Renaming, addition of draft cert-manager, templating

This commit is contained in:
Stefan Reimer 2020-05-05 15:21:09 +01:00
parent d0852fb193
commit 889731ec66
82 changed files with 6018 additions and 5042 deletions

View File

@ -1,23 +0,0 @@
{{- if .Values.calico.enabled }}
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: calico
namespace: argocd
labels:
app.kubernetes.io/name: {{ .Chart.Name }}-calico
helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: kubezero
spec:
project: kubezero
source:
repoURL: {{ default .Values.defaultSource.repoURL }}
targetRevision: {{ default .Values.defaultSource.targetRevision }}
path: {{ default .Values.defaultSource.pathPrefix }}artifacts/calico
destination:
server: {{ default .Values.defaultDestination.server }}
namespace: kube-system
{{- end }}

View File

@ -1,23 +0,0 @@
{{- if .Values.certManager.enabled }}
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: cert-manager
namespace: argocd
labels:
app.kubernetes.io/name: {{ .Chart.Name }}-cert-manager
helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: kubezero
spec:
project: kubezero
source:
repoURL: {{ default .Values.defaultSource.repoURL }}
targetRevision: {{ default .Values.defaultSource.targetRevision }}
path: {{ default .Values.defaultSource.pathPrefix }}artifacts/cert-manager
destination:
server: {{ default .Values.defaultDestination.server }}
namespace: kube-system
{{- end }}

View File

@ -1,25 +0,0 @@
{{- if .Values.localVolumeProvisioner.enabled }}
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: local-volume-provisioner
namespace: argocd
labels:
app.kubernetes.io/name: {{ .Chart.Name }}-localVolumeProvisioner
helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: kubezero
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: kubezero
source:
repoURL: {{ default .Values.defaultSource.repoURL }}
targetRevision: {{ default .Values.defaultSource.targetRevision }}
path: {{ default .Values.defaultSource.pathPrefix }}artifacts/local-volume-provisioner
destination:
server: {{ default .Values.defaultDestination.server }}
namespace: kube-system
{{- end }}

View File

@ -0,0 +1,6 @@
dependencies:
- name: argo-cd
repository: https://argoproj.github.io/argo-helm
version: 2.2.13
digest: sha256:f27e25c51f555fd32ccb9c29ac5351938c78fc7b0bce1eb26acbc21a261caabf
generated: "2020-05-04T23:48:08.109493489+01:00"

View File

@ -1,7 +1,7 @@
apiVersion: v2
description: KubeZero Helm chart to install Zero Down Time Kuberenetes platform
name: kubezero
version: 0.1.8
version: 0.2.0
home: https://kubezero.com
keywords:
- kubezero
@ -11,5 +11,5 @@ maintainers:
- name: Quarky9
dependencies:
- name: argo-cd
version: 2.2.12
version: 2.2.13
repository: https://argoproj.github.io/argo-helm

View File

@ -2,7 +2,7 @@ kubezero
========
KubeZero Helm chart to install Zero Down Time Kuberenetes platform
Current chart version is `0.1.8`
Current chart version is `0.2.0`
Source code can be found [here](https://kubezero.com)
@ -10,7 +10,7 @@ Source code can be found [here](https://kubezero.com)
| Repository | Name | Version |
|------------|------|---------|
| https://argoproj.github.io/argo-helm | argo-cd | 2.2.12 |
| https://argoproj.github.io/argo-helm | argo-cd | 2.2.13 |
## Chart Values
@ -33,7 +33,6 @@ Source code can be found [here](https://kubezero.com)
| argo-cd.server.service.servicePortHttpsName | string | `"grpc"` | |
| argo-cd.server.tolerations[0].effect | string | `"NoSchedule"` | |
| argo-cd.server.tolerations[0].key | string | `"node-role.kubernetes.io/master"` | |
| bootstrap | bool | `true` | Wether to install the root-app `kubezero-app` |
| config | object | `{}` | Kubezero configuration to be passed into kubezero-app |
| istio.enabled | bool | `false` | Deploy Istio VirtualService to expose ArgoCD |
| istio.gateway | string | `"ingressgateway.istio-system.svc.cluster.local"` | Name of the Istio gateway to add the VirtualService to |
| kubezero | object | `{}` | Kubezero configuration, values.yaml please see kubezeroApp |

View File

@ -1,2 +0,0 @@
*.tgz
output

View File

@ -1,16 +0,0 @@
apiVersion: v1
appVersion: "1.5.2"
description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes.
name: argo-cd
version: 2.2.12
home: https://github.com/argoproj/argo-helm
icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
keywords:
- argoproj
- argocd
- gitops
maintainers:
- name: alexec
- name: alexmt
- name: jessesuen
- name: seanson

View File

@ -1,308 +0,0 @@
# Argo CD Chart
A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes.
Source code can be found [here](https://argoproj.github.io/argo-cd/)
## Additional Information
This is a **community maintained** chart. This chart installs [argo-cd](https://argoproj.github.io/argo-cd/), a declarative, GitOps continuous delivery tool for Kubernetes.
The default installation is intended to be similar to the provided ArgoCD [releases](https://github.com/argoproj/argo-cd/releases).
This chart currently installs the non-HA version of ArgoCD.
## Upgrading
### 1.8.7 to 2.x.x
`controller.extraArgs`, `repoServer.extraArgs` and `server.extraArgs` are not arrays of strings intead of a map
What was
```yaml
server:
extraArgs:
insecure: ""
```
is now
```yaml
server:
extraArgs:
- --insecure
```
## Prerequisites
- Kubernetes 1.7+
## Installing the Chart
To install the chart with the release name `my-release`:
```console
$ helm repo add argo https://argoproj.github.io/argo-helm
"argo" has been added to your repositories
$ helm install --name my-release argo/argo-cd
NAME: my-release
...
```
### Helm v3 Compatability
Requires chart version 1.5.2 or newer.
Helm v3 has removed the `install-crds` hook so CRDs are now populated by files in the [crds](./crds) directory. Users of Helm v3 should set the `installCRDs` value to `false` to avoid warnings about nonexistant webhooks.
## Chart Values
| Parameter | Description | Default |
|-----|------|---------|
| global.image.imagePullPolicy | If defined, a imagePullPolicy applied to all ArgoCD deployments. | `"IfNotPresent"` |
| global.image.repository | If defined, a repository applied to all ArgoCD deployments. | `"argoproj/argocd"` |
| global.image.tag | If defined, a tag applied to all ArgoCD deployments. | `"v1.5.2"` |
| global.securityContext | Toggle and define securityContext | See [values.yaml](values.yaml) |
| global.imagePullSecrets | If defined, uses a Secret to pull an image from a private Docker registry or repository. | `[]` |
| global.hostAliases | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | `[]` |
| nameOverride | Provide a name in place of `argocd` | `"argocd"` |
| installCRDs | Install CRDs if you are using Helm2. | `true` |
| configs.knownHosts.data.ssh_known_hosts | Known Hosts | See [values.yaml](values.yaml) |
| configs.secret.annotations | Annotations for argocd-secret | `{}` |
| configs.secret.argocdServerAdminPassword | Admin password | `null` |
| configs.secret.argocdServerAdminPasswordMtime | Admin password modification time | `date "2006-01-02T15:04:05Z" now` if configs.secret.argocdServerAdminPassword is set |
| configs.secret.bitbucketSecret | BitBucket incoming webhook secret | `""` |
| configs.secret.createSecret | Create the argocd-secret. | `true` |
| configs.secret.githubSecret | GitHub incoming webhook secret | `""` |
| configs.secret.gitlabSecret | GitLab incoming webhook secret | `""` |
| configs.tlsCerts.data."argocd.example.com" | TLS certificate | See [values.yaml](values.yaml) |
| configs.secret.extra | add additional secrets to be added to argocd-secret | `{}` |
| openshift.enabled | enables using arbitrary uid for argo repo server | `false` |
## ArgoCD Controller
| Parameter | Description | Default |
|-----|---------|-------------|
| controller.affinity | [Assign custom affinity rules to the deployment](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) | `{}` |
| controller.args.operationProcessors | define the controller `--operation-processors` | `"10"` |
| controller.args.statusProcessors | define the controller `--status-processors` | `"20"` |
| controller.clusterAdminAccess.enabled | Enable RBAC for local cluster deployments. | `true` |
| controller.containerPort | Controller listening port. | `8082` |
| controller.extraArgs | Additional arguments for the controller. A list of flags | `[]` |
| controller.env | Environment variables for the controller. | `[]` |
| controller.image.repository | Repository to use for the controller | `global.image.repository` |
| controller.image.imagePullPolicy | Image pull policy for the controller | `global.image.imagePullPolicy` |
| controller.image.tag | Tag to use for the controller | `global.image.tag` |
| controller.livenessProbe.failureThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `3` |
| controller.livenessProbe.initialDelaySeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` |
| controller.livenessProbe.periodSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` |
| controller.livenessProbe.successThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` |
| controller.livenessProbe.timeoutSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` |
| controller.logLevel | Controller log level | `"info"` |
| controller.metrics.enabled | Deploy metrics service | `false` |
| controller.metrics.service.annotations | Metrics service annotations | `{}` |
| controller.metrics.service.labels | Metrics service labels | `{}` |
| controller.metrics.service.servicePort | Metrics service port | `8082` |
| controller.metrics.serviceMonitor.enabled | Enable a prometheus ServiceMonitor. | `false` |
| controller.metrics.serviceMonitor.selector | Prometheus ServiceMonitor selector. | `{}` |
| controller.name | Controller name string. | `"application-controller"` |
| controller.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` |
| controller.podAnnotations | Annotations for the controller pods | `{}` |
| controller.podLabels | Labels for the controller pods | `{}` |
| controller.priorityClassName | Priority class for the controller pods | `""` |
| controller.readinessProbe.failureThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `3` |
| controller.readinessProbe.initialDelaySeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` |
| controller.readinessProbe.periodSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` |
| controller.readinessProbe.successThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` |
| controller.readinessProbe.timeoutSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` |
| controller.resources | Resource limits and requests for the controller pods. | `{}` |
| controller.service.annotations | Controller service annotations. | `{}` |
| controller.service.labels | Controller service labels. | `{}` |
| controller.service.port | Controller service port. | `8082` |
| controller.serviceAccount.create | Create a service account for the controller | `true` |
| controller.serviceAccount.name | Service account name. | `"argocd-application-controller"` |
| controller.tolerations | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` |
| controller.volumeMounts | Controller volume mounts | `[]` |
| controller.volumes | Controller volumes | `[]` |
## Argo Repo Server
| Property | Description | Default |
|-----|---------|-------------|
| repoServer.affinity | [Assign custom affinity rules to the deployment](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) | `{}` |
| repoServer.autoscaling.enabled | Enable Horizontal Pod Autoscaler ([HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/)) for the repo server | `false` |
| repoServer.autoscaling.minReplicas | Minimum number of replicas for the repo server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `1` |
| repoServer.autoscaling.maxReplicas | Maximum number of replicas for the repo server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `5` |
| repoServer.autoscaling.targetCPUUtilizationPercentage | Average CPU utilization percentage for the repo server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `50` |
| repoServer.autoscaling.targetMemoryUtilizationPercentage | Average memory utilization percentage for the repo server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `50` |
| repoServer.containerPort | Repo server port | `8081` |
| repoServer.extraArgs | Additional arguments for the repo server. A list of flags. | `[]` |
| repoServer.env | Environment variables for the repo server. | `[]` |
| repoServer.image.repository | Repository to use for the repo server | `global.image.repository` |
| repoServer.image.imagePullPolicy | Image pull policy for the repo server | `global.image.imagePullPolicy` |
| repoServer.image.tag | Tag to use for the repo server | `global.image.tag` |
| repoServer.livenessProbe.failureThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `3` |
| repoServer.livenessProbe.initialDelaySeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` |
| repoServer.livenessProbe.periodSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` |
| repoServer.livenessProbe.successThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` |
| repoServer.livenessProbe.timeoutSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` |
| repoServer.logLevel | Log level | `"info"` |
| repoServer.metrics.enabled | Deploy metrics service | `false` |
| repoServer.metrics.service.annotations | Metrics service annotations | `{}` |
| repoServer.metrics.service.labels | Metrics service labels | `{}` |
| repoServer.metrics.service.servicePort | Metrics service port | `8082` |
| repoServer.metrics.serviceMonitor.enabled | Enable a prometheus ServiceMonitor. | `false` |
| repoServer.metrics.serviceMonitor.selector | Prometheus ServiceMonitor selector. | `{}` |
| repoServer.name | Repo server name | `"repo-server"` |
| repoServer.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` |
| repoServer.podAnnotations | Annotations for the repo server pods | `{}` |
| repoServer.podLabels | Labels for the repo server pods | `{}` |
| repoServer.priorityClassName | Priority class for the repo server | `""` |
| repoServer.readinessProbe.failureThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `3` |
| repoServer.readinessProbe.initialDelaySeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` |
| repoServer.readinessProbe.periodSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` |
| repoServer.readinessProbe.successThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` |
| repoServer.readinessProbe.timeoutSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` |
| repoServer.replicas | The number of repo server pods to run | `1` |
| repoServer.resources | Resource limits and requests for the repo server pods. | `{}` |
| repoServer.service.annotations | Repo server service annotations. | `{}` |
| repoServer.service.labels | Repo server service labels. | `{}` |
| repoServer.service.port | Repo server service port. | `8081` |
| repoServer.tolerations | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` |
| repoServer.volumeMounts | Repo server volume mounts | `[]` |
| repoServer.volumes | Repo server volumes | `[]` |
## Argo Server
| Parameter | Description | Default |
|-----|---------|-------------|
| server.affinity | [Assign custom affinity rules to the deployment](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) | `{}` |
| server.autoscaling.enabled | Enable Horizontal Pod Autoscaler ([HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/)) for the server | `false` |
| server.autoscaling.minReplicas | Minimum number of replicas for the server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `1` |
| server.autoscaling.maxReplicas | Maximum number of replicas for the server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `5` |
| server.autoscaling.targetCPUUtilizationPercentage | Average CPU utilization percentage for the server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `50` |
| server.autoscaling.targetMemoryUtilizationPercentage | Average memory utilization percentage for the server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `50` |
| server.GKEbackendConfig.enabled | Enable BackendConfig custom resource for Google Kubernetes Engine. | `false` |
| server.GKEbackendConfig.spec | [BackendConfigSpec](https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom) | `{}` |
| server.certificate.additionalHosts | Certificate manager additional hosts | `[]` |
| server.certificate.domain | Certificate manager domain | `"argocd.example.com"` |
| server.certificate.enabled | Enables a certificate manager certificate. | `false` |
| server.certificate.issuer | Certificate manager issuer | `{}` |
| server.clusterAdminAccess.enabled | Enable RBAC for local cluster deployments. | `true` |
| server.config | [General Argo CD configuration](https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#repositories) | See [values.yaml](values.yaml) |
| server.containerPort | Server container port. | `8080` |
| server.extraArgs | Additional arguments for the server. A list of flags. | `[]` |
| server.env | Environment variables for the server. | `[]` |
| server.image.repository | Repository to use for the server | `global.image.repository` |
| server.image.imagePullPolicy | Image pull policy for the server | `global.image.imagePullPolicy` |
| server.image.tag | Tag to use for the server | `global.image.tag` |
| server.ingress.annotations | Additional ingress annotations | `{}` |
| server.ingress.enabled | Enable an ingress resource for the server | `false` |
| server.ingress.hosts | List of ingress hosts | `[]` |
| server.ingress.labels | Additional ingress labels. | `{}` |
| server.ingress.tls | Ingress TLS configuration. | `[]` |
| server.route.enabled | Enable a OpenShift route for the server | `false` |
| server.route.hostname | Hostname of OpenShift route | `""` |
| server.livenessProbe.failureThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `3` |
| server.livenessProbe.initialDelaySeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` |
| server.livenessProbe.periodSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` |
| server.livenessProbe.successThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` |
| server.livenessProbe.timeoutSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` |
| server.logLevel | Log level | `"info"` |
| server.metrics.enabled | Deploy metrics service | `false` |
| server.metrics.service.annotations | Metrics service annotations | `{}` |
| server.metrics.service.labels | Metrics service labels | `{}` |
| server.metrics.service.servicePort | Metrics service port | `8082` |
| server.metrics.serviceMonitor.enabled | Enable a prometheus ServiceMonitor. | `false` |
| server.metrics.serviceMonitor.selector | Prometheus ServiceMonitor selector. | `{}` |
| server.name | Argo CD server name | `"server"` |
| server.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` |
| server.podAnnotations | Annotations for the server pods | `{}` |
| server.podLabels | Labels for the server pods | `{}` |
| server.priorityClassName | Priority class for the server | `""` |
| server.rbacConfig | [Argo CD RBAC policy](https://argoproj.github.io/argo-cd/operator-manual/rbac/) | `{}` |
| server.readinessProbe.failureThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `3` |
| server.readinessProbe.initialDelaySeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` |
| server.readinessProbe.periodSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` |
| server.readinessProbe.successThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` |
| server.readinessProbe.timeoutSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` |
| server.replicas | The number of server pods to run | `1` |
| server.resources | Resource limits and requests for the server | `{}` |
| server.service.annotations | Server service annotations | `{}` |
| server.service.labels | Server service labels | `{}` |
| server.service.servicePortHttp | Server service http port | `80` |
| server.service.servicePortHttps | Server service https port | `443` |
| server.service.servicePortHttpName | Server service http port name, can be used to route traffic via istio | `http` |
| server.service.servicePortHttpsName | Server service https port name, can be used to route traffic via istio | `https` |
| server.service.loadBalancerSourceRanges | Source IP ranges to allow access to service from. | `[]` |
| server.service.type | Server service type | `"ClusterIP"` |
| server.serviceAccount.create | Create server service account | `true` |
| server.serviceAccount.name | Server service account name | `"argocd-server"` |
| server.tolerations | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` |
| server.volumeMounts | Server volume mounts | `[]` |
| server.volumes | Server volumes | `[]` |
## Dex
| Property | Description | Default |
|-----|---------|-------------|
| dex.affinity | [Assign custom affinity rules to the deployment](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) | `{}` |
| dex.containerPortGrpc | GRPC container port | `5557` |
| dex.containerPortHttp | HTTP container port | `5556` |
| dex.enabled | Enable dex | `true` |
| dex.image.imagePullPolicy | Dex imagePullPolicy | `"IfNotPresent"` |
| dex.image.repository | Dex image repository | `"quay.io/dexidp/dex"` |
| dex.image.tag | Dex image tag | `"v2.14.0"` |
| dex.initImage.repository | Argo CD init image repository. | `global.image.repository` |
| dex.initImage.imagePullPolicy | Argo CD init image imagePullPolicy | `global.image.imagePullPolicy` |
| dex.initImage.tag | Argo CD init image tag | `global.image.tag` |
| dex.name | Dex name | `"dex-server"` |
| dex.env | Environment variables for the Dex server. | `[]` |
| dex.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` |
| dex.podAnnotations | Annotations for the Dex server pods | `{}` |
| dex.podLabels | Labels for the Dex server pods | `{}` |
| dex.priorityClassName | Priority class for dex | `""` |
| dex.resources | Resource limits and requests for dex | `{}` |
| dex.serviceAccount.create | Create dex service account | `true` |
| dex.serviceAccount.name | Dex service account name | `"argocd-dex-server"` |
| dex.servicePortGrpc | Server GRPC port | `5557` |
| dex.servicePortHttp | Server HTTP port | `5556` |
| dex.tolerations | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` |
| dex.volumeMounts | Dex volume mounts | `"/shared"` |
| dex.volumes | Dex volumes | `{}` |
## Redis
When Redis is completely disabled from the chart (`redis.enabled=false`) and
an external Redis instance wants to be used or
when Redis HA subcart is enabled (`redis.enabled=true and redis-ha.enabled=true`)
but HA proxy is disabled `redis-ha.haproxy.enabled=false` Redis flags need to be specified
through `xxx.extraArgs`
| Parameter | Description | Default |
|-----|---------|-------------|
| redis.affinity | [Assign custom affinity rules to the deployment](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) | `{}` |
| redis.containerPort | Redis container port | `6379` |
| redis.enabled | Enable redis | `true` |
| redis.image.imagePullPolicy | Redis imagePullPolicy | `"IfNotPresent"` |
| redis.image.repository | Redis repository | `"redis"` |
| redis.image.tag | Redis tag | `"5.0.3"` |
| redis.name | Redis name | `"redis"` |
| redis.env | Environment variables for the Redis server. | `[]` |
| redis.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` |
| redis.podAnnotations | Annotations for the Redis server pods | `{}` |
| redis.podLabels | Labels for the Redis server pods | `{}` |
| redis.priorityClassName | Priority class for redis | `""` |
| redis.resources | Resource limits and requests for redis | `{}` |
| redis.servicePort | Redis service port | `6379` |
| redis.tolerations | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` |
| redis-ha | Configures [Redis HA subchart](https://github.com/helm/charts/tree/master/stable/redis-ha) The properties below have been changed from the subchart defaults | |
| redis-ha.enabled | Enables the Redis HA subchart and disables the custom Redis single node deployment| `false` |
| redis-ha.exporter.enabled | If `true`, the prometheus exporter sidecar is enabled | `true` |
| redis-ha.persistentVolume.enabled | Configures persistency on Redis nodes | `false`
| redis-ha.redis.masterGroupName | Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated | `argocd`
| redis-ha.redis.config | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) | `` |
| redis-ha.redis.config.save | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled | `""` |
| redis-ha.haproxy.enabled | Enabled HAProxy LoadBalancing/Proxy | `true` |
| redis-ha.haproxy.metrics.enabled | HAProxy enable prometheus metric scraping | `true` |

File diff suppressed because it is too large Load Diff

View File

@ -1,209 +0,0 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
labels:
app.kubernetes.io/name: appprojects.argoproj.io
app.kubernetes.io/part-of: argocd
name: appprojects.argoproj.io
annotations:
helm.sh/hook: crd-install
spec:
group: argoproj.io
names:
kind: AppProject
listKind: AppProjectList
plural: appprojects
shortNames:
- appproj
- appprojs
singular: appproject
scope: Namespaced
validation:
openAPIV3Schema:
description: 'AppProject provides a logical grouping of applications, providing
controls for: * where the apps may deploy to (cluster whitelist) * what may
be deployed (repository whitelist, resource whitelist/blacklist) * who can
access these applications (roles, OIDC group claims bindings) * and what they
can do (RBAC policies) * automation access to these roles (JWT tokens)'
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AppProjectSpec is the specification of an AppProject
properties:
clusterResourceWhitelist:
description: ClusterResourceWhitelist contains list of whitelisted cluster
level resources
items:
description: GroupKind specifies a Group and a Kind, but does not
force a version. This is useful for identifying concepts during
lookup stages without having partially valid types
properties:
group:
type: string
kind:
type: string
required:
- group
- kind
type: object
type: array
description:
description: Description contains optional project description
type: string
destinations:
description: Destinations contains list of destinations available for
deployment
items:
description: ApplicationDestination contains deployment destination
information
properties:
namespace:
description: Namespace overrides the environment namespace value
in the ksonnet app.yaml
type: string
server:
description: Server overrides the environment server value in
the ksonnet app.yaml
type: string
type: object
type: array
namespaceResourceBlacklist:
description: NamespaceResourceBlacklist contains list of blacklisted
namespace level resources
items:
description: GroupKind specifies a Group and a Kind, but does not
force a version. This is useful for identifying concepts during
lookup stages without having partially valid types
properties:
group:
type: string
kind:
type: string
required:
- group
- kind
type: object
type: array
orphanedResources:
description: OrphanedResources specifies if controller should monitor
orphaned resources of apps in this project
properties:
warn:
description: Warn indicates if warning condition should be created
for apps which have orphaned resources
type: boolean
type: object
roles:
description: Roles are user defined RBAC roles associated with this
project
items:
description: ProjectRole represents a role that has access to a project
properties:
description:
description: Description is a description of the role
type: string
groups:
description: Groups are a list of OIDC group claims bound to this
role
items:
type: string
type: array
jwtTokens:
description: JWTTokens are a list of generated JWT tokens bound
to this role
items:
description: JWTToken holds the issuedAt and expiresAt values
of a token
properties:
exp:
format: int64
type: integer
iat:
format: int64
type: integer
required:
- iat
type: object
type: array
name:
description: Name is a name for this role
type: string
policies:
description: Policies Stores a list of casbin formated strings
that define access policies for the role in the project
items:
type: string
type: array
required:
- name
type: object
type: array
sourceRepos:
description: SourceRepos contains list of repository URLs which can
be used for deployment
items:
type: string
type: array
syncWindows:
description: SyncWindows controls when syncs can be run for apps in
this project
items:
description: SyncWindow contains the kind, time, duration and attributes
that are used to assign the syncWindows to apps
properties:
applications:
description: Applications contains a list of applications that
the window will apply to
items:
type: string
type: array
clusters:
description: Clusters contains a list of clusters that the window
will apply to
items:
type: string
type: array
duration:
description: Duration is the amount of time the sync window will
be open
type: string
kind:
description: Kind defines if the window allows or blocks syncs
type: string
manualSync:
description: ManualSync enables manual syncs when they would otherwise
be blocked
type: boolean
namespaces:
description: Namespaces contains a list of namespaces that the
window will apply to
items:
type: string
type: array
schedule:
description: Schedule is the time the window will begin, specified
in cron format
type: string
type: object
type: array
type: object
required:
- metadata
- spec
type: object
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true

View File

@ -1,6 +0,0 @@
dependencies:
- name: redis-ha
repository: https://kubernetes-charts.storage.googleapis.com
version: 4.4.2
digest: sha256:70fdd035c3aa3b7185882f12a73143c58ab32f04262dda2cf34a2b1a52116d96
generated: "2020-03-29T14:37:59.349371452+01:00"

View File

@ -1,5 +0,0 @@
dependencies:
- name: redis-ha
version: 4.4.2
repository: https://kubernetes-charts.storage.googleapis.com
condition: redis-ha.enabled

View File

@ -1,15 +0,0 @@
In order to access the server UI you have the following options:
1. kubectl port-forward service/{{include "argo-cd.fullname" . }}-server -n {{ .Release.Namespace }} 8080:443
and then open the browser on http://localhost:8080 and accept the certificate
2. enable ingress in the values file `service.ingress.enabled` and either
- Add the annotation for ssl passthrough: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ingress.md#option-1-ssl-passthrough
- Add the `--insecure` flag to `server.extraArgs` in the values file and terminate SSL at your ingress: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ingress.md#option-2-multiple-ingress-objects-and-hosts
After reaching the UI the first time you can login with username: admin and the password will be the
name of the server pod. You can get the pod name by running:
kubectl get pods -n {{ .Release.Namespace }} -l app.kubernetes.io/name={{ include "argo-cd.name" . }}-server -o name | cut -d'/' -f 2

View File

@ -1,118 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "argo-cd.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "argo-cd.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create controller name and version as used by the chart label.
*/}}
{{- define "argo-cd.controller.fullname" -}}
{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.controller.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create dex name and version as used by the chart label.
*/}}
{{- define "argo-cd.dex.fullname" -}}
{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.dex.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create redis name and version as used by the chart label.
*/}}
{{- define "argo-cd.redis.fullname" -}}
{{ $redisHa := (index .Values "redis-ha") }}
{{- if $redisHa.enabled -}}
{{- if $redisHa.haproxy.enabled -}}
{{- printf "%s-redis-ha-haproxy" .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- else -}}
{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.redis.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{/*
Create argocd server name and version as used by the chart label.
*/}}
{{- define "argo-cd.server.fullname" -}}
{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.server.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create argocd repo-server name and version as used by the chart label.
*/}}
{{- define "argo-cd.repoServer.fullname" -}}
{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.repoServer.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create the name of the controller service account to use
*/}}
{{- define "argo-cd.controllerServiceAccountName" -}}
{{- if .Values.controller.serviceAccount.create -}}
{{ default (include "argo-cd.fullname" .) .Values.controller.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.controller.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create the name of the dex service account to use
*/}}
{{- define "argo-cd.dexServiceAccountName" -}}
{{- if .Values.dex.serviceAccount.create -}}
{{ default (include "argo-cd.fullname" .) .Values.dex.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.dex.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create the name of the ArgoCD server service account to use
*/}}
{{- define "argo-cd.serverServiceAccountName" -}}
{{- if .Values.server.serviceAccount.create -}}
{{ default (include "argo-cd.fullname" .) .Values.server.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.server.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create the name of the repo-server service account to use
*/}}
{{- define "argo-cd.repoServerServiceAccountName" -}}
{{- if .Values.repoServer.serviceAccount.create -}}
{{ default (include "argo-cd.fullname" .) .Values.repoServer.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.repoServer.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "argo-cd.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}

View File

@ -1,24 +0,0 @@
{{- if .Values.controller.clusterAdminAccess.enabled }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "argo-cd.controller.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.controller.name }}
rules:
- apiGroups:
- '*'
resources:
- '*'
verbs:
- '*'
- nonResourceURLs:
- '*'
verbs:
- '*'
{{- end }}

View File

@ -1,21 +0,0 @@
{{- if .Values.controller.clusterAdminAccess.enabled }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "argo-cd.controller.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.controller.name }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "argo-cd.controller.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "argo-cd.controllerServiceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}

View File

@ -1,123 +0,0 @@
{{- $redisHa := (index .Values "redis-ha") -}}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "argo-cd.controller.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.controller.name }}
app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.controller.image.tag | quote }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-application-controller
app.kubernetes.io/instance: {{ .Release.Name }}
revisionHistoryLimit: 5
replicas: 1
template:
metadata:
{{- if .Values.controller.podAnnotations }}
annotations:
{{- range $key, $value := .Values.controller.podAnnotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.controller.name }}
app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.controller.image.tag | quote }}
{{- if .Values.controller.podLabels }}
{{- toYaml .Values.controller.podLabels | nindent 8 }}
{{- end }}
spec:
{{- with .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.global.securityContext }}
securityContext: {{- toYaml .Values.global.securityContext | nindent 8 }}
{{- end }}
containers:
- command:
- argocd-application-controller
- --status-processors
- {{ .Values.controller.args.statusProcessors | quote }}
- --operation-processors
- {{ .Values.controller.args.operationProcessors | quote }}
- --repo-server
- {{ template "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }}
- --loglevel
- {{ .Values.controller.logLevel }}
{{- if or (and .Values.redis.enabled (not $redisHa.enabled)) (and $redisHa.enabled $redisHa.haproxy.enabled) }}
- --redis
- {{ template "argo-cd.redis.fullname" . }}:{{ .Values.redis.servicePort }}
{{- end }}
{{- with .Values.controller.extraArgs }}
{{- . | toYaml | nindent 8 }}
{{- end }}
image: {{ default .Values.global.image.repository .Values.controller.image.repository }}:{{ default .Values.global.image.tag .Values.controller.image.tag }}
imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.controller.image.imagePullPolicy }}
name: {{ .Values.controller.name }}
{{- if .Values.controller.containerSecurityContext }}
securityContext: {{- toYaml .Values.controller.containerSecurityContext | nindent 10 }}
{{- end }}
{{- if .Values.controller.env }}
env:
{{- toYaml .Values.controller.env | nindent 8 }}
{{- end }}
ports:
- name: controller
containerPort: {{ .Values.controller.containerPort }}
protocol: TCP
livenessProbe:
httpGet:
path: /healthz
port: {{ .Values.controller.containerPort }}
initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.controller.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }}
readinessProbe:
tcpSocket:
port: {{ .Values.controller.containerPort }}
initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.controller.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }}
{{- if .Values.controller.volumeMounts }}
volumeMounts:
{{- toYaml .Values.controller.volumeMounts | nindent 10}}
{{- end }}
resources:
{{- toYaml .Values.controller.resources | nindent 10 }}
{{- if .Values.controller.nodeSelector }}
nodeSelector:
{{- toYaml .Values.controller.nodeSelector | nindent 8 }}
{{- end }}
{{- if .Values.controller.tolerations }}
tolerations:
{{- toYaml .Values.controller.tolerations | nindent 8 }}
{{- end }}
{{- if .Values.controller.affinity }}
affinity:
{{- toYaml .Values.controller.affinity | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "argo-cd.controllerServiceAccountName" . }}
{{- with .Values.global.hostAliases }}
hostAliases:
{{ toYaml . | indent 6 }}
{{- end }}
{{- if .Values.controller.volumes }}
volumes:
{{- toYaml .Values.controller.volumes | nindent 8 }}
{{- end }}

View File

@ -1,31 +0,0 @@
{{- if .Values.controller.metrics.enabled}}
apiVersion: v1
kind: Service
metadata:
{{- if .Values.controller.metrics.service.annotations }}
annotations:
{{- range $key, $value := .Values.controller.metrics.service.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-metrics
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.controller.name }}
{{- if .Values.controller.metrics.service.labels }}
{{- toYaml .Values.controller.metrics.service.labels | nindent 4 }}
{{- end }}
name: {{ template "argo-cd.controller.fullname" . }}-metrics
spec:
ports:
- name: metrics
protocol: TCP
port: {{ .Values.controller.metrics.service.servicePort }}
targetPort: controller
selector:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }}
{{- end }}

View File

@ -1,27 +0,0 @@
{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.rules.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: {{ template "argo-cd.controller.fullname" . }}
{{- if .Values.controller.metrics.rules.namespace }}
namespace: {{ .Values.controller.metrics.rules.namespace }}
{{- end }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.controller.name }}
{{- if .Values.controller.metrics.rules.selector }}
{{- toYaml .Values.controller.metrics.rules.selector | nindent 4 }}
{{- end }}
{{- if .Values.controller.metrics.rules.additionalLabels }}
{{- toYaml .Values.controller.metrics.rules.additionalLabels | nindent 4 }}
{{- end }}
spec:
groups:
- name: argocd
rules:
{{- toYaml .Values.controller.metrics.rules.spec | nindent 4 }}
{{- end }}

View File

@ -1,41 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ template "argo-cd.controller.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.controller.name }}
rules:
- apiGroups:
- ""
resources:
- secrets
- configmaps
verbs:
- get
- list
- watch
- apiGroups:
- argoproj.io
resources:
- applications
- appprojects
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- list

View File

@ -1,19 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "argo-cd.controller.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.controller.name }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "argo-cd.controller.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "argo-cd.controllerServiceAccountName" . }}
namespace: {{ .Release.Namespace }}

View File

@ -1,25 +0,0 @@
apiVersion: v1
kind: Service
metadata:
{{- if .Values.controller.service.annotations }}
annotations:
{{- range $key, $value := .Values.controller.service.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
name: {{ template "argo-cd.controller.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.controller.name }}
spec:
ports:
- name: {{ .Values.controller.service.portName }}
port: {{ .Values.controller.service.port }}
targetPort: {{ .Values.controller.containerPort }}
selector:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }}

View File

@ -1,11 +0,0 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "argo-cd.controllerServiceAccountName" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.controller.name }}

View File

@ -1,35 +0,0 @@
{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "argo-cd.controller.fullname" . }}
{{- if .Values.controller.metrics.serviceMonitor.namespace }}
namespace: {{ .Values.controller.metrics.serviceMonitor.namespace }}
{{- end }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.controller.name }}
{{- if .Values.controller.metrics.serviceMonitor.selector }}
{{- toYaml .Values.controller.metrics.serviceMonitor.selector | nindent 4 }}
{{- end }}
{{- if .Values.controller.metrics.serviceMonitor.additionalLabels }}
{{- toYaml .Values.controller.metrics.serviceMonitor.additionalLabels | nindent 4 }}
{{- end }}
spec:
endpoints:
- port: metrics
interval: 30s
path: /metrics
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
selector:
matchLabels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-metrics
app.kubernetes.io/component: {{ .Values.controller.name }}
{{- end }}

View File

@ -1,13 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-cm
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-cm
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.server.name }}
data:
{{- toYaml .Values.server.config | nindent 4 }}

View File

@ -1,15 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-rbac-cm
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-rbac-cm
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.server.name }}
{{- if .Values.server.rbacConfig }}
data:
{{- toYaml .Values.server.rbacConfig | nindent 4 }}
{{- end }}

View File

@ -1,50 +0,0 @@
{{- if .Values.configs.secret.createSecret }}
apiVersion: v1
kind: Secret
metadata:
name: argocd-secret
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-secret
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.server.name }}
{{- if .Values.configs.secret.annotations }}
annotations:
{{- range $key, $value := .Values.configs.secret.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
type: Opaque
{{- if or .Values.configs.secret.githubSecret (or .Values.configs.secret.gitlabSecret .Values.configs.secret.bitbucketUUID .Values.configs.secret.bitbucketServerSecret .Values.configs.secret.gogsSecret .Values.configs.secret.argocdServerAdminPassword .Values.configs.secret.argocdServerTlsConfig .Values.configs.secret.extra) }}
# Setting a blank data again will wipe admin password/key/cert
data:
{{- if .Values.configs.secret.githubSecret }}
webhook.github.secret: {{ .Values.configs.secret.githubSecret | b64enc }}
{{- end }}
{{- if .Values.configs.secret.gitlabSecret }}
webhook.gitlab.secret: {{ .Values.configs.secret.gitlabSecret | b64enc }}
{{- end }}
{{- if .Values.configs.secret.bitbucketServerSecret }}
webhook.bitbucketserver.secret: {{ .Values.configs.secret.bitbucketServerSecret | b64enc }}
{{- end }}
{{- if .Values.configs.secret.bitbucketUUID }}
webhook.bitbucket.uuid: {{ .Values.configs.secret.bitbucketUUID | b64enc }}
{{- end }}
{{- if .Values.configs.secret.gogsSecret }}
webhook.gogs.secret: {{ .Values.configs.secret.gogsSecret | b64enc }}
{{- end }}
{{- if .Values.configs.secret.argocdServerTlsConfig }}
tls.key: {{ .Values.configs.secret.argocdServerTlsConfig.key | b64enc }}
tls.crt: {{ .Values.configs.secret.argocdServerTlsConfig.crt | b64enc }}
{{- end }}
{{- if .Values.configs.secret.argocdServerAdminPassword }}
admin.password: {{ .Values.configs.secret.argocdServerAdminPassword | b64enc }}
admin.passwordMtime: {{ default (date "2006-01-02T15:04:05Z" now) .Values.configs.secret.argocdServerAdminPasswordMtime | b64enc }}
{{- end }}
{{- range $key, $value := .Values.configs.secret.extra }}
{{ $key }}: {{ $value | b64enc }}
{{- end }}
{{- end }}
{{- end }}

View File

@ -1,12 +0,0 @@
apiVersion: v1
{{- toYaml .Values.configs.knownHosts | nindent 0 }}
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-ssh-known-hosts-cm
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.server.name }}
name: argocd-ssh-known-hosts-cm

View File

@ -1,14 +0,0 @@
apiVersion: v1
{{- if .Values.configs.tlsCerts }}
{{- toYaml .Values.configs.tlsCerts | nindent 0 }}
{{- end }}
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-tls-certs-cm
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.server.name }}
name: argocd-tls-certs-cm

View File

@ -1,154 +0,0 @@
{{- $redisHa := (index .Values "redis-ha") -}}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "argo-cd.repoServer.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.repoServer.name }}
app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.repoServer.image.tag | quote }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }}
app.kubernetes.io/instance: {{ .Release.Name }}
revisionHistoryLimit: 5
{{- if (ne .Values.repoServer.autoscaling.enabled true) }}
replicas: {{ .Values.repoServer.replicas }}
{{- end }}
template:
metadata:
{{- if .Values.repoServer.podAnnotations }}
annotations:
{{- range $key, $value := .Values.repoServer.podAnnotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.repoServer.name }}
app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.repoServer.image.tag | quote }}
{{- if .Values.repoServer.podLabels }}
{{- toYaml .Values.repoServer.podLabels | nindent 8 }}
{{- end }}
spec:
{{- with .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.global.securityContext }}
securityContext: {{- toYaml .Values.global.securityContext | nindent 8 }}
{{- end }}
containers:
- name: {{ .Values.repoServer.name }}
image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default .Values.global.image.tag .Values.repoServer.image.tag }}
imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.repoServer.image.imagePullPolicy }}
command:
{{- if .Values.openshift.enabled }}
- uid_entrypoint.sh
{{- end }}
- argocd-repo-server
{{- if or (and .Values.redis.enabled (not $redisHa.enabled)) (and $redisHa.enabled $redisHa.haproxy.enabled) }}
- --redis
- {{ template "argo-cd.redis.fullname" . }}:{{ .Values.redis.servicePort }}
{{- end }}
- --loglevel
- {{ .Values.repoServer.logLevel }}
{{- with .Values.repoServer.extraArgs }}
{{- . | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.repoServer.containerSecurityContext }}
securityContext: {{- toYaml .Values.repoServer.containerSecurityContext | nindent 10 }}
{{- end }}
{{- if or (.Values.repoServer.env) (.Values.openshift.enabled) }}
env:
{{- if .Values.repoServer.env }}
{{- toYaml .Values.repoServer.env | nindent 8 }}
{{- end }}
{{- if .Values.openshift.enabled }}
- name: USER_NAME
value: argocd
{{- end }}
{{- end }}
volumeMounts:
{{- if .Values.repoServer.volumeMounts }}
{{- toYaml .Values.repoServer.volumeMounts | nindent 8}}
{{- end }}
{{- if .Values.configs.knownHosts }}
- mountPath: /app/config/ssh
name: ssh-known-hosts
{{- end }}
{{- if .Values.configs.tlsCerts }}
- mountPath: /app/config/tls
name: tls-certs
{{- end }}
ports:
- name: repo-server
containerPort: {{ .Values.repoServer.containerPort }}
protocol: TCP
{{ if .Values.repoServer.metrics.enabled }}
- name: metrics
containerPort: 8084
protocol: TCP
{{- end }}
livenessProbe:
tcpSocket:
port: {{ .Values.repoServer.containerPort }}
initialDelaySeconds: {{ .Values.repoServer.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.repoServer.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.repoServer.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.repoServer.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.repoServer.livenessProbe.failureThreshold }}
readinessProbe:
tcpSocket:
port: {{ .Values.repoServer.containerPort }}
initialDelaySeconds: {{ .Values.repoServer.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.repoServer.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.repoServer.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.repoServer.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.repoServer.readinessProbe.failureThreshold }}
resources:
{{- toYaml .Values.repoServer.resources | nindent 10 }}
{{- if .Values.repoServer.nodeSelector }}
nodeSelector:
{{- toYaml .Values.repoServer.nodeSelector | nindent 8 }}
{{- end }}
{{- if .Values.repoServer.tolerations }}
tolerations:
{{- toYaml .Values.repoServer.tolerations | nindent 8 }}
{{- end }}
{{- if .Values.repoServer.affinity }}
affinity:
{{- toYaml .Values.repoServer.affinity | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "argo-cd.repoServerServiceAccountName" . }}
{{- with .Values.global.hostAliases }}
hostAliases:
{{ toYaml . | indent 6 }}
{{- end }}
volumes:
{{- if .Values.repoServer.volumes }}
{{- toYaml .Values.repoServer.volumes | nindent 6}}
{{- end }}
{{- if .Values.configs.knownHosts }}
- configMap:
name: argocd-ssh-known-hosts-cm
name: ssh-known-hosts
{{- end }}
{{- if .Values.configs.tlsCerts }}
- configMap:
name: argocd-tls-certs-cm
name: tls-certs
{{- end }}
{{- if .Values.repoServer.initContainers }}
initContainers:
{{- toYaml .Values.repoServer.initContainers | nindent 6 }}
{{- end }}

View File

@ -1,33 +0,0 @@
{{- if .Values.repoServer.autoscaling.enabled }}
apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
metadata:
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }}-hpa
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.repoServer.name }}
name: {{ template "argo-cd.repoServer.fullname" . }}-hpa
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ template "argo-cd.repoServer.fullname" . }}
minReplicas: {{ .Values.repoServer.autoscaling.minReplicas }}
maxReplicas: {{ .Values.repoServer.autoscaling.maxReplicas }}
metrics:
{{- with .Values.repoServer.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
targetAverageUtilization: {{ . }}
{{- end }}
{{- with .Values.repoServer.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
targetAverageUtilization: {{ . }}
{{- end }}
{{- end }}

View File

@ -1,31 +0,0 @@
{{- if .Values.repoServer.metrics.enabled}}
apiVersion: v1
kind: Service
metadata:
{{- if .Values.repoServer.metrics.service.annotations }}
annotations:
{{- range $key, $value := .Values.repoServer.metrics.service.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
labels:
app.kubernetes.io/name: {{ template "argo-cd.repoServer.fullname" . }}-metrics
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.repoServer.name }}
{{- if .Values.repoServer.metrics.service.labels }}
{{- toYaml .Values.repoServer.metrics.service.labels | nindent 4 }}
{{- end }}
name: {{ template "argo-cd.repoServer.fullname" . }}-metrics
spec:
ports:
- name: metrics
protocol: TCP
port: {{ .Values.repoServer.metrics.service.servicePort }}
targetPort: metrics
selector:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }}
{{- end }}

View File

@ -1,18 +0,0 @@
{{- if .Values.configs.repositoryCredentials }}
apiVersion: v1
kind: Secret
metadata:
name: argocd-repository-credentials
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-secret
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.server.name }}
type: Opaque
data:
{{- range $key, $value := .Values.configs.repositoryCredentials }}
{{ $key }}: {{ $value | b64enc }}
{{- end }}
{{- end }}

View File

@ -1,17 +0,0 @@
{{- if .Values.repoServer.serviceAccount.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ template "argo-cd.repoServer.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.repoServer.name }}
rules:
{{- if .Values.repoServer.rbac }}
{{toYaml .Values.repoServer.rbac }}
{{- end }}
{{- end }}

View File

@ -1,21 +0,0 @@
{{- if .Values.repoServer.serviceAccount.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "argo-cd.repoServer.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.repoServer.name }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "argo-cd.repoServer.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "argo-cd.repoServerServiceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}

View File

@ -1,26 +0,0 @@
apiVersion: v1
kind: Service
metadata:
{{- if .Values.repoServer.service.annotations }}
annotations:
{{- range $key, $value := .Values.repoServer.service.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.repoServer.name }}
name: {{ template "argo-cd.repoServer.fullname" . }}
spec:
ports:
- name: {{ .Values.repoServer.service.portName }}
protocol: TCP
port: {{ .Values.repoServer.service.port }}
targetPort: repo-server
selector:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }}

View File

@ -1,19 +0,0 @@
{{- if .Values.repoServer.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "argo-cd.repoServerServiceAccountName" . }}
{{- if .Values.repoServer.serviceAccount.annotations }}
annotations:
{{- range $key, $value := .Values.repoServer.serviceAccount.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.repoServer.name }}
{{- end }}

View File

@ -1,36 +0,0 @@
{{- if and .Values.repoServer.metrics.enabled .Values.repoServer.metrics.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "argo-cd.repoServer.fullname" . }}
{{- if .Values.repoServer.metrics.serviceMonitor.namespace }}
namespace: {{ .Values.repoServer.metrics.serviceMonitor.namespace }}
{{- end }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.repoServer.name }}
{{- if .Values.repoServer.metrics.serviceMonitor.selector }}
{{- toYaml .Values.repoServer.metrics.serviceMonitor.selector | nindent 4 }}
{{- end }}
{{- if .Values.repoServer.metrics.serviceMonitor.additionalLabels }}
{{- toYaml .Values.repoServer.metrics.serviceMonitor.additionalLabels | nindent 4 }}
{{- end }}
spec:
endpoints:
- port: metrics
interval: 30s
path: /metrics
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
selector:
matchLabels:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ template "argo-cd.repoServer.fullname" . }}-metrics
app.kubernetes.io/component: {{ .Values.repoServer.name }}
{{- end }}

View File

@ -1,42 +0,0 @@
{{- if .Values.server.additionalApplications }}
apiVersion: v1
kind: List
items:
{{- range .Values.server.additionalApplications }}
- apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
{{- if .additionalAnnotations }}
annotations:
{{- range $key, $value := .additionalAnnotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- if .additionalLabels }}
labels:
{{- toYaml .additionalLabels | nindent 8 }}
{{- end }}
name: {{ .name }}
{{- if .namespace }}
namespace: {{ .namespace }}
{{- end }}
{{- if .finalizers }}
finalizers:
{{- toYaml .finalizers | nindent 8 }}
{{- end }}
spec:
project: {{ tpl .project $ }}
source:
{{- toYaml .source | nindent 8 }}
destination:
{{- toYaml .destination | nindent 8 }}
{{- if .syncPolicy }}
syncPolicy:
{{- toYaml .syncPolicy | nindent 8 }}
{{- end }}
{{- if .ignoreDifferences }}
ignoreDifferences:
{{- toYaml .ignoreDifferences | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}

View File

@ -1,15 +0,0 @@
{{- if .Values.server.GKEbackendConfig.enabled }}
apiVersion: cloud.google.com/v1beta1
kind: BackendConfig
metadata:
name: {{ template "argo-cd.server.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.server.name }}
spec:
{{- toYaml .Values.server.GKEbackendConfig.spec | nindent 2 }}
{{- end }}

View File

@ -1,30 +0,0 @@
{{- if .Values.server.certificate.enabled -}}
{{- if .Capabilities.APIVersions.Has "cert-manager.io/v1alpha3" }}
apiVersion: cert-manager.io/v1alpha3
{{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1alpha2" }}
apiVersion: cert-manager.io/v1alpha2
{{- else }}
apiVersion: certmanager.k8s.io/v1alpha1
{{- end }}
kind: Certificate
metadata:
name: {{ template "argo-cd.server.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.server.name }}
spec:
commonName: {{ .Values.server.certificate.domain | quote }}
dnsNames:
- {{ .Values.server.certificate.domain | quote }}
{{- range .Values.server.certificate.additionalHosts }}
- {{ . | quote }}
{{- end }}
issuerRef:
kind: {{ .Values.server.certificate.issuer.kind | quote }}
name: {{ .Values.server.certificate.issuer.name | quote }}
secretName: argocd-secret
{{- end }}

View File

@ -1,35 +0,0 @@
{{- if .Values.server.clusterAdminAccess.enabled }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "argo-cd.server.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.server.name }}
rules:
- apiGroups:
- '*'
resources:
- '*'
verbs:
- delete
- get
- patch
- apiGroups:
- ""
resources:
- events
verbs:
- list
- apiGroups:
- ""
resources:
- pods
- pods/log
verbs:
- get
{{- end }}

View File

@ -1,21 +0,0 @@
{{- if .Values.server.clusterAdminAccess.enabled }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "argo-cd.server.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.server.name }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "argo-cd.server.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "argo-cd.serverServiceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}

View File

@ -1,153 +0,0 @@
{{- $redisHa := (index .Values "redis-ha") -}}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "argo-cd.server.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.server.name }}
app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.server.image.tag | quote }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}
app.kubernetes.io/instance: {{ .Release.Name }}
revisionHistoryLimit: 5
{{- if (ne .Values.server.autoscaling.enabled true) }}
replicas: {{ .Values.server.replicas }}
{{- end }}
template:
metadata:
{{- if .Values.server.podAnnotations }}
annotations:
{{- range $key, $value := .Values.server.podAnnotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.server.name }}
app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.server.image.tag | quote }}
{{- if .Values.server.podLabels }}
{{- toYaml .Values.server.podLabels | nindent 8 }}
{{- end }}
spec:
{{- with .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.global.securityContext }}
securityContext: {{- toYaml .Values.global.securityContext | nindent 8 }}
{{- end }}
containers:
- name: {{ .Values.server.name }}
image: {{ default .Values.global.image.repository .Values.server.image.repository }}:{{ default .Values.global.image.tag .Values.server.image.tag }}
imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.server.image.imagePullPolicy }}
command:
- argocd-server
- --staticassets
- /shared/app
- --repo-server
- {{ template "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }}
{{- if .Values.dex.enabled }}
- --dex-server
- http://{{ template "argo-cd.dex.fullname" . }}:{{ .Values.dex.servicePortHttp }}
{{- end }}
- --loglevel
- {{ .Values.server.logLevel }}
{{- if or (and .Values.redis.enabled (not $redisHa.enabled)) (and $redisHa.enabled $redisHa.haproxy.enabled) }}
- --redis
- {{ template "argo-cd.redis.fullname" . }}:{{ .Values.redis.servicePort }}
{{- end }}
{{- with .Values.server.extraArgs }}
{{- . | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.server.containerSecurityContext }}
securityContext: {{- toYaml .Values.server.containerSecurityContext | nindent 10 }}
{{- end }}
{{- if .Values.server.env }}
env:
{{- toYaml .Values.server.env | nindent 8 }}
{{- end }}
volumeMounts:
{{- if .Values.server.volumeMounts }}
{{- toYaml .Values.server.volumeMounts | nindent 8}}
{{- end }}
{{- if .Values.configs.knownHosts }}
- mountPath: /app/config/ssh
name: ssh-known-hosts
{{- end }}
{{- if .Values.configs.tlsCerts }}
- mountPath: /app/config/tls
name: tls-certs
{{- end }}
ports:
- name: {{ .Values.server.name }}
containerPort: {{ .Values.server.containerPort }}
protocol: TCP
{{ if .Values.server.metrics.enabled }}
- name: metrics
containerPort: 8083
protocol: TCP
{{- end }}
livenessProbe:
httpGet:
path: /healthz
port: {{ .Values.server.containerPort }}
initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
readinessProbe:
httpGet:
path: /healthz
port: {{ .Values.server.containerPort }}
initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
resources:
{{- toYaml .Values.server.resources | nindent 10 }}
{{- if .Values.server.nodeSelector }}
nodeSelector:
{{- toYaml .Values.server.nodeSelector | nindent 8 }}
{{- end }}
{{- if .Values.server.tolerations }}
tolerations:
{{- toYaml .Values.server.tolerations | nindent 8 }}
{{- end }}
{{- if .Values.server.affinity }}
affinity:
{{- toYaml .Values.server.affinity | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "argo-cd.serverServiceAccountName" . }}
{{- with .Values.global.hostAliases }}
hostAliases:
{{ toYaml . | indent 6 }}
{{- end }}
volumes:
{{- if .Values.server.volumes }}
{{- toYaml .Values.server.volumes | nindent 6}}
{{- end }}
- emptyDir: {}
name: static-files
{{- if .Values.configs.knownHosts }}
- configMap:
name: argocd-ssh-known-hosts-cm
name: ssh-known-hosts
{{- end }}
{{- if .Values.configs.tlsCerts }}
- configMap:
name: argocd-tls-certs-cm
name: tls-certs
{{- end }}

View File

@ -1,33 +0,0 @@
{{- if .Values.server.autoscaling.enabled }}
apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
metadata:
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}-hpa
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.server.name }}
name: {{ template "argo-cd.server.fullname" . }}-hpa
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ template "argo-cd.server.fullname" . }}
minReplicas: {{ .Values.server.autoscaling.minReplicas }}
maxReplicas: {{ .Values.server.autoscaling.maxReplicas }}
metrics:
{{- with .Values.server.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
targetAverageUtilization: {{ . }}
{{- end }}
{{- with .Values.server.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
targetAverageUtilization: {{ . }}
{{- end }}
{{- end }}

View File

@ -1,57 +0,0 @@
{{- if .Values.server.ingress.enabled -}}
{{- $serviceName := include "argo-cd.server.fullname" . -}}
{{- $servicePort := .Values.server.service.servicePortHttp -}}
{{- $paths := .Values.server.ingress.paths -}}
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
apiVersion: networking.k8s.io/v1beta1
{{ else }}
apiVersion: extensions/v1beta1
{{ end -}}
kind: Ingress
metadata:
{{- if .Values.server.ingress.annotations }}
annotations:
{{- range $key, $value := .Values.server.ingress.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
name: {{ template "argo-cd.server.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.server.name }}
{{- if .Values.server.ingress.labels }}
{{- toYaml .Values.server.ingress.labels | nindent 4 }}
{{- end }}
spec:
rules:
{{- if .Values.server.ingress.hosts }}
{{- range $host := .Values.server.ingress.hosts }}
- host: {{ $host }}
http:
paths:
{{- range $p := $paths }}
- path: {{ $p }}
backend:
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end -}}
{{- end -}}
{{- else }}
- http:
paths:
{{- range $p := $paths }}
- path: {{ $p }}
backend:
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end -}}
{{- end -}}
{{- if .Values.server.ingress.tls }}
tls:
{{- toYaml .Values.server.ingress.tls | nindent 4 }}
{{- end -}}
{{- end -}}

View File

@ -1,31 +0,0 @@
{{- if .Values.server.metrics.enabled }}
apiVersion: v1
kind: Service
metadata:
{{- if .Values.server.metrics.service.annotations }}
annotations:
{{- range $key, $value := .Values.server.metrics.service.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}-metrics
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.server.name }}
{{- if .Values.server.metrics.service.labels }}
{{- toYaml .Values.server.metrics.service.labels | nindent 4 }}
{{- end }}
name: {{ template "argo-cd.server.fullname" . }}-metrics
spec:
ports:
- name: metrics
protocol: TCP
port: {{ .Values.server.metrics.service.servicePort }}
targetPort: metrics
selector:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}
{{- end }}

View File

@ -1,46 +0,0 @@
{{- if .Values.server.additionalProjects }}
apiVersion: v1
kind: List
items:
{{- range .Values.server.additionalProjects }}
- apiVersion: argoproj.io/v1alpha1
kind: AppProject
metadata:
{{- if .additionalAnnotations }}
annotations:
{{- range $key, $value := .additionalAnnotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- if .additionalLabels }}
labels:
{{- toYaml .additionalLabels | nindent 8 }}
{{- end }}
name: {{ .name }}
{{- if .namespace }}
namespace: {{ .namespace }}
{{- end }}
spec:
description: {{ .description }}
sourceRepos:
{{- toYaml .sourceRepos | nindent 8 }}
destinations:
{{- toYaml .destinations | nindent 8 }}
{{- if .clusterResourceWhitelist }}
clusterResourceWhitelist:
{{- toYaml .clusterResourceWhitelist | nindent 8 }}
{{- end }}
{{- if .namespaceResourceBlacklist }}
namespaceResourceBlacklist:
{{- toYaml .namespaceResourceBlacklist | nindent 8 }}
{{- end }}
{{- if .orphanedResources }}
orphanedResources:
{{- toYaml .orphanedResources | nindent 8 }}
{{- end }}
{{- if .roles }}
roles:
{{- toYaml .roles | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}

View File

@ -1,45 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ template "argo-cd.server.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.server.name }}
rules:
- apiGroups:
- ""
resources:
- secrets
- configmaps
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
- apiGroups:
- argoproj.io
resources:
- applications
- appprojects
verbs:
- create
- get
- list
- watch
- update
- delete
- patch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- list

View File

@ -1,19 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "argo-cd.server.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.server.name }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "argo-cd.server.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "argo-cd.serverServiceAccountName" . }}
namespace: {{ .Release.Namespace }}

View File

@ -1,31 +0,0 @@
{{- if .Values.server.route.enabled -}}
apiVersion: route.openshift.io/v1
kind: Route
metadata:
name: {{ template "argo-cd.server.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.server.name }}
{{- with .Values.server.route.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
spec:
host: {{ .Values.server.route.hostname | quote }}
to:
kind: Service
name: {{ template "argo-cd.server.fullname" . }}
weight: 100
port:
targetPort: https
tls:
termination: {{ .Values.server.route.termination_type | default "passthrough" }}
insecureEdgeTerminationPolicy: {{ .Values.server.route.termination_policy | default "None" }}
wildcardPolicy: None
status:
ingress: []
{{- end }}

View File

@ -1,43 +0,0 @@
apiVersion: v1
kind: Service
metadata:
{{- if .Values.server.service.annotations }}
annotations:
{{- range $key, $value := .Values.server.service.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
name: {{ template "argo-cd.server.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.server.name }}
{{- if .Values.server.service.labels }}
{{- toYaml .Values.server.service.labels | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.server.service.type }}
ports:
- name: {{ .Values.server.service.servicePortHttpName }}
protocol: TCP
port: {{ .Values.server.service.servicePortHttp }}
targetPort: {{ .Values.server.name }}
- name: {{ .Values.server.service.servicePortHttpsName }}
protocol: TCP
port: {{ .Values.server.service.servicePortHttps }}
targetPort: {{ .Values.server.name }}
selector:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}
{{- if eq .Values.server.service.type "LoadBalancer" }}
{{- if .Values.server.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.server.service.loadBalancerIP | quote }}
{{- end }}
{{- if .Values.server.service.loadBalancerSourceRanges }}
loadBalancerSourceranges:
{{ toYaml .Values.server.service.loadBalancerSourceRanges | indent 4 }}
{{- end }}
{{- end -}}

View File

@ -1,11 +0,0 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "argo-cd.serverServiceAccountName" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.server.name }}

View File

@ -1,36 +0,0 @@
{{- if and .Values.server.metrics.enabled .Values.server.metrics.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "argo-cd.server.fullname" . }}
{{- if .Values.server.metrics.serviceMonitor.namespace }}
namespace: {{ .Values.server.metrics.serviceMonitor.namespace }}
{{- end }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.server.name }}
{{- if .Values.server.metrics.serviceMonitor.selector }}
{{- toYaml .Values.server.metrics.serviceMonitor.selector | nindent 4 }}
{{- end }}
{{- if .Values.server.metrics.serviceMonitor.additionalLabels }}
{{- toYaml .Values.server.metrics.serviceMonitor.additionalLabels | nindent 4 }}
{{- end }}
spec:
endpoints:
- port: metrics
interval: 30s
path: /metrics
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
selector:
matchLabels:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}-metrics
app.kubernetes.io/component: {{ .Values.server.name }}
{{- end }}

View File

@ -1,6 +0,0 @@
{{- if .Values.installCRDs }}
{{- range $path, $_ := .Files.Glob "crds/*.yaml" }}
{{ $.Files.Get $path }}
---
{{- end }}
{{- end }}

View File

@ -1,106 +0,0 @@
{{- if .Values.dex.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "argo-cd.dex.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.dex.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.dex.name }}
app.kubernetes.io/version: {{ .Values.dex.image.tag }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.dex.name }}
app.kubernetes.io/instance: {{ .Release.Name }}
template:
metadata:
{{- if .Values.dex.podAnnotations }}
annotations:
{{- range $key, $value := .Values.dex.podAnnotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.dex.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.dex.name }}
app.kubernetes.io/version: {{ .Values.dex.image.tag }}
{{- if .Values.dex.podLabels }}
{{- toYaml .Values.dex.podLabels | nindent 8 }}
{{- end }}
spec:
{{- with .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.global.securityContext }}
securityContext: {{- toYaml .Values.global.securityContext | nindent 8 }}
{{- end }}
initContainers:
- name: copyutil
image: {{ default .Values.global.image.repository .Values.dex.initImage.repository }}:{{ default .Values.global.image.tag .Values.dex.initImage.tag }}
imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.dex.initImage.imagePullPolicy }}
resources:
{{- toYaml .Values.dex.resources | nindent 10 }}
{{- if .Values.dex.containerSecurityContext }}
securityContext: {{- toYaml .Values.dex.containerSecurityContext | nindent 10 }}
{{- end }}
command:
- cp
- /usr/local/bin/argocd-util
- /shared
volumeMounts:
- mountPath: /shared
name: static-files
containers:
- name: {{ .Values.dex.name }}
image: {{ .Values.dex.image.repository }}:{{ .Values.dex.image.tag }}
imagePullPolicy: {{ .Values.dex.image.imagePullPolicy }}
command:
- /shared/argocd-util
- rundex
{{- if .Values.dex.containerSecurityContext }}
securityContext: {{- toYaml .Values.dex.containerSecurityContext | nindent 10 }}
{{- end }}
{{- if .Values.dex.env }}
env:
{{- toYaml .Values.dex.env | nindent 8 }}
{{- end }}
ports:
- name: http
containerPort: {{ .Values.dex.containerPortHttp }}
protocol: TCP
- name: grpc
containerPort: {{ .Values.dex.containerPortGrpc }}
protocol: TCP
{{- if .Values.dex.volumeMounts }}
volumeMounts:
{{- toYaml .Values.dex.volumeMounts | nindent 10 }}
{{- end }}
resources:
{{- toYaml .Values.dex.resources | nindent 10 }}
{{- if .Values.dex.nodeSelector }}
nodeSelector:
{{- toYaml .Values.dex.nodeSelector | nindent 8 }}
{{- end }}
{{- if .Values.dex.tolerations }}
tolerations:
{{- toYaml .Values.dex.tolerations | nindent 8 }}
{{- end }}
{{- if .Values.dex.affinity }}
affinity:
{{- toYaml .Values.dex.affinity | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "argo-cd.dexServiceAccountName" . }}
{{- if .Values.dex.volumes }}
volumes:
{{- toYaml .Values.dex.volumes | nindent 8}}
{{- end }}
{{- end }}

View File

@ -1,23 +0,0 @@
{{- if .Values.dex.enabled }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ template "argo-cd.dex.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.dex.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.dex.name }}
rules:
- apiGroups:
- ""
resources:
- secrets
- configmaps
verbs:
- get
- list
- watch
{{- end }}

View File

@ -1,21 +0,0 @@
{{- if .Values.dex.enabled }}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "argo-cd.dex.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.dex.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.dex.name }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "argo-cd.dex.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "argo-cd.dexServiceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}

View File

@ -1,26 +0,0 @@
{{- if .Values.dex.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "argo-cd.dex.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.dex.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.dex.name }}
spec:
ports:
- name: http
protocol: TCP
port: {{ .Values.dex.servicePortHttp }}
targetPort: http
- name: grpc
protocol: TCP
port: {{ .Values.dex.servicePortGrpc }}
targetPort: grpc
selector:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.dex.name }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}

View File

@ -1,13 +0,0 @@
{{- if .Values.dex.enabled }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "argo-cd.dexServiceAccountName" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.dex.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.dex.name }}
{{- end }}

View File

@ -1,88 +0,0 @@
{{- $redisHa := (index .Values "redis-ha") -}}
{{- if and .Values.redis.enabled (not $redisHa.enabled) -}}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "argo-cd.redis.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.redis.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.redis.name }}
app.kubernetes.io/version: {{ .Values.redis.image.tag }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.redis.name }}
template:
metadata:
{{- if .Values.redis.podAnnotations }}
annotations:
{{- range $key, $value := .Values.redis.podAnnotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.redis.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.redis.name }}
app.kubernetes.io/version: {{ .Values.redis.image.tag }}
{{- if .Values.redis.podLabels }}
{{- toYaml .Values.redis.podLabels | nindent 8 }}
{{- end }}
spec:
{{- with .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
automountServiceAccountToken: false
{{- if .Values.global.securityContext }}
securityContext: {{- toYaml .Values.global.securityContext | nindent 8 }}
{{- end }}
containers:
- name: {{ template "argo-cd.redis.fullname" . }}
args:
- --save
- ""
- --appendonly
- "no"
image: {{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }}
imagePullPolicy: {{ .Values.redis.image.imagePullPolicy}}
{{- if .Values.redis.containerSecurityContext }}
securityContext: {{- toYaml .Values.redis.containerSecurityContext | nindent 10 }}
{{- end }}
{{- if .Values.redis.env }}
env:
{{- toYaml .Values.redis.env | nindent 8 }}
{{- end }}
ports:
- containerPort: {{ .Values.redis.containerPort }}
{{- if .Values.redis.volumeMounts }}
volumeMounts:
{{- toYaml .Values.redis.volumeMounts | nindent 10 }}
{{- end }}
resources:
{{- toYaml .Values.redis.resources | nindent 10 }}
{{- if .Values.redis.nodeSelector }}
nodeSelector:
{{- toYaml .Values.redis.nodeSelector | nindent 8 }}
{{- end }}
{{- if .Values.redis.tolerations }}
tolerations:
{{- toYaml .Values.redis.tolerations | nindent 8 }}
{{- end }}
{{- if .Values.redis.affinity }}
affinity:
{{- toYaml .Values.redis.affinity | nindent 8 }}
{{- end }}
{{- if .Values.redis.volumes }}
volumes:
{{- toYaml .Values.redis.volumes | nindent 8}}
{{- end }}
{{- end }}

View File

@ -1,20 +0,0 @@
{{- $redisHa := (index .Values "redis-ha") -}}
{{- if and .Values.redis.enabled (not $redisHa.enabled) -}}
apiVersion: v1
kind: Service
metadata:
name: {{ template "argo-cd.redis.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.redis.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
app.kubernetes.io/component: {{ .Values.redis.name }}
spec:
ports:
- port: {{ .Values.redis.servicePort }}
targetPort: {{ .Values.redis.servicePort }}
selector:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.redis.name }}
{{- end }}

View File

@ -1,830 +0,0 @@
## ArgoCD configuration
## Ref: https://github.com/argoproj/argo-cd
##
nameOverride: argocd
fullnameOverride: ""
# Optional CRD installation for those without Helm hooks
installCRDs: true
global:
image:
repository: argoproj/argocd
tag: v1.5.2
imagePullPolicy: IfNotPresent
securityContext: {}
# runAsUser: 999
# runAsGroup: 999
# fsGroup: 999
imagePullSecrets: []
hostAliases: []
# - ip: 10.20.30.40
# hostnames:
# - git.myhostname
## Controller
controller:
name: application-controller
image:
repository: # argoproj/argocd
tag: # v1.5.2
imagePullPolicy: # IfNotPresent
## Argo controller commandline flags
args:
statusProcessors: "20"
operationProcessors: "10"
## Argo controller log level
logLevel: info
## Additional command line arguments to pass to argocd-controller
##
extraArgs: []
## Environment variables to pass to argocd-controller
##
env: []
## Annotations to be added to controller pods
##
podAnnotations: {}
## Labels to be added to controller pods
##
podLabels: {}
## Labels to set container specific security contexts
containerSecurityContext: {}
# capabilities:
# drop:
# - all
## Configures the controller port
containerPort: 8082
## Readiness and liveness probes for default backend
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
##
readinessProbe:
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
livenessProbe:
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
## Additional volumeMounts to the controller main container.
volumeMounts: []
## Additional volumes to the controller pod.
volumes: []
## Controller service configuration
service:
annotations: {}
labels: {}
port: 8082
portName: https-controller
## Node selectors and tolerations for server scheduling to nodes with taints
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
##
nodeSelector: {}
tolerations: []
affinity: {}
priorityClassName: ""
resources: {}
# limits:
# cpu: 500m
# memory: 512Mi
# requests:
# cpu: 250m
# memory: 256Mi
serviceAccount:
create: true
name: argocd-application-controller
## Server metrics controller configuration
metrics:
enabled: false
service:
annotations: {}
labels: {}
servicePort: 8082
serviceMonitor:
enabled: false
# selector:
# prometheus: kube-prometheus
# namespace: monitoring
# additionalLabels: {}
rules:
enabled: false
spec: []
# - alert: ArgoAppMissing
# expr: |
# absent(argocd_app_info)
# for: 15m
# labels:
# severity: critical
# annotations:
# summary: "[ArgoCD] No reported applications"
# description: >
# ArgoCD has not reported any applications data for the past 15 minutes which
# means that it must be down or not functioning properly. This needs to be
# resolved for this cloud to continue to maintain state.
# - alert: ArgoAppNotSynced
# expr: |
# argocd_app_sync_status{sync_status!="Synced"} == 1
# for: 12h
# labels:
# severity: warning
# annotations:
# summary: "[{{`{{$labels.name}}`}}] Application not synchronized"
# description: >
# The application [{{`{{$labels.name}}`}} has not been synchronized for over
# 12 hours which means that the state of this cloud has drifted away from the
# state inside Git.
# selector:
# prometheus: kube-prometheus
# namespace: monitoring
# additionalLabels: {}
## Enable Admin ClusterRole resources.
## Enable if you would like to grant rights to ArgoCD to deploy to the local kuberentes cluster.
clusterAdminAccess:
enabled: true
## Dex
dex:
enabled: true
name: dex-server
image:
repository: quay.io/dexidp/dex
tag: v2.22.0
imagePullPolicy: IfNotPresent
initImage:
repository:
tag:
imagePullPolicy:
## Environment variables to pass to the Dex server
##
env: []
## Annotations to be added to the Dex server pods
##
podAnnotations: {}
## Labels to be added to the Dex server pods
##
podLabels: {}
serviceAccount:
create: true
name: argocd-dex-server
## Additional volumeMounts to the controller main container.
volumeMounts:
- name: static-files
mountPath: /shared
## Additional volumes to the controller pod.
volumes:
- name: static-files
emptyDir: {}
## Dex deployment container ports
containerPortHttp: 5556
servicePortHttp: 5556
containerPortGrpc: 5557
servicePortGrpc: 5557
## Node selectors and tolerations for server scheduling to nodes with taints
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
##
nodeSelector: {}
tolerations: []
affinity: {}
priorityClassName: ""
## Labels to set container specific security contexts
containerSecurityContext: {}
# capabilities:
# drop:
# - all
resources: {}
# limits:
# cpu: 50m
# memory: 64Mi
# requests:
# cpu: 10m
# memory: 32Mi
## Redis
redis:
enabled: true
name: redis
image:
repository: redis
tag: 5.0.3
imagePullPolicy: IfNotPresent
containerPort: 6379
servicePort: 6379
## Environment variables to pass to the Redis server
##
env: []
## Annotations to be added to the Redis server pods
##
podAnnotations: {}
## Labels to be added to the Redis server pods
##
podLabels: {}
## Node selectors and tolerations for server scheduling to nodes with taints
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
##
nodeSelector: {}
tolerations: []
affinity: {}
priorityClassName: ""
## Labels to set container specific security contexts
containerSecurityContext: {}
# capabilities:
# drop:
# - all
resources: {}
# limits:
# cpu: 200m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 64Mi
volumeMounts: []
volumes: []
# This key configures Redis-HA subchart and when enabled (redis-ha.enabled=true)
# the custom redis deployment is omitted
redis-ha:
enabled: false
# Check the redis-ha chart for more properties
exporter:
enabled: true
persistentVolume:
enabled: false
redis:
masterGroupName: argocd
config:
save: "\"\""
haproxy:
enabled: true
metrics:
enabled: true
## Server
server:
name: server
replicas: 1
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 5
targetCPUUtilizationPercentage: 50
targetMemoryUtilizationPercentage: 50
image:
repository: # argoproj/argocd
tag: # v1.5.2
imagePullPolicy: # IfNotPresent
## Additional command line arguments to pass to argocd-server
##
extraArgs: []
# - --insecure
## Environment variables to pass to argocd-server
##
env: []
## Argo server log level
logLevel: info
## Annotations to be added to controller pods
##
podAnnotations: {}
## Labels to be added to controller pods
##
podLabels: {}
## Configures the server port
containerPort: 8080
## Readiness and liveness probes for default backend
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
##
readinessProbe:
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
livenessProbe:
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
## Additional volumeMounts to the server main container.
volumeMounts: []
## Additional volumes to the controller pod.
volumes: []
## Node selectors and tolerations for server scheduling to nodes with taints
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
##
nodeSelector: {}
tolerations: []
affinity: {}
priorityClassName: ""
## Labels to set container specific security contexts
containerSecurityContext: {}
# capabilities:
# drop:
# - all
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 50m
# memory: 64Mi
## Certificate configuration
certificate:
enabled: false
domain: argocd.example.com
issuer: {}
additionalHosts: []
## Server service configuration
service:
annotations: {}
labels: {}
type: ClusterIP
servicePortHttp: 80
servicePortHttps: 443
servicePortHttpName: http
servicePortHttpsName: https
loadBalancerIP: ""
loadBalancerSourceRanges: []
## Server metrics service configuration
metrics:
enabled: false
service:
annotations: {}
labels: {}
servicePort: 8083
serviceMonitor:
enabled: false
# selector:
# prometheus: kube-prometheus
# namespace: monitoring
# additionalLabels: {}
serviceAccount:
create: true
name: argocd-server
ingress:
enabled: false
annotations: {}
labels: {}
## Argo Ingress.
## Hostnames must be provided if Ingress is enabled.
## Secrets must be manually created in the namespace
##
hosts:
[]
# - argocd.example.com
paths:
- /
tls:
[]
# - secretName: argocd-example-tls
# hosts:
# - argocd.example.com
# Create a OpenShift Route with SSL passthrough for UI and CLI
# Consider setting 'hostname' e.g. https://argocd.apps-crc.testing/ using your Default Ingress Controller Domain
# Find your domain with: kubectl describe --namespace=openshift-ingress-operator ingresscontroller/default | grep Domain:
# If 'hostname' is an empty string "" OpenShift will create a hostname for you.
route:
enabled: false
hostname: ""
## ArgoCD config
## reference https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cm.yaml
config:
# Argo CD's externally facing base URL (optional). Required when configuring SSO
url: https://argocd.example.com
# Argo CD instance label key
application.instanceLabelKey: argocd.argoproj.io/instance
# repositories: |
# - url: git@github.com:group/repo.git
# sshPrivateKeySecret:
# name: secret-name
# key: sshPrivateKey
# - type: helm
# url: https://kubernetes-charts.storage.googleapis.com
# name: stable
# - type: helm
# url: https://argoproj.github.io/argo-helm
# name: argo
# oidc.config: |
# name: AzureAD
# issuer: https://login.microsoftonline.com/TENANT_ID/v2.0
# clientID: CLIENT_ID
# clientSecret: $oidc.azuread.clientSecret
# requestedIDTokenClaims:
# groups:
# essential: true
# requestedScopes:
# - openid
# - profile
# - email
## ArgoCD rbac config
## reference https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md
rbacConfig:
{}
# policy.csv is an file containing user-defined RBAC policies and role definitions (optional).
# Policy rules are in the form:
# p, subject, resource, action, object, effect
# Role definitions and bindings are in the form:
# g, subject, inherited-subject
# See https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md for additional information.
# policy.csv: |
# # Grant all members of the group 'my-org:team-alpha; the ability to sync apps in 'my-project'
# p, my-org:team-alpha, applications, sync, my-project/*, allow
# # Grant all members of 'my-org:team-beta' admins
# g, my-org:team-beta, role:admin
# policy.default is the name of the default role which Argo CD will falls back to, when
# authorizing API requests (optional). If omitted or empty, users may be still be able to login,
# but will see no apps, projects, etc...
# policy.default: role:readonly
# scopes controls which OIDC scopes to examine during rbac enforcement (in addition to `sub` scope).
# If omitted, defaults to: '[groups]'. The scope value can be a string, or a list of strings.
# scopes: '[cognito:groups, email]'
## Not well tested and not well supported on release v1.0.0.
## Applications
## reference: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/
additionalApplications: []
# - name: guestbook
# namespace: argocd
# additionalLabels: {}
# additionalAnnotations: {}
# project: guestbook
# source:
# repoURL: https://github.com/argoproj/argocd-example-apps.git
# targetRevision: HEAD
# path: guestbook
# directory:
# recurse: true
# destination:
# server: https://kubernetes.default.svc
# namespace: guestbook
# syncPolicy:
# automated:
# prune: false
# selfHeal: false
## Projects
## reference: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/
additionalProjects: []
# - name: guestbook
# namespace: argocd
# additionalLabels: {}
# additionalAnnotations: {}
# description: Example Project
# sourceRepos:
# - '*'
# destinations:
# - namespace: guestbook
# server: https://kubernetes.default.svc
# clusterResourceWhitelist: []
# namespaceResourceBlacklist:
# - group: ''
# kind: ResourceQuota
# - group: ''
# kind: LimitRange
# - group: ''
# kind: NetworkPolicy
# orphanedResources: {}
# roles: []
# orphanedResources: {}
# roles: []
## Enable Admin ClusterRole resources.
## Enable if you would like to grant rights to ArgoCD to deploy to the local kuberentes cluster.
clusterAdminAccess:
enabled: true
## Enable BackendConfig custom resource for Google Kubernetes Engine
GKEbackendConfig:
enabled: false
spec: {}
# spec:
# iap:
# enabled: true
# oauthclientCredentials:
# secretName: argocd-secret
## Repo Server
repoServer:
name: repo-server
replicas: 1
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 5
targetCPUUtilizationPercentage: 50
targetMemoryUtilizationPercentage: 50
image:
repository: # argoproj/argocd
tag: # v1.5.2
imagePullPolicy: # IfNotPresent
## Additional command line arguments to pass to argocd-repo-server
##
extraArgs: []
## Environment variables to pass to argocd-repo-server
##
env: []
## Argo repoServer log level
logLevel: info
## Annotations to be added to repo server pods
##
podAnnotations: {}
## Labels to be added to repo server pods
##
podLabels: {}
## Configures the repo server port
containerPort: 8081
## Readiness and liveness probes for default backend
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
##
readinessProbe:
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
livenessProbe:
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
## Additional volumeMounts to the repo server main container.
volumeMounts: []
## Additional volumes to the repo server pod.
volumes: []
## Node selectors and tolerations for server scheduling to nodes with taints
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
##
nodeSelector: {}
tolerations: []
affinity: {}
priorityClassName: ""
## Labels to set container specific security contexts
containerSecurityContext: {}
# capabilities:
# drop:
# - all
resources: {}
# limits:
# cpu: 50m
# memory: 128Mi
# requests:
# cpu: 10m
# memory: 64Mi
## Repo server service configuration
service:
annotations: {}
labels: {}
port: 8081
portName: https-repo-server
## Repo server metrics service configuration
metrics:
enabled: false
service:
annotations: {}
labels: {}
servicePort: 8084
serviceMonitor:
enabled: false
# selector:
# prometheus: kube-prometheus
# namespace: monitoring
# additionalLabels: {}
## Repo server service account
## If create is set to true, make sure to uncomment the name and update the rbac section below
serviceAccount:
create: false
# name: argocd-repo-server
## Annotations applied to created service account
annotations: {}
## Repo server rbac rules
# rbac:
# - apiGroups:
# - argoproj.io
# resources:
# - applications
# verbs:
# - get
# - list
# - watch
## Use init containers to configure custom tooling
## https://argoproj.github.io/argo-cd/operator-manual/custom_tools/
## When using the volumes & volumeMounts section bellow, please comment out those above.
# volumes:
# - name: custom-tools
# emptyDir: {}
#
# initContainers:
# - name: download-tools
# image: alpine:3.8
# command: [sh, -c]
# args:
# - wget -qO- https://get.helm.sh/helm-v2.16.1-linux-amd64.tar.gz | tar -xvzf - &&
# mv linux-amd64/helm /custom-tools/
# volumeMounts:
# - mountPath: /custom-tools
# name: custom-tools
# volumeMounts:
# - mountPath: /usr/local/bin/helm
# name: custom-tools
# subPath: helm
## Argo Configs
configs:
knownHosts:
data:
ssh_known_hosts: |
bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw==
github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=
gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf
gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9
ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H
vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H
tlsCerts:
{}
# data:
# argocd.example.com: |
# -----BEGIN CERTIFICATE-----
# MIIF1zCCA7+gAwIBAgIUQdTcSHY2Sxd3Tq/v1eIEZPCNbOowDQYJKoZIhvcNAQEL
# BQAwezELMAkGA1UEBhMCREUxFTATBgNVBAgMDExvd2VyIFNheG9ueTEQMA4GA1UE
# BwwHSGFub3ZlcjEVMBMGA1UECgwMVGVzdGluZyBDb3JwMRIwEAYDVQQLDAlUZXN0
# c3VpdGUxGDAWBgNVBAMMD2Jhci5leGFtcGxlLmNvbTAeFw0xOTA3MDgxMzU2MTda
# Fw0yMDA3MDcxMzU2MTdaMHsxCzAJBgNVBAYTAkRFMRUwEwYDVQQIDAxMb3dlciBT
# YXhvbnkxEDAOBgNVBAcMB0hhbm92ZXIxFTATBgNVBAoMDFRlc3RpbmcgQ29ycDES
# MBAGA1UECwwJVGVzdHN1aXRlMRgwFgYDVQQDDA9iYXIuZXhhbXBsZS5jb20wggIi
# MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCv4mHMdVUcafmaSHVpUM0zZWp5
# NFXfboxA4inuOkE8kZlbGSe7wiG9WqLirdr39Ts+WSAFA6oANvbzlu3JrEQ2CHPc
# CNQm6diPREFwcDPFCe/eMawbwkQAPVSHPts0UoRxnpZox5pn69ghncBR+jtvx+/u
# P6HdwW0qqTvfJnfAF1hBJ4oIk2AXiip5kkIznsAh9W6WRy6nTVCeetmIepDOGe0G
# ZJIRn/OfSz7NzKylfDCat2z3EAutyeT/5oXZoWOmGg/8T7pn/pR588GoYYKRQnp+
# YilqCPFX+az09EqqK/iHXnkdZ/Z2fCuU+9M/Zhrnlwlygl3RuVBI6xhm/ZsXtL2E
# Gxa61lNy6pyx5+hSxHEFEJshXLtioRd702VdLKxEOuYSXKeJDs1x9o6cJ75S6hko
# Ml1L4zCU+xEsMcvb1iQ2n7PZdacqhkFRUVVVmJ56th8aYyX7KNX6M9CD+kMpNm6J
# kKC1li/Iy+RI138bAvaFplajMF551kt44dSvIoJIbTr1LigudzWPqk31QaZXV/4u
# kD1n4p/XMc9HYU/was/CmQBFqmIZedTLTtK7clkuFN6wbwzdo1wmUNgnySQuMacO
# gxhHxxzRWxd24uLyk9Px+9U3BfVPaRLiOPaPoC58lyVOykjSgfpgbus7JS69fCq7
# bEH4Jatp/10zkco+UQIDAQABo1MwUTAdBgNVHQ4EFgQUjXH6PHi92y4C4hQpey86
# r6+x1ewwHwYDVR0jBBgwFoAUjXH6PHi92y4C4hQpey86r6+x1ewwDwYDVR0TAQH/
# BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAFE4SdKsX9UsLy+Z0xuHSxhTd0jfn
# Iih5mtzb8CDNO5oTw4z0aMeAvpsUvjJ/XjgxnkiRACXh7K9hsG2r+ageRWGevyvx
# CaRXFbherV1kTnZw4Y9/pgZTYVWs9jlqFOppz5sStkfjsDQ5lmPJGDii/StENAz2
# XmtiPOgfG9Upb0GAJBCuKnrU9bIcT4L20gd2F4Y14ccyjlf8UiUi192IX6yM9OjT
# +TuXwZgqnTOq6piVgr+FTSa24qSvaXb5z/mJDLlk23npecTouLg83TNSn3R6fYQr
# d/Y9eXuUJ8U7/qTh2Ulz071AO9KzPOmleYPTx4Xty4xAtWi1QE5NHW9/Ajlv5OtO
# OnMNWIs7ssDJBsB7VFC8hcwf79jz7kC0xmQqDfw51Xhhk04kla+v+HZcFW2AO9so
# 6ZdVHHQnIbJa7yQJKZ+hK49IOoBR6JgdB5kymoplLLiuqZSYTcwSBZ72FYTm3iAr
# jzvt1hxpxVDmXvRnkhRrIRhK4QgJL0jRmirBjDY+PYYd7bdRIjN7WNZLFsgplnS8
# 9w6CwG32pRlm0c8kkiQ7FXA6BYCqOsDI8f1VGQv331OpR2Ck+FTv+L7DAmg6l37W
# +LB9LGh4OAp68ImTjqf6ioGKG0RBSznwME+r4nXtT1S/qLR6ASWUS4ViWRhbRlNK
# XWyb96wrUlv+E8I=
# -----END CERTIFICATE-----
# Creates a secret with optional repository credentials
repositoryCredentials:
{}
# sample-ssh-key: |
# -----BEGIN RSA PRIVATE KEY-----
# MIICXAIBAAKBgQCcmiVJXGUvL8zqWmRRETbCKgFadtjJ9WDQpSwiZzMiktpYBo0N
# z0cThzGQfWqvdiJYEy72MrKCaSYssV3eHP5zTffk4VBDktNfdl1kgkOpqnh7tQO4
# nBONRLzcK6KEbKUsmiTbW8Jb4UFYDhyyyveby7y3vYePmaRQIrlEenVfKwIDAQAB
# AoGAbbg+WZjnt9jYzHWKhZX29LDzg8ty9oT6URT4yB3gIOAdJMFqQHuyg8cb/e0x
# O0AcrfK623oHwgEj4vpeFwnfaBdtM5GfH9zaj6pnXV7VZc3oBHrBnHUgFT3NEYUe
# tt6rtatIguBH61Aj/pyij9sOfF0xDj0s1nwFTbdHtZR/31kCQQDIwcVTqhKkDNW6
# cvdz+Wt3v9x1wNg+VhZhyA/pKILz3+qtn3GogLrQqhpVi+Y7tdvEv9FvgKaCjUp8
# 6Lfp6dDFAkEAx7HpQbXFdrtcveOi9kosKRDX1PT4zdhB08jAXGlV8jr0jkrZazVM
# hV5rVCuu35Vh6x1fiyGwwiVsqhgWE+KPLwJAWrDemasM/LsnmjDxhJy6ZcBwsWlK
# xu5Q8h9UwLmiXtVayNBsofh1bGpLtzWZ7oN7ImidDkgJ8JQvgDoJS0xrGQJBALPJ
# FkMFnrjtqGqBVkc8shNqyZY90v6oM2OzupO4dht2PpUZCDPAMZtlTWXjSjabbCPc
# NxexBk1UmkdtFftjHxsCQGjG+nhRYH92MsmrbvZyFzgxg9SIOu6xel7D3Dq9l5Le
# XG+bpHPF4SiCpAxthP5WNa17zuvk+CDsMZgZNuhYNMo=
# -----END RSA PRIVATE KEY-----
secret:
createSecret: true
## Annotations to be added to argocd-secret
##
annotations: {}
# Webhook Configs
githubSecret: ""
gitlabSecret: ""
bitbucketServerSecret: ""
bitbucketUUID: ""
gogsSecret: ""
# Custom secrets. Useful for injecting SSO secrets into environment variables.
# Ref: https://argoproj.github.io/argo-cd/operator-manual/sso/
# Note that all values must be non-empty.
extra: {}
# LDAP_PASSWORD: "mypassword"
# Argo TLS Data.
argocdServerTlsConfig:
{}
# key:
# crt: |
# -----BEGIN CERTIFICATE-----
# <cert data>
# -----END CERTIFICATE-----
# -----BEGIN CERTIFICATE-----
# <ca cert data>
# -----END CERTIFICATE-----
# Argo expects the password in the secret to be bcrypt hashed. You can create this hash with
# `htpasswd -nbBC 10 "" $ARGO_PWD | tr -d ':\n' | sed 's/$2y/$2a/'`
# argocdServerAdminPassword:
# Password modification time defaults to current time if not set
# argocdServerAdminPasswordMtime: "2006-01-02T15:04:05Z"
openshift:
enabled: false

View File

@ -1,11 +1,10 @@
{{- if .Values.bootstrap }}
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: kubezero
namespace: argocd
labels:
app.kubernetes.io/name: {{ .Chart.Name }}-argocd-application
app.kubernetes.io/name: kubezero
helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
@ -14,12 +13,12 @@ spec:
source:
repoURL: https://github.com/Zero-Down-Time/kubezero
targetRevision: HEAD
path: charts/kubezero-app
path: charts/kubezeroApp
{{- if .Values.config }}
helm:
values: |
{{- toYaml .Values.config | nindent 8 }}
{{- toYaml .Values.kubezero | nindent 8 }}
{{- end }}
destination:
@ -29,4 +28,3 @@ spec:
automated:
prune: true
selfHeal: false
{{- end }}

View File

@ -1,4 +1,3 @@
{{- if .Values.bootstrap }}
apiVersion: argoproj.io/v1alpha1
kind: AppProject
metadata:
@ -28,4 +27,3 @@ spec:
clusterResourceWhitelist:
- group: '*'
kind: '*'
{{- end }}

View File

@ -1,8 +1,5 @@
# bootstrap -- Wether to install the root-app `kubezero-app`
bootstrap: true
# config -- Kubezero configuration to be passed into kubezero-app
config: {}
# kubezero -- Kubezero configuration, values.yaml please see kubezeroApp
kubezero: {}
argo-cd:
installCRDs: false

View File

@ -1,8 +1,8 @@
apiVersion: v2
name: kubezero-app
name: kubezeroApp
description: KubeZero ArgoCD Application - Root chart of the KubeZero
type: application
version: 0.1.3
version: 0.1.4
home: https://kubezero.com
keywords:
- kubezero

View File

@ -1,8 +1,8 @@
kubezero-app
============
kubezeroApp
===========
KubeZero ArgoCD Application - Root chart of the KubeZero
Current chart version is `0.1.3`
Current chart version is `0.1.4`
Source code can be found [here](https://kubezero.com)

View File

@ -0,0 +1,27 @@
{{- define "kubezero.app" }}
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: {{ .name }}
namespace: argocd
labels:
app.kubernetes.io/name: {{ .name }}
helm.sh/chart: {{ .root.Chart.Name }}-{{ .root.Chart.Version | replace "+" "_" }}
app.kubernetes.io/managed-by: {{ .root.Release.Service }}
app.kubernetes.io/part-of: kubezero
spec:
project: kubezero
source:
repoURL: {{ default .root.Values.defaultSource.repoURL }}
targetRevision: {{ default .root.Values.defaultSource.targetRevision }}
{{- if eq .type "helm" }}
path: {{ default .root.Values.defaultSource.pathPrefix }}charts/{{ .name }}
{{- else }}
path: {{ default .root.Values.defaultSource.pathPrefix }}artifacts/{{ .name }}
{{- end }}
destination:
server: {{ default .root.Values.defaultDestination.server }}
namespace: kube-system
{{- end }}

View File

@ -0,0 +1,3 @@
{{- if .Values.calico.enabled }}
{{ template "kubezero.app" dict "root" . "name" "calico" "type" "kustomize" }}
{{- end }}

View File

@ -0,0 +1,10 @@
{{- if .Values.certManager.enabled }}
{{ template "kubezero.app" dict "root" . "name" "kubezeroCertManager" "type" "helm" }}
---
apiVersion: v1
kind: Namespace
metadata:
name: cert-manager
annotations:
iam.amazonaws.com/permitted: ".*CertManagerRole.*"
{{- end }}

View File

@ -0,0 +1,3 @@
{{- if .Values.localVolumeProvisioner.enabled }}
{{ template "kubezero.app" dict "root" . "name" "localVolumeProvisioner" "type" "kustomize" }}
{{- end }}

View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

View File

@ -0,0 +1,6 @@
dependencies:
- name: cert-manager
repository: https://charts.jetstack.io
version: v0.14.3
digest: sha256:b99f220fe708253be29daba252bac3a4c4ae7bfe70f9a518fabe9a6e306d8a84
generated: "2020-05-04T16:55:09.668227657+01:00"

View File

@ -0,0 +1,15 @@
apiVersion: v2
name: kubezeroCertManager
description: KubeZero Umbrella Chart for cert-manager
type: application
version: 0.1.0
home: https://kubezero.com
keywords:
- kubezero
- cert-manager
maintainers:
- name: Quarky9
dependencies:
- name: cert-manager
version: 0.14.3
repository: https://charts.jetstack.io

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,3 @@
#!/bin/bash
curl -Lso crds/cert-manager-crds.yaml https://github.com/jetstack/cert-manager/releases/download/v0.14.3/cert-manager.crds.yaml

View File

@ -0,0 +1,28 @@
cert-manager:
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
nodeSelector:
node-role.kubernetes.io/master: ""
ingressShim:
defaultIssuerName: letsencrypt-dns-prod
defaultIssuerKind: ClusterIssuer
webhook:
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
nodeSelector:
node-role.kubernetes.io/master: ""
cainjector:
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
nodeSelector:
node-role.kubernetes.io/master: ""
extraArgs:
- "--dns01-recursive-nameservers-only"
prometheus:
servicemonitor:
enabled: false
#podAnnotations:
# iam.amazonaws.com/role: "INSERT_CLOUDFORMATION_OUTPUT_CertManagerRoleArn"