From 85d2c447c1cfc2599ed68f0dff3ca64424ddf6a8 Mon Sep 17 00:00:00 2001 From: Stefan Reimer Date: Fri, 1 May 2020 14:57:31 +0100 Subject: [PATCH] Initial commit --- .gitignore | 92 + LICENSE.md | 651 +++++++ README.md | 4 + charts/kubezero-app/.helmignore | 23 + charts/kubezero-app/Chart.yaml | 5 + charts/kubezero-app/templates/calico.yaml | 18 + .../templates/local-volume-provisioner.yaml | 20 + charts/kubezero-app/values.yaml | 12 + charts/kubezero/Chart.yaml | 16 + charts/kubezero/README.md | 1 + charts/kubezero/charts/argo-cd/.helmignore | 2 + charts/kubezero/charts/argo-cd/Chart.yaml | 16 + charts/kubezero/charts/argo-cd/README.md | 308 +++ .../charts/argo-cd/crds/crd-application.yaml | 1670 +++++++++++++++++ .../charts/argo-cd/crds/crd-project.yaml | 209 +++ .../kubezero/charts/argo-cd/requirements.lock | 6 + .../kubezero/charts/argo-cd/requirements.yaml | 5 + .../charts/argo-cd/templates/NOTES.txt | 15 + .../charts/argo-cd/templates/_helpers.tpl | 118 ++ .../clusterrole.yaml | 24 + .../clusterrolebinding.yaml | 21 + .../deployment.yaml | 123 ++ .../metrics-service.yaml | 31 + .../prometheusrule.yaml | 27 + .../argocd-application-controller/role.yaml | 41 + .../rolebinding.yaml | 19 + .../service.yaml | 25 + .../serviceaccount.yaml | 11 + .../servicemonitor.yaml | 35 + .../templates/argocd-configs/argocd-cm.yaml | 13 + .../argocd-configs/argocd-rbac-cm.yaml | 15 + .../argocd-configs/argocd-secret.yaml | 50 + .../argocd-ssh-known-hosts-cm.yaml | 12 + .../argocd-configs/argocd-tls-certs-cm.yaml | 14 + .../argocd-repo-server/deployment.yaml | 154 ++ .../templates/argocd-repo-server/hpa.yaml | 33 + .../argocd-repo-server/metrics-service.yaml | 31 + .../repository-credentials-secret.yaml | 18 + .../templates/argocd-repo-server/role.yaml | 17 + .../argocd-repo-server/rolebinding.yaml | 21 + .../templates/argocd-repo-server/service.yaml | 26 + .../argocd-repo-server/serviceaccount.yaml | 19 + .../argocd-repo-server/servicemonitor.yaml | 36 + .../templates/argocd-server/applications.yaml | 42 + .../argocd-server/backendconfig.yaml | 15 + .../templates/argocd-server/certificate.yaml | 30 + .../templates/argocd-server/clusterrole.yaml | 35 + .../argocd-server/clusterrolebinding.yaml | 21 + .../templates/argocd-server/deployment.yaml | 153 ++ .../argo-cd/templates/argocd-server/hpa.yaml | 33 + .../templates/argocd-server/ingress.yaml | 57 + .../argocd-server/metrics-service.yaml | 31 + .../templates/argocd-server/projects.yaml | 46 + .../argo-cd/templates/argocd-server/role.yaml | 45 + .../templates/argocd-server/rolebinding.yaml | 19 + .../templates/argocd-server/route.yaml | 31 + .../templates/argocd-server/service.yaml | 43 + .../argocd-server/serviceaccount.yaml | 11 + .../argocd-server/servicemonitor.yaml | 36 + .../charts/argo-cd/templates/crds.yaml | 6 + .../argo-cd/templates/dex/deployment.yaml | 106 ++ .../charts/argo-cd/templates/dex/role.yaml | 23 + .../argo-cd/templates/dex/rolebinding.yaml | 21 + .../charts/argo-cd/templates/dex/service.yaml | 26 + .../argo-cd/templates/dex/serviceaccount.yaml | 13 + .../argo-cd/templates/redis/deployment.yaml | 88 + .../argo-cd/templates/redis/service.yaml | 20 + charts/kubezero/charts/argo-cd/values.yaml | 830 ++++++++ charts/kubezero/templates/istio-service.yaml | 29 + charts/kubezero/values.yaml | 83 + 70 files changed, 5900 insertions(+) create mode 100644 .gitignore create mode 100644 LICENSE.md create mode 100644 README.md create mode 100644 charts/kubezero-app/.helmignore create mode 100644 charts/kubezero-app/Chart.yaml create mode 100644 charts/kubezero-app/templates/calico.yaml create mode 100644 charts/kubezero-app/templates/local-volume-provisioner.yaml create mode 100644 charts/kubezero-app/values.yaml create mode 100644 charts/kubezero/Chart.yaml create mode 100644 charts/kubezero/README.md create mode 100644 charts/kubezero/charts/argo-cd/.helmignore create mode 100644 charts/kubezero/charts/argo-cd/Chart.yaml create mode 100644 charts/kubezero/charts/argo-cd/README.md create mode 100644 charts/kubezero/charts/argo-cd/crds/crd-application.yaml create mode 100644 charts/kubezero/charts/argo-cd/crds/crd-project.yaml create mode 100644 charts/kubezero/charts/argo-cd/requirements.lock create mode 100644 charts/kubezero/charts/argo-cd/requirements.yaml create mode 100644 charts/kubezero/charts/argo-cd/templates/NOTES.txt create mode 100644 charts/kubezero/charts/argo-cd/templates/_helpers.tpl create mode 100644 charts/kubezero/charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml create mode 100644 charts/kubezero/charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml create mode 100755 charts/kubezero/charts/argo-cd/templates/argocd-application-controller/deployment.yaml create mode 100644 charts/kubezero/charts/argo-cd/templates/argocd-application-controller/metrics-service.yaml create mode 100644 charts/kubezero/charts/argo-cd/templates/argocd-application-controller/prometheusrule.yaml create mode 100644 charts/kubezero/charts/argo-cd/templates/argocd-application-controller/role.yaml create mode 100644 charts/kubezero/charts/argo-cd/templates/argocd-application-controller/rolebinding.yaml create mode 100644 charts/kubezero/charts/argo-cd/templates/argocd-application-controller/service.yaml create mode 100644 charts/kubezero/charts/argo-cd/templates/argocd-application-controller/serviceaccount.yaml create mode 100644 charts/kubezero/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml create mode 100644 charts/kubezero/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml create mode 100644 charts/kubezero/charts/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml create mode 100644 charts/kubezero/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml create mode 100644 charts/kubezero/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml create mode 100644 charts/kubezero/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml create mode 100755 charts/kubezero/charts/argo-cd/templates/argocd-repo-server/deployment.yaml create mode 100644 charts/kubezero/charts/argo-cd/templates/argocd-repo-server/hpa.yaml create mode 100644 charts/kubezero/charts/argo-cd/templates/argocd-repo-server/metrics-service.yaml create mode 100644 charts/kubezero/charts/argo-cd/templates/argocd-repo-server/repository-credentials-secret.yaml create mode 100644 charts/kubezero/charts/argo-cd/templates/argocd-repo-server/role.yaml create mode 100644 charts/kubezero/charts/argo-cd/templates/argocd-repo-server/rolebinding.yaml create mode 100644 charts/kubezero/charts/argo-cd/templates/argocd-repo-server/service.yaml create mode 100644 charts/kubezero/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml create mode 100644 charts/kubezero/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml create mode 100644 charts/kubezero/charts/argo-cd/templates/argocd-server/applications.yaml create mode 100644 charts/kubezero/charts/argo-cd/templates/argocd-server/backendconfig.yaml create mode 100644 charts/kubezero/charts/argo-cd/templates/argocd-server/certificate.yaml create mode 100644 charts/kubezero/charts/argo-cd/templates/argocd-server/clusterrole.yaml create mode 100644 charts/kubezero/charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml create mode 100755 charts/kubezero/charts/argo-cd/templates/argocd-server/deployment.yaml create mode 100644 charts/kubezero/charts/argo-cd/templates/argocd-server/hpa.yaml create mode 100644 charts/kubezero/charts/argo-cd/templates/argocd-server/ingress.yaml create mode 100644 charts/kubezero/charts/argo-cd/templates/argocd-server/metrics-service.yaml create mode 100644 charts/kubezero/charts/argo-cd/templates/argocd-server/projects.yaml create mode 100644 charts/kubezero/charts/argo-cd/templates/argocd-server/role.yaml create mode 100644 charts/kubezero/charts/argo-cd/templates/argocd-server/rolebinding.yaml create mode 100644 charts/kubezero/charts/argo-cd/templates/argocd-server/route.yaml create mode 100644 charts/kubezero/charts/argo-cd/templates/argocd-server/service.yaml create mode 100644 charts/kubezero/charts/argo-cd/templates/argocd-server/serviceaccount.yaml create mode 100644 charts/kubezero/charts/argo-cd/templates/argocd-server/servicemonitor.yaml create mode 100644 charts/kubezero/charts/argo-cd/templates/crds.yaml create mode 100755 charts/kubezero/charts/argo-cd/templates/dex/deployment.yaml create mode 100644 charts/kubezero/charts/argo-cd/templates/dex/role.yaml create mode 100644 charts/kubezero/charts/argo-cd/templates/dex/rolebinding.yaml create mode 100644 charts/kubezero/charts/argo-cd/templates/dex/service.yaml create mode 100644 charts/kubezero/charts/argo-cd/templates/dex/serviceaccount.yaml create mode 100755 charts/kubezero/charts/argo-cd/templates/redis/deployment.yaml create mode 100644 charts/kubezero/charts/argo-cd/templates/redis/service.yaml create mode 100755 charts/kubezero/charts/argo-cd/values.yaml create mode 100644 charts/kubezero/templates/istio-service.yaml create mode 100644 charts/kubezero/values.yaml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..f289435 --- /dev/null +++ b/.gitignore @@ -0,0 +1,92 @@ +# Vim +*.swp + +# Byte-compiled / optimized / DLL files +__pycache__/ +*.py[cod] +*$py.class + +# C extensions +*.so + +# Distribution / packaging +.Python +env/ +build/ +develop-eggs/ +dist/ +downloads/ +eggs/ +.eggs/ +lib64/ +parts/ +sdist/ +var/ +*.egg-info/ +.installed.cfg +*.egg + +# PyInstaller +# Usually these files are written by a python script from a template +# before PyInstaller builds the exe, so as to inject date/other infos into it. +*.manifest +*.spec + +# Installer logs +pip-log.txt +pip-delete-this-directory.txt + +# Unit test / coverage reports +htmlcov/ +.tox/ +.coverage +.coverage.* +.cache +.pytest* +nosetests.xml +coverage.xml +*,cover +.hypothesis/ + +# Translations +*.mo +*.pot + +# Django stuff: +*.log +local_settings.py + +# Flask stuff: +instance/ +.webassets-cache + +# Scrapy stuff: +.scrapy + +# Sphinx documentation +docs/_build/ + +# PyBuilder +target/ + +# IPython Notebook +.ipynb_checkpoints + +# pyenv +.python-version + +# celery beat schedule file +celerybeat-schedule + +# dotenv +.env + +# virtualenv +venv/ +ENV/ + +# Spyder project settings +.spyderproject + +# Rope project settings +.ropeproject diff --git a/LICENSE.md b/LICENSE.md new file mode 100644 index 0000000..4ef32f0 --- /dev/null +++ b/LICENSE.md @@ -0,0 +1,651 @@ +GNU Affero General Public License +================================= + +_Version 3, 19 November 2007_ +_Copyright © 2007 Free Software Foundation, Inc. <>_ + +Everyone is permitted to copy and distribute verbatim copies +of this license document, but changing it is not allowed. + +## Preamble + +The GNU Affero General Public License is a free, copyleft license for +software and other kinds of works, specifically designed to ensure +cooperation with the community in the case of network server software. + +The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +our General Public Licenses are intended to guarantee your freedom to +share and change all versions of a program--to make sure it remains free +software for all its users. + +When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + +Developers that use our General Public Licenses protect your rights +with two steps: **(1)** assert copyright on the software, and **(2)** offer +you this License which gives you legal permission to copy, distribute +and/or modify the software. + +A secondary benefit of defending all users' freedom is that +improvements made in alternate versions of the program, if they +receive widespread use, become available for other developers to +incorporate. Many developers of free software are heartened and +encouraged by the resulting cooperation. However, in the case of +software used on network servers, this result may fail to come about. +The GNU General Public License permits making a modified version and +letting the public access it on a server without ever releasing its +source code to the public. + +The GNU Affero General Public License is designed specifically to +ensure that, in such cases, the modified source code becomes available +to the community. It requires the operator of a network server to +provide the source code of the modified version running there to the +users of that server. Therefore, public use of a modified version, on +a publicly accessible server, gives the public access to the source +code of the modified version. + +An older license, called the Affero General Public License and +published by Affero, was designed to accomplish similar goals. This is +a different license, not a version of the Affero GPL, but Affero has +released a new version of the Affero GPL which permits relicensing under +this license. + +The precise terms and conditions for copying, distribution and +modification follow. + +## TERMS AND CONDITIONS + +### 0. Definitions + +“This License” refers to version 3 of the GNU Affero General Public License. + +“Copyright” also means copyright-like laws that apply to other kinds of +works, such as semiconductor masks. + +“The Program” refers to any copyrightable work licensed under this +License. Each licensee is addressed as “you”. “Licensees” and +“recipients” may be individuals or organizations. + +To “modify” a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of an +exact copy. The resulting work is called a “modified version” of the +earlier work or a work “based on” the earlier work. + +A “covered work” means either the unmodified Program or a work based +on the Program. + +To “propagate” a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + +To “convey” a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user through +a computer network, with no transfer of a copy, is not conveying. + +An interactive user interface displays “Appropriate Legal Notices” +to the extent that it includes a convenient and prominently visible +feature that **(1)** displays an appropriate copyright notice, and **(2)** +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + +### 1. Source Code + +The “source code” for a work means the preferred form of the work +for making modifications to it. “Object code” means any non-source +form of a work. + +A “Standard Interface” means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + +The “System Libraries” of an executable work include anything, other +than the work as a whole, that **(a)** is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and **(b)** serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +“Major Component”, in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + +The “Corresponding Source” for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + +The Corresponding Source need not include anything that users +can regenerate automatically from other parts of the Corresponding +Source. + +The Corresponding Source for a work in source code form is that +same work. + +### 2. Basic Permissions + +All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + +You may make, run and propagate covered works that you do not +convey, without conditions so long as your license otherwise remains +in force. You may convey covered works to others for the sole purpose +of having them make modifications exclusively for you, or provide you +with facilities for running those works, provided that you comply with +the terms of this License in conveying all material for which you do +not control copyright. Those thus making or running the covered works +for you must do so exclusively on your behalf, under your direction +and control, on terms that prohibit them from making any copies of +your copyrighted material outside their relationship with you. + +Conveying under any other circumstances is permitted solely under +the conditions stated below. Sublicensing is not allowed; section 10 +makes it unnecessary. + +### 3. Protecting Users' Legal Rights From Anti-Circumvention Law + +No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + +When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such circumvention +is effected by exercising rights under this License with respect to +the covered work, and you disclaim any intention to limit operation or +modification of the work as a means of enforcing, against the work's +users, your or third parties' legal rights to forbid circumvention of +technological measures. + +### 4. Conveying Verbatim Copies + +You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + +You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + +### 5. Conveying Modified Source Versions + +You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these conditions: + +* **a)** The work must carry prominent notices stating that you modified +it, and giving a relevant date. +* **b)** The work must carry prominent notices stating that it is +released under this License and any conditions added under section 7. +This requirement modifies the requirement in section 4 to +“keep intact all notices”. +* **c)** You must license the entire work, as a whole, under this +License to anyone who comes into possession of a copy. This +License will therefore apply, along with any applicable section 7 +additional terms, to the whole of the work, and all its parts, +regardless of how they are packaged. This License gives no +permission to license the work in any other way, but it does not +invalidate such permission if you have separately received it. +* **d)** If the work has interactive user interfaces, each must display +Appropriate Legal Notices; however, if the Program has interactive +interfaces that do not display Appropriate Legal Notices, your +work need not make them do so. + +A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +“aggregate” if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + +### 6. Conveying Non-Source Forms + +You may convey a covered work in object code form under the terms +of sections 4 and 5, provided that you also convey the +machine-readable Corresponding Source under the terms of this License, +in one of these ways: + +* **a)** Convey the object code in, or embodied in, a physical product +(including a physical distribution medium), accompanied by the +Corresponding Source fixed on a durable physical medium +customarily used for software interchange. +* **b)** Convey the object code in, or embodied in, a physical product +(including a physical distribution medium), accompanied by a +written offer, valid for at least three years and valid for as +long as you offer spare parts or customer support for that product +model, to give anyone who possesses the object code either **(1)** a +copy of the Corresponding Source for all the software in the +product that is covered by this License, on a durable physical +medium customarily used for software interchange, for a price no +more than your reasonable cost of physically performing this +conveying of source, or **(2)** access to copy the +Corresponding Source from a network server at no charge. +* **c)** Convey individual copies of the object code with a copy of the +written offer to provide the Corresponding Source. This +alternative is allowed only occasionally and noncommercially, and +only if you received the object code with such an offer, in accord +with subsection 6b. +* **d)** Convey the object code by offering access from a designated +place (gratis or for a charge), and offer equivalent access to the +Corresponding Source in the same way through the same place at no +further charge. You need not require recipients to copy the +Corresponding Source along with the object code. If the place to +copy the object code is a network server, the Corresponding Source +may be on a different server (operated by you or a third party) +that supports equivalent copying facilities, provided you maintain +clear directions next to the object code saying where to find the +Corresponding Source. Regardless of what server hosts the +Corresponding Source, you remain obligated to ensure that it is +available for as long as needed to satisfy these requirements. +* **e)** Convey the object code using peer-to-peer transmission, provided +you inform other peers where the object code and Corresponding +Source of the work are being offered to the general public at no +charge under subsection 6d. + +A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + +A “User Product” is either **(1)** a “consumer product”, which means any +tangible personal property which is normally used for personal, family, +or household purposes, or **(2)** anything designed or sold for incorporation +into a dwelling. In determining whether a product is a consumer product, +doubtful cases shall be resolved in favor of coverage. For a particular +product received by a particular user, “normally used” refers to a +typical or common use of that class of product, regardless of the status +of the particular user or of the way in which the particular user +actually uses, or expects or is expected to use, the product. A product +is a consumer product regardless of whether the product has substantial +commercial, industrial or non-consumer uses, unless such uses represent +the only significant mode of use of the product. + +“Installation Information” for a User Product means any methods, +procedures, authorization keys, or other information required to install +and execute modified versions of a covered work in that User Product from +a modified version of its Corresponding Source. The information must +suffice to ensure that the continued functioning of the modified object +code is in no case prevented or interfered with solely because +modification has been made. + +If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + +The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or updates +for a work that has been modified or installed by the recipient, or for +the User Product in which it has been modified or installed. Access to a +network may be denied when the modification itself materially and +adversely affects the operation of the network or violates the rules and +protocols for communication across the network. + +Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + +### 7. Additional Terms + +“Additional permissions” are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + +When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + +Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders of +that material) supplement the terms of this License with terms: + +* **a)** Disclaiming warranty or limiting liability differently from the +terms of sections 15 and 16 of this License; or +* **b)** Requiring preservation of specified reasonable legal notices or +author attributions in that material or in the Appropriate Legal +Notices displayed by works containing it; or +* **c)** Prohibiting misrepresentation of the origin of that material, or +requiring that modified versions of such material be marked in +reasonable ways as different from the original version; or +* **d)** Limiting the use for publicity purposes of names of licensors or +authors of the material; or +* **e)** Declining to grant rights under trademark law for use of some +trade names, trademarks, or service marks; or +* **f)** Requiring indemnification of licensors and authors of that +material by anyone who conveys the material (or modified versions of +it) with contractual assumptions of liability to the recipient, for +any liability that these contractual assumptions directly impose on +those licensors and authors. + +All other non-permissive additional terms are considered “further +restrictions” within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + +If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + +Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; +the above requirements apply either way. + +### 8. Termination + +You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + +However, if you cease all violation of this License, then your +license from a particular copyright holder is reinstated **(a)** +provisionally, unless and until the copyright holder explicitly and +finally terminates your license, and **(b)** permanently, if the copyright +holder fails to notify you of the violation by some reasonable means +prior to 60 days after the cessation. + +Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + +Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + +### 9. Acceptance Not Required for Having Copies + +You are not required to accept this License in order to receive or +run a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + +### 10. Automatic Licensing of Downstream Recipients + +Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + +An “entity transaction” is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + +You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + +### 11. Patents + +A “contributor” is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's “contributor version”. + +A contributor's “essential patent claims” are all patent claims +owned or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, “control” includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + +Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + +In the following three paragraphs, a “patent license” is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To “grant” such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + +If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either **(1)** cause the Corresponding Source to be so +available, or **(2)** arrange to deprive yourself of the benefit of the +patent license for this particular work, or **(3)** arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. “Knowingly relying” means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + +If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + +A patent license is “discriminatory” if it does not include within +the scope of its coverage, prohibits the exercise of, or is +conditioned on the non-exercise of one or more of the rights that are +specifically granted under this License. You may not convey a covered +work if you are a party to an arrangement with a third party that is +in the business of distributing software, under which you make payment +to the third party based on the extent of your activity of conveying +the work, and under which the third party grants, to any of the +parties who would receive the covered work from you, a discriminatory +patent license **(a)** in connection with copies of the covered work +conveyed by you (or copies made from those copies), or **(b)** primarily +for and in connection with specific products or compilations that +contain the covered work, unless you entered into that arrangement, +or that patent license was granted, prior to 28 March 2007. + +Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + +### 12. No Surrender of Others' Freedom + +If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey a +covered work so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you +to collect a royalty for further conveying from those to whom you convey +the Program, the only way you could satisfy both those terms and this +License would be to refrain entirely from conveying the Program. + +### 13. Remote Network Interaction; Use with the GNU General Public License + +Notwithstanding any other provision of this License, if you modify the +Program, your modified version must prominently offer all users +interacting with it remotely through a computer network (if your version +supports such interaction) an opportunity to receive the Corresponding +Source of your version by providing access to the Corresponding Source +from a network server at no charge, through some standard or customary +means of facilitating copying of software. This Corresponding Source +shall include the Corresponding Source for any work covered by version 3 +of the GNU General Public License that is incorporated pursuant to the +following paragraph. + +Notwithstanding any other provision of this License, you have +permission to link or combine any covered work with a work licensed +under version 3 of the GNU General Public License into a single +combined work, and to convey the resulting work. The terms of this +License will continue to apply to the part which is the covered work, +but the work with which it is combined will remain governed by version +3 of the GNU General Public License. + +### 14. Revised Versions of this License + +The Free Software Foundation may publish revised and/or new versions of +the GNU Affero General Public License from time to time. Such new versions +will be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the +Program specifies that a certain numbered version of the GNU Affero General +Public License “or any later version” applies to it, you have the +option of following the terms and conditions either of that numbered +version or of any later version published by the Free Software +Foundation. If the Program does not specify a version number of the +GNU Affero General Public License, you may choose any version ever published +by the Free Software Foundation. + +If the Program specifies that a proxy can decide which future +versions of the GNU Affero General Public License can be used, that proxy's +public statement of acceptance of a version permanently authorizes you +to choose that version for the Program. + +Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + +### 15. Disclaimer of Warranty + +THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM “AS IS” WITHOUT WARRANTY +OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM +IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF +ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + +### 16. Limitation of Liability + +IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS +THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY +GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE +USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF +DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD +PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), +EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMAGES. + +### 17. Interpretation of Sections 15 and 16 + +If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + +_END OF TERMS AND CONDITIONS_ + +## How to Apply These Terms to Your New Programs + +If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + +To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +state the exclusion of warranty; and each file should have at least +the “copyright” line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU Affero General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . + +Also add information on how to contact you by electronic and paper mail. + +If your software can interact with users remotely through a computer +network, you should also make sure that it provides a way for users to +get its source. For example, if your program is a web application, its +interface could display a “Source” link that leads users to an archive +of the code. There are many ways you could offer source, and different +solutions will be better for different programs; see section 13 for the +specific requirements. + +You should also get your employer (if you work as a programmer) or school, +if any, to sign a “copyright disclaimer” for the program, if necessary. +For more information on this, and how to apply and follow the GNU AGPL, see +<>. diff --git a/README.md b/README.md new file mode 100644 index 0000000..e15381c --- /dev/null +++ b/README.md @@ -0,0 +1,4 @@ +# KubeZero - ZeroDownTime Kubernetes platform + +## Abstract +KubeZero is an mildly opinionated collection of Kubernetes components to be deployed on a bare Kubernetes cluster. diff --git a/charts/kubezero-app/.helmignore b/charts/kubezero-app/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/kubezero-app/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/kubezero-app/Chart.yaml b/charts/kubezero-app/Chart.yaml new file mode 100644 index 0000000..8b2a117 --- /dev/null +++ b/charts/kubezero-app/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v2 +name: kubezero +description: KubeZero - ZeroDownTime Kubernetes +type: application +version: 0.1.0 diff --git a/charts/kubezero-app/templates/calico.yaml b/charts/kubezero-app/templates/calico.yaml new file mode 100644 index 0000000..ea34c3c --- /dev/null +++ b/charts/kubezero-app/templates/calico.yaml @@ -0,0 +1,18 @@ +{{- if .Values.calico.enabled }} +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: calico + namespace: argocd +spec: + project: kubezero + + source: + repoURL: {{ .Values.source.repoURL }} + targetRevision: {{ .Values.source.targetRevision }} + path: {{ .Values.source.pathPrefix }}/artifacts/calico + + destination: + server: {{ .Values.destination.server }} + namespace: kube-system +{{- end }} diff --git a/charts/kubezero-app/templates/local-volume-provisioner.yaml b/charts/kubezero-app/templates/local-volume-provisioner.yaml new file mode 100644 index 0000000..f336970 --- /dev/null +++ b/charts/kubezero-app/templates/local-volume-provisioner.yaml @@ -0,0 +1,20 @@ +{{- if .Values.localVolumeProvisioner.enabled }} +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: local-volume-provisioner + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: kubezero + + source: + repoURL: {{ .Values.source.repoURL }} + targetRevision: {{ .Values.source.targetRevision }} + path: {{ .Values.source.pathPrefix }}/artifacts/local-volume-provisioner + + destination: + server: {{ .Values.destination.server }} + namespace: kube-system +{{- end }} diff --git a/charts/kubezero-app/values.yaml b/charts/kubezero-app/values.yaml new file mode 100644 index 0000000..57aed7a --- /dev/null +++ b/charts/kubezero-app/values.yaml @@ -0,0 +1,12 @@ +destination: + server: https://kubernetes.default.svc +source: + repoURL: https://git.zero-downtime.net/ZeroDownTime/k8s-kustomize-lib + targetRevision: HEAD + pathPrefix: '' + +calico: + enabled: false + +localVolumeProvisioner: + enabled: false diff --git a/charts/kubezero/Chart.yaml b/charts/kubezero/Chart.yaml new file mode 100644 index 0000000..54c9adc --- /dev/null +++ b/charts/kubezero/Chart.yaml @@ -0,0 +1,16 @@ +apiVersion: v2 +description: KubeZero Helm chart to bootstrap Kube cluster incl. ArgoCD +name: kubezero +version: 0.1.0 +home: https://kubezero.com +keywords: + - kubezero + - argocd + - gitops +maintainers: + - name: Quarky9 +dependencies: + - name: argo-cd + version: 2.2.12 + repository: https://argoproj.github.io/argo-helm + alias: argocd diff --git a/charts/kubezero/README.md b/charts/kubezero/README.md new file mode 100644 index 0000000..316b91c --- /dev/null +++ b/charts/kubezero/README.md @@ -0,0 +1 @@ +https://blog.1q77.com/2020/03/argocd-istio-ingress/ diff --git a/charts/kubezero/charts/argo-cd/.helmignore b/charts/kubezero/charts/argo-cd/.helmignore new file mode 100644 index 0000000..2df6bf5 --- /dev/null +++ b/charts/kubezero/charts/argo-cd/.helmignore @@ -0,0 +1,2 @@ +*.tgz +output diff --git a/charts/kubezero/charts/argo-cd/Chart.yaml b/charts/kubezero/charts/argo-cd/Chart.yaml new file mode 100644 index 0000000..ec7fca5 --- /dev/null +++ b/charts/kubezero/charts/argo-cd/Chart.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +appVersion: "1.5.2" +description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. +name: argo-cd +version: 2.2.12 +home: https://github.com/argoproj/argo-helm +icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png +keywords: + - argoproj + - argocd + - gitops +maintainers: + - name: alexec + - name: alexmt + - name: jessesuen + - name: seanson diff --git a/charts/kubezero/charts/argo-cd/README.md b/charts/kubezero/charts/argo-cd/README.md new file mode 100644 index 0000000..0ce42bd --- /dev/null +++ b/charts/kubezero/charts/argo-cd/README.md @@ -0,0 +1,308 @@ +# Argo CD Chart + +A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. + +Source code can be found [here](https://argoproj.github.io/argo-cd/) + +## Additional Information + +This is a **community maintained** chart. This chart installs [argo-cd](https://argoproj.github.io/argo-cd/), a declarative, GitOps continuous delivery tool for Kubernetes. + +The default installation is intended to be similar to the provided ArgoCD [releases](https://github.com/argoproj/argo-cd/releases). + +This chart currently installs the non-HA version of ArgoCD. + +## Upgrading + +### 1.8.7 to 2.x.x + +`controller.extraArgs`, `repoServer.extraArgs` and `server.extraArgs` are not arrays of strings intead of a map + +What was +```yaml +server: + extraArgs: + insecure: "" +``` + +is now + +```yaml +server: + extraArgs: + - --insecure +``` + +## Prerequisites + +- Kubernetes 1.7+ + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +$ helm repo add argo https://argoproj.github.io/argo-helm +"argo" has been added to your repositories + +$ helm install --name my-release argo/argo-cd +NAME: my-release +... +``` + +### Helm v3 Compatability + +Requires chart version 1.5.2 or newer. + +Helm v3 has removed the `install-crds` hook so CRDs are now populated by files in the [crds](./crds) directory. Users of Helm v3 should set the `installCRDs` value to `false` to avoid warnings about nonexistant webhooks. + +## Chart Values + +| Parameter | Description | Default | +|-----|------|---------| +| global.image.imagePullPolicy | If defined, a imagePullPolicy applied to all ArgoCD deployments. | `"IfNotPresent"` | +| global.image.repository | If defined, a repository applied to all ArgoCD deployments. | `"argoproj/argocd"` | +| global.image.tag | If defined, a tag applied to all ArgoCD deployments. | `"v1.5.2"` | +| global.securityContext | Toggle and define securityContext | See [values.yaml](values.yaml) | +| global.imagePullSecrets | If defined, uses a Secret to pull an image from a private Docker registry or repository. | `[]` | +| global.hostAliases | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | `[]` | +| nameOverride | Provide a name in place of `argocd` | `"argocd"` | +| installCRDs | Install CRDs if you are using Helm2. | `true` | +| configs.knownHosts.data.ssh_known_hosts | Known Hosts | See [values.yaml](values.yaml) | +| configs.secret.annotations | Annotations for argocd-secret | `{}` | +| configs.secret.argocdServerAdminPassword | Admin password | `null` | +| configs.secret.argocdServerAdminPasswordMtime | Admin password modification time | `date "2006-01-02T15:04:05Z" now` if configs.secret.argocdServerAdminPassword is set | +| configs.secret.bitbucketSecret | BitBucket incoming webhook secret | `""` | +| configs.secret.createSecret | Create the argocd-secret. | `true` | +| configs.secret.githubSecret | GitHub incoming webhook secret | `""` | +| configs.secret.gitlabSecret | GitLab incoming webhook secret | `""` | +| configs.tlsCerts.data."argocd.example.com" | TLS certificate | See [values.yaml](values.yaml) | +| configs.secret.extra | add additional secrets to be added to argocd-secret | `{}` | +| openshift.enabled | enables using arbitrary uid for argo repo server | `false` | + +## ArgoCD Controller + +| Parameter | Description | Default | +|-----|---------|-------------| +| controller.affinity | [Assign custom affinity rules to the deployment](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) | `{}` | +| controller.args.operationProcessors | define the controller `--operation-processors` | `"10"` | +| controller.args.statusProcessors | define the controller `--status-processors` | `"20"` | +| controller.clusterAdminAccess.enabled | Enable RBAC for local cluster deployments. | `true` | +| controller.containerPort | Controller listening port. | `8082` | +| controller.extraArgs | Additional arguments for the controller. A list of flags | `[]` | +| controller.env | Environment variables for the controller. | `[]` | +| controller.image.repository | Repository to use for the controller | `global.image.repository` | +| controller.image.imagePullPolicy | Image pull policy for the controller | `global.image.imagePullPolicy` | +| controller.image.tag | Tag to use for the controller | `global.image.tag` | +| controller.livenessProbe.failureThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `3` | +| controller.livenessProbe.initialDelaySeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | +| controller.livenessProbe.periodSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | +| controller.livenessProbe.successThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | +| controller.livenessProbe.timeoutSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | +| controller.logLevel | Controller log level | `"info"` | +| controller.metrics.enabled | Deploy metrics service | `false` | +| controller.metrics.service.annotations | Metrics service annotations | `{}` | +| controller.metrics.service.labels | Metrics service labels | `{}` | +| controller.metrics.service.servicePort | Metrics service port | `8082` | +| controller.metrics.serviceMonitor.enabled | Enable a prometheus ServiceMonitor. | `false` | +| controller.metrics.serviceMonitor.selector | Prometheus ServiceMonitor selector. | `{}` | +| controller.name | Controller name string. | `"application-controller"` | +| controller.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` | +| controller.podAnnotations | Annotations for the controller pods | `{}` | +| controller.podLabels | Labels for the controller pods | `{}` | +| controller.priorityClassName | Priority class for the controller pods | `""` | +| controller.readinessProbe.failureThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `3` | +| controller.readinessProbe.initialDelaySeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | +| controller.readinessProbe.periodSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | +| controller.readinessProbe.successThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | +| controller.readinessProbe.timeoutSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | +| controller.resources | Resource limits and requests for the controller pods. | `{}` | +| controller.service.annotations | Controller service annotations. | `{}` | +| controller.service.labels | Controller service labels. | `{}` | +| controller.service.port | Controller service port. | `8082` | +| controller.serviceAccount.create | Create a service account for the controller | `true` | +| controller.serviceAccount.name | Service account name. | `"argocd-application-controller"` | +| controller.tolerations | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` | +| controller.volumeMounts | Controller volume mounts | `[]` | +| controller.volumes | Controller volumes | `[]` | + +## Argo Repo Server + +| Property | Description | Default | +|-----|---------|-------------| +| repoServer.affinity | [Assign custom affinity rules to the deployment](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) | `{}` | +| repoServer.autoscaling.enabled | Enable Horizontal Pod Autoscaler ([HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/)) for the repo server | `false` | +| repoServer.autoscaling.minReplicas | Minimum number of replicas for the repo server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `1` | +| repoServer.autoscaling.maxReplicas | Maximum number of replicas for the repo server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `5` | +| repoServer.autoscaling.targetCPUUtilizationPercentage | Average CPU utilization percentage for the repo server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `50` | +| repoServer.autoscaling.targetMemoryUtilizationPercentage | Average memory utilization percentage for the repo server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `50` | +| repoServer.containerPort | Repo server port | `8081` | +| repoServer.extraArgs | Additional arguments for the repo server. A list of flags. | `[]` | +| repoServer.env | Environment variables for the repo server. | `[]` | +| repoServer.image.repository | Repository to use for the repo server | `global.image.repository` | +| repoServer.image.imagePullPolicy | Image pull policy for the repo server | `global.image.imagePullPolicy` | +| repoServer.image.tag | Tag to use for the repo server | `global.image.tag` | +| repoServer.livenessProbe.failureThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `3` | +| repoServer.livenessProbe.initialDelaySeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | +| repoServer.livenessProbe.periodSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | +| repoServer.livenessProbe.successThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | +| repoServer.livenessProbe.timeoutSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | +| repoServer.logLevel | Log level | `"info"` | +| repoServer.metrics.enabled | Deploy metrics service | `false` | +| repoServer.metrics.service.annotations | Metrics service annotations | `{}` | +| repoServer.metrics.service.labels | Metrics service labels | `{}` | +| repoServer.metrics.service.servicePort | Metrics service port | `8082` | +| repoServer.metrics.serviceMonitor.enabled | Enable a prometheus ServiceMonitor. | `false` | +| repoServer.metrics.serviceMonitor.selector | Prometheus ServiceMonitor selector. | `{}` | +| repoServer.name | Repo server name | `"repo-server"` | +| repoServer.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` | +| repoServer.podAnnotations | Annotations for the repo server pods | `{}` | +| repoServer.podLabels | Labels for the repo server pods | `{}` | +| repoServer.priorityClassName | Priority class for the repo server | `""` | +| repoServer.readinessProbe.failureThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `3` | +| repoServer.readinessProbe.initialDelaySeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | +| repoServer.readinessProbe.periodSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | +| repoServer.readinessProbe.successThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | +| repoServer.readinessProbe.timeoutSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | +| repoServer.replicas | The number of repo server pods to run | `1` | +| repoServer.resources | Resource limits and requests for the repo server pods. | `{}` | +| repoServer.service.annotations | Repo server service annotations. | `{}` | +| repoServer.service.labels | Repo server service labels. | `{}` | +| repoServer.service.port | Repo server service port. | `8081` | +| repoServer.tolerations | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` | +| repoServer.volumeMounts | Repo server volume mounts | `[]` | +| repoServer.volumes | Repo server volumes | `[]` | + +## Argo Server + +| Parameter | Description | Default | +|-----|---------|-------------| +| server.affinity | [Assign custom affinity rules to the deployment](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) | `{}` | +| server.autoscaling.enabled | Enable Horizontal Pod Autoscaler ([HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/)) for the server | `false` | +| server.autoscaling.minReplicas | Minimum number of replicas for the server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `1` | +| server.autoscaling.maxReplicas | Maximum number of replicas for the server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `5` | +| server.autoscaling.targetCPUUtilizationPercentage | Average CPU utilization percentage for the server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `50` | +| server.autoscaling.targetMemoryUtilizationPercentage | Average memory utilization percentage for the server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `50` | +| server.GKEbackendConfig.enabled | Enable BackendConfig custom resource for Google Kubernetes Engine. | `false` | +| server.GKEbackendConfig.spec | [BackendConfigSpec](https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom) | `{}` | +| server.certificate.additionalHosts | Certificate manager additional hosts | `[]` | +| server.certificate.domain | Certificate manager domain | `"argocd.example.com"` | +| server.certificate.enabled | Enables a certificate manager certificate. | `false` | +| server.certificate.issuer | Certificate manager issuer | `{}` | +| server.clusterAdminAccess.enabled | Enable RBAC for local cluster deployments. | `true` | +| server.config | [General Argo CD configuration](https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#repositories) | See [values.yaml](values.yaml) | +| server.containerPort | Server container port. | `8080` | +| server.extraArgs | Additional arguments for the server. A list of flags. | `[]` | +| server.env | Environment variables for the server. | `[]` | +| server.image.repository | Repository to use for the server | `global.image.repository` | +| server.image.imagePullPolicy | Image pull policy for the server | `global.image.imagePullPolicy` | +| server.image.tag | Tag to use for the server | `global.image.tag` | +| server.ingress.annotations | Additional ingress annotations | `{}` | +| server.ingress.enabled | Enable an ingress resource for the server | `false` | +| server.ingress.hosts | List of ingress hosts | `[]` | +| server.ingress.labels | Additional ingress labels. | `{}` | +| server.ingress.tls | Ingress TLS configuration. | `[]` | +| server.route.enabled | Enable a OpenShift route for the server | `false` | +| server.route.hostname | Hostname of OpenShift route | `""` | +| server.livenessProbe.failureThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `3` | +| server.livenessProbe.initialDelaySeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | +| server.livenessProbe.periodSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | +| server.livenessProbe.successThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | +| server.livenessProbe.timeoutSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | +| server.logLevel | Log level | `"info"` | +| server.metrics.enabled | Deploy metrics service | `false` | +| server.metrics.service.annotations | Metrics service annotations | `{}` | +| server.metrics.service.labels | Metrics service labels | `{}` | +| server.metrics.service.servicePort | Metrics service port | `8082` | +| server.metrics.serviceMonitor.enabled | Enable a prometheus ServiceMonitor. | `false` | +| server.metrics.serviceMonitor.selector | Prometheus ServiceMonitor selector. | `{}` | +| server.name | Argo CD server name | `"server"` | +| server.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` | +| server.podAnnotations | Annotations for the server pods | `{}` | +| server.podLabels | Labels for the server pods | `{}` | +| server.priorityClassName | Priority class for the server | `""` | +| server.rbacConfig | [Argo CD RBAC policy](https://argoproj.github.io/argo-cd/operator-manual/rbac/) | `{}` | +| server.readinessProbe.failureThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `3` | +| server.readinessProbe.initialDelaySeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | +| server.readinessProbe.periodSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | +| server.readinessProbe.successThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | +| server.readinessProbe.timeoutSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | +| server.replicas | The number of server pods to run | `1` | +| server.resources | Resource limits and requests for the server | `{}` | +| server.service.annotations | Server service annotations | `{}` | +| server.service.labels | Server service labels | `{}` | +| server.service.servicePortHttp | Server service http port | `80` | +| server.service.servicePortHttps | Server service https port | `443` | +| server.service.servicePortHttpName | Server service http port name, can be used to route traffic via istio | `http` | +| server.service.servicePortHttpsName | Server service https port name, can be used to route traffic via istio | `https` | +| server.service.loadBalancerSourceRanges | Source IP ranges to allow access to service from. | `[]` | +| server.service.type | Server service type | `"ClusterIP"` | +| server.serviceAccount.create | Create server service account | `true` | +| server.serviceAccount.name | Server service account name | `"argocd-server"` | +| server.tolerations | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` | +| server.volumeMounts | Server volume mounts | `[]` | +| server.volumes | Server volumes | `[]` | + +## Dex + +| Property | Description | Default | +|-----|---------|-------------| +| dex.affinity | [Assign custom affinity rules to the deployment](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) | `{}` | +| dex.containerPortGrpc | GRPC container port | `5557` | +| dex.containerPortHttp | HTTP container port | `5556` | +| dex.enabled | Enable dex | `true` | +| dex.image.imagePullPolicy | Dex imagePullPolicy | `"IfNotPresent"` | +| dex.image.repository | Dex image repository | `"quay.io/dexidp/dex"` | +| dex.image.tag | Dex image tag | `"v2.14.0"` | +| dex.initImage.repository | Argo CD init image repository. | `global.image.repository` | +| dex.initImage.imagePullPolicy | Argo CD init image imagePullPolicy | `global.image.imagePullPolicy` | +| dex.initImage.tag | Argo CD init image tag | `global.image.tag` | +| dex.name | Dex name | `"dex-server"` | +| dex.env | Environment variables for the Dex server. | `[]` | +| dex.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` | +| dex.podAnnotations | Annotations for the Dex server pods | `{}` | +| dex.podLabels | Labels for the Dex server pods | `{}` | +| dex.priorityClassName | Priority class for dex | `""` | +| dex.resources | Resource limits and requests for dex | `{}` | +| dex.serviceAccount.create | Create dex service account | `true` | +| dex.serviceAccount.name | Dex service account name | `"argocd-dex-server"` | +| dex.servicePortGrpc | Server GRPC port | `5557` | +| dex.servicePortHttp | Server HTTP port | `5556` | +| dex.tolerations | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` | +| dex.volumeMounts | Dex volume mounts | `"/shared"` | +| dex.volumes | Dex volumes | `{}` | + +## Redis + +When Redis is completely disabled from the chart (`redis.enabled=false`) and +an external Redis instance wants to be used or +when Redis HA subcart is enabled (`redis.enabled=true and redis-ha.enabled=true`) +but HA proxy is disabled `redis-ha.haproxy.enabled=false` Redis flags need to be specified +through `xxx.extraArgs` + +| Parameter | Description | Default | +|-----|---------|-------------| +| redis.affinity | [Assign custom affinity rules to the deployment](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) | `{}` | +| redis.containerPort | Redis container port | `6379` | +| redis.enabled | Enable redis | `true` | +| redis.image.imagePullPolicy | Redis imagePullPolicy | `"IfNotPresent"` | +| redis.image.repository | Redis repository | `"redis"` | +| redis.image.tag | Redis tag | `"5.0.3"` | +| redis.name | Redis name | `"redis"` | +| redis.env | Environment variables for the Redis server. | `[]` | +| redis.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` | +| redis.podAnnotations | Annotations for the Redis server pods | `{}` | +| redis.podLabels | Labels for the Redis server pods | `{}` | +| redis.priorityClassName | Priority class for redis | `""` | +| redis.resources | Resource limits and requests for redis | `{}` | +| redis.servicePort | Redis service port | `6379` | +| redis.tolerations | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` | +| redis-ha | Configures [Redis HA subchart](https://github.com/helm/charts/tree/master/stable/redis-ha) The properties below have been changed from the subchart defaults | | +| redis-ha.enabled | Enables the Redis HA subchart and disables the custom Redis single node deployment| `false` | +| redis-ha.exporter.enabled | If `true`, the prometheus exporter sidecar is enabled | `true` | +| redis-ha.persistentVolume.enabled | Configures persistency on Redis nodes | `false` +| redis-ha.redis.masterGroupName | Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated | `argocd` +| redis-ha.redis.config | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) | `` | +| redis-ha.redis.config.save | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled | `""` | +| redis-ha.haproxy.enabled | Enabled HAProxy LoadBalancing/Proxy | `true` | +| redis-ha.haproxy.metrics.enabled | HAProxy enable prometheus metric scraping | `true` | diff --git a/charts/kubezero/charts/argo-cd/crds/crd-application.yaml b/charts/kubezero/charts/argo-cd/crds/crd-application.yaml new file mode 100644 index 0000000..683d41d --- /dev/null +++ b/charts/kubezero/charts/argo-cd/crds/crd-application.yaml @@ -0,0 +1,1670 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: applications.argoproj.io + app.kubernetes.io/part-of: argocd + name: applications.argoproj.io + annotations: + helm.sh/hook: crd-install +spec: + group: argoproj.io + names: + kind: Application + listKind: ApplicationList + plural: applications + shortNames: + - app + - apps + singular: application + scope: Namespaced + validation: + openAPIV3Schema: + description: Application is a definition of Application resource. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + operation: + description: Operation contains requested operation parameters. + properties: + initiatedBy: + description: OperationInitiator holds information about the operation + initiator + properties: + automated: + description: Automated is set to true if operation was initiated + automatically by the application controller. + type: boolean + username: + description: Name of a user who started operation. + type: string + type: object + sync: + description: SyncOperation contains sync operation details. + properties: + dryRun: + description: DryRun will perform a `kubectl apply --dry-run` without + actually performing the sync + type: boolean + manifests: + description: Manifests is an optional field that overrides sync + source with a local directory for development + items: + type: string + type: array + prune: + description: Prune deletes resources that are no longer tracked + in git + type: boolean + resources: + description: Resources describes which resources to sync + items: + description: SyncOperationResource contains resources to sync. + properties: + group: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + type: array + revision: + description: Revision is the revision in which to sync the application + to. If omitted, will use the revision specified in app spec. + type: string + source: + description: Source overrides the source definition set in the application. + This is typically set in a Rollback operation and nil during a + Sync operation + properties: + chart: + description: Chart is a Helm chart name + type: string + directory: + description: Directory holds path/directory specific options + properties: + jsonnet: + description: ApplicationSourceJsonnet holds jsonnet specific + options + properties: + extVars: + description: ExtVars is a list of Jsonnet External Variables + items: + description: JsonnetVar is a jsonnet variable + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level Arguments + items: + description: JsonnetVar is a jsonnet variable + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + fileParameters: + description: FileParameters are file parameters to the helm + template + items: + description: HelmFileParameter is a file parameter to + a helm template + properties: + name: + description: Name is the name of the helm parameter + type: string + path: + description: Path is the path value for the helm parameter + type: string + type: object + type: array + parameters: + description: Parameters are parameters to the helm template + items: + description: HelmParameter is a parameter to a helm template + properties: + forceString: + description: ForceString determines whether to tell + Helm to interpret booleans and numbers as strings + type: boolean + name: + description: Name is the name of the helm parameter + type: string + value: + description: Value is the value for the helm parameter + type: string + type: object + type: array + releaseName: + description: The Helm release name. If omitted it will use + the application name + type: string + valueFiles: + description: ValuesFiles is a list of Helm value files to + use when generating a template + items: + type: string + type: array + values: + description: Values is Helm values, typically defined as + a block + type: string + type: object + ksonnet: + description: Ksonnet holds ksonnet specific options + properties: + environment: + description: Environment is a ksonnet application environment + name + type: string + parameters: + description: Parameters are a list of ksonnet component + parameter override values + items: + description: KsonnetParameter is a ksonnet component parameter + properties: + component: + type: string + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + commonLabels: + additionalProperties: + type: string + description: CommonLabels adds additional kustomize commonLabels + type: object + images: + description: Images are kustomize image overrides + items: + type: string + type: array + namePrefix: + description: NamePrefix is a prefix appended to resources + for kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for kustomize apps + type: string + type: object + path: + description: Path is a directory path within the Git repository + type: string + plugin: + description: ConfigManagementPlugin holds config management + plugin specific options + properties: + env: + items: + properties: + name: + description: the name, usually uppercase + type: string + value: + description: the value + type: string + required: + - name + - value + type: object + type: array + name: + type: string + type: object + repoURL: + description: RepoURL is the repository URL of the application + manifests + type: string + targetRevision: + description: TargetRevision defines the commit, tag, or branch + in which to sync the application to. If omitted, will sync + to HEAD + type: string + required: + - repoURL + type: object + syncOptions: + description: SyncOptions provide per-sync sync-options, e.g. Validate=false + items: + type: string + type: array + syncStrategy: + description: SyncStrategy describes how to perform the sync + properties: + apply: + description: Apply wil perform a `kubectl apply` to perform + the sync. + properties: + force: + description: Force indicates whether or not to supply the + --force flag to `kubectl apply`. The --force flag deletes + and re-create the resource, when PATCH encounters conflict + and has retried for 5 times. + type: boolean + type: object + hook: + description: Hook will submit any referenced resources to perform + the sync. This is the default strategy + properties: + force: + description: Force indicates whether or not to supply the + --force flag to `kubectl apply`. The --force flag deletes + and re-create the resource, when PATCH encounters conflict + and has retried for 5 times. + type: boolean + type: object + type: object + type: object + type: object + spec: + description: ApplicationSpec represents desired application state. Contains + link to repository with application definition and additional parameters + link definition revision. + properties: + destination: + description: Destination overrides the kubernetes server and namespace + defined in the environment ksonnet app.yaml + properties: + namespace: + description: Namespace overrides the environment namespace value + in the ksonnet app.yaml + type: string + server: + description: Server overrides the environment server value in the + ksonnet app.yaml + type: string + type: object + ignoreDifferences: + description: IgnoreDifferences controls resources fields which should + be ignored during comparison + items: + description: ResourceIgnoreDifferences contains resource filter and + list of json paths which should be ignored during comparison with + live state. + properties: + group: + type: string + jsonPointers: + items: + type: string + type: array + kind: + type: string + name: + type: string + namespace: + type: string + required: + - jsonPointers + - kind + type: object + type: array + info: + description: Infos contains a list of useful information (URLs, email + addresses, and plain text) that relates to the application + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + description: Project is a application project name. Empty name means + that application belongs to 'default' project. + type: string + revisionHistoryLimit: + description: This limits this number of items kept in the apps revision + history. This should only be changed in exceptional circumstances. + Setting to zero will store no history. This will reduce storage used. + Increasing will increase the space used to store the history, so we + do not recommend increasing it. Default is 10. + format: int64 + type: integer + source: + description: Source is a reference to the location ksonnet application + definition + properties: + chart: + description: Chart is a Helm chart name + type: string + directory: + description: Directory holds path/directory specific options + properties: + jsonnet: + description: ApplicationSourceJsonnet holds jsonnet specific + options + properties: + extVars: + description: ExtVars is a list of Jsonnet External Variables + items: + description: JsonnetVar is a jsonnet variable + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level Arguments + items: + description: JsonnetVar is a jsonnet variable + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + fileParameters: + description: FileParameters are file parameters to the helm + template + items: + description: HelmFileParameter is a file parameter to a helm + template + properties: + name: + description: Name is the name of the helm parameter + type: string + path: + description: Path is the path value for the helm parameter + type: string + type: object + type: array + parameters: + description: Parameters are parameters to the helm template + items: + description: HelmParameter is a parameter to a helm template + properties: + forceString: + description: ForceString determines whether to tell Helm + to interpret booleans and numbers as strings + type: boolean + name: + description: Name is the name of the helm parameter + type: string + value: + description: Value is the value for the helm parameter + type: string + type: object + type: array + releaseName: + description: The Helm release name. If omitted it will use the + application name + type: string + valueFiles: + description: ValuesFiles is a list of Helm value files to use + when generating a template + items: + type: string + type: array + values: + description: Values is Helm values, typically defined as a block + type: string + type: object + ksonnet: + description: Ksonnet holds ksonnet specific options + properties: + environment: + description: Environment is a ksonnet application environment + name + type: string + parameters: + description: Parameters are a list of ksonnet component parameter + override values + items: + description: KsonnetParameter is a ksonnet component parameter + properties: + component: + type: string + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + commonLabels: + additionalProperties: + type: string + description: CommonLabels adds additional kustomize commonLabels + type: object + images: + description: Images are kustomize image overrides + items: + type: string + type: array + namePrefix: + description: NamePrefix is a prefix appended to resources for + kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources for + kustomize apps + type: string + type: object + path: + description: Path is a directory path within the Git repository + type: string + plugin: + description: ConfigManagementPlugin holds config management plugin + specific options + properties: + env: + items: + properties: + name: + description: the name, usually uppercase + type: string + value: + description: the value + type: string + required: + - name + - value + type: object + type: array + name: + type: string + type: object + repoURL: + description: RepoURL is the repository URL of the application manifests + type: string + targetRevision: + description: TargetRevision defines the commit, tag, or branch in + which to sync the application to. If omitted, will sync to HEAD + type: string + required: + - repoURL + type: object + syncPolicy: + description: SyncPolicy controls when a sync will be performed + properties: + automated: + description: Automated will keep an application synced to the target + revision + properties: + prune: + description: 'Prune will prune resources automatically as part + of automated sync (default: false)' + type: boolean + selfHeal: + description: 'SelfHeal enables auto-syncing if (default: false)' + type: boolean + type: object + syncOptions: + description: Options allow youe to specify whole app sync-options + items: + type: string + type: array + type: object + required: + - destination + - project + - source + type: object + status: + description: ApplicationStatus contains information about application sync, + health status + properties: + conditions: + items: + description: ApplicationCondition contains details about current application + condition + properties: + lastTransitionTime: + description: LastTransitionTime is the time the condition was + first observed. + format: date-time + type: string + message: + description: Message contains human-readable message indicating + details about condition + type: string + type: + description: Type is an application condition type + type: string + required: + - message + - type + type: object + type: array + health: + properties: + message: + type: string + status: + type: string + type: object + history: + description: RevisionHistories is a array of history, oldest first and + newest last + items: + description: RevisionHistory contains information relevant to an application + deployment + properties: + deployedAt: + format: date-time + type: string + id: + format: int64 + type: integer + revision: + type: string + source: + description: ApplicationSource contains information about github + repository, path within repository and target application environment. + properties: + chart: + description: Chart is a Helm chart name + type: string + directory: + description: Directory holds path/directory specific options + properties: + jsonnet: + description: ApplicationSourceJsonnet holds jsonnet specific + options + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar is a jsonnet variable + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level Arguments + items: + description: JsonnetVar is a jsonnet variable + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + fileParameters: + description: FileParameters are file parameters to the + helm template + items: + description: HelmFileParameter is a file parameter to + a helm template + properties: + name: + description: Name is the name of the helm parameter + type: string + path: + description: Path is the path value for the helm + parameter + type: string + type: object + type: array + parameters: + description: Parameters are parameters to the helm template + items: + description: HelmParameter is a parameter to a helm + template + properties: + forceString: + description: ForceString determines whether to tell + Helm to interpret booleans and numbers as strings + type: boolean + name: + description: Name is the name of the helm parameter + type: string + value: + description: Value is the value for the helm parameter + type: string + type: object + type: array + releaseName: + description: The Helm release name. If omitted it will + use the application name + type: string + valueFiles: + description: ValuesFiles is a list of Helm value files + to use when generating a template + items: + type: string + type: array + values: + description: Values is Helm values, typically defined + as a block + type: string + type: object + ksonnet: + description: Ksonnet holds ksonnet specific options + properties: + environment: + description: Environment is a ksonnet application environment + name + type: string + parameters: + description: Parameters are a list of ksonnet component + parameter override values + items: + description: KsonnetParameter is a ksonnet component + parameter + properties: + component: + type: string + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + commonLabels: + additionalProperties: + type: string + description: CommonLabels adds additional kustomize commonLabels + type: object + images: + description: Images are kustomize image overrides + items: + type: string + type: array + namePrefix: + description: NamePrefix is a prefix appended to resources + for kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for kustomize apps + type: string + type: object + path: + description: Path is a directory path within the Git repository + type: string + plugin: + description: ConfigManagementPlugin holds config management + plugin specific options + properties: + env: + items: + properties: + name: + description: the name, usually uppercase + type: string + value: + description: the value + type: string + required: + - name + - value + type: object + type: array + name: + type: string + type: object + repoURL: + description: RepoURL is the repository URL of the application + manifests + type: string + targetRevision: + description: TargetRevision defines the commit, tag, or branch + in which to sync the application to. If omitted, will sync + to HEAD + type: string + required: + - repoURL + type: object + required: + - deployedAt + - id + - revision + type: object + type: array + observedAt: + description: ObservedAt indicates when the application state was updated + without querying latest git state + format: date-time + type: string + operationState: + description: OperationState contains information about state of currently + performing operation on application. + properties: + finishedAt: + description: FinishedAt contains time of operation completion + format: date-time + type: string + message: + description: Message hold any pertinent messages when attempting + to perform operation (typically errors). + type: string + operation: + description: Operation is the original requested operation + properties: + initiatedBy: + description: OperationInitiator holds information about the + operation initiator + properties: + automated: + description: Automated is set to true if operation was initiated + automatically by the application controller. + type: boolean + username: + description: Name of a user who started operation. + type: string + type: object + sync: + description: SyncOperation contains sync operation details. + properties: + dryRun: + description: DryRun will perform a `kubectl apply --dry-run` + without actually performing the sync + type: boolean + manifests: + description: Manifests is an optional field that overrides + sync source with a local directory for development + items: + type: string + type: array + prune: + description: Prune deletes resources that are no longer + tracked in git + type: boolean + resources: + description: Resources describes which resources to sync + items: + description: SyncOperationResource contains resources + to sync. + properties: + group: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + type: array + revision: + description: Revision is the revision in which to sync the + application to. If omitted, will use the revision specified + in app spec. + type: string + source: + description: Source overrides the source definition set + in the application. This is typically set in a Rollback + operation and nil during a Sync operation + properties: + chart: + description: Chart is a Helm chart name + type: string + directory: + description: Directory holds path/directory specific + options + properties: + jsonnet: + description: ApplicationSourceJsonnet holds jsonnet + specific options + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar is a jsonnet variable + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar is a jsonnet variable + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + fileParameters: + description: FileParameters are file parameters + to the helm template + items: + description: HelmFileParameter is a file parameter + to a helm template + properties: + name: + description: Name is the name of the helm + parameter + type: string + path: + description: Path is the path value for the + helm parameter + type: string + type: object + type: array + parameters: + description: Parameters are parameters to the helm + template + items: + description: HelmParameter is a parameter to a + helm template + properties: + forceString: + description: ForceString determines whether + to tell Helm to interpret booleans and numbers + as strings + type: boolean + name: + description: Name is the name of the helm + parameter + type: string + value: + description: Value is the value for the helm + parameter + type: string + type: object + type: array + releaseName: + description: The Helm release name. If omitted it + will use the application name + type: string + valueFiles: + description: ValuesFiles is a list of Helm value + files to use when generating a template + items: + type: string + type: array + values: + description: Values is Helm values, typically defined + as a block + type: string + type: object + ksonnet: + description: Ksonnet holds ksonnet specific options + properties: + environment: + description: Environment is a ksonnet application + environment name + type: string + parameters: + description: Parameters are a list of ksonnet component + parameter override values + items: + description: KsonnetParameter is a ksonnet component + parameter + properties: + component: + type: string + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + commonLabels: + additionalProperties: + type: string + description: CommonLabels adds additional kustomize + commonLabels + type: object + images: + description: Images are kustomize image overrides + items: + type: string + type: array + namePrefix: + description: NamePrefix is a prefix appended to + resources for kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to + resources for kustomize apps + type: string + type: object + path: + description: Path is a directory path within the Git + repository + type: string + plugin: + description: ConfigManagementPlugin holds config management + plugin specific options + properties: + env: + items: + properties: + name: + description: the name, usually uppercase + type: string + value: + description: the value + type: string + required: + - name + - value + type: object + type: array + name: + type: string + type: object + repoURL: + description: RepoURL is the repository URL of the application + manifests + type: string + targetRevision: + description: TargetRevision defines the commit, tag, + or branch in which to sync the application to. If + omitted, will sync to HEAD + type: string + required: + - repoURL + type: object + syncOptions: + description: SyncOptions provide per-sync sync-options, + e.g. Validate=false + items: + type: string + type: array + syncStrategy: + description: SyncStrategy describes how to perform the sync + properties: + apply: + description: Apply wil perform a `kubectl apply` to + perform the sync. + properties: + force: + description: Force indicates whether or not to supply + the --force flag to `kubectl apply`. The --force + flag deletes and re-create the resource, when + PATCH encounters conflict and has retried for + 5 times. + type: boolean + type: object + hook: + description: Hook will submit any referenced resources + to perform the sync. This is the default strategy + properties: + force: + description: Force indicates whether or not to supply + the --force flag to `kubectl apply`. The --force + flag deletes and re-create the resource, when + PATCH encounters conflict and has retried for + 5 times. + type: boolean + type: object + type: object + type: object + type: object + phase: + description: Phase is the current phase of the operation + type: string + startedAt: + description: StartedAt contains time of operation start + format: date-time + type: string + syncResult: + description: SyncResult is the result of a Sync operation + properties: + resources: + description: Resources holds the sync result of each individual + resource + items: + description: ResourceResult holds the operation result details + of a specific resource + properties: + group: + type: string + hookPhase: + description: 'the state of any operation associated with + this resource OR hook note: can contain values for non-hook + resources' + type: string + hookType: + description: the type of the hook, empty for non-hook + resources + type: string + kind: + type: string + message: + description: message for the last sync OR operation + type: string + name: + type: string + namespace: + type: string + status: + description: the final result of the sync, this is be + empty if the resources is yet to be applied/pruned and + is always zero-value for hooks + type: string + syncPhase: + description: indicates the particular phase of the sync + that this is for + type: string + version: + type: string + required: + - group + - kind + - name + - namespace + - version + type: object + type: array + revision: + description: Revision holds the revision of the sync + type: string + source: + description: Source records the application source information + of the sync, used for comparing auto-sync + properties: + chart: + description: Chart is a Helm chart name + type: string + directory: + description: Directory holds path/directory specific options + properties: + jsonnet: + description: ApplicationSourceJsonnet holds jsonnet + specific options + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar is a jsonnet variable + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar is a jsonnet variable + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + fileParameters: + description: FileParameters are file parameters to the + helm template + items: + description: HelmFileParameter is a file parameter + to a helm template + properties: + name: + description: Name is the name of the helm parameter + type: string + path: + description: Path is the path value for the helm + parameter + type: string + type: object + type: array + parameters: + description: Parameters are parameters to the helm template + items: + description: HelmParameter is a parameter to a helm + template + properties: + forceString: + description: ForceString determines whether to + tell Helm to interpret booleans and numbers + as strings + type: boolean + name: + description: Name is the name of the helm parameter + type: string + value: + description: Value is the value for the helm parameter + type: string + type: object + type: array + releaseName: + description: The Helm release name. If omitted it will + use the application name + type: string + valueFiles: + description: ValuesFiles is a list of Helm value files + to use when generating a template + items: + type: string + type: array + values: + description: Values is Helm values, typically defined + as a block + type: string + type: object + ksonnet: + description: Ksonnet holds ksonnet specific options + properties: + environment: + description: Environment is a ksonnet application environment + name + type: string + parameters: + description: Parameters are a list of ksonnet component + parameter override values + items: + description: KsonnetParameter is a ksonnet component + parameter + properties: + component: + type: string + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + commonLabels: + additionalProperties: + type: string + description: CommonLabels adds additional kustomize + commonLabels + type: object + images: + description: Images are kustomize image overrides + items: + type: string + type: array + namePrefix: + description: NamePrefix is a prefix appended to resources + for kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for kustomize apps + type: string + type: object + path: + description: Path is a directory path within the Git repository + type: string + plugin: + description: ConfigManagementPlugin holds config management + plugin specific options + properties: + env: + items: + properties: + name: + description: the name, usually uppercase + type: string + value: + description: the value + type: string + required: + - name + - value + type: object + type: array + name: + type: string + type: object + repoURL: + description: RepoURL is the repository URL of the application + manifests + type: string + targetRevision: + description: TargetRevision defines the commit, tag, or + branch in which to sync the application to. If omitted, + will sync to HEAD + type: string + required: + - repoURL + type: object + required: + - revision + type: object + required: + - operation + - phase + - startedAt + type: object + reconciledAt: + description: ReconciledAt indicates when the application state was reconciled + using the latest git version + format: date-time + type: string + resources: + items: + description: ResourceStatus holds the current sync and health status + of a resource + properties: + group: + type: string + health: + properties: + message: + type: string + status: + type: string + type: object + hook: + type: boolean + kind: + type: string + name: + type: string + namespace: + type: string + requiresPruning: + type: boolean + status: + description: SyncStatusCode is a type which represents possible + comparison results + type: string + version: + type: string + type: object + type: array + sourceType: + type: string + summary: + properties: + externalURLs: + description: ExternalURLs holds all external URLs of application + child resources. + items: + type: string + type: array + images: + description: Images holds all images of application child resources. + items: + type: string + type: array + type: object + sync: + description: SyncStatus is a comparison result of application spec and + deployed application. + properties: + comparedTo: + description: ComparedTo contains application source and target which + was used for resources comparison + properties: + destination: + description: ApplicationDestination contains deployment destination + information + properties: + namespace: + description: Namespace overrides the environment namespace + value in the ksonnet app.yaml + type: string + server: + description: Server overrides the environment server value + in the ksonnet app.yaml + type: string + type: object + source: + description: ApplicationSource contains information about github + repository, path within repository and target application + environment. + properties: + chart: + description: Chart is a Helm chart name + type: string + directory: + description: Directory holds path/directory specific options + properties: + jsonnet: + description: ApplicationSourceJsonnet holds jsonnet + specific options + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar is a jsonnet variable + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar is a jsonnet variable + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + fileParameters: + description: FileParameters are file parameters to the + helm template + items: + description: HelmFileParameter is a file parameter + to a helm template + properties: + name: + description: Name is the name of the helm parameter + type: string + path: + description: Path is the path value for the helm + parameter + type: string + type: object + type: array + parameters: + description: Parameters are parameters to the helm template + items: + description: HelmParameter is a parameter to a helm + template + properties: + forceString: + description: ForceString determines whether to + tell Helm to interpret booleans and numbers + as strings + type: boolean + name: + description: Name is the name of the helm parameter + type: string + value: + description: Value is the value for the helm parameter + type: string + type: object + type: array + releaseName: + description: The Helm release name. If omitted it will + use the application name + type: string + valueFiles: + description: ValuesFiles is a list of Helm value files + to use when generating a template + items: + type: string + type: array + values: + description: Values is Helm values, typically defined + as a block + type: string + type: object + ksonnet: + description: Ksonnet holds ksonnet specific options + properties: + environment: + description: Environment is a ksonnet application environment + name + type: string + parameters: + description: Parameters are a list of ksonnet component + parameter override values + items: + description: KsonnetParameter is a ksonnet component + parameter + properties: + component: + type: string + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + commonLabels: + additionalProperties: + type: string + description: CommonLabels adds additional kustomize + commonLabels + type: object + images: + description: Images are kustomize image overrides + items: + type: string + type: array + namePrefix: + description: NamePrefix is a prefix appended to resources + for kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for kustomize apps + type: string + type: object + path: + description: Path is a directory path within the Git repository + type: string + plugin: + description: ConfigManagementPlugin holds config management + plugin specific options + properties: + env: + items: + properties: + name: + description: the name, usually uppercase + type: string + value: + description: the value + type: string + required: + - name + - value + type: object + type: array + name: + type: string + type: object + repoURL: + description: RepoURL is the repository URL of the application + manifests + type: string + targetRevision: + description: TargetRevision defines the commit, tag, or + branch in which to sync the application to. If omitted, + will sync to HEAD + type: string + required: + - repoURL + type: object + required: + - destination + - source + type: object + revision: + type: string + status: + description: SyncStatusCode is a type which represents possible + comparison results + type: string + required: + - status + type: object + type: object + required: + - metadata + - spec + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true diff --git a/charts/kubezero/charts/argo-cd/crds/crd-project.yaml b/charts/kubezero/charts/argo-cd/crds/crd-project.yaml new file mode 100644 index 0000000..e924423 --- /dev/null +++ b/charts/kubezero/charts/argo-cd/crds/crd-project.yaml @@ -0,0 +1,209 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: appprojects.argoproj.io + app.kubernetes.io/part-of: argocd + name: appprojects.argoproj.io + annotations: + helm.sh/hook: crd-install +spec: + group: argoproj.io + names: + kind: AppProject + listKind: AppProjectList + plural: appprojects + shortNames: + - appproj + - appprojs + singular: appproject + scope: Namespaced + validation: + openAPIV3Schema: + description: 'AppProject provides a logical grouping of applications, providing + controls for: * where the apps may deploy to (cluster whitelist) * what may + be deployed (repository whitelist, resource whitelist/blacklist) * who can + access these applications (roles, OIDC group claims bindings) * and what they + can do (RBAC policies) * automation access to these roles (JWT tokens)' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AppProjectSpec is the specification of an AppProject + properties: + clusterResourceWhitelist: + description: ClusterResourceWhitelist contains list of whitelisted cluster + level resources + items: + description: GroupKind specifies a Group and a Kind, but does not + force a version. This is useful for identifying concepts during + lookup stages without having partially valid types + properties: + group: + type: string + kind: + type: string + required: + - group + - kind + type: object + type: array + description: + description: Description contains optional project description + type: string + destinations: + description: Destinations contains list of destinations available for + deployment + items: + description: ApplicationDestination contains deployment destination + information + properties: + namespace: + description: Namespace overrides the environment namespace value + in the ksonnet app.yaml + type: string + server: + description: Server overrides the environment server value in + the ksonnet app.yaml + type: string + type: object + type: array + namespaceResourceBlacklist: + description: NamespaceResourceBlacklist contains list of blacklisted + namespace level resources + items: + description: GroupKind specifies a Group and a Kind, but does not + force a version. This is useful for identifying concepts during + lookup stages without having partially valid types + properties: + group: + type: string + kind: + type: string + required: + - group + - kind + type: object + type: array + orphanedResources: + description: OrphanedResources specifies if controller should monitor + orphaned resources of apps in this project + properties: + warn: + description: Warn indicates if warning condition should be created + for apps which have orphaned resources + type: boolean + type: object + roles: + description: Roles are user defined RBAC roles associated with this + project + items: + description: ProjectRole represents a role that has access to a project + properties: + description: + description: Description is a description of the role + type: string + groups: + description: Groups are a list of OIDC group claims bound to this + role + items: + type: string + type: array + jwtTokens: + description: JWTTokens are a list of generated JWT tokens bound + to this role + items: + description: JWTToken holds the issuedAt and expiresAt values + of a token + properties: + exp: + format: int64 + type: integer + iat: + format: int64 + type: integer + required: + - iat + type: object + type: array + name: + description: Name is a name for this role + type: string + policies: + description: Policies Stores a list of casbin formated strings + that define access policies for the role in the project + items: + type: string + type: array + required: + - name + type: object + type: array + sourceRepos: + description: SourceRepos contains list of repository URLs which can + be used for deployment + items: + type: string + type: array + syncWindows: + description: SyncWindows controls when syncs can be run for apps in + this project + items: + description: SyncWindow contains the kind, time, duration and attributes + that are used to assign the syncWindows to apps + properties: + applications: + description: Applications contains a list of applications that + the window will apply to + items: + type: string + type: array + clusters: + description: Clusters contains a list of clusters that the window + will apply to + items: + type: string + type: array + duration: + description: Duration is the amount of time the sync window will + be open + type: string + kind: + description: Kind defines if the window allows or blocks syncs + type: string + manualSync: + description: ManualSync enables manual syncs when they would otherwise + be blocked + type: boolean + namespaces: + description: Namespaces contains a list of namespaces that the + window will apply to + items: + type: string + type: array + schedule: + description: Schedule is the time the window will begin, specified + in cron format + type: string + type: object + type: array + type: object + required: + - metadata + - spec + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true diff --git a/charts/kubezero/charts/argo-cd/requirements.lock b/charts/kubezero/charts/argo-cd/requirements.lock new file mode 100644 index 0000000..61752cc --- /dev/null +++ b/charts/kubezero/charts/argo-cd/requirements.lock @@ -0,0 +1,6 @@ +dependencies: +- name: redis-ha + repository: https://kubernetes-charts.storage.googleapis.com + version: 4.4.2 +digest: sha256:70fdd035c3aa3b7185882f12a73143c58ab32f04262dda2cf34a2b1a52116d96 +generated: "2020-03-29T14:37:59.349371452+01:00" diff --git a/charts/kubezero/charts/argo-cd/requirements.yaml b/charts/kubezero/charts/argo-cd/requirements.yaml new file mode 100644 index 0000000..eb6313d --- /dev/null +++ b/charts/kubezero/charts/argo-cd/requirements.yaml @@ -0,0 +1,5 @@ +dependencies: +- name: redis-ha + version: 4.4.2 + repository: https://kubernetes-charts.storage.googleapis.com + condition: redis-ha.enabled \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/NOTES.txt b/charts/kubezero/charts/argo-cd/templates/NOTES.txt new file mode 100644 index 0000000..a320fb0 --- /dev/null +++ b/charts/kubezero/charts/argo-cd/templates/NOTES.txt @@ -0,0 +1,15 @@ +In order to access the server UI you have the following options: + +1. kubectl port-forward service/{{include "argo-cd.fullname" . }}-server -n {{ .Release.Namespace }} 8080:443 + + and then open the browser on http://localhost:8080 and accept the certificate + +2. enable ingress in the values file `service.ingress.enabled` and either + - Add the annotation for ssl passthrough: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ingress.md#option-1-ssl-passthrough + - Add the `--insecure` flag to `server.extraArgs` in the values file and terminate SSL at your ingress: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ingress.md#option-2-multiple-ingress-objects-and-hosts + + +After reaching the UI the first time you can login with username: admin and the password will be the +name of the server pod. You can get the pod name by running: + +kubectl get pods -n {{ .Release.Namespace }} -l app.kubernetes.io/name={{ include "argo-cd.name" . }}-server -o name | cut -d'/' -f 2 diff --git a/charts/kubezero/charts/argo-cd/templates/_helpers.tpl b/charts/kubezero/charts/argo-cd/templates/_helpers.tpl new file mode 100644 index 0000000..8edaf21 --- /dev/null +++ b/charts/kubezero/charts/argo-cd/templates/_helpers.tpl @@ -0,0 +1,118 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "argo-cd.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "argo-cd.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create controller name and version as used by the chart label. +*/}} +{{- define "argo-cd.controller.fullname" -}} +{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.controller.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create dex name and version as used by the chart label. +*/}} +{{- define "argo-cd.dex.fullname" -}} +{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.dex.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create redis name and version as used by the chart label. +*/}} +{{- define "argo-cd.redis.fullname" -}} +{{ $redisHa := (index .Values "redis-ha") }} +{{- if $redisHa.enabled -}} + {{- if $redisHa.haproxy.enabled -}} + {{- printf "%s-redis-ha-haproxy" .Release.Name | trunc 63 | trimSuffix "-" -}} + {{- end -}} +{{- else -}} +{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.redis.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{/* +Create argocd server name and version as used by the chart label. +*/}} +{{- define "argo-cd.server.fullname" -}} +{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.server.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create argocd repo-server name and version as used by the chart label. +*/}} +{{- define "argo-cd.repoServer.fullname" -}} +{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.repoServer.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the controller service account to use +*/}} +{{- define "argo-cd.controllerServiceAccountName" -}} +{{- if .Values.controller.serviceAccount.create -}} + {{ default (include "argo-cd.fullname" .) .Values.controller.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.controller.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the dex service account to use +*/}} +{{- define "argo-cd.dexServiceAccountName" -}} +{{- if .Values.dex.serviceAccount.create -}} + {{ default (include "argo-cd.fullname" .) .Values.dex.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.dex.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the ArgoCD server service account to use +*/}} +{{- define "argo-cd.serverServiceAccountName" -}} +{{- if .Values.server.serviceAccount.create -}} + {{ default (include "argo-cd.fullname" .) .Values.server.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.server.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the repo-server service account to use +*/}} +{{- define "argo-cd.repoServerServiceAccountName" -}} +{{- if .Values.repoServer.serviceAccount.create -}} + {{ default (include "argo-cd.fullname" .) .Values.repoServer.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.repoServer.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "argo-cd.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml new file mode 100644 index 0000000..733f457 --- /dev/null +++ b/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml @@ -0,0 +1,24 @@ +{{- if .Values.controller.clusterAdminAccess.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "argo-cd.controller.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.controller.name }} +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' +- nonResourceURLs: + - '*' + verbs: + - '*' +{{- end }} \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml new file mode 100644 index 0000000..26580a2 --- /dev/null +++ b/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml @@ -0,0 +1,21 @@ +{{- if .Values.controller.clusterAdminAccess.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "argo-cd.controller.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.controller.name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "argo-cd.controller.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ template "argo-cd.controllerServiceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/deployment.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/deployment.yaml new file mode 100755 index 0000000..9711908 --- /dev/null +++ b/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/deployment.yaml @@ -0,0 +1,123 @@ +{{- $redisHa := (index .Values "redis-ha") -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "argo-cd.controller.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.controller.name }} + app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.controller.image.tag | quote }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-application-controller + app.kubernetes.io/instance: {{ .Release.Name }} + revisionHistoryLimit: 5 + replicas: 1 + template: + metadata: + {{- if .Values.controller.podAnnotations }} + annotations: + {{- range $key, $value := .Values.controller.podAnnotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.controller.name }} + app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.controller.image.tag | quote }} + {{- if .Values.controller.podLabels }} +{{- toYaml .Values.controller.podLabels | nindent 8 }} + {{- end }} + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.global.securityContext }} + securityContext: {{- toYaml .Values.global.securityContext | nindent 8 }} + {{- end }} + containers: + - command: + - argocd-application-controller + - --status-processors + - {{ .Values.controller.args.statusProcessors | quote }} + - --operation-processors + - {{ .Values.controller.args.operationProcessors | quote }} + - --repo-server + - {{ template "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }} + - --loglevel + - {{ .Values.controller.logLevel }} + {{- if or (and .Values.redis.enabled (not $redisHa.enabled)) (and $redisHa.enabled $redisHa.haproxy.enabled) }} + - --redis + - {{ template "argo-cd.redis.fullname" . }}:{{ .Values.redis.servicePort }} + {{- end }} + {{- with .Values.controller.extraArgs }} + {{- . | toYaml | nindent 8 }} + {{- end }} + image: {{ default .Values.global.image.repository .Values.controller.image.repository }}:{{ default .Values.global.image.tag .Values.controller.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.controller.image.imagePullPolicy }} + name: {{ .Values.controller.name }} + {{- if .Values.controller.containerSecurityContext }} + securityContext: {{- toYaml .Values.controller.containerSecurityContext | nindent 10 }} + {{- end }} + {{- if .Values.controller.env }} + env: +{{- toYaml .Values.controller.env | nindent 8 }} + {{- end }} + ports: + - name: controller + containerPort: {{ .Values.controller.containerPort }} + protocol: TCP + livenessProbe: + httpGet: + path: /healthz + port: {{ .Values.controller.containerPort }} + initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.controller.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }} + readinessProbe: + tcpSocket: + port: {{ .Values.controller.containerPort }} + initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.controller.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} +{{- if .Values.controller.volumeMounts }} + volumeMounts: +{{- toYaml .Values.controller.volumeMounts | nindent 10}} +{{- end }} + resources: +{{- toYaml .Values.controller.resources | nindent 10 }} + {{- if .Values.controller.nodeSelector }} + nodeSelector: +{{- toYaml .Values.controller.nodeSelector | nindent 8 }} + {{- end }} + {{- if .Values.controller.tolerations }} + tolerations: +{{- toYaml .Values.controller.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.controller.affinity }} + affinity: +{{- toYaml .Values.controller.affinity | nindent 8 }} + {{- end }} + serviceAccountName: {{ template "argo-cd.controllerServiceAccountName" . }} +{{- with .Values.global.hostAliases }} + hostAliases: +{{ toYaml . | indent 6 }} +{{- end }} +{{- if .Values.controller.volumes }} + volumes: +{{- toYaml .Values.controller.volumes | nindent 8 }} +{{- end }} diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/metrics-service.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/metrics-service.yaml new file mode 100644 index 0000000..aa1c6f8 --- /dev/null +++ b/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/metrics-service.yaml @@ -0,0 +1,31 @@ +{{- if .Values.controller.metrics.enabled}} +apiVersion: v1 +kind: Service +metadata: +{{- if .Values.controller.metrics.service.annotations }} + annotations: + {{- range $key, $value := .Values.controller.metrics.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- end }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-metrics + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.controller.name }} +{{- if .Values.controller.metrics.service.labels }} +{{- toYaml .Values.controller.metrics.service.labels | nindent 4 }} +{{- end }} + name: {{ template "argo-cd.controller.fullname" . }}-metrics +spec: + ports: + - name: metrics + protocol: TCP + port: {{ .Values.controller.metrics.service.servicePort }} + targetPort: controller + selector: + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }} +{{- end }} \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/prometheusrule.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/prometheusrule.yaml new file mode 100644 index 0000000..8d104f4 --- /dev/null +++ b/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/prometheusrule.yaml @@ -0,0 +1,27 @@ +{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.rules.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ template "argo-cd.controller.fullname" . }} + {{- if .Values.controller.metrics.rules.namespace }} + namespace: {{ .Values.controller.metrics.rules.namespace }} + {{- end }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.controller.name }} + {{- if .Values.controller.metrics.rules.selector }} +{{- toYaml .Values.controller.metrics.rules.selector | nindent 4 }} + {{- end }} + {{- if .Values.controller.metrics.rules.additionalLabels }} +{{- toYaml .Values.controller.metrics.rules.additionalLabels | nindent 4 }} + {{- end }} +spec: + groups: + - name: argocd + rules: +{{- toYaml .Values.controller.metrics.rules.spec | nindent 4 }} +{{- end }} diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/role.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/role.yaml new file mode 100644 index 0000000..4b0ec4f --- /dev/null +++ b/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/role.yaml @@ -0,0 +1,41 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "argo-cd.controller.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.controller.name }} +rules: +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - argoproj.io + resources: + - applications + - appprojects + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - list \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/rolebinding.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/rolebinding.yaml new file mode 100644 index 0000000..a90ca9f --- /dev/null +++ b/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/rolebinding.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "argo-cd.controller.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.controller.name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "argo-cd.controller.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ template "argo-cd.controllerServiceAccountName" . }} + namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/service.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/service.yaml new file mode 100644 index 0000000..69f8ce5 --- /dev/null +++ b/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/service.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: Service +metadata: +{{- if .Values.controller.service.annotations }} + annotations: + {{- range $key, $value := .Values.controller.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- end }} + name: {{ template "argo-cd.controller.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.controller.name }} +spec: + ports: + - name: {{ .Values.controller.service.portName }} + port: {{ .Values.controller.service.port }} + targetPort: {{ .Values.controller.containerPort }} + selector: + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }} \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/serviceaccount.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/serviceaccount.yaml new file mode 100644 index 0000000..b397d43 --- /dev/null +++ b/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/serviceaccount.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "argo-cd.controllerServiceAccountName" . }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.controller.name }} \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml new file mode 100644 index 0000000..3fb538e --- /dev/null +++ b/charts/kubezero/charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml @@ -0,0 +1,35 @@ +{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "argo-cd.controller.fullname" . }} + {{- if .Values.controller.metrics.serviceMonitor.namespace }} + namespace: {{ .Values.controller.metrics.serviceMonitor.namespace }} + {{- end }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.controller.name }} + {{- if .Values.controller.metrics.serviceMonitor.selector }} +{{- toYaml .Values.controller.metrics.serviceMonitor.selector | nindent 4 }} + {{- end }} + {{- if .Values.controller.metrics.serviceMonitor.additionalLabels }} +{{- toYaml .Values.controller.metrics.serviceMonitor.additionalLabels | nindent 4 }} + {{- end }} +spec: + endpoints: + - port: metrics + interval: 30s + path: /metrics + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-metrics + app.kubernetes.io/component: {{ .Values.controller.name }} +{{- end }} + diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml new file mode 100644 index 0000000..8f83fd6 --- /dev/null +++ b/charts/kubezero/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: argocd-cm + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-cm + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.server.name }} +data: +{{- toYaml .Values.server.config | nindent 4 }} \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml new file mode 100644 index 0000000..a4b8e92 --- /dev/null +++ b/charts/kubezero/charts/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: argocd-rbac-cm + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-rbac-cm + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.server.name }} +{{- if .Values.server.rbacConfig }} +data: +{{- toYaml .Values.server.rbacConfig | nindent 4 }} +{{- end }} \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml new file mode 100644 index 0000000..efb8035 --- /dev/null +++ b/charts/kubezero/charts/argo-cd/templates/argocd-configs/argocd-secret.yaml @@ -0,0 +1,50 @@ +{{- if .Values.configs.secret.createSecret }} +apiVersion: v1 +kind: Secret +metadata: + name: argocd-secret + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-secret + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.server.name }} + {{- if .Values.configs.secret.annotations }} + annotations: + {{- range $key, $value := .Values.configs.secret.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +type: Opaque +{{- if or .Values.configs.secret.githubSecret (or .Values.configs.secret.gitlabSecret .Values.configs.secret.bitbucketUUID .Values.configs.secret.bitbucketServerSecret .Values.configs.secret.gogsSecret .Values.configs.secret.argocdServerAdminPassword .Values.configs.secret.argocdServerTlsConfig .Values.configs.secret.extra) }} +# Setting a blank data again will wipe admin password/key/cert +data: + {{- if .Values.configs.secret.githubSecret }} + webhook.github.secret: {{ .Values.configs.secret.githubSecret | b64enc }} + {{- end }} + {{- if .Values.configs.secret.gitlabSecret }} + webhook.gitlab.secret: {{ .Values.configs.secret.gitlabSecret | b64enc }} + {{- end }} + {{- if .Values.configs.secret.bitbucketServerSecret }} + webhook.bitbucketserver.secret: {{ .Values.configs.secret.bitbucketServerSecret | b64enc }} + {{- end }} + {{- if .Values.configs.secret.bitbucketUUID }} + webhook.bitbucket.uuid: {{ .Values.configs.secret.bitbucketUUID | b64enc }} + {{- end }} + {{- if .Values.configs.secret.gogsSecret }} + webhook.gogs.secret: {{ .Values.configs.secret.gogsSecret | b64enc }} + {{- end }} + {{- if .Values.configs.secret.argocdServerTlsConfig }} + tls.key: {{ .Values.configs.secret.argocdServerTlsConfig.key | b64enc }} + tls.crt: {{ .Values.configs.secret.argocdServerTlsConfig.crt | b64enc }} + {{- end }} + {{- if .Values.configs.secret.argocdServerAdminPassword }} + admin.password: {{ .Values.configs.secret.argocdServerAdminPassword | b64enc }} + admin.passwordMtime: {{ default (date "2006-01-02T15:04:05Z" now) .Values.configs.secret.argocdServerAdminPasswordMtime | b64enc }} + {{- end }} + {{- range $key, $value := .Values.configs.secret.extra }} + {{ $key }}: {{ $value | b64enc }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml new file mode 100644 index 0000000..cf42466 --- /dev/null +++ b/charts/kubezero/charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +{{- toYaml .Values.configs.knownHosts | nindent 0 }} +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-ssh-known-hosts-cm + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.server.name }} + name: argocd-ssh-known-hosts-cm \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml new file mode 100644 index 0000000..e36fab5 --- /dev/null +++ b/charts/kubezero/charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +{{- if .Values.configs.tlsCerts }} +{{- toYaml .Values.configs.tlsCerts | nindent 0 }} +{{- end }} +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-tls-certs-cm + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.server.name }} + name: argocd-tls-certs-cm \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-repo-server/deployment.yaml new file mode 100755 index 0000000..9268cc6 --- /dev/null +++ b/charts/kubezero/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -0,0 +1,154 @@ +{{- $redisHa := (index .Values "redis-ha") -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "argo-cd.repoServer.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.repoServer.name }} + app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.repoServer.image.tag | quote }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }} + app.kubernetes.io/instance: {{ .Release.Name }} + revisionHistoryLimit: 5 + {{- if (ne .Values.repoServer.autoscaling.enabled true) }} + replicas: {{ .Values.repoServer.replicas }} + {{- end }} + template: + metadata: + {{- if .Values.repoServer.podAnnotations }} + annotations: + {{- range $key, $value := .Values.repoServer.podAnnotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.repoServer.name }} + app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.repoServer.image.tag | quote }} + {{- if .Values.repoServer.podLabels }} +{{- toYaml .Values.repoServer.podLabels | nindent 8 }} + {{- end }} + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.global.securityContext }} + securityContext: {{- toYaml .Values.global.securityContext | nindent 8 }} + {{- end }} + containers: + - name: {{ .Values.repoServer.name }} + image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default .Values.global.image.tag .Values.repoServer.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.repoServer.image.imagePullPolicy }} + command: + {{- if .Values.openshift.enabled }} + - uid_entrypoint.sh + {{- end }} + - argocd-repo-server + {{- if or (and .Values.redis.enabled (not $redisHa.enabled)) (and $redisHa.enabled $redisHa.haproxy.enabled) }} + - --redis + - {{ template "argo-cd.redis.fullname" . }}:{{ .Values.redis.servicePort }} + {{- end }} + - --loglevel + - {{ .Values.repoServer.logLevel }} + {{- with .Values.repoServer.extraArgs }} + {{- . | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.repoServer.containerSecurityContext }} + securityContext: {{- toYaml .Values.repoServer.containerSecurityContext | nindent 10 }} + {{- end }} +{{- if or (.Values.repoServer.env) (.Values.openshift.enabled) }} + env: +{{- if .Values.repoServer.env }} +{{- toYaml .Values.repoServer.env | nindent 8 }} +{{- end }} +{{- if .Values.openshift.enabled }} + - name: USER_NAME + value: argocd +{{- end }} +{{- end }} + volumeMounts: + {{- if .Values.repoServer.volumeMounts }} +{{- toYaml .Values.repoServer.volumeMounts | nindent 8}} + {{- end }} + {{- if .Values.configs.knownHosts }} + - mountPath: /app/config/ssh + name: ssh-known-hosts + {{- end }} + {{- if .Values.configs.tlsCerts }} + - mountPath: /app/config/tls + name: tls-certs + {{- end }} + ports: + - name: repo-server + containerPort: {{ .Values.repoServer.containerPort }} + protocol: TCP + {{ if .Values.repoServer.metrics.enabled }} + - name: metrics + containerPort: 8084 + protocol: TCP + {{- end }} + livenessProbe: + tcpSocket: + port: {{ .Values.repoServer.containerPort }} + initialDelaySeconds: {{ .Values.repoServer.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.repoServer.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.repoServer.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.repoServer.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.repoServer.livenessProbe.failureThreshold }} + readinessProbe: + tcpSocket: + port: {{ .Values.repoServer.containerPort }} + initialDelaySeconds: {{ .Values.repoServer.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.repoServer.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.repoServer.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.repoServer.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.repoServer.readinessProbe.failureThreshold }} + resources: +{{- toYaml .Values.repoServer.resources | nindent 10 }} + {{- if .Values.repoServer.nodeSelector }} + nodeSelector: +{{- toYaml .Values.repoServer.nodeSelector | nindent 8 }} + {{- end }} + {{- if .Values.repoServer.tolerations }} + tolerations: +{{- toYaml .Values.repoServer.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.repoServer.affinity }} + affinity: +{{- toYaml .Values.repoServer.affinity | nindent 8 }} + {{- end }} + serviceAccountName: {{ template "argo-cd.repoServerServiceAccountName" . }} +{{- with .Values.global.hostAliases }} + hostAliases: +{{ toYaml . | indent 6 }} +{{- end }} + volumes: + {{- if .Values.repoServer.volumes }} +{{- toYaml .Values.repoServer.volumes | nindent 6}} + {{- end }} + {{- if .Values.configs.knownHosts }} + - configMap: + name: argocd-ssh-known-hosts-cm + name: ssh-known-hosts + {{- end }} + {{- if .Values.configs.tlsCerts }} + - configMap: + name: argocd-tls-certs-cm + name: tls-certs + {{- end }} + {{- if .Values.repoServer.initContainers }} + initContainers: +{{- toYaml .Values.repoServer.initContainers | nindent 6 }} + {{- end }} diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-repo-server/hpa.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-repo-server/hpa.yaml new file mode 100644 index 0000000..103c995 --- /dev/null +++ b/charts/kubezero/charts/argo-cd/templates/argocd-repo-server/hpa.yaml @@ -0,0 +1,33 @@ +{{- if .Values.repoServer.autoscaling.enabled }} +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }}-hpa + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.repoServer.name }} + name: {{ template "argo-cd.repoServer.fullname" . }}-hpa +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ template "argo-cd.repoServer.fullname" . }} + minReplicas: {{ .Values.repoServer.autoscaling.minReplicas }} + maxReplicas: {{ .Values.repoServer.autoscaling.maxReplicas }} + metrics: +{{- with .Values.repoServer.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + targetAverageUtilization: {{ . }} +{{- end }} +{{- with .Values.repoServer.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + targetAverageUtilization: {{ . }} +{{- end }} +{{- end }} diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-repo-server/metrics-service.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-repo-server/metrics-service.yaml new file mode 100644 index 0000000..99b8eb9 --- /dev/null +++ b/charts/kubezero/charts/argo-cd/templates/argocd-repo-server/metrics-service.yaml @@ -0,0 +1,31 @@ +{{- if .Values.repoServer.metrics.enabled}} +apiVersion: v1 +kind: Service +metadata: +{{- if .Values.repoServer.metrics.service.annotations }} + annotations: + {{- range $key, $value := .Values.repoServer.metrics.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- end }} + labels: + app.kubernetes.io/name: {{ template "argo-cd.repoServer.fullname" . }}-metrics + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.repoServer.name }} +{{- if .Values.repoServer.metrics.service.labels }} +{{- toYaml .Values.repoServer.metrics.service.labels | nindent 4 }} +{{- end }} + name: {{ template "argo-cd.repoServer.fullname" . }}-metrics +spec: + ports: + - name: metrics + protocol: TCP + port: {{ .Values.repoServer.metrics.service.servicePort }} + targetPort: metrics + selector: + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }} +{{- end }} \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-repo-server/repository-credentials-secret.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-repo-server/repository-credentials-secret.yaml new file mode 100644 index 0000000..aed7700 --- /dev/null +++ b/charts/kubezero/charts/argo-cd/templates/argocd-repo-server/repository-credentials-secret.yaml @@ -0,0 +1,18 @@ +{{- if .Values.configs.repositoryCredentials }} +apiVersion: v1 +kind: Secret +metadata: + name: argocd-repository-credentials + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-secret + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.server.name }} +type: Opaque +data: +{{- range $key, $value := .Values.configs.repositoryCredentials }} + {{ $key }}: {{ $value | b64enc }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-repo-server/role.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-repo-server/role.yaml new file mode 100644 index 0000000..9c902cc --- /dev/null +++ b/charts/kubezero/charts/argo-cd/templates/argocd-repo-server/role.yaml @@ -0,0 +1,17 @@ +{{- if .Values.repoServer.serviceAccount.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "argo-cd.repoServer.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.repoServer.name }} +rules: +{{- if .Values.repoServer.rbac }} +{{toYaml .Values.repoServer.rbac }} +{{- end }} +{{- end }} diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-repo-server/rolebinding.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-repo-server/rolebinding.yaml new file mode 100644 index 0000000..692b11e --- /dev/null +++ b/charts/kubezero/charts/argo-cd/templates/argocd-repo-server/rolebinding.yaml @@ -0,0 +1,21 @@ +{{- if .Values.repoServer.serviceAccount.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "argo-cd.repoServer.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.repoServer.name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "argo-cd.repoServer.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ template "argo-cd.repoServerServiceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-repo-server/service.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-repo-server/service.yaml new file mode 100644 index 0000000..169edd3 --- /dev/null +++ b/charts/kubezero/charts/argo-cd/templates/argocd-repo-server/service.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: Service +metadata: +{{- if .Values.repoServer.service.annotations }} + annotations: + {{- range $key, $value := .Values.repoServer.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- end }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.repoServer.name }} + name: {{ template "argo-cd.repoServer.fullname" . }} +spec: + ports: + - name: {{ .Values.repoServer.service.portName }} + protocol: TCP + port: {{ .Values.repoServer.service.port }} + targetPort: repo-server + selector: + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }} \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml new file mode 100644 index 0000000..a0bae94 --- /dev/null +++ b/charts/kubezero/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml @@ -0,0 +1,19 @@ +{{- if .Values.repoServer.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "argo-cd.repoServerServiceAccountName" . }} +{{- if .Values.repoServer.serviceAccount.annotations }} + annotations: + {{- range $key, $value := .Values.repoServer.serviceAccount.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- end }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.repoServer.name }} +{{- end }} \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml new file mode 100644 index 0000000..c07769f --- /dev/null +++ b/charts/kubezero/charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml @@ -0,0 +1,36 @@ +{{- if and .Values.repoServer.metrics.enabled .Values.repoServer.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "argo-cd.repoServer.fullname" . }} + {{- if .Values.repoServer.metrics.serviceMonitor.namespace }} + namespace: {{ .Values.repoServer.metrics.serviceMonitor.namespace }} + {{- end }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.repoServer.name }} + {{- if .Values.repoServer.metrics.serviceMonitor.selector }} +{{- toYaml .Values.repoServer.metrics.serviceMonitor.selector | nindent 4 }} + {{- end }} + {{- if .Values.repoServer.metrics.serviceMonitor.additionalLabels }} +{{- toYaml .Values.repoServer.metrics.serviceMonitor.additionalLabels | nindent 4 }} + {{- end }} +spec: + endpoints: + - port: metrics + interval: 30s + path: /metrics + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/name: {{ template "argo-cd.repoServer.fullname" . }}-metrics + app.kubernetes.io/component: {{ .Values.repoServer.name }} +{{- end }} + diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-server/applications.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-server/applications.yaml new file mode 100644 index 0000000..1b9d424 --- /dev/null +++ b/charts/kubezero/charts/argo-cd/templates/argocd-server/applications.yaml @@ -0,0 +1,42 @@ +{{- if .Values.server.additionalApplications }} +apiVersion: v1 +kind: List +items: +{{- range .Values.server.additionalApplications }} + - apiVersion: argoproj.io/v1alpha1 + kind: Application + metadata: + {{- if .additionalAnnotations }} + annotations: + {{- range $key, $value := .additionalAnnotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- if .additionalLabels }} + labels: +{{- toYaml .additionalLabels | nindent 8 }} + {{- end }} + name: {{ .name }} + {{- if .namespace }} + namespace: {{ .namespace }} + {{- end }} + {{- if .finalizers }} + finalizers: +{{- toYaml .finalizers | nindent 8 }} + {{- end }} + spec: + project: {{ tpl .project $ }} + source: +{{- toYaml .source | nindent 8 }} + destination: +{{- toYaml .destination | nindent 8 }} + {{- if .syncPolicy }} + syncPolicy: +{{- toYaml .syncPolicy | nindent 8 }} + {{- end }} + {{- if .ignoreDifferences }} + ignoreDifferences: +{{- toYaml .ignoreDifferences | nindent 8 }} + {{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-server/backendconfig.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-server/backendconfig.yaml new file mode 100644 index 0000000..279b348 --- /dev/null +++ b/charts/kubezero/charts/argo-cd/templates/argocd-server/backendconfig.yaml @@ -0,0 +1,15 @@ +{{- if .Values.server.GKEbackendConfig.enabled }} +apiVersion: cloud.google.com/v1beta1 +kind: BackendConfig +metadata: + name: {{ template "argo-cd.server.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.server.name }} +spec: + {{- toYaml .Values.server.GKEbackendConfig.spec | nindent 2 }} +{{- end }} diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-server/certificate.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-server/certificate.yaml new file mode 100644 index 0000000..be778be --- /dev/null +++ b/charts/kubezero/charts/argo-cd/templates/argocd-server/certificate.yaml @@ -0,0 +1,30 @@ +{{- if .Values.server.certificate.enabled -}} +{{- if .Capabilities.APIVersions.Has "cert-manager.io/v1alpha3" }} +apiVersion: cert-manager.io/v1alpha3 +{{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1alpha2" }} +apiVersion: cert-manager.io/v1alpha2 +{{- else }} +apiVersion: certmanager.k8s.io/v1alpha1 +{{- end }} +kind: Certificate +metadata: + name: {{ template "argo-cd.server.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.server.name }} +spec: + commonName: {{ .Values.server.certificate.domain | quote }} + dnsNames: + - {{ .Values.server.certificate.domain | quote }} + {{- range .Values.server.certificate.additionalHosts }} + - {{ . | quote }} + {{- end }} + issuerRef: + kind: {{ .Values.server.certificate.issuer.kind | quote }} + name: {{ .Values.server.certificate.issuer.name | quote }} + secretName: argocd-secret +{{- end }} diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-server/clusterrole.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-server/clusterrole.yaml new file mode 100644 index 0000000..4570454 --- /dev/null +++ b/charts/kubezero/charts/argo-cd/templates/argocd-server/clusterrole.yaml @@ -0,0 +1,35 @@ +{{- if .Values.server.clusterAdminAccess.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "argo-cd.server.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.server.name }} +rules: + - apiGroups: + - '*' + resources: + - '*' + verbs: + - delete + - get + - patch + - apiGroups: + - "" + resources: + - events + verbs: + - list + - apiGroups: + - "" + resources: + - pods + - pods/log + verbs: + - get +{{- end }} \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml new file mode 100644 index 0000000..3bbd5a0 --- /dev/null +++ b/charts/kubezero/charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml @@ -0,0 +1,21 @@ +{{- if .Values.server.clusterAdminAccess.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "argo-cd.server.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.server.name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "argo-cd.server.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ template "argo-cd.serverServiceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-server/deployment.yaml new file mode 100755 index 0000000..d73e3df --- /dev/null +++ b/charts/kubezero/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -0,0 +1,153 @@ +{{- $redisHa := (index .Values "redis-ha") -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "argo-cd.server.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.server.name }} + app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.server.image.tag | quote }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }} + app.kubernetes.io/instance: {{ .Release.Name }} + revisionHistoryLimit: 5 + {{- if (ne .Values.server.autoscaling.enabled true) }} + replicas: {{ .Values.server.replicas }} + {{- end }} + template: + metadata: + {{- if .Values.server.podAnnotations }} + annotations: + {{- range $key, $value := .Values.server.podAnnotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.server.name }} + app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.server.image.tag | quote }} + {{- if .Values.server.podLabels }} +{{- toYaml .Values.server.podLabels | nindent 8 }} + {{- end }} + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.global.securityContext }} + securityContext: {{- toYaml .Values.global.securityContext | nindent 8 }} + {{- end }} + containers: + - name: {{ .Values.server.name }} + image: {{ default .Values.global.image.repository .Values.server.image.repository }}:{{ default .Values.global.image.tag .Values.server.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.server.image.imagePullPolicy }} + command: + - argocd-server + - --staticassets + - /shared/app + - --repo-server + - {{ template "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }} + {{- if .Values.dex.enabled }} + - --dex-server + - http://{{ template "argo-cd.dex.fullname" . }}:{{ .Values.dex.servicePortHttp }} + {{- end }} + - --loglevel + - {{ .Values.server.logLevel }} + {{- if or (and .Values.redis.enabled (not $redisHa.enabled)) (and $redisHa.enabled $redisHa.haproxy.enabled) }} + - --redis + - {{ template "argo-cd.redis.fullname" . }}:{{ .Values.redis.servicePort }} + {{- end }} + {{- with .Values.server.extraArgs }} + {{- . | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.server.containerSecurityContext }} + securityContext: {{- toYaml .Values.server.containerSecurityContext | nindent 10 }} + {{- end }} + {{- if .Values.server.env }} + env: +{{- toYaml .Values.server.env | nindent 8 }} + {{- end }} + volumeMounts: + {{- if .Values.server.volumeMounts }} +{{- toYaml .Values.server.volumeMounts | nindent 8}} + {{- end }} + {{- if .Values.configs.knownHosts }} + - mountPath: /app/config/ssh + name: ssh-known-hosts + {{- end }} + {{- if .Values.configs.tlsCerts }} + - mountPath: /app/config/tls + name: tls-certs + {{- end }} + ports: + - name: {{ .Values.server.name }} + containerPort: {{ .Values.server.containerPort }} + protocol: TCP + {{ if .Values.server.metrics.enabled }} + - name: metrics + containerPort: 8083 + protocol: TCP + {{- end }} + livenessProbe: + httpGet: + path: /healthz + port: {{ .Values.server.containerPort }} + initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.server.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }} + readinessProbe: + httpGet: + path: /healthz + port: {{ .Values.server.containerPort }} + initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.server.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }} + resources: +{{- toYaml .Values.server.resources | nindent 10 }} + {{- if .Values.server.nodeSelector }} + nodeSelector: +{{- toYaml .Values.server.nodeSelector | nindent 8 }} + {{- end }} + {{- if .Values.server.tolerations }} + tolerations: +{{- toYaml .Values.server.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.server.affinity }} + affinity: +{{- toYaml .Values.server.affinity | nindent 8 }} + {{- end }} + serviceAccountName: {{ template "argo-cd.serverServiceAccountName" . }} +{{- with .Values.global.hostAliases }} + hostAliases: +{{ toYaml . | indent 6 }} +{{- end }} + volumes: + {{- if .Values.server.volumes }} +{{- toYaml .Values.server.volumes | nindent 6}} + {{- end }} + - emptyDir: {} + name: static-files + {{- if .Values.configs.knownHosts }} + - configMap: + name: argocd-ssh-known-hosts-cm + name: ssh-known-hosts + {{- end }} + {{- if .Values.configs.tlsCerts }} + - configMap: + name: argocd-tls-certs-cm + name: tls-certs + {{- end }} diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-server/hpa.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-server/hpa.yaml new file mode 100644 index 0000000..be947ef --- /dev/null +++ b/charts/kubezero/charts/argo-cd/templates/argocd-server/hpa.yaml @@ -0,0 +1,33 @@ +{{- if .Values.server.autoscaling.enabled }} +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}-hpa + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.server.name }} + name: {{ template "argo-cd.server.fullname" . }}-hpa +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ template "argo-cd.server.fullname" . }} + minReplicas: {{ .Values.server.autoscaling.minReplicas }} + maxReplicas: {{ .Values.server.autoscaling.maxReplicas }} + metrics: +{{- with .Values.server.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + targetAverageUtilization: {{ . }} +{{- end }} +{{- with .Values.server.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + targetAverageUtilization: {{ . }} +{{- end }} +{{- end }} diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-server/ingress.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-server/ingress.yaml new file mode 100644 index 0000000..df2f93c --- /dev/null +++ b/charts/kubezero/charts/argo-cd/templates/argocd-server/ingress.yaml @@ -0,0 +1,57 @@ +{{- if .Values.server.ingress.enabled -}} +{{- $serviceName := include "argo-cd.server.fullname" . -}} +{{- $servicePort := .Values.server.service.servicePortHttp -}} +{{- $paths := .Values.server.ingress.paths -}} +{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} +apiVersion: networking.k8s.io/v1beta1 +{{ else }} +apiVersion: extensions/v1beta1 +{{ end -}} +kind: Ingress +metadata: +{{- if .Values.server.ingress.annotations }} + annotations: + {{- range $key, $value := .Values.server.ingress.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- end }} + name: {{ template "argo-cd.server.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.server.name }} +{{- if .Values.server.ingress.labels }} +{{- toYaml .Values.server.ingress.labels | nindent 4 }} +{{- end }} +spec: + rules: + {{- if .Values.server.ingress.hosts }} + {{- range $host := .Values.server.ingress.hosts }} + - host: {{ $host }} + http: + paths: + {{- range $p := $paths }} + - path: {{ $p }} + backend: + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + {{- end -}} + {{- end -}} + {{- else }} + - http: + paths: + {{- range $p := $paths }} + - path: {{ $p }} + backend: + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + {{- end -}} + {{- end -}} + {{- if .Values.server.ingress.tls }} + tls: +{{- toYaml .Values.server.ingress.tls | nindent 4 }} + {{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-server/metrics-service.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-server/metrics-service.yaml new file mode 100644 index 0000000..44b8b1e --- /dev/null +++ b/charts/kubezero/charts/argo-cd/templates/argocd-server/metrics-service.yaml @@ -0,0 +1,31 @@ +{{- if .Values.server.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + {{- if .Values.server.metrics.service.annotations }} + annotations: + {{- range $key, $value := .Values.server.metrics.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- end }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}-metrics + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.server.name }} +{{- if .Values.server.metrics.service.labels }} +{{- toYaml .Values.server.metrics.service.labels | nindent 4 }} +{{- end }} + name: {{ template "argo-cd.server.fullname" . }}-metrics +spec: + ports: + - name: metrics + protocol: TCP + port: {{ .Values.server.metrics.service.servicePort }} + targetPort: metrics + selector: + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }} +{{- end }} \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-server/projects.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-server/projects.yaml new file mode 100644 index 0000000..b48e12c --- /dev/null +++ b/charts/kubezero/charts/argo-cd/templates/argocd-server/projects.yaml @@ -0,0 +1,46 @@ +{{- if .Values.server.additionalProjects }} +apiVersion: v1 +kind: List +items: +{{- range .Values.server.additionalProjects }} + - apiVersion: argoproj.io/v1alpha1 + kind: AppProject + metadata: + {{- if .additionalAnnotations }} + annotations: + {{- range $key, $value := .additionalAnnotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- if .additionalLabels }} + labels: +{{- toYaml .additionalLabels | nindent 8 }} + {{- end }} + name: {{ .name }} + {{- if .namespace }} + namespace: {{ .namespace }} + {{- end }} + spec: + description: {{ .description }} + sourceRepos: +{{- toYaml .sourceRepos | nindent 8 }} + destinations: +{{- toYaml .destinations | nindent 8 }} + {{- if .clusterResourceWhitelist }} + clusterResourceWhitelist: +{{- toYaml .clusterResourceWhitelist | nindent 8 }} + {{- end }} + {{- if .namespaceResourceBlacklist }} + namespaceResourceBlacklist: +{{- toYaml .namespaceResourceBlacklist | nindent 8 }} + {{- end }} + {{- if .orphanedResources }} + orphanedResources: +{{- toYaml .orphanedResources | nindent 8 }} + {{- end }} + {{- if .roles }} + roles: +{{- toYaml .roles | nindent 8 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-server/role.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-server/role.yaml new file mode 100644 index 0000000..4b7fe6d --- /dev/null +++ b/charts/kubezero/charts/argo-cd/templates/argocd-server/role.yaml @@ -0,0 +1,45 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "argo-cd.server.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.server.name }} +rules: +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - argoproj.io + resources: + - applications + - appprojects + verbs: + - create + - get + - list + - watch + - update + - delete + - patch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - list \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-server/rolebinding.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-server/rolebinding.yaml new file mode 100644 index 0000000..37bf10b --- /dev/null +++ b/charts/kubezero/charts/argo-cd/templates/argocd-server/rolebinding.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "argo-cd.server.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.server.name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "argo-cd.server.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ template "argo-cd.serverServiceAccountName" . }} + namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-server/route.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-server/route.yaml new file mode 100644 index 0000000..775a0a2 --- /dev/null +++ b/charts/kubezero/charts/argo-cd/templates/argocd-server/route.yaml @@ -0,0 +1,31 @@ +{{- if .Values.server.route.enabled -}} +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: {{ template "argo-cd.server.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.server.name }} +{{- with .Values.server.route.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + host: {{ .Values.server.route.hostname | quote }} + to: + kind: Service + name: {{ template "argo-cd.server.fullname" . }} + weight: 100 + port: + targetPort: https + tls: + termination: {{ .Values.server.route.termination_type | default "passthrough" }} + insecureEdgeTerminationPolicy: {{ .Values.server.route.termination_policy | default "None" }} + wildcardPolicy: None +status: + ingress: [] +{{- end }} diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-server/service.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-server/service.yaml new file mode 100644 index 0000000..396b0c0 --- /dev/null +++ b/charts/kubezero/charts/argo-cd/templates/argocd-server/service.yaml @@ -0,0 +1,43 @@ +apiVersion: v1 +kind: Service +metadata: +{{- if .Values.server.service.annotations }} + annotations: + {{- range $key, $value := .Values.server.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- end }} + name: {{ template "argo-cd.server.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.server.name }} +{{- if .Values.server.service.labels }} +{{- toYaml .Values.server.service.labels | nindent 4 }} +{{- end }} +spec: + type: {{ .Values.server.service.type }} + ports: + - name: {{ .Values.server.service.servicePortHttpName }} + protocol: TCP + port: {{ .Values.server.service.servicePortHttp }} + targetPort: {{ .Values.server.name }} + - name: {{ .Values.server.service.servicePortHttpsName }} + protocol: TCP + port: {{ .Values.server.service.servicePortHttps }} + targetPort: {{ .Values.server.name }} + selector: + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }} +{{- if eq .Values.server.service.type "LoadBalancer" }} +{{- if .Values.server.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.server.service.loadBalancerIP | quote }} +{{- end }} +{{- if .Values.server.service.loadBalancerSourceRanges }} + loadBalancerSourceranges: +{{ toYaml .Values.server.service.loadBalancerSourceRanges | indent 4 }} +{{- end }} +{{- end -}} diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-server/serviceaccount.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-server/serviceaccount.yaml new file mode 100644 index 0000000..08f11d0 --- /dev/null +++ b/charts/kubezero/charts/argo-cd/templates/argocd-server/serviceaccount.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "argo-cd.serverServiceAccountName" . }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.server.name }} \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/argocd-server/servicemonitor.yaml b/charts/kubezero/charts/argo-cd/templates/argocd-server/servicemonitor.yaml new file mode 100644 index 0000000..b680b4c --- /dev/null +++ b/charts/kubezero/charts/argo-cd/templates/argocd-server/servicemonitor.yaml @@ -0,0 +1,36 @@ +{{- if and .Values.server.metrics.enabled .Values.server.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "argo-cd.server.fullname" . }} + {{- if .Values.server.metrics.serviceMonitor.namespace }} + namespace: {{ .Values.server.metrics.serviceMonitor.namespace }} + {{- end }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.server.name }} + {{- if .Values.server.metrics.serviceMonitor.selector }} +{{- toYaml .Values.server.metrics.serviceMonitor.selector | nindent 4 }} + {{- end }} + {{- if .Values.server.metrics.serviceMonitor.additionalLabels }} +{{- toYaml .Values.server.metrics.serviceMonitor.additionalLabels | nindent 4 }} + {{- end }} +spec: + endpoints: + - port: metrics + interval: 30s + path: /metrics + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}-metrics + app.kubernetes.io/component: {{ .Values.server.name }} +{{- end }} + diff --git a/charts/kubezero/charts/argo-cd/templates/crds.yaml b/charts/kubezero/charts/argo-cd/templates/crds.yaml new file mode 100644 index 0000000..45ab72d --- /dev/null +++ b/charts/kubezero/charts/argo-cd/templates/crds.yaml @@ -0,0 +1,6 @@ +{{- if .Values.installCRDs }} +{{- range $path, $_ := .Files.Glob "crds/*.yaml" }} +{{ $.Files.Get $path }} +--- +{{- end }} +{{- end }} diff --git a/charts/kubezero/charts/argo-cd/templates/dex/deployment.yaml b/charts/kubezero/charts/argo-cd/templates/dex/deployment.yaml new file mode 100755 index 0000000..d2fde3e --- /dev/null +++ b/charts/kubezero/charts/argo-cd/templates/dex/deployment.yaml @@ -0,0 +1,106 @@ +{{- if .Values.dex.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "argo-cd.dex.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.dex.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.dex.name }} + app.kubernetes.io/version: {{ .Values.dex.image.tag }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.dex.name }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + {{- if .Values.dex.podAnnotations }} + annotations: + {{- range $key, $value := .Values.dex.podAnnotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.dex.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.dex.name }} + app.kubernetes.io/version: {{ .Values.dex.image.tag }} + {{- if .Values.dex.podLabels }} +{{- toYaml .Values.dex.podLabels | nindent 8 }} + {{- end }} + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.global.securityContext }} + securityContext: {{- toYaml .Values.global.securityContext | nindent 8 }} + {{- end }} + initContainers: + - name: copyutil + image: {{ default .Values.global.image.repository .Values.dex.initImage.repository }}:{{ default .Values.global.image.tag .Values.dex.initImage.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.dex.initImage.imagePullPolicy }} + resources: +{{- toYaml .Values.dex.resources | nindent 10 }} + {{- if .Values.dex.containerSecurityContext }} + securityContext: {{- toYaml .Values.dex.containerSecurityContext | nindent 10 }} + {{- end }} + command: + - cp + - /usr/local/bin/argocd-util + - /shared + volumeMounts: + - mountPath: /shared + name: static-files + containers: + - name: {{ .Values.dex.name }} + image: {{ .Values.dex.image.repository }}:{{ .Values.dex.image.tag }} + imagePullPolicy: {{ .Values.dex.image.imagePullPolicy }} + command: + - /shared/argocd-util + - rundex + {{- if .Values.dex.containerSecurityContext }} + securityContext: {{- toYaml .Values.dex.containerSecurityContext | nindent 10 }} + {{- end }} + {{- if .Values.dex.env }} + env: +{{- toYaml .Values.dex.env | nindent 8 }} + {{- end }} + ports: + - name: http + containerPort: {{ .Values.dex.containerPortHttp }} + protocol: TCP + - name: grpc + containerPort: {{ .Values.dex.containerPortGrpc }} + protocol: TCP +{{- if .Values.dex.volumeMounts }} + volumeMounts: +{{- toYaml .Values.dex.volumeMounts | nindent 10 }} +{{- end }} + resources: +{{- toYaml .Values.dex.resources | nindent 10 }} + {{- if .Values.dex.nodeSelector }} + nodeSelector: +{{- toYaml .Values.dex.nodeSelector | nindent 8 }} + {{- end }} + {{- if .Values.dex.tolerations }} + tolerations: +{{- toYaml .Values.dex.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.dex.affinity }} + affinity: +{{- toYaml .Values.dex.affinity | nindent 8 }} + {{- end }} + serviceAccountName: {{ template "argo-cd.dexServiceAccountName" . }} +{{- if .Values.dex.volumes }} + volumes: +{{- toYaml .Values.dex.volumes | nindent 8}} +{{- end }} +{{- end }} diff --git a/charts/kubezero/charts/argo-cd/templates/dex/role.yaml b/charts/kubezero/charts/argo-cd/templates/dex/role.yaml new file mode 100644 index 0000000..e2eca1c --- /dev/null +++ b/charts/kubezero/charts/argo-cd/templates/dex/role.yaml @@ -0,0 +1,23 @@ +{{- if .Values.dex.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "argo-cd.dex.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.dex.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.dex.name }} +rules: +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get + - list + - watch +{{- end }} \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/dex/rolebinding.yaml b/charts/kubezero/charts/argo-cd/templates/dex/rolebinding.yaml new file mode 100644 index 0000000..54311e7 --- /dev/null +++ b/charts/kubezero/charts/argo-cd/templates/dex/rolebinding.yaml @@ -0,0 +1,21 @@ +{{- if .Values.dex.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "argo-cd.dex.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.dex.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.dex.name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "argo-cd.dex.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ template "argo-cd.dexServiceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/dex/service.yaml b/charts/kubezero/charts/argo-cd/templates/dex/service.yaml new file mode 100644 index 0000000..cb5ec3f --- /dev/null +++ b/charts/kubezero/charts/argo-cd/templates/dex/service.yaml @@ -0,0 +1,26 @@ +{{- if .Values.dex.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "argo-cd.dex.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.dex.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.dex.name }} +spec: + ports: + - name: http + protocol: TCP + port: {{ .Values.dex.servicePortHttp }} + targetPort: http + - name: grpc + protocol: TCP + port: {{ .Values.dex.servicePortGrpc }} + targetPort: grpc + selector: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.dex.name }} + app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/dex/serviceaccount.yaml b/charts/kubezero/charts/argo-cd/templates/dex/serviceaccount.yaml new file mode 100644 index 0000000..4df9ca5 --- /dev/null +++ b/charts/kubezero/charts/argo-cd/templates/dex/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.dex.enabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "argo-cd.dexServiceAccountName" . }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.dex.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.dex.name }} +{{- end }} \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/templates/redis/deployment.yaml b/charts/kubezero/charts/argo-cd/templates/redis/deployment.yaml new file mode 100755 index 0000000..7531f6d --- /dev/null +++ b/charts/kubezero/charts/argo-cd/templates/redis/deployment.yaml @@ -0,0 +1,88 @@ +{{- $redisHa := (index .Values "redis-ha") -}} +{{- if and .Values.redis.enabled (not $redisHa.enabled) -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "argo-cd.redis.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.redis.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.redis.name }} + app.kubernetes.io/version: {{ .Values.redis.image.tag }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.redis.name }} + template: + metadata: + {{- if .Values.redis.podAnnotations }} + annotations: + {{- range $key, $value := .Values.redis.podAnnotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.redis.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.redis.name }} + app.kubernetes.io/version: {{ .Values.redis.image.tag }} + {{- if .Values.redis.podLabels }} +{{- toYaml .Values.redis.podLabels | nindent 8 }} + {{- end }} + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + automountServiceAccountToken: false + {{- if .Values.global.securityContext }} + securityContext: {{- toYaml .Values.global.securityContext | nindent 8 }} + {{- end }} + containers: + - name: {{ template "argo-cd.redis.fullname" . }} + args: + - --save + - "" + - --appendonly + - "no" + image: {{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }} + imagePullPolicy: {{ .Values.redis.image.imagePullPolicy}} + {{- if .Values.redis.containerSecurityContext }} + securityContext: {{- toYaml .Values.redis.containerSecurityContext | nindent 10 }} + {{- end }} + {{- if .Values.redis.env }} + env: +{{- toYaml .Values.redis.env | nindent 8 }} + {{- end }} + ports: + - containerPort: {{ .Values.redis.containerPort }} +{{- if .Values.redis.volumeMounts }} + + volumeMounts: +{{- toYaml .Values.redis.volumeMounts | nindent 10 }} +{{- end }} + resources: +{{- toYaml .Values.redis.resources | nindent 10 }} + {{- if .Values.redis.nodeSelector }} + nodeSelector: +{{- toYaml .Values.redis.nodeSelector | nindent 8 }} + {{- end }} + {{- if .Values.redis.tolerations }} + tolerations: +{{- toYaml .Values.redis.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.redis.affinity }} + affinity: +{{- toYaml .Values.redis.affinity | nindent 8 }} + {{- end }} +{{- if .Values.redis.volumes }} + volumes: +{{- toYaml .Values.redis.volumes | nindent 8}} +{{- end }} +{{- end }} diff --git a/charts/kubezero/charts/argo-cd/templates/redis/service.yaml b/charts/kubezero/charts/argo-cd/templates/redis/service.yaml new file mode 100644 index 0000000..7916edb --- /dev/null +++ b/charts/kubezero/charts/argo-cd/templates/redis/service.yaml @@ -0,0 +1,20 @@ +{{- $redisHa := (index .Values "redis-ha") -}} +{{- if and .Values.redis.enabled (not $redisHa.enabled) -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "argo-cd.redis.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.redis.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.redis.name }} +spec: + ports: + - port: {{ .Values.redis.servicePort }} + targetPort: {{ .Values.redis.servicePort }} + selector: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.redis.name }} +{{- end }} \ No newline at end of file diff --git a/charts/kubezero/charts/argo-cd/values.yaml b/charts/kubezero/charts/argo-cd/values.yaml new file mode 100755 index 0000000..7b459a7 --- /dev/null +++ b/charts/kubezero/charts/argo-cd/values.yaml @@ -0,0 +1,830 @@ +## ArgoCD configuration +## Ref: https://github.com/argoproj/argo-cd +## +nameOverride: argocd +fullnameOverride: "" + +# Optional CRD installation for those without Helm hooks +installCRDs: true + +global: + image: + repository: argoproj/argocd + tag: v1.5.2 + imagePullPolicy: IfNotPresent + securityContext: {} + # runAsUser: 999 + # runAsGroup: 999 + # fsGroup: 999 + imagePullSecrets: [] + hostAliases: [] + # - ip: 10.20.30.40 + # hostnames: + # - git.myhostname + +## Controller +controller: + name: application-controller + + image: + repository: # argoproj/argocd + tag: # v1.5.2 + imagePullPolicy: # IfNotPresent + + ## Argo controller commandline flags + args: + statusProcessors: "20" + operationProcessors: "10" + + ## Argo controller log level + logLevel: info + + ## Additional command line arguments to pass to argocd-controller + ## + extraArgs: [] + + ## Environment variables to pass to argocd-controller + ## + env: [] + + ## Annotations to be added to controller pods + ## + podAnnotations: {} + + ## Labels to be added to controller pods + ## + podLabels: {} + + ## Labels to set container specific security contexts + containerSecurityContext: {} + # capabilities: + # drop: + # - all + + ## Configures the controller port + containerPort: 8082 + + ## Readiness and liveness probes for default backend + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## + readinessProbe: + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + livenessProbe: + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + + ## Additional volumeMounts to the controller main container. + volumeMounts: [] + + ## Additional volumes to the controller pod. + volumes: [] + + ## Controller service configuration + service: + annotations: {} + labels: {} + port: 8082 + portName: https-controller + + ## Node selectors and tolerations for server scheduling to nodes with taints + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + nodeSelector: {} + tolerations: [] + affinity: {} + + priorityClassName: "" + + resources: {} + # limits: + # cpu: 500m + # memory: 512Mi + # requests: + # cpu: 250m + # memory: 256Mi + + serviceAccount: + create: true + name: argocd-application-controller + + ## Server metrics controller configuration + metrics: + enabled: false + service: + annotations: {} + labels: {} + servicePort: 8082 + serviceMonitor: + enabled: false + # selector: + # prometheus: kube-prometheus + # namespace: monitoring + # additionalLabels: {} + rules: + enabled: false + spec: [] + # - alert: ArgoAppMissing + # expr: | + # absent(argocd_app_info) + # for: 15m + # labels: + # severity: critical + # annotations: + # summary: "[ArgoCD] No reported applications" + # description: > + # ArgoCD has not reported any applications data for the past 15 minutes which + # means that it must be down or not functioning properly. This needs to be + # resolved for this cloud to continue to maintain state. + # - alert: ArgoAppNotSynced + # expr: | + # argocd_app_sync_status{sync_status!="Synced"} == 1 + # for: 12h + # labels: + # severity: warning + # annotations: + # summary: "[{{`{{$labels.name}}`}}] Application not synchronized" + # description: > + # The application [{{`{{$labels.name}}`}} has not been synchronized for over + # 12 hours which means that the state of this cloud has drifted away from the + # state inside Git. + # selector: + # prometheus: kube-prometheus + # namespace: monitoring + # additionalLabels: {} + + ## Enable Admin ClusterRole resources. + ## Enable if you would like to grant rights to ArgoCD to deploy to the local kuberentes cluster. + clusterAdminAccess: + enabled: true + +## Dex +dex: + enabled: true + name: dex-server + + image: + repository: quay.io/dexidp/dex + tag: v2.22.0 + imagePullPolicy: IfNotPresent + initImage: + repository: + tag: + imagePullPolicy: + + ## Environment variables to pass to the Dex server + ## + env: [] + + ## Annotations to be added to the Dex server pods + ## + podAnnotations: {} + + ## Labels to be added to the Dex server pods + ## + podLabels: {} + + serviceAccount: + create: true + name: argocd-dex-server + + ## Additional volumeMounts to the controller main container. + volumeMounts: + - name: static-files + mountPath: /shared + + ## Additional volumes to the controller pod. + volumes: + - name: static-files + emptyDir: {} + + ## Dex deployment container ports + containerPortHttp: 5556 + servicePortHttp: 5556 + containerPortGrpc: 5557 + servicePortGrpc: 5557 + + ## Node selectors and tolerations for server scheduling to nodes with taints + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + nodeSelector: {} + tolerations: [] + affinity: {} + + priorityClassName: "" + + ## Labels to set container specific security contexts + containerSecurityContext: {} + # capabilities: + # drop: + # - all + + + resources: {} + # limits: + # cpu: 50m + # memory: 64Mi + # requests: + # cpu: 10m + # memory: 32Mi + +## Redis +redis: + enabled: true + name: redis + + image: + repository: redis + tag: 5.0.3 + imagePullPolicy: IfNotPresent + + containerPort: 6379 + servicePort: 6379 + + ## Environment variables to pass to the Redis server + ## + env: [] + + ## Annotations to be added to the Redis server pods + ## + podAnnotations: {} + + ## Labels to be added to the Redis server pods + ## + podLabels: {} + + ## Node selectors and tolerations for server scheduling to nodes with taints + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + nodeSelector: {} + tolerations: [] + affinity: {} + + priorityClassName: "" + + ## Labels to set container specific security contexts + containerSecurityContext: {} + # capabilities: + # drop: + # - all + + + resources: {} + # limits: + # cpu: 200m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 64Mi + + volumeMounts: [] + volumes: [] + +# This key configures Redis-HA subchart and when enabled (redis-ha.enabled=true) +# the custom redis deployment is omitted +redis-ha: + enabled: false + # Check the redis-ha chart for more properties + exporter: + enabled: true + persistentVolume: + enabled: false + redis: + masterGroupName: argocd + config: + save: "\"\"" + haproxy: + enabled: true + metrics: + enabled: true + +## Server +server: + name: server + + replicas: 1 + + autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 5 + targetCPUUtilizationPercentage: 50 + targetMemoryUtilizationPercentage: 50 + + image: + repository: # argoproj/argocd + tag: # v1.5.2 + imagePullPolicy: # IfNotPresent + + ## Additional command line arguments to pass to argocd-server + ## + extraArgs: [] + # - --insecure + + ## Environment variables to pass to argocd-server + ## + env: [] + + ## Argo server log level + logLevel: info + + ## Annotations to be added to controller pods + ## + podAnnotations: {} + + ## Labels to be added to controller pods + ## + podLabels: {} + + ## Configures the server port + containerPort: 8080 + + ## Readiness and liveness probes for default backend + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## + readinessProbe: + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + livenessProbe: + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + + ## Additional volumeMounts to the server main container. + volumeMounts: [] + + ## Additional volumes to the controller pod. + volumes: [] + + ## Node selectors and tolerations for server scheduling to nodes with taints + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + nodeSelector: {} + tolerations: [] + affinity: {} + + priorityClassName: "" + + ## Labels to set container specific security contexts + containerSecurityContext: {} + # capabilities: + # drop: + # - all + + resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 50m + # memory: 64Mi + + ## Certificate configuration + certificate: + enabled: false + domain: argocd.example.com + issuer: {} + additionalHosts: [] + + ## Server service configuration + service: + annotations: {} + labels: {} + type: ClusterIP + servicePortHttp: 80 + servicePortHttps: 443 + servicePortHttpName: http + servicePortHttpsName: https + loadBalancerIP: "" + loadBalancerSourceRanges: [] + + ## Server metrics service configuration + metrics: + enabled: false + service: + annotations: {} + labels: {} + servicePort: 8083 + serviceMonitor: + enabled: false + # selector: + # prometheus: kube-prometheus + # namespace: monitoring + # additionalLabels: {} + + serviceAccount: + create: true + name: argocd-server + + ingress: + enabled: false + annotations: {} + labels: {} + + ## Argo Ingress. + ## Hostnames must be provided if Ingress is enabled. + ## Secrets must be manually created in the namespace + ## + hosts: + [] + # - argocd.example.com + paths: + - / + tls: + [] + # - secretName: argocd-example-tls + # hosts: + # - argocd.example.com + + # Create a OpenShift Route with SSL passthrough for UI and CLI + # Consider setting 'hostname' e.g. https://argocd.apps-crc.testing/ using your Default Ingress Controller Domain + # Find your domain with: kubectl describe --namespace=openshift-ingress-operator ingresscontroller/default | grep Domain: + # If 'hostname' is an empty string "" OpenShift will create a hostname for you. + route: + enabled: false + hostname: "" + + ## ArgoCD config + ## reference https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cm.yaml + config: + # Argo CD's externally facing base URL (optional). Required when configuring SSO + url: https://argocd.example.com + # Argo CD instance label key + application.instanceLabelKey: argocd.argoproj.io/instance + # repositories: | + # - url: git@github.com:group/repo.git + # sshPrivateKeySecret: + # name: secret-name + # key: sshPrivateKey + # - type: helm + # url: https://kubernetes-charts.storage.googleapis.com + # name: stable + # - type: helm + # url: https://argoproj.github.io/argo-helm + # name: argo + # oidc.config: | + # name: AzureAD + # issuer: https://login.microsoftonline.com/TENANT_ID/v2.0 + # clientID: CLIENT_ID + # clientSecret: $oidc.azuread.clientSecret + # requestedIDTokenClaims: + # groups: + # essential: true + # requestedScopes: + # - openid + # - profile + # - email + + ## ArgoCD rbac config + ## reference https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md + rbacConfig: + {} + # policy.csv is an file containing user-defined RBAC policies and role definitions (optional). + # Policy rules are in the form: + # p, subject, resource, action, object, effect + # Role definitions and bindings are in the form: + # g, subject, inherited-subject + # See https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md for additional information. + # policy.csv: | + # # Grant all members of the group 'my-org:team-alpha; the ability to sync apps in 'my-project' + # p, my-org:team-alpha, applications, sync, my-project/*, allow + # # Grant all members of 'my-org:team-beta' admins + # g, my-org:team-beta, role:admin + # policy.default is the name of the default role which Argo CD will falls back to, when + # authorizing API requests (optional). If omitted or empty, users may be still be able to login, + # but will see no apps, projects, etc... + # policy.default: role:readonly + # scopes controls which OIDC scopes to examine during rbac enforcement (in addition to `sub` scope). + # If omitted, defaults to: '[groups]'. The scope value can be a string, or a list of strings. + # scopes: '[cognito:groups, email]' + + ## Not well tested and not well supported on release v1.0.0. + ## Applications + ## reference: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ + additionalApplications: [] + # - name: guestbook + # namespace: argocd + # additionalLabels: {} + # additionalAnnotations: {} + # project: guestbook + # source: + # repoURL: https://github.com/argoproj/argocd-example-apps.git + # targetRevision: HEAD + # path: guestbook + # directory: + # recurse: true + # destination: + # server: https://kubernetes.default.svc + # namespace: guestbook + # syncPolicy: + # automated: + # prune: false + # selfHeal: false + + ## Projects + ## reference: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ + additionalProjects: [] + # - name: guestbook + # namespace: argocd + # additionalLabels: {} + # additionalAnnotations: {} + # description: Example Project + # sourceRepos: + # - '*' + # destinations: + # - namespace: guestbook + # server: https://kubernetes.default.svc + # clusterResourceWhitelist: [] + # namespaceResourceBlacklist: + # - group: '' + # kind: ResourceQuota + # - group: '' + # kind: LimitRange + # - group: '' + # kind: NetworkPolicy + # orphanedResources: {} + # roles: [] + # orphanedResources: {} + # roles: [] + + ## Enable Admin ClusterRole resources. + ## Enable if you would like to grant rights to ArgoCD to deploy to the local kuberentes cluster. + clusterAdminAccess: + enabled: true + + ## Enable BackendConfig custom resource for Google Kubernetes Engine + GKEbackendConfig: + enabled: false + spec: {} + # spec: + # iap: + # enabled: true + # oauthclientCredentials: + # secretName: argocd-secret + +## Repo Server +repoServer: + name: repo-server + + replicas: 1 + + autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 5 + targetCPUUtilizationPercentage: 50 + targetMemoryUtilizationPercentage: 50 + + image: + repository: # argoproj/argocd + tag: # v1.5.2 + imagePullPolicy: # IfNotPresent + + ## Additional command line arguments to pass to argocd-repo-server + ## + extraArgs: [] + + ## Environment variables to pass to argocd-repo-server + ## + env: [] + + ## Argo repoServer log level + logLevel: info + + ## Annotations to be added to repo server pods + ## + podAnnotations: {} + + ## Labels to be added to repo server pods + ## + podLabels: {} + + ## Configures the repo server port + containerPort: 8081 + + ## Readiness and liveness probes for default backend + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## + readinessProbe: + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + livenessProbe: + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + + ## Additional volumeMounts to the repo server main container. + volumeMounts: [] + + ## Additional volumes to the repo server pod. + volumes: [] + + ## Node selectors and tolerations for server scheduling to nodes with taints + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + nodeSelector: {} + tolerations: [] + affinity: {} + + priorityClassName: "" + + ## Labels to set container specific security contexts + containerSecurityContext: {} + # capabilities: + # drop: + # - all + + resources: {} + # limits: + # cpu: 50m + # memory: 128Mi + # requests: + # cpu: 10m + # memory: 64Mi + + ## Repo server service configuration + service: + annotations: {} + labels: {} + port: 8081 + portName: https-repo-server + + ## Repo server metrics service configuration + metrics: + enabled: false + service: + annotations: {} + labels: {} + servicePort: 8084 + serviceMonitor: + enabled: false + # selector: + # prometheus: kube-prometheus + # namespace: monitoring + # additionalLabels: {} + + ## Repo server service account + ## If create is set to true, make sure to uncomment the name and update the rbac section below + serviceAccount: + create: false + # name: argocd-repo-server + ## Annotations applied to created service account + annotations: {} + + ## Repo server rbac rules + # rbac: + # - apiGroups: + # - argoproj.io + # resources: + # - applications + # verbs: + # - get + # - list + # - watch + + ## Use init containers to configure custom tooling + ## https://argoproj.github.io/argo-cd/operator-manual/custom_tools/ + ## When using the volumes & volumeMounts section bellow, please comment out those above. + # volumes: + # - name: custom-tools + # emptyDir: {} + # + # initContainers: + # - name: download-tools + # image: alpine:3.8 + # command: [sh, -c] + # args: + # - wget -qO- https://get.helm.sh/helm-v2.16.1-linux-amd64.tar.gz | tar -xvzf - && + # mv linux-amd64/helm /custom-tools/ + # volumeMounts: + # - mountPath: /custom-tools + # name: custom-tools + # volumeMounts: + # - mountPath: /usr/local/bin/helm + # name: custom-tools + # subPath: helm + +## Argo Configs +configs: + knownHosts: + data: + ssh_known_hosts: | + bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw== + github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ== + gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY= + gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf + gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9 + ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H + vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H + tlsCerts: + {} + # data: + # argocd.example.com: | + # -----BEGIN CERTIFICATE----- + # MIIF1zCCA7+gAwIBAgIUQdTcSHY2Sxd3Tq/v1eIEZPCNbOowDQYJKoZIhvcNAQEL + # BQAwezELMAkGA1UEBhMCREUxFTATBgNVBAgMDExvd2VyIFNheG9ueTEQMA4GA1UE + # BwwHSGFub3ZlcjEVMBMGA1UECgwMVGVzdGluZyBDb3JwMRIwEAYDVQQLDAlUZXN0 + # c3VpdGUxGDAWBgNVBAMMD2Jhci5leGFtcGxlLmNvbTAeFw0xOTA3MDgxMzU2MTda + # Fw0yMDA3MDcxMzU2MTdaMHsxCzAJBgNVBAYTAkRFMRUwEwYDVQQIDAxMb3dlciBT + # YXhvbnkxEDAOBgNVBAcMB0hhbm92ZXIxFTATBgNVBAoMDFRlc3RpbmcgQ29ycDES + # MBAGA1UECwwJVGVzdHN1aXRlMRgwFgYDVQQDDA9iYXIuZXhhbXBsZS5jb20wggIi + # MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCv4mHMdVUcafmaSHVpUM0zZWp5 + # NFXfboxA4inuOkE8kZlbGSe7wiG9WqLirdr39Ts+WSAFA6oANvbzlu3JrEQ2CHPc + # CNQm6diPREFwcDPFCe/eMawbwkQAPVSHPts0UoRxnpZox5pn69ghncBR+jtvx+/u + # P6HdwW0qqTvfJnfAF1hBJ4oIk2AXiip5kkIznsAh9W6WRy6nTVCeetmIepDOGe0G + # ZJIRn/OfSz7NzKylfDCat2z3EAutyeT/5oXZoWOmGg/8T7pn/pR588GoYYKRQnp+ + # YilqCPFX+az09EqqK/iHXnkdZ/Z2fCuU+9M/Zhrnlwlygl3RuVBI6xhm/ZsXtL2E + # Gxa61lNy6pyx5+hSxHEFEJshXLtioRd702VdLKxEOuYSXKeJDs1x9o6cJ75S6hko + # Ml1L4zCU+xEsMcvb1iQ2n7PZdacqhkFRUVVVmJ56th8aYyX7KNX6M9CD+kMpNm6J + # kKC1li/Iy+RI138bAvaFplajMF551kt44dSvIoJIbTr1LigudzWPqk31QaZXV/4u + # kD1n4p/XMc9HYU/was/CmQBFqmIZedTLTtK7clkuFN6wbwzdo1wmUNgnySQuMacO + # gxhHxxzRWxd24uLyk9Px+9U3BfVPaRLiOPaPoC58lyVOykjSgfpgbus7JS69fCq7 + # bEH4Jatp/10zkco+UQIDAQABo1MwUTAdBgNVHQ4EFgQUjXH6PHi92y4C4hQpey86 + # r6+x1ewwHwYDVR0jBBgwFoAUjXH6PHi92y4C4hQpey86r6+x1ewwDwYDVR0TAQH/ + # BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAFE4SdKsX9UsLy+Z0xuHSxhTd0jfn + # Iih5mtzb8CDNO5oTw4z0aMeAvpsUvjJ/XjgxnkiRACXh7K9hsG2r+ageRWGevyvx + # CaRXFbherV1kTnZw4Y9/pgZTYVWs9jlqFOppz5sStkfjsDQ5lmPJGDii/StENAz2 + # XmtiPOgfG9Upb0GAJBCuKnrU9bIcT4L20gd2F4Y14ccyjlf8UiUi192IX6yM9OjT + # +TuXwZgqnTOq6piVgr+FTSa24qSvaXb5z/mJDLlk23npecTouLg83TNSn3R6fYQr + # d/Y9eXuUJ8U7/qTh2Ulz071AO9KzPOmleYPTx4Xty4xAtWi1QE5NHW9/Ajlv5OtO + # OnMNWIs7ssDJBsB7VFC8hcwf79jz7kC0xmQqDfw51Xhhk04kla+v+HZcFW2AO9so + # 6ZdVHHQnIbJa7yQJKZ+hK49IOoBR6JgdB5kymoplLLiuqZSYTcwSBZ72FYTm3iAr + # jzvt1hxpxVDmXvRnkhRrIRhK4QgJL0jRmirBjDY+PYYd7bdRIjN7WNZLFsgplnS8 + # 9w6CwG32pRlm0c8kkiQ7FXA6BYCqOsDI8f1VGQv331OpR2Ck+FTv+L7DAmg6l37W + # +LB9LGh4OAp68ImTjqf6ioGKG0RBSznwME+r4nXtT1S/qLR6ASWUS4ViWRhbRlNK + # XWyb96wrUlv+E8I= + # -----END CERTIFICATE----- + # Creates a secret with optional repository credentials + repositoryCredentials: + {} + # sample-ssh-key: | + # -----BEGIN RSA PRIVATE KEY----- + # MIICXAIBAAKBgQCcmiVJXGUvL8zqWmRRETbCKgFadtjJ9WDQpSwiZzMiktpYBo0N + # z0cThzGQfWqvdiJYEy72MrKCaSYssV3eHP5zTffk4VBDktNfdl1kgkOpqnh7tQO4 + # nBONRLzcK6KEbKUsmiTbW8Jb4UFYDhyyyveby7y3vYePmaRQIrlEenVfKwIDAQAB + # AoGAbbg+WZjnt9jYzHWKhZX29LDzg8ty9oT6URT4yB3gIOAdJMFqQHuyg8cb/e0x + # O0AcrfK623oHwgEj4vpeFwnfaBdtM5GfH9zaj6pnXV7VZc3oBHrBnHUgFT3NEYUe + # tt6rtatIguBH61Aj/pyij9sOfF0xDj0s1nwFTbdHtZR/31kCQQDIwcVTqhKkDNW6 + # cvdz+Wt3v9x1wNg+VhZhyA/pKILz3+qtn3GogLrQqhpVi+Y7tdvEv9FvgKaCjUp8 + # 6Lfp6dDFAkEAx7HpQbXFdrtcveOi9kosKRDX1PT4zdhB08jAXGlV8jr0jkrZazVM + # hV5rVCuu35Vh6x1fiyGwwiVsqhgWE+KPLwJAWrDemasM/LsnmjDxhJy6ZcBwsWlK + # xu5Q8h9UwLmiXtVayNBsofh1bGpLtzWZ7oN7ImidDkgJ8JQvgDoJS0xrGQJBALPJ + # FkMFnrjtqGqBVkc8shNqyZY90v6oM2OzupO4dht2PpUZCDPAMZtlTWXjSjabbCPc + # NxexBk1UmkdtFftjHxsCQGjG+nhRYH92MsmrbvZyFzgxg9SIOu6xel7D3Dq9l5Le + # XG+bpHPF4SiCpAxthP5WNa17zuvk+CDsMZgZNuhYNMo= + # -----END RSA PRIVATE KEY----- + secret: + createSecret: true + ## Annotations to be added to argocd-secret + ## + annotations: {} + + # Webhook Configs + githubSecret: "" + gitlabSecret: "" + bitbucketServerSecret: "" + bitbucketUUID: "" + gogsSecret: "" + + # Custom secrets. Useful for injecting SSO secrets into environment variables. + # Ref: https://argoproj.github.io/argo-cd/operator-manual/sso/ + # Note that all values must be non-empty. + extra: {} + # LDAP_PASSWORD: "mypassword" + + # Argo TLS Data. + argocdServerTlsConfig: + {} + # key: + # crt: | + # -----BEGIN CERTIFICATE----- + # + # -----END CERTIFICATE----- + # -----BEGIN CERTIFICATE----- + # + # -----END CERTIFICATE----- + + # Argo expects the password in the secret to be bcrypt hashed. You can create this hash with + # `htpasswd -nbBC 10 "" $ARGO_PWD | tr -d ':\n' | sed 's/$2y/$2a/'` + # argocdServerAdminPassword: + # Password modification time defaults to current time if not set + # argocdServerAdminPasswordMtime: "2006-01-02T15:04:05Z" + +openshift: + enabled: false diff --git a/charts/kubezero/templates/istio-service.yaml b/charts/kubezero/templates/istio-service.yaml new file mode 100644 index 0000000..b750a08 --- /dev/null +++ b/charts/kubezero/templates/istio-service.yaml @@ -0,0 +1,29 @@ +{{- if .Values.istio.enabled }} +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: argocd-server + namespace: argocd +spec: + gateways: + - {{ .Values.istio.gateway }} + hosts: + - {{ .Values.argocd.server.config.url }} + http: + - name: grpc + match: + - headers: + user-agent: + prefix: argocd-client + route: + - destination: + host: {{ .Release.Name }}-argocd-server + port: + number: 443 + - name: http + route: + - destination: + host: {{ .Release.Name }}-argocd-server + port: + number: 80 +{{- end }} diff --git a/charts/kubezero/values.yaml b/charts/kubezero/values.yaml new file mode 100644 index 0000000..7b00f9c --- /dev/null +++ b/charts/kubezero/values.yaml @@ -0,0 +1,83 @@ +argocd: + installCRDs: false + + configs: + secret: + argocdServerAdminPassword: "$2a$10$ivKzaXVxMqdeDSfS3nqi1Od3iDbnL7oXrixzDfZFRHlXHnAG6LydG" + argocdServerAdminPasswordMtime: "2020-04-24T15:33:09BST" + + # Run Argo on the controllers + controller: + nodeSelector: + node-role.kubernetes.io/master: "" + tolerations: + - key: node-role.kubernetes.io/master + effect: NoSchedule + + repoServer: + nodeSelector: + node-role.kubernetes.io/master: "" + tolerations: + - key: node-role.kubernetes.io/master + effect: NoSchedule + + server: + config: + url: argocd.example.com + + additionalProjects: + - name: kubezero + namespace: argocd + description: KubeZero - ZeroDownTime Kubernetes Platform + sourceRepos: + - '*' + destinations: + - namespace: argocd + server: https://kubernetes.default.svc + - namespace: kube-system + server: https://kubernetes.default.svc + - namespace: cert-manager + server: https://kubernetes.default.svc + + additionalApplications: + - name: kubezero + namespace: argocd + project: kubezero + source: + repoURL: https://git.zero-downtime.net/ZeroDownTime/k8s-kustomize-lib + targetRevision: HEAD + path: kubezero + destination: + server: https://kubernetes.default.svc + namespace: argocd + syncPolicy: + automated: + prune: false + selfHeal: false + + destination: + server: https://kubernetes.default.svc + namespace: argocd + + + extraArgs: + - --insecure + nodeSelector: + node-role.kubernetes.io/master: "" + tolerations: + - key: node-role.kubernetes.io/master + effect: NoSchedule + + redis: + nodeSelector: + node-role.kubernetes.io/master: "" + tolerations: + - key: node-role.kubernetes.io/master + effect: NoSchedule + + dex: + enabled: false + +istio: + enabled: false + gateway: ingressgateway.istio-system.svc.cluster.local