sa_8001/dsk-devops-toolchains
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

디렉토리 구조 및 각 서비스 추가

Browse Source
This commit is contained in:
dsk-minchulahn
2024-01-03 17:29:11 +09:00
parent 98de2a7627
commit d601d0f259
1632 changed files with 207616 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
helm/argo-cd/.helmignore Normal file
View File

@@ -0,0 +1,4 @@
/*.tgz
output
ci/
*.gotmpl

6
helm/argo-cd/Chart.lock Normal file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: redis-ha
repository: https://dandydeveloper.github.io/charts/
version: 4.22.4
digest: sha256:5df60910862b364ebfb82cba2b2f0951c39ad36446647fb3f501bdeadc92fbd7
generated: "2022-12-26T22:58:11.561184+09:00"

27
helm/argo-cd/Chart.yaml Normal file
View File

@@ -0,0 +1,27 @@
apiVersion: v2
appVersion: v2.6.5
kubeVersion: ">=1.22.0-0"
description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
name: argo-cd
version: 5.26.1
home: https://github.com/argoproj/argo-helm
icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
sources:
- https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd
- https://github.com/argoproj/argo-cd
keywords:
- argoproj
- argocd
- gitops
maintainers:
- name: argoproj
url: https://argoproj.github.io/
dependencies:
- name: redis-ha
version: 4.22.4
repository: https://dandydeveloper.github.io/charts/
condition: redis-ha.enabled
annotations:
artifacthub.io/changes: |
- kind: changed
description: Upgrade Argo CD v2.6.5

1176
helm/argo-cd/README.md Normal file
View File

File diff suppressed because it is too large Load Diff

548
helm/argo-cd/README.md.gotmpl Normal file
View File

@@ -0,0 +1,548 @@
# Argo CD Chart
A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
Source code can be found here:
{{ template "chart.sourcesList" . }}
This is a **community maintained** chart. This chart installs [argo-cd](https://argo-cd.readthedocs.io/en/stable/), a declarative, GitOps continuous delivery tool for Kubernetes.
The default installation is intended to be similar to the provided Argo CD [releases](https://github.com/argoproj/argo-cd/releases).
If you want to avoid including sensitive information unencrypted (clear text) in your version control, make use of the [declarative setup] of Argo CD.
For instance, rather than adding repositories and their keys in your Helm values, you could deploy [SealedSecrets](https://github.com/bitnami-labs/sealed-secrets) with contents as seen in this [repositories section](https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#repositories) or any other secrets manager service (i.e. HashiCorp Vault, AWS/GCP Secrets Manager, etc.).
## High Availability
This chart installs the non-HA version of Argo CD by default. If you want to run Argo CD in HA mode, you can use one of the example values in the next sections.
Please also have a look into the upstream [Operator Manual regarding High Availability](https://argo-cd.readthedocs.io/en/stable/operator-manual/high_availability/) to understand how scaling of Argo CD works in detail.
> **Warning:**
> You need at least 3 worker nodes as the HA mode of redis enforces Pods to run on separate nodes.
### HA mode with autoscaling
```yaml
redis-ha:
enabled: true
controller:
replicas: 1
server:
autoscaling:
enabled: true
minReplicas: 2
repoServer:
autoscaling:
enabled: true
minReplicas: 2
applicationSet:
replicaCount: 2
```
### HA mode without autoscaling
```yaml
redis-ha:
enabled: true
controller:
replicas: 1
server:
replicas: 2
repoServer:
replicas: 2
applicationSet:
replicaCount: 2
```
### Synchronizing Changes from Original Repository
In the original [Argo CD repository](https://github.com/argoproj/argo-cd/) an [`manifests/install.yaml`](https://github.com/argoproj/argo-cd/blob/master/manifests/install.yaml) is generated using `kustomize`. It's the basis for the installation as [described in the docs](https://argo-cd.readthedocs.io/en/stable/getting_started/#1-install-argo-cd).
When installing Argo CD using this helm chart the user should have a similar experience and configuration rolled out. Hence, it makes sense to try to achieve a similar output of rendered `.yaml` resources when calling `helm template` using the default settings in `values.yaml`.
To update the templates and default settings in `values.yaml` it may come in handy to look up the diff of the `manifests/install.yaml` between two versions accordingly. This can either be done directly via github and look for `manifests/install.yaml`:
https://github.com/argoproj/argo-cd/compare/v1.8.7...v2.0.0#files_bucket
Or you clone the repository and do a local `git-diff`:
```bash
git clone https://github.com/argoproj/argo-cd.git
cd argo-cd
git diff v1.8.7 v2.0.0 -- manifests/install.yaml
```
Changes in the `CustomResourceDefinition` resources shall be fixed easily by copying 1:1 from the [`manifests/crds` folder](https://github.com/argoproj/argo-cd/tree/master/manifests/crds) into this [`charts/argo-cd/templates/crds` folder](https://github.com/argoproj/argo-helm/tree/master/charts/argo-cd/templates/crds).
### Custom resource definitions
Some users would prefer to install the CRDs _outside_ of the chart. You can disable the CRD installation of this chart by using `--set crds.install=false` when installing the chart.
Helm cannot upgrade custom resource definitions in the `<chart>/crds` folder [by design](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#some-caveats-and-explanations). Starting with 5.2.0, the CRDs have been moved to `<chart>/templates` to address this design decision.
If you are using Argo CD chart version prior to 5.2.0 or have elected to manage the Argo CD CRDs outside of the chart, please use `kubectl` to upgrade CRDs manually from [templates/crds](templates/crds/) folder or via the manifests from the upstream project repo:
```bash
kubectl apply -k "https://github.com/argoproj/argo-cd/manifests/crds?ref=<appVersion>"
# Eg. version v2.4.9
kubectl apply -k "https://github.com/argoproj/argo-cd/manifests/crds?ref=v2.4.9"
```
## Changelog
For full list of changes please check ArtifactHub [changelog].
Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version.
### 5.24.0
This versions adds additional global parameters for scheduling (`nodeSelector`, `tolerations`, `topologySpreadConstraints`).
Default `global.affinity` rules can be disabled when `none` value is used for the preset.
### 5.22.0
This versions adds `global.affinity` options that are used as a presets. Override on component level works as before and replaces the default preset completely.
### 5.19.0
This version consolidates config for custom repository TLS certificates and SSH known hosts. If you provide this values please move them into new `configs.ssh` and `configs.tls` sections.
You can also use new option `configs.ssh.extraHosts` to configure your SSH keys without maintaing / overwritting keys for public Git repositories.
### 5.13.0
This version reduces history limit for Argo CD deployment replicas to 3 to provide more visibility for Argo CD deployments that manage itself. If you need more deployment revisions for rollbacks set `global.revisionHistoryLimit` parameter.
### 5.12.0
If Argo CD is managing termination of TLS and you are using `configs.secret.argocdServerTlsConfig` option to provide custom TLS configuration for this chart, please use `server.certificate` or `server.certificateSecret` instead.
For the secrets for tls termination, please use a secret named `argocd-server-tls` instead of `argocd-secret`.
For the technical details please check the [Argo CD documentation](https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-certificates-used-by-argocd-server). When transitioning from the one secret to the other pay attention to `tls.key` and `tls.crt` keys.
### 5.10.0
This version hardens security by configuring default container security contexts and adds hard requirement for Kubernetes 1.22+ to work properly.
The change aligns chart with officially [supported versions](https://argo-cd.readthedocs.io/en/release-2.5/operator-manual/installation/#supported-versions) by upstream project.
### 5.7.0
This version introcudes new `configs.cm` and `configs.rbac` sections that replaces `server.config` and `server.rbacConfig` respectively.
Please move your current configuration to the new place. The Argo CD RBAC config now also sets defaults in the `argocd-rbac-cm`.
If you have manually created this ConfigMap please ensure templating is disabled so you will not lose your changes.
### 5.5.20
This version moved API version templates into dedicated helper. If you are using these in your umbrella
chart please migrate your templates to pattern `argo-cd.apiVersion.<component>`.
### 5.5.0
This version introduces new `configs.params` section that replaces command line arguments for containers.
Please refer to documentation in values.yaml for migrating the configuration.
### 5.2.0
Custom resource definitions were moved to `templates` folder so they can be managed by Helm.
To adopt already created CRDs, please use following command:
```bash
YOUR_ARGOCD_NAMESPACE="" # e.g. argo-cd
YOUR_ARGOCD_RELEASENAME="" # e.g. argo-cd
for crd in "applications.argoproj.io" "applicationsets.argoproj.io" "argocdextensions.argoproj.io" "appprojects.argoproj.io"; do
kubectl label --overwrite crd $crd app.kubernetes.io/managed-by=Helm
kubectl annotate --overwrite crd $crd meta.helm.sh/release-namespace="$YOUR_ARGOCD_NAMESPACE"
kubectl annotate --overwrite crd $crd meta.helm.sh/release-name="$YOUR_ARGOCD_RELEASENAME"
done
```
### 5.0.0
This version **removes support for**:
- deprecated repository credentials (parameter `configs.repositoryCredentials`)
- option to run application controller as a Deployment
- the parameters `server.additionalApplications` and `server.additionalProjects`
Please carefully read the following section if you are using these parameters!
In order to upgrade Applications and Projects safely against CRDs' upgrade, `server.additionalApplications` and `server.additionalProjects` are moved to [argocd-apps](../argocd-apps).
If you are using `server.additionalApplications` or `server.additionalProjects`, you can adopt to [argocd-apps](../argocd-apps) as below:
1. Add [helm.sh/resource-policy annotation](https://helm.sh/docs/howto/charts_tips_and_tricks/#tell-helm-not-to-uninstall-a-resource) to avoid resources being removed by upgrading Helm chart
You can keep your existing CRDs by adding `"helm.sh/resource-policy": keep` on `additionalAnnotations`, under `server.additionalApplications` and `server.additionalProjects` blocks, and running `helm upgrade`.
e.g:
```yaml
server:
additionalApplications:
- name: guestbook
namespace: argocd
additionalLabels: {}
additionalAnnotations:
"helm.sh/resource-policy": keep # <-- add this
finalizers:
- resources-finalizer.argocd.argoproj.io
project: guestbook
source:
repoURL: https://github.com/argoproj/argocd-example-apps.git
targetRevision: HEAD
path: guestbook
directory:
recurse: true
destination:
server: https://kubernetes.default.svc
namespace: guestbook
syncPolicy:
automated:
prune: false
selfHeal: false
ignoreDifferences:
- group: apps
kind: Deployment
jsonPointers:
- /spec/replicas
info:
- name: url
value: https://argoproj.github.io/
```
You can also keep your existing CRDs by running the following scripts.
```bash
# keep Applications
for app in "guestbook"; do
kubectl annotate --overwrite application $app helm.sh/resource-policy=keep
done
# keep Projects
for project in "guestbook"; do
kubectl annotate --overwrite appproject $project helm.sh/resource-policy=keep
done
```
2. Upgrade argo-cd Helm chart to v5.0.0
3. Remove keep [helm.sh/resource-policy annotation](https://helm.sh/docs/howto/charts_tips_and_tricks/#tell-helm-not-to-uninstall-a-resource)
```bash
# delete annotations from Applications
for app in "guestbook"; do
kubectl annotate --overwrite application $app helm.sh/resource-policy-
done
# delete annotations from Projects
for project in "guestbook"; do
kubectl annotate --overwrite appproject $project helm.sh/resource-policy-
done
```
4. Adopt existing resources to [argocd-apps](../argocd-apps)
### 4.9.0
This version starts to use upstream image with applicationset binary. Start command was changed from `applicationset-controller` to `argocd-applicationset-controller`
### 4.3.*
With this minor version, the notification notifier's `service.slack` is no longer configured by default.
### 4.0.0 and above
This helm chart version deploys Argo CD v2.3. The Argo CD Notifications and ApplicationSet are part of Argo CD now. You no longer need to install them separately. The Notifications and ApplicationSet components **are bundled into default** Argo CD installation.
Please read the [v2.2 to 2.3 upgrade instructions] in the upstream repository.
### 3.13.0
This release removes the flag `--staticassets` from argocd server as it has been dropped upstream. If this flag needs to be enabled e.g for older releases of Argo CD, it can be passed via the `server.extraArgs` field
### 3.10.2
Argo CD has recently deprecated the flag `--staticassets` and from chart version `3.10.2` has been disabled by default
It can be re-enabled by setting `server.staticAssets.enabled` to true
### 3.8.1
This bugfix version potentially introduces a rename (and recreation) of one or more ServiceAccounts. It _only happens_ when you use one of these customization:
```yaml
# Case 1) - only happens when you do not specify a custom name (repoServer.serviceAccount.name)
repoServer:
serviceAccount:
create: true
# Case 2)
controller:
serviceAccount:
name: "" # or <nil>
# Case 3)
dex:
serviceAccount:
name: "" # or <nil>
# Case 4)
server:
serviceAccount:
name: "" # or <nil>
```
Please check if you are affected by one of these cases **before you upgrade**, especially when you use **cloud IAM roles for service accounts.** (eg. IRSA on AWS or Workload Identity for GKE)
### 3.2.*
With this minor version we introduced the evaluation for the ingress manifest (depending on the capabilities version), See [Pull Request](https://github.com/argoproj/argo-helm/pull/637).
[Issue 703](https://github.com/argoproj/argo-helm/issues/703) reported that the capabilities evaluation is **not handled correctly when deploying the chart via an Argo CD instance**,
especially deploying on clusters running a cluster version prior to `1.19` (which misses `Ingress` on apiVersion `networking.k8s.io/v1`).
If you are running a cluster version prior to `1.19` you can avoid this issue by directly installing chart version `3.6.0` and setting `kubeVersionOverride` like:
```yaml
kubeVersionOverride: "1.18.0"
```
Then you should no longer encounter this issue.
### 3.0.0 and above
Helm apiVersion switched to `v2`. Requires Helm `3.0.0` or above to install. [Read More](https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/) on how to migrate your release from Helm 2 to Helm 3.
### 2.14.7 and above
The `matchLabels` key in the Argo CD Application Controller is no longer hard-coded. Note that labels are immutable so caution should be exercised when making changes to this resource.
### 2.10.x to 2.11.0
The application controller is now available as a `StatefulSet` when the `controller.enableStatefulSet` flag is set to true. Depending on your Helm deployment this may be a downtime or breaking change if enabled when using HA and will become the default in 3.x.
### 1.8.7 to 2.x.x
`controller.extraArgs`, `repoServer.extraArgs` and `server.extraArgs` are now arrays of strings instead of a map
What was
```yaml
server:
extraArgs:
insecure: ""
```
is now
```yaml
server:
extraArgs:
- --insecure
```
## Prerequisites
- {{ template "chart.kubeVersionLine" . }}
- Helm v3.0.0+
## Installing the Chart
To install the chart with the release name `my-release`:
```console
$ helm repo add argo https://argoproj.github.io/argo-helm
"argo" has been added to your repositories
$ helm install my-release argo/argo-cd
NAME: my-release
...
```
## General parameters
| Key | Type | Default | Description |
|-----|------|---------|-------------|
{{- range .Values }}
{{- if not (or (hasPrefix "global" .Key) (hasPrefix "configs" .Key) (hasPrefix "controller" .Key) (hasPrefix "repoServer" .Key) (hasPrefix "server" .Key) (hasPrefix "applicationSet" .Key) (hasPrefix "notifications" .Key) (hasPrefix "dex" .Key) (hasPrefix "redis" .Key) (hasPrefix "externalRedis" .Key) ) }}
| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
{{- end }}
{{- end }}
## Global Configs
| Key | Type | Default | Description |
|-----|------|---------|-------------|
{{- range .Values }}
{{- if hasPrefix "global" .Key }}
| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
{{- end }}
{{- end }}
## Argo CD Configs
| Key | Type | Default | Description |
|-----|------|---------|-------------|
{{- range .Values }}
{{- if hasPrefix "configs" .Key }}
| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
{{- end }}
{{- end }}
## Argo CD Controller
| Key | Type | Default | Description |
|-----|------|---------|-------------|
{{- range .Values }}
{{- if hasPrefix "controller" .Key }}
| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
{{- end }}
{{- end }}
## Argo Repo Server
| Key | Type | Default | Description |
|-----|------|---------|-------------|
{{- range .Values }}
{{- if hasPrefix "repoServer" .Key }}
| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
{{- end }}
{{- end }}
## Argo Server
| Key | Type | Default | Description |
|-----|------|---------|-------------|
{{- range .Values }}
{{- if and (hasPrefix "server" .Key) (not (hasPrefix "server.additional" .Key)) }}
| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
{{- end }}
{{- end }}
### Using AWS ALB Ingress Controller With GRPC
If you are using an AWS ALB Ingress controller, you will need to set `server.ingressGrpc.isAWSALB` to `true`. This will create a second service with the annotation `alb.ingress.kubernetes.io/backend-protocol-version: HTTP2` and modify the server ingress to add a condition annotation to route GRPC traffic to the new service.
Example:
```yaml
server:
ingress:
enabled: true
annotations:
alb.ingress.kubernetes.io/backend-protocol: HTTPS
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
alb.ingress.kubernetes.io/scheme: internal
alb.ingress.kubernetes.io/target-type: ip
ingressGrpc:
enabled: true
isAWSALB: true
awsALB:
serviceType: ClusterIP
```
## Dex
| Key | Type | Default | Description |
|-----|------|---------|-------------|
{{- range .Values }}
{{- if hasPrefix "dex" .Key }}
| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
{{- end }}
{{- end }}
## Redis
### Option 1 - Single Redis instance (default option)
| Key | Type | Default | Description |
|-----|------|---------|-------------|
{{- range .Values }}
{{- if hasPrefix "redis." .Key }}
| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
{{- end }}
{{- end }}
### Option 2 - Redis HA
This option uses the following third-party chart to bootstrap a clustered Redis: https://github.com/DandyDeveloper/charts/tree/master/charts/redis-ha.
For all available configuration options, please read upstream README and/or chart source.
The main options are listed here:
| Key | Type | Default | Description |
|-----|------|---------|-------------|
{{- range .Values }}
{{- if hasPrefix "redis-ha" .Key }}
| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
{{- end }}
{{- end }}
| redis-ha.exporter.image | string | `nil` (follows subchart default) | Exporter image |
| redis-ha.exporter.tag | string | `nil` (follows subchart default) | Exporter tag |
| redis-ha.haproxy.image.repository | string | `nil` (follows subchart default) | HAProxy Image Repository |
| redis-ha.haproxy.image.tag | string | `nil` (follows subchart default) | HAProxy Image Tag |
| redis-ha.image.repository | string | `nil` (follows subchart default) | Redis image repository |
### Option 3 - External Redis
If you want to use an existing Redis (eg. a managed service from a cloud provider), you can use these parameters:
| Key | Type | Default | Description |
|-----|------|---------|-------------|
{{- range .Values }}
{{- if hasPrefix "externalRedis" .Key }}
| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
{{- end }}
{{- end }}
## ApplicationSet
| Key | Type | Default | Description |
|-----|------|---------|-------------|
{{- range .Values }}
{{- if hasPrefix "applicationSet" .Key }}
| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
{{- end }}
{{- end }}
## Notifications
| Key | Type | Default | Description |
|-----|------|---------|-------------|
{{- range .Values }}
{{- if hasPrefix "notifications" .Key }}
| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} |
{{- end }}
{{- end }}
----------------------------------------------
Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs)
[Argo CD RBAC policy]: https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/
[affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom
[CSS styles]: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/
[changelog]: https://artifacthub.io/packages/helm/argo/argo-cd?modal=changelog
[DNS configuration]: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
[external cluster credentials]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters
[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters
[declarative setup]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup
[gRPC-ingress]: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/
[GnuPG]: https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/
[HPA]: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
[MetricRelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
[Node selector]: https://kubernetes.io/docs/user-guide/node-selection/
[PodDisruptionBudget]: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/#pod-disruption-budgets
[probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
[RelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
[Tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
[values.yaml]: values.yaml
[v2.2 to 2.3 upgrade instructions]: https://github.com/argoproj/argo-cd/blob/v2.3.0/docs/operator-manual/upgrading/2.2-2.3.md

BIN
helm/argo-cd/charts/redis-ha-4.22.4.tgz Normal file
View File

Binary file not shown.

3
helm/argo-cd/ci/default-values.yaml Normal file
View File

@@ -0,0 +1,3 @@
# Test with default values
crds:
keep: false

12
helm/argo-cd/ci/external-redis-values.yaml Normal file
View File

@@ -0,0 +1,12 @@
crds:
keep: false
redis:
enabled: false
redis-ha:
enabled: false
externalRedis:
host: "redis-master.redis.svc.cluster.local"
password: "argocd"

16
helm/argo-cd/ci/ha-autoscaling-values.yaml Normal file
View File

@@ -0,0 +1,16 @@
# Test High Availability with autoscaling
crds:
keep: false
redis-ha:
enabled: true
server:
autoscaling:
enabled: true
minReplicas: 2
repoServer:
autoscaling:
enabled: true
minReplicas: 2

12
helm/argo-cd/ci/ha-static-values.yaml Normal file
View File

@@ -0,0 +1,12 @@
# Test High Availability without autoscaling
crds:
keep: false
redis-ha:
enabled: true
server:
replicas: 2
repoServer:
replicas: 2

29
helm/argo-cd/override-values.yaml Normal file
View File

@@ -0,0 +1,29 @@
controller:
metrics:
enabled: true
redis-ha:
enabled: true
server:
autoscaling:
enabled: true
minReplicas: 3
service:
type: NodePort
nodePortHttp: 30080
nodePortHttps: 30443
metrics:
enabled: true
repoServer:
autoscaling:
enabled: true
minReplicas: 3
metrics:
enabled: true
applicationSet:
replicaCount: 3
metrics:
enabled: true

143
helm/argo-cd/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,143 @@
{{- if .Values.controller.args.statusProcessors }}
DEPRECATED option controller.args.statusProcessors - Use configs.params.controller.status.processors
{{- end }}
{{- if .Values.controller.args.operationProcessors }}
DEPRECATED option controller.args.operationProcessors - Use configs.params.controller.operation.processors
{{- end }}
{{- if .Values.controller.args.appResyncPeriod }}
DEPRECATED option controller.args.appResyncPeriod - Use server.config.timeout.reconciliation
{{- end }}
{{- if .Values.controller.args.appHardResyncPeriod }}
DEPRECATED option controller.args.appHardResyncPeriod - Use server.config.timeout.hard.reconciliation
{{- end }}
{{- if .Values.controller.args.selfHealTimeout }}
DEPRECATED option controller.args.selfHealTimeout - Use configs.params.controller.self.heal.timeout.seconds
{{- end }}
{{- if .Values.controller.args.repoServerTimeoutSeconds }}
DEPRECATED option controller.args.repoServerTimeoutSeconds - Use configs.params.controller.repo.server.timeout.seconds
{{- end }}
{{- if .Values.controller.logFormat }}
DEPRECATED option controller.logFormat - Use configs.params.controller.log.format
{{- end }}
{{- if .Values.controller.logLevel }}
DEPRECATED option controller.logLevel - Use configs.params.controller.log.level
{{- end }}
{{- if .Values.server.logFormat }}
DEPRECATED option server.logFormat - Use configs.params.server.log.format
{{- end }}
{{- if .Values.server.logLevel }}
DEPRECATED option server.logLevel - Use configs.params.server.log.level
{{- end }}
{{- if has "--insecure" .Values.server.extraArgs }}
DEPRECATED option server.extraArgs."--insecure" - Use configs.params.server.insecure
{{- end }}
{{- if .Values.repoServer.logFormat }}
DEPRECATED option repoServer.logFormat - Use configs.params.repoServer.log.format
{{- end }}
{{- if .Values.repoServer.logLevel }}
DEPRECATED option repoServer.logLevel - Use configs.params.repoServer.log.level
{{- end }}
{{- if or .Values.server.config (hasKey .Values.server "configEnabled") .Values.server.configAnnotations }}
DEPRECATED option server.config - Use configs.cm
{{- end }}
{{- if or .Values.server.rbacConfig (hasKey .Values.server "rbacConfigCreate") .Values.server.rbacConfigAnnotations }}
DEPRECATED option server.rbacConfig - Use configs.rbac
{{- end }}
{{- if .Values.configs.secret.argocdServerTlsConfig }}
DEPRECATED option config.secret.argocdServerTlsConfig - Use server.certificate or server.certificateSecret
{{- end }}
{{- if .Values.configs.gpgKeys }}
DEPRECATED option configs.gpgKeys - Use config.gpg.keys
{{- end }}
{{- if .Values.configs.gpgKeysAnnotations }}
DEPRECATED option configs.gpgKeysAnnotations - Use config.gpg.annotations
{{- end }}
{{- if hasKey (.Values.controller.clusterAdminAccess | default dict) "enabled" }}
DEPRECATED option .controller.clusterAdminAccess.enabled - Use createClusterRoles
{{- end }}
{{- if hasKey (.Values.server.clusterAdminAccess | default dict) "enabled" }}
DEPRECATED option .server.clusterAdminAccess.enabled - Use createClusterRoles
{{- end }}
{{- if hasKey (.Values.repoServer.clusterAdminAccess | default dict) "enabled" }}
DEPRECATED option .server.clusterAdminAccess.enabled - Use createClusterRoles
{{- end }}
{{- if .Values.configs.knownHostsAnnotations }}
DEPRECATED option configs.knownHostsAnnotations - Use configs.ssh.annotations
{{- end }}
{{- if hasKey .Values.configs "knownHosts" }}
DEPRECATED option configs.knownHosts.data.ssh_known_hosts - Use configs.ssh.knownHosts
{{- end }}
{{- if .Values.configs.tlsCertsAnnotations }}
DEPRECATED option configs.tlsCertsAnnotations - Use configs.tls.annotations
{{- end }}
{{- if hasKey .Values.configs "tlsCerts" }}
DEPRECATED option configs.tlsCerts.data - Use configs.tls.certificates
{{- end }}
{{- if .Values.applicationSet.logFormat }}
DEPRECATED option applicationSet.logFormat - Use configs.params.applicationsetcontroller.log.format
{{- end }}
{{- if .Values.applicationSet.logLevel }}
DEPRECATED option applicationSet.logLevel - Use configs.params.applicationsetcontroller.log.level
{{- end }}
{{- if .Values.applicationSet.args.policy }}
DEPRECATED option applicationSet.args.policy - Use configs.params.applicationsetcontroller.policy
{{- end }}
{{- if .Values.applicationSet.args.dryRun }}
DEPRECATED option applicationSet.args.dryRun - Use configs.params.applicationsetcontroller.dryRun
{{- end }}
{{- if .Values.controller.service }}
REMOVED option controller.service - Use controller.metrics
{{- end }}
{{- if .Values.repoServer.copyutil }}
REMOVED option repoSever.copyutil.resources - Use repoServer.resources
{{- end }}
{{- if .Values.applicationSet.args.debug }}
REMOVED option applicationSet.args.debug - Use applicationSet.logLevel: debug
{{- end }}
{{- if .Values.applicationSet.args.enableLeaderElection }}
REMOVED option applicationSet.args.enableLeaderElection - Value determined based on replicas
{{- end }}
{{- if .Values.controller.containerPort }}
REMOVED option controller.containerPort - Use controller.containerPorts
{{- end }}
{{- if .Values.server.containerPort }}
REMOVED option server.containerPort - Use server.containerPorts
{{- end }}
{{- if .Values.repoServer.containerPort }}
REMOVED option repoServer.containerPort - Use repoServer.containerPorts
{{- end }}
{{- if .Values.applicationSet.args.metricsAddr }}
REMOVED option applicationSet.args.metricsAddr - Use applicationSet.containerPorts
{{- end }}
{{- if .Values.applicationSet.args.probeBindAddr }}
REMOVED option applicationSet.args.probeBindAddr - Use applicationSet.containerPorts
{{- end }}
{{- if .Values.redis.containerPort }}
REMOVED option redis.containerPort - Use redis.containerPorts
{{- end }}
{{- if .Values.redis.metrics.containerPort }}
REMOVED option redis.metrics.containerPort - Use redis.containerPorts
{{- end }}
In order to access the server UI you have the following options:
1. kubectl port-forward service/{{ include "argo-cd.fullname" . }}-server -n {{ .Release.Namespace }} 8080:443
and then open the browser on http://localhost:8080 and accept the certificate
2. enable ingress in the values file `server.ingress.enabled` and either
- Add the annotation for ssl passthrough: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-1-ssl-passthrough
- Set the `configs.params."server.insecure"` in the values file and terminate SSL at your ingress: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-2-multiple-ingress-objects-and-hosts
{{ if eq (toString (index (coalesce .Values.server.config .Values.configs.cm) "admin.enabled")) "true" -}}
After reaching the UI the first time you can login with username: admin and the random password generated during the installation. You can find the password by running:
kubectl -n {{ .Release.Namespace }} get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
(You should delete the initial secret afterwards as suggested by the Getting Started Guide: https://argo-cd.readthedocs.io/en/stable/getting_started/#4-login-using-the-cli)
{{ else if or (index .Values.configs.cm "dex.config") (index .Values.configs.cm "oidc.config") -}}
After reaching the UI the first time you can login using Dex or OIDC.
{{ else -}}
After reaching the UI the first time you cannot login with username and password since you've disabled it. You should enable admin back or configure Dex via `configs.cm.dex.config` or OIDC via `configs.cm.oidc.config`.
{{ end -}}

122
helm/argo-cd/templates/_common.tpl Normal file
View File

@@ -0,0 +1,122 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "argo-cd.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "argo-cd.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "argo-cd.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create Argo CD app version
*/}}
{{- define "argo-cd.defaultTag" -}}
{{- default .Chart.AppVersion .Values.global.image.tag }}
{{- end -}}
{{/*
Common labels
*/}}
{{- define "argo-cd.labels" -}}
helm.sh/chart: {{ include "argo-cd.chart" .context }}
{{ include "argo-cd.selectorLabels" (dict "context" .context "component" .component "name" .name) }}
app.kubernetes.io/managed-by: {{ .context.Release.Service }}
app.kubernetes.io/part-of: argocd
{{- with .context.Values.global.additionalLabels }}
{{ toYaml . }}
{{- end }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "argo-cd.selectorLabels" -}}
{{- if .name -}}
app.kubernetes.io/name: {{ include "argo-cd.name" .context }}-{{ .name }}
{{ end -}}
app.kubernetes.io/instance: {{ .context.Release.Name }}
{{- if .component }}
app.kubernetes.io/component: {{ .component }}
{{- end }}
{{- end }}
{{/*
Common affinity definition
Pod affinity
- Soft prefers different nodes
- Hard requires different nodes and prefers different availibility zones
Node affinity
- Soft prefers given user expressions
- Hard requires given user expressions
*/}}
{{- define "argo-cd.affinity" -}}
{{- with .component.affinity -}}
{{- toYaml . -}}
{{- else -}}
{{- $preset := .context.Values.global.affinity -}}
{{- if (eq $preset.podAntiAffinity "soft") }}
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/name: {{ include "argo-cd.name" .context }}-{{ .component.name }}
topologyKey: kubernetes.io/hostname
{{- else if (eq $preset.podAntiAffinity "hard") }}
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/name: {{ include "argo-cd.name" .context }}-{{ .component.name }}
topologyKey: topology.kubernetes.io/zone
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app.kubernetes.io/name: {{ include "argo-cd.name" .context }}-{{ .component.name }}
topologyKey: kubernetes.io/hostname
{{- end }}
{{- with $preset.nodeAffinity.matchExpressions }}
{{- if (eq $preset.nodeAffinity.type "soft") }}
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
preference:
matchExpressions:
{{- toYaml . | nindent 6 }}
{{- else if (eq $preset.nodeAffinity.type "hard") }}
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end -}}
{{- end -}}
{{- end -}}

215
helm/argo-cd/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,215 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Create controller name and version as used by the chart label.
Truncated at 52 chars because StatefulSet label 'controller-revision-hash' is limited
to 63 chars and it includes 10 chars of hash and a separating '-'.
*/}}
{{- define "argo-cd.controller.fullname" -}}
{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.controller.name | trunc 52 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create the name of the controller service account to use
*/}}
{{- define "argo-cd.controllerServiceAccountName" -}}
{{- if .Values.controller.serviceAccount.create -}}
{{ default (include "argo-cd.controller.fullname" .) .Values.controller.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.controller.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create dex name and version as used by the chart label.
*/}}
{{- define "argo-cd.dex.fullname" -}}
{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.dex.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create Dex server endpoint
*/}}
{{- define "argo-cd.dex.server" -}}
{{- $insecure := index .Values.configs.params "dexserver.disable.tls" | toString -}}
{{- $scheme := (eq $insecure "true") | ternary "http" "https" -}}
{{- $host := include "argo-cd.dex.fullname" . -}}
{{- $port := int .Values.dex.servicePortHttp -}}
{{- printf "%s://%s:%d" $scheme $host $port }}
{{- end }}
{{/*
Create the name of the dex service account to use
*/}}
{{- define "argo-cd.dexServiceAccountName" -}}
{{- if .Values.dex.serviceAccount.create -}}
{{ default (include "argo-cd.dex.fullname" .) .Values.dex.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.dex.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create redis name and version as used by the chart label.
*/}}
{{- define "argo-cd.redis.fullname" -}}
{{- $redisHa := (index .Values "redis-ha") -}}
{{- $redisHaContext := dict "Chart" (dict "Name" "redis-ha") "Release" .Release "Values" $redisHa -}}
{{- if $redisHa.enabled -}}
{{- if $redisHa.haproxy.enabled -}}
{{- printf "%s-haproxy" (include "redis-ha.fullname" $redisHaContext) | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- else -}}
{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.redis.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{/*
Return Redis server endpoint
*/}}
{{- define "argo-cd.redis.server" -}}
{{- $redisHa := (index .Values "redis-ha") -}}
{{- if or (and .Values.redis.enabled (not $redisHa.enabled)) (and $redisHa.enabled $redisHa.haproxy.enabled) }}
{{- printf "%s:%s" (include "argo-cd.redis.fullname" .) (toString .Values.redis.servicePort) }}
{{- else if and .Values.externalRedis.host .Values.externalRedis.port }}
{{- printf "%s:%s" .Values.externalRedis.host (toString .Values.externalRedis.port) }}
{{- end }}
{{- end -}}
{{/*
Create the name of the redis service account to use
*/}}
{{- define "argo-cd.redisServiceAccountName" -}}
{{- if .Values.redis.serviceAccount.create -}}
{{ default (include "argo-cd.redis.fullname" .) .Values.redis.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.redis.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create argocd server name and version as used by the chart label.
*/}}
{{- define "argo-cd.server.fullname" -}}
{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.server.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create the name of the Argo CD server service account to use
*/}}
{{- define "argo-cd.serverServiceAccountName" -}}
{{- if .Values.server.serviceAccount.create -}}
{{ default (include "argo-cd.server.fullname" .) .Values.server.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.server.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create argocd repo-server name and version as used by the chart label.
*/}}
{{- define "argo-cd.repoServer.fullname" -}}
{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.repoServer.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create the name of the repo-server service account to use
*/}}
{{- define "argo-cd.repoServerServiceAccountName" -}}
{{- if .Values.repoServer.serviceAccount.create -}}
{{ default (include "argo-cd.repoServer.fullname" .) .Values.repoServer.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.repoServer.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create argocd application set name and version as used by the chart label.
*/}}
{{- define "argo-cd.applicationSet.fullname" -}}
{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.applicationSet.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create the name of the application set service account to use
*/}}
{{- define "argo-cd.applicationSetServiceAccountName" -}}
{{- if .Values.applicationSet.serviceAccount.create -}}
{{ default (include "argo-cd.applicationSet.fullname" .) .Values.applicationSet.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.applicationSet.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create argocd notifications name and version as used by the chart label.
*/}}
{{- define "argo-cd.notifications.fullname" -}}
{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.notifications.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create the name of the notifications service account to use
*/}}
{{- define "argo-cd.notificationsServiceAccountName" -}}
{{- if .Values.notifications.serviceAccount.create -}}
{{ default (include "argo-cd.notifications.fullname" .) .Values.notifications.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.notifications.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Argo Configuration Preset Values (Incluenced by Values configuration)
*/}}
{{- define "argo-cd.config.cm.presets" -}}
{{- if .Values.configs.styles -}}
ui.cssurl: "./custom/custom.styles.css"
{{- end -}}
{{- end -}}
{{/*
Merge Argo Configuration with Preset Configuration
*/}}
{{- define "argo-cd.config.cm" -}}
{{- $config := (mergeOverwrite (deepCopy (omit .Values.configs.cm "create" "annotations")) (.Values.server.config | default dict)) -}}
{{- $preset := include "argo-cd.config.cm.presets" . | fromYaml | default dict -}}
{{- range $key, $value := mergeOverwrite $preset $config }}
{{- $fmted := $value | toString }}
{{- if not (eq $fmted "") }}
{{ $key }}: {{ $fmted | toYaml }}
{{- end }}
{{- end }}
{{- end -}}
{{/*
Argo Params Default Configuration Presets
*/}}
{{- define "argo-cd.config.params.presets" -}}
repo.server: "{{ include "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }}"
server.repo.server.strict.tls: {{ .Values.repoServer.certificateSecret.enabled | toString }}
{{- with include "argo-cd.redis.server" . }}
redis.server: {{ . | quote }}
{{- end }}
{{- if .Values.dex.enabled }}
server.dex.server: {{ include "argo-cd.dex.server" . | quote }}
server.dex.server.strict.tls: {{ .Values.dex.certificateSecret.enabled | toString }}
{{- end }}
{{- range $component := tuple "applicationsetcontroller" "controller" "server" "reposerver" }}
{{ $component }}.log.format: {{ $.Values.global.logging.format | quote }}
{{ $component }}.log.level: {{ $.Values.global.logging.level | quote }}
{{- end }}
{{- if .Values.applicationSet.enabled }}
applicationsetcontroller.enable.leader.election: {{ gt (.Values.applicationSet.replicaCount | int64) 1 }}
{{- end }}
{{- end -}}
{{/*
Merge Argo Params Configuration with Preset Configuration
*/}}
{{- define "argo-cd.config.params" -}}
{{- $config := omit .Values.configs.params "annotations" }}
{{- $preset := include "argo-cd.config.params.presets" . | fromYaml | default dict -}}
{{- range $key, $value := mergeOverwrite $preset $config }}
{{ $key }}: {{ toString $value | toYaml }}
{{- end }}
{{- end -}}

52
helm/argo-cd/templates/_versions.tpl Normal file
View File

@@ -0,0 +1,52 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Return the target Kubernetes version
*/}}
{{- define "argo-cd.kubeVersion" -}}
{{- default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride }}
{{- end }}
{{/*
Return the appropriate apiVersion for autoscaling
*/}}
{{- define "argo-cd.apiVersion.autoscaling" -}}
{{- if .Values.apiVersionOverrides.autoscaling -}}
{{- print .Values.apiVersionOverrides.autoscaling -}}
{{- else if semverCompare "<1.23-0" (include "argo-cd.kubeVersion" .) -}}
{{- print "autoscaling/v2beta1" -}}
{{- else -}}
{{- print "autoscaling/v2" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for cert-manager
*/}}
{{- define "argo-cd.apiVersion.cert-manager" -}}
{{- if .Values.apiVersionOverrides.certmanager -}}
{{- print .Values.apiVersionOverrides.certmanager -}}
{{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1" -}}
{{- print "cert-manager.io/v1" -}}
{{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1beta1" -}}
{{- print "cert-manager.io/v1beta1" -}}
{{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1alpha3" -}}
{{- print "cert-manager.io/v1alpha3" -}}
{{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1alpha2" -}}
{{- print "cert-manager.io/v1alpha2" -}}
{{- else -}}
{{- print "certmanager.k8s.io/v1alpha1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for GKE resources
*/}}
{{- define "argo-cd.apiVersions.cloudgoogle" -}}
{{- if .Values.apiVersionOverrides.cloudgoogle -}}
{{- print .Values.apiVersionOverrides.cloudgoogle -}}
{{- else if .Capabilities.APIVersions.Has "cloud.google.com/v1" -}}
{{- print "cloud.google.com/v1" -}}
{{- else -}}
{{- print "cloud.google.com/v1beta1" -}}
{{- end -}}
{{- end -}}

85
helm/argo-cd/templates/aggregate-roles.yaml Normal file
View File

@@ -0,0 +1,85 @@
{{- if .Values.createAggregateRoles }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "argo-cd.fullname" . }}-aggregate-to-view
labels:
rbac.authorization.k8s.io/aggregate-to-view: "true"
{{- include "argo-cd.labels" (dict "context" .) | nindent 4 }}
rules:
- apiGroups:
- argoproj.io
resources:
- applications
{{- if .Values.applicationSet.enabled }}
- applicationsets
{{- end }}
{{- if .Values.server.extensions.enabled }}
- argocdextensions
{{- end }}
- appprojects
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "argo-cd.fullname" . }}-aggregate-to-edit
labels:
rbac.authorization.k8s.io/aggregate-to-edit: "true"
{{- include "argo-cd.labels" (dict "context" .) | nindent 4 }}
rules:
- apiGroups:
- argoproj.io
resources:
- applications
{{- if .Values.applicationSet.enabled }}
- applicationsets
{{- end }}
{{- if .Values.server.extensions.enabled }}
- argocdextensions
{{- end }}
- appprojects
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "argo-cd.fullname" . }}-aggregate-to-admin
labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
{{- include "argo-cd.labels" (dict "context" .) | nindent 4 }}
rules:
- apiGroups:
- argoproj.io
resources:
- applications
{{- if .Values.applicationSet.enabled }}
- applicationsets
{{- end }}
{{- if .Values.server.extensions.enabled }}
- argocdextensions
{{- end }}
- appprojects
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
{{- end }}

24
helm/argo-cd/templates/argocd-application-controller/clusterrole.yaml Normal file
View File

@@ -0,0 +1,24 @@
{{- $config := .Values.controller.clusterAdminAccess | default dict -}}
{{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "argo-cd.controller.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
rules:
{{- if .Values.controller.clusterRoleRules.enabled }}
{{- toYaml .Values.controller.clusterRoleRules.rules | nindent 2 }}
{{- else }}
- apiGroups:
- '*'
resources:
- '*'
verbs:
- '*'
- nonResourceURLs:
- '*'
verbs:
- '*'
{{- end }}
{{- end }}

17
helm/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml Normal file
View File

@@ -0,0 +1,17 @@
{{- $config := .Values.controller.clusterAdminAccess | default dict -}}
{{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "argo-cd.controller.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "argo-cd.controller.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ include "argo-cd.controllerServiceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}

25
helm/argo-cd/templates/argocd-application-controller/metrics.yaml Normal file
View File

@@ -0,0 +1,25 @@
{{- if .Values.controller.metrics.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "argo-cd.controller.fullname" . }}-metrics
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" "metrics") | nindent 4 }}
{{- with .Values.controller.metrics.service.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.controller.metrics.service.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
ports:
- name: {{ .Values.controller.metrics.service.portName }}
protocol: TCP
port: {{ .Values.controller.metrics.service.servicePort }}
targetPort: metrics
selector:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 4 }}
{{- end }}

19
helm/argo-cd/templates/argocd-application-controller/networkpolicy.yaml Normal file
View File

@@ -0,0 +1,19 @@
{{- if .Values.global.networkPolicy.create }}
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
name: {{ template "argo-cd.controller.fullname" . }}
spec:
ingress:
- from:
- namespaceSelector: {}
ports:
- port: metrics
podSelector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }}
policyTypes:
- Ingress
{{- end }}

26
helm/argo-cd/templates/argocd-application-controller/pdb.yaml Normal file
View File

@@ -0,0 +1,26 @@
{{- if .Values.controller.pdb.enabled }}
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: {{ include "argo-cd.controller.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
{{- with .Values.controller.pdb.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.controller.pdb.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
{{- with .Values.controller.pdb.maxUnavailable }}
maxUnavailable: {{ . }}
{{- else }}
minAvailable: {{ .Values.controller.pdb.minAvailable | default 0 }}
{{- end }}
selector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }}
{{- end }}

26
helm/argo-cd/templates/argocd-application-controller/prometheusrule.yaml Normal file
View File

@@ -0,0 +1,26 @@
{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.rules.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: {{ template "argo-cd.controller.fullname" . }}
{{- if .Values.controller.metrics.rules.namespace }}
namespace: {{ .Values.controller.metrics.rules.namespace }}
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
{{- if .Values.controller.metrics.rules.selector }}
{{- toYaml .Values.controller.metrics.rules.selector | nindent 4 }}
{{- end }}
{{- if .Values.controller.metrics.rules.additionalLabels }}
{{- toYaml .Values.controller.metrics.rules.additionalLabels | nindent 4 }}
{{- end }}
{{- with .Values.controller.metrics.rules.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
groups:
- name: argocd
rules:
{{- toYaml .Values.controller.metrics.rules.spec | nindent 4 }}
{{- end }}

36
helm/argo-cd/templates/argocd-application-controller/role.yaml Normal file
View File

@@ -0,0 +1,36 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ template "argo-cd.controller.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
rules:
- apiGroups:
- ""
resources:
- secrets
- configmaps
verbs:
- get
- list
- watch
- apiGroups:
- argoproj.io
resources:
- applications
- appprojects
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- list

14
helm/argo-cd/templates/argocd-application-controller/rolebinding.yaml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "argo-cd.controller.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "argo-cd.controller.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "argo-cd.controllerServiceAccountName" . }}
namespace: {{ .Release.Namespace }}

18
helm/argo-cd/templates/argocd-application-controller/serviceaccount.yaml Normal file
View File

@@ -0,0 +1,18 @@
{{- if .Values.controller.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: {{ .Values.controller.serviceAccount.automountServiceAccountToken }}
metadata:
name: {{ template "argo-cd.controllerServiceAccountName" . }}
{{- if .Values.controller.serviceAccount.annotations }}
annotations:
{{- range $key, $value := .Values.controller.serviceAccount.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
{{- range $key, $value := .Values.controller.serviceAccount.labels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}

49
helm/argo-cd/templates/argocd-application-controller/servicemonitor.yaml Normal file
View File

@@ -0,0 +1,49 @@
{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "argo-cd.controller.fullname" . }}
{{- with .Values.controller.metrics.serviceMonitor.namespace }}
namespace: {{ . }}
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
{{- with .Values.controller.metrics.serviceMonitor.selector }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.controller.metrics.serviceMonitor.additionalLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.controller.metrics.serviceMonitor.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
endpoints:
- port: {{ .Values.controller.metrics.service.portName }}
{{- with .Values.controller.metrics.serviceMonitor.interval }}
interval: {{ . }}
{{- end }}
path: /metrics
{{- with .Values.controller.metrics.serviceMonitor.relabelings }}
relabelings:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.controller.metrics.serviceMonitor.metricRelabelings }}
metricRelabelings:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.controller.metrics.serviceMonitor.scheme }}
scheme: {{ . }}
{{- end }}
{{- with .Values.controller.metrics.serviceMonitor.tlsConfig }}
tlsConfig:
{{- toYaml . | nindent 8 }}
{{- end }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
selector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.controller.name "name" "metrics") | nindent 6 }}
{{- end }}

320
helm/argo-cd/templates/argocd-application-controller/statefulset.yaml Normal file
View File

@@ -0,0 +1,320 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
{{- with (mergeOverwrite (deepCopy .Values.global.statefulsetAnnotations) .Values.controller.statefulsetAnnotations) }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
name: {{ template "argo-cd.controller.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
spec:
replicas: {{ .Values.controller.replicas }}
# TODO: Remove for breaking release as history limit cannot be patched
revisionHistoryLimit: 5
serviceName: {{ include "argo-cd.controller.fullname" . }}
selector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }}
template:
metadata:
annotations:
checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }}
{{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.controller.podAnnotations) }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 8 }}
{{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.controller.podLabels) }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.controller.imagePullSecrets | default .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.global.hostAliases }}
hostAliases:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.global.securityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.controller.priorityClassName | default .Values.global.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}
serviceAccountName: {{ include "argo-cd.controllerServiceAccountName" . }}
containers:
- command:
- argocd-application-controller
- --metrics-port={{ .Values.controller.containerPorts.metrics }}
{{- if .Values.controller.metrics.applicationLabels.enabled }}
{{- range .Values.controller.metrics.applicationLabels.labels }}
- --metrics-application-labels
- {{ . }}
{{- end }}
{{- end }}
{{- with .Values.controller.args.statusProcessors }}
- --status-processors
- {{ . | quote }}
{{- end }}
{{- with .Values.controller.args.operationProcessors }}
- --operation-processors
- {{ . | quote }}
{{- end }}
{{- with .Values.controller.args.appResyncPeriod }}
- --app-resync
- {{ . | quote }}
{{- end }}
{{- with .Values.controller.args.appHardResyncPeriod }}
- --app-hard-resync
- {{ . | quote }}
{{- end }}
{{- with .Values.controller.args.selfHealTimeout }}
- --self-heal-timeout-seconds
- {{ . | quote }}
{{- end }}
{{- with .Values.controller.args.repoServerTimeoutSeconds }}
- --repo-server-timeout-seconds
- {{ . | quote }}
{{- end }}
{{- with .Values.controller.logFormat }}
- --logformat
- {{ . | quote }}
{{- end }}
{{- with .Values.controller.logLevel }}
- --loglevel
- {{ . | quote }}
{{- end }}
{{- with .Values.controller.extraArgs }}
{{- toYaml . | nindent 8 }}
{{- end }}
image: {{ default .Values.global.image.repository .Values.controller.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.controller.image.tag }}
imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.controller.image.imagePullPolicy }}
name: {{ .Values.controller.name }}
env:
{{- with .Values.controller.env }}
{{- toYaml . | nindent 10 }}
{{- end }}
- name: ARGOCD_CONTROLLER_REPLICAS
value: {{ .Values.controller.replicas | quote }}
- name: ARGOCD_RECONCILIATION_TIMEOUT
valueFrom:
configMapKeyRef:
name: argocd-cm
key: timeout.reconciliation
optional: true
- name: ARGOCD_HARD_RECONCILIATION_TIMEOUT
valueFrom:
configMapKeyRef:
name: argocd-cm
key: timeout.hard.reconciliation
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: repo.server
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.repo.server.timeout.seconds
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_STATUS_PROCESSORS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.status.processors
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_OPERATION_PROCESSORS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.operation.processors
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_LOGFORMAT
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.log.format
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_LOGLEVEL
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.log.level
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.metrics.cache.expiration
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_TIMEOUT_SECONDS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.self.heal.timeout.seconds
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.repo.server.plaintext
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_STRICT_TLS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.repo.server.strict.tls
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_PERSIST_RESOURCE_HEALTH
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.resource.health.persist
optional: true
- name: ARGOCD_APP_STATE_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.app.state.cache.expiration
optional: true
- name: REDIS_SERVER
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: redis.server
optional: true
- name: REDIS_COMPRESSION
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: redis.compression
optional: true
- name: REDISDB
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: redis.db
optional: true
- name: REDIS_USERNAME
valueFrom:
secretKeyRef:
name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
key: redis-username
optional: true
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
key: redis-password
optional: true
- name: ARGOCD_DEFAULT_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: controller.default.cache.expiration
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_OTLP_ADDRESS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: otlp.address
optional: true
- name: ARGOCD_APPLICATION_NAMESPACES
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: application.namespaces
optional: true
{{- with .Values.controller.envFrom }}
envFrom:
{{- toYaml . | nindent 10 }}
{{- end }}
ports:
- name: metrics
containerPort: {{ .Values.controller.containerPorts.metrics }}
protocol: TCP
readinessProbe:
httpGet:
path: /healthz
port: metrics
initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.controller.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }}
resources:
{{- toYaml .Values.controller.resources | nindent 10 }}
securityContext:
{{- toYaml .Values.controller.containerSecurityContext | nindent 10 }}
workingDir: /home/argocd
volumeMounts:
{{- with .Values.controller.volumeMounts }}
{{- toYaml . | nindent 8 }}
{{- end }}
- mountPath: /app/config/controller/tls
name: argocd-repo-server-tls
- mountPath: /home/argocd
name: argocd-home
{{- with .Values.controller.extraContainers }}
{{- tpl (toYaml .) $ | nindent 6 }}
{{- end }}
{{- with .Values.controller.initContainers }}
initContainers:
{{- tpl (toYaml .) $ | nindent 6 }}
{{- end }}
{{- with include "argo-cd.affinity" (dict "context" . "component" .Values.controller) }}
affinity:
{{- trim . | nindent 8 }}
{{- end }}
{{- with .Values.controller.nodeSelector | default .Values.global.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.controller.tolerations | default .Values.global.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.controller.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }}
topologySpreadConstraints:
{{- range $constraint := . }}
- {{ toYaml $constraint | nindent 8 | trim }}
{{- if not $constraint.labelSelector }}
labelSelector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" $ "name" $.Values.controller.name) | nindent 12 }}
{{- end }}
{{- end }}
{{- end }}
volumes:
{{- with .Values.controller.volumes }}
{{- toYaml . | nindent 6 }}
{{- end }}
- name: argocd-home
emptyDir: {}
- name: argocd-repo-server-tls
secret:
secretName: argocd-repo-server-tls
optional: true
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
- key: ca.crt
path: ca.crt
hostNetwork: {{ .Values.controller.hostNetwork }}
{{- with .Values.controller.dnsConfig }}
dnsConfig:
{{- toYaml . | nindent 8 }}
{{- end }}
dnsPolicy: {{ .Values.controller.dnsPolicy }}

249
helm/argo-cd/templates/argocd-applicationset/deployment.yaml Normal file
View File

@@ -0,0 +1,249 @@
{{- if .Values.applicationSet.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
{{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.applicationSet.deploymentAnnotations) }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
name: {{ include "argo-cd.applicationSet.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
spec:
replicas: {{ .Values.applicationSet.replicaCount }}
revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }}
selector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 6 }}
template:
metadata:
{{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.applicationSet.podAnnotations) }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 8 }}
{{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.applicationSet.podLabels) }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.applicationSet.imagePullSecrets | default .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.global.hostAliases }}
hostAliases:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.global.securityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.applicationSet.priorityClassName | default .Values.global.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}
serviceAccountName: {{ include "argo-cd.applicationSetServiceAccountName" . }}
containers:
- name: {{ .Values.applicationSet.name }}
image: {{ default .Values.global.image.repository .Values.applicationSet.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.applicationSet.image.tag }}
imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.applicationSet.image.imagePullPolicy }}
command:
- entrypoint.sh
- argocd-applicationset-controller
- --metrics-addr=:{{ .Values.applicationSet.containerPorts.metrics }}
- --probe-addr=:{{ .Values.applicationSet.containerPorts.probe }}
- --webhook-addr=:{{ .Values.applicationSet.containerPorts.webhook }}
{{- with .Values.applicationSet.args.policy }}
- --policy={{ . }}
{{- end }}
{{- with .Values.applicationSet.args.dryRun }}
- --dry-run={{ . }}
{{- end }}
{{- with .Values.applicationSet.logFormat }}
- --logformat
- {{ . }}
{{- end }}
{{- with .Values.applicationSet.logLevel }}
- --loglevel
- {{ . }}
{{- end }}
{{- with .Values.applicationSet.extraArgs }}
{{- toYaml . | nindent 12 }}
{{- end }}
env:
{{- with .Values.applicationSet.extraEnv }}
{{- toYaml . | nindent 12 }}
{{- end }}
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_LEADER_ELECTION
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.enable.leader.election
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_NAMESPACE
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.namespace
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER
valueFrom:
configMapKeyRef:
key: repo.server
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_POLICY
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.policy
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_DEBUG
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.debug
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_LOGFORMAT
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.log.format
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_LOGLEVEL
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.log.level
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_DRY_RUN
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.dryrun
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_GIT_MODULES_ENABLED
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.enable.git.submodule
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_PROGRESSIVE_SYNCS
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.enable.progressive.syncs
name: argocd-cmd-params-cm
optional: true
{{- with .Values.applicationSet.extraEnvFrom }}
envFrom:
{{- toYaml . | nindent 12 }}
{{- end }}
ports:
- name: metrics
containerPort: {{ .Values.applicationSet.containerPorts.metrics }}
protocol: TCP
- name: probe
containerPort: {{ .Values.applicationSet.containerPorts.probe }}
protocol: TCP
- name: webhook
containerPort: {{ .Values.applicationSet.containerPorts.webhook }}
protocol: TCP
{{- if .Values.applicationSet.livenessProbe.enabled }}
livenessProbe:
tcpSocket:
port: probe
initialDelaySeconds: {{ .Values.applicationSet.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.applicationSet.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.applicationSet.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.applicationSet.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.applicationSet.livenessProbe.failureThreshold }}
{{- end }}
{{- if .Values.applicationSet.readinessProbe.enabled }}
readinessProbe:
tcpSocket:
port: probe
initialDelaySeconds: {{ .Values.applicationSet.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.applicationSet.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.applicationSet.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.applicationSet.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.applicationSet.readinessProbe.failureThreshold }}
{{- end }}
resources:
{{- toYaml .Values.applicationSet.resources | nindent 12 }}
securityContext:
{{- toYaml .Values.applicationSet.containerSecurityContext | nindent 12 }}
volumeMounts:
{{- with .Values.applicationSet.extraVolumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
- mountPath: /app/config/ssh
name: ssh-known-hosts
- mountPath: /app/config/tls
name: tls-certs
- mountPath: /app/config/gpg/source
name: gpg-keys
- mountPath: /app/config/gpg/keys
name: gpg-keyring
- mountPath: /tmp
name: tmp
{{- with .Values.applicationSet.extraContainers }}
{{- tpl (toYaml .) $ | nindent 8 }}
{{- end }}
{{- with .Values.applicationSet.initContainers }}
initContainers:
{{- tpl (toYaml .) $ | nindent 6 }}
{{- end }}
{{- with include "argo-cd.affinity" (dict "context" . "component" .Values.applicationSet) }}
affinity:
{{- trim . | nindent 8 }}
{{- end }}
{{- with .Values.applicationSet.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.applicationSet.tolerations | default .Values.global.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.applicationSet.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }}
topologySpreadConstraints:
{{- range $constraint := . }}
- {{ toYaml $constraint | nindent 8 | trim }}
{{- if not $constraint.labelSelector }}
labelSelector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" $ "name" $.Values.applicationSet.name) | nindent 12 }}
{{- end }}
{{- end }}
{{- end }}
volumes:
{{- with .Values.applicationSet.extraVolumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
- name: ssh-known-hosts
configMap:
name: argocd-ssh-known-hosts-cm
- name: tls-certs
configMap:
name: argocd-tls-certs-cm
- name: gpg-keys
configMap:
name: argocd-gpg-keys-cm
- name: gpg-keyring
emptyDir: {}
- name: tmp
emptyDir: {}
{{- with .Values.applicationSet.dnsConfig }}
dnsConfig:
{{- toYaml . | nindent 8 }}
{{- end }}
dnsPolicy: {{ .Values.applicationSet.dnsPolicy }}
{{- end }}

25
helm/argo-cd/templates/argocd-applicationset/metrics.yaml Normal file
View File

@@ -0,0 +1,25 @@
{{- if and .Values.applicationSet.enabled .Values.applicationSet.metrics.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "argo-cd.applicationSet.fullname" . }}-metrics
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" "metrics") | nindent 4 }}
{{- with .Values.applicationSet.metrics.service.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.applicationSet.metrics.service.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
ports:
- name: {{ .Values.applicationSet.metrics.service.portName }}
protocol: TCP
port: {{ .Values.applicationSet.metrics.service.servicePort }}
targetPort: metrics
selector:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 4 }}
{{- end }}

25
helm/argo-cd/templates/argocd-applicationset/networkpolicy.yaml Normal file
View File

@@ -0,0 +1,25 @@
{{- if and .Values.applicationSet.enabled .Values.global.networkPolicy.create (or .Values.applicationSet.metrics.enabled .Values.applicationSet.webhook.ingress.enabled) }}
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: {{ template "argo-cd.applicationSet.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
spec:
ingress:
{{- if .Values.applicationSet.webhook.ingress.enabled }}
- ports:
- port: webhook
{{- end }}
{{- if .Values.applicationSet.metrics.enabled }}
- from:
- namespaceSelector: {}
ports:
- port: metrics
{{- end }}
podSelector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 6 }}
policyTypes:
- Ingress
{{- end }}

26
helm/argo-cd/templates/argocd-applicationset/pdb.yaml Normal file
View File

@@ -0,0 +1,26 @@
{{- if and .Values.applicationSet.enabled .Values.applicationSet.pdb.enabled }}
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: {{ include "argo-cd.applicationSet.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
{{- with .Values.applicationSet.pdb.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.applicationSet.pdb.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
{{- with .Values.applicationSet.pdb.maxUnavailable }}
maxUnavailable: {{ . }}
{{- else }}
minAvailable: {{ .Values.applicationSet.pdb.minAvailable | default 0 }}
{{- end }}
selector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 6 }}
{{- end }}

88
helm/argo-cd/templates/argocd-applicationset/role.yaml Normal file
View File

@@ -0,0 +1,88 @@
{{- if .Values.applicationSet.enabled }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "argo-cd.applicationSet.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
rules:
- apiGroups:
- argoproj.io
resources:
- applications
- applicationsets
- applicationsets/finalizers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- argoproj.io
resources:
- applicationsets/status
verbs:
- get
- patch
- update
- apiGroups:
- argoproj.io
resources:
- appprojects
verbs:
- get
- apiGroups:
- ""
resources:
- events
verbs:
- create
- get
- list
- patch
- watch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- update
- delete
- get
- list
- patch
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- apps
- extensions
resources:
- deployments
verbs:
- get
- list
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
{{- end }}

16
helm/argo-cd/templates/argocd-applicationset/rolebinding.yaml Normal file
View File

@@ -0,0 +1,16 @@
{{- if .Values.applicationSet.enabled }}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "argo-cd.applicationSet.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "argo-cd.applicationSet.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "argo-cd.applicationSetServiceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}

24
helm/argo-cd/templates/argocd-applicationset/service.yaml Normal file
View File

@@ -0,0 +1,24 @@
{{- if .Values.applicationSet.enabled }}
apiVersion: v1
kind: Service
metadata:
{{- if .Values.applicationSet.service.annotations }}
annotations:
{{- range $key, $value := .Values.applicationSet.service.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
name: {{ template "argo-cd.applicationSet.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
{{- with .Values.applicationSet.service.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
ports:
- name: {{ .Values.applicationSet.service.portName }}
port: {{ .Values.applicationSet.service.port }}
targetPort: webhook
selector:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 4 }}
{{- end }}

18
helm/argo-cd/templates/argocd-applicationset/serviceaccount.yaml Normal file
View File

@@ -0,0 +1,18 @@
{{- if and .Values.applicationSet.enabled .Values.applicationSet.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: {{ .Values.applicationSet.serviceAccount.automountServiceAccountToken }}
metadata:
name: {{ template "argo-cd.applicationSetServiceAccountName" . }}
{{- if .Values.applicationSet.serviceAccount.annotations }}
annotations:
{{- range $key, $value := .Values.applicationSet.serviceAccount.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
{{- range $key, $value := .Values.applicationSet.serviceAccount.labels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}

51
helm/argo-cd/templates/argocd-applicationset/servicemonitor.yaml Normal file
View File

@@ -0,0 +1,51 @@
{{- if .Values.applicationSet.enabled }}
{{- if and .Values.applicationSet.metrics.enabled .Values.applicationSet.metrics.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "argo-cd.applicationSet.fullname" . }}
{{- with .Values.applicationSet.metrics.serviceMonitor.namespace }}
namespace: {{ . }}
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
{{- with .Values.applicationSet.metrics.serviceMonitor.selector }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.applicationSet.metrics.serviceMonitor.additionalLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.applicationSet.metrics.serviceMonitor.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
endpoints:
- port: {{ .Values.applicationSet.metrics.service.portName }}
{{- with .Values.applicationSet.metrics.serviceMonitor.interval }}
interval: {{ . }}
{{- end }}
path: /metrics
{{- with .Values.applicationSet.metrics.serviceMonitor.relabelings }}
relabelings:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.applicationSet.metrics.serviceMonitor.metricRelabelings }}
metricRelabelings:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.applicationSet.metrics.serviceMonitor.scheme }}
scheme: {{ . }}
{{- end }}
{{- with .Values.applicationSet.metrics.serviceMonitor.tlsConfig }}
tlsConfig:
{{- toYaml . | nindent 8 }}
{{- end }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
selector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.applicationSet.name "name" "metrics") | nindent 6 }}
{{- end }}
{{- end }}

72
helm/argo-cd/templates/argocd-applicationset/webhook-ingress.yaml Normal file
View File

@@ -0,0 +1,72 @@
{{- if and .Values.applicationSet.enabled .Values.applicationSet.webhook.ingress.enabled -}}
{{- $servicePort := .Values.applicationSet.service.portName -}}
{{- $paths := .Values.applicationSet.webhook.ingress.paths -}}
{{- $extraPaths := .Values.applicationSet.webhook.ingress.extraPaths -}}
{{- $pathType := .Values.applicationSet.webhook.ingress.pathType -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "argo-cd.applicationSet.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
{{- with .Values.applicationSet.webhook.ingress.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.applicationSet.webhook.ingress.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
{{- with .Values.applicationSet.webhook.ingress.ingressClassName }}
ingressClassName: {{ . }}
{{- end }}
rules:
{{- if .Values.applicationSet.webhook.ingress.hosts }}
{{- range $host := .Values.applicationSet.webhook.ingress.hosts }}
- host: {{ $host }}
http:
paths:
{{- with $extraPaths }}
{{- toYaml . | nindent 10 }}
{{- end }}
{{- range $p := $paths }}
- path: {{ $p }}
pathType: {{ $pathType }}
backend:
service:
name: {{ include "argo-cd.applicationSet.fullname" $ }}
port:
{{- if kindIs "float64" $servicePort }}
number: {{ $servicePort }}
{{- else }}
name: {{ $servicePort }}
{{- end }}
{{- end -}}
{{- end -}}
{{- else }}
- http:
paths:
{{- with $extraPaths }}
{{- toYaml . | nindent 10 }}
{{- end }}
{{- range $p := $paths }}
- path: {{ $p }}
pathType: {{ $pathType }}
backend:
service:
name: {{ include "argo-cd.applicationSet.fullname" $ }}
port:
{{- if kindIs "float64" $servicePort }}
number: {{ $servicePort }}
{{- else }}
name: {{ $servicePort }}
{{- end }}
{{- end -}}
{{- end -}}
{{- with .Values.applicationSet.webhook.ingress.tls }}
tls:
{{- toYaml . | nindent 4 }}
{{- end -}}
{{- end -}}

16
helm/argo-cd/templates/argocd-configs/argocd-cm.yaml Normal file
View File

@@ -0,0 +1,16 @@
{{- if (hasKey .Values.server "configEnabled") | ternary .Values.server.configEnabled .Values.configs.cm.create }}
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-cm
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "cm") | nindent 4 }}
{{- with (mergeOverwrite (deepCopy .Values.configs.cm.annotations) (.Values.server.configAnnotations | default dict)) }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
data:
{{- include "argo-cd.config.cm" . | trim | nindent 2 }}
{{- end }}

14
helm/argo-cd/templates/argocd-configs/argocd-cmd-params-cm.yaml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-cmd-params-cm
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "cmd-params-cm") | nindent 4 }}
{{- if .Values.configs.params.annotations }}
annotations:
{{- range $key, $value := .Values.configs.params.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
data:
{{- include "argo-cd.config.params" . | trim | nindent 2 }}

24
helm/argo-cd/templates/argocd-configs/argocd-cmp-cm.yaml Normal file
View File

@@ -0,0 +1,24 @@
{{- if .Values.configs.cmp.create }}
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-cmp-cm
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" "cmp-cm") | nindent 4 }}
{{- with .Values.configs.cmp.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
data:
{{- range $cmp_plugin, $cmp_plugin_config := .Values.configs.cmp.plugins }}
{{ $cmp_plugin }}.yaml: |
apiVersion: argoproj.io/v1alpha1
kind: ConfigManagementPlugin
metadata:
name: {{ $cmp_plugin }}
spec:
{{- toYaml $cmp_plugin_config | nindent 6 }}
{{- end }}
{{- end }}

24
helm/argo-cd/templates/argocd-configs/argocd-dex-server-tls-secret.yaml Normal file
View File

@@ -0,0 +1,24 @@
{{- if and .Values.dex.enabled .Values.dex.certificateSecret.enabled }}
apiVersion: v1
kind: Secret
metadata:
name: argocd-dex-server-tls
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" "dex-server-tls") | nindent 4 }}
{{- with .Values.dex.certificateSecret.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.dex.certificateSecret.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
type: kubernetes.io/tls
data:
{{- with .Values.dex.certificateSecret.ca }}
ca.crt: {{ . | b64enc | quote }}
{{- end }}
tls.crt: {{ .Values.dex.certificateSecret.crt | b64enc | quote }}
tls.key: {{ .Values.dex.certificateSecret.key | b64enc | quote }}
{{- end }}

16
helm/argo-cd/templates/argocd-configs/argocd-gpg-keys-cm.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-gpg-keys-cm
labels:
{{- include "argo-cd.labels" (dict "context" . "name" "gpg-keys-cm") | nindent 4 }}
{{ with (mergeOverwrite (deepCopy .Values.configs.gpg.annotations) (.Values.configs.gpgKeysAnnotations | default dict)) -}}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{ with (mergeOverwrite (deepCopy .Values.configs.gpg.keys) (.Values.configs.gpgKeys | default dict)) -}}
data:
{{- toYaml . | nindent 2 }}
{{- end }}

27
helm/argo-cd/templates/argocd-configs/argocd-notifications-cm.yaml Normal file
View File

@@ -0,0 +1,27 @@
{{- if and .Values.notifications.enabled .Values.notifications.cm.create }}
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-notifications-cm
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }}
data:
context: |
argocdUrl: {{ .Values.notifications.argocdUrl | quote }}
{{- with .Values.notifications.context }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.notifications.notifiers }}
{{- toYaml . | nindent 2 }}
{{- end }}
{{- with .Values.notifications.subscriptions }}
subscriptions: |
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.notifications.templates }}
{{- toYaml . | nindent 2 }}
{{- end }}
{{- with .Values.notifications.triggers }}
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }}

19
helm/argo-cd/templates/argocd-configs/argocd-notifications-secret.yaml Normal file
View File

@@ -0,0 +1,19 @@
{{- if and .Values.notifications.enabled .Values.notifications.secret.create }}
apiVersion: v1
kind: Secret
metadata:
name: argocd-notifications-secret
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }}
{{- with .Values.notifications.secret.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
type: Opaque
stringData:
{{- with .Values.notifications.secret.items }}
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }}

18
helm/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml Normal file
View File

@@ -0,0 +1,18 @@
{{- if (hasKey .Values.server "rbacConfigCreate") | ternary .Values.server.rbacConfigCreate .Values.configs.rbac.create }}
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-rbac-cm
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "rbac-cm") | nindent 4 }}
{{- with (mergeOverwrite (deepCopy .Values.configs.rbac.annotations) (.Values.server.rbacConfigAnnotations | default dict)) }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- with (mergeOverwrite (deepCopy (omit .Values.configs.rbac "create" "annotations")) (.Values.server.rbacConfig | default dict)) }}
data:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }}

24
helm/argo-cd/templates/argocd-configs/argocd-repo-server-tls-secret.yaml Normal file
View File

@@ -0,0 +1,24 @@
{{- if .Values.repoServer.certificateSecret.enabled }}
apiVersion: v1
kind: Secret
metadata:
name: argocd-repo-server-tls
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" "repo-server-tls") | nindent 4 }}
{{- with .Values.repoServer.certificateSecret.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.repoServer.certificateSecret.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
type: kubernetes.io/tls
data:
{{- with .Values.repoServer.certificateSecret.ca }}
ca.crt: {{ . | b64enc | quote }}
{{- end }}
tls.crt: {{ .Values.repoServer.certificateSecret.crt | b64enc | quote }}
tls.key: {{ .Values.repoServer.certificateSecret.key | b64enc | quote }}
{{- end }}

48
helm/argo-cd/templates/argocd-configs/argocd-secret.yaml Normal file
View File

@@ -0,0 +1,48 @@
{{- if .Values.configs.secret.createSecret }}
apiVersion: v1
kind: Secret
metadata:
name: argocd-secret
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "secret") | nindent 4 }}
{{- with .Values.configs.secret.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.configs.secret.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
type: Opaque
{{- if or .Values.configs.secret.githubSecret (or .Values.configs.secret.gitlabSecret .Values.configs.secret.bitbucketUUID .Values.configs.secret.bitbucketServerSecret .Values.configs.secret.gogsSecret .Values.configs.secret.argocdServerAdminPassword .Values.configs.secret.argocdServerTlsConfig .Values.configs.secret.extra) }}
# Setting a blank data again will wipe admin password/key/cert
data:
{{- with .Values.configs.secret.githubSecret }}
webhook.github.secret: {{ . | b64enc }}
{{- end }}
{{- with .Values.configs.secret.gitlabSecret }}
webhook.gitlab.secret: {{ . | b64enc }}
{{- end }}
{{- with .Values.configs.secret.bitbucketServerSecret }}
webhook.bitbucketserver.secret: {{ . | b64enc }}
{{- end }}
{{- with .Values.configs.secret.bitbucketUUID }}
webhook.bitbucket.uuid: {{ . | b64enc }}
{{- end }}
{{- with .Values.configs.secret.gogsSecret }}
webhook.gogs.secret: {{ . | b64enc }}
{{- end }}
{{- with .Values.configs.secret.argocdServerTlsConfig }}
tls.key: {{ .key | b64enc }}
tls.crt: {{ .crt | b64enc }}
{{- end }}
{{- if .Values.configs.secret.argocdServerAdminPassword }}
admin.password: {{ .Values.configs.secret.argocdServerAdminPassword | b64enc }}
admin.passwordMtime: {{ default (dateInZone "2006-01-02T15:04:05Z" (now) "UTC") .Values.configs.secret.argocdServerAdminPasswordMtime | b64enc }}
{{- end }}
{{- range $key, $value := .Values.configs.secret.extra }}
{{ $key }}: {{ $value | b64enc }}
{{- end }}
{{- end }}
{{- end }}

21
helm/argo-cd/templates/argocd-configs/argocd-server-tls-secret.yaml Normal file
View File

@@ -0,0 +1,21 @@
{{- if and .Values.server.certificateSecret.enabled (not .Values.server.certificate.enabled) }}
apiVersion: v1
kind: Secret
metadata:
name: argocd-server-tls
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "server-tls") | nindent 4 }}
{{- with .Values.server.certificateSecret.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.server.certificateSecret.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
type: kubernetes.io/tls
data:
tls.crt: {{ .Values.server.certificateSecret.crt | b64enc | quote }}
tls.key: {{ .Values.server.certificateSecret.key | b64enc | quote }}
{{- end }}

22
helm/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-ssh-known-hosts-cm
labels:
{{- include "argo-cd.labels" (dict "context" . "name" "ssh-known-hosts-cm") | nindent 4 }}
{{- with (mergeOverwrite (deepCopy .Values.configs.ssh.annotations) (.Values.configs.knownHostsAnnotations | default dict)) }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
data:
ssh_known_hosts: |
{{- if hasKey .Values.configs "knownHosts" }}
{{- .Values.configs.knownHosts.data.ssh_known_hosts | nindent 4 }}
{{- else }}
{{- .Values.configs.ssh.knownHosts | nindent 4 }}
{{- end }}
{{- with .Values.configs.ssh.extraHosts }}
{{- . | nindent 4 }}
{{- end }}

11
helm/argo-cd/templates/argocd-configs/argocd-styles-cm.yaml Normal file
View File

@@ -0,0 +1,11 @@
{{- if .Values.configs.styles }}
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-styles-cm
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
data:
custom.styles.css: |
{{- .Values.configs.styles | nindent 4 }}
{{- end }}

22
helm/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-tls-certs-cm
labels:
{{- include "argo-cd.labels" (dict "context" . "name" "tls-certs-cm") | nindent 4 }}
{{- with (mergeOverwrite (deepCopy .Values.configs.tls.annotations) (.Values.configs.tlsCertsAnnotations | default dict)) }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- if hasKey .Values.configs "tlsCerts" }}
{{- with .Values.configs.tlsCerts }}
{{- toYaml . | nindent 0 }}
{{- end }}
{{- else }}
{{- with .Values.configs.tls.certificates }}
data:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }}

31
helm/argo-cd/templates/argocd-configs/cluster-secrets.yaml Normal file
View File

@@ -0,0 +1,31 @@
{{- range .Values.configs.clusterCredentials }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ include "argo-cd.name" $ }}-cluster-{{ .name }}
labels:
{{- include "argo-cd.labels" (dict "context" $) | nindent 4 }}
{{- with .labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
argocd.argoproj.io/secret-type: cluster
{{- with .annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
type: Opaque
stringData:
name: {{ required "A valid .Values.configs.clusterCredentials[].name entry is required!" .name }}
server: {{ required "A valid .Values.configs.clusterCredentials[].server entry is required!" .server }}
{{- if .namespaces }}
namespaces: {{ .namespaces }}
{{- if .clusterResources }}
clusterResources: {{ .clusterResources | quote }}
{{- end }}
{{- end }}
config: |
{{- required "A valid .Values.configs.clusterCredentials[].config entry is required!" .config | toRawJson | nindent 4 }}
{{- end }}

22
helm/argo-cd/templates/argocd-configs/externalredis-secret.yaml Normal file
View File

@@ -0,0 +1,22 @@
{{- if and (or .Values.externalRedis.username .Values.externalRedis.password) (not .Values.externalRedis.existingSecret) }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "argo-cd.redis.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" $) | nindent 4 }}
{{- with .Values.externalRedis.secretAnnotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
type: Opaque
data:
{{- with .Values.externalRedis.username }}
redis-username: {{ . | b64enc }}
{{- end }}
{{- with .Values.externalRedis.password }}
redis-password: {{ . | b64enc }}
{{- end }}
{{- end }}

20
helm/argo-cd/templates/argocd-configs/repository-credentials-secret.yaml Normal file
View File

@@ -0,0 +1,20 @@
{{- range $repo_cred_key, $repo_cred_value := .Values.configs.credentialTemplates }}
---
apiVersion: v1
kind: Secret
metadata:
name: argocd-repo-creds-{{ $repo_cred_key }}
labels:
argocd.argoproj.io/secret-type: repo-creds
{{- include "argo-cd.labels" (dict "context" $) | nindent 4 }}
{{- with $.Values.configs.credentialTemplatesAnnotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
data:
{{- range $key, $value := $repo_cred_value }}
{{ $key }}: {{ $value | toString | b64enc }}
{{- end }}
{{- end }}

20
helm/argo-cd/templates/argocd-configs/repository-secret.yaml Normal file
View File

@@ -0,0 +1,20 @@
{{- range $repo_key, $repo_value := .Values.configs.repositories }}
---
apiVersion: v1
kind: Secret
metadata:
name: argocd-repo-{{ $repo_key }}
labels:
argocd.argoproj.io/secret-type: repository
{{- include "argo-cd.labels" (dict "context" $) | nindent 4 }}
{{- with $.Values.configs.repositoriesAnnotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
data:
{{- range $key, $value := $repo_value }}
{{ $key }}: {{ $value | b64enc }}
{{- end }}
{{- end }}

144
helm/argo-cd/templates/argocd-notifications/deployment.yaml Normal file
View File

@@ -0,0 +1,144 @@
{{- if .Values.notifications.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
{{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.notifications.deploymentAnnotations) }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
name: {{ include "argo-cd.notifications.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }}
spec:
replicas: 1
revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }}
strategy:
type: Recreate
selector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.notifications.name) | nindent 6 }}
template:
metadata:
{{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.notifications.podAnnotations) }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 8 }}
{{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.notifications.podLabels) }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.notifications.imagePullSecrets | default .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.global.hostAliases }}
hostAliases:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.global.securityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.notifications.priorityClassName | default .Values.global.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}
serviceAccountName: {{ include "argo-cd.notificationsServiceAccountName" . }}
containers:
- name: {{ .Values.notifications.name }}
image: {{ default .Values.global.image.repository .Values.notifications.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.notifications.image.tag }}
imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.notifications.image.imagePullPolicy }}
command:
- argocd-notifications
- --metrics-port={{ .Values.notifications.containerPorts.metrics }}
- --loglevel={{ default .Values.global.logging.level .Values.notifications.logLevel }}
- --logformat={{ default .Values.global.logging.format .Values.notifications.logFormat }}
- --namespace={{ .Release.Namespace }}
- --argocd-repo-server={{ template "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }}
{{- range .Values.notifications.extraArgs }}
- {{ . | squote }}
{{- end }}
{{- with .Values.notifications.extraEnv }}
env:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.notifications.extraEnvFrom }}
envFrom:
{{- toYaml . | nindent 12 }}
{{- end }}
ports:
- name: metrics
containerPort: {{ .Values.notifications.containerPorts.metrics }}
protocol: TCP
resources:
{{- toYaml .Values.notifications.resources | nindent 12 }}
securityContext:
{{- toYaml .Values.notifications.containerSecurityContext | nindent 12 }}
workingDir: /app
volumeMounts:
- name: tls-certs
mountPath: /app/config/tls
- name: argocd-repo-server-tls
mountPath: /app/config/reposerver/tls
{{- with .Values.notifications.extraVolumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.notifications.extraContainers }}
{{- tpl (toYaml . ) $ | nindent 8 }}
{{- end }}
{{- with .Values.notifications.initContainers }}
initContainers:
{{- tpl (toYaml . ) $ | nindent 8 }}
{{- end }}
{{- with include "argo-cd.affinity" (dict "context" . "component" .Values.notifications) }}
affinity:
{{- trim . | nindent 8 }}
{{- end }}
{{- with .Values.notifications.nodeSelector | default .Values.global.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.notifications.tolerations | default .Values.global.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.notifications.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }}
topologySpreadConstraints:
{{- range $constraint := . }}
- {{ toYaml $constraint | nindent 8 | trim }}
{{- if not $constraint.labelSelector }}
labelSelector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" $ "name" $.Values.notifications.name) | nindent 12 }}
{{- end }}
{{- end }}
{{- end }}
volumes:
{{- with .Values.notifications.extraVolumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
- name: tls-certs
configMap:
name: argocd-tls-certs-cm
- name: argocd-repo-server-tls
secret:
secretName: argocd-repo-server-tls
optional: true
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
- key: ca.crt
path: ca.crt
{{- with .Values.notifications.dnsConfig }}
dnsConfig:
{{- toYaml . | nindent 8 }}
{{- end }}
dnsPolicy: {{ .Values.notifications.dnsPolicy }}
{{- end }}

25
helm/argo-cd/templates/argocd-notifications/metrics.yaml Normal file
View File

@@ -0,0 +1,25 @@
{{- if and .Values.notifications.enabled .Values.notifications.metrics.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "argo-cd.notifications.fullname" . }}-metrics
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" "metrics") | nindent 4 }}
{{- with .Values.notifications.metrics.service.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.notifications.metrics.service.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
selector:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.notifications.name) | nindent 6 }}
ports:
- name: {{ .Values.notifications.metrics.service.portName }}
protocol: TCP
port: {{ .Values.notifications.metrics.port }}
targetPort: metrics
{{- end }}

19
helm/argo-cd/templates/argocd-notifications/networkpolicy.yaml Normal file
View File

@@ -0,0 +1,19 @@
{{- if and .Values.notifications.enabled .Values.global.networkPolicy.create .Values.notifications.metrics.enabled }}
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: {{ template "argo-cd.notifications.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }}
spec:
ingress:
- from:
- namespaceSelector: {}
ports:
- port: metrics
podSelector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.notifications.name) | nindent 6 }}
policyTypes:
- Ingress
{{- end }}

26
helm/argo-cd/templates/argocd-notifications/pdb.yaml Normal file
View File

@@ -0,0 +1,26 @@
{{- if and .Values.notifications.enabled .Values.notifications.pdb.enabled }}
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: {{ include "argo-cd.notifications.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }}
{{- with .Values.notifications.pdb.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.notifications.pdb.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
{{- with .Values.notifications.pdb.maxUnavailable }}
maxUnavailable: {{ . }}
{{- else }}
minAvailable: {{ .Values.notifications.pdb.minAvailable | default 0 }}
{{- end }}
selector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.notifications.name) | nindent 6 }}
{{- end }}

44
helm/argo-cd/templates/argocd-notifications/role.yaml Normal file
View File

@@ -0,0 +1,44 @@
{{- if .Values.notifications.enabled }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ template "argo-cd.notifications.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }}
rules:
- apiGroups:
- argoproj.io
resources:
- applications
- appprojects
verbs:
- get
- list
- watch
- update
- patch
- apiGroups:
- ""
resources:
- configmaps
- secrets
verbs:
- list
- watch
- apiGroups:
- ""
resourceNames:
- argocd-notifications-cm
resources:
- configmaps
verbs:
- get
- apiGroups:
- ""
resourceNames:
- argocd-notifications-secret
resources:
- secrets
verbs:
- get
{{- end }}

16
helm/argo-cd/templates/argocd-notifications/rolebinding.yaml Normal file
View File

@@ -0,0 +1,16 @@
{{- if .Values.notifications.enabled }}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "argo-cd.notifications.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "argo-cd.notifications.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "argo-cd.notificationsServiceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}

18
helm/argo-cd/templates/argocd-notifications/serviceaccount.yaml Normal file
View File

@@ -0,0 +1,18 @@
{{- if and .Values.notifications.enabled .Values.notifications.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: {{ .Values.notifications.serviceAccount.automountServiceAccountToken }}
metadata:
name: {{ template "argo-cd.notificationsServiceAccountName" . }}
{{- if .Values.notifications.serviceAccount.annotations }}
annotations:
{{- range $key, $value := .Values.notifications.serviceAccount.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }}
{{- range $key, $value := .Values.notifications.serviceAccount.labels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}

52
helm/argo-cd/templates/argocd-notifications/servicemonitor.yaml Normal file
View File

@@ -0,0 +1,52 @@
{{- if and .Values.notifications.enabled .Values.notifications.metrics.enabled .Values.notifications.metrics.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "argo-cd.notifications.fullname" . }}
{{- if .Values.notifications.metrics.serviceMonitor.namespace }}
namespace: {{ .Values.notifications.metrics.serviceMonitor.namespace }}
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }}
{{- with .Values.notifications.metrics.serviceMonitor.selector }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if .Values.notifications.metrics.serviceMonitor.additionalLabels }}
{{- toYaml .Values.notifications.metrics.serviceMonitor.additionalLabels | nindent 4 }}
{{- end }}
{{- with .Values.notifications.metrics.serviceMonitor.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
endpoints:
- port: {{ .Values.notifications.metrics.service.portName }}
path: /metrics
{{- if .Values.notifications.metrics.serviceMonitor.interval }}
interval: {{ .Values.notifications.metrics.serviceMonitor.interval }}
{{- end }}
{{- if .Values.notifications.metrics.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ .Values.notifications.metrics.serviceMonitor.scrapeTimeout }}
{{- end }}
{{- with .Values.notifications.metrics.serviceMonitor.scheme }}
scheme: {{ . }}
{{- end }}
{{- with .Values.notifications.metrics.serviceMonitor.tlsConfig }}
tlsConfig:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.notifications.metrics.serviceMonitor.relabelings }}
relabelings:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.notifications.metrics.serviceMonitor.metricRelabelings }}
metricRelabelings:
{{- toYaml . | nindent 8 }}
{{- end }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
selector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.notifications.name "name" "metrics") | nindent 6 }}
{{- end }}

24
helm/argo-cd/templates/argocd-repo-server/clusterrole.yaml Normal file
View File

@@ -0,0 +1,24 @@
{{- $config := .Values.repoServer.clusterAdminAccess | default dict -}}
{{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "argo-cd.repoServer.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
rules:
{{- if .Values.repoServer.clusterRoleRules.enabled }}
{{- toYaml .Values.repoServer.clusterRoleRules.rules | nindent 2 }}
{{- else }}
- apiGroups:
- '*'
resources:
- '*'
verbs:
- '*'
- nonResourceURLs:
- '*'
verbs:
- '*'
{{- end }}
{{- end }}

17
helm/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml Normal file
View File

@@ -0,0 +1,17 @@
{{- $config := .Values.repoServer.clusterAdminAccess | default dict -}}
{{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "argo-cd.repoServer.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "argo-cd.repoServer.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ include "argo-cd.repoServerServiceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}

363
helm/argo-cd/templates/argocd-repo-server/deployment.yaml Executable file
View File

@@ -0,0 +1,363 @@
apiVersion: apps/v1
kind: Deployment
metadata:
{{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.repoServer.deploymentAnnotations) }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
name: {{ template "argo-cd.repoServer.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
spec:
{{- if not .Values.repoServer.autoscaling.enabled }}
replicas: {{ .Values.repoServer.replicas }}
{{- end }}
revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }}
selector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 6 }}
template:
metadata:
annotations:
checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }}
{{- if .Values.repoServer.certificateSecret.enabled }}
checksum/repo-server-tls: {{ include (print $.Template.BasePath "/argocd-configs/argocd-repo-server-tls-secret.yaml") . | sha256sum }}
{{- end }}
{{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.repoServer.podAnnotations) }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 8 }}
{{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.repoServer.podLabels) }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.repoServer.imagePullSecrets | default .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.global.hostAliases }}
hostAliases:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.global.securityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.repoServer.priorityClassName | default .Values.global.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}
serviceAccountName: {{ include "argo-cd.repoServerServiceAccountName" . }}
containers:
- name: {{ .Values.repoServer.name }}
image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.repoServer.image.tag }}
imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.repoServer.image.imagePullPolicy }}
command:
- entrypoint.sh
args:
- argocd-repo-server
- --port={{ .Values.repoServer.containerPorts.server }}
- --metrics-port={{ .Values.repoServer.containerPorts.metrics }}
{{- with .Values.repoServer.logFormat }}
- --logformat
- {{ . | quote }}
{{- end }}
{{- with .Values.repoServer.logLevel }}
- --loglevel
- {{ . | quote }}
{{- end }}
{{- with .Values.repoServer.extraArgs }}
{{- toYaml . | nindent 8 }}
{{- end }}
env:
{{- with .Values.repoServer.env }}
{{- toYaml . | nindent 10 }}
{{- end }}
{{- if .Values.openshift.enabled }}
- name: USER_NAME
value: argocd
{{- end }}
- name: ARGOCD_RECONCILIATION_TIMEOUT
valueFrom:
configMapKeyRef:
name: argocd-cm
key: timeout.reconciliation
optional: true
- name: ARGOCD_REPO_SERVER_LOGFORMAT
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: reposerver.log.format
optional: true
- name: ARGOCD_REPO_SERVER_LOGLEVEL
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: reposerver.log.level
optional: true
- name: ARGOCD_REPO_SERVER_PARALLELISM_LIMIT
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: reposerver.parallelism.limit
optional: true
- name: ARGOCD_REPO_SERVER_DISABLE_TLS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: reposerver.disable.tls
optional: true
- name: ARGOCD_TLS_MIN_VERSION
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: reposerver.tls.minversion
optional: true
- name: ARGOCD_TLS_MAX_VERSION
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: reposerver.tls.maxversion
optional: true
- name: ARGOCD_TLS_CIPHERS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: reposerver.tls.ciphers
optional: true
- name: ARGOCD_REPO_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: reposerver.repo.cache.expiration
optional: true
- name: REDIS_SERVER
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: redis.server
optional: true
- name: REDIS_COMPRESSION
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: redis.compression
optional: true
- name: REDISDB
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: redis.db
optional: true
- name: REDIS_USERNAME
valueFrom:
secretKeyRef:
name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
key: redis-username
optional: true
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
key: redis-password
optional: true
- name: ARGOCD_DEFAULT_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: reposerver.default.cache.expiration
optional: true
- name: ARGOCD_REPO_SERVER_OTLP_ADDRESS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: otlp.address
optional: true
- name: ARGOCD_REPO_SERVER_MAX_COMBINED_DIRECTORY_MANIFESTS_SIZE
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: reposerver.max.combined.directory.manifests.size
optional: true
- name: ARGOCD_REPO_SERVER_PLUGIN_TAR_EXCLUSIONS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: reposerver.plugin.tar.exclusions
optional: true
- name: ARGOCD_REPO_SERVER_ALLOW_OUT_OF_BOUNDS_SYMLINKS
valueFrom:
configMapKeyRef:
key: reposerver.allow.oob.symlinks
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_TAR_SIZE
valueFrom:
configMapKeyRef:
key: reposerver.streamed.manifest.max.tar.size
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_EXTRACTED_SIZE
valueFrom:
configMapKeyRef:
key: reposerver.streamed.manifest.max.extracted.size
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_GIT_MODULES_ENABLED
valueFrom:
configMapKeyRef:
key: reposerver.enable.git.submodule
name: argocd-cmd-params-cm
optional: true
- name: HELM_CACHE_HOME
value: /helm-working-dir
- name: HELM_CONFIG_HOME
value: /helm-working-dir
- name: HELM_DATA_HOME
value: /helm-working-dir
{{- with .Values.repoServer.envFrom }}
envFrom:
{{- toYaml . | nindent 10 }}
{{- end }}
volumeMounts:
{{- if .Values.repoServer.volumeMounts }}
{{- toYaml .Values.repoServer.volumeMounts | nindent 8 }}
{{- end }}
- mountPath: /app/config/ssh
name: ssh-known-hosts
- mountPath: /app/config/tls
name: tls-certs
- mountPath: /app/config/gpg/source
name: gpg-keys
- mountPath: /app/config/gpg/keys
name: gpg-keyring
- mountPath: /app/config/reposerver/tls
name: argocd-repo-server-tls
- mountPath: /helm-working-dir
name: helm-working-dir
- mountPath: /home/argocd/cmp-server/plugins
name: plugins
- mountPath: /tmp
name: tmp
ports:
- name: repo-server
containerPort: {{ .Values.repoServer.containerPorts.server }}
protocol: TCP
- name: metrics
containerPort: {{ .Values.repoServer.containerPorts.metrics }}
protocol: TCP
livenessProbe:
httpGet:
path: /healthz?full=true
port: metrics
initialDelaySeconds: {{ .Values.repoServer.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.repoServer.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.repoServer.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.repoServer.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.repoServer.livenessProbe.failureThreshold }}
readinessProbe:
httpGet:
path: /healthz
port: metrics
initialDelaySeconds: {{ .Values.repoServer.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.repoServer.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.repoServer.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.repoServer.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.repoServer.readinessProbe.failureThreshold }}
resources:
{{- toYaml .Values.repoServer.resources | nindent 10 }}
securityContext:
{{- toYaml .Values.repoServer.containerSecurityContext | nindent 10 }}
{{- with .Values.repoServer.extraContainers }}
{{- tpl (toYaml .) $ | nindent 6 }}
{{- end }}
initContainers:
- command:
- cp
- -n
- /usr/local/bin/argocd
- /var/run/argocd/argocd-cmp-server
image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.repoServer.image.tag }}
imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.repoServer.image.imagePullPolicy }}
name: copyutil
{{- with .Values.repoServer.resources }}
resources:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.repoServer.containerSecurityContext }}
securityContext:
{{- toYaml . | nindent 10 }}
{{- end }}
volumeMounts:
- mountPath: /var/run/argocd
name: var-files
{{- with .Values.repoServer.initContainers }}
{{- tpl (toYaml .) $ | nindent 6 }}
{{- end }}
{{- with include "argo-cd.affinity" (dict "context" . "component" .Values.repoServer) }}
affinity:
{{- trim . | nindent 8 }}
{{- end }}
{{- with .Values.repoServer.nodeSelector | default .Values.global.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.repoServer.tolerations | default .Values.global.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.repoServer.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }}
topologySpreadConstraints:
{{- range $constraint := . }}
- {{ toYaml $constraint | nindent 8 | trim }}
{{- if not $constraint.labelSelector }}
labelSelector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" $ "name" $.Values.repoServer.name) | nindent 12 }}
{{- end }}
{{- end }}
{{- end }}
volumes:
{{- with .Values.repoServer.volumes }}
{{- toYaml . | nindent 6 }}
{{- end }}
- name: helm-working-dir
emptyDir: {}
- name: plugins
emptyDir: {}
- name: var-files
emptyDir: {}
- name: tmp
emptyDir: {}
- name: ssh-known-hosts
configMap:
name: argocd-ssh-known-hosts-cm
- name: tls-certs
configMap:
name: argocd-tls-certs-cm
- name: gpg-keys
configMap:
name: argocd-gpg-keys-cm
- name: gpg-keyring
emptyDir: {}
- name: argocd-repo-server-tls
secret:
secretName: argocd-repo-server-tls
optional: true
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
- key: ca.crt
path: ca.crt
hostNetwork: {{ .Values.repoServer.hostNetwork }}
{{- with .Values.repoServer.dnsConfig }}
dnsConfig:
{{- toYaml . | nindent 8 }}
{{- end }}
dnsPolicy: {{ .Values.repoServer.dnsPolicy }}

44
helm/argo-cd/templates/argocd-repo-server/hpa.yaml Normal file
View File

@@ -0,0 +1,44 @@
{{- if .Values.repoServer.autoscaling.enabled }}
apiVersion: {{ include "argo-cd.apiVersion.autoscaling" . }}
kind: HorizontalPodAutoscaler
metadata:
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" (printf "%s-hpa" .Values.repoServer.name)) | nindent 4 }}
name: {{ template "argo-cd.repoServer.fullname" . }}-hpa
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ template "argo-cd.repoServer.fullname" . }}
minReplicas: {{ .Values.repoServer.autoscaling.minReplicas }}
maxReplicas: {{ .Values.repoServer.autoscaling.maxReplicas }}
metrics:
{{- with .Values.repoServer.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
{{- if eq (include "argo-cd.apiVersion.autoscaling" $) "autoscaling/v2beta1" }}
targetAverageUtilization: {{ . }}
{{- else }}
target:
averageUtilization: {{ . }}
type: Utilization
{{- end }}
{{- end }}
{{- with .Values.repoServer.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
{{- if eq (include "argo-cd.apiVersion.autoscaling" $) "autoscaling/v2beta1" }}
targetAverageUtilization: {{ . }}
{{- else }}
target:
averageUtilization: {{ . }}
type: Utilization
{{- end }}
{{- end }}
{{- with .Values.repoServer.autoscaling.behavior }}
behavior:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

25
helm/argo-cd/templates/argocd-repo-server/metrics.yaml Normal file
View File

@@ -0,0 +1,25 @@
{{- if .Values.repoServer.metrics.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "argo-cd.repoServer.fullname" . }}-metrics
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" (printf "%s-metrics" .Values.repoServer.name)) | nindent 4 }}
{{- with .Values.repoServer.metrics.service.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.repoServer.metrics.service.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
ports:
- name: {{ .Values.repoServer.metrics.service.portName }}
protocol: TCP
port: {{ .Values.repoServer.metrics.service.servicePort }}
targetPort: metrics
selector:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 4 }}
{{- end }}

41
helm/argo-cd/templates/argocd-repo-server/networkpolicy.yaml Normal file
View File

@@ -0,0 +1,41 @@
{{- if .Values.global.networkPolicy.create }}
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
name: {{ template "argo-cd.repoServer.fullname" . }}
spec:
ingress:
- from:
- podSelector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 10 }}
- podSelector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 10 }}
{{- if .Values.notifications.enabled }}
- podSelector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.notifications.name) | nindent 10 }}
{{- end }}
{{- if .Values.applicationSet.enabled }}
- podSelector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 10 }}
{{- end }}
ports:
- port: repo-server
protocol: TCP
{{- if .Values.repoServer.metrics.enabled }}
- from:
- namespaceSelector: {}
ports:
- port: metrics
{{- end }}
podSelector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 6 }}
policyTypes:
- Ingress
{{- end }}

26
helm/argo-cd/templates/argocd-repo-server/pdb.yaml Normal file
View File

@@ -0,0 +1,26 @@
{{- if .Values.repoServer.pdb.enabled }}
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: {{ include "argo-cd.repoServer.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
{{- with .Values.repoServer.pdb.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.repoServer.pdb.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
{{- with .Values.repoServer.pdb.maxUnavailable }}
maxUnavailable: {{ . }}
{{- else }}
minAvailable: {{ .Values.repoServer.pdb.minAvailable | default 0 }}
{{- end }}
selector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 6 }}
{{- end }}

12
helm/argo-cd/templates/argocd-repo-server/role.yaml Normal file
View File

@@ -0,0 +1,12 @@
{{- if .Values.repoServer.serviceAccount.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ template "argo-cd.repoServer.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
rules:
{{- if .Values.repoServer.rbac }}
{{toYaml .Values.repoServer.rbac }}
{{- end }}
{{- end }}

16
helm/argo-cd/templates/argocd-repo-server/rolebinding.yaml Normal file
View File

@@ -0,0 +1,16 @@
{{- if .Values.repoServer.serviceAccount.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "argo-cd.repoServer.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "argo-cd.repoServer.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "argo-cd.repoServerServiceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}

23
helm/argo-cd/templates/argocd-repo-server/service.yaml Normal file
View File

@@ -0,0 +1,23 @@
apiVersion: v1
kind: Service
metadata:
{{- if .Values.repoServer.service.annotations }}
annotations:
{{- range $key, $value := .Values.repoServer.service.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
{{- with .Values.repoServer.service.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ template "argo-cd.repoServer.fullname" . }}
spec:
ports:
- name: {{ .Values.repoServer.service.portName }}
protocol: TCP
port: {{ .Values.repoServer.service.port }}
targetPort: repo-server
selector:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 4 }}

18
helm/argo-cd/templates/argocd-repo-server/serviceaccount.yaml Normal file
View File

@@ -0,0 +1,18 @@
{{- if .Values.repoServer.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: {{ .Values.repoServer.serviceAccount.automountServiceAccountToken }}
metadata:
name: {{ template "argo-cd.repoServerServiceAccountName" . }}
{{- if .Values.repoServer.serviceAccount.annotations }}
annotations:
{{- range $key, $value := .Values.repoServer.serviceAccount.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
{{- range $key, $value := .Values.repoServer.serviceAccount.labels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}

49
helm/argo-cd/templates/argocd-repo-server/servicemonitor.yaml Normal file
View File

@@ -0,0 +1,49 @@
{{- if and .Values.repoServer.metrics.enabled .Values.repoServer.metrics.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "argo-cd.repoServer.fullname" . }}
{{- with .Values.repoServer.metrics.serviceMonitor.namespace }}
namespace: {{ . }}
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
{{- with .Values.repoServer.metrics.serviceMonitor.selector }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.repoServer.metrics.serviceMonitor.additionalLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.repoServer.metrics.serviceMonitor.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
endpoints:
- port: {{ .Values.repoServer.metrics.service.portName }}
{{- with .Values.repoServer.metrics.serviceMonitor.interval }}
interval: {{ . }}
{{- end }}
path: /metrics
{{- with .Values.repoServer.metrics.serviceMonitor.relabelings }}
relabelings:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.repoServer.metrics.serviceMonitor.metricRelabelings }}
metricRelabelings:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.repoServer.metrics.serviceMonitor.scheme }}
scheme: {{ . }}
{{- end }}
{{- with .Values.repoServer.metrics.serviceMonitor.tlsConfig }}
tlsConfig:
{{- toYaml . | nindent 8 }}
{{- end }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
selector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.repoServer.name "name" (printf "%s-metrics" .Values.repoServer.name)) | nindent 6 }}
{{- end }}

24
helm/argo-cd/templates/argocd-server/aws/service.yaml Normal file
View File

@@ -0,0 +1,24 @@
{{- if and .Values.server.ingressGrpc.enabled .Values.server.ingressGrpc.isAWSALB -}}
apiVersion: v1
kind: Service
metadata:
annotations:
alb.ingress.kubernetes.io/backend-protocol-version: {{ .Values.server.ingressGrpc.awsALB.backendProtocolVersion }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" (print .Values.server.name "-gprc") "name" (print .Values.server.name "-grpc")) | nindent 4 }}
name: {{ template "argo-cd.server.fullname" . }}-grpc
spec:
ports:
- name: {{ .Values.server.service.servicePortHttpName }}
protocol: TCP
port: {{ .Values.server.service.servicePortHttp }}
targetPort: server
- name: {{ .Values.server.service.servicePortHttpsName }}
protocol: TCP
port: {{ .Values.server.service.servicePortHttps }}
targetPort: server
selector:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }}
sessionAffinity: None
type: {{ .Values.server.ingressGrpc.awsALB.serviceType }}
{{- end -}}

32
helm/argo-cd/templates/argocd-server/certificate.yaml Normal file
View File

@@ -0,0 +1,32 @@
{{- if .Values.server.certificate.enabled -}}
apiVersion: {{ include "argo-cd.apiVersion.cert-manager" . }}
kind: Certificate
metadata:
name: {{ include "argo-cd.server.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
spec:
secretName: {{ .Values.server.certificate.secretName }}
commonName: {{ .Values.server.certificate.domain | quote }}
dnsNames:
- {{ .Values.server.certificate.domain | quote }}
{{- range .Values.server.certificate.additionalHosts }}
- {{ . | quote }}
{{- end }}
{{- with .Values.server.certificate.duration }}
duration: {{ . | quote }}
{{- end }}
{{- with .Values.server.certificate.renewBefore }}
renewBefore: {{ . | quote }}
{{- end }}
issuerRef:
{{- with .Values.server.certificate.issuer.group }}
group: {{ . | quote }}
{{- end }}
kind: {{ .Values.server.certificate.issuer.kind | quote }}
name: {{ .Values.server.certificate.issuer.name | quote }}
{{- with .Values.server.certificate.privateKey }}
privateKey:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

48
helm/argo-cd/templates/argocd-server/clusterrole.yaml Normal file
View File

@@ -0,0 +1,48 @@
{{- $config := .Values.server.clusterAdminAccess | default dict -}}
{{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "argo-cd.server.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
rules:
- apiGroups:
- '*'
resources:
- '*'
verbs:
- delete
- get
- patch
- apiGroups:
- ""
resources:
- events
verbs:
- list
- apiGroups:
- ""
resources:
- pods
- pods/log
verbs:
- get
{{- if eq (toString (index (coalesce .Values.server.config .Values.configs.cm) "exec.enabled")) "true" }}
- apiGroups:
- ""
resources:
- pods/exec
verbs:
- create
{{- end }}
- apiGroups:
- argoproj.io
resources:
- applications
verbs:
- get
- list
- update
- watch
{{- end }}

17
helm/argo-cd/templates/argocd-server/clusterrolebinding.yaml Normal file
View File

@@ -0,0 +1,17 @@
{{- $config := .Values.server.clusterAdminAccess | default dict -}}
{{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "argo-cd.server.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "argo-cd.server.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ include "argo-cd.serverServiceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}

429
helm/argo-cd/templates/argocd-server/deployment.yaml Executable file
View File

@@ -0,0 +1,429 @@
apiVersion: apps/v1
kind: Deployment
metadata:
{{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.server.deploymentAnnotations) }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
name: {{ template "argo-cd.server.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
spec:
{{- if not .Values.server.autoscaling.enabled }}
replicas: {{ .Values.server.replicas }}
{{- end }}
revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }}
selector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 6 }}
template:
metadata:
annotations:
checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }}
{{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.server.podAnnotations) }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 8 }}
{{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.server.podLabels) }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.server.imagePullSecrets | default .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.global.hostAliases }}
hostAliases:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.global.securityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.server.priorityClassName | default .Values.global.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}
serviceAccountName: {{ include "argo-cd.serverServiceAccountName" . }}
containers:
- name: {{ .Values.server.name }}
image: {{ default .Values.global.image.repository .Values.server.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.server.image.tag }}
imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.server.image.imagePullPolicy }}
command:
- argocd-server
- --port={{ .Values.server.containerPorts.server }}
- --metrics-port={{ .Values.server.containerPorts.metrics }}
{{- with .Values.server.logFormat }}
- --logformat
- {{ . | quote }}
{{- end }}
{{- with .Values.server.logLevel }}
- --loglevel
- {{ . | quote }}
{{- end }}
{{- with .Values.server.extraArgs }}
{{- toYaml . | nindent 8 }}
{{- end }}
env:
{{- with .Values.server.env }}
{{- toYaml . | nindent 10 }}
{{- end }}
- name: ARGOCD_SERVER_INSECURE
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: server.insecure
optional: true
- name: ARGOCD_SERVER_BASEHREF
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: server.basehref
optional: true
- name: ARGOCD_SERVER_ROOTPATH
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: server.rootpath
optional: true
- name: ARGOCD_SERVER_LOGFORMAT
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: server.log.format
optional: true
- name: ARGOCD_SERVER_LOG_LEVEL
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: server.log.level
optional: true
- name: ARGOCD_SERVER_REPO_SERVER
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: repo.server
optional: true
- name: ARGOCD_SERVER_DEX_SERVER
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: server.dex.server
optional: true
- name: ARGOCD_SERVER_DISABLE_AUTH
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: server.disable.auth
optional: true
- name: ARGOCD_SERVER_ENABLE_GZIP
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: server.enable.gzip
optional: true
- name: ARGOCD_SERVER_REPO_SERVER_TIMEOUT_SECONDS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: server.repo.server.timeout.seconds
optional: true
- name: ARGOCD_SERVER_X_FRAME_OPTIONS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: server.x.frame.options
optional: true
- name: ARGOCD_SERVER_CONTENT_SECURITY_POLICY
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: server.content.security.policy
optional: true
- name: ARGOCD_SERVER_REPO_SERVER_PLAINTEXT
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: server.repo.server.plaintext
optional: true
- name: ARGOCD_SERVER_REPO_SERVER_STRICT_TLS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: server.repo.server.strict.tls
optional: true
- name: ARGOCD_SERVER_DEX_SERVER_PLAINTEXT
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: server.dex.server.plaintext
optional: true
- name: ARGOCD_SERVER_DEX_SERVER_STRICT_TLS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: server.dex.server.strict.tls
optional: true
- name: ARGOCD_TLS_MIN_VERSION
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: server.tls.minversion
optional: true
- name: ARGOCD_TLS_MAX_VERSION
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: server.tls.maxversion
optional: true
- name: ARGOCD_TLS_CIPHERS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: server.tls.ciphers
optional: true
- name: ARGOCD_SERVER_CONNECTION_STATUS_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: server.connection.status.cache.expiration
optional: true
- name: ARGOCD_SERVER_OIDC_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: server.oidc.cache.expiration
optional: true
- name: ARGOCD_SERVER_LOGIN_ATTEMPTS_EXPIRATION
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: server.login.attempts.expiration
optional: true
- name: ARGOCD_SERVER_STATIC_ASSETS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: server.staticassets
optional: true
- name: ARGOCD_APP_STATE_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: server.app.state.cache.expiration
optional: true
- name: REDIS_SERVER
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: redis.server
optional: true
- name: REDIS_COMPRESSION
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: redis.compression
optional: true
- name: REDISDB
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: redis.db
optional: true
- name: REDIS_USERNAME
valueFrom:
secretKeyRef:
name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
key: redis-username
optional: true
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }}
key: redis-password
optional: true
- name: ARGOCD_DEFAULT_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: server.default.cache.expiration
optional: true
- name: ARGOCD_MAX_COOKIE_NUMBER
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: server.http.cookie.maxnumber
optional: true
- name: ARGOCD_SERVER_OTLP_ADDRESS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: otlp.address
optional: true
- name: ARGOCD_APPLICATION_NAMESPACES
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: application.namespaces
optional: true
- name: ARGOCD_SERVER_ENABLE_PROXY_EXTENSION
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: server.enable.proxy.extension
optional: true
{{- with .Values.server.envFrom }}
envFrom:
{{- toYaml . | nindent 10 }}
{{- end }}
volumeMounts:
{{- with .Values.server.volumeMounts }}
{{- toYaml . | nindent 8 }}
{{- end }}
- mountPath: /app/config/ssh
name: ssh-known-hosts
- mountPath: /app/config/tls
name: tls-certs
- mountPath: /app/config/server/tls
name: argocd-repo-server-tls
- mountPath: /app/config/dex/tls
name: argocd-dex-server-tls
- mountPath: /home/argocd
name: plugins-home
- mountPath: /shared/app/custom
name: styles
- mountPath: /tmp
name: tmp
{{- if .Values.server.extensions.enabled }}
- mountPath: /tmp/extensions
name: extensions
{{- end }}
ports:
- name: server
containerPort: {{ .Values.server.containerPorts.server }}
protocol: TCP
- name: metrics
containerPort: {{ .Values.server.containerPorts.metrics }}
protocol: TCP
livenessProbe:
httpGet:
path: /healthz?full=true
port: server
initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
readinessProbe:
httpGet:
path: /healthz
port: server
initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
resources:
{{- toYaml .Values.server.resources | nindent 10 }}
securityContext:
{{- toYaml .Values.server.containerSecurityContext | nindent 10 }}
{{- with .Values.server.lifecycle }}
lifecycle:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- if .Values.server.extensions.enabled }}
- name: argocd-extensions
image: {{ .Values.server.extensions.image.repository }}:{{ .Values.server.extensions.image.tag }}
imagePullPolicy: {{ .Values.server.extensions.image.imagePullPolicy }}
resources:
{{- toYaml .Values.server.extensions.resources | nindent 10 }}
securityContext:
{{- toYaml .Values.server.extensions.containerSecurityContext | nindent 10 }}
volumeMounts:
- name: extensions
mountPath: /tmp/extensions/
- name: tmp
mountPath: /tmp
{{- end }}
{{- with .Values.server.extraContainers }}
{{- tpl (toYaml .) $ | nindent 6 }}
{{- end }}
{{- with .Values.server.initContainers }}
initContainers:
{{- tpl (toYaml .) $ | nindent 6 }}
{{- end }}
{{- with include "argo-cd.affinity" (dict "context" . "component" .Values.server) }}
affinity:
{{- trim . | nindent 8 }}
{{- end }}
{{- with .Values.server.nodeSelector | default .Values.global.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.server.tolerations | default .Values.global.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.server.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }}
topologySpreadConstraints:
{{- range $constraint := . }}
- {{ toYaml $constraint | nindent 8 | trim }}
{{- if not $constraint.labelSelector }}
labelSelector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" $ "name" $.Values.server.name) | nindent 12 }}
{{- end }}
{{- end }}
{{- end }}
volumes:
{{- with .Values.server.volumes }}
{{- toYaml . | nindent 6}}
{{- end }}
{{- if .Values.server.extensions.enabled }}
- name: extensions
emptyDir: {}
{{- end }}
- name: plugins-home
emptyDir: {}
- name: tmp
emptyDir: {}
- name: ssh-known-hosts
configMap:
name: argocd-ssh-known-hosts-cm
- name: tls-certs
configMap:
name: argocd-tls-certs-cm
- name: styles
configMap:
name: argocd-styles-cm
optional: true
- name: argocd-repo-server-tls
secret:
secretName: argocd-repo-server-tls
optional: true
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
- key: ca.crt
path: ca.crt
- name: argocd-dex-server-tls
secret:
secretName: argocd-dex-server-tls
optional: true
items:
- key: tls.crt
path: tls.crt
- key: ca.crt
path: ca.crt
hostNetwork: {{ .Values.server.hostNetwork }}
{{- with .Values.server.dnsConfig }}
dnsConfig:
{{- toYaml . | nindent 8 }}
{{- end }}
dnsPolicy: {{ .Values.server.dnsPolicy }}

10
helm/argo-cd/templates/argocd-server/gke/backendconfig.yaml Normal file
View File

@@ -0,0 +1,10 @@
{{- if .Values.server.GKEbackendConfig.enabled }}
apiVersion: {{ include "argo-cd.apiVersions.cloudgoogle" . }}
kind: BackendConfig
metadata:
name: {{ template "argo-cd.server.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
spec:
{{- toYaml .Values.server.GKEbackendConfig.spec | nindent 2 }}
{{- end }}

10
helm/argo-cd/templates/argocd-server/gke/frontendconfig.yaml Normal file
View File

@@ -0,0 +1,10 @@
{{- if .Values.server.GKEfrontendConfig.enabled }}
apiVersion: networking.gke.io/v1beta1
kind: FrontendConfig
metadata:
name: {{ template "argo-cd.server.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
spec:
{{- toYaml .Values.server.GKEfrontendConfig.spec | nindent 2 }}
{{- end }}

11
helm/argo-cd/templates/argocd-server/gke/managedcertificate.yaml Normal file
View File

@@ -0,0 +1,11 @@
{{- if .Values.server.GKEmanagedCertificate.enabled }}
apiVersion: networking.gke.io/v1
kind: ManagedCertificate
metadata:
name: {{ template "argo-cd.server.fullname" . }}
spec:
domains:
{{- with .Values.server.GKEmanagedCertificate.domains }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

44
helm/argo-cd/templates/argocd-server/hpa.yaml Normal file
View File

@@ -0,0 +1,44 @@
{{- if .Values.server.autoscaling.enabled }}
apiVersion: {{ include "argo-cd.apiVersion.autoscaling" . }}
kind: HorizontalPodAutoscaler
metadata:
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" (printf "%s-hpa" .Values.server.name)) | nindent 4 }}
name: {{ template "argo-cd.server.fullname" . }}-hpa
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ template "argo-cd.server.fullname" . }}
minReplicas: {{ .Values.server.autoscaling.minReplicas }}
maxReplicas: {{ .Values.server.autoscaling.maxReplicas }}
metrics:
{{- with .Values.server.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
{{- if eq (include "argo-cd.apiVersion.autoscaling" $) "autoscaling/v2beta1" }}
targetAverageUtilization: {{ . }}
{{- else }}
target:
averageUtilization: {{ . }}
type: Utilization
{{- end }}
{{- end }}
{{- with .Values.server.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
{{- if eq (include "argo-cd.apiVersion.autoscaling" $) "autoscaling/v2beta1" }}
targetAverageUtilization: {{ . }}
{{- else }}
target:
averageUtilization: {{ . }}
type: Utilization
{{- end }}
{{- end }}
{{- with .Values.server.autoscaling.behavior }}
behavior:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

72
helm/argo-cd/templates/argocd-server/ingress-grpc.yaml Normal file
View File

@@ -0,0 +1,72 @@
{{- if and .Values.server.ingressGrpc.enabled (not .Values.server.ingressGrpc.isAWSALB) -}}
{{- $servicePort := ternary .Values.server.service.servicePortHttps .Values.server.service.servicePortHttp .Values.server.ingressGrpc.https -}}
{{- $paths := .Values.server.ingressGrpc.paths -}}
{{- $extraPaths := .Values.server.ingressGrpc.extraPaths -}}
{{- $pathType := .Values.server.ingressGrpc.pathType -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "argo-cd.server.fullname" . }}-grpc
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
{{- with .Values.server.ingressGrpc.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.server.ingressGrpc.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
{{- with .Values.server.ingressGrpc.ingressClassName }}
ingressClassName: {{ . }}
{{- end }}
rules:
{{- if .Values.server.ingressGrpc.hosts }}
{{- range $host := .Values.server.ingressGrpc.hosts }}
- host: {{ $host }}
http:
paths:
{{- with $extraPaths }}
{{- toYaml . | nindent 10 }}
{{- end }}
{{- range $p := $paths }}
- path: {{ $p }}
pathType: {{ $pathType }}
backend:
service:
name: {{ include "argo-cd.server.fullname" $ }}
port:
{{- if kindIs "float64" $servicePort }}
number: {{ $servicePort }}
{{- else }}
name: {{ $servicePort }}
{{- end }}
{{- end -}}
{{- end -}}
{{- else }}
- http:
paths:
{{- with $extraPaths }}
{{- toYaml . | nindent 10 }}
{{- end }}
{{- range $p := $paths }}
- path: {{ $p }}
pathType: {{ $pathType }}
backend:
service:
name: {{ include "argo-cd.server.fullname" $ }}
port:
{{- if kindIs "float64" $servicePort }}
number: {{ $servicePort }}
{{- else }}
name: {{ $servicePort }}
{{- end }}
{{- end -}}
{{- end -}}
{{- with .Values.server.ingressGrpc.tls }}
tls:
{{- toYaml . | nindent 4 }}
{{- end -}}
{{- end -}}

89
helm/argo-cd/templates/argocd-server/ingress.yaml Normal file
View File

@@ -0,0 +1,89 @@
{{- if .Values.server.ingress.enabled -}}
{{- $servicePort := ternary .Values.server.service.servicePortHttps .Values.server.service.servicePortHttp .Values.server.ingress.https -}}
{{- $paths := .Values.server.ingress.paths -}}
{{- $extraPaths := .Values.server.ingress.extraPaths -}}
{{- $pathType := .Values.server.ingress.pathType -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "argo-cd.server.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
{{- with .Values.server.ingress.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if .Values.server.ingress.annotations }}
annotations:
{{- range $key, $value := .Values.server.ingress.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- if and .Values.server.ingressGrpc.isAWSALB .Values.server.ingressGrpc.enabled }}
alb.ingress.kubernetes.io/conditions.{{ template "argo-cd.server.fullname" . }}-grpc: |
[{"field":"http-header","httpHeaderConfig":{"httpHeaderName": "Content-Type", "values":["application/grpc"]}}]
{{- end }}
{{- end }}
spec:
{{- with .Values.server.ingress.ingressClassName }}
ingressClassName: {{ . }}
{{- end }}
rules:
{{- if .Values.server.ingress.hosts }}
{{- range $host := .Values.server.ingress.hosts }}
- host: {{ $host | quote }}
http:
paths:
{{- with $extraPaths }}
{{- toYaml . | nindent 10 }}
{{- end }}
{{- range $p := $paths }}
{{- if and $.Values.server.ingressGrpc.isAWSALB $.Values.server.ingressGrpc.enabled }}
- path: {{ $p }}
pathType: Prefix
backend:
service:
name: {{ template "argo-cd.server.fullname" $ }}-grpc
port:
{{- if kindIs "float64" $servicePort }}
number: {{ $servicePort }}
{{- else }}
name: {{ $servicePort }}
{{- end }}
{{- end }}
- path: {{ $p }}
pathType: {{ $pathType }}
backend:
service:
name: {{ include "argo-cd.server.fullname" $ }}
port:
{{- if kindIs "float64" $servicePort }}
number: {{ $servicePort }}
{{- else }}
name: {{ $servicePort }}
{{- end }}
{{- end -}}
{{- end -}}
{{- else }}
- http:
paths:
{{- with $extraPaths }}
{{- toYaml . | nindent 10 }}
{{- end }}
{{- range $p := $paths }}
- path: {{ $p }}
pathType: {{ $pathType }}
backend:
service:
name: {{ include "argo-cd.server.fullname" $ }}
port:
{{- if kindIs "float64" $servicePort }}
number: {{ $servicePort }}
{{- else }}
name: {{ $servicePort }}
{{- end }}
{{- end -}}
{{- end -}}
{{- with .Values.server.ingress.tls }}
tls:
{{- toYaml . | nindent 4 }}
{{- end -}}
{{- end -}}

25
helm/argo-cd/templates/argocd-server/metrics.yaml Normal file
View File

@@ -0,0 +1,25 @@
{{- if .Values.server.metrics.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "argo-cd.server.fullname" . }}-metrics
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" (printf "%s-metrics" .Values.server.name)) | nindent 4 }}
{{- with .Values.server.metrics.service.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.server.metrics.service.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
ports:
- name: {{ .Values.server.metrics.service.portName }}
protocol: TCP
port: {{ .Values.server.metrics.service.servicePort }}
targetPort: metrics
selector:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }}
{{- end }}

16
helm/argo-cd/templates/argocd-server/networkpolicy.yaml Normal file
View File

@@ -0,0 +1,16 @@
{{- if .Values.global.networkPolicy.create }}
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
name: {{ template "argo-cd.server.fullname" . }}
spec:
ingress:
- {}
podSelector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 6 }}
policyTypes:
- Ingress
{{- end }}

26
helm/argo-cd/templates/argocd-server/openshift/route.yaml Normal file
View File

@@ -0,0 +1,26 @@
{{- if .Values.server.route.enabled -}}
apiVersion: route.openshift.io/v1
kind: Route
metadata:
name: {{ template "argo-cd.server.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
{{- with .Values.server.route.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
host: {{ .Values.server.route.hostname | quote }}
to:
kind: Service
name: {{ template "argo-cd.server.fullname" . }}
weight: 100
port:
targetPort: https
tls:
termination: {{ .Values.server.route.termination_type | quote }}
insecureEdgeTerminationPolicy: {{ .Values.server.route.termination_policy | quote }}
wildcardPolicy: None
{{- end }}

26
helm/argo-cd/templates/argocd-server/pdb.yaml Normal file
View File

@@ -0,0 +1,26 @@
{{- if .Values.server.pdb.enabled }}
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: {{ include "argo-cd.server.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
{{- with .Values.server.pdb.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.server.pdb.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
{{- with .Values.server.pdb.maxUnavailable }}
maxUnavailable: {{ . }}
{{- else }}
minAvailable: {{ .Values.server.pdb.minAvailable | default 0 }}
{{- end }}
selector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 6 }}
{{- end }}

52
helm/argo-cd/templates/argocd-server/role.yaml Normal file
View File

@@ -0,0 +1,52 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "argo-cd.server.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
rules:
- apiGroups:
- ""
resources:
- secrets
- configmaps
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
- apiGroups:
- argoproj.io
resources:
- applications
- applicationsets
- appprojects
{{- if .Values.server.extensions.enabled }}
- argocdextensions
{{- end }}
verbs:
- create
- get
- list
- watch
- update
- delete
- patch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- list
{{- if eq (toString (index (coalesce .Values.server.config .Values.configs.cm) "exec.enabled")) "true" }}
- apiGroups:
- ""
resources:
- pods/exec
verbs:
- create
{{- end }}

14
helm/argo-cd/templates/argocd-server/rolebinding.yaml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "argo-cd.server.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "argo-cd.server.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "argo-cd.serverServiceAccountName" . }}
namespace: {{ .Release.Namespace }}

52
helm/argo-cd/templates/argocd-server/service.yaml Normal file
View File

@@ -0,0 +1,52 @@
apiVersion: v1
kind: Service
metadata:
{{- if .Values.server.service.annotations }}
annotations:
{{- range $key, $value := .Values.server.service.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
name: {{ template "argo-cd.server.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
{{- if .Values.server.service.labels }}
{{- toYaml .Values.server.service.labels | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.server.service.type }}
ports:
- name: {{ .Values.server.service.servicePortHttpName }}
protocol: TCP
port: {{ .Values.server.service.servicePortHttp }}
targetPort: {{ .Values.server.containerPorts.server }}
{{- if eq .Values.server.service.type "NodePort" }}
nodePort: {{ .Values.server.service.nodePortHttp }}
{{- end }}
- name: {{ .Values.server.service.servicePortHttpsName }}
protocol: TCP
port: {{ .Values.server.service.servicePortHttps }}
targetPort: {{ .Values.server.containerPorts.server }}
{{- if eq .Values.server.service.type "NodePort" }}
nodePort: {{ .Values.server.service.nodePortHttps }}
{{- end }}
selector:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }}
{{- if eq .Values.server.service.type "LoadBalancer" }}
{{- if .Values.server.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.server.service.loadBalancerIP | quote }}
{{- end }}
{{- if .Values.server.service.externalIPs }}
externalIPs: {{ .Values.server.service.externalIPs }}
{{- end }}
{{- if .Values.server.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{ toYaml .Values.server.service.loadBalancerSourceRanges | indent 4 }}
{{- end }}
{{- end -}}
{{- with .Values.server.service.externalTrafficPolicy }}
externalTrafficPolicy: {{ . }}
{{- end }}
{{- with .Values.server.service.sessionAffinity }}
sessionAffinity: {{ . }}
{{- end }}

18
helm/argo-cd/templates/argocd-server/serviceaccount.yaml Normal file
View File

@@ -0,0 +1,18 @@
{{- if .Values.server.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: {{ .Values.server.serviceAccount.automountServiceAccountToken }}
metadata:
name: {{ template "argo-cd.serverServiceAccountName" . }}
{{- if .Values.server.serviceAccount.annotations }}
annotations:
{{- range $key, $value := .Values.server.serviceAccount.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
{{- range $key, $value := .Values.server.serviceAccount.labels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}

49
helm/argo-cd/templates/argocd-server/servicemonitor.yaml Normal file
View File

@@ -0,0 +1,49 @@
{{- if and .Values.server.metrics.enabled .Values.server.metrics.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "argo-cd.server.fullname" . }}
{{- if .Values.server.metrics.serviceMonitor.namespace }}
namespace: {{ .Values.server.metrics.serviceMonitor.namespace }}
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
{{- with .Values.server.metrics.serviceMonitor.selector }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.server.metrics.serviceMonitor.additionalLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
{{- range $key, $value := .Values.server.metrics.serviceMonitor.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
endpoints:
- port: {{ .Values.server.metrics.service.portName }}
{{- with .Values.server.metrics.serviceMonitor.interval }}
interval: {{ . }}
{{- end }}
path: /metrics
{{- with .Values.server.metrics.serviceMonitor.relabelings }}
relabelings:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.server.metrics.serviceMonitor.metricRelabelings }}
metricRelabelings:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.server.metrics.serviceMonitor.scheme }}
scheme: {{ . }}
{{- end }}
{{- with .Values.server.metrics.serviceMonitor.tlsConfig }}
tlsConfig:
{{- toYaml . | nindent 8 }}
{{- end }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
selector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.server.name "name" (printf "%s-metrics" .Values.server.name)) | nindent 6 }}
{{- end }}

4021
helm/argo-cd/templates/crds/crd-application.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

10775
helm/argo-cd/templates/crds/crd-applicationset.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

104
helm/argo-cd/templates/crds/crd-extension.yaml Normal file
View File

@@ -0,0 +1,104 @@
{{- if and .Values.crds.install .Values.server.extensions.enabled }}
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
{{- if .Values.crds.keep }}
"helm.sh/resource-policy": keep
{{- end }}
{{- with .Values.crds.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
controller-gen.kubebuilder.io/version: v0.4.1
labels:
app.kubernetes.io/name: argocdextensions.argoproj.io
app.kubernetes.io/part-of: argocd
name: argocdextensions.argoproj.io
spec:
group: argoproj.io
names:
kind: ArgoCDExtension
listKind: ArgoCDExtensionList
plural: argocdextensions
singular: argocdextension
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: ArgoCDExtension is the Schema for the argocdextensions API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: ArgoCDExtensionSpec defines the desired state of ArgoCDExtension
properties:
sources:
description: Sources specifies where the extension should come from
items:
description: ExtensionSource specifies where the extension should
be sourced from
properties:
git:
description: Git is specified if the extension should be sourced
from a git repository
properties:
revision:
description: Revision specifies the revision of the Repository
to fetch
type: string
url:
description: URL specifies the Git repository URL to fetch
type: string
type: object
web:
description: Web is specified if the extension should be sourced
from a web file
properties:
url:
description: URK specifies the remote file URL
type: string
type: object
type: object
type: array
required:
- sources
type: object
status:
description: ArgoCDExtensionStatus defines the observed state of ArgoCDExtension
properties:
conditions:
items:
properties:
message:
description: Message contains human-readable message indicating
details about condition
type: string
status:
description: Boolean status describing if the condition is currently
true
type: string
type:
description: Type is an ArgoCDExtension condition type
type: string
required:
- message
- status
- type
type: object
type: array
type: object
type: object
served: true
storage: true
{{- end }}

331
helm/argo-cd/templates/crds/crd-project.yaml Normal file
View File

@@ -0,0 +1,331 @@
{{- if .Values.crds.install }}
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
{{- if .Values.crds.keep }}
"helm.sh/resource-policy": keep
{{- end }}
{{- with .Values.crds.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
app.kubernetes.io/name: appprojects.argoproj.io
app.kubernetes.io/part-of: argocd
name: appprojects.argoproj.io
spec:
group: argoproj.io
names:
kind: AppProject
listKind: AppProjectList
plural: appprojects
shortNames:
- appproj
- appprojs
singular: appproject
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: 'AppProject provides a logical grouping of applications, providing
controls for: * where the apps may deploy to (cluster whitelist) * what
may be deployed (repository whitelist, resource whitelist/blacklist) * who
can access these applications (roles, OIDC group claims bindings) * and
what they can do (RBAC policies) * automation access to these roles (JWT
tokens)'
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AppProjectSpec is the specification of an AppProject
properties:
clusterResourceBlacklist:
description: ClusterResourceBlacklist contains list of blacklisted
cluster level resources
items:
description: GroupKind specifies a Group and a Kind, but does not
force a version. This is useful for identifying concepts during
lookup stages without having partially valid types
properties:
group:
type: string
kind:
type: string
required:
- group
- kind
type: object
type: array
clusterResourceWhitelist:
description: ClusterResourceWhitelist contains list of whitelisted
cluster level resources
items:
description: GroupKind specifies a Group and a Kind, but does not
force a version. This is useful for identifying concepts during
lookup stages without having partially valid types
properties:
group:
type: string
kind:
type: string
required:
- group
- kind
type: object
type: array
description:
description: Description contains optional project description
type: string
destinations:
description: Destinations contains list of destinations available
for deployment
items:
description: ApplicationDestination holds information about the
application's destination
properties:
name:
description: Name is an alternate way of specifying the target
cluster by its symbolic name
type: string
namespace:
description: Namespace specifies the target namespace for the
application's resources. The namespace will only be set for
namespace-scoped resources that have not set a value for .metadata.namespace
type: string
server:
description: Server specifies the URL of the target cluster
and must be set to the Kubernetes control plane API
type: string
type: object
type: array
namespaceResourceBlacklist:
description: NamespaceResourceBlacklist contains list of blacklisted
namespace level resources
items:
description: GroupKind specifies a Group and a Kind, but does not
force a version. This is useful for identifying concepts during
lookup stages without having partially valid types
properties:
group:
type: string
kind:
type: string
required:
- group
- kind
type: object
type: array
namespaceResourceWhitelist:
description: NamespaceResourceWhitelist contains list of whitelisted
namespace level resources
items:
description: GroupKind specifies a Group and a Kind, but does not
force a version. This is useful for identifying concepts during
lookup stages without having partially valid types
properties:
group:
type: string
kind:
type: string
required:
- group
- kind
type: object
type: array
orphanedResources:
description: OrphanedResources specifies if controller should monitor
orphaned resources of apps in this project
properties:
ignore:
description: Ignore contains a list of resources that are to be
excluded from orphaned resources monitoring
items:
description: OrphanedResourceKey is a reference to a resource
to be ignored from
properties:
group:
type: string
kind:
type: string
name:
type: string
type: object
type: array
warn:
description: Warn indicates if warning condition should be created
for apps which have orphaned resources
type: boolean
type: object
permitOnlyProjectScopedClusters:
description: PermitOnlyProjectScopedClusters determines whether destinations
can only reference clusters which are project-scoped
type: boolean
roles:
description: Roles are user defined RBAC roles associated with this
project
items:
description: ProjectRole represents a role that has access to a
project
properties:
description:
description: Description is a description of the role
type: string
groups:
description: Groups are a list of OIDC group claims bound to
this role
items:
type: string
type: array
jwtTokens:
description: JWTTokens are a list of generated JWT tokens bound
to this role
items:
description: JWTToken holds the issuedAt and expiresAt values
of a token
properties:
exp:
format: int64
type: integer
iat:
format: int64
type: integer
id:
type: string
required:
- iat
type: object
type: array
name:
description: Name is a name for this role
type: string
policies:
description: Policies Stores a list of casbin formatted strings
that define access policies for the role in the project
items:
type: string
type: array
required:
- name
type: object
type: array
signatureKeys:
description: SignatureKeys contains a list of PGP key IDs that commits
in Git must be signed with in order to be allowed for sync
items:
description: SignatureKey is the specification of a key required
to verify commit signatures with
properties:
keyID:
description: The ID of the key in hexadecimal notation
type: string
required:
- keyID
type: object
type: array
sourceNamespaces:
description: SourceNamespaces defines the namespaces application resources
are allowed to be created in
items:
type: string
type: array
sourceRepos:
description: SourceRepos contains list of repository URLs which can
be used for deployment
items:
type: string
type: array
syncWindows:
description: SyncWindows controls when syncs can be run for apps in
this project
items:
description: SyncWindow contains the kind, time, duration and attributes
that are used to assign the syncWindows to apps
properties:
applications:
description: Applications contains a list of applications that
the window will apply to
items:
type: string
type: array
clusters:
description: Clusters contains a list of clusters that the window
will apply to
items:
type: string
type: array
duration:
description: Duration is the amount of time the sync window
will be open
type: string
kind:
description: Kind defines if the window allows or blocks syncs
type: string
manualSync:
description: ManualSync enables manual syncs when they would
otherwise be blocked
type: boolean
namespaces:
description: Namespaces contains a list of namespaces that the
window will apply to
items:
type: string
type: array
schedule:
description: Schedule is the time the window will begin, specified
in cron format
type: string
timeZone:
description: TimeZone of the sync that will be applied to the
schedule
type: string
type: object
type: array
type: object
status:
description: AppProjectStatus contains status information for AppProject
CRs
properties:
jwtTokensByRole:
additionalProperties:
description: JWTTokens represents a list of JWT tokens
properties:
items:
items:
description: JWTToken holds the issuedAt and expiresAt values
of a token
properties:
exp:
format: int64
type: integer
iat:
format: int64
type: integer
id:
type: string
required:
- iat
type: object
type: array
type: object
description: JWTTokensByRole contains a list of JWT tokens issued
for a given role
type: object
type: object
required:
- metadata
- spec
type: object
served: true
storage: true
{{- end }}

196
helm/argo-cd/templates/dex/deployment.yaml Executable file
View File

@@ -0,0 +1,196 @@
{{- if .Values.dex.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
{{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.dex.deploymentAnnotations) }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
name: {{ template "argo-cd.dex.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }}
spec:
replicas: 1
revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }}
selector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.dex.name) | nindent 6 }}
template:
metadata:
annotations:
checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }}
{{- if .Values.dex.certificateSecret.enabled }}
checksum/dex-server-tls: {{ include (print $.Template.BasePath "/argocd-configs/argocd-dex-server-tls-secret.yaml") . | sha256sum }}
{{- end }}
{{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.dex.podAnnotations) }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 8 }}
{{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.dex.podLabels) }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.dex.imagePullSecrets | default .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.global.hostAliases }}
hostAliases:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with.Values.global.securityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.dex.priorityClassName | default .Values.global.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}
serviceAccountName: {{ template "argo-cd.dexServiceAccountName" . }}
containers:
- name: {{ .Values.dex.name }}
image: {{ .Values.dex.image.repository }}:{{ .Values.dex.image.tag }}
imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.dex.image.imagePullPolicy }}
command:
- /shared/argocd-dex
args:
- rundex
{{- with .Values.dex.extraArgs }}
{{- toYaml . | nindent 8 }}
{{- end }}
env:
{{- with .Values.dex.env }}
{{- toYaml . | nindent 10 }}
{{- end }}
- name: ARGOCD_DEX_SERVER_DISABLE_TLS
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: dexserver.disable.tls
optional: true
{{- with .Values.dex.envFrom }}
envFrom:
{{- toYaml . | nindent 10 }}
{{- end }}
ports:
- name: http
containerPort: {{ .Values.dex.containerPorts.http }}
protocol: TCP
- name: grpc
containerPort: {{ .Values.dex.containerPorts.grpc }}
protocol: TCP
- name: metrics
containerPort: {{ .Values.dex.containerPorts.metrics }}
protocol: TCP
{{- if .Values.dex.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: /healthz/live
port: metrics
initialDelaySeconds: {{ .Values.dex.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.dex.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.dex.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.dex.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.dex.livenessProbe.failureThreshold }}
{{- end }}
{{- if .Values.dex.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: /healthz/ready
port: metrics
initialDelaySeconds: {{ .Values.dex.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.dex.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.dex.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.dex.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.dex.readinessProbe.failureThreshold }}
{{- end }}
resources:
{{- toYaml .Values.dex.resources | nindent 10 }}
securityContext:
{{- toYaml .Values.dex.containerSecurityContext | nindent 10 }}
volumeMounts:
{{- with .Values.dex.volumeMounts }}
{{- toYaml . | nindent 8 }}
{{- end }}
- name: static-files
mountPath: /shared
- name: dexconfig
mountPath: /tmp
- name: argocd-dex-server-tls
mountPath: /tls
{{- with .Values.dex.extraContainers }}
{{- tpl (toYaml .) $ | nindent 6 }}
{{- end }}
initContainers:
- name: copyutil
image: {{ default .Values.global.image.repository .Values.dex.initImage.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.dex.initImage.tag }}
imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.dex.initImage.imagePullPolicy }}
command:
- cp
- -n
- /usr/local/bin/argocd
- /shared/argocd-dex
volumeMounts:
- mountPath: /shared
name: static-files
- mountPath: /tmp
name: dexconfig
resources:
{{- toYaml .Values.dex.resources | nindent 10 }}
securityContext:
{{- toYaml .Values.dex.containerSecurityContext | nindent 10 }}
{{- with .Values.dex.initContainers }}
{{- tpl (toYaml .) $ | nindent 6 }}
{{- end }}
{{- with include "argo-cd.affinity" (dict "context" . "component" .Values.dex) }}
affinity:
{{- trim . | nindent 8 }}
{{- end }}
{{- with .Values.dex.nodeSelector | default .Values.global.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.dex.tolerations | default .Values.global.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.dex.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }}
topologySpreadConstraints:
{{- range $constraint := . }}
- {{ toYaml $constraint | nindent 8 | trim }}
{{- if not $constraint.labelSelector }}
labelSelector:
matchLabels:
{{- include "argo-cd.selectorLabels" (dict "context" $ "name" $.Values.dex.name) | nindent 12 }}
{{- end }}
{{- end }}
{{- end }}
volumes:
- name: static-files
emptyDir: {}
- name: dexconfig
emptyDir: {}
- name: argocd-dex-server-tls
secret:
secretName: argocd-dex-server-tls
optional: true
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
- key: ca.crt
path: ca.crt
{{- with .Values.dex.volumes }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.dex.dnsConfig }}
dnsConfig:
{{- toYaml . | nindent 8 }}
{{- end }}
dnsPolicy: {{ .Values.dex.dnsPolicy }}
{{- end }}

Some files were not shown because too many files have changed in this diff Show More