diff --git a/charts/kubezero-app/templates/calico.yaml b/charts/kubezero-app/templates/calico.yaml deleted file mode 100644 index 178943b..0000000 --- a/charts/kubezero-app/templates/calico.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.calico.enabled }} -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: calico - namespace: argocd - labels: - app.kubernetes.io/name: {{ .Chart.Name }}-calico - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: kubezero -spec: - project: kubezero - - source: - repoURL: {{ default .Values.defaultSource.repoURL }} - targetRevision: {{ default .Values.defaultSource.targetRevision }} - path: {{ default .Values.defaultSource.pathPrefix }}artifacts/calico - - destination: - server: {{ default .Values.defaultDestination.server }} - namespace: kube-system -{{- end }} diff --git a/charts/kubezero-app/templates/cert-manager.yaml b/charts/kubezero-app/templates/cert-manager.yaml deleted file mode 100644 index 98c61a7..0000000 --- a/charts/kubezero-app/templates/cert-manager.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.certManager.enabled }} -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: cert-manager - namespace: argocd - labels: - app.kubernetes.io/name: {{ .Chart.Name }}-cert-manager - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: kubezero -spec: - project: kubezero - - source: - repoURL: {{ default .Values.defaultSource.repoURL }} - targetRevision: {{ default .Values.defaultSource.targetRevision }} - path: {{ default .Values.defaultSource.pathPrefix }}artifacts/cert-manager - - destination: - server: {{ default .Values.defaultDestination.server }} - namespace: kube-system -{{- end }} diff --git a/charts/kubezero-app/templates/local-volume-provisioner.yaml b/charts/kubezero-app/templates/local-volume-provisioner.yaml deleted file mode 100644 index 8dce31d..0000000 --- a/charts/kubezero-app/templates/local-volume-provisioner.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.localVolumeProvisioner.enabled }} -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: local-volume-provisioner - namespace: argocd - labels: - app.kubernetes.io/name: {{ .Chart.Name }}-localVolumeProvisioner - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: kubezero - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - project: kubezero - - source: - repoURL: {{ default .Values.defaultSource.repoURL }} - targetRevision: {{ default .Values.defaultSource.targetRevision }} - path: {{ default .Values.defaultSource.pathPrefix }}artifacts/local-volume-provisioner - - destination: - server: {{ default .Values.defaultDestination.server }} - namespace: kube-system -{{- end }} diff --git a/charts/kubezero/Chart.lock b/charts/kubezero/Chart.lock new file mode 100644 index 0000000..ad92114 --- /dev/null +++ b/charts/kubezero/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: argo-cd + repository: https://argoproj.github.io/argo-helm + version: 2.2.13 +digest: sha256:f27e25c51f555fd32ccb9c29ac5351938c78fc7b0bce1eb26acbc21a261caabf +generated: "2020-05-04T23:48:08.109493489+01:00" diff --git a/charts/kubezero/Chart.yaml b/charts/kubezero/Chart.yaml index 35150c5..df661c5 100644 --- a/charts/kubezero/Chart.yaml +++ b/charts/kubezero/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: KubeZero Helm chart to install Zero Down Time Kuberenetes platform name: kubezero -version: 0.1.8 +version: 0.2.0 home: https://kubezero.com keywords: - kubezero @@ -11,5 +11,5 @@ maintainers: - name: Quarky9 dependencies: - name: argo-cd - version: 2.2.12 + version: 2.2.13 repository: https://argoproj.github.io/argo-helm diff --git a/charts/kubezero/README.md b/charts/kubezero/README.md index 874a4d7..2f0a6dd 100644 --- a/charts/kubezero/README.md +++ b/charts/kubezero/README.md @@ -2,7 +2,7 @@ kubezero ======== KubeZero Helm chart to install Zero Down Time Kuberenetes platform -Current chart version is `0.1.8` +Current chart version is `0.2.0` Source code can be found [here](https://kubezero.com) @@ -10,7 +10,7 @@ Source code can be found [here](https://kubezero.com) | Repository | Name | Version | |------------|------|---------| -| https://argoproj.github.io/argo-helm | argo-cd | 2.2.12 | +| https://argoproj.github.io/argo-helm | argo-cd | 2.2.13 | ## Chart Values @@ -33,7 +33,6 @@ Source code can be found [here](https://kubezero.com) | argo-cd.server.service.servicePortHttpsName | string | `"grpc"` | | | argo-cd.server.tolerations[0].effect | string | `"NoSchedule"` | | | argo-cd.server.tolerations[0].key | string | `"node-role.kubernetes.io/master"` | | -| bootstrap | bool | `true` | Wether to install the root-app `kubezero-app` | -| config | object | `{}` | Kubezero configuration to be passed into kubezero-app | | istio.enabled | bool | `false` | Deploy Istio VirtualService to expose ArgoCD | | istio.gateway | string | `"ingressgateway.istio-system.svc.cluster.local"` | Name of the Istio gateway to add the VirtualService to | +| kubezero | object | `{}` | Kubezero configuration, values.yaml please see kubezeroApp | diff --git a/charts/kubezero/charts/argo-cd/.helmignore b/charts/kubezero/charts/argo-cd/.helmignore deleted file mode 100644 index 2df6bf5..0000000 --- a/charts/kubezero/charts/argo-cd/.helmignore +++ /dev/null @@ -1,2 +0,0 @@ -*.tgz -output diff --git a/charts/kubezero/charts/argo-cd/Chart.yaml b/charts/kubezero/charts/argo-cd/Chart.yaml deleted file mode 100644 index ec7fca5..0000000 --- a/charts/kubezero/charts/argo-cd/Chart.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -appVersion: "1.5.2" -description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. -name: argo-cd -version: 2.2.12 -home: https://github.com/argoproj/argo-helm -icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png -keywords: - - argoproj - - argocd - - gitops -maintainers: - - name: alexec - - name: alexmt - - name: jessesuen - - name: seanson diff --git a/charts/kubezero/charts/argo-cd/README.md b/charts/kubezero/charts/argo-cd/README.md deleted file mode 100644 index 0ce42bd..0000000 --- a/charts/kubezero/charts/argo-cd/README.md +++ /dev/null @@ -1,308 +0,0 @@ -# Argo CD Chart - -A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. - -Source code can be found [here](https://argoproj.github.io/argo-cd/) - -## Additional Information - -This is a **community maintained** chart. This chart installs [argo-cd](https://argoproj.github.io/argo-cd/), a declarative, GitOps continuous delivery tool for Kubernetes. - -The default installation is intended to be similar to the provided ArgoCD [releases](https://github.com/argoproj/argo-cd/releases). - -This chart currently installs the non-HA version of ArgoCD. - -## Upgrading - -### 1.8.7 to 2.x.x - -`controller.extraArgs`, `repoServer.extraArgs` and `server.extraArgs` are not arrays of strings intead of a map - -What was -```yaml -server: - extraArgs: - insecure: "" -``` - -is now - -```yaml -server: - extraArgs: - - --insecure -``` - -## Prerequisites - -- Kubernetes 1.7+ - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -$ helm repo add argo https://argoproj.github.io/argo-helm -"argo" has been added to your repositories - -$ helm install --name my-release argo/argo-cd -NAME: my-release -... -``` - -### Helm v3 Compatability - -Requires chart version 1.5.2 or newer. - -Helm v3 has removed the `install-crds` hook so CRDs are now populated by files in the [crds](./crds) directory. Users of Helm v3 should set the `installCRDs` value to `false` to avoid warnings about nonexistant webhooks. - -## Chart Values - -| Parameter | Description | Default | -|-----|------|---------| -| global.image.imagePullPolicy | If defined, a imagePullPolicy applied to all ArgoCD deployments. | `"IfNotPresent"` | -| global.image.repository | If defined, a repository applied to all ArgoCD deployments. | `"argoproj/argocd"` | -| global.image.tag | If defined, a tag applied to all ArgoCD deployments. | `"v1.5.2"` | -| global.securityContext | Toggle and define securityContext | See [values.yaml](values.yaml) | -| global.imagePullSecrets | If defined, uses a Secret to pull an image from a private Docker registry or repository. | `[]` | -| global.hostAliases | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | `[]` | -| nameOverride | Provide a name in place of `argocd` | `"argocd"` | -| installCRDs | Install CRDs if you are using Helm2. | `true` | -| configs.knownHosts.data.ssh_known_hosts | Known Hosts | See [values.yaml](values.yaml) | -| configs.secret.annotations | Annotations for argocd-secret | `{}` | -| configs.secret.argocdServerAdminPassword | Admin password | `null` | -| configs.secret.argocdServerAdminPasswordMtime | Admin password modification time | `date "2006-01-02T15:04:05Z" now` if configs.secret.argocdServerAdminPassword is set | -| configs.secret.bitbucketSecret | BitBucket incoming webhook secret | `""` | -| configs.secret.createSecret | Create the argocd-secret. | `true` | -| configs.secret.githubSecret | GitHub incoming webhook secret | `""` | -| configs.secret.gitlabSecret | GitLab incoming webhook secret | `""` | -| configs.tlsCerts.data."argocd.example.com" | TLS certificate | See [values.yaml](values.yaml) | -| configs.secret.extra | add additional secrets to be added to argocd-secret | `{}` | -| openshift.enabled | enables using arbitrary uid for argo repo server | `false` | - -## ArgoCD Controller - -| Parameter | Description | Default | -|-----|---------|-------------| -| controller.affinity | [Assign custom affinity rules to the deployment](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) | `{}` | -| controller.args.operationProcessors | define the controller `--operation-processors` | `"10"` | -| controller.args.statusProcessors | define the controller `--status-processors` | `"20"` | -| controller.clusterAdminAccess.enabled | Enable RBAC for local cluster deployments. | `true` | -| controller.containerPort | Controller listening port. | `8082` | -| controller.extraArgs | Additional arguments for the controller. A list of flags | `[]` | -| controller.env | Environment variables for the controller. | `[]` | -| controller.image.repository | Repository to use for the controller | `global.image.repository` | -| controller.image.imagePullPolicy | Image pull policy for the controller | `global.image.imagePullPolicy` | -| controller.image.tag | Tag to use for the controller | `global.image.tag` | -| controller.livenessProbe.failureThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `3` | -| controller.livenessProbe.initialDelaySeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | -| controller.livenessProbe.periodSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | -| controller.livenessProbe.successThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | -| controller.livenessProbe.timeoutSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | -| controller.logLevel | Controller log level | `"info"` | -| controller.metrics.enabled | Deploy metrics service | `false` | -| controller.metrics.service.annotations | Metrics service annotations | `{}` | -| controller.metrics.service.labels | Metrics service labels | `{}` | -| controller.metrics.service.servicePort | Metrics service port | `8082` | -| controller.metrics.serviceMonitor.enabled | Enable a prometheus ServiceMonitor. | `false` | -| controller.metrics.serviceMonitor.selector | Prometheus ServiceMonitor selector. | `{}` | -| controller.name | Controller name string. | `"application-controller"` | -| controller.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` | -| controller.podAnnotations | Annotations for the controller pods | `{}` | -| controller.podLabels | Labels for the controller pods | `{}` | -| controller.priorityClassName | Priority class for the controller pods | `""` | -| controller.readinessProbe.failureThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `3` | -| controller.readinessProbe.initialDelaySeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | -| controller.readinessProbe.periodSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | -| controller.readinessProbe.successThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | -| controller.readinessProbe.timeoutSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | -| controller.resources | Resource limits and requests for the controller pods. | `{}` | -| controller.service.annotations | Controller service annotations. | `{}` | -| controller.service.labels | Controller service labels. | `{}` | -| controller.service.port | Controller service port. | `8082` | -| controller.serviceAccount.create | Create a service account for the controller | `true` | -| controller.serviceAccount.name | Service account name. | `"argocd-application-controller"` | -| controller.tolerations | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` | -| controller.volumeMounts | Controller volume mounts | `[]` | -| controller.volumes | Controller volumes | `[]` | - -## Argo Repo Server - -| Property | Description | Default | -|-----|---------|-------------| -| repoServer.affinity | [Assign custom affinity rules to the deployment](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) | `{}` | -| repoServer.autoscaling.enabled | Enable Horizontal Pod Autoscaler ([HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/)) for the repo server | `false` | -| repoServer.autoscaling.minReplicas | Minimum number of replicas for the repo server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `1` | -| repoServer.autoscaling.maxReplicas | Maximum number of replicas for the repo server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `5` | -| repoServer.autoscaling.targetCPUUtilizationPercentage | Average CPU utilization percentage for the repo server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `50` | -| repoServer.autoscaling.targetMemoryUtilizationPercentage | Average memory utilization percentage for the repo server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `50` | -| repoServer.containerPort | Repo server port | `8081` | -| repoServer.extraArgs | Additional arguments for the repo server. A list of flags. | `[]` | -| repoServer.env | Environment variables for the repo server. | `[]` | -| repoServer.image.repository | Repository to use for the repo server | `global.image.repository` | -| repoServer.image.imagePullPolicy | Image pull policy for the repo server | `global.image.imagePullPolicy` | -| repoServer.image.tag | Tag to use for the repo server | `global.image.tag` | -| repoServer.livenessProbe.failureThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `3` | -| repoServer.livenessProbe.initialDelaySeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | -| repoServer.livenessProbe.periodSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | -| repoServer.livenessProbe.successThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | -| repoServer.livenessProbe.timeoutSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | -| repoServer.logLevel | Log level | `"info"` | -| repoServer.metrics.enabled | Deploy metrics service | `false` | -| repoServer.metrics.service.annotations | Metrics service annotations | `{}` | -| repoServer.metrics.service.labels | Metrics service labels | `{}` | -| repoServer.metrics.service.servicePort | Metrics service port | `8082` | -| repoServer.metrics.serviceMonitor.enabled | Enable a prometheus ServiceMonitor. | `false` | -| repoServer.metrics.serviceMonitor.selector | Prometheus ServiceMonitor selector. | `{}` | -| repoServer.name | Repo server name | `"repo-server"` | -| repoServer.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` | -| repoServer.podAnnotations | Annotations for the repo server pods | `{}` | -| repoServer.podLabels | Labels for the repo server pods | `{}` | -| repoServer.priorityClassName | Priority class for the repo server | `""` | -| repoServer.readinessProbe.failureThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `3` | -| repoServer.readinessProbe.initialDelaySeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | -| repoServer.readinessProbe.periodSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | -| repoServer.readinessProbe.successThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | -| repoServer.readinessProbe.timeoutSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | -| repoServer.replicas | The number of repo server pods to run | `1` | -| repoServer.resources | Resource limits and requests for the repo server pods. | `{}` | -| repoServer.service.annotations | Repo server service annotations. | `{}` | -| repoServer.service.labels | Repo server service labels. | `{}` | -| repoServer.service.port | Repo server service port. | `8081` | -| repoServer.tolerations | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` | -| repoServer.volumeMounts | Repo server volume mounts | `[]` | -| repoServer.volumes | Repo server volumes | `[]` | - -## Argo Server - -| Parameter | Description | Default | -|-----|---------|-------------| -| server.affinity | [Assign custom affinity rules to the deployment](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) | `{}` | -| server.autoscaling.enabled | Enable Horizontal Pod Autoscaler ([HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/)) for the server | `false` | -| server.autoscaling.minReplicas | Minimum number of replicas for the server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `1` | -| server.autoscaling.maxReplicas | Maximum number of replicas for the server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `5` | -| server.autoscaling.targetCPUUtilizationPercentage | Average CPU utilization percentage for the server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `50` | -| server.autoscaling.targetMemoryUtilizationPercentage | Average memory utilization percentage for the server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `50` | -| server.GKEbackendConfig.enabled | Enable BackendConfig custom resource for Google Kubernetes Engine. | `false` | -| server.GKEbackendConfig.spec | [BackendConfigSpec](https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom) | `{}` | -| server.certificate.additionalHosts | Certificate manager additional hosts | `[]` | -| server.certificate.domain | Certificate manager domain | `"argocd.example.com"` | -| server.certificate.enabled | Enables a certificate manager certificate. | `false` | -| server.certificate.issuer | Certificate manager issuer | `{}` | -| server.clusterAdminAccess.enabled | Enable RBAC for local cluster deployments. | `true` | -| server.config | [General Argo CD configuration](https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#repositories) | See [values.yaml](values.yaml) | -| server.containerPort | Server container port. | `8080` | -| server.extraArgs | Additional arguments for the server. A list of flags. | `[]` | -| server.env | Environment variables for the server. | `[]` | -| server.image.repository | Repository to use for the server | `global.image.repository` | -| server.image.imagePullPolicy | Image pull policy for the server | `global.image.imagePullPolicy` | -| server.image.tag | Tag to use for the server | `global.image.tag` | -| server.ingress.annotations | Additional ingress annotations | `{}` | -| server.ingress.enabled | Enable an ingress resource for the server | `false` | -| server.ingress.hosts | List of ingress hosts | `[]` | -| server.ingress.labels | Additional ingress labels. | `{}` | -| server.ingress.tls | Ingress TLS configuration. | `[]` | -| server.route.enabled | Enable a OpenShift route for the server | `false` | -| server.route.hostname | Hostname of OpenShift route | `""` | -| server.livenessProbe.failureThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `3` | -| server.livenessProbe.initialDelaySeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | -| server.livenessProbe.periodSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | -| server.livenessProbe.successThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | -| server.livenessProbe.timeoutSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | -| server.logLevel | Log level | `"info"` | -| server.metrics.enabled | Deploy metrics service | `false` | -| server.metrics.service.annotations | Metrics service annotations | `{}` | -| server.metrics.service.labels | Metrics service labels | `{}` | -| server.metrics.service.servicePort | Metrics service port | `8082` | -| server.metrics.serviceMonitor.enabled | Enable a prometheus ServiceMonitor. | `false` | -| server.metrics.serviceMonitor.selector | Prometheus ServiceMonitor selector. | `{}` | -| server.name | Argo CD server name | `"server"` | -| server.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` | -| server.podAnnotations | Annotations for the server pods | `{}` | -| server.podLabels | Labels for the server pods | `{}` | -| server.priorityClassName | Priority class for the server | `""` | -| server.rbacConfig | [Argo CD RBAC policy](https://argoproj.github.io/argo-cd/operator-manual/rbac/) | `{}` | -| server.readinessProbe.failureThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `3` | -| server.readinessProbe.initialDelaySeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | -| server.readinessProbe.periodSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | -| server.readinessProbe.successThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | -| server.readinessProbe.timeoutSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | -| server.replicas | The number of server pods to run | `1` | -| server.resources | Resource limits and requests for the server | `{}` | -| server.service.annotations | Server service annotations | `{}` | -| server.service.labels | Server service labels | `{}` | -| server.service.servicePortHttp | Server service http port | `80` | -| server.service.servicePortHttps | Server service https port | `443` | -| server.service.servicePortHttpName | Server service http port name, can be used to route traffic via istio | `http` | -| server.service.servicePortHttpsName | Server service https port name, can be used to route traffic via istio | `https` | -| server.service.loadBalancerSourceRanges | Source IP ranges to allow access to service from. | `[]` | -| server.service.type | Server service type | `"ClusterIP"` | -| server.serviceAccount.create | Create server service account | `true` | -| server.serviceAccount.name | Server service account name | `"argocd-server"` | -| server.tolerations | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` | -| server.volumeMounts | Server volume mounts | `[]` | -| server.volumes | Server volumes | `[]` | - -## Dex - -| Property | Description | Default | -|-----|---------|-------------| -| dex.affinity | [Assign custom affinity rules to the deployment](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) | `{}` | -| dex.containerPortGrpc | GRPC container port | `5557` | -| dex.containerPortHttp | HTTP container port | `5556` | -| dex.enabled | Enable dex | `true` | -| dex.image.imagePullPolicy | Dex imagePullPolicy | `"IfNotPresent"` | -| dex.image.repository | Dex image repository | `"quay.io/dexidp/dex"` | -| dex.image.tag | Dex image tag | `"v2.14.0"` | -| dex.initImage.repository | Argo CD init image repository. | `global.image.repository` | -| dex.initImage.imagePullPolicy | Argo CD init image imagePullPolicy | `global.image.imagePullPolicy` | -| dex.initImage.tag | Argo CD init image tag | `global.image.tag` | -| dex.name | Dex name | `"dex-server"` | -| dex.env | Environment variables for the Dex server. | `[]` | -| dex.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` | -| dex.podAnnotations | Annotations for the Dex server pods | `{}` | -| dex.podLabels | Labels for the Dex server pods | `{}` | -| dex.priorityClassName | Priority class for dex | `""` | -| dex.resources | Resource limits and requests for dex | `{}` | -| dex.serviceAccount.create | Create dex service account | `true` | -| dex.serviceAccount.name | Dex service account name | `"argocd-dex-server"` | -| dex.servicePortGrpc | Server GRPC port | `5557` | -| dex.servicePortHttp | Server HTTP port | `5556` | -| dex.tolerations | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` | -| dex.volumeMounts | Dex volume mounts | `"/shared"` | -| dex.volumes | Dex volumes | `{}` | - -## Redis - -When Redis is completely disabled from the chart (`redis.enabled=false`) and -an external Redis instance wants to be used or -when Redis HA subcart is enabled (`redis.enabled=true and redis-ha.enabled=true`) -but HA proxy is disabled `redis-ha.haproxy.enabled=false` Redis flags need to be specified -through `xxx.extraArgs` - -| Parameter | Description | Default | -|-----|---------|-------------| -| redis.affinity | [Assign custom affinity rules to the deployment](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) | `{}` | -| redis.containerPort | Redis container port | `6379` | -| redis.enabled | Enable redis | `true` | -| redis.image.imagePullPolicy | Redis imagePullPolicy | `"IfNotPresent"` | -| redis.image.repository | Redis repository | `"redis"` | -| redis.image.tag | Redis tag | `"5.0.3"` | -| redis.name | Redis name | `"redis"` | -| redis.env | Environment variables for the Redis server. | `[]` | -| redis.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` | -| redis.podAnnotations | Annotations for the Redis server pods | `{}` | -| redis.podLabels | Labels for the Redis server pods | `{}` | -| redis.priorityClassName | Priority class for redis | `""` | -| redis.resources | Resource limits and requests for redis | `{}` | -| redis.servicePort | Redis service port | `6379` | -| redis.tolerations | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` | -| redis-ha | Configures [Redis HA subchart](https://github.com/helm/charts/tree/master/stable/redis-ha) The properties below have been changed from the subchart defaults | | -| redis-ha.enabled | Enables the Redis HA subchart and disables the custom Redis single node deployment| `false` | -| redis-ha.exporter.enabled | If `true`, the prometheus exporter sidecar is enabled | `true` | -| redis-ha.persistentVolume.enabled | Configures persistency on Redis nodes | `false` -| redis-ha.redis.masterGroupName | Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated | `argocd` -| redis-ha.redis.config | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) | `` | -| redis-ha.redis.config.save | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled | `""` | -| redis-ha.haproxy.enabled | Enabled HAProxy LoadBalancing/Proxy | `true` | -| redis-ha.haproxy.metrics.enabled | HAProxy enable prometheus metric scraping | `true` | diff --git a/charts/kubezero/charts/argo-cd/crds/crd-application.yaml b/charts/kubezero/charts/argo-cd/crds/crd-application.yaml deleted file mode 100644 index 683d41d..0000000 --- a/charts/kubezero/charts/argo-cd/crds/crd-application.yaml +++ /dev/null @@ -1,1670 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - labels: - app.kubernetes.io/name: applications.argoproj.io - app.kubernetes.io/part-of: argocd - name: applications.argoproj.io - annotations: - helm.sh/hook: crd-install -spec: - group: argoproj.io - names: - kind: Application - listKind: ApplicationList - plural: applications - shortNames: - - app - - apps - singular: application - scope: Namespaced - validation: - openAPIV3Schema: - description: Application is a definition of Application resource. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - operation: - description: Operation contains requested operation parameters. - properties: - initiatedBy: - description: OperationInitiator holds information about the operation - initiator - properties: - automated: - description: Automated is set to true if operation was initiated - automatically by the application controller. - type: boolean - username: - description: Name of a user who started operation. - type: string - type: object - sync: - description: SyncOperation contains sync operation details. - properties: - dryRun: - description: DryRun will perform a `kubectl apply --dry-run` without - actually performing the sync - type: boolean - manifests: - description: Manifests is an optional field that overrides sync - source with a local directory for development - items: - type: string - type: array - prune: - description: Prune deletes resources that are no longer tracked - in git - type: boolean - resources: - description: Resources describes which resources to sync - items: - description: SyncOperationResource contains resources to sync. - properties: - group: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - type: array - revision: - description: Revision is the revision in which to sync the application - to. If omitted, will use the revision specified in app spec. - type: string - source: - description: Source overrides the source definition set in the application. - This is typically set in a Rollback operation and nil during a - Sync operation - properties: - chart: - description: Chart is a Helm chart name - type: string - directory: - description: Directory holds path/directory specific options - properties: - jsonnet: - description: ApplicationSourceJsonnet holds jsonnet specific - options - properties: - extVars: - description: ExtVars is a list of Jsonnet External Variables - items: - description: JsonnetVar is a jsonnet variable - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - tlas: - description: TLAS is a list of Jsonnet Top-level Arguments - items: - description: JsonnetVar is a jsonnet variable - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - type: boolean - type: object - helm: - description: Helm holds helm specific options - properties: - fileParameters: - description: FileParameters are file parameters to the helm - template - items: - description: HelmFileParameter is a file parameter to - a helm template - properties: - name: - description: Name is the name of the helm parameter - type: string - path: - description: Path is the path value for the helm parameter - type: string - type: object - type: array - parameters: - description: Parameters are parameters to the helm template - items: - description: HelmParameter is a parameter to a helm template - properties: - forceString: - description: ForceString determines whether to tell - Helm to interpret booleans and numbers as strings - type: boolean - name: - description: Name is the name of the helm parameter - type: string - value: - description: Value is the value for the helm parameter - type: string - type: object - type: array - releaseName: - description: The Helm release name. If omitted it will use - the application name - type: string - valueFiles: - description: ValuesFiles is a list of Helm value files to - use when generating a template - items: - type: string - type: array - values: - description: Values is Helm values, typically defined as - a block - type: string - type: object - ksonnet: - description: Ksonnet holds ksonnet specific options - properties: - environment: - description: Environment is a ksonnet application environment - name - type: string - parameters: - description: Parameters are a list of ksonnet component - parameter override values - items: - description: KsonnetParameter is a ksonnet component parameter - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - kustomize: - description: Kustomize holds kustomize specific options - properties: - commonLabels: - additionalProperties: - type: string - description: CommonLabels adds additional kustomize commonLabels - type: object - images: - description: Images are kustomize image overrides - items: - type: string - type: array - namePrefix: - description: NamePrefix is a prefix appended to resources - for kustomize apps - type: string - nameSuffix: - description: NameSuffix is a suffix appended to resources - for kustomize apps - type: string - type: object - path: - description: Path is a directory path within the Git repository - type: string - plugin: - description: ConfigManagementPlugin holds config management - plugin specific options - properties: - env: - items: - properties: - name: - description: the name, usually uppercase - type: string - value: - description: the value - type: string - required: - - name - - value - type: object - type: array - name: - type: string - type: object - repoURL: - description: RepoURL is the repository URL of the application - manifests - type: string - targetRevision: - description: TargetRevision defines the commit, tag, or branch - in which to sync the application to. If omitted, will sync - to HEAD - type: string - required: - - repoURL - type: object - syncOptions: - description: SyncOptions provide per-sync sync-options, e.g. Validate=false - items: - type: string - type: array - syncStrategy: - description: SyncStrategy describes how to perform the sync - properties: - apply: - description: Apply wil perform a `kubectl apply` to perform - the sync. - properties: - force: - description: Force indicates whether or not to supply the - --force flag to `kubectl apply`. The --force flag deletes - and re-create the resource, when PATCH encounters conflict - and has retried for 5 times. - type: boolean - type: object - hook: - description: Hook will submit any referenced resources to perform - the sync. This is the default strategy - properties: - force: - description: Force indicates whether or not to supply the - --force flag to `kubectl apply`. The --force flag deletes - and re-create the resource, when PATCH encounters conflict - and has retried for 5 times. - type: boolean - type: object - type: object - type: object - type: object - spec: - description: ApplicationSpec represents desired application state. Contains - link to repository with application definition and additional parameters - link definition revision. - properties: - destination: - description: Destination overrides the kubernetes server and namespace - defined in the environment ksonnet app.yaml - properties: - namespace: - description: Namespace overrides the environment namespace value - in the ksonnet app.yaml - type: string - server: - description: Server overrides the environment server value in the - ksonnet app.yaml - type: string - type: object - ignoreDifferences: - description: IgnoreDifferences controls resources fields which should - be ignored during comparison - items: - description: ResourceIgnoreDifferences contains resource filter and - list of json paths which should be ignored during comparison with - live state. - properties: - group: - type: string - jsonPointers: - items: - type: string - type: array - kind: - type: string - name: - type: string - namespace: - type: string - required: - - jsonPointers - - kind - type: object - type: array - info: - description: Infos contains a list of useful information (URLs, email - addresses, and plain text) that relates to the application - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - project: - description: Project is a application project name. Empty name means - that application belongs to 'default' project. - type: string - revisionHistoryLimit: - description: This limits this number of items kept in the apps revision - history. This should only be changed in exceptional circumstances. - Setting to zero will store no history. This will reduce storage used. - Increasing will increase the space used to store the history, so we - do not recommend increasing it. Default is 10. - format: int64 - type: integer - source: - description: Source is a reference to the location ksonnet application - definition - properties: - chart: - description: Chart is a Helm chart name - type: string - directory: - description: Directory holds path/directory specific options - properties: - jsonnet: - description: ApplicationSourceJsonnet holds jsonnet specific - options - properties: - extVars: - description: ExtVars is a list of Jsonnet External Variables - items: - description: JsonnetVar is a jsonnet variable - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - tlas: - description: TLAS is a list of Jsonnet Top-level Arguments - items: - description: JsonnetVar is a jsonnet variable - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - type: boolean - type: object - helm: - description: Helm holds helm specific options - properties: - fileParameters: - description: FileParameters are file parameters to the helm - template - items: - description: HelmFileParameter is a file parameter to a helm - template - properties: - name: - description: Name is the name of the helm parameter - type: string - path: - description: Path is the path value for the helm parameter - type: string - type: object - type: array - parameters: - description: Parameters are parameters to the helm template - items: - description: HelmParameter is a parameter to a helm template - properties: - forceString: - description: ForceString determines whether to tell Helm - to interpret booleans and numbers as strings - type: boolean - name: - description: Name is the name of the helm parameter - type: string - value: - description: Value is the value for the helm parameter - type: string - type: object - type: array - releaseName: - description: The Helm release name. If omitted it will use the - application name - type: string - valueFiles: - description: ValuesFiles is a list of Helm value files to use - when generating a template - items: - type: string - type: array - values: - description: Values is Helm values, typically defined as a block - type: string - type: object - ksonnet: - description: Ksonnet holds ksonnet specific options - properties: - environment: - description: Environment is a ksonnet application environment - name - type: string - parameters: - description: Parameters are a list of ksonnet component parameter - override values - items: - description: KsonnetParameter is a ksonnet component parameter - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - kustomize: - description: Kustomize holds kustomize specific options - properties: - commonLabels: - additionalProperties: - type: string - description: CommonLabels adds additional kustomize commonLabels - type: object - images: - description: Images are kustomize image overrides - items: - type: string - type: array - namePrefix: - description: NamePrefix is a prefix appended to resources for - kustomize apps - type: string - nameSuffix: - description: NameSuffix is a suffix appended to resources for - kustomize apps - type: string - type: object - path: - description: Path is a directory path within the Git repository - type: string - plugin: - description: ConfigManagementPlugin holds config management plugin - specific options - properties: - env: - items: - properties: - name: - description: the name, usually uppercase - type: string - value: - description: the value - type: string - required: - - name - - value - type: object - type: array - name: - type: string - type: object - repoURL: - description: RepoURL is the repository URL of the application manifests - type: string - targetRevision: - description: TargetRevision defines the commit, tag, or branch in - which to sync the application to. If omitted, will sync to HEAD - type: string - required: - - repoURL - type: object - syncPolicy: - description: SyncPolicy controls when a sync will be performed - properties: - automated: - description: Automated will keep an application synced to the target - revision - properties: - prune: - description: 'Prune will prune resources automatically as part - of automated sync (default: false)' - type: boolean - selfHeal: - description: 'SelfHeal enables auto-syncing if (default: false)' - type: boolean - type: object - syncOptions: - description: Options allow youe to specify whole app sync-options - items: - type: string - type: array - type: object - required: - - destination - - project - - source - type: object - status: - description: ApplicationStatus contains information about application sync, - health status - properties: - conditions: - items: - description: ApplicationCondition contains details about current application - condition - properties: - lastTransitionTime: - description: LastTransitionTime is the time the condition was - first observed. - format: date-time - type: string - message: - description: Message contains human-readable message indicating - details about condition - type: string - type: - description: Type is an application condition type - type: string - required: - - message - - type - type: object - type: array - health: - properties: - message: - type: string - status: - type: string - type: object - history: - description: RevisionHistories is a array of history, oldest first and - newest last - items: - description: RevisionHistory contains information relevant to an application - deployment - properties: - deployedAt: - format: date-time - type: string - id: - format: int64 - type: integer - revision: - type: string - source: - description: ApplicationSource contains information about github - repository, path within repository and target application environment. - properties: - chart: - description: Chart is a Helm chart name - type: string - directory: - description: Directory holds path/directory specific options - properties: - jsonnet: - description: ApplicationSourceJsonnet holds jsonnet specific - options - properties: - extVars: - description: ExtVars is a list of Jsonnet External - Variables - items: - description: JsonnetVar is a jsonnet variable - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - tlas: - description: TLAS is a list of Jsonnet Top-level Arguments - items: - description: JsonnetVar is a jsonnet variable - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - type: boolean - type: object - helm: - description: Helm holds helm specific options - properties: - fileParameters: - description: FileParameters are file parameters to the - helm template - items: - description: HelmFileParameter is a file parameter to - a helm template - properties: - name: - description: Name is the name of the helm parameter - type: string - path: - description: Path is the path value for the helm - parameter - type: string - type: object - type: array - parameters: - description: Parameters are parameters to the helm template - items: - description: HelmParameter is a parameter to a helm - template - properties: - forceString: - description: ForceString determines whether to tell - Helm to interpret booleans and numbers as strings - type: boolean - name: - description: Name is the name of the helm parameter - type: string - value: - description: Value is the value for the helm parameter - type: string - type: object - type: array - releaseName: - description: The Helm release name. If omitted it will - use the application name - type: string - valueFiles: - description: ValuesFiles is a list of Helm value files - to use when generating a template - items: - type: string - type: array - values: - description: Values is Helm values, typically defined - as a block - type: string - type: object - ksonnet: - description: Ksonnet holds ksonnet specific options - properties: - environment: - description: Environment is a ksonnet application environment - name - type: string - parameters: - description: Parameters are a list of ksonnet component - parameter override values - items: - description: KsonnetParameter is a ksonnet component - parameter - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - kustomize: - description: Kustomize holds kustomize specific options - properties: - commonLabels: - additionalProperties: - type: string - description: CommonLabels adds additional kustomize commonLabels - type: object - images: - description: Images are kustomize image overrides - items: - type: string - type: array - namePrefix: - description: NamePrefix is a prefix appended to resources - for kustomize apps - type: string - nameSuffix: - description: NameSuffix is a suffix appended to resources - for kustomize apps - type: string - type: object - path: - description: Path is a directory path within the Git repository - type: string - plugin: - description: ConfigManagementPlugin holds config management - plugin specific options - properties: - env: - items: - properties: - name: - description: the name, usually uppercase - type: string - value: - description: the value - type: string - required: - - name - - value - type: object - type: array - name: - type: string - type: object - repoURL: - description: RepoURL is the repository URL of the application - manifests - type: string - targetRevision: - description: TargetRevision defines the commit, tag, or branch - in which to sync the application to. If omitted, will sync - to HEAD - type: string - required: - - repoURL - type: object - required: - - deployedAt - - id - - revision - type: object - type: array - observedAt: - description: ObservedAt indicates when the application state was updated - without querying latest git state - format: date-time - type: string - operationState: - description: OperationState contains information about state of currently - performing operation on application. - properties: - finishedAt: - description: FinishedAt contains time of operation completion - format: date-time - type: string - message: - description: Message hold any pertinent messages when attempting - to perform operation (typically errors). - type: string - operation: - description: Operation is the original requested operation - properties: - initiatedBy: - description: OperationInitiator holds information about the - operation initiator - properties: - automated: - description: Automated is set to true if operation was initiated - automatically by the application controller. - type: boolean - username: - description: Name of a user who started operation. - type: string - type: object - sync: - description: SyncOperation contains sync operation details. - properties: - dryRun: - description: DryRun will perform a `kubectl apply --dry-run` - without actually performing the sync - type: boolean - manifests: - description: Manifests is an optional field that overrides - sync source with a local directory for development - items: - type: string - type: array - prune: - description: Prune deletes resources that are no longer - tracked in git - type: boolean - resources: - description: Resources describes which resources to sync - items: - description: SyncOperationResource contains resources - to sync. - properties: - group: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - type: array - revision: - description: Revision is the revision in which to sync the - application to. If omitted, will use the revision specified - in app spec. - type: string - source: - description: Source overrides the source definition set - in the application. This is typically set in a Rollback - operation and nil during a Sync operation - properties: - chart: - description: Chart is a Helm chart name - type: string - directory: - description: Directory holds path/directory specific - options - properties: - jsonnet: - description: ApplicationSourceJsonnet holds jsonnet - specific options - properties: - extVars: - description: ExtVars is a list of Jsonnet External - Variables - items: - description: JsonnetVar is a jsonnet variable - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - tlas: - description: TLAS is a list of Jsonnet Top-level - Arguments - items: - description: JsonnetVar is a jsonnet variable - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - type: boolean - type: object - helm: - description: Helm holds helm specific options - properties: - fileParameters: - description: FileParameters are file parameters - to the helm template - items: - description: HelmFileParameter is a file parameter - to a helm template - properties: - name: - description: Name is the name of the helm - parameter - type: string - path: - description: Path is the path value for the - helm parameter - type: string - type: object - type: array - parameters: - description: Parameters are parameters to the helm - template - items: - description: HelmParameter is a parameter to a - helm template - properties: - forceString: - description: ForceString determines whether - to tell Helm to interpret booleans and numbers - as strings - type: boolean - name: - description: Name is the name of the helm - parameter - type: string - value: - description: Value is the value for the helm - parameter - type: string - type: object - type: array - releaseName: - description: The Helm release name. If omitted it - will use the application name - type: string - valueFiles: - description: ValuesFiles is a list of Helm value - files to use when generating a template - items: - type: string - type: array - values: - description: Values is Helm values, typically defined - as a block - type: string - type: object - ksonnet: - description: Ksonnet holds ksonnet specific options - properties: - environment: - description: Environment is a ksonnet application - environment name - type: string - parameters: - description: Parameters are a list of ksonnet component - parameter override values - items: - description: KsonnetParameter is a ksonnet component - parameter - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - kustomize: - description: Kustomize holds kustomize specific options - properties: - commonLabels: - additionalProperties: - type: string - description: CommonLabels adds additional kustomize - commonLabels - type: object - images: - description: Images are kustomize image overrides - items: - type: string - type: array - namePrefix: - description: NamePrefix is a prefix appended to - resources for kustomize apps - type: string - nameSuffix: - description: NameSuffix is a suffix appended to - resources for kustomize apps - type: string - type: object - path: - description: Path is a directory path within the Git - repository - type: string - plugin: - description: ConfigManagementPlugin holds config management - plugin specific options - properties: - env: - items: - properties: - name: - description: the name, usually uppercase - type: string - value: - description: the value - type: string - required: - - name - - value - type: object - type: array - name: - type: string - type: object - repoURL: - description: RepoURL is the repository URL of the application - manifests - type: string - targetRevision: - description: TargetRevision defines the commit, tag, - or branch in which to sync the application to. If - omitted, will sync to HEAD - type: string - required: - - repoURL - type: object - syncOptions: - description: SyncOptions provide per-sync sync-options, - e.g. Validate=false - items: - type: string - type: array - syncStrategy: - description: SyncStrategy describes how to perform the sync - properties: - apply: - description: Apply wil perform a `kubectl apply` to - perform the sync. - properties: - force: - description: Force indicates whether or not to supply - the --force flag to `kubectl apply`. The --force - flag deletes and re-create the resource, when - PATCH encounters conflict and has retried for - 5 times. - type: boolean - type: object - hook: - description: Hook will submit any referenced resources - to perform the sync. This is the default strategy - properties: - force: - description: Force indicates whether or not to supply - the --force flag to `kubectl apply`. The --force - flag deletes and re-create the resource, when - PATCH encounters conflict and has retried for - 5 times. - type: boolean - type: object - type: object - type: object - type: object - phase: - description: Phase is the current phase of the operation - type: string - startedAt: - description: StartedAt contains time of operation start - format: date-time - type: string - syncResult: - description: SyncResult is the result of a Sync operation - properties: - resources: - description: Resources holds the sync result of each individual - resource - items: - description: ResourceResult holds the operation result details - of a specific resource - properties: - group: - type: string - hookPhase: - description: 'the state of any operation associated with - this resource OR hook note: can contain values for non-hook - resources' - type: string - hookType: - description: the type of the hook, empty for non-hook - resources - type: string - kind: - type: string - message: - description: message for the last sync OR operation - type: string - name: - type: string - namespace: - type: string - status: - description: the final result of the sync, this is be - empty if the resources is yet to be applied/pruned and - is always zero-value for hooks - type: string - syncPhase: - description: indicates the particular phase of the sync - that this is for - type: string - version: - type: string - required: - - group - - kind - - name - - namespace - - version - type: object - type: array - revision: - description: Revision holds the revision of the sync - type: string - source: - description: Source records the application source information - of the sync, used for comparing auto-sync - properties: - chart: - description: Chart is a Helm chart name - type: string - directory: - description: Directory holds path/directory specific options - properties: - jsonnet: - description: ApplicationSourceJsonnet holds jsonnet - specific options - properties: - extVars: - description: ExtVars is a list of Jsonnet External - Variables - items: - description: JsonnetVar is a jsonnet variable - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - tlas: - description: TLAS is a list of Jsonnet Top-level - Arguments - items: - description: JsonnetVar is a jsonnet variable - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - type: boolean - type: object - helm: - description: Helm holds helm specific options - properties: - fileParameters: - description: FileParameters are file parameters to the - helm template - items: - description: HelmFileParameter is a file parameter - to a helm template - properties: - name: - description: Name is the name of the helm parameter - type: string - path: - description: Path is the path value for the helm - parameter - type: string - type: object - type: array - parameters: - description: Parameters are parameters to the helm template - items: - description: HelmParameter is a parameter to a helm - template - properties: - forceString: - description: ForceString determines whether to - tell Helm to interpret booleans and numbers - as strings - type: boolean - name: - description: Name is the name of the helm parameter - type: string - value: - description: Value is the value for the helm parameter - type: string - type: object - type: array - releaseName: - description: The Helm release name. If omitted it will - use the application name - type: string - valueFiles: - description: ValuesFiles is a list of Helm value files - to use when generating a template - items: - type: string - type: array - values: - description: Values is Helm values, typically defined - as a block - type: string - type: object - ksonnet: - description: Ksonnet holds ksonnet specific options - properties: - environment: - description: Environment is a ksonnet application environment - name - type: string - parameters: - description: Parameters are a list of ksonnet component - parameter override values - items: - description: KsonnetParameter is a ksonnet component - parameter - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - kustomize: - description: Kustomize holds kustomize specific options - properties: - commonLabels: - additionalProperties: - type: string - description: CommonLabels adds additional kustomize - commonLabels - type: object - images: - description: Images are kustomize image overrides - items: - type: string - type: array - namePrefix: - description: NamePrefix is a prefix appended to resources - for kustomize apps - type: string - nameSuffix: - description: NameSuffix is a suffix appended to resources - for kustomize apps - type: string - type: object - path: - description: Path is a directory path within the Git repository - type: string - plugin: - description: ConfigManagementPlugin holds config management - plugin specific options - properties: - env: - items: - properties: - name: - description: the name, usually uppercase - type: string - value: - description: the value - type: string - required: - - name - - value - type: object - type: array - name: - type: string - type: object - repoURL: - description: RepoURL is the repository URL of the application - manifests - type: string - targetRevision: - description: TargetRevision defines the commit, tag, or - branch in which to sync the application to. If omitted, - will sync to HEAD - type: string - required: - - repoURL - type: object - required: - - revision - type: object - required: - - operation - - phase - - startedAt - type: object - reconciledAt: - description: ReconciledAt indicates when the application state was reconciled - using the latest git version - format: date-time - type: string - resources: - items: - description: ResourceStatus holds the current sync and health status - of a resource - properties: - group: - type: string - health: - properties: - message: - type: string - status: - type: string - type: object - hook: - type: boolean - kind: - type: string - name: - type: string - namespace: - type: string - requiresPruning: - type: boolean - status: - description: SyncStatusCode is a type which represents possible - comparison results - type: string - version: - type: string - type: object - type: array - sourceType: - type: string - summary: - properties: - externalURLs: - description: ExternalURLs holds all external URLs of application - child resources. - items: - type: string - type: array - images: - description: Images holds all images of application child resources. - items: - type: string - type: array - type: object - sync: - description: SyncStatus is a comparison result of application spec and - deployed application. - properties: - comparedTo: - description: ComparedTo contains application source and target which - was used for resources comparison - properties: - destination: - description: ApplicationDestination contains deployment destination - information - properties: - namespace: - description: Namespace overrides the environment namespace - value in the ksonnet app.yaml - type: string - server: - description: Server overrides the environment server value - in the ksonnet app.yaml - type: string - type: object - source: - description: ApplicationSource contains information about github - repository, path within repository and target application - environment. - properties: - chart: - description: Chart is a Helm chart name - type: string - directory: - description: Directory holds path/directory specific options - properties: - jsonnet: - description: ApplicationSourceJsonnet holds jsonnet - specific options - properties: - extVars: - description: ExtVars is a list of Jsonnet External - Variables - items: - description: JsonnetVar is a jsonnet variable - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - tlas: - description: TLAS is a list of Jsonnet Top-level - Arguments - items: - description: JsonnetVar is a jsonnet variable - properties: - code: - type: boolean - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - recurse: - type: boolean - type: object - helm: - description: Helm holds helm specific options - properties: - fileParameters: - description: FileParameters are file parameters to the - helm template - items: - description: HelmFileParameter is a file parameter - to a helm template - properties: - name: - description: Name is the name of the helm parameter - type: string - path: - description: Path is the path value for the helm - parameter - type: string - type: object - type: array - parameters: - description: Parameters are parameters to the helm template - items: - description: HelmParameter is a parameter to a helm - template - properties: - forceString: - description: ForceString determines whether to - tell Helm to interpret booleans and numbers - as strings - type: boolean - name: - description: Name is the name of the helm parameter - type: string - value: - description: Value is the value for the helm parameter - type: string - type: object - type: array - releaseName: - description: The Helm release name. If omitted it will - use the application name - type: string - valueFiles: - description: ValuesFiles is a list of Helm value files - to use when generating a template - items: - type: string - type: array - values: - description: Values is Helm values, typically defined - as a block - type: string - type: object - ksonnet: - description: Ksonnet holds ksonnet specific options - properties: - environment: - description: Environment is a ksonnet application environment - name - type: string - parameters: - description: Parameters are a list of ksonnet component - parameter override values - items: - description: KsonnetParameter is a ksonnet component - parameter - properties: - component: - type: string - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - kustomize: - description: Kustomize holds kustomize specific options - properties: - commonLabels: - additionalProperties: - type: string - description: CommonLabels adds additional kustomize - commonLabels - type: object - images: - description: Images are kustomize image overrides - items: - type: string - type: array - namePrefix: - description: NamePrefix is a prefix appended to resources - for kustomize apps - type: string - nameSuffix: - description: NameSuffix is a suffix appended to resources - for kustomize apps - type: string - type: object - path: - description: Path is a directory path within the Git repository - type: string - plugin: - description: ConfigManagementPlugin holds config management - plugin specific options - properties: - env: - items: - properties: - name: - description: the name, usually uppercase - type: string - value: - description: the value - type: string - required: - - name - - value - type: object - type: array - name: - type: string - type: object - repoURL: - description: RepoURL is the repository URL of the application - manifests - type: string - targetRevision: - description: TargetRevision defines the commit, tag, or - branch in which to sync the application to. If omitted, - will sync to HEAD - type: string - required: - - repoURL - type: object - required: - - destination - - source - type: object - revision: - type: string - status: - description: SyncStatusCode is a type which represents possible - comparison results - type: string - required: - - status - type: object - type: object - required: - - metadata - - spec - type: object - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true diff --git a/charts/kubezero/charts/argo-cd/crds/crd-project.yaml b/charts/kubezero/charts/argo-cd/crds/crd-project.yaml deleted file mode 100644 index e924423..0000000 --- a/charts/kubezero/charts/argo-cd/crds/crd-project.yaml +++ /dev/null @@ -1,209 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - labels: - app.kubernetes.io/name: appprojects.argoproj.io - app.kubernetes.io/part-of: argocd - name: appprojects.argoproj.io - annotations: - helm.sh/hook: crd-install -spec: - group: argoproj.io - names: - kind: AppProject - listKind: AppProjectList - plural: appprojects - shortNames: - - appproj - - appprojs - singular: appproject - scope: Namespaced - validation: - openAPIV3Schema: - description: 'AppProject provides a logical grouping of applications, providing - controls for: * where the apps may deploy to (cluster whitelist) * what may - be deployed (repository whitelist, resource whitelist/blacklist) * who can - access these applications (roles, OIDC group claims bindings) * and what they - can do (RBAC policies) * automation access to these roles (JWT tokens)' - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: AppProjectSpec is the specification of an AppProject - properties: - clusterResourceWhitelist: - description: ClusterResourceWhitelist contains list of whitelisted cluster - level resources - items: - description: GroupKind specifies a Group and a Kind, but does not - force a version. This is useful for identifying concepts during - lookup stages without having partially valid types - properties: - group: - type: string - kind: - type: string - required: - - group - - kind - type: object - type: array - description: - description: Description contains optional project description - type: string - destinations: - description: Destinations contains list of destinations available for - deployment - items: - description: ApplicationDestination contains deployment destination - information - properties: - namespace: - description: Namespace overrides the environment namespace value - in the ksonnet app.yaml - type: string - server: - description: Server overrides the environment server value in - the ksonnet app.yaml - type: string - type: object - type: array - namespaceResourceBlacklist: - description: NamespaceResourceBlacklist contains list of blacklisted - namespace level resources - items: - description: GroupKind specifies a Group and a Kind, but does not - force a version. This is useful for identifying concepts during - lookup stages without having partially valid types - properties: - group: - type: string - kind: - type: string - required: - - group - - kind - type: object - type: array - orphanedResources: - description: OrphanedResources specifies if controller should monitor - orphaned resources of apps in this project - properties: - warn: - description: Warn indicates if warning condition should be created - for apps which have orphaned resources - type: boolean - type: object - roles: - description: Roles are user defined RBAC roles associated with this - project - items: - description: ProjectRole represents a role that has access to a project - properties: - description: - description: Description is a description of the role - type: string - groups: - description: Groups are a list of OIDC group claims bound to this - role - items: - type: string - type: array - jwtTokens: - description: JWTTokens are a list of generated JWT tokens bound - to this role - items: - description: JWTToken holds the issuedAt and expiresAt values - of a token - properties: - exp: - format: int64 - type: integer - iat: - format: int64 - type: integer - required: - - iat - type: object - type: array - name: - description: Name is a name for this role - type: string - policies: - description: Policies Stores a list of casbin formated strings - that define access policies for the role in the project - items: - type: string - type: array - required: - - name - type: object - type: array - sourceRepos: - description: SourceRepos contains list of repository URLs which can - be used for deployment - items: - type: string - type: array - syncWindows: - description: SyncWindows controls when syncs can be run for apps in - this project - items: - description: SyncWindow contains the kind, time, duration and attributes - that are used to assign the syncWindows to apps - properties: - applications: - description: Applications contains a list of applications that - the window will apply to - items: - type: string - type: array - clusters: - description: Clusters contains a list of clusters that the window - will apply to - items: - type: string - type: array - duration: - description: Duration is the amount of time the sync window will - be open - type: string - kind: - description: Kind defines if the window allows or blocks syncs - type: string - manualSync: - description: ManualSync enables manual syncs when they would otherwise - be blocked - type: boolean - namespaces: - description: Namespaces contains a list of namespaces that the - window will apply to - items: - type: string - type: array - schedule: - description: Schedule is the time the window will begin, specified - in cron format - type: string - type: object - type: array - type: object - required: - - metadata - - spec - type: object - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true diff --git a/charts/kubezero/charts/argo-cd/requirements.lock b/charts/kubezero/charts/argo-cd/requirements.lock deleted file mode 100644 index 61752cc..0000000 --- a/charts/kubezero/charts/argo-cd/requirements.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: redis-ha - repository: https://kubernetes-charts.storage.googleapis.com - version: 4.4.2 -digest: sha256:70fdd035c3aa3b7185882f12a73143c58ab32f04262dda2cf34a2b1a52116d96 -generated: "2020-03-29T14:37:59.349371452+01:00" diff --git a/charts/kubezero/charts/argo-cd/requirements.yaml b/charts/kubezero/charts/argo-cd/requirements.yaml deleted file mode 100644 index eb6313d..0000000 --- a/charts/kubezero/charts/argo-cd/requirements.yaml +++ /dev/null @@ -1,5 +0,0 @@ -dependencies: -- name: redis-ha - version: 4.4.2 - repository: https://kubernetes-charts.storage.googleapis.com - condition: redis-ha.enabled \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/NOTES.txt b/charts/kubezero/charts/argo-cd/templates/NOTES.txt deleted file mode 100644 index a320fb0..0000000 --- a/charts/kubezero/charts/argo-cd/templates/NOTES.txt +++ /dev/null @@ -1,15 +0,0 @@ -In order to access the server UI you have the following options: - -1. kubectl port-forward service/{{include "argo-cd.fullname" . }}-server -n {{ .Release.Namespace }} 8080:443 - - and then open the browser on http://localhost:8080 and accept the certificate - -2. enable ingress in the values file `service.ingress.enabled` and either - - Add the annotation for ssl passthrough: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ingress.md#option-1-ssl-passthrough - - Add the `--insecure` flag to `server.extraArgs` in the values file and terminate SSL at your ingress: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ingress.md#option-2-multiple-ingress-objects-and-hosts - - -After reaching the UI the first time you can login with username: admin and the password will be the -name of the server pod. You can get the pod name by running: - -kubectl get pods -n {{ .Release.Namespace }} -l app.kubernetes.io/name={{ include "argo-cd.name" . }}-server -o name | cut -d'/' -f 2 diff --git a/charts/kubezero/charts/argo-cd/templates/_helpers.tpl b/charts/kubezero/charts/argo-cd/templates/_helpers.tpl deleted file mode 100644 index 8edaf21..0000000 --- a/charts/kubezero/charts/argo-cd/templates/_helpers.tpl +++ /dev/null @@ -1,118 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "argo-cd.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "argo-cd.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create controller name and version as used by the chart label. -*/}} -{{- define "argo-cd.controller.fullname" -}} -{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.controller.name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create dex name and version as used by the chart label. -*/}} -{{- define "argo-cd.dex.fullname" -}} -{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.dex.name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create redis name and version as used by the chart label. -*/}} -{{- define "argo-cd.redis.fullname" -}} -{{ $redisHa := (index .Values "redis-ha") }} -{{- if $redisHa.enabled -}} - {{- if $redisHa.haproxy.enabled -}} - {{- printf "%s-redis-ha-haproxy" .Release.Name | trunc 63 | trimSuffix "-" -}} - {{- end -}} -{{- else -}} -{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.redis.name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - -{{/* -Create argocd server name and version as used by the chart label. -*/}} -{{- define "argo-cd.server.fullname" -}} -{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.server.name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create argocd repo-server name and version as used by the chart label. -*/}} -{{- define "argo-cd.repoServer.fullname" -}} -{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.repoServer.name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create the name of the controller service account to use -*/}} -{{- define "argo-cd.controllerServiceAccountName" -}} -{{- if .Values.controller.serviceAccount.create -}} - {{ default (include "argo-cd.fullname" .) .Values.controller.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.controller.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the dex service account to use -*/}} -{{- define "argo-cd.dexServiceAccountName" -}} -{{- if .Values.dex.serviceAccount.create -}} - {{ default (include "argo-cd.fullname" .) .Values.dex.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.dex.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the ArgoCD server service account to use -*/}} -{{- define "argo-cd.serverServiceAccountName" -}} -{{- if .Values.server.serviceAccount.create -}} - {{ default (include "argo-cd.fullname" .) .Values.server.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.server.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the repo-server service account to use -*/}} -{{- define "argo-cd.repoServerServiceAccountName" -}} -{{- if .Values.repoServer.serviceAccount.create -}} - {{ default (include "argo-cd.fullname" .) .Values.repoServer.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.repoServer.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "argo-cd.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml deleted file mode 100644 index 733f457..0000000 --- a/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if .Values.controller.clusterAdminAccess.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "argo-cd.controller.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }} - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: argocd - app.kubernetes.io/component: {{ .Values.controller.name }} -rules: -- apiGroups: - - '*' - resources: - - '*' - verbs: - - '*' -- nonResourceURLs: - - '*' - verbs: - - '*' -{{- end }} \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml deleted file mode 100644 index 26580a2..0000000 --- a/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.controller.clusterAdminAccess.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "argo-cd.controller.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }} - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: argocd - app.kubernetes.io/component: {{ .Values.controller.name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "argo-cd.controller.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ template "argo-cd.controllerServiceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/deployment.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/deployment.yaml deleted file mode 100755 index 9711908..0000000 --- a/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/deployment.yaml +++ /dev/null @@ -1,123 +0,0 @@ -{{- $redisHa := (index .Values "redis-ha") -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "argo-cd.controller.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }} - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: argocd - app.kubernetes.io/component: {{ .Values.controller.name }} - app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.controller.image.tag | quote }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-application-controller - app.kubernetes.io/instance: {{ .Release.Name }} - revisionHistoryLimit: 5 - replicas: 1 - template: - metadata: - {{- if .Values.controller.podAnnotations }} - annotations: - {{- range $key, $value := .Values.controller.podAnnotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }} - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: argocd - app.kubernetes.io/component: {{ .Values.controller.name }} - app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.controller.image.tag | quote }} - {{- if .Values.controller.podLabels }} -{{- toYaml .Values.controller.podLabels | nindent 8 }} - {{- end }} - spec: - {{- with .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if .Values.global.securityContext }} - securityContext: {{- toYaml .Values.global.securityContext | nindent 8 }} - {{- end }} - containers: - - command: - - argocd-application-controller - - --status-processors - - {{ .Values.controller.args.statusProcessors | quote }} - - --operation-processors - - {{ .Values.controller.args.operationProcessors | quote }} - - --repo-server - - {{ template "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }} - - --loglevel - - {{ .Values.controller.logLevel }} - {{- if or (and .Values.redis.enabled (not $redisHa.enabled)) (and $redisHa.enabled $redisHa.haproxy.enabled) }} - - --redis - - {{ template "argo-cd.redis.fullname" . }}:{{ .Values.redis.servicePort }} - {{- end }} - {{- with .Values.controller.extraArgs }} - {{- . | toYaml | nindent 8 }} - {{- end }} - image: {{ default .Values.global.image.repository .Values.controller.image.repository }}:{{ default .Values.global.image.tag .Values.controller.image.tag }} - imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.controller.image.imagePullPolicy }} - name: {{ .Values.controller.name }} - {{- if .Values.controller.containerSecurityContext }} - securityContext: {{- toYaml .Values.controller.containerSecurityContext | nindent 10 }} - {{- end }} - {{- if .Values.controller.env }} - env: -{{- toYaml .Values.controller.env | nindent 8 }} - {{- end }} - ports: - - name: controller - containerPort: {{ .Values.controller.containerPort }} - protocol: TCP - livenessProbe: - httpGet: - path: /healthz - port: {{ .Values.controller.containerPort }} - initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.controller.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }} - readinessProbe: - tcpSocket: - port: {{ .Values.controller.containerPort }} - initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.controller.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} -{{- if .Values.controller.volumeMounts }} - volumeMounts: -{{- toYaml .Values.controller.volumeMounts | nindent 10}} -{{- end }} - resources: -{{- toYaml .Values.controller.resources | nindent 10 }} - {{- if .Values.controller.nodeSelector }} - nodeSelector: -{{- toYaml .Values.controller.nodeSelector | nindent 8 }} - {{- end }} - {{- if .Values.controller.tolerations }} - tolerations: -{{- toYaml .Values.controller.tolerations | nindent 8 }} - {{- end }} - {{- if .Values.controller.affinity }} - affinity: -{{- toYaml .Values.controller.affinity | nindent 8 }} - {{- end }} - serviceAccountName: {{ template "argo-cd.controllerServiceAccountName" . }} -{{- with .Values.global.hostAliases }} - hostAliases: -{{ toYaml . | indent 6 }} -{{- end }} -{{- if .Values.controller.volumes }} - volumes: -{{- toYaml .Values.controller.volumes | nindent 8 }} -{{- end }} diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/metrics-service.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/metrics-service.yaml deleted file mode 100644 index aa1c6f8..0000000 --- a/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/metrics-service.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- if .Values.controller.metrics.enabled}} -apiVersion: v1 -kind: Service -metadata: -{{- if .Values.controller.metrics.service.annotations }} - annotations: - {{- range $key, $value := .Values.controller.metrics.service.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -{{- end }} - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-metrics - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: argocd - app.kubernetes.io/component: {{ .Values.controller.name }} -{{- if .Values.controller.metrics.service.labels }} -{{- toYaml .Values.controller.metrics.service.labels | nindent 4 }} -{{- end }} - name: {{ template "argo-cd.controller.fullname" . }}-metrics -spec: - ports: - - name: metrics - protocol: TCP - port: {{ .Values.controller.metrics.service.servicePort }} - targetPort: controller - selector: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }} -{{- end }} \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/prometheusrule.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/prometheusrule.yaml deleted file mode 100644 index 8d104f4..0000000 --- a/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/prometheusrule.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.rules.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ template "argo-cd.controller.fullname" . }} - {{- if .Values.controller.metrics.rules.namespace }} - namespace: {{ .Values.controller.metrics.rules.namespace }} - {{- end }} - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }} - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: argocd - app.kubernetes.io/component: {{ .Values.controller.name }} - {{- if .Values.controller.metrics.rules.selector }} -{{- toYaml .Values.controller.metrics.rules.selector | nindent 4 }} - {{- end }} - {{- if .Values.controller.metrics.rules.additionalLabels }} -{{- toYaml .Values.controller.metrics.rules.additionalLabels | nindent 4 }} - {{- end }} -spec: - groups: - - name: argocd - rules: -{{- toYaml .Values.controller.metrics.rules.spec | nindent 4 }} -{{- end }} diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/role.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/role.yaml deleted file mode 100644 index 4b0ec4f..0000000 --- a/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/role.yaml +++ /dev/null @@ -1,41 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "argo-cd.controller.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }} - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: argocd - app.kubernetes.io/component: {{ .Values.controller.name }} -rules: -- apiGroups: - - "" - resources: - - secrets - - configmaps - verbs: - - get - - list - - watch -- apiGroups: - - argoproj.io - resources: - - applications - - appprojects - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - list \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/rolebinding.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/rolebinding.yaml deleted file mode 100644 index a90ca9f..0000000 --- a/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/rolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "argo-cd.controller.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }} - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: argocd - app.kubernetes.io/component: {{ .Values.controller.name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "argo-cd.controller.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ template "argo-cd.controllerServiceAccountName" . }} - namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/service.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/service.yaml deleted file mode 100644 index 69f8ce5..0000000 --- a/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/service.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: -{{- if .Values.controller.service.annotations }} - annotations: - {{- range $key, $value := .Values.controller.service.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -{{- end }} - name: {{ template "argo-cd.controller.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }} - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: argocd - app.kubernetes.io/component: {{ .Values.controller.name }} -spec: - ports: - - name: {{ .Values.controller.service.portName }} - port: {{ .Values.controller.service.port }} - targetPort: {{ .Values.controller.containerPort }} - selector: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }} \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/serviceaccount.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/serviceaccount.yaml deleted file mode 100644 index b397d43..0000000 --- a/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/serviceaccount.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "argo-cd.controllerServiceAccountName" . }} - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }} - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: argocd - app.kubernetes.io/component: {{ .Values.controller.name }} \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml deleted file mode 100644 index 3fb538e..0000000 --- a/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "argo-cd.controller.fullname" . }} - {{- if .Values.controller.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.controller.metrics.serviceMonitor.namespace }} - {{- end }} - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }} - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: argocd - app.kubernetes.io/component: {{ .Values.controller.name }} - {{- if .Values.controller.metrics.serviceMonitor.selector }} -{{- toYaml .Values.controller.metrics.serviceMonitor.selector | nindent 4 }} - {{- end }} - {{- if .Values.controller.metrics.serviceMonitor.additionalLabels }} -{{- toYaml .Values.controller.metrics.serviceMonitor.additionalLabels | nindent 4 }} - {{- end }} -spec: - endpoints: - - port: metrics - interval: 30s - path: /metrics - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-metrics - app.kubernetes.io/component: {{ .Values.controller.name }} -{{- end }} - diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml deleted file mode 100644 index 8f83fd6..0000000 --- a/charts/kubezero/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: argocd-cm - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-cm - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: argocd - app.kubernetes.io/component: {{ .Values.server.name }} -data: -{{- toYaml .Values.server.config | nindent 4 }} \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml deleted file mode 100644 index a4b8e92..0000000 --- a/charts/kubezero/charts/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: argocd-rbac-cm - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-rbac-cm - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: argocd - app.kubernetes.io/component: {{ .Values.server.name }} -{{- if .Values.server.rbacConfig }} -data: -{{- toYaml .Values.server.rbacConfig | nindent 4 }} -{{- end }} \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml deleted file mode 100644 index efb8035..0000000 --- a/charts/kubezero/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml +++ /dev/null @@ -1,50 +0,0 @@ -{{- if .Values.configs.secret.createSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: argocd-secret - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-secret - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: argocd - app.kubernetes.io/component: {{ .Values.server.name }} - {{- if .Values.configs.secret.annotations }} - annotations: - {{- range $key, $value := .Values.configs.secret.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} -type: Opaque -{{- if or .Values.configs.secret.githubSecret (or .Values.configs.secret.gitlabSecret .Values.configs.secret.bitbucketUUID .Values.configs.secret.bitbucketServerSecret .Values.configs.secret.gogsSecret .Values.configs.secret.argocdServerAdminPassword .Values.configs.secret.argocdServerTlsConfig .Values.configs.secret.extra) }} -# Setting a blank data again will wipe admin password/key/cert -data: - {{- if .Values.configs.secret.githubSecret }} - webhook.github.secret: {{ .Values.configs.secret.githubSecret | b64enc }} - {{- end }} - {{- if .Values.configs.secret.gitlabSecret }} - webhook.gitlab.secret: {{ .Values.configs.secret.gitlabSecret | b64enc }} - {{- end }} - {{- if .Values.configs.secret.bitbucketServerSecret }} - webhook.bitbucketserver.secret: {{ .Values.configs.secret.bitbucketServerSecret | b64enc }} - {{- end }} - {{- if .Values.configs.secret.bitbucketUUID }} - webhook.bitbucket.uuid: {{ .Values.configs.secret.bitbucketUUID | b64enc }} - {{- end }} - {{- if .Values.configs.secret.gogsSecret }} - webhook.gogs.secret: {{ .Values.configs.secret.gogsSecret | b64enc }} - {{- end }} - {{- if .Values.configs.secret.argocdServerTlsConfig }} - tls.key: {{ .Values.configs.secret.argocdServerTlsConfig.key | b64enc }} - tls.crt: {{ .Values.configs.secret.argocdServerTlsConfig.crt | b64enc }} - {{- end }} - {{- if .Values.configs.secret.argocdServerAdminPassword }} - admin.password: {{ .Values.configs.secret.argocdServerAdminPassword | b64enc }} - admin.passwordMtime: {{ default (date "2006-01-02T15:04:05Z" now) .Values.configs.secret.argocdServerAdminPasswordMtime | b64enc }} - {{- end }} - {{- range $key, $value := .Values.configs.secret.extra }} - {{ $key }}: {{ $value | b64enc }} - {{- end }} -{{- end }} -{{- end }} diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml deleted file mode 100644 index cf42466..0000000 --- a/charts/kubezero/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -{{- toYaml .Values.configs.knownHosts | nindent 0 }} -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-ssh-known-hosts-cm - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: argocd - app.kubernetes.io/component: {{ .Values.server.name }} - name: argocd-ssh-known-hosts-cm \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml deleted file mode 100644 index e36fab5..0000000 --- a/charts/kubezero/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -{{- if .Values.configs.tlsCerts }} -{{- toYaml .Values.configs.tlsCerts | nindent 0 }} -{{- end }} -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-tls-certs-cm - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: argocd - app.kubernetes.io/component: {{ .Values.server.name }} - name: argocd-tls-certs-cm \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-repo-server/deployment.yaml deleted file mode 100755 index 9268cc6..0000000 --- a/charts/kubezero/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ /dev/null @@ -1,154 +0,0 @@ -{{- $redisHa := (index .Values "redis-ha") -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "argo-cd.repoServer.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }} - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: argocd - app.kubernetes.io/component: {{ .Values.repoServer.name }} - app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.repoServer.image.tag | quote }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }} - app.kubernetes.io/instance: {{ .Release.Name }} - revisionHistoryLimit: 5 - {{- if (ne .Values.repoServer.autoscaling.enabled true) }} - replicas: {{ .Values.repoServer.replicas }} - {{- end }} - template: - metadata: - {{- if .Values.repoServer.podAnnotations }} - annotations: - {{- range $key, $value := .Values.repoServer.podAnnotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }} - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: argocd - app.kubernetes.io/component: {{ .Values.repoServer.name }} - app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.repoServer.image.tag | quote }} - {{- if .Values.repoServer.podLabels }} -{{- toYaml .Values.repoServer.podLabels | nindent 8 }} - {{- end }} - spec: - {{- with .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if .Values.global.securityContext }} - securityContext: {{- toYaml .Values.global.securityContext | nindent 8 }} - {{- end }} - containers: - - name: {{ .Values.repoServer.name }} - image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default .Values.global.image.tag .Values.repoServer.image.tag }} - imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.repoServer.image.imagePullPolicy }} - command: - {{- if .Values.openshift.enabled }} - - uid_entrypoint.sh - {{- end }} - - argocd-repo-server - {{- if or (and .Values.redis.enabled (not $redisHa.enabled)) (and $redisHa.enabled $redisHa.haproxy.enabled) }} - - --redis - - {{ template "argo-cd.redis.fullname" . }}:{{ .Values.redis.servicePort }} - {{- end }} - - --loglevel - - {{ .Values.repoServer.logLevel }} - {{- with .Values.repoServer.extraArgs }} - {{- . | toYaml | nindent 8 }} - {{- end }} - {{- if .Values.repoServer.containerSecurityContext }} - securityContext: {{- toYaml .Values.repoServer.containerSecurityContext | nindent 10 }} - {{- end }} -{{- if or (.Values.repoServer.env) (.Values.openshift.enabled) }} - env: -{{- if .Values.repoServer.env }} -{{- toYaml .Values.repoServer.env | nindent 8 }} -{{- end }} -{{- if .Values.openshift.enabled }} - - name: USER_NAME - value: argocd -{{- end }} -{{- end }} - volumeMounts: - {{- if .Values.repoServer.volumeMounts }} -{{- toYaml .Values.repoServer.volumeMounts | nindent 8}} - {{- end }} - {{- if .Values.configs.knownHosts }} - - mountPath: /app/config/ssh - name: ssh-known-hosts - {{- end }} - {{- if .Values.configs.tlsCerts }} - - mountPath: /app/config/tls - name: tls-certs - {{- end }} - ports: - - name: repo-server - containerPort: {{ .Values.repoServer.containerPort }} - protocol: TCP - {{ if .Values.repoServer.metrics.enabled }} - - name: metrics - containerPort: 8084 - protocol: TCP - {{- end }} - livenessProbe: - tcpSocket: - port: {{ .Values.repoServer.containerPort }} - initialDelaySeconds: {{ .Values.repoServer.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.repoServer.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.repoServer.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.repoServer.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.repoServer.livenessProbe.failureThreshold }} - readinessProbe: - tcpSocket: - port: {{ .Values.repoServer.containerPort }} - initialDelaySeconds: {{ .Values.repoServer.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.repoServer.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.repoServer.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.repoServer.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.repoServer.readinessProbe.failureThreshold }} - resources: -{{- toYaml .Values.repoServer.resources | nindent 10 }} - {{- if .Values.repoServer.nodeSelector }} - nodeSelector: -{{- toYaml .Values.repoServer.nodeSelector | nindent 8 }} - {{- end }} - {{- if .Values.repoServer.tolerations }} - tolerations: -{{- toYaml .Values.repoServer.tolerations | nindent 8 }} - {{- end }} - {{- if .Values.repoServer.affinity }} - affinity: -{{- toYaml .Values.repoServer.affinity | nindent 8 }} - {{- end }} - serviceAccountName: {{ template "argo-cd.repoServerServiceAccountName" . }} -{{- with .Values.global.hostAliases }} - hostAliases: -{{ toYaml . | indent 6 }} -{{- end }} - volumes: - {{- if .Values.repoServer.volumes }} -{{- toYaml .Values.repoServer.volumes | nindent 6}} - {{- end }} - {{- if .Values.configs.knownHosts }} - - configMap: - name: argocd-ssh-known-hosts-cm - name: ssh-known-hosts - {{- end }} - {{- if .Values.configs.tlsCerts }} - - configMap: - name: argocd-tls-certs-cm - name: tls-certs - {{- end }} - {{- if .Values.repoServer.initContainers }} - initContainers: -{{- toYaml .Values.repoServer.initContainers | nindent 6 }} - {{- end }} diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-repo-server/hpa.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-repo-server/hpa.yaml deleted file mode 100644 index 103c995..0000000 --- a/charts/kubezero/charts/argo-cd/templates/argocd-repo-server/hpa.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if .Values.repoServer.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }}-hpa - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: argocd - app.kubernetes.io/component: {{ .Values.repoServer.name }} - name: {{ template "argo-cd.repoServer.fullname" . }}-hpa -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ template "argo-cd.repoServer.fullname" . }} - minReplicas: {{ .Values.repoServer.autoscaling.minReplicas }} - maxReplicas: {{ .Values.repoServer.autoscaling.maxReplicas }} - metrics: -{{- with .Values.repoServer.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ . }} -{{- end }} -{{- with .Values.repoServer.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ . }} -{{- end }} -{{- end }} diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-repo-server/metrics-service.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-repo-server/metrics-service.yaml deleted file mode 100644 index 99b8eb9..0000000 --- a/charts/kubezero/charts/argo-cd/templates/argocd-repo-server/metrics-service.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- if .Values.repoServer.metrics.enabled}} -apiVersion: v1 -kind: Service -metadata: -{{- if .Values.repoServer.metrics.service.annotations }} - annotations: - {{- range $key, $value := .Values.repoServer.metrics.service.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -{{- end }} - labels: - app.kubernetes.io/name: {{ template "argo-cd.repoServer.fullname" . }}-metrics - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: argocd - app.kubernetes.io/component: {{ .Values.repoServer.name }} -{{- if .Values.repoServer.metrics.service.labels }} -{{- toYaml .Values.repoServer.metrics.service.labels | nindent 4 }} -{{- end }} - name: {{ template "argo-cd.repoServer.fullname" . }}-metrics -spec: - ports: - - name: metrics - protocol: TCP - port: {{ .Values.repoServer.metrics.service.servicePort }} - targetPort: metrics - selector: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }} -{{- end }} \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-repo-server/repository-credentials-secret.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-repo-server/repository-credentials-secret.yaml deleted file mode 100644 index aed7700..0000000 --- a/charts/kubezero/charts/argo-cd/templates/argocd-repo-server/repository-credentials-secret.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.configs.repositoryCredentials }} -apiVersion: v1 -kind: Secret -metadata: - name: argocd-repository-credentials - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-secret - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: argocd - app.kubernetes.io/component: {{ .Values.server.name }} -type: Opaque -data: -{{- range $key, $value := .Values.configs.repositoryCredentials }} - {{ $key }}: {{ $value | b64enc }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-repo-server/role.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-repo-server/role.yaml deleted file mode 100644 index 9c902cc..0000000 --- a/charts/kubezero/charts/argo-cd/templates/argocd-repo-server/role.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.repoServer.serviceAccount.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "argo-cd.repoServer.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }} - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: argocd - app.kubernetes.io/component: {{ .Values.repoServer.name }} -rules: -{{- if .Values.repoServer.rbac }} -{{toYaml .Values.repoServer.rbac }} -{{- end }} -{{- end }} diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-repo-server/rolebinding.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-repo-server/rolebinding.yaml deleted file mode 100644 index 692b11e..0000000 --- a/charts/kubezero/charts/argo-cd/templates/argocd-repo-server/rolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.repoServer.serviceAccount.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "argo-cd.repoServer.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }} - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: argocd - app.kubernetes.io/component: {{ .Values.repoServer.name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "argo-cd.repoServer.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ template "argo-cd.repoServerServiceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-repo-server/service.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-repo-server/service.yaml deleted file mode 100644 index 169edd3..0000000 --- a/charts/kubezero/charts/argo-cd/templates/argocd-repo-server/service.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: -{{- if .Values.repoServer.service.annotations }} - annotations: - {{- range $key, $value := .Values.repoServer.service.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -{{- end }} - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }} - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: argocd - app.kubernetes.io/component: {{ .Values.repoServer.name }} - name: {{ template "argo-cd.repoServer.fullname" . }} -spec: - ports: - - name: {{ .Values.repoServer.service.portName }} - protocol: TCP - port: {{ .Values.repoServer.service.port }} - targetPort: repo-server - selector: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }} \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml deleted file mode 100644 index a0bae94..0000000 --- a/charts/kubezero/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.repoServer.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "argo-cd.repoServerServiceAccountName" . }} -{{- if .Values.repoServer.serviceAccount.annotations }} - annotations: - {{- range $key, $value := .Values.repoServer.serviceAccount.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -{{- end }} - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }} - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: argocd - app.kubernetes.io/component: {{ .Values.repoServer.name }} -{{- end }} \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml deleted file mode 100644 index c07769f..0000000 --- a/charts/kubezero/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{- if and .Values.repoServer.metrics.enabled .Values.repoServer.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "argo-cd.repoServer.fullname" . }} - {{- if .Values.repoServer.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.repoServer.metrics.serviceMonitor.namespace }} - {{- end }} - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }} - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: argocd - app.kubernetes.io/component: {{ .Values.repoServer.name }} - {{- if .Values.repoServer.metrics.serviceMonitor.selector }} -{{- toYaml .Values.repoServer.metrics.serviceMonitor.selector | nindent 4 }} - {{- end }} - {{- if .Values.repoServer.metrics.serviceMonitor.additionalLabels }} -{{- toYaml .Values.repoServer.metrics.serviceMonitor.additionalLabels | nindent 4 }} - {{- end }} -spec: - endpoints: - - port: metrics - interval: 30s - path: /metrics - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - selector: - matchLabels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ template "argo-cd.repoServer.fullname" . }}-metrics - app.kubernetes.io/component: {{ .Values.repoServer.name }} -{{- end }} - diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-server/applications.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-server/applications.yaml deleted file mode 100644 index 1b9d424..0000000 --- a/charts/kubezero/charts/argo-cd/templates/argocd-server/applications.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{- if .Values.server.additionalApplications }} -apiVersion: v1 -kind: List -items: -{{- range .Values.server.additionalApplications }} - - apiVersion: argoproj.io/v1alpha1 - kind: Application - metadata: - {{- if .additionalAnnotations }} - annotations: - {{- range $key, $value := .additionalAnnotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} - {{- if .additionalLabels }} - labels: -{{- toYaml .additionalLabels | nindent 8 }} - {{- end }} - name: {{ .name }} - {{- if .namespace }} - namespace: {{ .namespace }} - {{- end }} - {{- if .finalizers }} - finalizers: -{{- toYaml .finalizers | nindent 8 }} - {{- end }} - spec: - project: {{ tpl .project $ }} - source: -{{- toYaml .source | nindent 8 }} - destination: -{{- toYaml .destination | nindent 8 }} - {{- if .syncPolicy }} - syncPolicy: -{{- toYaml .syncPolicy | nindent 8 }} - {{- end }} - {{- if .ignoreDifferences }} - ignoreDifferences: -{{- toYaml .ignoreDifferences | nindent 8 }} - {{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-server/backendconfig.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-server/backendconfig.yaml deleted file mode 100644 index 279b348..0000000 --- a/charts/kubezero/charts/argo-cd/templates/argocd-server/backendconfig.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Values.server.GKEbackendConfig.enabled }} -apiVersion: cloud.google.com/v1beta1 -kind: BackendConfig -metadata: - name: {{ template "argo-cd.server.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }} - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: argocd - app.kubernetes.io/component: {{ .Values.server.name }} -spec: - {{- toYaml .Values.server.GKEbackendConfig.spec | nindent 2 }} -{{- end }} diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-server/certificate.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-server/certificate.yaml deleted file mode 100644 index be778be..0000000 --- a/charts/kubezero/charts/argo-cd/templates/argocd-server/certificate.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{- if .Values.server.certificate.enabled -}} -{{- if .Capabilities.APIVersions.Has "cert-manager.io/v1alpha3" }} -apiVersion: cert-manager.io/v1alpha3 -{{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1alpha2" }} -apiVersion: cert-manager.io/v1alpha2 -{{- else }} -apiVersion: certmanager.k8s.io/v1alpha1 -{{- end }} -kind: Certificate -metadata: - name: {{ template "argo-cd.server.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }} - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: argocd - app.kubernetes.io/component: {{ .Values.server.name }} -spec: - commonName: {{ .Values.server.certificate.domain | quote }} - dnsNames: - - {{ .Values.server.certificate.domain | quote }} - {{- range .Values.server.certificate.additionalHosts }} - - {{ . | quote }} - {{- end }} - issuerRef: - kind: {{ .Values.server.certificate.issuer.kind | quote }} - name: {{ .Values.server.certificate.issuer.name | quote }} - secretName: argocd-secret -{{- end }} diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-server/clusterrole.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-server/clusterrole.yaml deleted file mode 100644 index 4570454..0000000 --- a/charts/kubezero/charts/argo-cd/templates/argocd-server/clusterrole.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- if .Values.server.clusterAdminAccess.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "argo-cd.server.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }} - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: argocd - app.kubernetes.io/component: {{ .Values.server.name }} -rules: - - apiGroups: - - '*' - resources: - - '*' - verbs: - - delete - - get - - patch - - apiGroups: - - "" - resources: - - events - verbs: - - list - - apiGroups: - - "" - resources: - - pods - - pods/log - verbs: - - get -{{- end }} \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml deleted file mode 100644 index 3bbd5a0..0000000 --- a/charts/kubezero/charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.server.clusterAdminAccess.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "argo-cd.server.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }} - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: argocd - app.kubernetes.io/component: {{ .Values.server.name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "argo-cd.server.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ template "argo-cd.serverServiceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-server/deployment.yaml deleted file mode 100755 index d73e3df..0000000 --- a/charts/kubezero/charts/argo-cd/templates/argocd-server/deployment.yaml +++ /dev/null @@ -1,153 +0,0 @@ -{{- $redisHa := (index .Values "redis-ha") -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "argo-cd.server.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }} - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: argocd - app.kubernetes.io/component: {{ .Values.server.name }} - app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.server.image.tag | quote }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }} - app.kubernetes.io/instance: {{ .Release.Name }} - revisionHistoryLimit: 5 - {{- if (ne .Values.server.autoscaling.enabled true) }} - replicas: {{ .Values.server.replicas }} - {{- end }} - template: - metadata: - {{- if .Values.server.podAnnotations }} - annotations: - {{- range $key, $value := .Values.server.podAnnotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }} - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: argocd - app.kubernetes.io/component: {{ .Values.server.name }} - app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.server.image.tag | quote }} - {{- if .Values.server.podLabels }} -{{- toYaml .Values.server.podLabels | nindent 8 }} - {{- end }} - spec: - {{- with .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if .Values.global.securityContext }} - securityContext: {{- toYaml .Values.global.securityContext | nindent 8 }} - {{- end }} - containers: - - name: {{ .Values.server.name }} - image: {{ default .Values.global.image.repository .Values.server.image.repository }}:{{ default .Values.global.image.tag .Values.server.image.tag }} - imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.server.image.imagePullPolicy }} - command: - - argocd-server - - --staticassets - - /shared/app - - --repo-server - - {{ template "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }} - {{- if .Values.dex.enabled }} - - --dex-server - - http://{{ template "argo-cd.dex.fullname" . }}:{{ .Values.dex.servicePortHttp }} - {{- end }} - - --loglevel - - {{ .Values.server.logLevel }} - {{- if or (and .Values.redis.enabled (not $redisHa.enabled)) (and $redisHa.enabled $redisHa.haproxy.enabled) }} - - --redis - - {{ template "argo-cd.redis.fullname" . }}:{{ .Values.redis.servicePort }} - {{- end }} - {{- with .Values.server.extraArgs }} - {{- . | toYaml | nindent 8 }} - {{- end }} - {{- if .Values.server.containerSecurityContext }} - securityContext: {{- toYaml .Values.server.containerSecurityContext | nindent 10 }} - {{- end }} - {{- if .Values.server.env }} - env: -{{- toYaml .Values.server.env | nindent 8 }} - {{- end }} - volumeMounts: - {{- if .Values.server.volumeMounts }} -{{- toYaml .Values.server.volumeMounts | nindent 8}} - {{- end }} - {{- if .Values.configs.knownHosts }} - - mountPath: /app/config/ssh - name: ssh-known-hosts - {{- end }} - {{- if .Values.configs.tlsCerts }} - - mountPath: /app/config/tls - name: tls-certs - {{- end }} - ports: - - name: {{ .Values.server.name }} - containerPort: {{ .Values.server.containerPort }} - protocol: TCP - {{ if .Values.server.metrics.enabled }} - - name: metrics - containerPort: 8083 - protocol: TCP - {{- end }} - livenessProbe: - httpGet: - path: /healthz - port: {{ .Values.server.containerPort }} - initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.server.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }} - readinessProbe: - httpGet: - path: /healthz - port: {{ .Values.server.containerPort }} - initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.server.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }} - resources: -{{- toYaml .Values.server.resources | nindent 10 }} - {{- if .Values.server.nodeSelector }} - nodeSelector: -{{- toYaml .Values.server.nodeSelector | nindent 8 }} - {{- end }} - {{- if .Values.server.tolerations }} - tolerations: -{{- toYaml .Values.server.tolerations | nindent 8 }} - {{- end }} - {{- if .Values.server.affinity }} - affinity: -{{- toYaml .Values.server.affinity | nindent 8 }} - {{- end }} - serviceAccountName: {{ template "argo-cd.serverServiceAccountName" . }} -{{- with .Values.global.hostAliases }} - hostAliases: -{{ toYaml . | indent 6 }} -{{- end }} - volumes: - {{- if .Values.server.volumes }} -{{- toYaml .Values.server.volumes | nindent 6}} - {{- end }} - - emptyDir: {} - name: static-files - {{- if .Values.configs.knownHosts }} - - configMap: - name: argocd-ssh-known-hosts-cm - name: ssh-known-hosts - {{- end }} - {{- if .Values.configs.tlsCerts }} - - configMap: - name: argocd-tls-certs-cm - name: tls-certs - {{- end }} diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-server/hpa.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-server/hpa.yaml deleted file mode 100644 index be947ef..0000000 --- a/charts/kubezero/charts/argo-cd/templates/argocd-server/hpa.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if .Values.server.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}-hpa - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: argocd - app.kubernetes.io/component: {{ .Values.server.name }} - name: {{ template "argo-cd.server.fullname" . }}-hpa -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ template "argo-cd.server.fullname" . }} - minReplicas: {{ .Values.server.autoscaling.minReplicas }} - maxReplicas: {{ .Values.server.autoscaling.maxReplicas }} - metrics: -{{- with .Values.server.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ . }} -{{- end }} -{{- with .Values.server.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ . }} -{{- end }} -{{- end }} diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-server/ingress.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-server/ingress.yaml deleted file mode 100644 index df2f93c..0000000 --- a/charts/kubezero/charts/argo-cd/templates/argocd-server/ingress.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- if .Values.server.ingress.enabled -}} -{{- $serviceName := include "argo-cd.server.fullname" . -}} -{{- $servicePort := .Values.server.service.servicePortHttp -}} -{{- $paths := .Values.server.ingress.paths -}} -{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} -apiVersion: networking.k8s.io/v1beta1 -{{ else }} -apiVersion: extensions/v1beta1 -{{ end -}} -kind: Ingress -metadata: -{{- if .Values.server.ingress.annotations }} - annotations: - {{- range $key, $value := .Values.server.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -{{- end }} - name: {{ template "argo-cd.server.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }} - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: argocd - app.kubernetes.io/component: {{ .Values.server.name }} -{{- if .Values.server.ingress.labels }} -{{- toYaml .Values.server.ingress.labels | nindent 4 }} -{{- end }} -spec: - rules: - {{- if .Values.server.ingress.hosts }} - {{- range $host := .Values.server.ingress.hosts }} - - host: {{ $host }} - http: - paths: - {{- range $p := $paths }} - - path: {{ $p }} - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end -}} - {{- end -}} - {{- else }} - - http: - paths: - {{- range $p := $paths }} - - path: {{ $p }} - backend: - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end -}} - {{- end -}} - {{- if .Values.server.ingress.tls }} - tls: -{{- toYaml .Values.server.ingress.tls | nindent 4 }} - {{- end -}} -{{- end -}} \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-server/metrics-service.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-server/metrics-service.yaml deleted file mode 100644 index 44b8b1e..0000000 --- a/charts/kubezero/charts/argo-cd/templates/argocd-server/metrics-service.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- if .Values.server.metrics.enabled }} -apiVersion: v1 -kind: Service -metadata: - {{- if .Values.server.metrics.service.annotations }} - annotations: - {{- range $key, $value := .Values.server.metrics.service.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -{{- end }} - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}-metrics - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: argocd - app.kubernetes.io/component: {{ .Values.server.name }} -{{- if .Values.server.metrics.service.labels }} -{{- toYaml .Values.server.metrics.service.labels | nindent 4 }} -{{- end }} - name: {{ template "argo-cd.server.fullname" . }}-metrics -spec: - ports: - - name: metrics - protocol: TCP - port: {{ .Values.server.metrics.service.servicePort }} - targetPort: metrics - selector: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }} -{{- end }} \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-server/projects.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-server/projects.yaml deleted file mode 100644 index b48e12c..0000000 --- a/charts/kubezero/charts/argo-cd/templates/argocd-server/projects.yaml +++ /dev/null @@ -1,46 +0,0 @@ -{{- if .Values.server.additionalProjects }} -apiVersion: v1 -kind: List -items: -{{- range .Values.server.additionalProjects }} - - apiVersion: argoproj.io/v1alpha1 - kind: AppProject - metadata: - {{- if .additionalAnnotations }} - annotations: - {{- range $key, $value := .additionalAnnotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} - {{- if .additionalLabels }} - labels: -{{- toYaml .additionalLabels | nindent 8 }} - {{- end }} - name: {{ .name }} - {{- if .namespace }} - namespace: {{ .namespace }} - {{- end }} - spec: - description: {{ .description }} - sourceRepos: -{{- toYaml .sourceRepos | nindent 8 }} - destinations: -{{- toYaml .destinations | nindent 8 }} - {{- if .clusterResourceWhitelist }} - clusterResourceWhitelist: -{{- toYaml .clusterResourceWhitelist | nindent 8 }} - {{- end }} - {{- if .namespaceResourceBlacklist }} - namespaceResourceBlacklist: -{{- toYaml .namespaceResourceBlacklist | nindent 8 }} - {{- end }} - {{- if .orphanedResources }} - orphanedResources: -{{- toYaml .orphanedResources | nindent 8 }} - {{- end }} - {{- if .roles }} - roles: -{{- toYaml .roles | nindent 8 }} - {{- end }} -{{- end }} -{{- end }} diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-server/role.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-server/role.yaml deleted file mode 100644 index 4b7fe6d..0000000 --- a/charts/kubezero/charts/argo-cd/templates/argocd-server/role.yaml +++ /dev/null @@ -1,45 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "argo-cd.server.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }} - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: argocd - app.kubernetes.io/component: {{ .Values.server.name }} -rules: -- apiGroups: - - "" - resources: - - secrets - - configmaps - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -- apiGroups: - - argoproj.io - resources: - - applications - - appprojects - verbs: - - create - - get - - list - - watch - - update - - delete - - patch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - list \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-server/rolebinding.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-server/rolebinding.yaml deleted file mode 100644 index 37bf10b..0000000 --- a/charts/kubezero/charts/argo-cd/templates/argocd-server/rolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "argo-cd.server.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }} - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: argocd - app.kubernetes.io/component: {{ .Values.server.name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "argo-cd.server.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ template "argo-cd.serverServiceAccountName" . }} - namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-server/route.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-server/route.yaml deleted file mode 100644 index 775a0a2..0000000 --- a/charts/kubezero/charts/argo-cd/templates/argocd-server/route.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- if .Values.server.route.enabled -}} -apiVersion: route.openshift.io/v1 -kind: Route -metadata: - name: {{ template "argo-cd.server.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }} - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: argocd - app.kubernetes.io/component: {{ .Values.server.name }} -{{- with .Values.server.route.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} -spec: - host: {{ .Values.server.route.hostname | quote }} - to: - kind: Service - name: {{ template "argo-cd.server.fullname" . }} - weight: 100 - port: - targetPort: https - tls: - termination: {{ .Values.server.route.termination_type | default "passthrough" }} - insecureEdgeTerminationPolicy: {{ .Values.server.route.termination_policy | default "None" }} - wildcardPolicy: None -status: - ingress: [] -{{- end }} diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-server/service.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-server/service.yaml deleted file mode 100644 index 396b0c0..0000000 --- a/charts/kubezero/charts/argo-cd/templates/argocd-server/service.yaml +++ /dev/null @@ -1,43 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: -{{- if .Values.server.service.annotations }} - annotations: - {{- range $key, $value := .Values.server.service.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -{{- end }} - name: {{ template "argo-cd.server.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }} - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: argocd - app.kubernetes.io/component: {{ .Values.server.name }} -{{- if .Values.server.service.labels }} -{{- toYaml .Values.server.service.labels | nindent 4 }} -{{- end }} -spec: - type: {{ .Values.server.service.type }} - ports: - - name: {{ .Values.server.service.servicePortHttpName }} - protocol: TCP - port: {{ .Values.server.service.servicePortHttp }} - targetPort: {{ .Values.server.name }} - - name: {{ .Values.server.service.servicePortHttpsName }} - protocol: TCP - port: {{ .Values.server.service.servicePortHttps }} - targetPort: {{ .Values.server.name }} - selector: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }} -{{- if eq .Values.server.service.type "LoadBalancer" }} -{{- if .Values.server.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.server.service.loadBalancerIP | quote }} -{{- end }} -{{- if .Values.server.service.loadBalancerSourceRanges }} - loadBalancerSourceranges: -{{ toYaml .Values.server.service.loadBalancerSourceRanges | indent 4 }} -{{- end }} -{{- end -}} diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-server/serviceaccount.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-server/serviceaccount.yaml deleted file mode 100644 index 08f11d0..0000000 --- a/charts/kubezero/charts/argo-cd/templates/argocd-server/serviceaccount.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "argo-cd.serverServiceAccountName" . }} - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }} - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: argocd - app.kubernetes.io/component: {{ .Values.server.name }} \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-server/servicemonitor.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-server/servicemonitor.yaml deleted file mode 100644 index b680b4c..0000000 --- a/charts/kubezero/charts/argo-cd/templates/argocd-server/servicemonitor.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{- if and .Values.server.metrics.enabled .Values.server.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "argo-cd.server.fullname" . }} - {{- if .Values.server.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.server.metrics.serviceMonitor.namespace }} - {{- end }} - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }} - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: argocd - app.kubernetes.io/component: {{ .Values.server.name }} - {{- if .Values.server.metrics.serviceMonitor.selector }} -{{- toYaml .Values.server.metrics.serviceMonitor.selector | nindent 4 }} - {{- end }} - {{- if .Values.server.metrics.serviceMonitor.additionalLabels }} -{{- toYaml .Values.server.metrics.serviceMonitor.additionalLabels | nindent 4 }} - {{- end }} -spec: - endpoints: - - port: metrics - interval: 30s - path: /metrics - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - selector: - matchLabels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}-metrics - app.kubernetes.io/component: {{ .Values.server.name }} -{{- end }} - diff --git a/charts/kubezero/charts/argo-cd/templates/crds.yaml b/charts/kubezero/charts/argo-cd/templates/crds.yaml deleted file mode 100644 index 45ab72d..0000000 --- a/charts/kubezero/charts/argo-cd/templates/crds.yaml +++ /dev/null @@ -1,6 +0,0 @@ -{{- if .Values.installCRDs }} -{{- range $path, $_ := .Files.Glob "crds/*.yaml" }} -{{ $.Files.Get $path }} ---- -{{- end }} -{{- end }} diff --git a/charts/kubezero/charts/argo-cd/templates/dex/deployment.yaml b/charts/kubezero/charts/argo-cd/templates/dex/deployment.yaml deleted file mode 100755 index d2fde3e..0000000 --- a/charts/kubezero/charts/argo-cd/templates/dex/deployment.yaml +++ /dev/null @@ -1,106 +0,0 @@ -{{- if .Values.dex.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "argo-cd.dex.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.dex.name }} - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: argocd - app.kubernetes.io/component: {{ .Values.dex.name }} - app.kubernetes.io/version: {{ .Values.dex.image.tag }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.dex.name }} - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - {{- if .Values.dex.podAnnotations }} - annotations: - {{- range $key, $value := .Values.dex.podAnnotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.dex.name }} - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: argocd - app.kubernetes.io/component: {{ .Values.dex.name }} - app.kubernetes.io/version: {{ .Values.dex.image.tag }} - {{- if .Values.dex.podLabels }} -{{- toYaml .Values.dex.podLabels | nindent 8 }} - {{- end }} - spec: - {{- with .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if .Values.global.securityContext }} - securityContext: {{- toYaml .Values.global.securityContext | nindent 8 }} - {{- end }} - initContainers: - - name: copyutil - image: {{ default .Values.global.image.repository .Values.dex.initImage.repository }}:{{ default .Values.global.image.tag .Values.dex.initImage.tag }} - imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.dex.initImage.imagePullPolicy }} - resources: -{{- toYaml .Values.dex.resources | nindent 10 }} - {{- if .Values.dex.containerSecurityContext }} - securityContext: {{- toYaml .Values.dex.containerSecurityContext | nindent 10 }} - {{- end }} - command: - - cp - - /usr/local/bin/argocd-util - - /shared - volumeMounts: - - mountPath: /shared - name: static-files - containers: - - name: {{ .Values.dex.name }} - image: {{ .Values.dex.image.repository }}:{{ .Values.dex.image.tag }} - imagePullPolicy: {{ .Values.dex.image.imagePullPolicy }} - command: - - /shared/argocd-util - - rundex - {{- if .Values.dex.containerSecurityContext }} - securityContext: {{- toYaml .Values.dex.containerSecurityContext | nindent 10 }} - {{- end }} - {{- if .Values.dex.env }} - env: -{{- toYaml .Values.dex.env | nindent 8 }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.dex.containerPortHttp }} - protocol: TCP - - name: grpc - containerPort: {{ .Values.dex.containerPortGrpc }} - protocol: TCP -{{- if .Values.dex.volumeMounts }} - volumeMounts: -{{- toYaml .Values.dex.volumeMounts | nindent 10 }} -{{- end }} - resources: -{{- toYaml .Values.dex.resources | nindent 10 }} - {{- if .Values.dex.nodeSelector }} - nodeSelector: -{{- toYaml .Values.dex.nodeSelector | nindent 8 }} - {{- end }} - {{- if .Values.dex.tolerations }} - tolerations: -{{- toYaml .Values.dex.tolerations | nindent 8 }} - {{- end }} - {{- if .Values.dex.affinity }} - affinity: -{{- toYaml .Values.dex.affinity | nindent 8 }} - {{- end }} - serviceAccountName: {{ template "argo-cd.dexServiceAccountName" . }} -{{- if .Values.dex.volumes }} - volumes: -{{- toYaml .Values.dex.volumes | nindent 8}} -{{- end }} -{{- end }} diff --git a/charts/kubezero/charts/argo-cd/templates/dex/role.yaml b/charts/kubezero/charts/argo-cd/templates/dex/role.yaml deleted file mode 100644 index e2eca1c..0000000 --- a/charts/kubezero/charts/argo-cd/templates/dex/role.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.dex.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "argo-cd.dex.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.dex.name }} - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: argocd - app.kubernetes.io/component: {{ .Values.dex.name }} -rules: -- apiGroups: - - "" - resources: - - secrets - - configmaps - verbs: - - get - - list - - watch -{{- end }} \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/dex/rolebinding.yaml b/charts/kubezero/charts/argo-cd/templates/dex/rolebinding.yaml deleted file mode 100644 index 54311e7..0000000 --- a/charts/kubezero/charts/argo-cd/templates/dex/rolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.dex.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "argo-cd.dex.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.dex.name }} - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: argocd - app.kubernetes.io/component: {{ .Values.dex.name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "argo-cd.dex.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ template "argo-cd.dexServiceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/dex/service.yaml b/charts/kubezero/charts/argo-cd/templates/dex/service.yaml deleted file mode 100644 index cb5ec3f..0000000 --- a/charts/kubezero/charts/argo-cd/templates/dex/service.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if .Values.dex.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "argo-cd.dex.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.dex.name }} - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: argocd - app.kubernetes.io/component: {{ .Values.dex.name }} -spec: - ports: - - name: http - protocol: TCP - port: {{ .Values.dex.servicePortHttp }} - targetPort: http - - name: grpc - protocol: TCP - port: {{ .Values.dex.servicePortGrpc }} - targetPort: grpc - selector: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.dex.name }} - app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/dex/serviceaccount.yaml b/charts/kubezero/charts/argo-cd/templates/dex/serviceaccount.yaml deleted file mode 100644 index 4df9ca5..0000000 --- a/charts/kubezero/charts/argo-cd/templates/dex/serviceaccount.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Values.dex.enabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "argo-cd.dexServiceAccountName" . }} - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.dex.name }} - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: argocd - app.kubernetes.io/component: {{ .Values.dex.name }} -{{- end }} \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/redis/deployment.yaml b/charts/kubezero/charts/argo-cd/templates/redis/deployment.yaml deleted file mode 100755 index 7531f6d..0000000 --- a/charts/kubezero/charts/argo-cd/templates/redis/deployment.yaml +++ /dev/null @@ -1,88 +0,0 @@ -{{- $redisHa := (index .Values "redis-ha") -}} -{{- if and .Values.redis.enabled (not $redisHa.enabled) -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "argo-cd.redis.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.redis.name }} - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: argocd - app.kubernetes.io/component: {{ .Values.redis.name }} - app.kubernetes.io/version: {{ .Values.redis.image.tag }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.redis.name }} - template: - metadata: - {{- if .Values.redis.podAnnotations }} - annotations: - {{- range $key, $value := .Values.redis.podAnnotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.redis.name }} - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: argocd - app.kubernetes.io/component: {{ .Values.redis.name }} - app.kubernetes.io/version: {{ .Values.redis.image.tag }} - {{- if .Values.redis.podLabels }} -{{- toYaml .Values.redis.podLabels | nindent 8 }} - {{- end }} - spec: - {{- with .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - automountServiceAccountToken: false - {{- if .Values.global.securityContext }} - securityContext: {{- toYaml .Values.global.securityContext | nindent 8 }} - {{- end }} - containers: - - name: {{ template "argo-cd.redis.fullname" . }} - args: - - --save - - "" - - --appendonly - - "no" - image: {{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }} - imagePullPolicy: {{ .Values.redis.image.imagePullPolicy}} - {{- if .Values.redis.containerSecurityContext }} - securityContext: {{- toYaml .Values.redis.containerSecurityContext | nindent 10 }} - {{- end }} - {{- if .Values.redis.env }} - env: -{{- toYaml .Values.redis.env | nindent 8 }} - {{- end }} - ports: - - containerPort: {{ .Values.redis.containerPort }} -{{- if .Values.redis.volumeMounts }} - - volumeMounts: -{{- toYaml .Values.redis.volumeMounts | nindent 10 }} -{{- end }} - resources: -{{- toYaml .Values.redis.resources | nindent 10 }} - {{- if .Values.redis.nodeSelector }} - nodeSelector: -{{- toYaml .Values.redis.nodeSelector | nindent 8 }} - {{- end }} - {{- if .Values.redis.tolerations }} - tolerations: -{{- toYaml .Values.redis.tolerations | nindent 8 }} - {{- end }} - {{- if .Values.redis.affinity }} - affinity: -{{- toYaml .Values.redis.affinity | nindent 8 }} - {{- end }} -{{- if .Values.redis.volumes }} - volumes: -{{- toYaml .Values.redis.volumes | nindent 8}} -{{- end }} -{{- end }} diff --git a/charts/kubezero/charts/argo-cd/templates/redis/service.yaml b/charts/kubezero/charts/argo-cd/templates/redis/service.yaml deleted file mode 100644 index 7916edb..0000000 --- a/charts/kubezero/charts/argo-cd/templates/redis/service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- $redisHa := (index .Values "redis-ha") -}} -{{- if and .Values.redis.enabled (not $redisHa.enabled) -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "argo-cd.redis.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.redis.name }} - helm.sh/chart: {{ include "argo-cd.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/part-of: argocd - app.kubernetes.io/component: {{ .Values.redis.name }} -spec: - ports: - - port: {{ .Values.redis.servicePort }} - targetPort: {{ .Values.redis.servicePort }} - selector: - app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.redis.name }} -{{- end }} \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/values.yaml b/charts/kubezero/charts/argo-cd/values.yaml deleted file mode 100755 index 7b459a7..0000000 --- a/charts/kubezero/charts/argo-cd/values.yaml +++ /dev/null @@ -1,830 +0,0 @@ -## ArgoCD configuration -## Ref: https://github.com/argoproj/argo-cd -## -nameOverride: argocd -fullnameOverride: "" - -# Optional CRD installation for those without Helm hooks -installCRDs: true - -global: - image: - repository: argoproj/argocd - tag: v1.5.2 - imagePullPolicy: IfNotPresent - securityContext: {} - # runAsUser: 999 - # runAsGroup: 999 - # fsGroup: 999 - imagePullSecrets: [] - hostAliases: [] - # - ip: 10.20.30.40 - # hostnames: - # - git.myhostname - -## Controller -controller: - name: application-controller - - image: - repository: # argoproj/argocd - tag: # v1.5.2 - imagePullPolicy: # IfNotPresent - - ## Argo controller commandline flags - args: - statusProcessors: "20" - operationProcessors: "10" - - ## Argo controller log level - logLevel: info - - ## Additional command line arguments to pass to argocd-controller - ## - extraArgs: [] - - ## Environment variables to pass to argocd-controller - ## - env: [] - - ## Annotations to be added to controller pods - ## - podAnnotations: {} - - ## Labels to be added to controller pods - ## - podLabels: {} - - ## Labels to set container specific security contexts - containerSecurityContext: {} - # capabilities: - # drop: - # - all - - ## Configures the controller port - containerPort: 8082 - - ## Readiness and liveness probes for default backend - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ - ## - readinessProbe: - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - livenessProbe: - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - - ## Additional volumeMounts to the controller main container. - volumeMounts: [] - - ## Additional volumes to the controller pod. - volumes: [] - - ## Controller service configuration - service: - annotations: {} - labels: {} - port: 8082 - portName: https-controller - - ## Node selectors and tolerations for server scheduling to nodes with taints - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - ## - nodeSelector: {} - tolerations: [] - affinity: {} - - priorityClassName: "" - - resources: {} - # limits: - # cpu: 500m - # memory: 512Mi - # requests: - # cpu: 250m - # memory: 256Mi - - serviceAccount: - create: true - name: argocd-application-controller - - ## Server metrics controller configuration - metrics: - enabled: false - service: - annotations: {} - labels: {} - servicePort: 8082 - serviceMonitor: - enabled: false - # selector: - # prometheus: kube-prometheus - # namespace: monitoring - # additionalLabels: {} - rules: - enabled: false - spec: [] - # - alert: ArgoAppMissing - # expr: | - # absent(argocd_app_info) - # for: 15m - # labels: - # severity: critical - # annotations: - # summary: "[ArgoCD] No reported applications" - # description: > - # ArgoCD has not reported any applications data for the past 15 minutes which - # means that it must be down or not functioning properly. This needs to be - # resolved for this cloud to continue to maintain state. - # - alert: ArgoAppNotSynced - # expr: | - # argocd_app_sync_status{sync_status!="Synced"} == 1 - # for: 12h - # labels: - # severity: warning - # annotations: - # summary: "[{{`{{$labels.name}}`}}] Application not synchronized" - # description: > - # The application [{{`{{$labels.name}}`}} has not been synchronized for over - # 12 hours which means that the state of this cloud has drifted away from the - # state inside Git. - # selector: - # prometheus: kube-prometheus - # namespace: monitoring - # additionalLabels: {} - - ## Enable Admin ClusterRole resources. - ## Enable if you would like to grant rights to ArgoCD to deploy to the local kuberentes cluster. - clusterAdminAccess: - enabled: true - -## Dex -dex: - enabled: true - name: dex-server - - image: - repository: quay.io/dexidp/dex - tag: v2.22.0 - imagePullPolicy: IfNotPresent - initImage: - repository: - tag: - imagePullPolicy: - - ## Environment variables to pass to the Dex server - ## - env: [] - - ## Annotations to be added to the Dex server pods - ## - podAnnotations: {} - - ## Labels to be added to the Dex server pods - ## - podLabels: {} - - serviceAccount: - create: true - name: argocd-dex-server - - ## Additional volumeMounts to the controller main container. - volumeMounts: - - name: static-files - mountPath: /shared - - ## Additional volumes to the controller pod. - volumes: - - name: static-files - emptyDir: {} - - ## Dex deployment container ports - containerPortHttp: 5556 - servicePortHttp: 5556 - containerPortGrpc: 5557 - servicePortGrpc: 5557 - - ## Node selectors and tolerations for server scheduling to nodes with taints - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - ## - nodeSelector: {} - tolerations: [] - affinity: {} - - priorityClassName: "" - - ## Labels to set container specific security contexts - containerSecurityContext: {} - # capabilities: - # drop: - # - all - - - resources: {} - # limits: - # cpu: 50m - # memory: 64Mi - # requests: - # cpu: 10m - # memory: 32Mi - -## Redis -redis: - enabled: true - name: redis - - image: - repository: redis - tag: 5.0.3 - imagePullPolicy: IfNotPresent - - containerPort: 6379 - servicePort: 6379 - - ## Environment variables to pass to the Redis server - ## - env: [] - - ## Annotations to be added to the Redis server pods - ## - podAnnotations: {} - - ## Labels to be added to the Redis server pods - ## - podLabels: {} - - ## Node selectors and tolerations for server scheduling to nodes with taints - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - ## - nodeSelector: {} - tolerations: [] - affinity: {} - - priorityClassName: "" - - ## Labels to set container specific security contexts - containerSecurityContext: {} - # capabilities: - # drop: - # - all - - - resources: {} - # limits: - # cpu: 200m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 64Mi - - volumeMounts: [] - volumes: [] - -# This key configures Redis-HA subchart and when enabled (redis-ha.enabled=true) -# the custom redis deployment is omitted -redis-ha: - enabled: false - # Check the redis-ha chart for more properties - exporter: - enabled: true - persistentVolume: - enabled: false - redis: - masterGroupName: argocd - config: - save: "\"\"" - haproxy: - enabled: true - metrics: - enabled: true - -## Server -server: - name: server - - replicas: 1 - - autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 5 - targetCPUUtilizationPercentage: 50 - targetMemoryUtilizationPercentage: 50 - - image: - repository: # argoproj/argocd - tag: # v1.5.2 - imagePullPolicy: # IfNotPresent - - ## Additional command line arguments to pass to argocd-server - ## - extraArgs: [] - # - --insecure - - ## Environment variables to pass to argocd-server - ## - env: [] - - ## Argo server log level - logLevel: info - - ## Annotations to be added to controller pods - ## - podAnnotations: {} - - ## Labels to be added to controller pods - ## - podLabels: {} - - ## Configures the server port - containerPort: 8080 - - ## Readiness and liveness probes for default backend - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ - ## - readinessProbe: - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - livenessProbe: - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - - ## Additional volumeMounts to the server main container. - volumeMounts: [] - - ## Additional volumes to the controller pod. - volumes: [] - - ## Node selectors and tolerations for server scheduling to nodes with taints - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - ## - nodeSelector: {} - tolerations: [] - affinity: {} - - priorityClassName: "" - - ## Labels to set container specific security contexts - containerSecurityContext: {} - # capabilities: - # drop: - # - all - - resources: {} - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 50m - # memory: 64Mi - - ## Certificate configuration - certificate: - enabled: false - domain: argocd.example.com - issuer: {} - additionalHosts: [] - - ## Server service configuration - service: - annotations: {} - labels: {} - type: ClusterIP - servicePortHttp: 80 - servicePortHttps: 443 - servicePortHttpName: http - servicePortHttpsName: https - loadBalancerIP: "" - loadBalancerSourceRanges: [] - - ## Server metrics service configuration - metrics: - enabled: false - service: - annotations: {} - labels: {} - servicePort: 8083 - serviceMonitor: - enabled: false - # selector: - # prometheus: kube-prometheus - # namespace: monitoring - # additionalLabels: {} - - serviceAccount: - create: true - name: argocd-server - - ingress: - enabled: false - annotations: {} - labels: {} - - ## Argo Ingress. - ## Hostnames must be provided if Ingress is enabled. - ## Secrets must be manually created in the namespace - ## - hosts: - [] - # - argocd.example.com - paths: - - / - tls: - [] - # - secretName: argocd-example-tls - # hosts: - # - argocd.example.com - - # Create a OpenShift Route with SSL passthrough for UI and CLI - # Consider setting 'hostname' e.g. https://argocd.apps-crc.testing/ using your Default Ingress Controller Domain - # Find your domain with: kubectl describe --namespace=openshift-ingress-operator ingresscontroller/default | grep Domain: - # If 'hostname' is an empty string "" OpenShift will create a hostname for you. - route: - enabled: false - hostname: "" - - ## ArgoCD config - ## reference https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cm.yaml - config: - # Argo CD's externally facing base URL (optional). Required when configuring SSO - url: https://argocd.example.com - # Argo CD instance label key - application.instanceLabelKey: argocd.argoproj.io/instance - # repositories: | - # - url: git@github.com:group/repo.git - # sshPrivateKeySecret: - # name: secret-name - # key: sshPrivateKey - # - type: helm - # url: https://kubernetes-charts.storage.googleapis.com - # name: stable - # - type: helm - # url: https://argoproj.github.io/argo-helm - # name: argo - # oidc.config: | - # name: AzureAD - # issuer: https://login.microsoftonline.com/TENANT_ID/v2.0 - # clientID: CLIENT_ID - # clientSecret: $oidc.azuread.clientSecret - # requestedIDTokenClaims: - # groups: - # essential: true - # requestedScopes: - # - openid - # - profile - # - email - - ## ArgoCD rbac config - ## reference https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md - rbacConfig: - {} - # policy.csv is an file containing user-defined RBAC policies and role definitions (optional). - # Policy rules are in the form: - # p, subject, resource, action, object, effect - # Role definitions and bindings are in the form: - # g, subject, inherited-subject - # See https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md for additional information. - # policy.csv: | - # # Grant all members of the group 'my-org:team-alpha; the ability to sync apps in 'my-project' - # p, my-org:team-alpha, applications, sync, my-project/*, allow - # # Grant all members of 'my-org:team-beta' admins - # g, my-org:team-beta, role:admin - # policy.default is the name of the default role which Argo CD will falls back to, when - # authorizing API requests (optional). If omitted or empty, users may be still be able to login, - # but will see no apps, projects, etc... - # policy.default: role:readonly - # scopes controls which OIDC scopes to examine during rbac enforcement (in addition to `sub` scope). - # If omitted, defaults to: '[groups]'. The scope value can be a string, or a list of strings. - # scopes: '[cognito:groups, email]' - - ## Not well tested and not well supported on release v1.0.0. - ## Applications - ## reference: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ - additionalApplications: [] - # - name: guestbook - # namespace: argocd - # additionalLabels: {} - # additionalAnnotations: {} - # project: guestbook - # source: - # repoURL: https://github.com/argoproj/argocd-example-apps.git - # targetRevision: HEAD - # path: guestbook - # directory: - # recurse: true - # destination: - # server: https://kubernetes.default.svc - # namespace: guestbook - # syncPolicy: - # automated: - # prune: false - # selfHeal: false - - ## Projects - ## reference: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ - additionalProjects: [] - # - name: guestbook - # namespace: argocd - # additionalLabels: {} - # additionalAnnotations: {} - # description: Example Project - # sourceRepos: - # - '*' - # destinations: - # - namespace: guestbook - # server: https://kubernetes.default.svc - # clusterResourceWhitelist: [] - # namespaceResourceBlacklist: - # - group: '' - # kind: ResourceQuota - # - group: '' - # kind: LimitRange - # - group: '' - # kind: NetworkPolicy - # orphanedResources: {} - # roles: [] - # orphanedResources: {} - # roles: [] - - ## Enable Admin ClusterRole resources. - ## Enable if you would like to grant rights to ArgoCD to deploy to the local kuberentes cluster. - clusterAdminAccess: - enabled: true - - ## Enable BackendConfig custom resource for Google Kubernetes Engine - GKEbackendConfig: - enabled: false - spec: {} - # spec: - # iap: - # enabled: true - # oauthclientCredentials: - # secretName: argocd-secret - -## Repo Server -repoServer: - name: repo-server - - replicas: 1 - - autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 5 - targetCPUUtilizationPercentage: 50 - targetMemoryUtilizationPercentage: 50 - - image: - repository: # argoproj/argocd - tag: # v1.5.2 - imagePullPolicy: # IfNotPresent - - ## Additional command line arguments to pass to argocd-repo-server - ## - extraArgs: [] - - ## Environment variables to pass to argocd-repo-server - ## - env: [] - - ## Argo repoServer log level - logLevel: info - - ## Annotations to be added to repo server pods - ## - podAnnotations: {} - - ## Labels to be added to repo server pods - ## - podLabels: {} - - ## Configures the repo server port - containerPort: 8081 - - ## Readiness and liveness probes for default backend - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ - ## - readinessProbe: - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - livenessProbe: - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - - ## Additional volumeMounts to the repo server main container. - volumeMounts: [] - - ## Additional volumes to the repo server pod. - volumes: [] - - ## Node selectors and tolerations for server scheduling to nodes with taints - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - ## - nodeSelector: {} - tolerations: [] - affinity: {} - - priorityClassName: "" - - ## Labels to set container specific security contexts - containerSecurityContext: {} - # capabilities: - # drop: - # - all - - resources: {} - # limits: - # cpu: 50m - # memory: 128Mi - # requests: - # cpu: 10m - # memory: 64Mi - - ## Repo server service configuration - service: - annotations: {} - labels: {} - port: 8081 - portName: https-repo-server - - ## Repo server metrics service configuration - metrics: - enabled: false - service: - annotations: {} - labels: {} - servicePort: 8084 - serviceMonitor: - enabled: false - # selector: - # prometheus: kube-prometheus - # namespace: monitoring - # additionalLabels: {} - - ## Repo server service account - ## If create is set to true, make sure to uncomment the name and update the rbac section below - serviceAccount: - create: false - # name: argocd-repo-server - ## Annotations applied to created service account - annotations: {} - - ## Repo server rbac rules - # rbac: - # - apiGroups: - # - argoproj.io - # resources: - # - applications - # verbs: - # - get - # - list - # - watch - - ## Use init containers to configure custom tooling - ## https://argoproj.github.io/argo-cd/operator-manual/custom_tools/ - ## When using the volumes & volumeMounts section bellow, please comment out those above. - # volumes: - # - name: custom-tools - # emptyDir: {} - # - # initContainers: - # - name: download-tools - # image: alpine:3.8 - # command: [sh, -c] - # args: - # - wget -qO- https://get.helm.sh/helm-v2.16.1-linux-amd64.tar.gz | tar -xvzf - && - # mv linux-amd64/helm /custom-tools/ - # volumeMounts: - # - mountPath: /custom-tools - # name: custom-tools - # volumeMounts: - # - mountPath: /usr/local/bin/helm - # name: custom-tools - # subPath: helm - -## Argo Configs -configs: - knownHosts: - data: - ssh_known_hosts: | - bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw== - github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ== - gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY= - gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf - gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9 - ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H - vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H - tlsCerts: - {} - # data: - # argocd.example.com: | - # -----BEGIN CERTIFICATE----- - # MIIF1zCCA7+gAwIBAgIUQdTcSHY2Sxd3Tq/v1eIEZPCNbOowDQYJKoZIhvcNAQEL - # BQAwezELMAkGA1UEBhMCREUxFTATBgNVBAgMDExvd2VyIFNheG9ueTEQMA4GA1UE - # BwwHSGFub3ZlcjEVMBMGA1UECgwMVGVzdGluZyBDb3JwMRIwEAYDVQQLDAlUZXN0 - # c3VpdGUxGDAWBgNVBAMMD2Jhci5leGFtcGxlLmNvbTAeFw0xOTA3MDgxMzU2MTda - # Fw0yMDA3MDcxMzU2MTdaMHsxCzAJBgNVBAYTAkRFMRUwEwYDVQQIDAxMb3dlciBT - # YXhvbnkxEDAOBgNVBAcMB0hhbm92ZXIxFTATBgNVBAoMDFRlc3RpbmcgQ29ycDES - # MBAGA1UECwwJVGVzdHN1aXRlMRgwFgYDVQQDDA9iYXIuZXhhbXBsZS5jb20wggIi - # MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCv4mHMdVUcafmaSHVpUM0zZWp5 - # NFXfboxA4inuOkE8kZlbGSe7wiG9WqLirdr39Ts+WSAFA6oANvbzlu3JrEQ2CHPc - # CNQm6diPREFwcDPFCe/eMawbwkQAPVSHPts0UoRxnpZox5pn69ghncBR+jtvx+/u - # P6HdwW0qqTvfJnfAF1hBJ4oIk2AXiip5kkIznsAh9W6WRy6nTVCeetmIepDOGe0G - # ZJIRn/OfSz7NzKylfDCat2z3EAutyeT/5oXZoWOmGg/8T7pn/pR588GoYYKRQnp+ - # YilqCPFX+az09EqqK/iHXnkdZ/Z2fCuU+9M/Zhrnlwlygl3RuVBI6xhm/ZsXtL2E - # Gxa61lNy6pyx5+hSxHEFEJshXLtioRd702VdLKxEOuYSXKeJDs1x9o6cJ75S6hko - # Ml1L4zCU+xEsMcvb1iQ2n7PZdacqhkFRUVVVmJ56th8aYyX7KNX6M9CD+kMpNm6J - # kKC1li/Iy+RI138bAvaFplajMF551kt44dSvIoJIbTr1LigudzWPqk31QaZXV/4u - # kD1n4p/XMc9HYU/was/CmQBFqmIZedTLTtK7clkuFN6wbwzdo1wmUNgnySQuMacO - # gxhHxxzRWxd24uLyk9Px+9U3BfVPaRLiOPaPoC58lyVOykjSgfpgbus7JS69fCq7 - # bEH4Jatp/10zkco+UQIDAQABo1MwUTAdBgNVHQ4EFgQUjXH6PHi92y4C4hQpey86 - # r6+x1ewwHwYDVR0jBBgwFoAUjXH6PHi92y4C4hQpey86r6+x1ewwDwYDVR0TAQH/ - # BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAFE4SdKsX9UsLy+Z0xuHSxhTd0jfn - # Iih5mtzb8CDNO5oTw4z0aMeAvpsUvjJ/XjgxnkiRACXh7K9hsG2r+ageRWGevyvx - # CaRXFbherV1kTnZw4Y9/pgZTYVWs9jlqFOppz5sStkfjsDQ5lmPJGDii/StENAz2 - # XmtiPOgfG9Upb0GAJBCuKnrU9bIcT4L20gd2F4Y14ccyjlf8UiUi192IX6yM9OjT - # +TuXwZgqnTOq6piVgr+FTSa24qSvaXb5z/mJDLlk23npecTouLg83TNSn3R6fYQr - # d/Y9eXuUJ8U7/qTh2Ulz071AO9KzPOmleYPTx4Xty4xAtWi1QE5NHW9/Ajlv5OtO - # OnMNWIs7ssDJBsB7VFC8hcwf79jz7kC0xmQqDfw51Xhhk04kla+v+HZcFW2AO9so - # 6ZdVHHQnIbJa7yQJKZ+hK49IOoBR6JgdB5kymoplLLiuqZSYTcwSBZ72FYTm3iAr - # jzvt1hxpxVDmXvRnkhRrIRhK4QgJL0jRmirBjDY+PYYd7bdRIjN7WNZLFsgplnS8 - # 9w6CwG32pRlm0c8kkiQ7FXA6BYCqOsDI8f1VGQv331OpR2Ck+FTv+L7DAmg6l37W - # +LB9LGh4OAp68ImTjqf6ioGKG0RBSznwME+r4nXtT1S/qLR6ASWUS4ViWRhbRlNK - # XWyb96wrUlv+E8I= - # -----END CERTIFICATE----- - # Creates a secret with optional repository credentials - repositoryCredentials: - {} - # sample-ssh-key: | - # -----BEGIN RSA PRIVATE KEY----- - # MIICXAIBAAKBgQCcmiVJXGUvL8zqWmRRETbCKgFadtjJ9WDQpSwiZzMiktpYBo0N - # z0cThzGQfWqvdiJYEy72MrKCaSYssV3eHP5zTffk4VBDktNfdl1kgkOpqnh7tQO4 - # nBONRLzcK6KEbKUsmiTbW8Jb4UFYDhyyyveby7y3vYePmaRQIrlEenVfKwIDAQAB - # AoGAbbg+WZjnt9jYzHWKhZX29LDzg8ty9oT6URT4yB3gIOAdJMFqQHuyg8cb/e0x - # O0AcrfK623oHwgEj4vpeFwnfaBdtM5GfH9zaj6pnXV7VZc3oBHrBnHUgFT3NEYUe - # tt6rtatIguBH61Aj/pyij9sOfF0xDj0s1nwFTbdHtZR/31kCQQDIwcVTqhKkDNW6 - # cvdz+Wt3v9x1wNg+VhZhyA/pKILz3+qtn3GogLrQqhpVi+Y7tdvEv9FvgKaCjUp8 - # 6Lfp6dDFAkEAx7HpQbXFdrtcveOi9kosKRDX1PT4zdhB08jAXGlV8jr0jkrZazVM - # hV5rVCuu35Vh6x1fiyGwwiVsqhgWE+KPLwJAWrDemasM/LsnmjDxhJy6ZcBwsWlK - # xu5Q8h9UwLmiXtVayNBsofh1bGpLtzWZ7oN7ImidDkgJ8JQvgDoJS0xrGQJBALPJ - # FkMFnrjtqGqBVkc8shNqyZY90v6oM2OzupO4dht2PpUZCDPAMZtlTWXjSjabbCPc - # NxexBk1UmkdtFftjHxsCQGjG+nhRYH92MsmrbvZyFzgxg9SIOu6xel7D3Dq9l5Le - # XG+bpHPF4SiCpAxthP5WNa17zuvk+CDsMZgZNuhYNMo= - # -----END RSA PRIVATE KEY----- - secret: - createSecret: true - ## Annotations to be added to argocd-secret - ## - annotations: {} - - # Webhook Configs - githubSecret: "" - gitlabSecret: "" - bitbucketServerSecret: "" - bitbucketUUID: "" - gogsSecret: "" - - # Custom secrets. Useful for injecting SSO secrets into environment variables. - # Ref: https://argoproj.github.io/argo-cd/operator-manual/sso/ - # Note that all values must be non-empty. - extra: {} - # LDAP_PASSWORD: "mypassword" - - # Argo TLS Data. - argocdServerTlsConfig: - {} - # key: - # crt: | - # -----BEGIN CERTIFICATE----- - # - # -----END CERTIFICATE----- - # -----BEGIN CERTIFICATE----- - # - # -----END CERTIFICATE----- - - # Argo expects the password in the secret to be bcrypt hashed. You can create this hash with - # `htpasswd -nbBC 10 "" $ARGO_PWD | tr -d ':\n' | sed 's/$2y/$2a/'` - # argocdServerAdminPassword: - # Password modification time defaults to current time if not set - # argocdServerAdminPasswordMtime: "2006-01-02T15:04:05Z" - -openshift: - enabled: false diff --git a/charts/kubezero/templates/app.yaml b/charts/kubezero/templates/app.yaml index 0a47e77..5329a34 100644 --- a/charts/kubezero/templates/app.yaml +++ b/charts/kubezero/templates/app.yaml @@ -1,25 +1,24 @@ -{{- if .Values.bootstrap }} apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: kubezero namespace: argocd labels: - app.kubernetes.io/name: {{ .Chart.Name }}-argocd-application + app.kubernetes.io/name: kubezero helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} spec: project: kubezero - source: + source: repoURL: https://github.com/Zero-Down-Time/kubezero targetRevision: HEAD - path: charts/kubezero-app + path: charts/kubezeroApp {{- if .Values.config }} helm: values: | -{{- toYaml .Values.config | nindent 8 }} +{{- toYaml .Values.kubezero | nindent 8 }} {{- end }} destination: @@ -29,4 +28,3 @@ spec: automated: prune: true selfHeal: false -{{- end }} diff --git a/charts/kubezero/templates/project.yaml b/charts/kubezero/templates/project.yaml index cfdc378..5ab30ca 100644 --- a/charts/kubezero/templates/project.yaml +++ b/charts/kubezero/templates/project.yaml @@ -1,4 +1,3 @@ -{{- if .Values.bootstrap }} apiVersion: argoproj.io/v1alpha1 kind: AppProject metadata: @@ -28,4 +27,3 @@ spec: clusterResourceWhitelist: - group: '*' kind: '*' -{{- end }} diff --git a/charts/kubezero/values.yaml b/charts/kubezero/values.yaml index 0617ca2..880b1e3 100644 --- a/charts/kubezero/values.yaml +++ b/charts/kubezero/values.yaml @@ -1,8 +1,5 @@ -# bootstrap -- Wether to install the root-app `kubezero-app` -bootstrap: true - -# config -- Kubezero configuration to be passed into kubezero-app -config: {} +# kubezero -- Kubezero configuration, values.yaml please see kubezeroApp +kubezero: {} argo-cd: installCRDs: false diff --git a/charts/kubezero-app/.helmignore b/charts/kubezeroApp/.helmignore similarity index 100% rename from charts/kubezero-app/.helmignore rename to charts/kubezeroApp/.helmignore diff --git a/charts/kubezero-app/Chart.yaml b/charts/kubezeroApp/Chart.yaml similarity index 85% rename from charts/kubezero-app/Chart.yaml rename to charts/kubezeroApp/Chart.yaml index 097128a..641169e 100644 --- a/charts/kubezero-app/Chart.yaml +++ b/charts/kubezeroApp/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -name: kubezero-app +name: kubezeroApp description: KubeZero ArgoCD Application - Root chart of the KubeZero type: application -version: 0.1.3 +version: 0.1.4 home: https://kubezero.com keywords: - kubezero diff --git a/charts/kubezero-app/README.md b/charts/kubezeroApp/README.md similarity index 92% rename from charts/kubezero-app/README.md rename to charts/kubezeroApp/README.md index 1bf90ed..dcf5372 100644 --- a/charts/kubezero-app/README.md +++ b/charts/kubezeroApp/README.md @@ -1,8 +1,8 @@ -kubezero-app -============ +kubezeroApp +=========== KubeZero ArgoCD Application - Root chart of the KubeZero -Current chart version is `0.1.3` +Current chart version is `0.1.4` Source code can be found [here](https://kubezero.com) diff --git a/charts/kubezeroApp/templates/_apps_common.yaml b/charts/kubezeroApp/templates/_apps_common.yaml new file mode 100644 index 0000000..837de81 --- /dev/null +++ b/charts/kubezeroApp/templates/_apps_common.yaml @@ -0,0 +1,27 @@ +{{- define "kubezero.app" }} +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: {{ .name }} + namespace: argocd + labels: + app.kubernetes.io/name: {{ .name }} + helm.sh/chart: {{ .root.Chart.Name }}-{{ .root.Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ .root.Release.Service }} + app.kubernetes.io/part-of: kubezero +spec: + project: kubezero + + source: + repoURL: {{ default .root.Values.defaultSource.repoURL }} + targetRevision: {{ default .root.Values.defaultSource.targetRevision }} + {{- if eq .type "helm" }} + path: {{ default .root.Values.defaultSource.pathPrefix }}charts/{{ .name }} + {{- else }} + path: {{ default .root.Values.defaultSource.pathPrefix }}artifacts/{{ .name }} + {{- end }} + + destination: + server: {{ default .root.Values.defaultDestination.server }} + namespace: kube-system +{{- end }} diff --git a/charts/kubezeroApp/templates/calico.yaml b/charts/kubezeroApp/templates/calico.yaml new file mode 100644 index 0000000..5fd8522 --- /dev/null +++ b/charts/kubezeroApp/templates/calico.yaml @@ -0,0 +1,3 @@ +{{- if .Values.calico.enabled }} +{{ template "kubezero.app" dict "root" . "name" "calico" "type" "kustomize" }} +{{- end }} diff --git a/charts/kubezeroApp/templates/cert-manager.yaml b/charts/kubezeroApp/templates/cert-manager.yaml new file mode 100644 index 0000000..74153c4 --- /dev/null +++ b/charts/kubezeroApp/templates/cert-manager.yaml @@ -0,0 +1,10 @@ +{{- if .Values.certManager.enabled }} +{{ template "kubezero.app" dict "root" . "name" "kubezeroCertManager" "type" "helm" }} +--- +apiVersion: v1 +kind: Namespace +metadata: + name: cert-manager + annotations: + iam.amazonaws.com/permitted: ".*CertManagerRole.*" +{{- end }} diff --git a/charts/kubezeroApp/templates/local-volume-provisioner.yaml b/charts/kubezeroApp/templates/local-volume-provisioner.yaml new file mode 100644 index 0000000..3c691b6 --- /dev/null +++ b/charts/kubezeroApp/templates/local-volume-provisioner.yaml @@ -0,0 +1,3 @@ +{{- if .Values.localVolumeProvisioner.enabled }} +{{ template "kubezero.app" dict "root" . "name" "localVolumeProvisioner" "type" "kustomize" }} +{{- end }} diff --git a/charts/kubezero-app/values-all.yaml b/charts/kubezeroApp/values-all.yaml similarity index 100% rename from charts/kubezero-app/values-all.yaml rename to charts/kubezeroApp/values-all.yaml diff --git a/charts/kubezero-app/values.yaml b/charts/kubezeroApp/values.yaml similarity index 96% rename from charts/kubezero-app/values.yaml rename to charts/kubezeroApp/values.yaml index 630e427..3f84417 100644 --- a/charts/kubezero-app/values.yaml +++ b/charts/kubezeroApp/values.yaml @@ -2,7 +2,7 @@ defaultDestination: server: https://kubernetes.default.svc # This repoURL is used a base for all the repoURLs applications -# Setting this to a eg. private git repo incl. the use of pathPrefix allows kubezero to be +# Setting this to a eg. private git repo incl. the use of pathPrefix allows kubezero to be # integrated into any repository as a git subtree if for example public internet access is unavailable defaultSource: # defaultSource.repoURL -- default repository for argocd applications diff --git a/charts/kubezeroCertManager/.helmignore b/charts/kubezeroCertManager/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/kubezeroCertManager/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/kubezeroCertManager/Chart.lock b/charts/kubezeroCertManager/Chart.lock new file mode 100644 index 0000000..b4491a9 --- /dev/null +++ b/charts/kubezeroCertManager/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: cert-manager + repository: https://charts.jetstack.io + version: v0.14.3 +digest: sha256:b99f220fe708253be29daba252bac3a4c4ae7bfe70f9a518fabe9a6e306d8a84 +generated: "2020-05-04T16:55:09.668227657+01:00" diff --git a/charts/kubezeroCertManager/Chart.yaml b/charts/kubezeroCertManager/Chart.yaml new file mode 100644 index 0000000..0221ca0 --- /dev/null +++ b/charts/kubezeroCertManager/Chart.yaml @@ -0,0 +1,15 @@ +apiVersion: v2 +name: kubezeroCertManager +description: KubeZero Umbrella Chart for cert-manager +type: application +version: 0.1.0 +home: https://kubezero.com +keywords: + - kubezero + - cert-manager +maintainers: + - name: Quarky9 +dependencies: + - name: cert-manager + version: 0.14.3 + repository: https://charts.jetstack.io diff --git a/charts/kubezeroCertManager/crds/cert-manager-crds.yaml b/charts/kubezeroCertManager/crds/cert-manager-crds.yaml new file mode 100644 index 0000000..7a8aae1 --- /dev/null +++ b/charts/kubezeroCertManager/crds/cert-manager-crds.yaml @@ -0,0 +1,5877 @@ +# Copyright YEAR The Jetstack cert-manager contributors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from-secret: cert-manager/cert-manager-webhook-tls + name: certificaterequests.cert-manager.io +spec: + additionalPrinterColumns: + - JSONPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - JSONPath: .spec.issuerRef.name + name: Issuer + priority: 1 + type: string + - JSONPath: .status.conditions[?(@.type=="Ready")].message + name: Status + priority: 1 + type: string + - JSONPath: .metadata.creationTimestamp + description: CreationTimestamp is a timestamp representing the server time when + this object was created. It is not guaranteed to be set in happens-before order + across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. + name: Age + type: date + conversion: + strategy: Webhook + webhookClientConfig: + service: + name: cert-manager-webhook + namespace: cert-manager + path: /convert + group: cert-manager.io + names: + kind: CertificateRequest + listKind: CertificateRequestList + plural: certificaterequests + shortNames: + - cr + - crs + singular: certificaterequest + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: CertificateRequest is a type to represent a Certificate Signing + Request + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CertificateRequestSpec defines the desired state of CertificateRequest + properties: + csr: + description: Byte slice containing the PEM encoded CertificateSigningRequest + format: byte + type: string + duration: + description: Requested certificate default Duration + type: string + isCA: + description: IsCA will mark the resulting certificate as valid for signing. + This implies that the 'cert sign' usage is set + type: boolean + issuerRef: + description: IssuerRef is a reference to the issuer for this CertificateRequest. If + the 'kind' field is not set, or set to 'Issuer', an Issuer resource + with the given name in the same namespace as the CertificateRequest + will be used. If the 'kind' field is set to 'ClusterIssuer', a ClusterIssuer + with the provided name will be used. The 'name' field in this stanza + is required at all times. The group field refers to the API group + of the issuer which defaults to 'cert-manager.io' if empty. + properties: + group: + type: string + kind: + type: string + name: + type: string + required: + - name + type: object + usages: + description: Usages is the set of x509 actions that are enabled for + a given key. Defaults are ('digital signature', 'key encipherment') + if empty + items: + description: 'KeyUsage specifies valid usage contexts for keys. See: + https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 + Valid KeyUsage values are as follows: "signing", "digital signature", + "content commitment", "key encipherment", "key agreement", "data + encipherment", "cert sign", "crl sign", "encipher only", "decipher + only", "any", "server auth", "client auth", "code signing", "email + protection", "s/mime", "ipsec end system", "ipsec tunnel", "ipsec + user", "timestamping", "ocsp signing", "microsoft sgc", "netscape + sgc"' + enum: + - signing + - digital signature + - content commitment + - key encipherment + - key agreement + - data encipherment + - cert sign + - crl sign + - encipher only + - decipher only + - any + - server auth + - client auth + - code signing + - email protection + - s/mime + - ipsec end system + - ipsec tunnel + - ipsec user + - timestamping + - ocsp signing + - microsoft sgc + - netscape sgc + type: string + type: array + required: + - csr + - issuerRef + type: object + status: + description: CertificateStatus defines the observed state of CertificateRequest + and resulting signed certificate. + properties: + ca: + description: Byte slice containing the PEM encoded certificate authority + of the signed certificate. + format: byte + type: string + certificate: + description: Byte slice containing a PEM encoded signed certificate + resulting from the given certificate signing request. + format: byte + type: string + conditions: + items: + description: CertificateRequestCondition contains condition information + for a CertificateRequest. + properties: + lastTransitionTime: + description: LastTransitionTime is the timestamp corresponding + to the last status change of this condition. + format: date-time + type: string + message: + description: Message is a human readable description of the details + of the last transition, complementing reason. + type: string + reason: + description: Reason is a brief machine readable explanation for + the condition's last transition. + type: string + status: + description: Status of the condition, one of ('True', 'False', + 'Unknown'). + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of the condition, currently ('Ready', 'InvalidRequest'). + type: string + required: + - status + - type + type: object + type: array + failureTime: + description: FailureTime stores the time that this CertificateRequest + failed. This is used to influence garbage collection and back-off. + format: date-time + type: string + type: object + type: object + versions: + - name: v1alpha2 + served: true + storage: true + - name: v1alpha3 + served: true + storage: false +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from-secret: cert-manager/cert-manager-webhook-tls + name: certificates.cert-manager.io +spec: + additionalPrinterColumns: + - JSONPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - JSONPath: .spec.secretName + name: Secret + type: string + - JSONPath: .spec.issuerRef.name + name: Issuer + priority: 1 + type: string + - JSONPath: .status.conditions[?(@.type=="Ready")].message + name: Status + priority: 1 + type: string + - JSONPath: .metadata.creationTimestamp + description: CreationTimestamp is a timestamp representing the server time when + this object was created. It is not guaranteed to be set in happens-before order + across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. + name: Age + type: date + conversion: + strategy: Webhook + webhookClientConfig: + service: + name: cert-manager-webhook + namespace: cert-manager + path: /convert + group: cert-manager.io + names: + kind: Certificate + listKind: CertificateList + plural: certificates + shortNames: + - cert + - certs + singular: certificate + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + versions: + - name: v1alpha2 + schema: + openAPIV3Schema: + description: Certificate is a type to represent a Certificate from ACME + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CertificateSpec defines the desired state of Certificate. + A valid Certificate requires at least one of a CommonName, DNSName, + or URISAN to be valid. + properties: + commonName: + description: 'CommonName is a common name to be used on the Certificate. + The CommonName should have a length of 64 characters or fewer to + avoid generating invalid CSRs. This value is ignored by TLS clients + when any subject alt name is set. This is x509 behaviour: https://tools.ietf.org/html/rfc6125#section-6.4.4' + type: string + dnsNames: + description: DNSNames is a list of subject alt names to be used on + the Certificate. + items: + type: string + type: array + duration: + description: Certificate default Duration + type: string + emailSANs: + description: EmailSANs is a list of Email Subject Alternative Names + to be set on this Certificate. + items: + type: string + type: array + ipAddresses: + description: IPAddresses is a list of IP addresses to be used on the + Certificate + items: + type: string + type: array + isCA: + description: IsCA will mark this Certificate as valid for signing. + This implies that the 'cert sign' usage is set + type: boolean + issuerRef: + description: IssuerRef is a reference to the issuer for this certificate. + If the 'kind' field is not set, or set to 'Issuer', an Issuer resource + with the given name in the same namespace as the Certificate will + be used. If the 'kind' field is set to 'ClusterIssuer', a ClusterIssuer + with the provided name will be used. The 'name' field in this stanza + is required at all times. + properties: + group: + type: string + kind: + type: string + name: + type: string + required: + - name + type: object + keyAlgorithm: + description: KeyAlgorithm is the private key algorithm of the corresponding + private key for this certificate. If provided, allowed values are + either "rsa" or "ecdsa" If KeyAlgorithm is specified and KeySize + is not provided, key size of 256 will be used for "ecdsa" key algorithm + and key size of 2048 will be used for "rsa" key algorithm. + enum: + - rsa + - ecdsa + type: string + keyEncoding: + description: KeyEncoding is the private key cryptography standards + (PKCS) for this certificate's private key to be encoded in. If provided, + allowed values are "pkcs1" and "pkcs8" standing for PKCS#1 and PKCS#8, + respectively. If KeyEncoding is not specified, then PKCS#1 will + be used by default. + enum: + - pkcs1 + - pkcs8 + type: string + keySize: + description: KeySize is the key bit size of the corresponding private + key for this certificate. If provided, value must be between 2048 + and 8192 inclusive when KeyAlgorithm is empty or is set to "rsa", + and value must be one of (256, 384, 521) when KeyAlgorithm is set + to "ecdsa". + maximum: 8192 + minimum: 0 + type: integer + organization: + description: Organization is the organization to be used on the Certificate + items: + type: string + type: array + renewBefore: + description: Certificate renew before expiration duration + type: string + secretName: + description: SecretName is the name of the secret resource to store + this secret in + type: string + subject: + description: Full X509 name specification (https://golang.org/pkg/crypto/x509/pkix/#Name). + properties: + countries: + description: Countries to be used on the Certificate. + items: + type: string + type: array + localities: + description: Cities to be used on the Certificate. + items: + type: string + type: array + organizationalUnits: + description: Organizational Units to be used on the Certificate. + items: + type: string + type: array + postalCodes: + description: Postal codes to be used on the Certificate. + items: + type: string + type: array + provinces: + description: State/Provinces to be used on the Certificate. + items: + type: string + type: array + serialNumber: + description: Serial number to be used on the Certificate. + type: string + streetAddresses: + description: Street addresses to be used on the Certificate. + items: + type: string + type: array + type: object + uriSANs: + description: URISANs is a list of URI Subject Alternative Names to + be set on this Certificate. + items: + type: string + type: array + usages: + description: Usages is the set of x509 actions that are enabled for + a given key. Defaults are ('digital signature', 'key encipherment') + if empty + items: + description: 'KeyUsage specifies valid usage contexts for keys. + See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 + Valid KeyUsage values are as follows: "signing", "digital signature", + "content commitment", "key encipherment", "key agreement", "data + encipherment", "cert sign", "crl sign", "encipher only", "decipher + only", "any", "server auth", "client auth", "code signing", "email + protection", "s/mime", "ipsec end system", "ipsec tunnel", "ipsec + user", "timestamping", "ocsp signing", "microsoft sgc", "netscape + sgc"' + enum: + - signing + - digital signature + - content commitment + - key encipherment + - key agreement + - data encipherment + - cert sign + - crl sign + - encipher only + - decipher only + - any + - server auth + - client auth + - code signing + - email protection + - s/mime + - ipsec end system + - ipsec tunnel + - ipsec user + - timestamping + - ocsp signing + - microsoft sgc + - netscape sgc + type: string + type: array + required: + - issuerRef + - secretName + type: object + status: + description: CertificateStatus defines the observed state of Certificate + properties: + conditions: + items: + description: CertificateCondition contains condition information + for an Certificate. + properties: + lastTransitionTime: + description: LastTransitionTime is the timestamp corresponding + to the last status change of this condition. + format: date-time + type: string + message: + description: Message is a human readable description of the + details of the last transition, complementing reason. + type: string + reason: + description: Reason is a brief machine readable explanation + for the condition's last transition. + type: string + status: + description: Status of the condition, one of ('True', 'False', + 'Unknown'). + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of the condition, currently ('Ready'). + type: string + required: + - status + - type + type: object + type: array + lastFailureTime: + format: date-time + type: string + notAfter: + description: The expiration time of the certificate stored in the + secret named by this resource in spec.secretName. + format: date-time + type: string + type: object + type: object + served: true + storage: true + - name: v1alpha3 + schema: + openAPIV3Schema: + description: Certificate is a type to represent a Certificate from ACME + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CertificateSpec defines the desired state of Certificate. + A valid Certificate requires at least one of a CommonName, DNSName, + or URISAN to be valid. + properties: + commonName: + description: 'CommonName is a common name to be used on the Certificate. + The CommonName should have a length of 64 characters or fewer to + avoid generating invalid CSRs. This value is ignored by TLS clients + when any subject alt name is set. This is x509 behaviour: https://tools.ietf.org/html/rfc6125#section-6.4.4' + type: string + dnsNames: + description: DNSNames is a list of subject alt names to be used on + the Certificate. + items: + type: string + type: array + duration: + description: Certificate default Duration + type: string + emailSANs: + description: EmailSANs is a list of Email Subject Alternative Names + to be set on this Certificate. + items: + type: string + type: array + ipAddresses: + description: IPAddresses is a list of IP addresses to be used on the + Certificate + items: + type: string + type: array + isCA: + description: IsCA will mark this Certificate as valid for signing. + This implies that the 'cert sign' usage is set + type: boolean + issuerRef: + description: IssuerRef is a reference to the issuer for this certificate. + If the 'kind' field is not set, or set to 'Issuer', an Issuer resource + with the given name in the same namespace as the Certificate will + be used. If the 'kind' field is set to 'ClusterIssuer', a ClusterIssuer + with the provided name will be used. The 'name' field in this stanza + is required at all times. + properties: + group: + type: string + kind: + type: string + name: + type: string + required: + - name + type: object + keyAlgorithm: + description: KeyAlgorithm is the private key algorithm of the corresponding + private key for this certificate. If provided, allowed values are + either "rsa" or "ecdsa" If KeyAlgorithm is specified and KeySize + is not provided, key size of 256 will be used for "ecdsa" key algorithm + and key size of 2048 will be used for "rsa" key algorithm. + enum: + - rsa + - ecdsa + type: string + keyEncoding: + description: KeyEncoding is the private key cryptography standards + (PKCS) for this certificate's private key to be encoded in. If provided, + allowed values are "pkcs1" and "pkcs8" standing for PKCS#1 and PKCS#8, + respectively. If KeyEncoding is not specified, then PKCS#1 will + be used by default. + enum: + - pkcs1 + - pkcs8 + type: string + keySize: + description: KeySize is the key bit size of the corresponding private + key for this certificate. If provided, value must be between 2048 + and 8192 inclusive when KeyAlgorithm is empty or is set to "rsa", + and value must be one of (256, 384, 521) when KeyAlgorithm is set + to "ecdsa". + maximum: 8192 + minimum: 0 + type: integer + renewBefore: + description: Certificate renew before expiration duration + type: string + secretName: + description: SecretName is the name of the secret resource to store + this secret in + type: string + subject: + description: Full X509 name specification (https://golang.org/pkg/crypto/x509/pkix/#Name). + properties: + countries: + description: Countries to be used on the Certificate. + items: + type: string + type: array + localities: + description: Cities to be used on the Certificate. + items: + type: string + type: array + organizationalUnits: + description: Organizational Units to be used on the Certificate. + items: + type: string + type: array + organizations: + description: Organizations to be used on the Certificate. + items: + type: string + type: array + postalCodes: + description: Postal codes to be used on the Certificate. + items: + type: string + type: array + provinces: + description: State/Provinces to be used on the Certificate. + items: + type: string + type: array + serialNumber: + description: Serial number to be used on the Certificate. + type: string + streetAddresses: + description: Street addresses to be used on the Certificate. + items: + type: string + type: array + type: object + uriSANs: + description: URISANs is a list of URI Subject Alternative Names to + be set on this Certificate. + items: + type: string + type: array + usages: + description: Usages is the set of x509 actions that are enabled for + a given key. Defaults are ('digital signature', 'key encipherment') + if empty + items: + description: 'KeyUsage specifies valid usage contexts for keys. + See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 + Valid KeyUsage values are as follows: "signing", "digital signature", + "content commitment", "key encipherment", "key agreement", "data + encipherment", "cert sign", "crl sign", "encipher only", "decipher + only", "any", "server auth", "client auth", "code signing", "email + protection", "s/mime", "ipsec end system", "ipsec tunnel", "ipsec + user", "timestamping", "ocsp signing", "microsoft sgc", "netscape + sgc"' + enum: + - signing + - digital signature + - content commitment + - key encipherment + - key agreement + - data encipherment + - cert sign + - crl sign + - encipher only + - decipher only + - any + - server auth + - client auth + - code signing + - email protection + - s/mime + - ipsec end system + - ipsec tunnel + - ipsec user + - timestamping + - ocsp signing + - microsoft sgc + - netscape sgc + type: string + type: array + required: + - issuerRef + - secretName + type: object + status: + description: CertificateStatus defines the observed state of Certificate + properties: + conditions: + items: + description: CertificateCondition contains condition information + for an Certificate. + properties: + lastTransitionTime: + description: LastTransitionTime is the timestamp corresponding + to the last status change of this condition. + format: date-time + type: string + message: + description: Message is a human readable description of the + details of the last transition, complementing reason. + type: string + reason: + description: Reason is a brief machine readable explanation + for the condition's last transition. + type: string + status: + description: Status of the condition, one of ('True', 'False', + 'Unknown'). + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of the condition, currently ('Ready'). + type: string + required: + - status + - type + type: object + type: array + lastFailureTime: + format: date-time + type: string + notAfter: + description: The expiration time of the certificate stored in the + secret named by this resource in spec.secretName. + format: date-time + type: string + type: object + type: object + served: true + storage: false +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from-secret: cert-manager/cert-manager-webhook-tls + name: challenges.acme.cert-manager.io +spec: + additionalPrinterColumns: + - JSONPath: .status.state + name: State + type: string + - JSONPath: .spec.dnsName + name: Domain + type: string + - JSONPath: .status.reason + name: Reason + priority: 1 + type: string + - JSONPath: .metadata.creationTimestamp + description: CreationTimestamp is a timestamp representing the server time when + this object was created. It is not guaranteed to be set in happens-before order + across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. + name: Age + type: date + conversion: + strategy: Webhook + webhookClientConfig: + service: + name: cert-manager-webhook + namespace: cert-manager + path: /convert + group: acme.cert-manager.io + names: + kind: Challenge + listKind: ChallengeList + plural: challenges + singular: challenge + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: Challenge is a type to represent a Challenge request with an ACME + server + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + authzURL: + description: AuthzURL is the URL to the ACME Authorization resource + that this challenge is a part of. + type: string + dnsName: + description: DNSName is the identifier that this challenge is for, e.g. + example.com. + type: string + issuerRef: + description: IssuerRef references a properly configured ACME-type Issuer + which should be used to create this Challenge. If the Issuer does + not exist, processing will be retried. If the Issuer is not an 'ACME' + Issuer, an error will be returned and the Challenge will be marked + as failed. + properties: + group: + type: string + kind: + type: string + name: + type: string + required: + - name + type: object + key: + description: Key is the ACME challenge key for this challenge + type: string + solver: + description: Solver contains the domain solving configuration that should + be used to solve this challenge resource. + properties: + dns01: + properties: + acmedns: + description: ACMEIssuerDNS01ProviderAcmeDNS is a structure containing + the configuration for ACME-DNS servers + properties: + accountSecretRef: + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + host: + type: string + required: + - accountSecretRef + - host + type: object + akamai: + description: ACMEIssuerDNS01ProviderAkamai is a structure containing + the DNS configuration for Akamai DNS—Zone Record Management + API + properties: + accessTokenSecretRef: + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + clientSecretSecretRef: + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + clientTokenSecretRef: + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + serviceConsumerDomain: + type: string + required: + - accessTokenSecretRef + - clientSecretSecretRef + - clientTokenSecretRef + - serviceConsumerDomain + type: object + azuredns: + description: ACMEIssuerDNS01ProviderAzureDNS is a structure + containing the configuration for Azure DNS + properties: + clientID: + type: string + clientSecretSecretRef: + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + environment: + enum: + - AzurePublicCloud + - AzureChinaCloud + - AzureGermanCloud + - AzureUSGovernmentCloud + type: string + hostedZoneName: + type: string + resourceGroupName: + type: string + subscriptionID: + type: string + tenantID: + type: string + required: + - clientID + - clientSecretSecretRef + - resourceGroupName + - subscriptionID + - tenantID + type: object + clouddns: + description: ACMEIssuerDNS01ProviderCloudDNS is a structure + containing the DNS configuration for Google Cloud DNS + properties: + project: + type: string + serviceAccountSecretRef: + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + required: + - project + type: object + cloudflare: + description: ACMEIssuerDNS01ProviderCloudflare is a structure + containing the DNS configuration for Cloudflare + properties: + apiKeySecretRef: + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + apiTokenSecretRef: + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + email: + type: string + required: + - email + type: object + cnameStrategy: + description: CNAMEStrategy configures how the DNS01 provider + should handle CNAME records when found in DNS zones. + enum: + - None + - Follow + type: string + digitalocean: + description: ACMEIssuerDNS01ProviderDigitalOcean is a structure + containing the DNS configuration for DigitalOcean Domains + properties: + tokenSecretRef: + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + required: + - tokenSecretRef + type: object + rfc2136: + description: ACMEIssuerDNS01ProviderRFC2136 is a structure containing + the configuration for RFC2136 DNS + properties: + nameserver: + description: 'The IP address of the DNS supporting RFC2136. + Required. Note: FQDN is not a valid value, only IP.' + type: string + tsigAlgorithm: + description: 'The TSIG Algorithm configured in the DNS supporting + RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` + are defined. Supported values are (case-insensitive): + ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or + ``HMACSHA512``.' + type: string + tsigKeyName: + description: The TSIG Key name configured in the DNS. If + ``tsigSecretSecretRef`` is defined, this field is required. + type: string + tsigSecretSecretRef: + description: The name of the secret containing the TSIG + value. If ``tsigKeyName`` is defined, this field is required. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + required: + - nameserver + type: object + route53: + description: ACMEIssuerDNS01ProviderRoute53 is a structure containing + the Route 53 configuration for AWS + properties: + accessKeyID: + description: 'The AccessKeyID is used for authentication. + If not set we fall-back to using env vars, shared credentials + file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + type: string + hostedZoneID: + description: If set, the provider will manage only this + zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName + api call. + type: string + region: + description: Always set the region when using AccessKeyID + and SecretAccessKey + type: string + role: + description: Role is a Role ARN which the Route53 provider + will assume using either the explicit credentials AccessKeyID/SecretAccessKey + or the inferred credentials from environment variables, + shared credentials file or AWS Instance metadata + type: string + secretAccessKeySecretRef: + description: The SecretAccessKey is used for authentication. + If not set we fall-back to using env vars, shared credentials + file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + required: + - region + type: object + webhook: + description: ACMEIssuerDNS01ProviderWebhook specifies configuration + for a webhook DNS01 provider, including where to POST ChallengePayload + resources. + properties: + config: + description: Additional configuration that should be passed + to the webhook apiserver when challenges are processed. + This can contain arbitrary JSON data. Secret values should + not be specified in this stanza. If secret values are + needed (e.g. credentials for a DNS service), you should + use a SecretKeySelector to reference a Secret resource. + For details on the schema of this field, consult the webhook + provider implementation's documentation. + x-kubernetes-preserve-unknown-fields: true + groupName: + description: The API group name that should be used when + POSTing ChallengePayload resources to the webhook apiserver. + This should be the same as the GroupName specified in + the webhook provider implementation. + type: string + solverName: + description: The name of the solver to use, as defined in + the webhook provider implementation. This will typically + be the name of the provider, e.g. 'cloudflare'. + type: string + required: + - groupName + - solverName + type: object + type: object + http01: + description: ACMEChallengeSolverHTTP01 contains configuration detailing + how to solve HTTP01 challenges within a Kubernetes cluster. Typically + this is accomplished through creating 'routes' of some description + that configure ingress controllers to direct traffic to 'solver + pods', which are responsible for responding to the ACME server's + HTTP requests. + properties: + ingress: + description: The ingress based HTTP01 challenge solver will + solve challenges by creating or modifying Ingress resources + in order to route requests for '/.well-known/acme-challenge/XYZ' + to 'challenge solver' pods that are provisioned by cert-manager + for each Challenge to be completed. + properties: + class: + description: The ingress class to use when creating Ingress + resources to solve ACME challenges that use this challenge + solver. Only one of 'class' or 'name' may be specified. + type: string + name: + description: The name of the ingress resource that should + have ACME challenge solving routes inserted into it in + order to solve HTTP01 challenges. This is typically used + in conjunction with ingress controllers like ingress-gce, + which maintains a 1:1 mapping between external IPs and + ingress resources. + type: string + podTemplate: + description: Optional pod template used to configure the + ACME challenge solver pods used for HTTP01 challenges + properties: + metadata: + description: ObjectMeta overrides for the pod used to + solve HTTP01 challenges. Only the 'labels' and 'annotations' + fields may be set. If labels or annotations overlap + with in-built values, the values here will override + the in-built values. + properties: + annotations: + additionalProperties: + type: string + description: Annotations that should be added to + the create ACME HTTP01 solver pods. + type: object + labels: + additionalProperties: + type: string + description: Labels that should be added to the + created ACME HTTP01 solver pods. + type: object + type: object + spec: + description: PodSpec defines overrides for the HTTP01 + challenge solver pod. Only the 'nodeSelector', 'affinity' + and 'tolerations' fields are supported currently. + All other fields will be ignored. + properties: + affinity: + description: If specified, the pod's scheduling + constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to + schedule pods to nodes that satisfy the + affinity expressions specified by this + field, but it may choose a node that violates + one or more of the expressions. The node + that is most preferred is the one with + the greatest sum of weights, i.e. for + each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a + sum by iterating through the elements + of this field and adding "weight" to the + sum if the node matches the corresponding + matchExpressions; the node(s) with the + highest sum are the most preferred. + items: + description: An empty preferred scheduling + term matches all objects with implicit + weight 0 (i.e. it's a no-op). A null + preferred scheduling term matches no + objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, + associated with the corresponding + weight. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of + string values. If the + operator is In or NotIn, + the values array must + be non-empty. If the operator + is Exists or DoesNotExist, + the values array must + be empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will be + interpreted as an integer. + This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of + string values. If the + operator is In or NotIn, + the values array must + be non-empty. If the operator + is Exists or DoesNotExist, + the values array must + be empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will be + interpreted as an integer. + This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with + matching the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not met at + scheduling time, the pod will not be scheduled + onto the node. If the affinity requirements + specified by this field cease to be met + at some point during pod execution (e.g. + due to an update), the system may or may + not try to eventually evict the pod from + its node. + properties: + nodeSelectorTerms: + description: Required. A list of node + selector terms. The terms are ORed. + items: + description: A null or empty node + selector term matches no objects. + The requirements of them are ANDed. + The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of + string values. If the + operator is In or NotIn, + the values array must + be non-empty. If the operator + is Exists or DoesNotExist, + the values array must + be empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will be + interpreted as an integer. + This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of + string values. If the + operator is In or NotIn, + the values array must + be non-empty. If the operator + is Exists or DoesNotExist, + the values array must + be empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will be + interpreted as an integer. + This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling + rules (e.g. co-locate this pod in the same + node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to + schedule pods to nodes that satisfy the + affinity expressions specified by this + field, but it may choose a node that violates + one or more of the expressions. The node + that is most preferred is the one with + the greatest sum of weights, i.e. for + each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a + sum by iterating through the elements + of this field and adding "weight" to the + sum if the node has pods which matches + the corresponding podAffinityTerm; the + node(s) with the highest sum are the most + preferred. + items: + description: The weights of all of the + matched WeightedPodAffinityTerm fields + are added per-node to find the most + preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over + a set of resources, in this + case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key and + values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to a + set of values. Valid + operators are In, + NotIn, Exists and + DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, the + values array must + be non-empty. If the + operator is Exists + or DoesNotExist, the + values array must + be empty. This array + is replaced during + a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in + the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + which namespaces the labelSelector + applies to (matches against); + null or empty list means "this + pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be + co-located (affinity) or not + co-located (anti-affinity) with + the pods matching the labelSelector + in the specified namespaces, + where co-located is defined + as running on a node whose value + of the label with key topologyKey + matches that of any node on + which any of the selected pods + is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with + matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not met at + scheduling time, the pod will not be scheduled + onto the node. If the affinity requirements + specified by this field cease to be met + at some point during pod execution (e.g. + due to a pod label update), the system + may or may not try to eventually evict + the pod from its node. When there are + multiple elements, the lists of nodes + corresponding to each podAffinityTerm + are intersected, i.e. all terms must be + satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this + pod should be co-located (affinity) + or not co-located (anti-affinity) with, + where co-located is defined as running + on a node whose value of the label with + key matches that of any + node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a + set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + which namespaces the labelSelector + applies to (matches against); null + or empty list means "this pod's + namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the + same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to + schedule pods to nodes that satisfy the + anti-affinity expressions specified by + this field, but it may choose a node that + violates one or more of the expressions. + The node that is most preferred is the + one with the greatest sum of weights, + i.e. for each node that meets all of the + scheduling requirements (resource request, + requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating + through the elements of this field and + adding "weight" to the sum if the node + has pods which matches the corresponding + podAffinityTerm; the node(s) with the + highest sum are the most preferred. + items: + description: The weights of all of the + matched WeightedPodAffinityTerm fields + are added per-node to find the most + preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over + a set of resources, in this + case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key and + values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to a + set of values. Valid + operators are In, + NotIn, Exists and + DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, the + values array must + be non-empty. If the + operator is Exists + or DoesNotExist, the + values array must + be empty. This array + is replaced during + a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in + the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + which namespaces the labelSelector + applies to (matches against); + null or empty list means "this + pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be + co-located (affinity) or not + co-located (anti-affinity) with + the pods matching the labelSelector + in the specified namespaces, + where co-located is defined + as running on a node whose value + of the label with key topologyKey + matches that of any node on + which any of the selected pods + is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with + matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements + specified by this field are not met at + scheduling time, the pod will not be scheduled + onto the node. If the anti-affinity requirements + specified by this field cease to be met + at some point during pod execution (e.g. + due to a pod label update), the system + may or may not try to eventually evict + the pod from its node. When there are + multiple elements, the lists of nodes + corresponding to each podAffinityTerm + are intersected, i.e. all terms must be + satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this + pod should be co-located (affinity) + or not co-located (anti-affinity) with, + where co-located is defined as running + on a node whose value of the label with + key matches that of any + node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a + set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + which namespaces the labelSelector + applies to (matches against); null + or empty list means "this pod's + namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector is a selector which must + be true for the pod to fit on a node. Selector + which must match a node''s labels for the pod + to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator + . + properties: + effect: + description: Effect indicates the taint effect + to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, + PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the + toleration applies to. Empty means match + all taint keys. If the key is empty, operator + must be Exists; this combination means to + match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists + and Equal. Defaults to Equal. Exists is + equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents + the period of time the toleration (which + must be of effect NoExecute, otherwise this + field is ignored) tolerates the taint. By + default, it is not set, which means tolerate + the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict + immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the + toleration matches to. If the operator is + Exists, the value should be empty, otherwise + just a regular string. + type: string + type: object + type: array + type: object + type: object + serviceType: + description: Optional service type for Kubernetes solver + service + type: string + type: object + type: object + selector: + description: Selector selects a set of DNSNames on the Certificate + resource that should be solved using this challenge solver. + properties: + dnsNames: + description: List of DNSNames that this solver will be used + to solve. If specified and a match is found, a dnsNames selector + will take precedence over a dnsZones selector. If multiple + solvers match with the same dnsNames value, the solver with + the most matching labels in matchLabels will be selected. + If neither has more matches, the solver defined earlier in + the list will be selected. + items: + type: string + type: array + dnsZones: + description: List of DNSZones that this solver will be used + to solve. The most specific DNS zone match specified here + will take precedence over other DNS zone matches, so a solver + specifying sys.example.com will be selected over one specifying + example.com for the domain www.sys.example.com. If multiple + solvers match with the same dnsZones value, the solver with + the most matching labels in matchLabels will be selected. + If neither has more matches, the solver defined earlier in + the list will be selected. + items: + type: string + type: array + matchLabels: + additionalProperties: + type: string + description: A label selector that is used to refine the set + of certificate's that this challenge solver will apply to. + type: object + type: object + type: object + token: + description: Token is the ACME challenge token for this challenge. + type: string + type: + description: Type is the type of ACME challenge this resource represents, + e.g. "dns01" or "http01" + type: string + url: + description: URL is the URL of the ACME Challenge resource for this + challenge. This can be used to lookup details about the status of + this challenge. + type: string + wildcard: + description: Wildcard will be true if this challenge is for a wildcard + identifier, for example '*.example.com' + type: boolean + required: + - authzURL + - dnsName + - issuerRef + - key + - token + - type + - url + type: object + status: + properties: + presented: + description: Presented will be set to true if the challenge values for + this challenge are currently 'presented'. This *does not* imply the + self check is passing. Only that the values have been 'submitted' + for the appropriate challenge mechanism (i.e. the DNS01 TXT record + has been presented, or the HTTP01 configuration has been configured). + type: boolean + processing: + description: Processing is used to denote whether this challenge should + be processed or not. This field will only be set to true by the 'scheduling' + component. It will only be set to false by the 'challenges' controller, + after the challenge has reached a final state or timed out. If this + field is set to false, the challenge controller will not take any + more action. + type: boolean + reason: + description: Reason contains human readable information on why the Challenge + is in the current state. + type: string + state: + description: State contains the current 'state' of the challenge. If + not set, the state of the challenge is unknown. + enum: + - valid + - ready + - pending + - processing + - invalid + - expired + - errored + type: string + type: object + required: + - metadata + type: object + versions: + - name: v1alpha2 + served: true + storage: true + - name: v1alpha3 + served: true + storage: false +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from-secret: cert-manager/cert-manager-webhook-tls + name: clusterissuers.cert-manager.io +spec: + additionalPrinterColumns: + - JSONPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - JSONPath: .status.conditions[?(@.type=="Ready")].message + name: Status + priority: 1 + type: string + - JSONPath: .metadata.creationTimestamp + description: CreationTimestamp is a timestamp representing the server time when + this object was created. It is not guaranteed to be set in happens-before order + across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. + name: Age + type: date + conversion: + strategy: Webhook + webhookClientConfig: + service: + name: cert-manager-webhook + namespace: cert-manager + path: /convert + group: cert-manager.io + names: + kind: ClusterIssuer + listKind: ClusterIssuerList + plural: clusterissuers + singular: clusterissuer + preserveUnknownFields: false + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IssuerSpec is the specification of an Issuer. This includes + any configuration required for the issuer. + properties: + acme: + description: ACMEIssuer contains the specification for an ACME issuer + properties: + email: + description: Email is the email for this account + type: string + externalAccountBinding: + description: ExternalAccountBinding is a reference to a CA external + account of the ACME server. + properties: + keyAlgorithm: + description: keyAlgorithm is the MAC key algorithm that the + key is used for. Valid values are "HS256", "HS384" and "HS512". + enum: + - HS256 + - HS384 + - HS512 + type: string + keyID: + description: keyID is the ID of the CA key that the External + Account is bound to. + type: string + keySecretRef: + description: keySecretRef is a Secret Key Selector referencing + a data item in a Kubernetes Secret which holds the symmetric + MAC key of the External Account Binding. The `key` is the + index string that is paired with the key data in the Secret + and should not be confused with the key data itself, or indeed + with the External Account Binding keyID above. The secret + key stored in the Secret **must** be un-padded, base64 URL + encoded data. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + required: + - keyAlgorithm + - keyID + - keySecretRef + type: object + privateKeySecretRef: + description: PrivateKey is the name of a secret containing the private + key for this user account. + properties: + key: + description: The key of the secret to select from. Must be a + valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + server: + description: Server is the ACME server URL + type: string + skipTLSVerify: + description: If true, skip verifying the ACME server TLS certificate + type: boolean + solvers: + description: Solvers is a list of challenge solvers that will be + used to solve ACME challenges for the matching domains. + items: + properties: + dns01: + properties: + acmedns: + description: ACMEIssuerDNS01ProviderAcmeDNS is a structure + containing the configuration for ACME-DNS servers + properties: + accountSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + host: + type: string + required: + - accountSecretRef + - host + type: object + akamai: + description: ACMEIssuerDNS01ProviderAkamai is a structure + containing the DNS configuration for Akamai DNS—Zone + Record Management API + properties: + accessTokenSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + clientSecretSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + clientTokenSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + serviceConsumerDomain: + type: string + required: + - accessTokenSecretRef + - clientSecretSecretRef + - clientTokenSecretRef + - serviceConsumerDomain + type: object + azuredns: + description: ACMEIssuerDNS01ProviderAzureDNS is a structure + containing the configuration for Azure DNS + properties: + clientID: + type: string + clientSecretSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + environment: + enum: + - AzurePublicCloud + - AzureChinaCloud + - AzureGermanCloud + - AzureUSGovernmentCloud + type: string + hostedZoneName: + type: string + resourceGroupName: + type: string + subscriptionID: + type: string + tenantID: + type: string + required: + - clientID + - clientSecretSecretRef + - resourceGroupName + - subscriptionID + - tenantID + type: object + clouddns: + description: ACMEIssuerDNS01ProviderCloudDNS is a structure + containing the DNS configuration for Google Cloud DNS + properties: + project: + type: string + serviceAccountSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + required: + - project + type: object + cloudflare: + description: ACMEIssuerDNS01ProviderCloudflare is a structure + containing the DNS configuration for Cloudflare + properties: + apiKeySecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + apiTokenSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + email: + type: string + required: + - email + type: object + cnameStrategy: + description: CNAMEStrategy configures how the DNS01 provider + should handle CNAME records when found in DNS zones. + enum: + - None + - Follow + type: string + digitalocean: + description: ACMEIssuerDNS01ProviderDigitalOcean is a + structure containing the DNS configuration for DigitalOcean + Domains + properties: + tokenSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + required: + - tokenSecretRef + type: object + rfc2136: + description: ACMEIssuerDNS01ProviderRFC2136 is a structure + containing the configuration for RFC2136 DNS + properties: + nameserver: + description: 'The IP address of the DNS supporting + RFC2136. Required. Note: FQDN is not a valid value, + only IP.' + type: string + tsigAlgorithm: + description: 'The TSIG Algorithm configured in the + DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` + and ``tsigKeyName`` are defined. Supported values + are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, + ``HMACSHA256`` or ``HMACSHA512``.' + type: string + tsigKeyName: + description: The TSIG Key name configured in the DNS. + If ``tsigSecretSecretRef`` is defined, this field + is required. + type: string + tsigSecretSecretRef: + description: The name of the secret containing the + TSIG value. If ``tsigKeyName`` is defined, this + field is required. + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + required: + - nameserver + type: object + route53: + description: ACMEIssuerDNS01ProviderRoute53 is a structure + containing the Route 53 configuration for AWS + properties: + accessKeyID: + description: 'The AccessKeyID is used for authentication. + If not set we fall-back to using env vars, shared + credentials file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + type: string + hostedZoneID: + description: If set, the provider will manage only + this zone in Route53 and will not do an lookup using + the route53:ListHostedZonesByName api call. + type: string + region: + description: Always set the region when using AccessKeyID + and SecretAccessKey + type: string + role: + description: Role is a Role ARN which the Route53 + provider will assume using either the explicit credentials + AccessKeyID/SecretAccessKey or the inferred credentials + from environment variables, shared credentials file + or AWS Instance metadata + type: string + secretAccessKeySecretRef: + description: The SecretAccessKey is used for authentication. + If not set we fall-back to using env vars, shared + credentials file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + required: + - region + type: object + webhook: + description: ACMEIssuerDNS01ProviderWebhook specifies + configuration for a webhook DNS01 provider, including + where to POST ChallengePayload resources. + properties: + config: + description: Additional configuration that should + be passed to the webhook apiserver when challenges + are processed. This can contain arbitrary JSON data. + Secret values should not be specified in this stanza. + If secret values are needed (e.g. credentials for + a DNS service), you should use a SecretKeySelector + to reference a Secret resource. For details on the + schema of this field, consult the webhook provider + implementation's documentation. + x-kubernetes-preserve-unknown-fields: true + groupName: + description: The API group name that should be used + when POSTing ChallengePayload resources to the webhook + apiserver. This should be the same as the GroupName + specified in the webhook provider implementation. + type: string + solverName: + description: The name of the solver to use, as defined + in the webhook provider implementation. This will + typically be the name of the provider, e.g. 'cloudflare'. + type: string + required: + - groupName + - solverName + type: object + type: object + http01: + description: ACMEChallengeSolverHTTP01 contains configuration + detailing how to solve HTTP01 challenges within a Kubernetes + cluster. Typically this is accomplished through creating + 'routes' of some description that configure ingress controllers + to direct traffic to 'solver pods', which are responsible + for responding to the ACME server's HTTP requests. + properties: + ingress: + description: The ingress based HTTP01 challenge solver + will solve challenges by creating or modifying Ingress + resources in order to route requests for '/.well-known/acme-challenge/XYZ' + to 'challenge solver' pods that are provisioned by cert-manager + for each Challenge to be completed. + properties: + class: + description: The ingress class to use when creating + Ingress resources to solve ACME challenges that + use this challenge solver. Only one of 'class' or + 'name' may be specified. + type: string + name: + description: The name of the ingress resource that + should have ACME challenge solving routes inserted + into it in order to solve HTTP01 challenges. This + is typically used in conjunction with ingress controllers + like ingress-gce, which maintains a 1:1 mapping + between external IPs and ingress resources. + type: string + podTemplate: + description: Optional pod template used to configure + the ACME challenge solver pods used for HTTP01 challenges + properties: + metadata: + description: ObjectMeta overrides for the pod + used to solve HTTP01 challenges. Only the 'labels' + and 'annotations' fields may be set. If labels + or annotations overlap with in-built values, + the values here will override the in-built values. + properties: + annotations: + additionalProperties: + type: string + description: Annotations that should be added + to the create ACME HTTP01 solver pods. + type: object + labels: + additionalProperties: + type: string + description: Labels that should be added to + the created ACME HTTP01 solver pods. + type: object + type: object + spec: + description: PodSpec defines overrides for the + HTTP01 challenge solver pod. Only the 'nodeSelector', + 'affinity' and 'tolerations' fields are supported + currently. All other fields will be ignored. + properties: + affinity: + description: If specified, the pod's scheduling + constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the affinity expressions specified + by this field, but it may choose + a node that violates one or more + of the expressions. The node that + is most preferred is the one with + the greatest sum of weights, i.e. + for each node that meets all of + the scheduling requirements (resource + request, requiredDuringScheduling + affinity expressions, etc.), compute + a sum by iterating through the elements + of this field and adding "weight" + to the sum if the node matches the + corresponding matchExpressions; + the node(s) with the highest sum + are the most preferred. + items: + description: An empty preferred + scheduling term matches all objects + with implicit weight 0 (i.e. it's + a no-op). A null preferred scheduling + term matches no objects (i.e. + is also a no-op). + properties: + preference: + description: A node selector + term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node + selector requirements + by node's labels. + items: + description: A node selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators + are In, NotIn, Exists, + DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. If + the operator is + Gt or Lt, the values + array must have + a single element, + which will be interpreted + as an integer. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node + selector requirements + by node's fields. + items: + description: A node selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators + are In, NotIn, Exists, + DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. If + the operator is + Gt or Lt, the values + array must have + a single element, + which will be interpreted + as an integer. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated + with matching the corresponding + nodeSelectorTerm, in the range + 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not + met at scheduling time, the pod + will not be scheduled onto the node. + If the affinity requirements specified + by this field cease to be met at + some point during pod execution + (e.g. due to an update), the system + may or may not try to eventually + evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list + of node selector terms. The + terms are ORed. + items: + description: A null or empty + node selector term matches + no objects. The requirements + of them are ANDed. The TopologySelectorTerm + type implements a subset of + the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node + selector requirements + by node's labels. + items: + description: A node selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators + are In, NotIn, Exists, + DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. If + the operator is + Gt or Lt, the values + array must have + a single element, + which will be interpreted + as an integer. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node + selector requirements + by node's fields. + items: + description: A node selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators + are In, NotIn, Exists, + DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. If + the operator is + Gt or Lt, the values + array must have + a single element, + which will be interpreted + as an integer. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling + rules (e.g. co-locate this pod in the + same node, zone, etc. as some other + pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the affinity expressions specified + by this field, but it may choose + a node that violates one or more + of the expressions. The node that + is most preferred is the one with + the greatest sum of weights, i.e. + for each node that meets all of + the scheduling requirements (resource + request, requiredDuringScheduling + affinity expressions, etc.), compute + a sum by iterating through the elements + of this field and adding "weight" + to the sum if the node has pods + which matches the corresponding + podAffinityTerm; the node(s) with + the highest sum are the most preferred. + items: + description: The weights of all + of the matched WeightedPodAffinityTerm + fields are added per-node to find + the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod + affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query + over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label + selector requirements. + The requirements are + ANDed. + items: + description: A label + selector requirement + is a selector that + contains values, + a key, and an operator + that relates the + key and values. + properties: + key: + description: key + is the label + key that the + selector applies + to. + type: string + operator: + description: operator + represents a + key's relationship + to a set of + values. Valid + operators are + In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or + DoesNotExist, + the values array + must be empty. + This array is + replaced during + a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels + map is equivalent + to an element of matchExpressions, + whose key field is + "key", the operator + is "In", and the values + array contains only + "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces + specifies which namespaces + the labelSelector applies + to (matches against); + null or empty list means + "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should + be co-located (affinity) + or not co-located (anti-affinity) + with the pods matching + the labelSelector in the + specified namespaces, + where co-located is defined + as running on a node whose + value of the label with + key topologyKey matches + that of any node on which + any of the selected pods + is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated + with matching the corresponding + podAffinityTerm, in the range + 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not + met at scheduling time, the pod + will not be scheduled onto the node. + If the affinity requirements specified + by this field cease to be met at + some point during pod execution + (e.g. due to a pod label update), + the system may or may not try to + eventually evict the pod from its + node. When there are multiple elements, + the lists of nodes corresponding + to each podAffinityTerm are intersected, + i.e. all terms must be satisfied. + items: + description: Defines a set of pods + (namely those matching the labelSelector + relative to the given namespace(s)) + that this pod should be co-located + (affinity) or not co-located (anti-affinity) + with, where co-located is defined + as running on a node whose value + of the label with key + matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over + a set of resources, in this + case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + which namespaces the labelSelector + applies to (matches against); + null or empty list means "this + pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should + be co-located (affinity) or + not co-located (anti-affinity) + with the pods matching the + labelSelector in the specified + namespaces, where co-located + is defined as running on a + node whose value of the label + with key topologyKey matches + that of any node on which + any of the selected pods is + running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity + scheduling rules (e.g. avoid putting + this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the anti-affinity expressions specified + by this field, but it may choose + a node that violates one or more + of the expressions. The node that + is most preferred is the one with + the greatest sum of weights, i.e. + for each node that meets all of + the scheduling requirements (resource + request, requiredDuringScheduling + anti-affinity expressions, etc.), + compute a sum by iterating through + the elements of this field and adding + "weight" to the sum if the node + has pods which matches the corresponding + podAffinityTerm; the node(s) with + the highest sum are the most preferred. + items: + description: The weights of all + of the matched WeightedPodAffinityTerm + fields are added per-node to find + the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod + affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query + over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label + selector requirements. + The requirements are + ANDed. + items: + description: A label + selector requirement + is a selector that + contains values, + a key, and an operator + that relates the + key and values. + properties: + key: + description: key + is the label + key that the + selector applies + to. + type: string + operator: + description: operator + represents a + key's relationship + to a set of + values. Valid + operators are + In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or + DoesNotExist, + the values array + must be empty. + This array is + replaced during + a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels + map is equivalent + to an element of matchExpressions, + whose key field is + "key", the operator + is "In", and the values + array contains only + "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces + specifies which namespaces + the labelSelector applies + to (matches against); + null or empty list means + "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should + be co-located (affinity) + or not co-located (anti-affinity) + with the pods matching + the labelSelector in the + specified namespaces, + where co-located is defined + as running on a node whose + value of the label with + key topologyKey matches + that of any node on which + any of the selected pods + is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated + with matching the corresponding + podAffinityTerm, in the range + 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity + requirements specified by this field + are not met at scheduling time, + the pod will not be scheduled onto + the node. If the anti-affinity requirements + specified by this field cease to + be met at some point during pod + execution (e.g. due to a pod label + update), the system may or may not + try to eventually evict the pod + from its node. When there are multiple + elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, + i.e. all terms must be satisfied. + items: + description: Defines a set of pods + (namely those matching the labelSelector + relative to the given namespace(s)) + that this pod should be co-located + (affinity) or not co-located (anti-affinity) + with, where co-located is defined + as running on a node whose value + of the label with key + matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over + a set of resources, in this + case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + which namespaces the labelSelector + applies to (matches against); + null or empty list means "this + pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should + be co-located (affinity) or + not co-located (anti-affinity) + with the pods matching the + labelSelector in the specified + namespaces, where co-located + is defined as running on a + node whose value of the label + with key topologyKey matches + that of any node on which + any of the selected pods is + running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector is a selector which + must be true for the pod to fit on a node. + Selector which must match a node''s labels + for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is + attached to tolerates any taint that matches + the triple using the + matching operator . + properties: + effect: + description: Effect indicates the taint + effect to match. Empty means match + all taint effects. When specified, + allowed values are NoSchedule, PreferNoSchedule + and NoExecute. + type: string + key: + description: Key is the taint key that + the toleration applies to. Empty means + match all taint keys. If the key is + empty, operator must be Exists; this + combination means to match all values + and all keys. + type: string + operator: + description: Operator represents a key's + relationship to the value. Valid operators + are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard + for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents + the period of time the toleration + (which must be of effect NoExecute, + otherwise this field is ignored) tolerates + the taint. By default, it is not set, + which means tolerate the taint forever + (do not evict). Zero and negative + values will be treated as 0 (evict + immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value + the toleration matches to. If the + operator is Exists, the value should + be empty, otherwise just a regular + string. + type: string + type: object + type: array + type: object + type: object + serviceType: + description: Optional service type for Kubernetes + solver service + type: string + type: object + type: object + selector: + description: Selector selects a set of DNSNames on the Certificate + resource that should be solved using this challenge solver. + properties: + dnsNames: + description: List of DNSNames that this solver will be + used to solve. If specified and a match is found, a + dnsNames selector will take precedence over a dnsZones + selector. If multiple solvers match with the same dnsNames + value, the solver with the most matching labels in matchLabels + will be selected. If neither has more matches, the solver + defined earlier in the list will be selected. + items: + type: string + type: array + dnsZones: + description: List of DNSZones that this solver will be + used to solve. The most specific DNS zone match specified + here will take precedence over other DNS zone matches, + so a solver specifying sys.example.com will be selected + over one specifying example.com for the domain www.sys.example.com. + If multiple solvers match with the same dnsZones value, + the solver with the most matching labels in matchLabels + will be selected. If neither has more matches, the solver + defined earlier in the list will be selected. + items: + type: string + type: array + matchLabels: + additionalProperties: + type: string + description: A label selector that is used to refine the + set of certificate's that this challenge solver will + apply to. + type: object + type: object + type: object + type: array + required: + - privateKeySecretRef + - server + type: object + ca: + properties: + secretName: + description: SecretName is the name of the secret used to sign Certificates + issued by this Issuer. + type: string + required: + - secretName + type: object + selfSigned: + type: object + vault: + properties: + auth: + description: Vault authentication + properties: + appRole: + description: This Secret contains a AppRole and Secret + properties: + path: + description: Where the authentication path is mounted in + Vault. + type: string + roleId: + type: string + secretRef: + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + required: + - path + - roleId + - secretRef + type: object + kubernetes: + description: This contains a Role and Secret with a ServiceAccount + token to authenticate with vault. + properties: + mountPath: + description: The Vault mountPath here is the mount path + to use when authenticating with Vault. For example, setting + a value to `/v1/auth/foo`, will use the path `/v1/auth/foo/login` + to authenticate with Vault. If unspecified, the default + value "/v1/auth/kubernetes" will be used. + type: string + role: + description: A required field containing the Vault Role + to assume. A Role binds a Kubernetes ServiceAccount with + a set of Vault policies. + type: string + secretRef: + description: The required Secret field containing a Kubernetes + ServiceAccount JWT used for authenticating with Vault. + Use of 'ambient credentials' is not supported. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + required: + - role + - secretRef + type: object + tokenSecretRef: + description: This Secret contains the Vault token key + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + type: object + caBundle: + description: Base64 encoded CA bundle to validate Vault server certificate. + Only used if the Server URL is using HTTPS protocol. This parameter + is ignored for plain HTTP protocol connection. If not set the + system root certificates are used to validate the TLS connection. + format: byte + type: string + path: + description: Vault URL path to the certificate role + type: string + server: + description: Server is the vault connection address + type: string + required: + - auth + - path + - server + type: object + venafi: + description: VenafiIssuer describes issuer configuration details for + Venafi Cloud. + properties: + cloud: + description: Cloud specifies the Venafi cloud configuration settings. + Only one of TPP or Cloud may be specified. + properties: + apiTokenSecretRef: + description: APITokenSecretRef is a secret key selector for + the Venafi Cloud API token. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + url: + description: URL is the base URL for Venafi Cloud + type: string + required: + - apiTokenSecretRef + type: object + tpp: + description: TPP specifies Trust Protection Platform configuration + settings. Only one of TPP or Cloud may be specified. + properties: + caBundle: + description: CABundle is a PEM encoded TLS certificate to use + to verify connections to the TPP instance. If specified, system + roots will not be used and the issuing CA for the TPP instance + must be verifiable using the provided root. If not specified, + the connection will be verified using the cert-manager system + root certificates. + format: byte + type: string + credentialsRef: + description: CredentialsRef is a reference to a Secret containing + the username and password for the TPP server. The secret must + contain two keys, 'username' and 'password'. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + url: + description: URL is the base URL for the Venafi TPP instance + type: string + required: + - credentialsRef + - url + type: object + zone: + description: Zone is the Venafi Policy Zone to use for this issuer. + All requests made to the Venafi platform will be restricted by + the named zone policy. This field is required. + type: string + required: + - zone + type: object + type: object + status: + description: IssuerStatus contains status information about an Issuer + properties: + acme: + properties: + lastRegisteredEmail: + description: LastRegisteredEmail is the email associated with the + latest registered ACME account, in order to track changes made + to registered account associated with the Issuer + type: string + uri: + description: URI is the unique account identifier, which can also + be used to retrieve account details from the CA + type: string + type: object + conditions: + items: + description: IssuerCondition contains condition information for an + Issuer. + properties: + lastTransitionTime: + description: LastTransitionTime is the timestamp corresponding + to the last status change of this condition. + format: date-time + type: string + message: + description: Message is a human readable description of the details + of the last transition, complementing reason. + type: string + reason: + description: Reason is a brief machine readable explanation for + the condition's last transition. + type: string + status: + description: Status of the condition, one of ('True', 'False', + 'Unknown'). + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of the condition, currently ('Ready'). + type: string + required: + - status + - type + type: object + type: array + type: object + type: object + versions: + - name: v1alpha2 + served: true + storage: true + - name: v1alpha3 + served: true + storage: false +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from-secret: cert-manager/cert-manager-webhook-tls + name: issuers.cert-manager.io +spec: + additionalPrinterColumns: + - JSONPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - JSONPath: .status.conditions[?(@.type=="Ready")].message + name: Status + priority: 1 + type: string + - JSONPath: .metadata.creationTimestamp + description: CreationTimestamp is a timestamp representing the server time when + this object was created. It is not guaranteed to be set in happens-before order + across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. + name: Age + type: date + conversion: + strategy: Webhook + webhookClientConfig: + service: + name: cert-manager-webhook + namespace: cert-manager + path: /convert + group: cert-manager.io + names: + kind: Issuer + listKind: IssuerList + plural: issuers + singular: issuer + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IssuerSpec is the specification of an Issuer. This includes + any configuration required for the issuer. + properties: + acme: + description: ACMEIssuer contains the specification for an ACME issuer + properties: + email: + description: Email is the email for this account + type: string + externalAccountBinding: + description: ExternalAccountBinding is a reference to a CA external + account of the ACME server. + properties: + keyAlgorithm: + description: keyAlgorithm is the MAC key algorithm that the + key is used for. Valid values are "HS256", "HS384" and "HS512". + enum: + - HS256 + - HS384 + - HS512 + type: string + keyID: + description: keyID is the ID of the CA key that the External + Account is bound to. + type: string + keySecretRef: + description: keySecretRef is a Secret Key Selector referencing + a data item in a Kubernetes Secret which holds the symmetric + MAC key of the External Account Binding. The `key` is the + index string that is paired with the key data in the Secret + and should not be confused with the key data itself, or indeed + with the External Account Binding keyID above. The secret + key stored in the Secret **must** be un-padded, base64 URL + encoded data. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + required: + - keyAlgorithm + - keyID + - keySecretRef + type: object + privateKeySecretRef: + description: PrivateKey is the name of a secret containing the private + key for this user account. + properties: + key: + description: The key of the secret to select from. Must be a + valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + server: + description: Server is the ACME server URL + type: string + skipTLSVerify: + description: If true, skip verifying the ACME server TLS certificate + type: boolean + solvers: + description: Solvers is a list of challenge solvers that will be + used to solve ACME challenges for the matching domains. + items: + properties: + dns01: + properties: + acmedns: + description: ACMEIssuerDNS01ProviderAcmeDNS is a structure + containing the configuration for ACME-DNS servers + properties: + accountSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + host: + type: string + required: + - accountSecretRef + - host + type: object + akamai: + description: ACMEIssuerDNS01ProviderAkamai is a structure + containing the DNS configuration for Akamai DNS—Zone + Record Management API + properties: + accessTokenSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + clientSecretSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + clientTokenSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + serviceConsumerDomain: + type: string + required: + - accessTokenSecretRef + - clientSecretSecretRef + - clientTokenSecretRef + - serviceConsumerDomain + type: object + azuredns: + description: ACMEIssuerDNS01ProviderAzureDNS is a structure + containing the configuration for Azure DNS + properties: + clientID: + type: string + clientSecretSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + environment: + enum: + - AzurePublicCloud + - AzureChinaCloud + - AzureGermanCloud + - AzureUSGovernmentCloud + type: string + hostedZoneName: + type: string + resourceGroupName: + type: string + subscriptionID: + type: string + tenantID: + type: string + required: + - clientID + - clientSecretSecretRef + - resourceGroupName + - subscriptionID + - tenantID + type: object + clouddns: + description: ACMEIssuerDNS01ProviderCloudDNS is a structure + containing the DNS configuration for Google Cloud DNS + properties: + project: + type: string + serviceAccountSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + required: + - project + type: object + cloudflare: + description: ACMEIssuerDNS01ProviderCloudflare is a structure + containing the DNS configuration for Cloudflare + properties: + apiKeySecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + apiTokenSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + email: + type: string + required: + - email + type: object + cnameStrategy: + description: CNAMEStrategy configures how the DNS01 provider + should handle CNAME records when found in DNS zones. + enum: + - None + - Follow + type: string + digitalocean: + description: ACMEIssuerDNS01ProviderDigitalOcean is a + structure containing the DNS configuration for DigitalOcean + Domains + properties: + tokenSecretRef: + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + required: + - tokenSecretRef + type: object + rfc2136: + description: ACMEIssuerDNS01ProviderRFC2136 is a structure + containing the configuration for RFC2136 DNS + properties: + nameserver: + description: 'The IP address of the DNS supporting + RFC2136. Required. Note: FQDN is not a valid value, + only IP.' + type: string + tsigAlgorithm: + description: 'The TSIG Algorithm configured in the + DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` + and ``tsigKeyName`` are defined. Supported values + are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, + ``HMACSHA256`` or ``HMACSHA512``.' + type: string + tsigKeyName: + description: The TSIG Key name configured in the DNS. + If ``tsigSecretSecretRef`` is defined, this field + is required. + type: string + tsigSecretSecretRef: + description: The name of the secret containing the + TSIG value. If ``tsigKeyName`` is defined, this + field is required. + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + required: + - nameserver + type: object + route53: + description: ACMEIssuerDNS01ProviderRoute53 is a structure + containing the Route 53 configuration for AWS + properties: + accessKeyID: + description: 'The AccessKeyID is used for authentication. + If not set we fall-back to using env vars, shared + credentials file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + type: string + hostedZoneID: + description: If set, the provider will manage only + this zone in Route53 and will not do an lookup using + the route53:ListHostedZonesByName api call. + type: string + region: + description: Always set the region when using AccessKeyID + and SecretAccessKey + type: string + role: + description: Role is a Role ARN which the Route53 + provider will assume using either the explicit credentials + AccessKeyID/SecretAccessKey or the inferred credentials + from environment variables, shared credentials file + or AWS Instance metadata + type: string + secretAccessKeySecretRef: + description: The SecretAccessKey is used for authentication. + If not set we fall-back to using env vars, shared + credentials file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials + properties: + key: + description: The key of the secret to select from. + Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + required: + - name + type: object + required: + - region + type: object + webhook: + description: ACMEIssuerDNS01ProviderWebhook specifies + configuration for a webhook DNS01 provider, including + where to POST ChallengePayload resources. + properties: + config: + description: Additional configuration that should + be passed to the webhook apiserver when challenges + are processed. This can contain arbitrary JSON data. + Secret values should not be specified in this stanza. + If secret values are needed (e.g. credentials for + a DNS service), you should use a SecretKeySelector + to reference a Secret resource. For details on the + schema of this field, consult the webhook provider + implementation's documentation. + x-kubernetes-preserve-unknown-fields: true + groupName: + description: The API group name that should be used + when POSTing ChallengePayload resources to the webhook + apiserver. This should be the same as the GroupName + specified in the webhook provider implementation. + type: string + solverName: + description: The name of the solver to use, as defined + in the webhook provider implementation. This will + typically be the name of the provider, e.g. 'cloudflare'. + type: string + required: + - groupName + - solverName + type: object + type: object + http01: + description: ACMEChallengeSolverHTTP01 contains configuration + detailing how to solve HTTP01 challenges within a Kubernetes + cluster. Typically this is accomplished through creating + 'routes' of some description that configure ingress controllers + to direct traffic to 'solver pods', which are responsible + for responding to the ACME server's HTTP requests. + properties: + ingress: + description: The ingress based HTTP01 challenge solver + will solve challenges by creating or modifying Ingress + resources in order to route requests for '/.well-known/acme-challenge/XYZ' + to 'challenge solver' pods that are provisioned by cert-manager + for each Challenge to be completed. + properties: + class: + description: The ingress class to use when creating + Ingress resources to solve ACME challenges that + use this challenge solver. Only one of 'class' or + 'name' may be specified. + type: string + name: + description: The name of the ingress resource that + should have ACME challenge solving routes inserted + into it in order to solve HTTP01 challenges. This + is typically used in conjunction with ingress controllers + like ingress-gce, which maintains a 1:1 mapping + between external IPs and ingress resources. + type: string + podTemplate: + description: Optional pod template used to configure + the ACME challenge solver pods used for HTTP01 challenges + properties: + metadata: + description: ObjectMeta overrides for the pod + used to solve HTTP01 challenges. Only the 'labels' + and 'annotations' fields may be set. If labels + or annotations overlap with in-built values, + the values here will override the in-built values. + properties: + annotations: + additionalProperties: + type: string + description: Annotations that should be added + to the create ACME HTTP01 solver pods. + type: object + labels: + additionalProperties: + type: string + description: Labels that should be added to + the created ACME HTTP01 solver pods. + type: object + type: object + spec: + description: PodSpec defines overrides for the + HTTP01 challenge solver pod. Only the 'nodeSelector', + 'affinity' and 'tolerations' fields are supported + currently. All other fields will be ignored. + properties: + affinity: + description: If specified, the pod's scheduling + constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the affinity expressions specified + by this field, but it may choose + a node that violates one or more + of the expressions. The node that + is most preferred is the one with + the greatest sum of weights, i.e. + for each node that meets all of + the scheduling requirements (resource + request, requiredDuringScheduling + affinity expressions, etc.), compute + a sum by iterating through the elements + of this field and adding "weight" + to the sum if the node matches the + corresponding matchExpressions; + the node(s) with the highest sum + are the most preferred. + items: + description: An empty preferred + scheduling term matches all objects + with implicit weight 0 (i.e. it's + a no-op). A null preferred scheduling + term matches no objects (i.e. + is also a no-op). + properties: + preference: + description: A node selector + term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node + selector requirements + by node's labels. + items: + description: A node selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators + are In, NotIn, Exists, + DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. If + the operator is + Gt or Lt, the values + array must have + a single element, + which will be interpreted + as an integer. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node + selector requirements + by node's fields. + items: + description: A node selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators + are In, NotIn, Exists, + DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. If + the operator is + Gt or Lt, the values + array must have + a single element, + which will be interpreted + as an integer. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated + with matching the corresponding + nodeSelectorTerm, in the range + 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not + met at scheduling time, the pod + will not be scheduled onto the node. + If the affinity requirements specified + by this field cease to be met at + some point during pod execution + (e.g. due to an update), the system + may or may not try to eventually + evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list + of node selector terms. The + terms are ORed. + items: + description: A null or empty + node selector term matches + no objects. The requirements + of them are ANDed. The TopologySelectorTerm + type implements a subset of + the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node + selector requirements + by node's labels. + items: + description: A node selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators + are In, NotIn, Exists, + DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. If + the operator is + Gt or Lt, the values + array must have + a single element, + which will be interpreted + as an integer. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node + selector requirements + by node's fields. + items: + description: A node selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators + are In, NotIn, Exists, + DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. If + the operator is + Gt or Lt, the values + array must have + a single element, + which will be interpreted + as an integer. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling + rules (e.g. co-locate this pod in the + same node, zone, etc. as some other + pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the affinity expressions specified + by this field, but it may choose + a node that violates one or more + of the expressions. The node that + is most preferred is the one with + the greatest sum of weights, i.e. + for each node that meets all of + the scheduling requirements (resource + request, requiredDuringScheduling + affinity expressions, etc.), compute + a sum by iterating through the elements + of this field and adding "weight" + to the sum if the node has pods + which matches the corresponding + podAffinityTerm; the node(s) with + the highest sum are the most preferred. + items: + description: The weights of all + of the matched WeightedPodAffinityTerm + fields are added per-node to find + the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod + affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query + over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label + selector requirements. + The requirements are + ANDed. + items: + description: A label + selector requirement + is a selector that + contains values, + a key, and an operator + that relates the + key and values. + properties: + key: + description: key + is the label + key that the + selector applies + to. + type: string + operator: + description: operator + represents a + key's relationship + to a set of + values. Valid + operators are + In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or + DoesNotExist, + the values array + must be empty. + This array is + replaced during + a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels + map is equivalent + to an element of matchExpressions, + whose key field is + "key", the operator + is "In", and the values + array contains only + "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces + specifies which namespaces + the labelSelector applies + to (matches against); + null or empty list means + "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should + be co-located (affinity) + or not co-located (anti-affinity) + with the pods matching + the labelSelector in the + specified namespaces, + where co-located is defined + as running on a node whose + value of the label with + key topologyKey matches + that of any node on which + any of the selected pods + is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated + with matching the corresponding + podAffinityTerm, in the range + 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not + met at scheduling time, the pod + will not be scheduled onto the node. + If the affinity requirements specified + by this field cease to be met at + some point during pod execution + (e.g. due to a pod label update), + the system may or may not try to + eventually evict the pod from its + node. When there are multiple elements, + the lists of nodes corresponding + to each podAffinityTerm are intersected, + i.e. all terms must be satisfied. + items: + description: Defines a set of pods + (namely those matching the labelSelector + relative to the given namespace(s)) + that this pod should be co-located + (affinity) or not co-located (anti-affinity) + with, where co-located is defined + as running on a node whose value + of the label with key + matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over + a set of resources, in this + case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + which namespaces the labelSelector + applies to (matches against); + null or empty list means "this + pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should + be co-located (affinity) or + not co-located (anti-affinity) + with the pods matching the + labelSelector in the specified + namespaces, where co-located + is defined as running on a + node whose value of the label + with key topologyKey matches + that of any node on which + any of the selected pods is + running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity + scheduling rules (e.g. avoid putting + this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the anti-affinity expressions specified + by this field, but it may choose + a node that violates one or more + of the expressions. The node that + is most preferred is the one with + the greatest sum of weights, i.e. + for each node that meets all of + the scheduling requirements (resource + request, requiredDuringScheduling + anti-affinity expressions, etc.), + compute a sum by iterating through + the elements of this field and adding + "weight" to the sum if the node + has pods which matches the corresponding + podAffinityTerm; the node(s) with + the highest sum are the most preferred. + items: + description: The weights of all + of the matched WeightedPodAffinityTerm + fields are added per-node to find + the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod + affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query + over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label + selector requirements. + The requirements are + ANDed. + items: + description: A label + selector requirement + is a selector that + contains values, + a key, and an operator + that relates the + key and values. + properties: + key: + description: key + is the label + key that the + selector applies + to. + type: string + operator: + description: operator + represents a + key's relationship + to a set of + values. Valid + operators are + In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or + DoesNotExist, + the values array + must be empty. + This array is + replaced during + a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels + map is equivalent + to an element of matchExpressions, + whose key field is + "key", the operator + is "In", and the values + array contains only + "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces + specifies which namespaces + the labelSelector applies + to (matches against); + null or empty list means + "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should + be co-located (affinity) + or not co-located (anti-affinity) + with the pods matching + the labelSelector in the + specified namespaces, + where co-located is defined + as running on a node whose + value of the label with + key topologyKey matches + that of any node on which + any of the selected pods + is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated + with matching the corresponding + podAffinityTerm, in the range + 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity + requirements specified by this field + are not met at scheduling time, + the pod will not be scheduled onto + the node. If the anti-affinity requirements + specified by this field cease to + be met at some point during pod + execution (e.g. due to a pod label + update), the system may or may not + try to eventually evict the pod + from its node. When there are multiple + elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, + i.e. all terms must be satisfied. + items: + description: Defines a set of pods + (namely those matching the labelSelector + relative to the given namespace(s)) + that this pod should be co-located + (affinity) or not co-located (anti-affinity) + with, where co-located is defined + as running on a node whose value + of the label with key + matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over + a set of resources, in this + case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + which namespaces the labelSelector + applies to (matches against); + null or empty list means "this + pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should + be co-located (affinity) or + not co-located (anti-affinity) + with the pods matching the + labelSelector in the specified + namespaces, where co-located + is defined as running on a + node whose value of the label + with key topologyKey matches + that of any node on which + any of the selected pods is + running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector is a selector which + must be true for the pod to fit on a node. + Selector which must match a node''s labels + for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is + attached to tolerates any taint that matches + the triple using the + matching operator . + properties: + effect: + description: Effect indicates the taint + effect to match. Empty means match + all taint effects. When specified, + allowed values are NoSchedule, PreferNoSchedule + and NoExecute. + type: string + key: + description: Key is the taint key that + the toleration applies to. Empty means + match all taint keys. If the key is + empty, operator must be Exists; this + combination means to match all values + and all keys. + type: string + operator: + description: Operator represents a key's + relationship to the value. Valid operators + are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard + for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents + the period of time the toleration + (which must be of effect NoExecute, + otherwise this field is ignored) tolerates + the taint. By default, it is not set, + which means tolerate the taint forever + (do not evict). Zero and negative + values will be treated as 0 (evict + immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value + the toleration matches to. If the + operator is Exists, the value should + be empty, otherwise just a regular + string. + type: string + type: object + type: array + type: object + type: object + serviceType: + description: Optional service type for Kubernetes + solver service + type: string + type: object + type: object + selector: + description: Selector selects a set of DNSNames on the Certificate + resource that should be solved using this challenge solver. + properties: + dnsNames: + description: List of DNSNames that this solver will be + used to solve. If specified and a match is found, a + dnsNames selector will take precedence over a dnsZones + selector. If multiple solvers match with the same dnsNames + value, the solver with the most matching labels in matchLabels + will be selected. If neither has more matches, the solver + defined earlier in the list will be selected. + items: + type: string + type: array + dnsZones: + description: List of DNSZones that this solver will be + used to solve. The most specific DNS zone match specified + here will take precedence over other DNS zone matches, + so a solver specifying sys.example.com will be selected + over one specifying example.com for the domain www.sys.example.com. + If multiple solvers match with the same dnsZones value, + the solver with the most matching labels in matchLabels + will be selected. If neither has more matches, the solver + defined earlier in the list will be selected. + items: + type: string + type: array + matchLabels: + additionalProperties: + type: string + description: A label selector that is used to refine the + set of certificate's that this challenge solver will + apply to. + type: object + type: object + type: object + type: array + required: + - privateKeySecretRef + - server + type: object + ca: + properties: + secretName: + description: SecretName is the name of the secret used to sign Certificates + issued by this Issuer. + type: string + required: + - secretName + type: object + selfSigned: + type: object + vault: + properties: + auth: + description: Vault authentication + properties: + appRole: + description: This Secret contains a AppRole and Secret + properties: + path: + description: Where the authentication path is mounted in + Vault. + type: string + roleId: + type: string + secretRef: + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + required: + - path + - roleId + - secretRef + type: object + kubernetes: + description: This contains a Role and Secret with a ServiceAccount + token to authenticate with vault. + properties: + mountPath: + description: The Vault mountPath here is the mount path + to use when authenticating with Vault. For example, setting + a value to `/v1/auth/foo`, will use the path `/v1/auth/foo/login` + to authenticate with Vault. If unspecified, the default + value "/v1/auth/kubernetes" will be used. + type: string + role: + description: A required field containing the Vault Role + to assume. A Role binds a Kubernetes ServiceAccount with + a set of Vault policies. + type: string + secretRef: + description: The required Secret field containing a Kubernetes + ServiceAccount JWT used for authenticating with Vault. + Use of 'ambient credentials' is not supported. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + required: + - role + - secretRef + type: object + tokenSecretRef: + description: This Secret contains the Vault token key + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + type: object + caBundle: + description: Base64 encoded CA bundle to validate Vault server certificate. + Only used if the Server URL is using HTTPS protocol. This parameter + is ignored for plain HTTP protocol connection. If not set the + system root certificates are used to validate the TLS connection. + format: byte + type: string + path: + description: Vault URL path to the certificate role + type: string + server: + description: Server is the vault connection address + type: string + required: + - auth + - path + - server + type: object + venafi: + description: VenafiIssuer describes issuer configuration details for + Venafi Cloud. + properties: + cloud: + description: Cloud specifies the Venafi cloud configuration settings. + Only one of TPP or Cloud may be specified. + properties: + apiTokenSecretRef: + description: APITokenSecretRef is a secret key selector for + the Venafi Cloud API token. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + url: + description: URL is the base URL for Venafi Cloud + type: string + required: + - apiTokenSecretRef + type: object + tpp: + description: TPP specifies Trust Protection Platform configuration + settings. Only one of TPP or Cloud may be specified. + properties: + caBundle: + description: CABundle is a PEM encoded TLS certificate to use + to verify connections to the TPP instance. If specified, system + roots will not be used and the issuing CA for the TPP instance + must be verifiable using the provided root. If not specified, + the connection will be verified using the cert-manager system + root certificates. + format: byte + type: string + credentialsRef: + description: CredentialsRef is a reference to a Secret containing + the username and password for the TPP server. The secret must + contain two keys, 'username' and 'password'. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + required: + - name + type: object + url: + description: URL is the base URL for the Venafi TPP instance + type: string + required: + - credentialsRef + - url + type: object + zone: + description: Zone is the Venafi Policy Zone to use for this issuer. + All requests made to the Venafi platform will be restricted by + the named zone policy. This field is required. + type: string + required: + - zone + type: object + type: object + status: + description: IssuerStatus contains status information about an Issuer + properties: + acme: + properties: + lastRegisteredEmail: + description: LastRegisteredEmail is the email associated with the + latest registered ACME account, in order to track changes made + to registered account associated with the Issuer + type: string + uri: + description: URI is the unique account identifier, which can also + be used to retrieve account details from the CA + type: string + type: object + conditions: + items: + description: IssuerCondition contains condition information for an + Issuer. + properties: + lastTransitionTime: + description: LastTransitionTime is the timestamp corresponding + to the last status change of this condition. + format: date-time + type: string + message: + description: Message is a human readable description of the details + of the last transition, complementing reason. + type: string + reason: + description: Reason is a brief machine readable explanation for + the condition's last transition. + type: string + status: + description: Status of the condition, one of ('True', 'False', + 'Unknown'). + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Type of the condition, currently ('Ready'). + type: string + required: + - status + - type + type: object + type: array + type: object + type: object + versions: + - name: v1alpha2 + served: true + storage: true + - name: v1alpha3 + served: true + storage: false +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from-secret: cert-manager/cert-manager-webhook-tls + name: orders.acme.cert-manager.io +spec: + additionalPrinterColumns: + - JSONPath: .status.state + name: State + type: string + - JSONPath: .spec.issuerRef.name + name: Issuer + priority: 1 + type: string + - JSONPath: .status.reason + name: Reason + priority: 1 + type: string + - JSONPath: .metadata.creationTimestamp + description: CreationTimestamp is a timestamp representing the server time when + this object was created. It is not guaranteed to be set in happens-before order + across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. + name: Age + type: date + conversion: + strategy: Webhook + webhookClientConfig: + service: + name: cert-manager-webhook + namespace: cert-manager + path: /convert + group: acme.cert-manager.io + names: + kind: Order + listKind: OrderList + plural: orders + singular: order + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: Order is a type to represent an Order with an ACME server + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + commonName: + description: CommonName is the common name as specified on the DER encoded + CSR. If CommonName is not specified, the first DNSName specified will + be used as the CommonName. At least one of CommonName or a DNSNames + must be set. This field must match the corresponding field on the + DER encoded CSR. + type: string + csr: + description: Certificate signing request bytes in DER encoding. This + will be used when finalizing the order. This field must be set on + the order. + format: byte + type: string + dnsNames: + description: DNSNames is a list of DNS names that should be included + as part of the Order validation process. If CommonName is not specified, + the first DNSName specified will be used as the CommonName. At least + one of CommonName or a DNSNames must be set. This field must match + the corresponding field on the DER encoded CSR. + items: + type: string + type: array + issuerRef: + description: IssuerRef references a properly configured ACME-type Issuer + which should be used to create this Order. If the Issuer does not + exist, processing will be retried. If the Issuer is not an 'ACME' + Issuer, an error will be returned and the Order will be marked as + failed. + properties: + group: + type: string + kind: + type: string + name: + type: string + required: + - name + type: object + required: + - csr + - issuerRef + type: object + status: + properties: + authorizations: + description: Authorizations contains data returned from the ACME server + on what authorizations must be completed in order to validate the + DNS names specified on the Order. + items: + description: ACMEAuthorization contains data returned from the ACME + server on an authorization that must be completed in order validate + a DNS name on an ACME Order resource. + properties: + challenges: + description: Challenges specifies the challenge types offered + by the ACME server. One of these challenge types will be selected + when validating the DNS name and an appropriate Challenge resource + will be created to perform the ACME challenge process. + items: + description: Challenge specifies a challenge offered by the + ACME server for an Order. An appropriate Challenge resource + can be created to perform the ACME challenge process. + properties: + token: + description: Token is the token that must be presented for + this challenge. This is used to compute the 'key' that + must also be presented. + type: string + type: + description: Type is the type of challenge being offered, + e.g. http-01, dns-01 + type: string + url: + description: URL is the URL of this challenge. It can be + used to retrieve additional metadata about the Challenge + from the ACME server. + type: string + required: + - token + - type + - url + type: object + type: array + identifier: + description: Identifier is the DNS name to be validated as part + of this authorization + type: string + url: + description: URL is the URL of the Authorization that must be + completed + type: string + wildcard: + description: Wildcard will be true if this authorization is for + a wildcard DNS name. If this is true, the identifier will be + the *non-wildcard* version of the DNS name. For example, if + '*.example.com' is the DNS name being validated, this field + will be 'true' and the 'identifier' field will be 'example.com'. + type: boolean + required: + - url + type: object + type: array + certificate: + description: Certificate is a copy of the PEM encoded certificate for + this Order. This field will be populated after the order has been + successfully finalized with the ACME server, and the order has transitioned + to the 'valid' state. + format: byte + type: string + failureTime: + description: FailureTime stores the time that this order failed. This + is used to influence garbage collection and back-off. + format: date-time + type: string + finalizeURL: + description: FinalizeURL of the Order. This is used to obtain certificates + for this order once it has been completed. + type: string + reason: + description: Reason optionally provides more information about a why + the order is in the current state. + type: string + state: + description: State contains the current state of this Order resource. + States 'success' and 'expired' are 'final' + enum: + - valid + - ready + - pending + - processing + - invalid + - expired + - errored + type: string + url: + description: URL of the Order. This will initially be empty when the + resource is first created. The Order controller will populate this + field when the Order is first processed. This field will be immutable + after it is initially set. + type: string + type: object + required: + - metadata + type: object + versions: + - name: v1alpha2 + served: true + storage: true + - name: v1alpha3 + served: true + storage: false + diff --git a/charts/kubezeroCertManager/update_crds.sh b/charts/kubezeroCertManager/update_crds.sh new file mode 100755 index 0000000..3c0777f --- /dev/null +++ b/charts/kubezeroCertManager/update_crds.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +curl -Lso crds/cert-manager-crds.yaml https://github.com/jetstack/cert-manager/releases/download/v0.14.3/cert-manager.crds.yaml diff --git a/charts/kubezeroCertManager/values.yaml b/charts/kubezeroCertManager/values.yaml new file mode 100644 index 0000000..77eb81d --- /dev/null +++ b/charts/kubezeroCertManager/values.yaml @@ -0,0 +1,28 @@ +cert-manager: + tolerations: + - key: node-role.kubernetes.io/master + effect: NoSchedule + nodeSelector: + node-role.kubernetes.io/master: "" + ingressShim: + defaultIssuerName: letsencrypt-dns-prod + defaultIssuerKind: ClusterIssuer + webhook: + tolerations: + - key: node-role.kubernetes.io/master + effect: NoSchedule + nodeSelector: + node-role.kubernetes.io/master: "" + cainjector: + tolerations: + - key: node-role.kubernetes.io/master + effect: NoSchedule + nodeSelector: + node-role.kubernetes.io/master: "" + extraArgs: + - "--dns01-recursive-nameservers-only" + prometheus: + servicemonitor: + enabled: false + #podAnnotations: + # iam.amazonaws.com/role: "INSERT_CLOUDFORMATION_OUTPUT_CertManagerRoleArn"