DevFW-CICD/argocd-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: add support for namespaced install (#263)

Browse source
This commit is contained in:
Kristof Farkas-Pall 2020-04-30 22:00:07 +01:00 committed by GitHub
parent ab83169c2d
commit de30e84cf4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
12 changed files with 72 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored
View file

@ -1,4 +1,5 @@
output output
.vscode .vscode
.DS_Store .DS_Store
.idea
**/*.tgz **/*.tgz

2
charts/argo/Chart.yaml
View file

@ -2,7 +2,7 @@ apiVersion: v1
appVersion: "v2.7.6" appVersion: "v2.7.6"
description: A Helm chart for Argo Workflows description: A Helm chart for Argo Workflows
name: argo name: argo
version: 0.8.4 version: 0.8.5
icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
home: https://github.com/argoproj/argo-helm home: https://github.com/argoproj/argo-helm
maintainers: maintainers:

8
charts/argo/templates/server-cluster-role.yaml
View file

@ -1,8 +1,14 @@
{{- if .Values.server.enabled }} {{- if .Values.server.enabled }}
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
{{- if .Values.singleNamespace }}
kind: Role
metadata:
name: {{ .Release.Name }}-{{ .Values.server.name }}-role
{{ else }}
kind: ClusterRole kind: ClusterRole
metadata: metadata:
name: {{ .Release.Name }}-{{ .Values.server.name}}-cluster-role name: {{ .Release.Name }}-{{ .Values.server.name }}-cluster-role
{{- end }}
rules: rules:
- apiGroups: - apiGroups:
- "" - ""

11
charts/argo/templates/server-crb.yaml
View file

@ -1,12 +1,23 @@
{{- if .Values.server.enabled -}} {{- if .Values.server.enabled -}}
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
{{- if .Values.singleNamespace }}
kind: RoleBinding
metadata:
name: {{ .Release.Name }}-{{ .Values.server.name}}-rb
{{ else }}
kind: ClusterRoleBinding kind: ClusterRoleBinding
metadata: metadata:
name: {{ .Release.Name }}-{{ .Values.server.name}}-crb name: {{ .Release.Name }}-{{ .Values.server.name}}-crb
{{- end }}
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
{{- if .Values.singleNamespace }}
kind: Role
name: {{ .Release.Name }}-{{ .Values.server.name}}-role
{{ else }}
kind: ClusterRole kind: ClusterRole
name: {{ .Release.Name }}-{{ .Values.server.name}}-cluster-role name: {{ .Release.Name }}-{{ .Values.server.name}}-cluster-role
{{- end }}
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: {{ .Values.server.serviceAccount }} name: {{ .Values.server.serviceAccount }}

27
charts/argo/templates/server-deployment.yaml
View file

@ -1,5 +1,5 @@
{{- if .Values.server.enabled -}}
{{- if .Values.server.enabled -}}apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: {{ .Release.Name }}-{{ .Values.server.name}} name: {{ .Release.Name }}-{{ .Values.server.name}}
@ -13,7 +13,6 @@ spec:
matchLabels: matchLabels:
app: {{ .Release.Name }}-{{ .Values.server.name}} app: {{ .Release.Name }}-{{ .Values.server.name}}
release: {{ .Release.Name }} release: {{ .Release.Name }}
app: {{ .Release.Name }}-{{ .Values.server.name}}
template: template:
metadata: metadata:
labels: labels:
@ -35,26 +34,24 @@ spec:
{{- if .Values.server.extraArgs }} {{- if .Values.server.extraArgs }}
{{- toYaml .Values.server.extraArgs | nindent 10 }} {{- toYaml .Values.server.extraArgs | nindent 10 }}
{{- end }} {{- end }}
{{- if .Values.singleNamespace }}
- "--namespaced"
{{- end }}
image: "{{ .Values.images.namespace }}/{{ .Values.images.server }}:{{ default .Values.images.tag .Values.server.image.tag }}" image: "{{ .Values.images.namespace }}/{{ .Values.images.server }}:{{ default .Values.images.tag .Values.server.image.tag }}"
imagePullPolicy: {{ .Values.images.pullPolicy }} imagePullPolicy: {{ .Values.images.pullPolicy }}
{{- if .Values.server.podPortName }} {{- if .Values.server.podPortName }}
ports: ports:
- name: {{ .Values.server.podPortName }} - name: {{ .Values.server.podPortName }}
ports:
containerPort: 2746 containerPort: 2746
readinessProbe:
httpGet:
path: /
port: 2746
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 20
{{- end }} {{- end }}
readinessProbe:
httpGet:
path: /
port: 2746
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 20
env: env:
{{- if .Values.server.forceNamespaceIsolation }}
- name: FORCE_NAMESPACE_ISOLATION
value: "true"
{{- end }}
- name: IN_CLUSTER - name: IN_CLUSTER
value: "true" value: "true"
- name: ARGO_NAMESPACE - name: ARGO_NAMESPACE

2
charts/argo/templates/server-sa.yaml
View file

@ -3,4 +3,6 @@ apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
name: {{ .Values.server.serviceAccount }} name: {{ .Values.server.serviceAccount }}
annotations:
{{ toYaml .Values.server.serviceAccountAnnotations | indent 4 }}
{{- end -}} {{- end -}}

8
charts/argo/templates/workflow-controller-clusterrole.yaml
View file

@ -1,7 +1,13 @@
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
{{- if .Values.singleNamespace }}
kind: Role
metadata:
name: {{ .Release.Name }}-{{ .Values.controller.name }}-role
{{ else }}
kind: ClusterRole kind: ClusterRole
metadata: metadata:
name: {{ .Release.Name }}-{{ .Values.controller.name}}-cluster-role name: {{ .Release.Name }}-{{ .Values.controller.name }}-cluster-role
{{- end }}
rules: rules:
- apiGroups: - apiGroups:
- "" - ""

5
charts/argo/templates/workflow-controller-config-map.yaml
View file

@ -16,6 +16,11 @@ data:
{{- end }} {{- end }}
{{- end }} {{- end }}
containerRuntimeExecutor: {{ .Values.controller.containerRuntimeExecutor }} containerRuntimeExecutor: {{ .Values.controller.containerRuntimeExecutor }}
{{- with .Values.executor.resources }}
executor:
resources:
{{- toYaml . | nindent 8 }}
{{- end }}
artifactRepository: artifactRepository:
{{- if or .Values.minio.install .Values.useDefaultArtifactRepo }} {{- if or .Values.minio.install .Values.useDefaultArtifactRepo }}
{{- if .Values.artifactRepository.archiveLogs }} {{- if .Values.artifactRepository.archiveLogs }}

13
charts/argo/templates/workflow-controller-crb.yaml
View file

@ -1,11 +1,20 @@
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
{{- if .Values.singleNamespace }}
kind: RoleBinding
{{ else }}
kind: ClusterRoleBinding kind: ClusterRoleBinding
{{- end }}
metadata: metadata:
name: {{ .Release.Name }}-{{ .Values.controller.name}}-binding name: {{ .Release.Name }}-{{ .Values.controller.name }}-binding
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
{{- if .Values.singleNamespace }}
kind: Role
name: {{ .Release.Name }}-{{ .Values.controller.name }}-role
{{ else }}
kind: ClusterRole kind: ClusterRole
name: {{ .Release.Name }}-{{ .Values.controller.name}}-cluster-role name: {{ .Release.Name }}-{{ .Values.controller.name }}-cluster-role
{{- end }}
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: {{ .Values.controller.serviceAccount }} name: {{ .Values.controller.serviceAccount }}

3
charts/argo/templates/workflow-controller-deployment.yaml
View file

@ -40,6 +40,9 @@ spec:
- "{{ .Values.controller.logging.level }}" - "{{ .Values.controller.logging.level }}"
- "--gloglevel" - "--gloglevel"
- "{{ .Values.controller.logging.globallevel }}" - "{{ .Values.controller.logging.globallevel }}"
{{- if .Values.singleNamespace }}
- "--namespaced"
{{- end }}
env: env:
- name: ARGO_NAMESPACE - name: ARGO_NAMESPACE
valueFrom: valueFrom:

2
charts/argo/templates/workflow-controller-sa.yaml
View file

@ -2,3 +2,5 @@ apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
name: {{ .Values.controller.serviceAccount }} name: {{ .Values.controller.serviceAccount }}
annotations:
{{ toYaml .Values.controller.serviceAccountAnnotations | indent 4 }}

12
charts/argo/values.yaml
View file

@ -16,6 +16,10 @@ init:
createAggregateRoles: true createAggregateRoles: true
# Restrict Argo to only deploy into a single namespace by apply Roles and RoleBindings instead of the Cluster equivalents,
# and start argo-cli with the --namespaced flag. Use it in clusters with strict access policy.
singleNamespace: false
controller: controller:
image: image:
# Overrides .images.tag if defined. # Overrides .images.tag if defined.
@ -59,6 +63,8 @@ controller:
enabled: false enabled: false
additionalLabels: {} additionalLabels: {}
serviceAccount: argo serviceAccount: argo
# Service account annotations
serviceAccountAnnotations: {}
name: workflow-controller name: workflow-controller
workflowNamespaces: workflowNamespaces:
- default - default
@ -99,15 +105,15 @@ controller:
tolerations: [] tolerations: []
affinity: {} affinity: {}
# executor controls how the init and wait container should be customized
executor: executor:
image: image:
# Overrides .images.tag if defined. # Overrides .images.tag if defined.
tag: "" tag: ""
resources: {}
server: server:
enabled: true enabled: true
# only show workflows where UI installed
forceNamespaceIsolation: false
# only updates base url of resources on client side, # only updates base url of resources on client side,
# it's expected that a proxy server rewrites the request URL and gets rid of this prefix # it's expected that a proxy server rewrites the request URL and gets rid of this prefix
# https://github.com/argoproj/argo/issues/716#issuecomment-433213190 # https://github.com/argoproj/argo/issues/716#issuecomment-433213190
@ -124,6 +130,8 @@ server:
servicePort: 2746 servicePort: 2746
# servicePortName: http # servicePortName: http
serviceAccount: argo-server serviceAccount: argo-server
# Service account annotations
serviceAccountAnnotations: {}
# Annotations to be applied to the UI Service # Annotations to be applied to the UI Service
serviceAnnotations: {} serviceAnnotations: {}
# Optional labels to add to the UI Service # Optional labels to add to the UI Service