CR-21441 -- add event reporter as argocd component (#31)

* almost final statefulset

* final statefulset

* add metrics

* add role

* add rolebinding

* add serviceaccount.yaml

* add servicemonitor.yaml + update values

* add prometheusrule.yaml

* add networkpolicy.yaml

* add pdb

* add cluster roles

* change version + add change

* fix indents

* fix doc

* update docs

* disable event reporter by default

* disable old reporter by value

* add missing docs

* update chart

* update docs

* remove hardcoded defaults + add correct template for argocd-cm

* use production version of argo-cd

* update default amount of reporter replicas

* fix values and docs

* fix metrics service

charts/argo-cd/Chart.yaml

@@ -1,9 +1,9 @@
 apiVersion: v2
-appVersion: v2.8.1-cap-CR-20837
+appVersion: v2.8.1-cap-CR-21281-new-reporter
 kubeVersion: ">=1.23.0-0"
 description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
 name: argo-cd
-version: 5.50.1-0-cap-CR-20837
+version: 5.50.1-1-cap-CR-21429
 home: https://github.com/argoproj/argo-helm
 icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
 sources:
@@ -26,5 +26,9 @@ annotations:
     fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
     url: https://argoproj.github.io/argo-helm/pgp_keys.asc
   artifacthub.io/changes: |
+    - kind: added
+      description: Add event reporter as a separate component
     - kind: changed
-      description: Update ArgoCD version to v2.8.1-cap-CR-20837
+      description: Update ArgoCD version to v2.8.1-cap-CR-21281-new-reporter
+    - kind: changed
+      description: Add ability to switch between reporters

charts/argo-cd/README.md

@@ -390,6 +390,79 @@ NAME: my-release
 | crds.keep | bool | `true` | Keep CRDs on chart uninstall |
 | createAggregateRoles | bool | `false` | Create aggregated roles that extend existing cluster roles to interact with argo-cd resources |
 | createClusterRoles | bool | `true` | Create cluster roles for cluster-wide installation. |
+| eventReporter.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment |
+| eventReporter.clusterRoleRules.enabled | bool | `false` | Enable custom rules for the event reporter's ClusterRole resource |
+| eventReporter.clusterRoleRules.rules | list | `[]` | List of custom rules for the event reporter's ClusterRole resource |
+| eventReporter.containerPorts.health | int | `8088` |  |
+| eventReporter.containerPorts.metrics | int | `8087` | Metrics container port |
+| eventReporter.containerSecurityContext | object | See [values.yaml] | Event reporter container-level security context |
+| eventReporter.dnsConfig | object | `{}` | [DNS configuration] |
+| eventReporter.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for event reporter pods |
+| eventReporter.enabled | bool | `false` |  |
+| eventReporter.env | list | `[]` | Environment variables to pass to event reporter |
+| eventReporter.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to event reporter |
+| eventReporter.extraArgs | list | `[]` | Additional command line arguments to pass to event reporter |
+| eventReporter.extraContainers | list | `[]` | Additional containers to be added to the event reporter pod |
+| eventReporter.hostNetwork | bool | `false` | Host Network for event reporter pods |
+| eventReporter.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the event reporter |
+| eventReporter.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the event reporter |
+| eventReporter.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the event reporter |
+| eventReporter.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry |
+| eventReporter.initContainers | list | `[]` | Init containers to add to the event reporter pod |
+| eventReporter.metrics.applicationLabels.enabled | bool | `false` | Enables additional labels in argocd_app_labels metric |
+| eventReporter.metrics.applicationLabels.labels | list | `[]` | Additional labels |
+| eventReporter.metrics.enabled | bool | `false` | Deploy metrics service |
+| eventReporter.metrics.rules.additionalLabels | object | `{}` | PrometheusRule labels |
+| eventReporter.metrics.rules.annotations | object | `{}` | PrometheusRule annotations |
+| eventReporter.metrics.rules.enabled | bool | `false` | Deploy a PrometheusRule for the event reporter |
+| eventReporter.metrics.rules.namespace | string | `""` | PrometheusRule namespace |
+| eventReporter.metrics.rules.selector | object | `{}` | PrometheusRule selector |
+| eventReporter.metrics.rules.spec | list | `[]` | PrometheusRule.Spec for the event reporter |
+| eventReporter.metrics.service.annotations | object | `{}` | Metrics service annotations |
+| eventReporter.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) |
+| eventReporter.metrics.service.labels | object | `{}` | Metrics service labels |
+| eventReporter.metrics.service.portName | string | `"http-metrics"` | Metrics service port name |
+| eventReporter.metrics.service.servicePort | int | `8087` | Metrics service port |
+| eventReporter.metrics.service.type | string | `"ClusterIP"` | Metrics service type |
+| eventReporter.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels |
+| eventReporter.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations |
+| eventReporter.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor |
+| eventReporter.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval |
+| eventReporter.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion |
+| eventReporter.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace |
+| eventReporter.metrics.serviceMonitor.relabelings | list | `[]` | Prometheus [RelabelConfigs] to apply to samples before scraping |
+| eventReporter.metrics.serviceMonitor.scheme | string | `""` | Prometheus ServiceMonitor scheme |
+| eventReporter.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector |
+| eventReporter.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig |
+| eventReporter.name | string | `"event-reporter"` |  |
+| eventReporter.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] |
+| eventReporter.pdb.annotations | object | `{}` | Annotations to be added to event reporter pdb |
+| eventReporter.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the event reporter |
+| eventReporter.pdb.labels | object | `{}` | Labels to be added to event reporter pdb |
+| eventReporter.pdb.maxUnavailable | string | `""` | Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). |
+| eventReporter.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) |
+| eventReporter.podAnnotations | object | `{}` | Annotations to be added to event reporter pods |
+| eventReporter.podLabels | object | `{}` | Labels to be added to event reporter pods |
+| eventReporter.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the event reporter pods |
+| eventReporter.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded |
+| eventReporter.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated |
+| eventReporter.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] |
+| eventReporter.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed |
+| eventReporter.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out |
+| eventReporter.replicas | int | `3` |  |
+| eventReporter.resources | object | `{}` | Resource limits and requests for the event reporter pods |
+| eventReporter.serviceAccount.annotations | object | `{}` | Annotations applied to created service account |
+| eventReporter.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account |
+| eventReporter.serviceAccount.create | bool | `true` | Create a service account for the event reporter |
+| eventReporter.serviceAccount.labels | object | `{}` | Labels applied to created service account |
+| eventReporter.serviceAccount.name | string | `"event-reporter"` | Service account name |
+| eventReporter.statefulsetAnnotations | object | `{}` | Annotations for the event reporter StatefulSet |
+| eventReporter.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook |
+| eventReporter.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints |
+| eventReporter.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the event reporter |
+| eventReporter.version | string | `"v1"` |  |
+| eventReporter.volumeMounts | list | `[]` | Additional volumeMounts to the event reporter main container |
+| eventReporter.volumes | list | `[]` | Additional volumes to the event reporter pod |
 | extraObjects | list | `[]` | Array of extra K8s manifests to deploy |
 | fullnameOverride | string | `""` | String to fully override `"argo-cd.fullname"` |
 | kubeVersionOverride | string | `""` | Override the Kubernetes version, which is used to evaluate certain manifests |

charts/argo-cd/templates/_helpers.tpl

@@ -216,3 +216,20 @@ Merge Argo Params Configuration with Preset Configuration
 {{ $key }}: {{ toString $value | toYaml }}
 {{- end }}
 {{- end -}}
+
+{{/*
+Create event reporter name and version as used by the chart label.
+*/}}
+{{- define "argo-cd.event-reporter.fullname" -}}
+{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.eventReporter.name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{/*
+Create the name of the Argo CD server service account to use
+*/}}
+{{- define "argo-cd.eventReporterServiceAccountName" -}}
+{{- if .Values.eventReporter.serviceAccount.create -}}
+    {{ default (include "argo-cd.event-reporter.fullname" .) .Values.eventReporter.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.eventReporter.serviceAccount.name }}
+{{- end -}}
+{{- end -}}

charts/argo-cd/templates/argocd-configs/argocd-cm.yaml

@@ -14,4 +14,8 @@ metadata:
   {{- end }}
 data:
   {{- include "argo-cd.config.cm" . | trim | nindent 2 }}
+
+  {{- if and .Values.eventReporter.enabled .Values.eventReporter.version }}
+  codefresh.reporterVersion: {{ .Values.eventReporter.version | quote }}
+  {{- end }}
 {{- end }}

charts/argo-cd/templates/event-reporter/clusterrole.yaml

@@ -0,0 +1,26 @@
+{{- if .Values.eventReporter.enabled }}
+{{- $config := .Values.eventReporter.clusterAdminAccess | default dict -}}
+{{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "argo-cd.event-reporter.fullname" . }}
+  labels:
+    {{- include "argo-cd.labels" (dict "context" . "component" .Values.eventReporter.name "name" .Values.eventReporter.name) | nindent 4 }}
+rules:
+  {{- if .Values.eventReporter.clusterRoleRules.enabled }}
+    {{- toYaml .Values.eventReporter.clusterRoleRules.rules | nindent 2 }}
+  {{- else }}
+  - apiGroups:
+    - '*'
+    resources:
+    - '*'
+    verbs:
+    - '*'
+  - nonResourceURLs:
+    - '*'
+    verbs:
+    - '*'
+  {{- end }}
+{{- end }}
+{{- end }}

charts/argo-cd/templates/event-reporter/clusterrolebinding.yaml

@@ -0,0 +1,19 @@
+{{- if .Values.eventReporter.enabled }}
+{{- $config := .Values.eventReporter.clusterAdminAccess | default dict -}}
+{{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "argo-cd.event-reporter.fullname" . }}
+  labels:
+    {{- include "argo-cd.labels" (dict "context" . "component" .Values.eventReporter.name "name" .Values.eventReporter.name) | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "argo-cd.event-reporter.fullname" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "argo-cd.eventReporterServiceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}

charts/argo-cd/templates/event-reporter/metrics.yaml

@@ -0,0 +1,34 @@
+{{- if and .Values.eventReporter.enabled .Values.eventReporter.metrics.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "argo-cd.event-reporter.fullname" . }}-metrics
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+    {{- include "argo-cd.labels" (dict "context" . "component" .Values.eventReporter.name "name" (printf "%s-metrics" .Values.eventReporter.name)) | nindent 4 }}
+    {{- with .Values.eventReporter.metrics.service.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- if or .Values.eventReporter.metrics.service.annotations .Values.global.addPrometheusAnnotations }}
+  annotations:
+    {{- if .Values.global.addPrometheusAnnotations }}
+    prometheus.io/port: {{ .Values.eventReporter.metrics.service.servicePort | quote }}
+    prometheus.io/scrape: "true"
+    {{- end }}
+    {{- range $key, $value := .Values.eventReporter.metrics.service.annotations }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+  {{- end }}
+spec:
+  type: {{ .Values.eventReporter.metrics.service.type }}
+  {{- if and .Values.eventReporter.metrics.service.clusterIP (eq .Values.eventReporter.metrics.service.type "ClusterIP") }}
+  clusterIP: {{ .Values.eventReporter.metrics.service.clusterIP }}
+  {{- end }}
+  ports:
+  - name: {{ .Values.eventReporter.metrics.service.portName }}
+    protocol: TCP
+    port: {{ .Values.eventReporter.metrics.service.servicePort }}
+    targetPort: metrics
+  selector:
+    {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.eventReporter.name) | nindent 4 }}
+{{- end }}

charts/argo-cd/templates/event-reporter/networkpolicy.yaml

@@ -0,0 +1,20 @@
+{{- if and .Values.eventReporter.enabled .Values.global.networkPolicy.create }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  labels:
+    {{- include "argo-cd.labels" (dict "context" . "component" .Values.eventReporter.name "name" .Values.eventReporter.name) | nindent 4 }}
+  name: {{ template "argo-cd.event-reporter.fullname" . }}
+  namespace: {{ .Release.Namespace | quote }}
+spec:
+  ingress:
+  - from:
+    - namespaceSelector: {}
+    ports:
+    - port: metrics
+  podSelector:
+    matchLabels:
+      {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.eventReporter.name) | nindent 6 }}
+  policyTypes:
+  - Ingress
+{{- end }}

charts/argo-cd/templates/event-reporter/pdb.yaml

@@ -0,0 +1,27 @@
+{{- if and .Values.eventReporter.enabled .Values.eventReporter.pdb.enabled }}
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: {{ include "argo-cd.event-reporter.fullname" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+    {{- include "argo-cd.labels" (dict "context" . "component" .Values.eventReporter.name "name" .Values.eventReporter.name) | nindent 4 }}
+    {{- with .Values.eventReporter.pdb.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.eventReporter.pdb.annotations }}
+  annotations:
+    {{- range $key, $value := . }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+  {{- end }}
+spec:
+  {{- with .Values.eventReporter.pdb.maxUnavailable }}
+  maxUnavailable: {{ . }}
+  {{- else }}
+  minAvailable: {{ .Values.eventReporter.pdb.minAvailable | default 0 }}
+  {{- end }}
+  selector:
+    matchLabels:
+      {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.eventReporter.name) | nindent 6 }}
+{{- end }}

charts/argo-cd/templates/event-reporter/prometheusrule.yaml

@@ -0,0 +1,24 @@
+{{- if and .Values.eventReporter.enabled .Values.eventReporter.metrics.enabled .Values.eventReporter.metrics.rules.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+  name: {{ template "argo-cd.event-reporter.fullname" . }}
+  namespace: {{ default .Release.Namespace .Values.eventReporter.metrics.rules.namespace | quote }}
+  labels:
+    {{- include "argo-cd.labels" (dict "context" . "component" .Values.eventReporter.name "name" .Values.eventReporter.name) | nindent 4 }}
+    {{- if .Values.eventReporter.metrics.rules.selector }}
+{{- toYaml .Values.eventReporter.metrics.rules.selector | nindent 4 }}
+    {{- end }}
+    {{- if .Values.eventReporter.metrics.rules.additionalLabels }}
+{{- toYaml .Values.eventReporter.metrics.rules.additionalLabels | nindent 4 }}
+    {{- end }}
+  {{- with .Values.eventReporter.metrics.rules.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  groups:
+  - name: argocd
+    rules:
+{{- toYaml .Values.eventReporter.metrics.rules.spec | nindent 4 }}
+{{- end }}

charts/argo-cd/templates/event-reporter/role.yaml

@@ -0,0 +1,44 @@
+{{- if .Values.eventReporter.enabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "argo-cd.event-reporter.fullname" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+    {{- include "argo-cd.labels" (dict "context" . "component" .Values.eventReporter.name "name" .Values.eventReporter.name) | nindent 4 }}
+rules:
+- apiGroups:
+    - ""
+  resources:
+    - secrets
+    - configmaps
+  verbs:
+    - create
+    - get
+    - list
+    - watch
+    - update
+    - patch
+    - delete
+- apiGroups:
+    - argoproj.io
+  resources:
+    - applications
+    - appprojects
+    - applicationsets
+  verbs:
+    - create
+    - get
+    - list
+    - watch
+    - update
+    - delete
+    - patch
+- apiGroups:
+    - ""
+  resources:
+    - events
+  verbs:
+    - create
+    - list
+{{- end }}

charts/argo-cd/templates/event-reporter/rolebinding.yaml

@@ -0,0 +1,17 @@
+{{- if .Values.eventReporter.enabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "argo-cd.event-reporter.fullname" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+    {{- include "argo-cd.labels" (dict "context" . "component" .Values.eventReporter.name "name" .Values.eventReporter.name) | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "argo-cd.event-reporter.fullname" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ template "argo-cd.eventReporterServiceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+{{- end }}

charts/argo-cd/templates/event-reporter/serviceaccount.yaml

@@ -0,0 +1,19 @@
+{{- if and .Values.eventReporter.enabled .Values.eventReporter.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: {{ .Values.eventReporter.serviceAccount.automountServiceAccountToken }}
+metadata:
+  name: {{ template "argo-cd.eventReporterServiceAccountName" . }}
+  namespace: {{ .Release.Namespace | quote }}
+{{- if .Values.eventReporter.serviceAccount.annotations }}
+  annotations:
+  {{- range $key, $value := .Values.eventReporter.serviceAccount.annotations }}
+    {{ $key }}: {{ $value | quote }}
+  {{- end }}
+{{- end }}
+  labels:
+    {{- include "argo-cd.labels" (dict "context" . "component" .Values.eventReporter.name "name" .Values.eventReporter.name) | nindent 4 }}
+  {{- range $key, $value := .Values.eventReporter.serviceAccount.labels }}
+    {{ $key }}: {{ $value | quote }}
+  {{- end }}
+{{- end }}

charts/argo-cd/templates/event-reporter/servicemonitor.yaml

@@ -0,0 +1,47 @@
+{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.eventReporter.enabled .Values.eventReporter.metrics.enabled .Values.eventReporter.metrics.serviceMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ template "argo-cd.event-reporter.fullname" . }}
+  namespace: {{ default .Release.Namespace .Values.eventReporter.metrics.serviceMonitor.namespace | quote }}
+  labels:
+    {{- include "argo-cd.labels" (dict "context" . "component" .Values.eventReporter.name "name" .Values.eventReporter.name) | nindent 4 }}
+    {{- with .Values.eventReporter.metrics.serviceMonitor.selector }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.eventReporter.metrics.serviceMonitor.additionalLabels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.eventReporter.metrics.serviceMonitor.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  endpoints:
+    - port: {{ .Values.eventReporter.metrics.service.portName }}
+      {{- with .Values.eventReporter.metrics.serviceMonitor.interval }}
+      interval: {{ . }}
+      {{- end }}
+      path: /metrics
+      {{- with .Values.eventReporter.metrics.serviceMonitor.relabelings }}
+      relabelings:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.eventReporter.metrics.serviceMonitor.metricRelabelings }}
+      metricRelabelings:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.eventReporter.metrics.serviceMonitor.scheme }}
+      scheme: {{ . }}
+      {{- end }}
+      {{- with .Values.eventReporter.metrics.serviceMonitor.tlsConfig }}
+      tlsConfig:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+  namespaceSelector:
+    matchNames:
+      - {{ .Release.Namespace }}
+  selector:
+    matchLabels:
+      {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.eventReporter.name "name" "metrics") | nindent 6 }}
+{{- end }}

charts/argo-cd/templates/event-reporter/statefulset.yaml

@@ -0,0 +1,275 @@
+{{- if .Values.eventReporter.enabled }}
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  {{- with (mergeOverwrite (deepCopy .Values.global.statefulsetAnnotations) .Values.eventReporter.statefulsetAnnotations) }}
+  annotations:
+    {{- range $key, $value := . }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+  {{- end }}
+  name: {{ template "argo-cd.event-reporter.fullname" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+    {{- include "argo-cd.labels" (dict "context" . "component" .Values.eventReporter.name "name" .Values.eventReporter.name) | nindent 4 }}
+spec:
+  replicas: {{ .Values.eventReporter.replicas }}
+  # TODO: Remove for breaking release as history limit cannot be patched
+  revisionHistoryLimit: 5
+  serviceName: {{ include "argo-cd.event-reporter.fullname" . }}
+  selector:
+    matchLabels:
+      {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.eventReporter.name) | nindent 6 }}
+  template:
+    metadata:
+      annotations:
+        checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }}
+        {{- if (hasKey .Values.server "configEnabled") | ternary .Values.server.configEnabled .Values.configs.cm.create }}
+        checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }}
+        {{- end }}
+        {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.eventReporter.podAnnotations) }}
+        {{- range $key, $value := . }}
+        {{ $key }}: {{ $value | quote }}
+        {{- end }}
+        {{- end }}
+      labels:
+        {{- include "argo-cd.labels" (dict "context" . "component" .Values.eventReporter.name "name" .Values.eventReporter.name) | nindent 8 }}
+        {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.eventReporter.podLabels) }}
+          {{- toYaml . | nindent 8 }}
+        {{- end }}
+    spec:
+      {{- with .Values.eventReporter.imagePullSecrets | default .Values.global.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.global.hostAliases }}
+      hostAliases:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.global.securityContext }}
+      securityContext:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.eventReporter.priorityClassName | default .Values.global.priorityClassName }}
+      priorityClassName: {{ . }}
+      {{- end }}
+      {{- if .Values.eventReporter.terminationGracePeriodSeconds }}
+      terminationGracePeriodSeconds: {{ .Values.eventReporter.terminationGracePeriodSeconds }}
+      {{- end }}
+      serviceAccountName: {{ include "argo-cd.eventReporterServiceAccountName" . }}
+      containers:
+      - args:
+        - /usr/local/bin/event-reporter-server
+        - --metrics-port={{ .Values.eventReporter.containerPorts.metrics }}
+        {{- with .Values.eventReporter.extraArgs }}
+          {{- toYaml . | nindent 8 }}
+        {{- end }}
+        image: {{ default .Values.global.image.repository .Values.eventReporter.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.eventReporter.image.tag }}
+        imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.eventReporter.image.imagePullPolicy }}
+        name: {{ .Values.eventReporter.name }}
+        env:
+          {{- with (concat .Values.global.env .Values.eventReporter.env) }}
+            {{- toYaml . | nindent 10 }}
+          {{- end }}
+          - name: EVENT_REPORTER_REPLICAS
+            value: {{ .Values.eventReporter.replicas | quote }}
+          - name: ARGOCD_TOKEN
+            valueFrom:
+              secretKeyRef:
+                key: token
+                name: argocd-token
+          - name: CODEFRESH_URL
+            valueFrom:
+              configMapKeyRef:
+                name: codefresh-cm
+                key: base-url
+                optional: true
+          - name: CODEFRESH_TOKEN
+            valueFrom:
+              secretKeyRef:
+                key: token
+                name: codefresh-token
+          # todo: clean up
+          - name: EVENT_REPORTER_INSECURE
+            valueFrom:
+              configMapKeyRef:
+                name: argocd-cmd-params-cm
+                key: event-reporter.insecure
+                optional: true
+          - name: EVENT_REPORTER_LOGFORMAT
+            valueFrom:
+              configMapKeyRef:
+                name: argocd-cmd-params-cm
+                key: event-reporter.log.format
+                optional: true
+          - name: EVENT_REPORTER_LOG_LEVEL
+            valueFrom:
+              configMapKeyRef:
+                name: argocd-cmd-params-cm
+                key: event-reporter.log.level
+                optional: true
+          - name: EVENT_REPORTER_REPO_SERVER
+            valueFrom:
+              configMapKeyRef:
+                name: argocd-cmd-params-cm
+                key: repo.server
+                optional: true
+          - name: EVENT_REPORTER_REPO_SERVER_TIMEOUT_SECONDS
+            valueFrom:
+              configMapKeyRef:
+                name: argocd-cmd-params-cm
+                key: event-reporter.repo.server.timeout.seconds
+                optional: true
+          - name: EVENT_REPORTER_REPO_SERVER_PLAINTEXT
+            valueFrom:
+              configMapKeyRef:
+                name: argocd-cmd-params-cm
+                key: event-reporter.repo.server.plaintext
+                optional: true
+          - name: REDIS_SERVER
+            valueFrom:
+              configMapKeyRef:
+                name: argocd-cmd-params-cm
+                key: redis.server
+                optional: true
+          - name: REDIS_COMPRESSION
+            valueFrom:
+              configMapKeyRef:
+                name: argocd-cmd-params-cm
+                key: redis.compression
+                optional: true
+          - name: REDISDB
+            valueFrom:
+              configMapKeyRef:
+                name: argocd-cmd-params-cm
+                key: redis.db
+                optional: true
+          - name: REDIS_USERNAME
+            valueFrom:
+              secretKeyRef:
+                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
+                key: redis-username
+                optional: true
+          - name: REDIS_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
+                key: redis-password
+                optional: true
+          - name: EVENT_REPORTER_SHARDING_ALGORITHM
+            valueFrom:
+              configMapKeyRef:
+                name: argocd-cmd-params-cm
+                key: event-reporter.sharding.algorithm
+                optional: true
+          - name: EVENT_REPORTER_LISTEN_ADDRESS
+            valueFrom:
+              configMapKeyRef:
+                name: argocd-cmd-params-cm
+                key: event-reporter.listen.address
+                optional: true
+          - name: EVENT_REPORTER_METRICS_LISTEN_ADDRESS
+            valueFrom:
+              configMapKeyRef:
+                name: argocd-cmd-params-cm
+                key: event-reporter.metrics.listen.address
+                optional: true
+        {{- with .Values.eventReporter.envFrom }}
+        envFrom:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+        ports:
+          - name: metrics
+            containerPort: {{ .Values.eventReporter.containerPorts.metrics }}
+            protocol: TCP
+          - name: health
+            containerPort: {{ .Values.eventReporter.containerPorts.health }}
+            protocol: TCP
+        livenessProbe:
+          httpGet:
+            path: /healthz?full=true
+            port: health
+          initialDelaySeconds: 3
+          periodSeconds: 30
+          timeoutSeconds: 5
+        readinessProbe:
+          httpGet:
+            path: /healthz
+            port: health
+          initialDelaySeconds: {{ .Values.eventReporter.readinessProbe.initialDelaySeconds }}
+          periodSeconds: {{ .Values.eventReporter.readinessProbe.periodSeconds }}
+          timeoutSeconds: {{ .Values.eventReporter.readinessProbe.timeoutSeconds }}
+          successThreshold: {{ .Values.eventReporter.readinessProbe.successThreshold }}
+          failureThreshold: {{ .Values.eventReporter.readinessProbe.failureThreshold }}
+        resources:
+          {{- toYaml .Values.eventReporter.resources | nindent 10 }}
+        {{- with .Values.eventReporter.containerSecurityContext }}
+        securityContext:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+        volumeMounts:
+        {{- with .Values.eventReporter.volumeMounts }}
+          {{- toYaml . | nindent 8 }}
+        {{- end }}
+        - name: argocd-repo-server-tls
+          mountPath: /app/config/server/tls
+        - mountPath: /tmp
+          name: tmp
+      {{- with .Values.eventReporter.extraContainers }}
+        {{- tpl (toYaml .) $ | nindent 6 }}
+      {{- end }}
+      {{- with .Values.eventReporter.initContainers }}
+      initContainers:
+        {{- tpl (toYaml .) $ | nindent 6 }}
+      {{- end }}
+      {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.eventReporter) }}
+      affinity:
+        {{- trim . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.eventReporter.nodeSelector | default .Values.global.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.eventReporter.tolerations | default .Values.global.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.eventReporter.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{- range $constraint := . }}
+      - {{ toYaml $constraint | nindent 8 | trim }}
+          {{- if not $constraint.labelSelector }}
+        labelSelector:
+          matchLabels:
+            {{- include "argo-cd.selectorLabels" (dict "context" $ "name" $.Values.eventReporter.name) | nindent 12 }}
+          {{- end }}
+        {{- end }}
+      {{- end }}
+      volumes:
+      {{- with .Values.eventReporter.volumes }}
+        {{- toYaml . | nindent 6 }}
+      {{- end }}
+      - emptyDir: { }
+        name: plugins-home
+      - emptyDir: { }
+        name: tmp
+      - name: argocd-repo-server-tls
+        secret:
+          secretName: argocd-repo-server-tls
+          optional: true
+          items:
+          - key: tls.crt
+            path: tls.crt
+          - key: tls.key
+            path: tls.key
+          - key: ca.crt
+            path: ca.crt
+      {{- if .Values.eventReporter.hostNetwork }}
+      hostNetwork: {{ .Values.eventReporter.hostNetwork }}
+      {{- end }}
+      {{- with .Values.eventReporter.dnsConfig }}
+      dnsConfig:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      dnsPolicy: {{ .Values.eventReporter.dnsPolicy }}
+{{- end }}

charts/argo-cd/values.yaml

@@ -3277,3 +3277,282 @@ notifications:
     # For more information: https://argocd-notifications.readthedocs.io/en/stable/triggers/#default-triggers
     # defaultTriggers: |
     #   - on-sync-status-unknown
+
+eventReporter:
+  # Enabled we need to skip argo-cd chart tests for this component
+  enabled: false
+  # Version we need to dynamically switch between old and new version
+  # one will be just hanging and the second one working
+  # possible values: v1, v2
+  version: v1
+  name: event-reporter
+  ## Amount of replicas for event reporting sharding
+  replicas: 3
+  ## Event reporter Pod Disruption Budget
+  ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
+  pdb:
+    # -- Deploy a [PodDisruptionBudget] for the event reporter
+    enabled: false
+    # -- Labels to be added to event reporter pdb
+    labels: {}
+    # -- Annotations to be added to event reporter pdb
+    annotations: {}
+    # -- Number of pods that are available after eviction as number or percentage (eg.: 50%)
+    # @default -- `""` (defaults to 0 if not specified)
+    minAvailable: ""
+    # -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%).
+    ## Has higher precedence over `controller.pdb.minAvailable`
+    maxUnavailable: ""
+
+  ## Event reporter image
+  image:
+    # -- Repository to use for the event reporter
+    # @default -- `""` (defaults to global.image.repository)
+    repository: ""
+    # -- Tag to use for the event reporter
+    # @default -- `""` (defaults to global.image.tag)
+    tag: ""
+    # -- Image pull policy for the event reporter
+    # @default -- `""` (defaults to global.image.imagePullPolicy)
+    imagePullPolicy: ""
+
+  # -- Secrets with credentials to pull images from a private registry
+  # @default -- `[]` (defaults to global.imagePullSecrets)
+  imagePullSecrets: []
+
+  # -- Additional command line arguments to pass to event reporter
+  extraArgs: []
+
+  # -- Environment variables to pass to event reporter
+  env: []
+
+  # -- envFrom to pass to event reporter
+  # @default -- `[]` (See [values.yaml])
+  envFrom: []
+  # - configMapRef:
+  #     name: config-map-name
+  # - secretRef:
+  #     name: secret-name
+
+  # -- Additional containers to be added to the event reporter pod
+  ## Note: Supports use of custom Helm templates
+  extraContainers: []
+
+  # -- Init containers to add to the event reporter pod
+  ## If your target Kubernetes cluster(s) require a custom credential (exec) plugin
+  ## you could use this (and the same in the server pod) to provide such executable
+  ## Ref: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins
+  ## Note: Supports use of custom Helm templates
+  initContainers: []
+  #  - name: download-tools
+  #    image: alpine:3
+  #    command: [sh, -c]
+  #    args:
+  #      - wget -qO kubelogin.zip https://github.com/Azure/kubelogin/releases/download/v0.0.25/kubelogin-linux-amd64.zip &&
+  #        unzip kubelogin.zip && mv bin/linux_amd64/kubelogin /custom-tools/
+  #    volumeMounts:
+  #      - mountPath: /custom-tools
+  #        name: custom-tools
+
+  # -- Additional volumeMounts to the event reporter main container
+  volumeMounts: []
+  #  - mountPath: /usr/local/bin/kubelogin
+  #    name: custom-tools
+  #    subPath: kubelogin
+
+  # -- Additional volumes to the event reporter pod
+  volumes: []
+  #  - name: custom-tools
+  #    emptyDir: {}
+
+  # -- Annotations for the event reporter StatefulSet
+  statefulsetAnnotations: {}
+
+  # -- Annotations to be added to event reporter pods
+  podAnnotations: {}
+
+  # -- Labels to be added to event reporter pods
+  podLabels: {}
+
+  # -- Resource limits and requests for the event reporter pods
+  resources: {}
+  #  limits:
+  #    cpu: 500m
+  #    memory: 512Mi
+  #  requests:
+  #    cpu: 250m
+  #    memory: 256Mi
+
+  # Event reporter container ports
+  containerPorts:
+    # -- Metrics container port
+    metrics: 8087
+    health: 8088
+
+  # -- Host Network for event reporter pods
+  hostNetwork: false
+
+  # -- [DNS configuration]
+  dnsConfig: {}
+  # -- Alternative DNS policy for event reporter pods
+  dnsPolicy: "ClusterFirst"
+
+  # -- Event reporter container-level security context
+  # @default -- See [values.yaml]
+  containerSecurityContext:
+    runAsNonRoot: true
+    readOnlyRootFilesystem: true
+    allowPrivilegeEscalation: false
+    seccompProfile:
+      type: RuntimeDefault
+    capabilities:
+      drop:
+        - ALL
+
+  # Readiness probe for event reporter
+  ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
+  readinessProbe:
+    # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
+    failureThreshold: 3
+    # -- Number of seconds after the container has started before [probe] is initiated
+    initialDelaySeconds: 10
+    # -- How often (in seconds) to perform the [probe]
+    periodSeconds: 10
+    # -- Minimum consecutive successes for the [probe] to be considered successful after having failed
+    successThreshold: 1
+    # -- Number of seconds after which the [probe] times out
+    timeoutSeconds: 1
+
+  # -- terminationGracePeriodSeconds for container lifecycle hook
+  terminationGracePeriodSeconds: 30
+
+  # -- Priority class for the event reporter pods
+  # @default -- `""` (defaults to global.priorityClassName)
+  priorityClassName: ""
+
+  # -- [Node selector]
+  # @default -- `{}` (defaults to global.nodeSelector)
+  nodeSelector: {}
+
+  # -- [Tolerations] for use with node taints
+  # @default -- `[]` (defaults to global.tolerations)
+  tolerations: []
+
+  # -- Assign custom [affinity] rules to the deployment
+  # @default -- `{}` (defaults to global.affinity preset)
+  affinity: {}
+
+  # -- Assign custom [TopologySpreadConstraints] rules to the event reporter
+  # @default -- `[]` (defaults to global.topologySpreadConstraints)
+  ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
+  topologySpreadConstraints: []
+    # - maxSkew: 1
+    #   topologyKey: topology.kubernetes.io/zone
+  #   whenUnsatisfiable: DoNotSchedule
+
+  serviceAccount:
+    # -- Create a service account for the event reporter
+    create: true
+    # -- Service account name
+    name: event-reporter
+    # -- Annotations applied to created service account
+    annotations: {}
+    # -- Labels applied to created service account
+    labels: {}
+    # -- Automount API credentials for the Service Account
+    automountServiceAccountToken: true
+
+  ## Event reporter metrics configuration
+  metrics:
+    # -- Deploy metrics service
+    enabled: false
+    applicationLabels:
+      # -- Enables additional labels in argocd_app_labels metric
+      enabled: false
+      # -- Additional labels
+      labels: []
+    service:
+      # -- Metrics service type
+      type: ClusterIP
+      # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP)
+      clusterIP: ""
+      # -- Metrics service annotations
+      annotations: {}
+      # -- Metrics service labels
+      labels: {}
+      # -- Metrics service port
+      servicePort: 8087
+      # -- Metrics service port name
+      portName: http-metrics
+    serviceMonitor:
+      # -- Enable a prometheus ServiceMonitor
+      enabled: false
+      # -- Prometheus ServiceMonitor interval
+      interval: 30s
+      # -- Prometheus [RelabelConfigs] to apply to samples before scraping
+      relabelings: []
+      # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
+      metricRelabelings: []
+      # -- Prometheus ServiceMonitor selector
+      selector: {}
+      # prometheus: kube-prometheus
+
+      # -- Prometheus ServiceMonitor scheme
+      scheme: ""
+      # -- Prometheus ServiceMonitor tlsConfig
+      tlsConfig: {}
+      # -- Prometheus ServiceMonitor namespace
+      namespace: "" # "monitoring"
+      # -- Prometheus ServiceMonitor labels
+      additionalLabels: {}
+      # -- Prometheus ServiceMonitor annotations
+      annotations: {}
+    rules:
+      # -- Deploy a PrometheusRule for the event reporter
+      enabled: false
+      # -- PrometheusRule namespace
+      namespace: "" # "monitoring"
+      # -- PrometheusRule selector
+      selector: {}
+      # prometheus: kube-prometheus
+
+      # -- PrometheusRule labels
+      additionalLabels: {}
+      # -- PrometheusRule annotations
+      annotations: {}
+
+      # -- PrometheusRule.Spec for the event reporter
+      spec: []
+      # - alert: ArgoAppMissing
+      #   expr: |
+      #     absent(argocd_app_info) == 1
+      #   for: 15m
+      #   labels:
+      #     severity: critical
+      #   annotations:
+      #     summary: "[Argo CD] No reported applications"
+      #     description: >
+      #       Argo CD has not reported any applications data for the past 15 minutes which
+      #       means that it must be down or not functioning properly.  This needs to be
+      #       resolved for this cloud to continue to maintain state.
+      # - alert: ArgoAppNotSynced
+      #   expr: |
+      #     argocd_app_info{sync_status!="Synced"} == 1
+      #   for: 12h
+      #   labels:
+      #     severity: warning
+      #   annotations:
+      #     summary: "[{{`{{$labels.name}}`}}] Application not synchronized"
+      #     description: >
+      #       The application [{{`{{$labels.name}}`}} has not been synchronized for over
+      #       12 hours which means that the state of this cloud has drifted away from the
+      #       state inside Git.
+
+  ## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource.
+  ## Defaults to off
+  clusterRoleRules:
+    # -- Enable custom rules for the event reporter's ClusterRole resource
+    enabled: false
+    # -- List of custom rules for the event reporter's ClusterRole resource
+    rules: []