From f44327fdaf528f793c53a4bfb8c086252e03a4fb Mon Sep 17 00:00:00 2001 From: Yaroslav Drachenko Date: Tue, 28 Nov 2023 18:36:41 +0200 Subject: [PATCH] CR-21441 -- add event reporter as argocd component (#31) * almost final statefulset * final statefulset * add metrics * add role * add rolebinding * add serviceaccount.yaml * add servicemonitor.yaml + update values * add prometheusrule.yaml * add networkpolicy.yaml * add pdb * add cluster roles * change version + add change * fix indents * fix doc * update docs * disable event reporter by default * disable old reporter by value * add missing docs * update chart * update docs * remove hardcoded defaults + add correct template for argocd-cm * use production version of argo-cd * update default amount of reporter replicas * fix values and docs * fix metrics service --- charts/argo-cd/Chart.yaml | 10 +- charts/argo-cd/README.md | 73 +++++ charts/argo-cd/templates/_helpers.tpl | 17 ++ .../templates/argocd-configs/argocd-cm.yaml | 4 + .../templates/event-reporter/clusterrole.yaml | 26 ++ .../event-reporter/clusterrolebinding.yaml | 19 ++ .../templates/event-reporter/metrics.yaml | 34 +++ .../event-reporter/networkpolicy.yaml | 20 ++ .../argo-cd/templates/event-reporter/pdb.yaml | 27 ++ .../event-reporter/prometheusrule.yaml | 24 ++ .../templates/event-reporter/role.yaml | 44 +++ .../templates/event-reporter/rolebinding.yaml | 17 ++ .../event-reporter/serviceaccount.yaml | 19 ++ .../event-reporter/servicemonitor.yaml | 47 +++ .../templates/event-reporter/statefulset.yaml | 275 +++++++++++++++++ charts/argo-cd/values.yaml | 279 ++++++++++++++++++ 16 files changed, 932 insertions(+), 3 deletions(-) create mode 100644 charts/argo-cd/templates/event-reporter/clusterrole.yaml create mode 100644 charts/argo-cd/templates/event-reporter/clusterrolebinding.yaml create mode 100644 charts/argo-cd/templates/event-reporter/metrics.yaml create mode 100644 charts/argo-cd/templates/event-reporter/networkpolicy.yaml create mode 100644 charts/argo-cd/templates/event-reporter/pdb.yaml create mode 100644 charts/argo-cd/templates/event-reporter/prometheusrule.yaml create mode 100644 charts/argo-cd/templates/event-reporter/role.yaml create mode 100644 charts/argo-cd/templates/event-reporter/rolebinding.yaml create mode 100644 charts/argo-cd/templates/event-reporter/serviceaccount.yaml create mode 100644 charts/argo-cd/templates/event-reporter/servicemonitor.yaml create mode 100644 charts/argo-cd/templates/event-reporter/statefulset.yaml diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 7ec6e011..db605e05 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: v2.8.1-cap-CR-20837 +appVersion: v2.8.1-cap-CR-21281-new-reporter kubeVersion: ">=1.23.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 5.50.1-0-cap-CR-20837 +version: 5.50.1-1-cap-CR-21429 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -26,5 +26,9 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | + - kind: added + description: Add event reporter as a separate component - kind: changed - description: Update ArgoCD version to v2.8.1-cap-CR-20837 + description: Update ArgoCD version to v2.8.1-cap-CR-21281-new-reporter + - kind: changed + description: Add ability to switch between reporters diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 40635660..e1d141ce 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -390,6 +390,79 @@ NAME: my-release | crds.keep | bool | `true` | Keep CRDs on chart uninstall | | createAggregateRoles | bool | `false` | Create aggregated roles that extend existing cluster roles to interact with argo-cd resources | | createClusterRoles | bool | `true` | Create cluster roles for cluster-wide installation. | +| eventReporter.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment | +| eventReporter.clusterRoleRules.enabled | bool | `false` | Enable custom rules for the event reporter's ClusterRole resource | +| eventReporter.clusterRoleRules.rules | list | `[]` | List of custom rules for the event reporter's ClusterRole resource | +| eventReporter.containerPorts.health | int | `8088` | | +| eventReporter.containerPorts.metrics | int | `8087` | Metrics container port | +| eventReporter.containerSecurityContext | object | See [values.yaml] | Event reporter container-level security context | +| eventReporter.dnsConfig | object | `{}` | [DNS configuration] | +| eventReporter.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for event reporter pods | +| eventReporter.enabled | bool | `false` | | +| eventReporter.env | list | `[]` | Environment variables to pass to event reporter | +| eventReporter.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to event reporter | +| eventReporter.extraArgs | list | `[]` | Additional command line arguments to pass to event reporter | +| eventReporter.extraContainers | list | `[]` | Additional containers to be added to the event reporter pod | +| eventReporter.hostNetwork | bool | `false` | Host Network for event reporter pods | +| eventReporter.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the event reporter | +| eventReporter.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the event reporter | +| eventReporter.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the event reporter | +| eventReporter.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | +| eventReporter.initContainers | list | `[]` | Init containers to add to the event reporter pod | +| eventReporter.metrics.applicationLabels.enabled | bool | `false` | Enables additional labels in argocd_app_labels metric | +| eventReporter.metrics.applicationLabels.labels | list | `[]` | Additional labels | +| eventReporter.metrics.enabled | bool | `false` | Deploy metrics service | +| eventReporter.metrics.rules.additionalLabels | object | `{}` | PrometheusRule labels | +| eventReporter.metrics.rules.annotations | object | `{}` | PrometheusRule annotations | +| eventReporter.metrics.rules.enabled | bool | `false` | Deploy a PrometheusRule for the event reporter | +| eventReporter.metrics.rules.namespace | string | `""` | PrometheusRule namespace | +| eventReporter.metrics.rules.selector | object | `{}` | PrometheusRule selector | +| eventReporter.metrics.rules.spec | list | `[]` | PrometheusRule.Spec for the event reporter | +| eventReporter.metrics.service.annotations | object | `{}` | Metrics service annotations | +| eventReporter.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) | +| eventReporter.metrics.service.labels | object | `{}` | Metrics service labels | +| eventReporter.metrics.service.portName | string | `"http-metrics"` | Metrics service port name | +| eventReporter.metrics.service.servicePort | int | `8087` | Metrics service port | +| eventReporter.metrics.service.type | string | `"ClusterIP"` | Metrics service type | +| eventReporter.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | +| eventReporter.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | +| eventReporter.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| eventReporter.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval | +| eventReporter.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | +| eventReporter.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | +| eventReporter.metrics.serviceMonitor.relabelings | list | `[]` | Prometheus [RelabelConfigs] to apply to samples before scraping | +| eventReporter.metrics.serviceMonitor.scheme | string | `""` | Prometheus ServiceMonitor scheme | +| eventReporter.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | +| eventReporter.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig | +| eventReporter.name | string | `"event-reporter"` | | +| eventReporter.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] | +| eventReporter.pdb.annotations | object | `{}` | Annotations to be added to event reporter pdb | +| eventReporter.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the event reporter | +| eventReporter.pdb.labels | object | `{}` | Labels to be added to event reporter pdb | +| eventReporter.pdb.maxUnavailable | string | `""` | Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). | +| eventReporter.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) | +| eventReporter.podAnnotations | object | `{}` | Annotations to be added to event reporter pods | +| eventReporter.podLabels | object | `{}` | Labels to be added to event reporter pods | +| eventReporter.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the event reporter pods | +| eventReporter.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| eventReporter.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | +| eventReporter.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| eventReporter.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| eventReporter.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| eventReporter.replicas | int | `3` | | +| eventReporter.resources | object | `{}` | Resource limits and requests for the event reporter pods | +| eventReporter.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | +| eventReporter.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | +| eventReporter.serviceAccount.create | bool | `true` | Create a service account for the event reporter | +| eventReporter.serviceAccount.labels | object | `{}` | Labels applied to created service account | +| eventReporter.serviceAccount.name | string | `"event-reporter"` | Service account name | +| eventReporter.statefulsetAnnotations | object | `{}` | Annotations for the event reporter StatefulSet | +| eventReporter.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | +| eventReporter.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | +| eventReporter.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the event reporter | +| eventReporter.version | string | `"v1"` | | +| eventReporter.volumeMounts | list | `[]` | Additional volumeMounts to the event reporter main container | +| eventReporter.volumes | list | `[]` | Additional volumes to the event reporter pod | | extraObjects | list | `[]` | Array of extra K8s manifests to deploy | | fullnameOverride | string | `""` | String to fully override `"argo-cd.fullname"` | | kubeVersionOverride | string | `""` | Override the Kubernetes version, which is used to evaluate certain manifests | diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index b5d62a6a..e347f7f1 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -216,3 +216,20 @@ Merge Argo Params Configuration with Preset Configuration {{ $key }}: {{ toString $value | toYaml }} {{- end }} {{- end -}} + +{{/* +Create event reporter name and version as used by the chart label. +*/}} +{{- define "argo-cd.event-reporter.fullname" -}} +{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.eventReporter.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{/* +Create the name of the Argo CD server service account to use +*/}} +{{- define "argo-cd.eventReporterServiceAccountName" -}} +{{- if .Values.eventReporter.serviceAccount.create -}} + {{ default (include "argo-cd.event-reporter.fullname" .) .Values.eventReporter.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.eventReporter.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml b/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml index 829a6776..d1e3ad7a 100644 --- a/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml +++ b/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml @@ -14,4 +14,8 @@ metadata: {{- end }} data: {{- include "argo-cd.config.cm" . | trim | nindent 2 }} + + {{- if and .Values.eventReporter.enabled .Values.eventReporter.version }} + codefresh.reporterVersion: {{ .Values.eventReporter.version | quote }} + {{- end }} {{- end }} diff --git a/charts/argo-cd/templates/event-reporter/clusterrole.yaml b/charts/argo-cd/templates/event-reporter/clusterrole.yaml new file mode 100644 index 00000000..7cfa1363 --- /dev/null +++ b/charts/argo-cd/templates/event-reporter/clusterrole.yaml @@ -0,0 +1,26 @@ +{{- if .Values.eventReporter.enabled }} +{{- $config := .Values.eventReporter.clusterAdminAccess | default dict -}} +{{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "argo-cd.event-reporter.fullname" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.eventReporter.name "name" .Values.eventReporter.name) | nindent 4 }} +rules: + {{- if .Values.eventReporter.clusterRoleRules.enabled }} + {{- toYaml .Values.eventReporter.clusterRoleRules.rules | nindent 2 }} + {{- else }} + - apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' + - nonResourceURLs: + - '*' + verbs: + - '*' + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/event-reporter/clusterrolebinding.yaml b/charts/argo-cd/templates/event-reporter/clusterrolebinding.yaml new file mode 100644 index 00000000..27a413de --- /dev/null +++ b/charts/argo-cd/templates/event-reporter/clusterrolebinding.yaml @@ -0,0 +1,19 @@ +{{- if .Values.eventReporter.enabled }} +{{- $config := .Values.eventReporter.clusterAdminAccess | default dict -}} +{{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "argo-cd.event-reporter.fullname" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.eventReporter.name "name" .Values.eventReporter.name) | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "argo-cd.event-reporter.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "argo-cd.eventReporterServiceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/event-reporter/metrics.yaml b/charts/argo-cd/templates/event-reporter/metrics.yaml new file mode 100644 index 00000000..b18cd29d --- /dev/null +++ b/charts/argo-cd/templates/event-reporter/metrics.yaml @@ -0,0 +1,34 @@ +{{- if and .Values.eventReporter.enabled .Values.eventReporter.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "argo-cd.event-reporter.fullname" . }}-metrics + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.eventReporter.name "name" (printf "%s-metrics" .Values.eventReporter.name)) | nindent 4 }} + {{- with .Values.eventReporter.metrics.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.eventReporter.metrics.service.annotations .Values.global.addPrometheusAnnotations }} + annotations: + {{- if .Values.global.addPrometheusAnnotations }} + prometheus.io/port: {{ .Values.eventReporter.metrics.service.servicePort | quote }} + prometheus.io/scrape: "true" + {{- end }} + {{- range $key, $value := .Values.eventReporter.metrics.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.eventReporter.metrics.service.type }} + {{- if and .Values.eventReporter.metrics.service.clusterIP (eq .Values.eventReporter.metrics.service.type "ClusterIP") }} + clusterIP: {{ .Values.eventReporter.metrics.service.clusterIP }} + {{- end }} + ports: + - name: {{ .Values.eventReporter.metrics.service.portName }} + protocol: TCP + port: {{ .Values.eventReporter.metrics.service.servicePort }} + targetPort: metrics + selector: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.eventReporter.name) | nindent 4 }} +{{- end }} diff --git a/charts/argo-cd/templates/event-reporter/networkpolicy.yaml b/charts/argo-cd/templates/event-reporter/networkpolicy.yaml new file mode 100644 index 00000000..5ea63290 --- /dev/null +++ b/charts/argo-cd/templates/event-reporter/networkpolicy.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.eventReporter.enabled .Values.global.networkPolicy.create }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.eventReporter.name "name" .Values.eventReporter.name) | nindent 4 }} + name: {{ template "argo-cd.event-reporter.fullname" . }} + namespace: {{ .Release.Namespace | quote }} +spec: + ingress: + - from: + - namespaceSelector: {} + ports: + - port: metrics + podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.eventReporter.name) | nindent 6 }} + policyTypes: + - Ingress +{{- end }} diff --git a/charts/argo-cd/templates/event-reporter/pdb.yaml b/charts/argo-cd/templates/event-reporter/pdb.yaml new file mode 100644 index 00000000..9cc50321 --- /dev/null +++ b/charts/argo-cd/templates/event-reporter/pdb.yaml @@ -0,0 +1,27 @@ +{{- if and .Values.eventReporter.enabled .Values.eventReporter.pdb.enabled }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "argo-cd.event-reporter.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.eventReporter.name "name" .Values.eventReporter.name) | nindent 4 }} + {{- with .Values.eventReporter.pdb.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.eventReporter.pdb.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + {{- with .Values.eventReporter.pdb.maxUnavailable }} + maxUnavailable: {{ . }} + {{- else }} + minAvailable: {{ .Values.eventReporter.pdb.minAvailable | default 0 }} + {{- end }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.eventReporter.name) | nindent 6 }} +{{- end }} diff --git a/charts/argo-cd/templates/event-reporter/prometheusrule.yaml b/charts/argo-cd/templates/event-reporter/prometheusrule.yaml new file mode 100644 index 00000000..3b3617bc --- /dev/null +++ b/charts/argo-cd/templates/event-reporter/prometheusrule.yaml @@ -0,0 +1,24 @@ +{{- if and .Values.eventReporter.enabled .Values.eventReporter.metrics.enabled .Values.eventReporter.metrics.rules.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ template "argo-cd.event-reporter.fullname" . }} + namespace: {{ default .Release.Namespace .Values.eventReporter.metrics.rules.namespace | quote }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.eventReporter.name "name" .Values.eventReporter.name) | nindent 4 }} + {{- if .Values.eventReporter.metrics.rules.selector }} +{{- toYaml .Values.eventReporter.metrics.rules.selector | nindent 4 }} + {{- end }} + {{- if .Values.eventReporter.metrics.rules.additionalLabels }} +{{- toYaml .Values.eventReporter.metrics.rules.additionalLabels | nindent 4 }} + {{- end }} + {{- with .Values.eventReporter.metrics.rules.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + groups: + - name: argocd + rules: +{{- toYaml .Values.eventReporter.metrics.rules.spec | nindent 4 }} +{{- end }} diff --git a/charts/argo-cd/templates/event-reporter/role.yaml b/charts/argo-cd/templates/event-reporter/role.yaml new file mode 100644 index 00000000..ee8b87a4 --- /dev/null +++ b/charts/argo-cd/templates/event-reporter/role.yaml @@ -0,0 +1,44 @@ +{{- if .Values.eventReporter.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "argo-cd.event-reporter.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.eventReporter.name "name" .Values.eventReporter.name) | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - argoproj.io + resources: + - applications + - appprojects + - applicationsets + verbs: + - create + - get + - list + - watch + - update + - delete + - patch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - list +{{- end }} diff --git a/charts/argo-cd/templates/event-reporter/rolebinding.yaml b/charts/argo-cd/templates/event-reporter/rolebinding.yaml new file mode 100644 index 00000000..3e0a5bec --- /dev/null +++ b/charts/argo-cd/templates/event-reporter/rolebinding.yaml @@ -0,0 +1,17 @@ +{{- if .Values.eventReporter.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "argo-cd.event-reporter.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.eventReporter.name "name" .Values.eventReporter.name) | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "argo-cd.event-reporter.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ template "argo-cd.eventReporterServiceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/charts/argo-cd/templates/event-reporter/serviceaccount.yaml b/charts/argo-cd/templates/event-reporter/serviceaccount.yaml new file mode 100644 index 00000000..7f94d89b --- /dev/null +++ b/charts/argo-cd/templates/event-reporter/serviceaccount.yaml @@ -0,0 +1,19 @@ +{{- if and .Values.eventReporter.enabled .Values.eventReporter.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.eventReporter.serviceAccount.automountServiceAccountToken }} +metadata: + name: {{ template "argo-cd.eventReporterServiceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} +{{- if .Values.eventReporter.serviceAccount.annotations }} + annotations: + {{- range $key, $value := .Values.eventReporter.serviceAccount.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.eventReporter.name "name" .Values.eventReporter.name) | nindent 4 }} + {{- range $key, $value := .Values.eventReporter.serviceAccount.labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/event-reporter/servicemonitor.yaml b/charts/argo-cd/templates/event-reporter/servicemonitor.yaml new file mode 100644 index 00000000..79f7e2e3 --- /dev/null +++ b/charts/argo-cd/templates/event-reporter/servicemonitor.yaml @@ -0,0 +1,47 @@ +{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.eventReporter.enabled .Values.eventReporter.metrics.enabled .Values.eventReporter.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "argo-cd.event-reporter.fullname" . }} + namespace: {{ default .Release.Namespace .Values.eventReporter.metrics.serviceMonitor.namespace | quote }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.eventReporter.name "name" .Values.eventReporter.name) | nindent 4 }} + {{- with .Values.eventReporter.metrics.serviceMonitor.selector }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.eventReporter.metrics.serviceMonitor.additionalLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.eventReporter.metrics.serviceMonitor.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + endpoints: + - port: {{ .Values.eventReporter.metrics.service.portName }} + {{- with .Values.eventReporter.metrics.serviceMonitor.interval }} + interval: {{ . }} + {{- end }} + path: /metrics + {{- with .Values.eventReporter.metrics.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.eventReporter.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.eventReporter.metrics.serviceMonitor.scheme }} + scheme: {{ . }} + {{- end }} + {{- with .Values.eventReporter.metrics.serviceMonitor.tlsConfig }} + tlsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.eventReporter.name "name" "metrics") | nindent 6 }} +{{- end }} diff --git a/charts/argo-cd/templates/event-reporter/statefulset.yaml b/charts/argo-cd/templates/event-reporter/statefulset.yaml new file mode 100644 index 00000000..cb8d9f38 --- /dev/null +++ b/charts/argo-cd/templates/event-reporter/statefulset.yaml @@ -0,0 +1,275 @@ +{{- if .Values.eventReporter.enabled }} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.statefulsetAnnotations) .Values.eventReporter.statefulsetAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + name: {{ template "argo-cd.event-reporter.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.eventReporter.name "name" .Values.eventReporter.name) | nindent 4 }} +spec: + replicas: {{ .Values.eventReporter.replicas }} + # TODO: Remove for breaking release as history limit cannot be patched + revisionHistoryLimit: 5 + serviceName: {{ include "argo-cd.event-reporter.fullname" . }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.eventReporter.name) | nindent 6 }} + template: + metadata: + annotations: + checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }} + {{- if (hasKey .Values.server "configEnabled") | ternary .Values.server.configEnabled .Values.configs.cm.create }} + checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }} + {{- end }} + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.eventReporter.podAnnotations) }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.eventReporter.name "name" .Values.eventReporter.name) | nindent 8 }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.eventReporter.podLabels) }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.eventReporter.imagePullSecrets | default .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.eventReporter.priorityClassName | default .Values.global.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + {{- if .Values.eventReporter.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.eventReporter.terminationGracePeriodSeconds }} + {{- end }} + serviceAccountName: {{ include "argo-cd.eventReporterServiceAccountName" . }} + containers: + - args: + - /usr/local/bin/event-reporter-server + - --metrics-port={{ .Values.eventReporter.containerPorts.metrics }} + {{- with .Values.eventReporter.extraArgs }} + {{- toYaml . | nindent 8 }} + {{- end }} + image: {{ default .Values.global.image.repository .Values.eventReporter.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.eventReporter.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.eventReporter.image.imagePullPolicy }} + name: {{ .Values.eventReporter.name }} + env: + {{- with (concat .Values.global.env .Values.eventReporter.env) }} + {{- toYaml . | nindent 10 }} + {{- end }} + - name: EVENT_REPORTER_REPLICAS + value: {{ .Values.eventReporter.replicas | quote }} + - name: ARGOCD_TOKEN + valueFrom: + secretKeyRef: + key: token + name: argocd-token + - name: CODEFRESH_URL + valueFrom: + configMapKeyRef: + name: codefresh-cm + key: base-url + optional: true + - name: CODEFRESH_TOKEN + valueFrom: + secretKeyRef: + key: token + name: codefresh-token + # todo: clean up + - name: EVENT_REPORTER_INSECURE + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: event-reporter.insecure + optional: true + - name: EVENT_REPORTER_LOGFORMAT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: event-reporter.log.format + optional: true + - name: EVENT_REPORTER_LOG_LEVEL + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: event-reporter.log.level + optional: true + - name: EVENT_REPORTER_REPO_SERVER + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: repo.server + optional: true + - name: EVENT_REPORTER_REPO_SERVER_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: event-reporter.repo.server.timeout.seconds + optional: true + - name: EVENT_REPORTER_REPO_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: event-reporter.repo.server.plaintext + optional: true + - name: REDIS_SERVER + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: redis.server + optional: true + - name: REDIS_COMPRESSION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: redis.compression + optional: true + - name: REDISDB + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: redis.db + optional: true + - name: REDIS_USERNAME + valueFrom: + secretKeyRef: + name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + key: redis-username + optional: true + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + key: redis-password + optional: true + - name: EVENT_REPORTER_SHARDING_ALGORITHM + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: event-reporter.sharding.algorithm + optional: true + - name: EVENT_REPORTER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: event-reporter.listen.address + optional: true + - name: EVENT_REPORTER_METRICS_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: event-reporter.metrics.listen.address + optional: true + {{- with .Values.eventReporter.envFrom }} + envFrom: + {{- toYaml . | nindent 10 }} + {{- end }} + ports: + - name: metrics + containerPort: {{ .Values.eventReporter.containerPorts.metrics }} + protocol: TCP + - name: health + containerPort: {{ .Values.eventReporter.containerPorts.health }} + protocol: TCP + livenessProbe: + httpGet: + path: /healthz?full=true + port: health + initialDelaySeconds: 3 + periodSeconds: 30 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: /healthz + port: health + initialDelaySeconds: {{ .Values.eventReporter.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.eventReporter.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.eventReporter.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.eventReporter.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.eventReporter.readinessProbe.failureThreshold }} + resources: + {{- toYaml .Values.eventReporter.resources | nindent 10 }} + {{- with .Values.eventReporter.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + volumeMounts: + {{- with .Values.eventReporter.volumeMounts }} + {{- toYaml . | nindent 8 }} + {{- end }} + - name: argocd-repo-server-tls + mountPath: /app/config/server/tls + - mountPath: /tmp + name: tmp + {{- with .Values.eventReporter.extraContainers }} + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + {{- with .Values.eventReporter.initContainers }} + initContainers: + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.eventReporter) }} + affinity: + {{- trim . | nindent 8 }} + {{- end }} + {{- with .Values.eventReporter.nodeSelector | default .Values.global.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.eventReporter.tolerations | default .Values.global.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.eventReporter.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }} + topologySpreadConstraints: + {{- range $constraint := . }} + - {{ toYaml $constraint | nindent 8 | trim }} + {{- if not $constraint.labelSelector }} + labelSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" $ "name" $.Values.eventReporter.name) | nindent 12 }} + {{- end }} + {{- end }} + {{- end }} + volumes: + {{- with .Values.eventReporter.volumes }} + {{- toYaml . | nindent 6 }} + {{- end }} + - emptyDir: { } + name: plugins-home + - emptyDir: { } + name: tmp + - name: argocd-repo-server-tls + secret: + secretName: argocd-repo-server-tls + optional: true + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + {{- if .Values.eventReporter.hostNetwork }} + hostNetwork: {{ .Values.eventReporter.hostNetwork }} + {{- end }} + {{- with .Values.eventReporter.dnsConfig }} + dnsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.eventReporter.dnsPolicy }} +{{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index df20106e..52ce703d 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -3277,3 +3277,282 @@ notifications: # For more information: https://argocd-notifications.readthedocs.io/en/stable/triggers/#default-triggers # defaultTriggers: | # - on-sync-status-unknown + +eventReporter: + # Enabled we need to skip argo-cd chart tests for this component + enabled: false + # Version we need to dynamically switch between old and new version + # one will be just hanging and the second one working + # possible values: v1, v2 + version: v1 + name: event-reporter + ## Amount of replicas for event reporting sharding + replicas: 3 + ## Event reporter Pod Disruption Budget + ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ + pdb: + # -- Deploy a [PodDisruptionBudget] for the event reporter + enabled: false + # -- Labels to be added to event reporter pdb + labels: {} + # -- Annotations to be added to event reporter pdb + annotations: {} + # -- Number of pods that are available after eviction as number or percentage (eg.: 50%) + # @default -- `""` (defaults to 0 if not specified) + minAvailable: "" + # -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). + ## Has higher precedence over `controller.pdb.minAvailable` + maxUnavailable: "" + + ## Event reporter image + image: + # -- Repository to use for the event reporter + # @default -- `""` (defaults to global.image.repository) + repository: "" + # -- Tag to use for the event reporter + # @default -- `""` (defaults to global.image.tag) + tag: "" + # -- Image pull policy for the event reporter + # @default -- `""` (defaults to global.image.imagePullPolicy) + imagePullPolicy: "" + + # -- Secrets with credentials to pull images from a private registry + # @default -- `[]` (defaults to global.imagePullSecrets) + imagePullSecrets: [] + + # -- Additional command line arguments to pass to event reporter + extraArgs: [] + + # -- Environment variables to pass to event reporter + env: [] + + # -- envFrom to pass to event reporter + # @default -- `[]` (See [values.yaml]) + envFrom: [] + # - configMapRef: + # name: config-map-name + # - secretRef: + # name: secret-name + + # -- Additional containers to be added to the event reporter pod + ## Note: Supports use of custom Helm templates + extraContainers: [] + + # -- Init containers to add to the event reporter pod + ## If your target Kubernetes cluster(s) require a custom credential (exec) plugin + ## you could use this (and the same in the server pod) to provide such executable + ## Ref: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins + ## Note: Supports use of custom Helm templates + initContainers: [] + # - name: download-tools + # image: alpine:3 + # command: [sh, -c] + # args: + # - wget -qO kubelogin.zip https://github.com/Azure/kubelogin/releases/download/v0.0.25/kubelogin-linux-amd64.zip && + # unzip kubelogin.zip && mv bin/linux_amd64/kubelogin /custom-tools/ + # volumeMounts: + # - mountPath: /custom-tools + # name: custom-tools + + # -- Additional volumeMounts to the event reporter main container + volumeMounts: [] + # - mountPath: /usr/local/bin/kubelogin + # name: custom-tools + # subPath: kubelogin + + # -- Additional volumes to the event reporter pod + volumes: [] + # - name: custom-tools + # emptyDir: {} + + # -- Annotations for the event reporter StatefulSet + statefulsetAnnotations: {} + + # -- Annotations to be added to event reporter pods + podAnnotations: {} + + # -- Labels to be added to event reporter pods + podLabels: {} + + # -- Resource limits and requests for the event reporter pods + resources: {} + # limits: + # cpu: 500m + # memory: 512Mi + # requests: + # cpu: 250m + # memory: 256Mi + + # Event reporter container ports + containerPorts: + # -- Metrics container port + metrics: 8087 + health: 8088 + + # -- Host Network for event reporter pods + hostNetwork: false + + # -- [DNS configuration] + dnsConfig: {} + # -- Alternative DNS policy for event reporter pods + dnsPolicy: "ClusterFirst" + + # -- Event reporter container-level security context + # @default -- See [values.yaml] + containerSecurityContext: + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + + # Readiness probe for event reporter + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + readinessProbe: + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 10 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 10 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 1 + + # -- terminationGracePeriodSeconds for container lifecycle hook + terminationGracePeriodSeconds: 30 + + # -- Priority class for the event reporter pods + # @default -- `""` (defaults to global.priorityClassName) + priorityClassName: "" + + # -- [Node selector] + # @default -- `{}` (defaults to global.nodeSelector) + nodeSelector: {} + + # -- [Tolerations] for use with node taints + # @default -- `[]` (defaults to global.tolerations) + tolerations: [] + + # -- Assign custom [affinity] rules to the deployment + # @default -- `{}` (defaults to global.affinity preset) + affinity: {} + + # -- Assign custom [TopologySpreadConstraints] rules to the event reporter + # @default -- `[]` (defaults to global.topologySpreadConstraints) + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + + serviceAccount: + # -- Create a service account for the event reporter + create: true + # -- Service account name + name: event-reporter + # -- Annotations applied to created service account + annotations: {} + # -- Labels applied to created service account + labels: {} + # -- Automount API credentials for the Service Account + automountServiceAccountToken: true + + ## Event reporter metrics configuration + metrics: + # -- Deploy metrics service + enabled: false + applicationLabels: + # -- Enables additional labels in argocd_app_labels metric + enabled: false + # -- Additional labels + labels: [] + service: + # -- Metrics service type + type: ClusterIP + # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) + clusterIP: "" + # -- Metrics service annotations + annotations: {} + # -- Metrics service labels + labels: {} + # -- Metrics service port + servicePort: 8087 + # -- Metrics service port name + portName: http-metrics + serviceMonitor: + # -- Enable a prometheus ServiceMonitor + enabled: false + # -- Prometheus ServiceMonitor interval + interval: 30s + # -- Prometheus [RelabelConfigs] to apply to samples before scraping + relabelings: [] + # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion + metricRelabelings: [] + # -- Prometheus ServiceMonitor selector + selector: {} + # prometheus: kube-prometheus + + # -- Prometheus ServiceMonitor scheme + scheme: "" + # -- Prometheus ServiceMonitor tlsConfig + tlsConfig: {} + # -- Prometheus ServiceMonitor namespace + namespace: "" # "monitoring" + # -- Prometheus ServiceMonitor labels + additionalLabels: {} + # -- Prometheus ServiceMonitor annotations + annotations: {} + rules: + # -- Deploy a PrometheusRule for the event reporter + enabled: false + # -- PrometheusRule namespace + namespace: "" # "monitoring" + # -- PrometheusRule selector + selector: {} + # prometheus: kube-prometheus + + # -- PrometheusRule labels + additionalLabels: {} + # -- PrometheusRule annotations + annotations: {} + + # -- PrometheusRule.Spec for the event reporter + spec: [] + # - alert: ArgoAppMissing + # expr: | + # absent(argocd_app_info) == 1 + # for: 15m + # labels: + # severity: critical + # annotations: + # summary: "[Argo CD] No reported applications" + # description: > + # Argo CD has not reported any applications data for the past 15 minutes which + # means that it must be down or not functioning properly. This needs to be + # resolved for this cloud to continue to maintain state. + # - alert: ArgoAppNotSynced + # expr: | + # argocd_app_info{sync_status!="Synced"} == 1 + # for: 12h + # labels: + # severity: warning + # annotations: + # summary: "[{{`{{$labels.name}}`}}] Application not synchronized" + # description: > + # The application [{{`{{$labels.name}}`}} has not been synchronized for over + # 12 hours which means that the state of this cloud has drifted away from the + # state inside Git. + + ## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource. + ## Defaults to off + clusterRoleRules: + # -- Enable custom rules for the event reporter's ClusterRole resource + enabled: false + # -- List of custom rules for the event reporter's ClusterRole resource + rules: []