Feat: Argo integrate helm-secrets and vals
This commit is contained in:
parent
0f36373dce
commit
bb18b44fb8
@ -1,6 +1,6 @@
|
|||||||
# kubezero-argo
|
# kubezero-argo
|
||||||
|
|
||||||
![Version: 0.2.1](https://img.shields.io/badge/Version-0.2.1-informational?style=flat-square)
|
![Version: 0.2.2](https://img.shields.io/badge/Version-0.2.2-informational?style=flat-square)
|
||||||
|
|
||||||
KubeZero Argo - Events, Workflow, CD
|
KubeZero Argo - Events, Workflow, CD
|
||||||
|
|
||||||
@ -18,23 +18,22 @@ Kubernetes: `>= 1.26.0`
|
|||||||
|
|
||||||
| Repository | Name | Version |
|
| Repository | Name | Version |
|
||||||
|------------|------|---------|
|
|------------|------|---------|
|
||||||
| https://argoproj.github.io/argo-helm | argo-cd | 6.7.10 |
|
| https://argoproj.github.io/argo-helm | argo-cd | 6.9.2 |
|
||||||
| https://argoproj.github.io/argo-helm | argo-events | 2.4.4 |
|
| https://argoproj.github.io/argo-helm | argo-events | 2.4.4 |
|
||||||
| https://argoproj.github.io/argo-helm | argocd-apps | 2.0.0 |
|
| https://argoproj.github.io/argo-helm | argocd-apps | 2.0.0 |
|
||||||
| https://argoproj.github.io/argo-helm | argocd-image-updater | 0.9.6 |
|
| https://argoproj.github.io/argo-helm | argocd-image-updater | 0.10.0 |
|
||||||
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
|
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
|
||||||
|
|
||||||
## Values
|
## Values
|
||||||
|
|
||||||
| Key | Type | Default | Description |
|
| Key | Type | Default | Description |
|
||||||
|-----|------|---------|-------------|
|
|-----|------|---------|-------------|
|
||||||
| argo-cd.applicationSet.enabled | bool | `false` | |
|
|
||||||
| argo-cd.configs.cm."resource.customizations" | string | `"cert-manager.io/Certificate:\n # Lua script for customizing the health status assessment\n health.lua: |\n hs = {}\n if obj.status ~= nil then\n if obj.status.conditions ~= nil then\n for i, condition in ipairs(obj.status.conditions) do\n if condition.type == \"Ready\" and condition.status == \"False\" then\n hs.status = \"Degraded\"\n hs.message = condition.message\n return hs\n end\n if condition.type == \"Ready\" and condition.status == \"True\" then\n hs.status = \"Healthy\"\n hs.message = condition.message\n return hs\n end\n end\n end\n end\n hs.status = \"Progressing\"\n hs.message = \"Waiting for certificate\"\n return hs\n"` | |
|
| argo-cd.configs.cm."resource.customizations" | string | `"cert-manager.io/Certificate:\n # Lua script for customizing the health status assessment\n health.lua: |\n hs = {}\n if obj.status ~= nil then\n if obj.status.conditions ~= nil then\n for i, condition in ipairs(obj.status.conditions) do\n if condition.type == \"Ready\" and condition.status == \"False\" then\n hs.status = \"Degraded\"\n hs.message = condition.message\n return hs\n end\n if condition.type == \"Ready\" and condition.status == \"True\" then\n hs.status = \"Healthy\"\n hs.message = condition.message\n return hs\n end\n end\n end\n end\n hs.status = \"Progressing\"\n hs.message = \"Waiting for certificate\"\n return hs\n"` | |
|
||||||
| argo-cd.configs.cm."timeout.reconciliation" | string | `"300s"` | |
|
| argo-cd.configs.cm."timeout.reconciliation" | string | `"300s"` | |
|
||||||
| argo-cd.configs.cm."ui.bannercontent" | string | `"KubeZero v1.27 - Release notes"` | |
|
| argo-cd.configs.cm."ui.bannercontent" | string | `"KubeZero v1.28 - Release notes"` | |
|
||||||
| argo-cd.configs.cm."ui.bannerpermanent" | string | `"true"` | |
|
| argo-cd.configs.cm."ui.bannerpermanent" | string | `"true"` | |
|
||||||
| argo-cd.configs.cm."ui.bannerposition" | string | `"bottom"` | |
|
| argo-cd.configs.cm."ui.bannerposition" | string | `"bottom"` | |
|
||||||
| argo-cd.configs.cm."ui.bannerurl" | string | `"https://kubezero.com/releases/v1.27"` | |
|
| argo-cd.configs.cm."ui.bannerurl" | string | `"https://kubezero.com/releases/v1.28"` | |
|
||||||
| argo-cd.configs.cm.url | string | `"https://argocd.example.com"` | |
|
| argo-cd.configs.cm.url | string | `"https://argocd.example.com"` | |
|
||||||
| argo-cd.configs.params."controller.operation.processors" | string | `"5"` | |
|
| argo-cd.configs.params."controller.operation.processors" | string | `"5"` | |
|
||||||
| argo-cd.configs.params."controller.status.processors" | string | `"10"` | |
|
| argo-cd.configs.params."controller.status.processors" | string | `"10"` | |
|
||||||
@ -50,13 +49,37 @@ Kubernetes: `>= 1.26.0`
|
|||||||
| argo-cd.controller.resources.requests.memory | string | `"512Mi"` | |
|
| argo-cd.controller.resources.requests.memory | string | `"512Mi"` | |
|
||||||
| argo-cd.dex.enabled | bool | `false` | |
|
| argo-cd.dex.enabled | bool | `false` | |
|
||||||
| argo-cd.enabled | bool | `false` | |
|
| argo-cd.enabled | bool | `false` | |
|
||||||
|
| argo-cd.global.image.repository | string | `"public.ecr.aws/zero-downtime/zdt-argocd"` | |
|
||||||
|
| argo-cd.global.image.tag | string | `"v2.11.0"` | |
|
||||||
| argo-cd.global.logging.format | string | `"json"` | |
|
| argo-cd.global.logging.format | string | `"json"` | |
|
||||||
| argo-cd.istio.enabled | bool | `false` | |
|
| argo-cd.istio.enabled | bool | `false` | |
|
||||||
| argo-cd.istio.gateway | string | `"istio-ingress/ingressgateway"` | |
|
| argo-cd.istio.gateway | string | `"istio-ingress/ingressgateway"` | |
|
||||||
| argo-cd.istio.ipBlocks | list | `[]` | |
|
| argo-cd.istio.ipBlocks | list | `[]` | |
|
||||||
| argo-cd.notifications.enabled | bool | `false` | |
|
| argo-cd.notifications.enabled | bool | `false` | |
|
||||||
|
| argo-cd.repoServer.clusterRoleRules.enabled | bool | `true` | |
|
||||||
|
| argo-cd.repoServer.clusterRoleRules.rules[0].apiGroups[0] | string | `""` | |
|
||||||
|
| argo-cd.repoServer.clusterRoleRules.rules[0].resources[0] | string | `"secrets"` | |
|
||||||
|
| argo-cd.repoServer.clusterRoleRules.rules[0].verbs[0] | string | `"get"` | |
|
||||||
|
| argo-cd.repoServer.clusterRoleRules.rules[0].verbs[1] | string | `"watch"` | |
|
||||||
|
| argo-cd.repoServer.clusterRoleRules.rules[0].verbs[2] | string | `"list"` | |
|
||||||
|
| argo-cd.repoServer.initContainers[0].command[0] | string | `"/usr/local/bin/sa2kubeconfig.sh"` | |
|
||||||
|
| argo-cd.repoServer.initContainers[0].command[1] | string | `"/home/argocd/.kube/config"` | |
|
||||||
|
| argo-cd.repoServer.initContainers[0].image | string | `"public.ecr.aws/zero-downtime/zdt-argocd:v2.11.0"` | |
|
||||||
|
| argo-cd.repoServer.initContainers[0].imagePullPolicy | string | `"IfNotPresent"` | |
|
||||||
|
| argo-cd.repoServer.initContainers[0].name | string | `"create-kubeconfig"` | |
|
||||||
|
| argo-cd.repoServer.initContainers[0].securityContext.allowPrivilegeEscalation | bool | `false` | |
|
||||||
|
| argo-cd.repoServer.initContainers[0].securityContext.capabilities.drop[0] | string | `"ALL"` | |
|
||||||
|
| argo-cd.repoServer.initContainers[0].securityContext.readOnlyRootFilesystem | bool | `true` | |
|
||||||
|
| argo-cd.repoServer.initContainers[0].securityContext.runAsNonRoot | bool | `true` | |
|
||||||
|
| argo-cd.repoServer.initContainers[0].securityContext.seccompProfile.type | string | `"RuntimeDefault"` | |
|
||||||
|
| argo-cd.repoServer.initContainers[0].volumeMounts[0].mountPath | string | `"/home/argocd/.kube"` | |
|
||||||
|
| argo-cd.repoServer.initContainers[0].volumeMounts[0].name | string | `"kubeconfigs"` | |
|
||||||
| argo-cd.repoServer.metrics.enabled | bool | `false` | |
|
| argo-cd.repoServer.metrics.enabled | bool | `false` | |
|
||||||
| argo-cd.repoServer.metrics.serviceMonitor.enabled | bool | `true` | |
|
| argo-cd.repoServer.metrics.serviceMonitor.enabled | bool | `true` | |
|
||||||
|
| argo-cd.repoServer.volumeMounts[0].mountPath | string | `"/home/argocd/.kube"` | |
|
||||||
|
| argo-cd.repoServer.volumeMounts[0].name | string | `"kubeconfigs"` | |
|
||||||
|
| argo-cd.repoServer.volumes[0].emptyDir | object | `{}` | |
|
||||||
|
| argo-cd.repoServer.volumes[0].name | string | `"kubeconfigs"` | |
|
||||||
| argo-cd.server.metrics.enabled | bool | `false` | |
|
| argo-cd.server.metrics.enabled | bool | `false` | |
|
||||||
| argo-cd.server.metrics.serviceMonitor.enabled | bool | `true` | |
|
| argo-cd.server.metrics.serviceMonitor.enabled | bool | `true` | |
|
||||||
| argo-cd.server.service.servicePortHttpsName | string | `"grpc"` | |
|
| argo-cd.server.service.servicePortHttpsName | string | `"grpc"` | |
|
||||||
@ -87,6 +110,7 @@ Kubernetes: `>= 1.26.0`
|
|||||||
| argocd-image-updater.sshConfig.config | string | `"Host *\n PubkeyAcceptedAlgorithms +ssh-rsa\n HostkeyAlgorithms +ssh-rsa\n"` | |
|
| argocd-image-updater.sshConfig.config | string | `"Host *\n PubkeyAcceptedAlgorithms +ssh-rsa\n HostkeyAlgorithms +ssh-rsa\n"` | |
|
||||||
|
|
||||||
## Resources
|
## Resources
|
||||||
|
- https://github.com/argoproj/argoproj/blob/main/docs/end_user_threat_model.pdf
|
||||||
- https://argoproj.github.io/argo-cd/operator-manual/metrics/
|
- https://argoproj.github.io/argo-cd/operator-manual/metrics/
|
||||||
- https://raw.githubusercontent.com/argoproj/argo-cd/master/examples/dashboard.json
|
- https://raw.githubusercontent.com/argoproj/argo-cd/master/examples/dashboard.json
|
||||||
|
|
||||||
|
@ -16,6 +16,7 @@
|
|||||||
{{ template "chart.valuesSection" . }}
|
{{ template "chart.valuesSection" . }}
|
||||||
|
|
||||||
## Resources
|
## Resources
|
||||||
|
- https://github.com/argoproj/argoproj/blob/main/docs/end_user_threat_model.pdf
|
||||||
- https://argoproj.github.io/argo-cd/operator-manual/metrics/
|
- https://argoproj.github.io/argo-cd/operator-manual/metrics/
|
||||||
- https://raw.githubusercontent.com/argoproj/argo-cd/master/examples/dashboard.json
|
- https://raw.githubusercontent.com/argoproj/argo-cd/master/examples/dashboard.json
|
||||||
|
|
||||||
|
@ -36,19 +36,16 @@ argocd-apps:
|
|||||||
projects: {}
|
projects: {}
|
||||||
applications: {}
|
applications: {}
|
||||||
|
|
||||||
|
|
||||||
argo-cd:
|
argo-cd:
|
||||||
enabled: false
|
enabled: false
|
||||||
#configs:
|
|
||||||
# secret:
|
|
||||||
# `htpasswd -nbBC 10 "" $ARGO_PWD | tr -d ':\n' | sed 's/$2y/$2a/'`
|
|
||||||
# argocdServerAdminPassword: "$2a$10$ivKzaXVxMqdeDSfS3nqi1Od3iDbnL7oXrixzDfZFRHlXHnAG6LydG"
|
|
||||||
# argocdServerAdminPasswordMtime: "2020-04-24T15:33:09BST"
|
|
||||||
|
|
||||||
global:
|
global:
|
||||||
logging:
|
logging:
|
||||||
format: json
|
format: json
|
||||||
# image:
|
image:
|
||||||
# tag: v2.1.6
|
repository: public.ecr.aws/zero-downtime/zdt-argocd
|
||||||
|
tag: v2.11.0
|
||||||
|
|
||||||
configs:
|
configs:
|
||||||
styles: |
|
styles: |
|
||||||
@ -94,6 +91,10 @@ argo-cd:
|
|||||||
|
|
||||||
secret:
|
secret:
|
||||||
createSecret: false
|
createSecret: false
|
||||||
|
# `htpasswd -nbBC 10 "" $ARGO_PWD | tr -d ':\n' | sed 's/$2y/$2a/'`
|
||||||
|
# argocdServerAdminPassword: "$2a$10$ivKzaXVxMqdeDSfS3nqi1Od3iDbnL7oXrixzDfZFRHlXHnAG6LydG"
|
||||||
|
# argocdServerAdminPassword: "ref+file://secrets.yaml#/test"
|
||||||
|
# argocdServerAdminPasswordMtime: "2020-04-24T15:33:09BST"
|
||||||
|
|
||||||
ssh:
|
ssh:
|
||||||
extraHosts: "git.zero-downtime.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8YdJ4YcOK7A0K7qOWsRjCS+wHTStXRcwBe7gjG43HPSNijiCKoGf/c+tfNsRhyouawg7Law6M6ahmS/jKWBpznRIM+OdOFVSuhnK/nr6h6wG3/ZfdLicyAPvx1/STGY/Fc6/zXA88i/9PV+g84gSVmhf3fGY92wokiASiu9DU4T9dT1gIkdyOX6fbMi1/mMKLSrHnAQcjyasYDvw9ISCJ95EoSwbj7O4c+7jo9fxYvdCfZZZAEZGozTRLAAO0AnjVcRah7bZV/jfHJuhOipV/TB7UVAhlVv1dfGV7hoTp9UKtKZFJF4cjIrSGxqQA/mdhSdLgkepK7yc4Jp2xGnaarhY29DfqsQqop+ugFpTbj7Xy5Rco07mXc6XssbAZhI1xtCOX20N4PufBuYippCK5AE6AiAyVtJmvfGQk4HP+TjOyhFo7PZm3wc9Hym7IBBVC0Sl30K8ddufkAgHwNGvvu1ZmD9ZWaMOXJDHBCZGMMr16QREZwVtZTwMEQalc7/yqmuqMhmcJIfs/GA2Lt91y+pq9C8XyeUL0VFPch0vkcLSRe3ghMZpRFJ/ht307xPcLzgTJqN6oQtNNDzSQglSEjwhge2K4GyWcIh+oGsWxWz5dHyk1iJmw90Y976BZIl/mYVgbTtZAJ81oGe/0k5rAe+LDL+Yq6tG28QFOg0QmiQ=="
|
extraHosts: "git.zero-downtime.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8YdJ4YcOK7A0K7qOWsRjCS+wHTStXRcwBe7gjG43HPSNijiCKoGf/c+tfNsRhyouawg7Law6M6ahmS/jKWBpznRIM+OdOFVSuhnK/nr6h6wG3/ZfdLicyAPvx1/STGY/Fc6/zXA88i/9PV+g84gSVmhf3fGY92wokiASiu9DU4T9dT1gIkdyOX6fbMi1/mMKLSrHnAQcjyasYDvw9ISCJ95EoSwbj7O4c+7jo9fxYvdCfZZZAEZGozTRLAAO0AnjVcRah7bZV/jfHJuhOipV/TB7UVAhlVv1dfGV7hoTp9UKtKZFJF4cjIrSGxqQA/mdhSdLgkepK7yc4Jp2xGnaarhY29DfqsQqop+ugFpTbj7Xy5Rco07mXc6XssbAZhI1xtCOX20N4PufBuYippCK5AE6AiAyVtJmvfGQk4HP+TjOyhFo7PZm3wc9Hym7IBBVC0Sl30K8ddufkAgHwNGvvu1ZmD9ZWaMOXJDHBCZGMMr16QREZwVtZTwMEQalc7/yqmuqMhmcJIfs/GA2Lt91y+pq9C8XyeUL0VFPch0vkcLSRe3ghMZpRFJ/ht307xPcLzgTJqN6oQtNNDzSQglSEjwhge2K4GyWcIh+oGsWxWz5dHyk1iJmw90Y976BZIl/mYVgbTtZAJ81oGe/0k5rAe+LDL+Yq6tG28QFOg0QmiQ=="
|
||||||
@ -125,6 +126,41 @@ argo-cd:
|
|||||||
serviceMonitor:
|
serviceMonitor:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
- name: kubeconfigs
|
||||||
|
emptyDir: {}
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /home/argocd/.kube
|
||||||
|
name: kubeconfigs
|
||||||
|
|
||||||
|
# Allow vals to read internal secrets across all namespaces
|
||||||
|
clusterRoleRules:
|
||||||
|
enabled: true
|
||||||
|
rules:
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources: ["secrets"]
|
||||||
|
verbs: ["get", "watch", "list"]
|
||||||
|
|
||||||
|
initContainers:
|
||||||
|
- name: create-kubeconfig
|
||||||
|
image: public.ecr.aws/zero-downtime/zdt-argocd:v2.11.0
|
||||||
|
imagePullPolicy: IfNotPresent
|
||||||
|
command:
|
||||||
|
- /usr/local/bin/sa2kubeconfig.sh
|
||||||
|
- /home/argocd/.kube/config
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /home/argocd/.kube
|
||||||
|
name: kubeconfigs
|
||||||
|
securityContext:
|
||||||
|
runAsNonRoot: true
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
seccompProfile:
|
||||||
|
type: RuntimeDefault
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- ALL
|
||||||
|
|
||||||
server:
|
server:
|
||||||
# Rename former https port to grpc, works with istio + insecure
|
# Rename former https port to grpc, works with istio + insecure
|
||||||
service:
|
service:
|
||||||
@ -141,9 +177,6 @@ argo-cd:
|
|||||||
dex:
|
dex:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
|
||||||
applicationSet:
|
|
||||||
enabled: false
|
|
||||||
|
|
||||||
notifications:
|
notifications:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user