceController.tolerations | list | `[]` | [Tolerations] for use with node taints | - -### Sensor Controller - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| sensorController.affinity | object | `{}` | Assign custom [affinity] rules to the sensor controller | -| sensorController.containerSecurityContext | object | `{}` | Sensor controllers container-level security context | -| sensorController.extraEnv | list | `[]` | Additional environment variables to pass to sensor controller | -| sensorController.image | string | `"argoproj/argo-events"` | Repository to use for the sensor controller | -| sensorController.name | string | `"sensor-controller"` | Sensor controller name | -| sensorController.nodeSelector | object | `{}` | [Node selector] | -| sensorController.podAnnotations | object | `{}` | Annotations to be added to sensor controller pods | -| sensorController.podLabels | object | `{}` | Labels to be added to sensor controller pods | -| sensorController.priorityClassName | string | `""` | Priority class for the sensor controller | -| sensorController.replicaCount | int | `1` | The number of sensor controller pods to run | -| sensorController.resources | object | `{}` | Resource limits and requests for the sensor controller pods | -| sensorController.sensorImage | string | `"argoproj/argo-events"` | Repository to use for the sensor image | -| sensorController.tag | string | `""` (default is the chart appVersion) | Overrides the image tag | -| sensorController.tolerations | list | `[]` | [Tolerations] for use with node taints | +| webhook.affinity | object | `{}` | Assign custom [affinity] rules to the deployment | +| webhook.containerSecurityContext | object | `{}` | Event controller container-level security context | +| webhook.enabled | bool | `false` | Enable admission webhook. Applies only for cluster-wide installation | +| webhook.env | list | `[]` (See [values.yaml]) | Environment variables to pass to event controller | +| webhook.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to event controller | +| webhook.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the event controller | +| webhook.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the event controller | +| webhook.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the event controller | +| webhook.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| webhook.livenessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | +| webhook.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| webhook.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| webhook.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| webhook.name | string | `"events-webhook"` | Argo Events admission webhook name string | +| webhook.nodeSelector | object | `{}` | [Node selector] | +| webhook.pdb.annotations | object | `{}` | Annotations to be added to admission webhook pdb | +| webhook.pdb.enabled | bool | `false` | Deploy a PodDisruptionBudget for the admission webhook | +| webhook.pdb.labels | object | `{}` | Labels to be added to admission webhook pdb | +| webhook.podAnnotations | object | `{}` | Annotations to be added to event controller pods | +| webhook.podLabels | object | `{}` | Labels to be added to event controller pods | +| webhook.priorityClassName | string | `""` | Priority class for the event controller pods | +| webhook.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| webhook.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | +| webhook.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| webhook.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| webhook.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| webhook.replicas | int | `1` | The number of webhook pods to run. | +| webhook.resources | object | `{}` | Resource limits and requests for the event controller pods | +| webhook.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | +| webhook.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | +| webhook.serviceAccount.create | bool | `true` | Create a service account for the admission webhook | +| webhook.serviceAccount.name | string | `""` | Service account name | +| webhook.tolerations | list | `[]` | [Tolerations] for use with node taints | +| webhook.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the event controller | +| webhook.volumeMounts | list | `[]` | Additional volumeMounts to the event controller main container | +| webhook.volumes | list | `[]` | Additional volumes to the event controller pod | ---------------------------------------------- Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) [affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ [Node selector]: https://kubernetes.io/docs/user-guide/node-selection/ +[probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes [Tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ [values.yaml]: values.yaml diff --git a/charts/argo-events/README.md.gotmpl b/charts/argo-events/README.md.gotmpl index 61654981..7ee5cefe 100644 --- a/charts/argo-events/README.md.gotmpl +++ b/charts/argo-events/README.md.gotmpl @@ -1,29 +1,43 @@ # Argo-Events Chart This is a **community maintained** chart. It installs the [argo-events](https://github.com/argoproj/argo-events) application. This application comes packaged with: + - Sensor Custom Resource Definition (See CRD Notes) - EventSource Custom Resource Definition (See CRD Notes) - EventBus Custom Resource Definition (See CRD Notes) -- Sensor Controller Deployment -- EventSource Controller Deployment -- EventBus Controller Deployment -- Service Account -- Roles -- Role Bindings -- Cluster Roles -- Cluster Role Bindings +- Controller Deployment +- Validation Webhook Deployment +- Service Accounts +- Roles / Cluster Roles +- Role Bindings / Cluster Role Bindings -To regenerate this document, from the root of this chart directory run: +To regenerate this document, please run: ```shell -docker run --rm --volume "$(pwd):/helm-docs" -u $(id -u) jnorwood/helm-docs:latest +./scripts/helm-docs.sh ``` -## Notes on CRD Installation +## Upgrading -Some users would prefer to install the CRDs _outside_ of the chart. You can disable the CRD installation of this chart by using `--skip-crds` when installing the chart. +### Custom resource definitions -You can install the CRDs manually from `crds` folder. +Some users would prefer to install the CRDs _outside_ of the chart. You can disable the CRD installation of this chart by using `--set crds.install=false` when installing the chart. + +You can install the CRDs manually from `templates/crds` folder. + +### 2.0.* + +Custom resource definitions were moved to `templates` folder so they can be managed by Helm. + +To adopt already created CRDs please use following command: + +```bash +for crd in "eventbus.argoproj.io" "eventsources.argoproj.io" "sensors.argoproj.io"; do + kubectl label --overwrite crd $crd app.kubernetes.io/managed-by=Helm + kubectl annotate --overwrite crd $crd meta.helm.sh/release-namespace= + kubectl annotate --overwrite crd $crd meta.helm.sh/release-name= +done +``` ## Values @@ -32,46 +46,39 @@ You can install the CRDs manually from `crds` folder. | Key | Type | Default | Description | |-----|------|---------|-------------| {{- range .Values }} - {{- if not (or (hasPrefix "eventbusController" .Key) (hasPrefix "eventsourceController" .Key) (hasPrefix "sensorController" .Key) ) }} + {{- if not (or (hasPrefix "controller" .Key) (hasPrefix "webhook" .Key) ) }} | {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | {{- end }} {{- end }} -### Event Bus Controller +### Controller | Key | Type | Default | Description | |-----|------|---------|-------------| {{- range .Values }} - {{- if hasPrefix "eventbusController" .Key }} + {{- if hasPrefix "controller" .Key }} | {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | {{- end }} {{- end }} -### Event Source Controller +### Webhook | Key | Type | Default | Description | |-----|------|---------|-------------| {{- range .Values }} - {{- if hasPrefix "eventsourceController" .Key }} + {{- if hasPrefix "webhook" .Key }} | {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | {{- end }} {{- end }} -### Sensor Controller - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -{{- range .Values }} - {{- if hasPrefix "sensorController" .Key }} -| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | - {{- end }} -{{- end }} ---------------------------------------------- Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) [affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ [Node selector]: https://kubernetes.io/docs/user-guide/node-selection/ +[probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes [Tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ [values.yaml]: values.yaml diff --git a/charts/argo-events/ci/test-values.yaml b/charts/argo-events/ci/test-values.yaml index a15316ef..122ae333 100644 --- a/charts/argo-events/ci/test-values.yaml +++ b/charts/argo-events/ci/test-values.yaml @@ -1,2 +1 @@ -serviceAccount: argo-events-sa-test singleNamespace: false diff --git a/charts/argo-events/crds/eventbus-crd.yml b/charts/argo-events/crds/eventbus-crd.yml deleted file mode 100644 index 052984c6..00000000 --- a/charts/argo-events/crds/eventbus-crd.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: eventbus.argoproj.io -spec: - group: argoproj.io - names: - kind: EventBus - listKind: EventBusList - plural: eventbus - shortNames: - - eb - singular: eventbus - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - type: object - x-kubernetes-preserve-unknown-fields: true - status: - type: object - x-kubernetes-preserve-unknown-fields: true - required: - - metadata - - spec - type: object - subresources: - status: {} diff --git a/charts/argo-events/crds/eventsource-crd.yml b/charts/argo-events/crds/eventsource-crd.yml deleted file mode 100644 index ea49a4aa..00000000 --- a/charts/argo-events/crds/eventsource-crd.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: eventsources.argoproj.io -spec: - group: argoproj.io - scope: Namespaced - names: - kind: EventSource - plural: eventsources - singular: eventsource - listKind: EventSourceList - shortNames: - - es - versions: - - name: v1alpha1 - served: true - storage: true - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - type: object - x-kubernetes-preserve-unknown-fields: true - status: - type: object - x-kubernetes-preserve-unknown-fields: true - required: - - metadata - - spec - type: object - subresources: - status: {} diff --git a/charts/argo-events/crds/sensor-crd.yml b/charts/argo-events/crds/sensor-crd.yml deleted file mode 100644 index d2414bc3..00000000 --- a/charts/argo-events/crds/sensor-crd.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: sensors.argoproj.io -spec: - group: argoproj.io - names: - kind: Sensor - listKind: SensorList - plural: sensors - singular: sensor - shortNames: - - sn - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - type: object - x-kubernetes-preserve-unknown-fields: true - status: - type: object - x-kubernetes-preserve-unknown-fields: true - required: - - metadata - - spec - type: object - subresources: - status: {} diff --git a/charts/argo-events/templates/_helpers.tpl b/charts/argo-events/templates/_helpers.tpl index c25f9e5f..efbdc669 100644 --- a/charts/argo-events/templates/_helpers.tpl +++ b/charts/argo-events/templates/_helpers.tpl @@ -24,3 +24,76 @@ If release name contains chart name it will be used as a full name. {{- end }} {{- end }} {{- end }} + +{{/* +Create controller name and version as used by the chart label. +*/}} +{{- define "argo-events.controller.fullname" -}} +{{- printf "%s-%s" (include "argo-events.fullname" .) .Values.controller.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the controller service account to use +*/}} +{{- define "argo-events.controller.serviceAccountName" -}} +{{- if .Values.controller.serviceAccount.create -}} + {{ default (include "argo-events.controller.fullname" .) .Values.controller.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.controller.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create webhook name and version as used by the chart label. +*/}} +{{- define "argo-events.webhook.fullname" }} +{{- printf "%s-%s" (include "argo-events.fullname" .) .Values.webhook.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the webhook service account to use +*/}} +{{- define "argo-events.webhook.serviceAccountName" -}} +{{- if .Values.webhook.serviceAccount.create -}} + {{ default (include "argo-events.webhook.fullname" .) .Values.webhook.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.webhook.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "argo-events.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "argo-events.labels" -}} +helm.sh/chart: {{ include "argo-events.chart" .context }} +{{ include "argo-events.selectorLabels" (dict "context" .context "component" .component "name" .name) }} +app.kubernetes.io/managed-by: {{ .context.Release.Service }} +app.kubernetes.io/part-of: argo-events +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "argo-events.selectorLabels" -}} +{{- if .name -}} +app.kubernetes.io/name: {{ include "argo-events.name" .context }}-{{ .name }} +{{- end }} +app.kubernetes.io/instance: {{ .context.Release.Name }} +{{- if .component }} +app.kubernetes.io/component: {{ .component }} +{{- end }} +{{- end }} + +{{/* +Return the default Argo Events app version +*/}} +{{- define "argo-events.defaultTag" -}} + {{- default .Chart.AppVersion .Values.global.image.tag }} +{{- end -}} diff --git a/charts/argo-events/templates/aggregate-roles.yaml b/charts/argo-events/templates/aggregate-roles.yaml index 6b1fc63a..70802798 100644 --- a/charts/argo-events/templates/aggregate-roles.yaml +++ b/charts/argo-events/templates/aggregate-roles.yaml @@ -1,83 +1,86 @@ -{{- if and .Values.createAggregateRoles (not .Values.singleNamespace) }} +{{- if and .Values.createAggregateRoles (not .Values.controller.rbac.namespaced) }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: + name: {{ include "argo-events.fullname" . }}-aggregate-to-admin labels: rbac.authorization.k8s.io/aggregate-to-admin: "true" - name: {{ include "argo-events.fullname" . }}-aggregate-to-admin + {{- include "argo-events.labels" (dict "context" .) | nindent 4 }} rules: - - apiGroups: - - argoproj.io - resources: - - sensors - - sensors/finalizers - - sensors/status - - eventsources - - eventsources/finalizers - - eventsources/status - - eventbus - - eventbus/finalizers - - eventbus/status - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch +- apiGroups: + - argoproj.io + resources: + - sensors + - sensors/finalizers + - sensors/status + - eventsources + - eventsources/finalizers + - eventsources/status + - eventbus + - eventbus/finalizers + - eventbus/status + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: + name: {{ include "argo-events.fullname" . }}-aggregate-to-edit labels: rbac.authorization.k8s.io/aggregate-to-edit: "true" - name: {{ include "argo-events.fullname" . }}-aggregate-to-edit + {{- include "argo-events.labels" (dict "context" .) | nindent 4 }} rules: - - apiGroups: - - argoproj.io - resources: - - sensors - - sensors/finalizers - - sensors/status - - eventsources - - eventsources/finalizers - - eventsources/status - - eventbus - - eventbus/finalizers - - eventbus/status - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch +- apiGroups: + - argoproj.io + resources: + - sensors + - sensors/finalizers + - sensors/status + - eventsources + - eventsources/finalizers + - eventsources/status + - eventbus + - eventbus/finalizers + - eventbus/status + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: + name: {{ include "argo-events.fullname" . }}-aggregate-to-view labels: rbac.authorization.k8s.io/aggregate-to-view: "true" - name: {{ include "argo-events.fullname" . }}-aggregate-to-view + {{- include "argo-events.labels" (dict "context" .) | nindent 4 }} rules: - - apiGroups: - - argoproj.io - resources: - - sensors - - sensors/finalizers - - sensors/status - - eventsources - - eventsources/finalizers - - eventsources/status - - eventbus - - eventbus/finalizers - - eventbus/status - verbs: - - get - - list - - watch +- apiGroups: + - argoproj.io + resources: + - sensors + - sensors/finalizers + - sensors/status + - eventsources + - eventsources/finalizers + - eventsources/status + - eventbus + - eventbus/finalizers + - eventbus/status + verbs: + - get + - list + - watch {{- end }} diff --git a/charts/argo-events/templates/argo-events-cluster-roles.yaml b/charts/argo-events/templates/argo-events-cluster-roles.yaml deleted file mode 100644 index efdd6101..00000000 --- a/charts/argo-events/templates/argo-events-cluster-roles.yaml +++ /dev/null @@ -1,101 +0,0 @@ -{{- if not .Values.singleNamespace }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: argo-events-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: argo-events-role -subjects: - - kind: ServiceAccount - name: {{ .Values.serviceAccount }} - namespace: {{ .Release.Namespace }} - {{- if .Values.additionalSaNamespaces }} - {{ $sa := .Values.serviceAccount }} - {{- range $namespace := .Values.additionalSaNamespaces }} - - kind: ServiceAccount - name: {{ $sa }} - namespace: {{ $namespace }} - {{- end }} - {{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: argo-events-role -rules: - {{- with .Values.additionalServiceAccountRules }} - {{- toYaml . | nindent 2 }} - {{- end }} - - apiGroups: - - "" - resources: - - "events" - verbs: - - "create" - - "patch" - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - argoproj.io - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - resources: - - sensors - - sensors/finalizers - - sensors/status - - eventsources - - eventsources/finalizers - - eventsources/status - - eventbus - - eventbus/finalizers - - eventbus/status - - apiGroups: - - "" - resources: - - pods - - pods/exec - - configmaps - - secrets - - services - - persistentvolumeclaims - verbs: - - create - - get - - list - - watch - - update - - patch - - delete - - apiGroups: - - "apps" - resources: - - deployments - - statefulsets - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -{{- end }} diff --git a/charts/argo-events/templates/argo-events-controller/config.yaml b/charts/argo-events/templates/argo-events-controller/config.yaml new file mode 100644 index 00000000..2458fef9 --- /dev/null +++ b/charts/argo-events/templates/argo-events-controller/config.yaml @@ -0,0 +1,41 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "argo-events.controller.fullname" . }} + labels: + {{- include "argo-events.labels" (dict "context" . "name" .Values.controller.name) | nindent 4 }} +data: + controller-config.yaml: | + eventBus: + {{- if .Values.configs.nats.versions }} + nats: + {{- range .Values.configs.nats.versions }} + versions: + - version: {{ .version }} + natsStreamingImage: {{ .natsStreamingImage }} + metricsExporterImage: {{ .metricsExporterImage }} + {{- end }} + {{- end }} + {{- if .Values.configs.jetstream.versions }} + jetstream: + # Default JetStream settings, could be overridden by EventBus JetStream specs + settings: | + # https://docs.nats.io/running-a-nats-service/configuration#jetstream + # Only configure "max_memory_store" or "max_file_store", do not set "store_dir" as it has been hardcoded. + max_memory_store: {{ .Values.configs.jetstream.settings.maxMemoryStore | default -1 }} + max_file_store: {{ .Values.configs.jetstream.settings.maxFileStore | default -1 }} + streamConfig: | + maxMsgs: {{ .Values.configs.jetstream.streamConfig.maxMsgs }} + maxAge: {{ .Values.configs.jetstream.streamConfig.maxAge }} + maxBytes: {{ .Values.configs.jetstream.streamConfig.maxBytes }} + replicas: {{ .Values.configs.jetstream.streamConfig.replicas }} + duplicates: {{ .Values.configs.jetstream.streamConfig.duplicates }} + {{- range .Values.configs.jetstream.versions }} + versions: + - version: {{ .version }} + natsImage: {{ .natsImage }} + metricsExporterImage: {{ .metricsExporterImage }} + configReloaderImage: {{ .configReloaderImage }} + startCommand: {{ .startCommand }} + {{- end }} + {{- end }} diff --git a/charts/argo-events/templates/argo-events-controller/deployment.yaml b/charts/argo-events/templates/argo-events-controller/deployment.yaml new file mode 100644 index 00000000..88ecf66f --- /dev/null +++ b/charts/argo-events/templates/argo-events-controller/deployment.yaml @@ -0,0 +1,137 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "argo-events.controller.fullname" . }} + labels: + {{- include "argo-events.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} + app.kubernetes.io/version: {{ default (include "argo-events.defaultTag" .) .Values.controller.image.tag | quote }} +spec: + selector: + matchLabels: + {{- include "argo-events.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }} + revisionHistoryLimit: 5 + replicas: {{ .Values.controller.replicas }} + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/argo-events-controller/config.yaml") . | sha256sum }} + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.controller.podAnnotations) }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-events.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 8 }} + app.kubernetes.io/version: {{ default (include "argo-events.defaultTag" .) .Values.controller.image.tag | quote }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.controller.podLabels) }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ .Values.controller.name }} + image: {{ default .Values.global.image.repository .Values.controller.image.repository }}:{{ default (include "argo-events.defaultTag" .) .Values.controller.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.controller.image.imagePullPolicy }} + args: + - controller + {{- if .Values.controller.rbac.namespaced }} + - --namespaced + {{- end }} + {{- with .Values.controller.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + env: + - name: ARGO_EVENTS_IMAGE + value: {{ default .Values.global.image.repository .Values.controller.image.repository }}:{{ default (include "argo-events.defaultTag" .) .Values.controller.image.tag }} + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- with .Values.controller.env }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.envFrom }} + envFrom: + {{- toYaml | nindent 8 }} + {{- end }} + volumeMounts: + - name: config + mountPath: /etc/argo-events + {{- with .Values.controller.volumeMounts }} + {{- toYaml . | nindent 8 }} + {{- end }} + ports: + - name: metrics + containerPort: 7777 + protocol: TCP + - name: probe + containerPort: 8081 + protocol: TCP + livenessProbe: + httpGet: + port: probe + path: /healthz + initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.controller.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }} + readinessProbe: + httpGet: + port: probe + path: /readyz + initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.controller.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} + {{- with .Values.controller.resources }} + resources: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.controller.extraContainers }} + {{- toYaml . | nindent 6 }} + {{- end -}} + {{- with .Values.controller.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.topologySpreadConstraints }} + topologySpreadConstraints: + {{- range $constraint := . }} + - {{ toYaml $constraint | nindent 8 | trim }} + {{- if not $constraint.labelSelector }} + labelSelector: + matchLabels: + {{- include "argo-events.selectorLabels" (dict "context" $ "name" $.Values.controller.name) | nindent 12 }} + {{- end }} + {{- end }} + {{- end }} + serviceAccountName: {{ include "argo-events.controller.serviceAccountName" . }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 6 }} + {{- end }} + volumes: + - name: config + configMap: + name: {{ include "argo-events.controller.fullname" . }} + {{- with .Values.controller.volumes }} + {{- toYaml . | nindent 6 }} + {{- end }} diff --git a/charts/argo-events/templates/argo-events-controller/pdb.yaml b/charts/argo-events/templates/argo-events-controller/pdb.yaml new file mode 100644 index 00000000..576fcfcf --- /dev/null +++ b/charts/argo-events/templates/argo-events-controller/pdb.yaml @@ -0,0 +1,28 @@ +{{- if .Values.controller.pdb.enabled }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "argo-events.controller.fullname" . }} + labels: + {{- include "argo-events.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} + {{- with .Values.controller.pdb.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.controller.pdb.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + {{- if .Values.controller.pdb.minAvailable }} + minAvailable: {{ .Values.controller.pdb.minAvailable }} + {{- else if .Values.controller.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.controller.pdb.maxUnavailable }} + {{- else }} + minAvailable: 0 + {{- end }} + selector: + matchLabels: + {{- include "argo-events.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }} +{{- end }} diff --git a/charts/argo-events/templates/argo-events-controller/rbac.yaml b/charts/argo-events/templates/argo-events-controller/rbac.yaml new file mode 100644 index 00000000..c69c4419 --- /dev/null +++ b/charts/argo-events/templates/argo-events-controller/rbac.yaml @@ -0,0 +1,113 @@ +{{- if .Values.controller.rbac.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: {{ .Values.controller.rbac.namespaced | ternary "Role" "ClusterRole" }} +metadata: + name: {{ include "argo-events.controller.fullname" . }} + labels: + {{- include "argo-events.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} +rules: +{{- if .Values.openshift }} +- apiGroups: + - apps + resources: + - deployments/finalizers + verbs: + - update + {{- if not .Values.controller.rbac.namespaced }} +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles/finalizers + verbs: + - update + {{- end }} +{{- end }} +{{- with .Values.controller.rbac.rules }} + {{- toYaml . | nindent 0 }} +{{- end }} +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - argoproj.io + resources: + - sensors + - sensors/finalizers + - sensors/status + - eventsources + - eventsources/finalizers + - eventsources/status + - eventbus + - eventbus/finalizers + - eventbus/status + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - pods + - pods/exec + - configmaps + - secrets + - services + - persistentvolumeclaims + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - apps + resources: + - deployments + - statefulsets + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: {{ .Values.controller.rbac.namespaced | ternary "RoleBinding" "ClusterRoleBinding" }} +metadata: + name: {{ include "argo-events.controller.fullname" . }} + labels: + {{- include "argo-events.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: {{ .Values.controller.rbac.namespaced | ternary "Role" "ClusterRole" }} + name: {{ include "argo-events.controller.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "argo-events.controller.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/charts/argo-events/templates/argo-events-controller/service.yaml b/charts/argo-events/templates/argo-events-controller/service.yaml new file mode 100644 index 00000000..d0d6ab33 --- /dev/null +++ b/charts/argo-events/templates/argo-events-controller/service.yaml @@ -0,0 +1,25 @@ +{{- if .Values.controller.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "argo-events.controller.fullname" . }}-metrics + {{- with .Values.controller.metrics.service.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-events.labels" (dict "context" . "component" .Values.controller.name "name" (printf "%s-metrics" .Values.controller.name)) | nindent 4 }} + {{- with .Values.controller.metrics.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + ports: + - name: metrics + protocol: TCP + port: {{ .Values.controller.metrics.service.servicePort }} + targetPort: metrics + selector: + {{- include "argo-events.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 4 }} +{{- end }} diff --git a/charts/argo-events/templates/argo-events-controller/serviceaccount.yaml b/charts/argo-events/templates/argo-events-controller/serviceaccount.yaml new file mode 100644 index 00000000..7a035b76 --- /dev/null +++ b/charts/argo-events/templates/argo-events-controller/serviceaccount.yaml @@ -0,0 +1,15 @@ +{{- if .Values.controller.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.controller.serviceAccount.automountServiceAccountToken }} +metadata: + name: {{ include "argo-events.controller.serviceAccountName" . }} + {{- with .Values.controller.serviceAccount.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-events.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} +{{- end }} diff --git a/charts/argo-events/templates/argo-events-controller/servicemonitor.yaml b/charts/argo-events/templates/argo-events-controller/servicemonitor.yaml new file mode 100644 index 00000000..c24979eb --- /dev/null +++ b/charts/argo-events/templates/argo-events-controller/servicemonitor.yaml @@ -0,0 +1,38 @@ +{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "argo-events.controller.fullname" . }} + {{- with .Values.controller.metrics.serviceMonitor.namespace }} + namespace: {{ . }} + {{- end }} + labels: + {{- include "argo-events.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} + {{- with .Values.controller.metrics.serviceMonitor.selector }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.controller.metrics.serviceMonitor.additionalLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + endpoints: + - port: metrics + {{- with .Values.controller.metrics.serviceMonitor.interval }} + interval: {{ . }} + {{- end }} + path: /metrics + {{- with .Values.controller.metrics.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + {{- include "argo-events.selectorLabels" (dict "context" . "component" .Values.controller.name "name" "metrics") | nindent 6 }} +{{- end }} diff --git a/charts/argo-events/templates/argo-events-roles.yaml b/charts/argo-events/templates/argo-events-roles.yaml deleted file mode 100644 index b8e81eff..00000000 --- a/charts/argo-events/templates/argo-events-roles.yaml +++ /dev/null @@ -1,103 +0,0 @@ -{{- if .Values.singleNamespace }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: argo-events-binding - namespace: {{ .Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: argo-events-role -subjects: - - kind: ServiceAccount - name: {{ .Values.serviceAccount }} - namespace: {{ .Release.Namespace }} - {{- if .Values.additionalSaNamespaces }} - {{ $sa := .Values.serviceAccount }} - {{- range $namespace := .Values.additionalSaNamespaces }} - - kind: ServiceAccount - name: {{ $sa }} - namespace: {{ $namespace }} - {{- end }} - {{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: argo-events-role - namespace: {{ .Release.Namespace }} -rules: - {{- with .Values.additionalServiceAccountRules }} - {{- toYaml . | nindent 2 }} - {{- end }} - - apiGroups: - - "" - resources: - - "events" - verbs: - - "create" - - "patch" - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - argoproj.io - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - resources: - - sensors - - sensors/finalizers - - sensors/status - - eventsources - - eventsources/finalizers - - eventsources/status - - eventbus - - eventbus/finalizers - - eventbus/status - - apiGroups: - - "" - resources: - - pods - - pods/exec - - configmaps - - secrets - - services - - persistentvolumeclaims - verbs: - - create - - get - - list - - watch - - update - - patch - - delete - - apiGroups: - - "apps" - resources: - - deployments - - statefulsets - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -{{- end }} diff --git a/charts/argo-events/templates/argo-events-sa.yaml b/charts/argo-events/templates/argo-events-sa.yaml deleted file mode 100644 index fec88b4d..00000000 --- a/charts/argo-events/templates/argo-events-sa.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# All argo-events services are bound to the "argo-events" service account. -# In RBAC enabled setups, this SA is bound to specific roles. -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.serviceAccount }} - namespace: {{ .Release.Namespace }} - {{- with .Values.serviceAccountAnnotations }} - annotations: {{- toYaml . | nindent 4 }} - {{- end }} -{{- if .Values.additionalSaNamespaces }} -{{ $annotations := .Values.serviceAccountAnnotations }} -{{ $sa := .Values.serviceAccount }} -{{- range $namespace := .Values.additionalSaNamespaces }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ $sa }} - namespace: {{ $namespace }} - {{- with $annotations }} - annotations: {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} -{{- end }} diff --git a/charts/argo-events/templates/argo-events-webhook/clusterrole.yaml b/charts/argo-events/templates/argo-events-webhook/clusterrole.yaml new file mode 100644 index 00000000..e47f01b0 --- /dev/null +++ b/charts/argo-events/templates/argo-events-webhook/clusterrole.yaml @@ -0,0 +1,79 @@ +{{- if and .Values.webhook.enabled (not .Values.controller.rbac.namespaced) }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: argo-events-webhook + labels: + {{- include "argo-events.labels" (dict "context" . "name" .Values.webhook.name) | nindent 4 }} +rules: +{{- if .Values.openshift }} +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles/finalizers + verbs: + - update +- apiGroups: + - apps + resources: + - deployments/finalizers + verbs: + - update +{{- end }} +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - create + - update + - delete + - patch + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - apps + resources: + - deployments + verbs: + - get + - list +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - list + - create + - update + - delete + - patch + - watch +- apiGroups: + - argoproj.io + resources: + - eventbus + - eventsources + - sensors + verbs: + - get + - list + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + verbs: + - get + - list +{{- end }} diff --git a/charts/argo-events/templates/argo-events-webhook/clusterrolebinding.yaml b/charts/argo-events/templates/argo-events-webhook/clusterrolebinding.yaml new file mode 100644 index 00000000..5562f139 --- /dev/null +++ b/charts/argo-events/templates/argo-events-webhook/clusterrolebinding.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.webhook.enabled (not .Values.controller.rbac.namespaced) }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "argo-events.webhook.fullname" . }} + labels: + {{- include "argo-events.labels" (dict "context" . "name" .Values.webhook.name) | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: argo-events-webhook +subjects: +- kind: ServiceAccount + name: {{ include "argo-events.webhook.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/charts/argo-events/templates/argo-events-webhook/deployment.yaml b/charts/argo-events/templates/argo-events-webhook/deployment.yaml new file mode 100644 index 00000000..8def5183 --- /dev/null +++ b/charts/argo-events/templates/argo-events-webhook/deployment.yaml @@ -0,0 +1,120 @@ +{{- if and .Values.webhook.enabled (not .Values.controller.rbac.namespaced) }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: events-webhook + labels: + {{- include "argo-events.labels" (dict "context" . "component" .Values.webhook.name "name" .Values.webhook.name) | nindent 4 }} + app.kubernetes.io/version: {{ default (include "argo-events.defaultTag" .) .Values.webhook.image.tag | quote }} +spec: + selector: + matchLabels: + {{- include "argo-events.selectorLabels" (dict "context" . "name" .Values.webhook.name) | nindent 6 }} + revisionHistoryLimit: 5 + replicas: {{ .Values.webhook.replicas }} + template: + metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.webhook.podAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-events.labels" (dict "context" . "component" .Values.webhook.name "name" .Values.webhook.name) | nindent 8 }} + app.kubernetes.io/version: {{ default (include "argo-events.defaultTag" .) .Values.webhook.image.tag | quote }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.webhook.podLabels) }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ .Values.webhook.name }} + image: {{ default .Values.global.image.repository .Values.webhook.image.repository }}:{{ default (include "argo-events.defaultTag" .) .Values.controller.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.webhook.image.imagePullPolicy }} + args: + - webhook-service + {{- with .Values.webhook.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- with .Values.webhook.env }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.webhook.envFrom }} + envFrom: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.webhook.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 8 }} + {{- end }} + ports: + - name: webhook + containerPort: 443 + protocol: TCP + livenessProbe: + tcpSocket: + port: webhook + initialDelaySeconds: {{ .Values.webhook.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.webhook.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.webhook.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.webhook.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.webhook.livenessProbe.failureThreshold }} + readinessProbe: + tcpSocket: + port: webhook + initialDelaySeconds: {{ .Values.webhook.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.webhook.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.webhook.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.webhook.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.webhook.readinessProbe.failureThreshold }} + {{- with .Values.webhook.resources }} + resources: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.webhook.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.webhook.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.webhook.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.webhook.topologySpreadConstraints }} + topologySpreadConstraints: + {{- range $constraint := . }} + - {{ toYaml $constraint | nindent 8 | trim }} + {{- if not $constraint.labelSelector }} + labelSelector: + matchLabels: + {{- include "argo-events.selectorLabels" (dict "context" $ "name" $.Values.webhook.name) | nindent 12 }} + {{- end }} + {{- end }} + {{- end }} + serviceAccountName: {{ include "argo-events.webhook.serviceAccountName" . }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.webhook.volumes }} + volumes: + {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/charts/argo-events/templates/argo-events-webhook/pdb.yaml b/charts/argo-events/templates/argo-events-webhook/pdb.yaml new file mode 100644 index 00000000..3bf08225 --- /dev/null +++ b/charts/argo-events/templates/argo-events-webhook/pdb.yaml @@ -0,0 +1,28 @@ +{{- if and .Values.webhook.enabled .Values.webhook.pdb.enabled (not .Values.controller.rbac.namespaced) }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "argo-events.webhook.fullname" . }} + labels: + {{- include "argo-events.labels" (dict "context" . "component" .Values.webhook.name "name" .Values.webhook.name) | nindent 4 }} + {{- with .Values.webhook.pdb.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.webhook.pdb.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + {{- if .Values.webhook.pdb.minAvailable }} + minAvailable: {{ .Values.webhook.pdb.minAvailable }} + {{- else if .Values.webhook.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.webhook.pdb.maxUnavailable }} + {{- else }} + minAvailable: 0 + {{- end }} + selector: + matchLabels: + {{- include "argo-events.selectorLabels" (dict "context" . "name" .Values.webhook.name) | nindent 6 }} +{{- end }} diff --git a/charts/argo-events/templates/argo-events-webhook/service.yaml b/charts/argo-events/templates/argo-events-webhook/service.yaml new file mode 100644 index 00000000..cb85a8cb --- /dev/null +++ b/charts/argo-events/templates/argo-events-webhook/service.yaml @@ -0,0 +1,14 @@ +{{- if and .Values.webhook.enabled (not .Values.controller.rbac.namespaced) }} +apiVersion: v1 +kind: Service +metadata: + name: events-webhook + labels: + {{- include "argo-events.labels" (dict "context" . "name" .Values.webhook.name) | nindent 4 }} +spec: + ports: + - port: 443 + targetPort: webhook + selector: + {{- include "argo-events.selectorLabels" (dict "context" $ "name" $.Values.webhook.name) | nindent 4 }} +{{- end }} diff --git a/charts/argo-events/templates/argo-events-webhook/serviceaccount.yaml b/charts/argo-events/templates/argo-events-webhook/serviceaccount.yaml new file mode 100644 index 00000000..b723a77f --- /dev/null +++ b/charts/argo-events/templates/argo-events-webhook/serviceaccount.yaml @@ -0,0 +1,15 @@ +{{- if and .Values.webhook.serviceAccount.create (not .Values.controller.rbac.namespaced) }} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.webhook.serviceAccount.automountServiceAccountToken }} +metadata: + name: {{ include "argo-events.webhook.serviceAccountName" . }} + {{- with .Values.webhook.serviceAccount.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-events.labels" (dict "context" . "component" .Values.webhook.name "name" .Values.webhook.name) | nindent 4 }} +{{- end }} diff --git a/charts/argo-events/templates/crds/eventbus-crd.yml b/charts/argo-events/templates/crds/eventbus-crd.yml new file mode 100644 index 00000000..f967b9b0 --- /dev/null +++ b/charts/argo-events/templates/crds/eventbus-crd.yml @@ -0,0 +1,48 @@ +{{- if .Values.crds.install }} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: eventbus.argoproj.io + annotations: + {{- if .Values.crds.keep }} + "helm.sh/resource-policy": keep + {{- end }} + {{- with .Values.crds.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + group: argoproj.io + names: + kind: EventBus + listKind: EventBusList + plural: eventbus + shortNames: + - eb + singular: eventbus + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +{{- end }} diff --git a/charts/argo-events/templates/crds/eventsource-crd.yml b/charts/argo-events/templates/crds/eventsource-crd.yml new file mode 100644 index 00000000..72fee21c --- /dev/null +++ b/charts/argo-events/templates/crds/eventsource-crd.yml @@ -0,0 +1,48 @@ +{{- if .Values.crds.install }} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: eventsources.argoproj.io + annotations: + {{- if .Values.crds.keep }} + "helm.sh/resource-policy": keep + {{- end }} + {{- with .Values.crds.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + group: argoproj.io + names: + kind: EventSource + listKind: EventSourceList + plural: eventsources + shortNames: + - es + singular: eventsource + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +{{- end }} diff --git a/charts/argo-events/templates/crds/sensor-crd.yml b/charts/argo-events/templates/crds/sensor-crd.yml new file mode 100644 index 00000000..3dbf2dc8 --- /dev/null +++ b/charts/argo-events/templates/crds/sensor-crd.yml @@ -0,0 +1,48 @@ +{{- if .Values.crds.install }} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: sensors.argoproj.io + annotations: + {{- if .Values.crds.keep }} + "helm.sh/resource-policy": keep + {{- end }} + {{- with .Values.crds.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + group: argoproj.io + names: + kind: Sensor + listKind: SensorList + plural: sensors + shortNames: + - sn + singular: sensor + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +{{- end }} diff --git a/charts/argo-events/templates/eventbus-controller/deployment.yaml b/charts/argo-events/templates/eventbus-controller/deployment.yaml deleted file mode 100644 index 48022cf6..00000000 --- a/charts/argo-events/templates/eventbus-controller/deployment.yaml +++ /dev/null @@ -1,85 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-{{ .Values.eventbusController.name }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Release.Name }}-{{ .Values.eventbusController.name }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.eventbusController.replicaCount }} - selector: - matchLabels: - app: {{ .Release.Name }}-{{ .Values.eventbusController.name }} - release: {{ .Release.Name }} - template: - metadata: - labels: - app: {{ .Release.Name }}-{{ .Values.eventbusController.name }} - release: {{ .Release.Name }} - {{- with .Values.eventbusController.podLabels }} - {{- tpl (toYaml .) $ | nindent 8 }} - {{- end }} - {{- with .Values.eventbusController.podAnnotations }} - annotations: {{- toYaml . | nindent 8 }} - {{- end }} - spec: - serviceAccountName: {{ .Values.serviceAccount }} - containers: - - name: {{ .Values.eventbusController.name }} - image: "{{ .Values.registry }}/{{ .Values.eventbusController.image }}:{{ .Values.eventbusController.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.imagePullPolicy }} - args: - - eventbus-controller - {{- if .Values.singleNamespace }} - - --namespaced - {{- end }} - env: - {{- with .Values.eventbusController.extraEnv }} - {{- toYaml . | nindent 12 }} - {{- end }} - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: NATS_STREAMING_IMAGE - value: {{ .Values.eventbusController.natsStreamingImage }} - - name: NATS_METRICS_EXPORTER_IMAGE - value: {{ .Values.eventbusController.natsMetricsExporterImage }} - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 3 - periodSeconds: 3 - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 3 - periodSeconds: 3 - resources: {{- toYaml .Values.eventbusController.resources | nindent 12 }} - {{- with .Values.eventbusController.containerSecurityContext }} - securityContext: {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.eventbusController.priorityClassName }} - priorityClassName: {{ . | quote }} - {{- end }} - {{- with .Values.securityContext }} - securityContext: {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if .Values.eventbusController.nodeSelector }} - nodeSelector: {{ toYaml .Values.eventbusController.nodeSelector | nindent 8 }} - {{- end }} - {{- if .Values.eventbusController.tolerations }} - tolerations: {{ toYaml .Values.eventbusController.tolerations | nindent 8 }} - {{- end }} - {{- if .Values.eventbusController.affinity }} - affinity: {{ toYaml .Values.eventbusController.affinity | nindent 8 }} - {{- end }} diff --git a/charts/argo-events/templates/eventsource-controller/deployment.yaml b/charts/argo-events/templates/eventsource-controller/deployment.yaml deleted file mode 100644 index 9fd55776..00000000 --- a/charts/argo-events/templates/eventsource-controller/deployment.yaml +++ /dev/null @@ -1,83 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-{{ .Values.eventsourceController.name }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Release.Name }}-{{ .Values.eventsourceController.name }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.eventsourceController.replicaCount }} - selector: - matchLabels: - app: {{ .Release.Name }}-{{ .Values.eventsourceController.name }} - release: {{ .Release.Name }} - template: - metadata: - labels: - app: {{ .Release.Name }}-{{ .Values.eventsourceController.name }} - release: {{ .Release.Name }} - {{- with .Values.eventsourceController.podLabels }} - {{- tpl (toYaml .) $ | nindent 8 }} - {{- end }} - {{- with .Values.eventsourceController.podAnnotations }} - annotations: {{- toYaml . | nindent 8 }} - {{- end }} - spec: - serviceAccountName: {{ .Values.serviceAccount }} - containers: - - name: {{ .Values.eventsourceController.name }} - image: "{{ .Values.registry }}/{{ .Values.eventsourceController.image }}:{{ .Values.eventsourceController.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.imagePullPolicy }} - args: - - eventsource-controller - {{- if .Values.singleNamespace }} - - --namespaced - {{- end }} - env: - {{- with .Values.eventsourceController.extraEnv }} - {{- toYaml . | nindent 12 }} - {{- end }} - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: EVENTSOURCE_IMAGE - value: "{{ .Values.registry }}/{{ .Values.eventsourceController.eventsourceImage }}:{{ .Values.eventsourceController.tag | default .Chart.AppVersion }}" - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 3 - periodSeconds: 3 - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 3 - periodSeconds: 3 - resources: {{- toYaml .Values.eventsourceController.resources | nindent 12 }} - {{- with .Values.eventsourceController.containerSecurityContext }} - securityContext: {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.eventsourceController.priorityClassName }} - priorityClassName: {{ . | quote }} - {{- end }} - {{- with .Values.securityContext }} - securityContext: {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if .Values.eventsourceController.nodeSelector }} - nodeSelector: {{ toYaml .Values.eventsourceController.nodeSelector | nindent 8 }} - {{- end }} - {{- if .Values.eventsourceController.tolerations }} - tolerations: {{ toYaml .Values.eventsourceController.tolerations | nindent 8 }} - {{- end }} - {{- if .Values.eventsourceController.affinity }} - affinity: {{ toYaml .Values.eventsourceController.affinity | nindent 8 }} - {{- end }} diff --git a/charts/argo-events/templates/sensor-controller/deployment.yaml b/charts/argo-events/templates/sensor-controller/deployment.yaml deleted file mode 100644 index da678b54..00000000 --- a/charts/argo-events/templates/sensor-controller/deployment.yaml +++ /dev/null @@ -1,83 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-{{ .Values.sensorController.name }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Release.Name }}-{{ .Values.sensorController.name }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.sensorController.replicaCount }} - selector: - matchLabels: - app: {{ .Release.Name }}-{{ .Values.sensorController.name }} - release: {{ .Release.Name }} - template: - metadata: - labels: - app: {{ .Release.Name }}-{{ .Values.sensorController.name }} - release: {{ .Release.Name }} - {{- with .Values.sensorController.podLabels }} - {{- tpl (toYaml .) $ | nindent 8 }} - {{- end }} - {{- with .Values.sensorController.podAnnotations }} - annotations: {{- toYaml . | nindent 8 }} - {{- end }} - spec: - serviceAccountName: {{ .Values.serviceAccount }} - containers: - - name: {{ .Values.sensorController.name }} - image: "{{ .Values.registry }}/{{ .Values.sensorController.image }}:{{ .Values.sensorController.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.imagePullPolicy }} - args: - - sensor-controller - {{- if .Values.singleNamespace }} - - --namespaced - {{- end }} - env: - {{- with .Values.sensorController.extraEnv }} - {{- toYaml . | nindent 12 }} - {{- end }} - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: SENSOR_IMAGE - value: "{{ .Values.registry }}/{{ .Values.sensorController.sensorImage }}:{{ .Values.sensorController.tag | default .Chart.AppVersion }}" - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 3 - periodSeconds: 3 - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 3 - periodSeconds: 3 - resources: {{- toYaml .Values.sensorController.resources | nindent 12 }} - {{- with .Values.sensorController.containerSecurityContext }} - securityContext: {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.sensorController.priorityClassName }} - priorityClassName: {{ . | quote }} - {{- end }} - {{- with .Values.securityContext }} - securityContext: {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if .Values.sensorController.nodeSelector }} - nodeSelector: {{ toYaml .Values.sensorController.nodeSelector | nindent 8 }} - {{- end }} - {{- if .Values.sensorController.tolerations }} - tolerations: {{ toYaml .Values.sensorController.tolerations | nindent 8 }} - {{- end }} - {{- if .Values.sensorController.affinity }} - affinity: {{ toYaml .Values.sensorController.affinity | nindent 8 }} - {{- end }} diff --git a/charts/argo-events/values.yaml b/charts/argo-events/values.yaml index 074a8fdf..41b76e8b 100644 --- a/charts/argo-events/values.yaml +++ b/charts/argo-events/values.yaml @@ -1,163 +1,404 @@ -# -- String to partially override "argo-events.fullname" template -nameOverride: "" +## Argo Events configuration +## Ref: https://github.com/argoproj/argo-events +## +# -- Provide a name in place of `argo-events` +nameOverride: argo-events # -- String to fully override "argo-events.fullname" template fullnameOverride: "" -# -- docker registry -registry: quay.io +# -- Deploy on OpenShift +openshift: false -# -- The image pull policy -imagePullPolicy: Always +# -- Create clusterroles that extend existing clusterroles to interact with argo-events crds +# Only applies for cluster-wide installation (`controller.rbac.namespaced: false`) +## Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles +createAggregateRoles: false -# -- Secrets with credentials to pull images from a private registry -imagePullSecrets: [] -# - name: argo-pull-secret +## Custom resource configuration +crds: + # -- Install and upgrade CRDs + install: true + # -- Keep CRDs on chart uninstall + keep: true + # -- Annotations to be added to all CRDs + annotations: {} -# -- ServiceAccount to use for running controller. -serviceAccount: argo-events-sa +global: + image: + # -- If defined, a repository applied to all Argo Events deployments + repository: quay.io/argoproj/argo-events + # -- Overrides the global Argo Events image tag whose default is the chart appVersion + tag: "" + # -- If defined, a imagePullPolicy applied to all Argo Events deployments + imagePullPolicy: IfNotPresent -# -- Annotations applied to created service account. Can be used to enable GKE workload identity, or other use-cases -serviceAccountAnnotations: {} - -# -- Create service accounts in additional namespaces specified -# The SA will always be created in the release namespaces -additionalSaNamespaces: [] - # - argo-prod - -# -- Additional rules -# @default -- (See [values.yaml]) -additionalServiceAccountRules: -- apiGroups: - - apiextensions.k8s.io - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - resources: - - customresourcedefinitions - -# -- Create clusterroles that extend existing clusterroles to interact with argo-events CRDs. -# Only applies for cluster-wide installation (`singleNamespace: true`) -createAggregateRoles: true - -# -- Whether to run in namespaced scope. -# Set `singleNamespace` to false to have the controllers -# listen on all namespaces. Otherwise the controllers will listen -# on the namespace where the chart is installed in. -singleNamespace: true - -# sensor controller -sensorController: - # -- Sensor controller name - name: sensor-controller - # -- Repository to use for the sensor controller - image: argoproj/argo-events - # -- Overrides the image tag - # @default -- `""` (default is the chart appVersion) - tag: "" - # -- The number of sensor controller pods to run - replicaCount: 1 - # -- Additional environment variables to pass to sensor controller - extraEnv: [] - # - name: DEBUG_LOG - # value: "true" - - # -- Repository to use for the sensor image - sensorImage: argoproj/argo-events - # -- Annotations to be added to sensor controller pods + # -- If defined, uses a Secret to pull an image from a private Docker registry or repository + imagePullSecrets: [] + # -- Annotations for the all deployed pods podAnnotations: {} + # -- Labels for the all deployed pods + podLabels: {} + + # -- Additional labels to add to all resources + additionalLabels: {} + # app: argo-events + + # -- Toggle and define securityContext. See [values.yaml] + securityContext: {} + # runAsNonRoot: true + # runAsUser: 9731 + # runAsGroup: 9731 + # fsGroup: 9731 + + # -- Mapping between IP and hostnames that will be injected as entries in the pod's hosts files + hostAliases: [] + # - ip: 10.20.30.40 + # hostnames: + # - git.myhostname + +## Event bus configuration +configs: + ## NATS event bus + nats: + # -- Supported versions of NATS event bus + # @default -- `[]` (See [values.yaml]) + versions: [] + # - version: 0.22.1 + # natsStreamingImage: nats-streaming:0.22.1 + # metricsExporterImage: natsio/prometheus-nats-exporter:0.8.0 + + ## JetStream event bus + jetstream: + # Default JetStream settings, could be overridden by EventBus JetStream spec + # Ref: https://docs.nats.io/running-a-nats-service/configuration#jetstream + settings: + # -- Maximum size of the memory storage (e.g. 1G) + maxMemoryStore: -1 + # -- Maximum size of the file storage (e.g. 20G) + maxFileStore: -1 + streamConfig: + # -- Maximum number of messages before expiring oldest message + maxMsgs: 1000000 + # -- Maximum age of existing messages, i.e. “72h”, “4h35m” + maxAge: 72h + # Total size of messages before expiring oldest message, 0 means unlimited. + maxBytes: 1GB + # -- Number of replicas, defaults to 3 and requires minimal 3 + replicas: 3 + # -- Not documented at the moment + duplicates: 300s + # Supported versions of JetStream eventbus + # @default -- `[]` (See [values.yaml]) + versions: [] + # - version: latest + # natsImage: nats:2.8.1 + # metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1 + # configReloaderImage: natsio/nats-server-config-reloader:0.6.3 + # startCommand: /nats-server + # - version: "2.8.1" + # natsImage: nats:2.8.1 + # metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1 + # configReloaderImage: natsio/nats-server-config-reloader:0.6.3 + # startCommand: /nats-server + # - version: 2.8.1-alpine + # natsImage: nats:2.8.1-alpine + # metricsExporterImage: natsio/prometheus-nats-exporter:0.9.1 + # configReloaderImage: natsio/nats-server-config-reloader:0.6.3 + # startCommand: nats-server + +## Argo Events controller +controller: + # -- Argo Events controller name string + name: controller-manager + + rbac: + # -- Create events controller RBAC + enabled: true + # -- Restrict events controller to operate only in a single namespace instead of cluster-wide scope. + namespaced: false + # -- Additional user rules for event controller's rbac + rules: [] + + image: + # -- Repository to use for the events controller + # @default -- `""` (defaults to global.image.repository) + repository: "" + # -- Tag to use for the events controller + # @default -- `""` (defaults to global.image.tag) + tag: "" + # -- Image pull policy for the events controller + # @default -- `""` (defaults to global.image.imagePullPolicy) + imagePullPolicy: "" + + # -- The number of events controller pods to run. + replicas: 1 + + # Pod disruption budget + pdb: + # -- Deploy a PodDisruptionBudget for the events controller + enabled: false + # minAvailable: 1 + # maxUnavailable: 0 + # -- Labels to be added to events controller pdb + labels: {} + # -- Annotations to be added to events controller pdb + annotations: {} + + # -- Environment variables to pass to events controller + env: [] + # - name: DEBUG_LOG + # value: "true" + + # -- envFrom to pass to events controller + # @default -- `[]` (See [values.yaml]) + envFrom: [] + # - configMapRef: + # name: config-map-name + # - secretRef: + # name: secret-name + + # -- Annotations to be added to events controller pods + podAnnotations: {} + + # -- Labels to be added to events controller pods + podLabels: {} + + # -- Events controller container-level security context + containerSecurityContext: {} + # capabilities: + # drop: + # - all + # readOnlyRootFilesystem: true + # runAsNonRoot: true + + ## Readiness and liveness probes for default backend + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + readinessProbe: + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 10 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 10 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 1 + livenessProbe: + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 10 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 10 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 1 + + # -- Additional volumes to the events controller pod + volumes: [] + + # -- Additional volumeMounts to the events controller main container + volumeMounts: [] + # -- [Node selector] nodeSelector: {} - # -- Labels to be added to sensor controller pods - podLabels: {} - # -- Priority class for the sensor controller - priorityClassName: "" # -- [Tolerations] for use with node taints tolerations: [] - # -- Assign custom [affinity] rules to the sensor controller + # -- Assign custom [affinity] rules to the deployment affinity: {} - # -- Resource limits and requests for the sensor controller pods + + # -- Assign custom [TopologySpreadConstraints] rules to the events controller + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + + # -- Priority class for the events controller pods + priorityClassName: "" + + # -- Resource limits and requests for the events controller pods resources: {} - # -- Sensor controllers container-level security context - containerSecurityContext: {} + # limits: + # cpu: 500m + # memory: 512Mi + # requests: + # cpu: 250m + # memory: 256Mi -eventsourceController: - # -- Event source controller name - name: eventsource-controller - # -- Repository to use for the event source controller - image: argoproj/argo-events - # -- Overrides the image tag - # @default -- `""` (default is the chart appVersion) - tag: "" - # -- The number of event source controller pods to run - replicaCount: 1 - # -- Additional environment variables to pass to event source controller - extraEnv: [] - # - name: DEBUG_LOG - # value: "true" + # -- Additional containers to be added to the events controller pods + extraContainers: [] - # -- Repository to use for the event source image - eventsourceImage: argoproj/argo-events - # -- Annotations to be added to event source controller pods + # -- Init containers to add to the events controller pods + initContainers: [] + + serviceAccount: + # -- Create a service account for the events controller + create: true + # -- Service account name + name: "" + # -- Annotations applied to created service account + annotations: {} + # -- Automount API credentials for the Service Account + automountServiceAccountToken: true + + ## Events controller metrics configuration + metrics: + # -- Deploy metrics service + enabled: false + service: + # -- Metrics service annotations + annotations: {} + # -- Metrics service labels + labels: {} + # -- Metrics service port + servicePort: 8082 + serviceMonitor: + # -- Enable a prometheus ServiceMonitor + enabled: false + # -- Prometheus ServiceMonitor interval + interval: 30s + # -- Prometheus [RelabelConfigs] to apply to samples before scraping + relabelings: [] + # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion + metricRelabelings: [] + # -- Prometheus ServiceMonitor selector + selector: {} + # prometheus: kube-prometheus + # -- Prometheus ServiceMonitor namespace + namespace: "" # "monitoring" + # -- Prometheus ServiceMonitor labels + additionalLabels: {} + +## Argo Events admission webhook +webhook: + # -- Enable admission webhook. Applies only for cluster-wide installation + enabled: false + + # -- Argo Events admission webhook name string + name: events-webhook + + image: + # -- Repository to use for the event controller + # @default -- `""` (defaults to global.image.repository) + repository: "" + # -- Tag to use for the event controller + # @default -- `""` (defaults to global.image.tag) + tag: "" + # -- Image pull policy for the event controller + # @default -- `""` (defaults to global.image.imagePullPolicy) + imagePullPolicy: "" + + # -- The number of webhook pods to run. + replicas: 1 + + # Pod disruption budget + pdb: + # -- Deploy a PodDisruptionBudget for the admission webhook + enabled: false + # minAvailable: 1 + # maxUnavailable: 0 + # -- Labels to be added to admission webhook pdb + labels: {} + # -- Annotations to be added to admission webhook pdb + annotations: {} + + # -- Environment variables to pass to event controller + # @default -- `[]` (See [values.yaml]) + env: [] + # - name: DEBUG_LOG + # value: "true" + + # -- envFrom to pass to event controller + # @default -- `[]` (See [values.yaml]) + envFrom: [] + # - configMapRef: + # name: config-map-name + # - secretRef: + # name: secret-name + + # -- Annotations to be added to event controller pods podAnnotations: {} + + # -- Labels to be added to event controller pods + podLabels: {} + + # -- Event controller container-level security context + containerSecurityContext: {} + # capabilities: + # drop: + # - all + # readOnlyRootFilesystem: true + # runAsNonRoot: true + + ## Readiness and liveness probes for default backend + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + readinessProbe: + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 10 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 10 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 1 + livenessProbe: + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 10 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 10 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 1 + + # -- Additional volumeMounts to the event controller main container + volumeMounts: [] + + # -- Additional volumes to the event controller pod + volumes: [] + # -- [Node selector] nodeSelector: {} - # -- Labels to be added to event source controller pods - podLabels: {} - # -- Priority class for the event source controller - priorityClassName: "" # -- [Tolerations] for use with node taints tolerations: [] - # -- Assign custom [affinity] rules to the event source controller + # -- Assign custom [affinity] rules to the deployment affinity: {} - # -- Resource limits and requests for the event source controller pods - resources: {} - # -- Event source controller container-level security context - containerSecurityContext: {} -eventbusController: - # -- Event bus controller name - name: eventbus-controller - # -- Repository to use for the event bus controller - image: argoproj/argo-events - # -- Overrides the image tag - # @default -- `""` (default is the chart appVersion) - tag: "" - # -- The number of event bus controller pods to run - replicaCount: 1 - # -- Additional environment variables to pass to event bus controller - extraEnv: [] - # - name: DEBUG_LOG - # value: "true" + # -- Assign custom [TopologySpreadConstraints] rules to the event controller + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule - # -- Annotations to be added to event bus controller pods - podAnnotations: {} - # -- [Node selector] - nodeSelector: {} - # -- Labels to be added to event event bus controller pods - podLabels: {} - # -- Priority class for the event bus controller + # -- Priority class for the event controller pods priorityClassName: "" - # -- [Tolerations] for use with node taints - tolerations: [] - # -- Assign custom [affinity] rules to the event bus controller - affinity: {} - # -- Resource limits and requests for the event bus controller pods - resources: {} - # -- NATS streaming container image to use for the event bus - natsStreamingImage: nats-streaming:0.22.1 - # -- NATS metrics exporter container image to use for the event bus - natsMetricsExporterImage: natsio/prometheus-nats-exporter:0.8.0 - # -- Event bus controller container-level security context - containerSecurityContext: {} -# -- Common PodSecurityContext for all controllers -securityContext: - runAsNonRoot: true - runAsUser: 9731 + # -- Resource limits and requests for the event controller pods + resources: {} + # limits: + # cpu: 500m + # memory: 512Mi + # requests: + # cpu: 250m + # memory: 256Mi + + serviceAccount: + # -- Create a service account for the admission webhook + create: true + # -- Service account name + name: "" + # -- Annotations applied to created service account + annotations: {} + # -- Automount API credentials for the Service Account + automountServiceAccountToken: true