DevFW-CICD/argocd-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(argocd-applicationset): Add ApplicationSet chart

Browse source 
Signed-off-by: Matteo Ruina <matteo.ruina@gmail.com>

Add maintainers

Add args

Add new values to readme

feat: allow custom labels in server ingress (#575)

Signed-off-by: Artyom Bakhtin <a@bakhtin.net>

Fix CRD schema

Signed-off-by: Matteo Ruina <matteo.ruina@gmail.com>

Add rbac for leader election

Fix arguments and remove probes

Follow argo-cd chart naming convention

Add installation instructions

Add helm3 crd hook

Fix addresses

Use function instead of fixed name

Signed-off-by: Matteo Ruina <matteo.ruina@gmail.com>

fix: updated CRDs for v1.8.4 (#576)
This commit is contained in:
Matteo Ruina 2021-02-11 11:50:09 +01:00
parent e141b401fe
commit eaf2f2da96
No known key found for this signature in database
GPG key ID: 8F558D438714A98F
17 changed files with 2175 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
charts/argo-applicationset/.helmignore Normal file
View file

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

14
charts/argo-applicationset/Chart.yaml Normal file
View file

@ -0,0 +1,14 @@
apiVersion: v2
name: argocd-applicationset
description: A Helm chart for installing ArgoCD ApplicationSet
type: application
version: 0.1.0
appVersion: "v0.1.0-prerelease"
home: https://github.com/argoproj/argo-helm
icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
keywords:
- argoproj
- appset
- gitops
maintainers:
- name: maruina

60
charts/argo-applicationset/README.md Normal file
View file

@ -0,0 +1,60 @@
# Argo CD ApplicationSet Chart
A Helm chart for Argo CD ApplicationSet, a controller to programmatically generate Argo CD Application.
Source code can be found [here](https://github.com/argoproj-labs/applicationset/)
## Additional Information
This is a **community maintained** chart. This chart installs the [applicationset](https://github.com/argoproj-labs/applicationset) controller.
This chart currently installs the non-HA version of Argo CD ApplicationSet.
## Installing the Chart
To install the chart with the release name `my-release`:
```console
$ helm repo add argo https://argoproj.github.io/argo-helm
"argo" has been added to your repositories
$ helm install --name my-release argo/argo-applicationset
NAME: my-release
...
```
### Helm v3 Compatibility
Users of Helm v3 should set the `installCRDs` value to `false` to avoid warnings about nonexistent webhooks.
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| affinity | object | `{}` | [Assign custom affinity rules to the deployment](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) |
| args.metricsAddr | int | `8080` | The default metric address |
| args.probeBindAddr | int | `8081` | The default health check port |
| args.enableLeaderElection | bool | `false` | The default leader election setting |
| args.namespace | string | `argocd` | The default Argo CD repo namespace |
| args.argocdRepoServer | string | `argocd-repo-server:8081` | The default Argo CD repo server address |
| args.policy | string | `sync` | How application is synced between the generator and the cluster |
| args.debug | bool | `false` | Print debug logs |
| args.dryRun | bool | `false` | Enable dry run mode |
| fullnameOverride | string | `""` | Override the default fully qualified app name |
| image.pullPolicy | string | `"IfNotPresent"` | Image pull policy |
| image.repository | string | `"quay.io/argocdapplicationset/argocd-applicationset"` | If defined, a repository applied to the ApplicationSet deployment. |
| image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. |
| imagePullSecrets | list | `[]` | If defined, uses a Secret to pull an image from a private Docker registry or repository. |
| installCRDs | bool | `true` | Install Custom Resource Definition |
| nameOverride | string | `""` | Provide a name in place of `argo-applicationset` |
| nodeSelector | object | `{}` | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) |
| podAnnotations | object | `{}` | Annotations for the controller pods |
| podSecurityContext | object | `{}` | Pod Security Context |
| rbac.pspEnabled | bool | `true` | Enable Pod Security Policy |
| replicaCount | int | `1` | The number of controller pods to run |
| resources | object | `{}` | Resource limits and requests for the controller pods. |
| securityContext | object | `{}` | Security Context |
| serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
| serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
| tolerations | list | `[]` | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) |

1660
charts/argo-applicationset/crds/crd-applicationset.yaml Normal file
View file

File diff suppressed because it is too large Load diff

65
charts/argo-applicationset/templates/_helpers.tpl Normal file
View file

@ -0,0 +1,65 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "argo-applicationset.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "argo-applicationset.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "argo-applicationset.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "argo-applicationset.labels" -}}
helm.sh/chart: {{ include "argo-applicationset.chart" . }}
{{ include "argo-applicationset.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/name: {{ include "argo-applicationset.name" . }}
app.kubernetes.io/part-of: argo-cd-applicationset
app.kubernetes.io/component: controller
{{- end }}
{{/*
Selector labels
*/}}
{{- define "argo-applicationset.selectorLabels" -}}
app.kubernetes.io/name: {{ include "argo-applicationset.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "argo-applicationset.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "argo-applicationset.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

6
charts/argo-applicationset/templates/crds.yaml Normal file
View file

@ -0,0 +1,6 @@
{{- if .Values.installCRDs }}
{{- range $path, $_ := .Files.Glob "crds/*.yaml" }}
{{ $.Files.Get $path }}
---
{{- end }}
{{- end }}

63
charts/argo-applicationset/templates/deployment.yaml Normal file
View file

@ -0,0 +1,63 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "argo-applicationset.fullname" . }}
labels:
{{- include "argo-applicationset.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
{{- include "argo-applicationset.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "argo-applicationset.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "argo-applicationset.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
command:
- applicationset-controller
- --metrics-addr={{ .Values.args.metricsAddr }}
- --probe-addr={{ .Values.args.probeBindAddr }}
{{- if or (gt ( .Values.replicaCount | int64) 1) .Values.args.enableLeaderElection }}
- --enable-leader-election=true
{{- end }}
- --namespace={{ .Values.args.namespace }}
- --argocd-repo-server={{ .Values.args.argocdRepoServer }}
- --policy={{ .Values.args.policy }}
- --debug={{ .Values.args.debug }}
- --dry-run={{ .Values.args.dryRun }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: http
containerPort: {{ (split ":" .Values.args.probeBindAddr)._1 }}
protocol: TCP
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

57
charts/argo-applicationset/templates/psp.yaml Normal file
View file

@ -0,0 +1,57 @@
{{- if .Values.rbac.pspEnabled }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ template "argo-applicationset.fullname" . }}
labels:
{{- include "argo-applicationset.labels" . | nindent 4 }}
annotations:
seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
spec:
privileged: false
hostIPC: false
hostNetwork: false
hostPID: false
readOnlyRootFilesystem: false
allowPrivilegeEscalation: false
allowedCapabilities:
- '*'
fsGroup:
rule: RunAsAny
runAsUser:
rule: RunAsAny
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
volumes:
- '*'
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ template "argo-applicationset.fullname" . }}-psp
labels:
{{- include "argo-applicationset.labels" . | nindent 4 }}
rules:
- apiGroups: ['policy']
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames:
- {{ template "argo-applicationset.fullname" . }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "argo-applicationset.fullname" . }}-psp
labels:
{{- include "argo-applicationset.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "argo-applicationset.fullname" . }}-psp
subjects:
- kind: ServiceAccount
name: {{ template "argo-applicationset.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}

89
charts/argo-applicationset/templates/rbac.yaml Normal file
View file

@ -0,0 +1,89 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "argo-applicationset.fullname" . }}
labels:
{{- include "argo-applicationset.labels" . | nindent 4 }}
rules:
- apiGroups:
- argoproj.io
resources:
- applications
- applicationsets
- applicationsets/finalizers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- argoproj.io
resources:
- applicationsets/status
verbs:
- get
- patch
- update
- apiGroups:
- ''
resources:
- events
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ''
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- ''
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ''
resources:
- configmaps/status
verbs:
- get
- update
- patch
- apiGroups:
- ''
resources:
- events
verbs:
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "argo-applicationset.fullname" . }}
labels:
{{- include "argo-applicationset.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "argo-applicationset.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ include "argo-applicationset.serviceAccountName" . }}

12
charts/argo-applicationset/templates/serviceaccount.yaml Normal file
View file

@ -0,0 +1,12 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "argo-applicationset.serviceAccountName" . }}
labels:
{{- include "argo-applicationset.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

72
charts/argo-applicationset/values.yaml Normal file
View file

@ -0,0 +1,72 @@
# Default values for argo-applicationset.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
installCRDs: true
image:
# The image repository
repository: quay.io/argocdapplicationset/argocd-applicationset
# Image pull policy
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: ""
args:
metricsAddr: :8080
probeBindAddr: :8081
enableLeaderElection: false
namespace: argocd
argocdRepoServer: argocd-repo-server:8081
policy: sync
debug: false
dryRun: false
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
podAnnotations: {}
rbac:
pspEnabled: true
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}

2
charts/argo-cd/Chart.yaml
View file

@ -2,7 +2,7 @@ apiVersion: v1
appVersion: 1.8.4
description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes.
name: argo-cd
version: 2.14.0
version: 2.14.1
home: https://github.com/argoproj/argo-helm
icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
keywords:

4
charts/argo-cd/README.md
View file

@ -66,7 +66,7 @@ Helm v3 has removed the `install-crds` hook so CRDs are now populated by files i
|-----|------|---------|
| global.image.imagePullPolicy | If defined, a imagePullPolicy applied to all ArgoCD deployments. | `"IfNotPresent"` |
| global.image.repository | If defined, a repository applied to all ArgoCD deployments. | `"argoproj/argocd"` |
| global.image.tag | If defined, a tag applied to all ArgoCD deployments. | `"v1.7.6"` |
| global.image.tag | If defined, a tag applied to all ArgoCD deployments. | `"v1.8.4"` |
| global.securityContext | Toggle and define securityContext | See [values.yaml](values.yaml) |
| global.imagePullSecrets | If defined, uses a Secret to pull an image from a private Docker registry or repository. | `[]` |
| global.hostAliases | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | `[]` |
@ -337,4 +337,4 @@ through `xxx.extraArgs`
| redis-ha.haproxy.metrics.enabled | HAProxy enable prometheus metric scraping | `true` |
| redis-ha.image.tag | Redis tag | `"5.0.8-alpine"` |
[gRPC-ingress]: https://argoproj.github.io/argo-cd/operator-manual/ingress/
[gRPC-ingress]: https://argoproj.github.io/argo-cd/operator-manual/ingress/

42
charts/argo-cd/crds/crd-application.yaml
View file

@ -137,6 +137,8 @@ spec:
directory:
description: Directory holds path/directory specific options
properties:
exclude:
type: string
jsonnet:
description: ApplicationSourceJsonnet holds jsonnet specific options
properties:
@ -254,6 +256,11 @@ spec:
kustomize:
description: Kustomize holds kustomize specific options
properties:
commonAnnotations:
additionalProperties:
type: string
description: CommonAnnotations adds additional kustomize commonAnnotations
type: object
commonLabels:
additionalProperties:
type: string
@ -398,6 +405,8 @@ spec:
directory:
description: Directory holds path/directory specific options
properties:
exclude:
type: string
jsonnet:
description: ApplicationSourceJsonnet holds jsonnet specific options
properties:
@ -515,6 +524,11 @@ spec:
kustomize:
description: Kustomize holds kustomize specific options
properties:
commonAnnotations:
additionalProperties:
type: string
description: CommonAnnotations adds additional kustomize commonAnnotations
type: object
commonLabels:
additionalProperties:
type: string
@ -675,6 +689,8 @@ spec:
directory:
description: Directory holds path/directory specific options
properties:
exclude:
type: string
jsonnet:
description: ApplicationSourceJsonnet holds jsonnet specific options
properties:
@ -792,6 +808,11 @@ spec:
kustomize:
description: Kustomize holds kustomize specific options
properties:
commonAnnotations:
additionalProperties:
type: string
description: CommonAnnotations adds additional kustomize commonAnnotations
type: object
commonLabels:
additionalProperties:
type: string
@ -955,6 +976,8 @@ spec:
directory:
description: Directory holds path/directory specific options
properties:
exclude:
type: string
jsonnet:
description: ApplicationSourceJsonnet holds jsonnet specific options
properties:
@ -1072,6 +1095,11 @@ spec:
kustomize:
description: Kustomize holds kustomize specific options
properties:
commonAnnotations:
additionalProperties:
type: string
description: CommonAnnotations adds additional kustomize commonAnnotations
type: object
commonLabels:
additionalProperties:
type: string
@ -1213,6 +1241,8 @@ spec:
directory:
description: Directory holds path/directory specific options
properties:
exclude:
type: string
jsonnet:
description: ApplicationSourceJsonnet holds jsonnet specific options
properties:
@ -1330,6 +1360,11 @@ spec:
kustomize:
description: Kustomize holds kustomize specific options
properties:
commonAnnotations:
additionalProperties:
type: string
description: CommonAnnotations adds additional kustomize commonAnnotations
type: object
commonLabels:
additionalProperties:
type: string
@ -1468,6 +1503,8 @@ spec:
directory:
description: Directory holds path/directory specific options
properties:
exclude:
type: string
jsonnet:
description: ApplicationSourceJsonnet holds jsonnet specific options
properties:
@ -1585,6 +1622,11 @@ spec:
kustomize:
description: Kustomize holds kustomize specific options
properties:
commonAnnotations:
additionalProperties:
type: string
description: CommonAnnotations adds additional kustomize commonAnnotations
type: object
commonLabels:
additionalProperties:
type: string

2
charts/argo/Chart.yaml
View file

@ -2,7 +2,7 @@ apiVersion: v2
appVersion: v2.12.5
description: A Helm chart for Argo Workflows
name: argo
version: 0.15.4
version: 0.16.0
icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
home: https://github.com/argoproj/argo-helm
maintainers:

3
charts/argo/templates/server-ingress.yaml
View file

@ -14,6 +14,9 @@ metadata:
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- range $key, $value := .Values.server.ingress.labels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
annotations:
{{- range $key, $value := .Values.server.ingress.annotations }}
{{ $key }}: {{ $value | quote }}

5
charts/argo/values.yaml
View file

@ -226,6 +226,11 @@ server:
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
## Labels to be added to the web ingress.
##
# labels:
# use-cloudflare-solver: "true"
## Hostnames.
## Must be provided if Ingress is enabled.
##