From db30d36879d9122714291ad4f161be9a986fde27 Mon Sep 17 00:00:00 2001 From: Liviu Costea Date: Thu, 14 Feb 2019 00:22:11 +0200 Subject: [PATCH] Helm chart for ArgoCD (#34) * Add application controller resources First chart version for argo-cd added the new labels recommeneded for k8 * Add repo server resources Use legacy label and new one for application controller selectors Set labels for deployment for easier discovery * Configure git repositories, helm chart museums and dex connectors This way argo-cd could be configured to update itself via helm * Parameterize the rbac configmap * Parameterize webhook secrets * Parameterize server deployment and set services with the labels * Add service account, role and rolebinding for server deployment * Clean the old label, use only latest recommendations Follow the ideas and changes of https://github.com/argoproj/argo-cd/pull/1035 * Fix var naming issues * Fix server service incorrect ports * Install crds with helm hook * Enable cluster admin accessby default Default installation will allow installing apps in the current cluster without inputted credentials. For other clusters inputted credentials will be needed * Parameterize the dex server * Harcode resource names because code expects them this way Some resource names and application urls are hardcoded in code with these names. So they can't be parameterized. * Create the ingress with tls passthrough support Tls is terminated on the ArgoCD server, not on ingress * Fix typo on application controller sa * Add notes on how to connect to server UI after installation --- .gitignore | 1 + charts/argo-cd/.helmignore | 21 +++ charts/argo-cd/Chart.yaml | 5 + charts/argo-cd/templates/NOTES.txt | 13 ++ charts/argo-cd/templates/_helpers.tpl | 32 +++++ ...cd-application-controller-clusterrole.yaml | 24 ++++ ...ication-controller-clusterrolebinding.yaml | 21 +++ ...ocd-application-controller-deployment.yaml | 43 ++++++ .../argocd-application-controller-role.yaml | 42 ++++++ ...cd-application-controller-rolebinding.yaml | 18 +++ .../argocd-application-controller-sa.yaml | 11 ++ ...argocd-application-controller-service.yaml | 17 +++ charts/argo-cd/templates/argocd-cm.yaml | 23 ++++ .../argocd-dex-server-deployment.yaml | 48 +++++++ .../templates/argocd-dex-server-role.yaml | 21 +++ .../argocd-dex-server-rolebinding.yaml | 18 +++ .../templates/argocd-dex-server-sa.yaml | 11 ++ .../templates/argocd-dex-server-service.yaml | 23 ++++ .../templates/argocd-metrics-service.yaml | 20 +++ charts/argo-cd/templates/argocd-rbac-cm.yaml | 18 +++ .../argocd-repo-server-deployment.yaml | 38 ++++++ .../templates/argocd-repo-server-service.yaml | 17 +++ charts/argo-cd/templates/argocd-secret.yaml | 21 +++ .../templates/argocd-server-deployment.yaml | 53 ++++++++ .../templates/argocd-server-ingress.yaml | 29 ++++ .../argo-cd/templates/argocd-server-role.yaml | 45 ++++++ .../templates/argocd-server-rolebinding.yaml | 19 +++ .../argo-cd/templates/argocd-server-sa.yaml | 11 ++ .../templates/argocd-server-service.yaml | 24 ++++ .../templates/crds/application-crd.yaml | 22 +++ .../templates/crds/appproject-crd.yaml | 22 +++ charts/argo-cd/values.yaml | 128 ++++++++++++++++++ 32 files changed, 859 insertions(+) create mode 100644 charts/argo-cd/.helmignore create mode 100644 charts/argo-cd/Chart.yaml create mode 100644 charts/argo-cd/templates/NOTES.txt create mode 100644 charts/argo-cd/templates/_helpers.tpl create mode 100644 charts/argo-cd/templates/argocd-application-controller-clusterrole.yaml create mode 100644 charts/argo-cd/templates/argocd-application-controller-clusterrolebinding.yaml create mode 100755 charts/argo-cd/templates/argocd-application-controller-deployment.yaml create mode 100755 charts/argo-cd/templates/argocd-application-controller-role.yaml create mode 100755 charts/argo-cd/templates/argocd-application-controller-rolebinding.yaml create mode 100755 charts/argo-cd/templates/argocd-application-controller-sa.yaml create mode 100755 charts/argo-cd/templates/argocd-application-controller-service.yaml create mode 100755 charts/argo-cd/templates/argocd-cm.yaml create mode 100644 charts/argo-cd/templates/argocd-dex-server-deployment.yaml create mode 100644 charts/argo-cd/templates/argocd-dex-server-role.yaml create mode 100644 charts/argo-cd/templates/argocd-dex-server-rolebinding.yaml create mode 100644 charts/argo-cd/templates/argocd-dex-server-sa.yaml create mode 100644 charts/argo-cd/templates/argocd-dex-server-service.yaml create mode 100755 charts/argo-cd/templates/argocd-metrics-service.yaml create mode 100755 charts/argo-cd/templates/argocd-rbac-cm.yaml create mode 100755 charts/argo-cd/templates/argocd-repo-server-deployment.yaml create mode 100755 charts/argo-cd/templates/argocd-repo-server-service.yaml create mode 100755 charts/argo-cd/templates/argocd-secret.yaml create mode 100755 charts/argo-cd/templates/argocd-server-deployment.yaml create mode 100644 charts/argo-cd/templates/argocd-server-ingress.yaml create mode 100755 charts/argo-cd/templates/argocd-server-role.yaml create mode 100755 charts/argo-cd/templates/argocd-server-rolebinding.yaml create mode 100755 charts/argo-cd/templates/argocd-server-sa.yaml create mode 100755 charts/argo-cd/templates/argocd-server-service.yaml create mode 100644 charts/argo-cd/templates/crds/application-crd.yaml create mode 100644 charts/argo-cd/templates/crds/appproject-crd.yaml create mode 100644 charts/argo-cd/values.yaml diff --git a/.gitignore b/.gitignore index 9385855f..468b8f5a 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ output .vscode +.DS_Store \ No newline at end of file diff --git a/charts/argo-cd/.helmignore b/charts/argo-cd/.helmignore new file mode 100644 index 00000000..f0c13194 --- /dev/null +++ b/charts/argo-cd/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml new file mode 100644 index 00000000..a6e2c5fa --- /dev/null +++ b/charts/argo-cd/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "0.11" +description: A Helm chart for Argo-CD +name: argo-cd +version: 0.1.0 diff --git a/charts/argo-cd/templates/NOTES.txt b/charts/argo-cd/templates/NOTES.txt new file mode 100644 index 00000000..ecd1f64b --- /dev/null +++ b/charts/argo-cd/templates/NOTES.txt @@ -0,0 +1,13 @@ +In order to access the server UI you have the following options: + +1. kubectl port-forward svc/argocd-server -n argocd 8080:443 + + and then open the browser on http://localhost:8080 and accept the certificate + +2. enable ingress and check the first option ssl passthrough: + https://github.com/argoproj/argo-cd/blob/master/docs/ingress.md#option-1-ssl-passthrough + +After reaching the UI the first time you can login with username: admin and the password will be the +name of the server pod. You can get the pod name by running: + +kubectl get pods -n argocd -l app.kubernetes.io/name={{ include "argo-cd.name" . }}-server -o name | cut -d'/' -f 2 diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl new file mode 100644 index 00000000..bd65c45c --- /dev/null +++ b/charts/argo-cd/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "argo-cd.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "argo-cd.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "argo-cd.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/charts/argo-cd/templates/argocd-application-controller-clusterrole.yaml b/charts/argo-cd/templates/argocd-application-controller-clusterrole.yaml new file mode 100644 index 00000000..83a31835 --- /dev/null +++ b/charts/argo-cd/templates/argocd-application-controller-clusterrole.yaml @@ -0,0 +1,24 @@ +{{- if .Values.clusterAdminAccess.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: argocd-application-controller + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-application-controller + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: application-controller +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' +- nonResourceURLs: + - '*' + verbs: + - '*' +{{- end }} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-application-controller-clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-application-controller-clusterrolebinding.yaml new file mode 100644 index 00000000..114b6572 --- /dev/null +++ b/charts/argo-cd/templates/argocd-application-controller-clusterrolebinding.yaml @@ -0,0 +1,21 @@ +{{- if .Values.clusterAdminAccess.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: argocd-application-controller + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-application-controller + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: application-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: argocd-application-controller +subjects: +- kind: ServiceAccount + name: argocd-application-controller + namespace: {{ .Release.Namespace }} +{{- end -}} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-application-controller-deployment.yaml b/charts/argo-cd/templates/argocd-application-controller-deployment.yaml new file mode 100755 index 00000000..31dd0a0b --- /dev/null +++ b/charts/argo-cd/templates/argocd-application-controller-deployment.yaml @@ -0,0 +1,43 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: argocd-application-controller + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-application-controller + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: application-controller +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-application-controller + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-application-controller + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: application-controller + spec: + containers: + - command: + - argocd-application-controller + - --status-processors + - "20" + - --operation-processors + - "10" + image: {{ .Values.applicationController.image.repository }}:{{ .Values.applicationController.image.tag }} + imagePullPolicy: {{ .Values.applicationController.image.pullPolicy }} + name: argocd-application-controller + ports: + - containerPort: {{ .Values.applicationController.containerPort }} + readinessProbe: + tcpSocket: + port: {{ .Values.applicationController.containerPort }} + initialDelaySeconds: 5 + periodSeconds: 10 + serviceAccountName: argocd-application-controller diff --git a/charts/argo-cd/templates/argocd-application-controller-role.yaml b/charts/argo-cd/templates/argocd-application-controller-role.yaml new file mode 100755 index 00000000..e6418a4f --- /dev/null +++ b/charts/argo-cd/templates/argocd-application-controller-role.yaml @@ -0,0 +1,42 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: argocd-application-controller + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-application-controller + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: application-controller +rules: +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - argoproj.io + resources: + - applications + - appprojects + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - list + diff --git a/charts/argo-cd/templates/argocd-application-controller-rolebinding.yaml b/charts/argo-cd/templates/argocd-application-controller-rolebinding.yaml new file mode 100755 index 00000000..530475ec --- /dev/null +++ b/charts/argo-cd/templates/argocd-application-controller-rolebinding.yaml @@ -0,0 +1,18 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: argocd-application-controller + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-application-controller + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: application-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argocd-application-controller +subjects: +- kind: ServiceAccount + name: argocd-application-controller diff --git a/charts/argo-cd/templates/argocd-application-controller-sa.yaml b/charts/argo-cd/templates/argocd-application-controller-sa.yaml new file mode 100755 index 00000000..bd1890b7 --- /dev/null +++ b/charts/argo-cd/templates/argocd-application-controller-sa.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: argocd-application-controller + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-application-controller + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: application-controller diff --git a/charts/argo-cd/templates/argocd-application-controller-service.yaml b/charts/argo-cd/templates/argocd-application-controller-service.yaml new file mode 100755 index 00000000..76b8b701 --- /dev/null +++ b/charts/argo-cd/templates/argocd-application-controller-service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: argocd-application-controller + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-application-controller + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: application-controller +spec: + ports: + - port: {{ .Values.applicationController.servicePort }} + targetPort: {{ .Values.applicationController.containerPort }} + selector: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-application-controller diff --git a/charts/argo-cd/templates/argocd-cm.yaml b/charts/argo-cd/templates/argocd-cm.yaml new file mode 100755 index 00000000..79045e90 --- /dev/null +++ b/charts/argo-cd/templates/argocd-cm.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: argocd-cm + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} +data: +{{- if .Values.config.helmRepositories }} + helm.repositories: | +{{ toYaml .Values.config.helmRepositories | indent 4 }} +{{- end }} +{{- if .Values.config.repositories }} + repositories: | +{{ toYaml .Values.config.repositories | indent 4 }} +{{- end }} +{{- if .Values.config.dexConfig }} + dex.config: | +{{ toYaml .Values.config.dexConfig | indent 4 }} +{{- end }} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-dex-server-deployment.yaml b/charts/argo-cd/templates/argocd-dex-server-deployment.yaml new file mode 100644 index 00000000..8d7bc1c1 --- /dev/null +++ b/charts/argo-cd/templates/argocd-dex-server-deployment.yaml @@ -0,0 +1,48 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: argocd-dex-server + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-dex-server + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: dex-server +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-dex-server + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-dex-server + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: dex-server + spec: + serviceAccountName: argocd-dex-server + initContainers: + - name: copyutil + image: {{ .Values.dexServer.initImage.repository }}:{{ .Values.dexServer.initImage.tag }} + imagePullPolicy: {{ .Values.dexServer.initImage.pullPolicy }} + command: [cp, /usr/local/bin/argocd-util, /shared] + volumeMounts: + - mountPath: /shared + name: static-files + containers: + - name: dex + image: {{ .Values.dexServer.image.repository }}:{{ .Values.dexServer.image.tag }} + imagePullPolicy: {{ .Values.dexServer.image.pullPolicy }} + command: [/shared/argocd-util, rundex] + ports: + - containerPort: {{ .Values.dexServer.containerPortHttp }} + - containerPort: {{ .Values.dexServer.containerPortGrpc }} + volumeMounts: + - mountPath: /shared + name: static-files + volumes: + - emptyDir: {} + name: static-files \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-dex-server-role.yaml b/charts/argo-cd/templates/argocd-dex-server-role.yaml new file mode 100644 index 00000000..16076248 --- /dev/null +++ b/charts/argo-cd/templates/argocd-dex-server-role.yaml @@ -0,0 +1,21 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: argocd-dex-server + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-dex-server + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: dex-server +rules: +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get + - list + - watch \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-dex-server-rolebinding.yaml b/charts/argo-cd/templates/argocd-dex-server-rolebinding.yaml new file mode 100644 index 00000000..1db56ffe --- /dev/null +++ b/charts/argo-cd/templates/argocd-dex-server-rolebinding.yaml @@ -0,0 +1,18 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: argocd-dex-server + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-dex-server + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: dex-server +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argocd-dex-server +subjects: +- kind: ServiceAccount + name: argocd-dex-server \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-dex-server-sa.yaml b/charts/argo-cd/templates/argocd-dex-server-sa.yaml new file mode 100644 index 00000000..9fa6a3bd --- /dev/null +++ b/charts/argo-cd/templates/argocd-dex-server-sa.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: argocd-dex-server + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-dex-server + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: dex-server \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-dex-server-service.yaml b/charts/argo-cd/templates/argocd-dex-server-service.yaml new file mode 100644 index 00000000..87402f40 --- /dev/null +++ b/charts/argo-cd/templates/argocd-dex-server-service.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + name: argocd-dex-server + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-dex-server + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: dex-server +spec: + ports: + - name: http + protocol: TCP + port: {{ .Values.dexServer.servicePortHttp }} + targetPort: {{ .Values.dexServer.containerPortHttp }} + - name: grpc + protocol: TCP + port: {{ .Values.dexServer.servicePortGrpc }} + targetPort: {{ .Values.dexServer.containerPortGrpc }} + selector: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-dex-server \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-metrics-service.yaml b/charts/argo-cd/templates/argocd-metrics-service.yaml new file mode 100755 index 00000000..f3a7b4f2 --- /dev/null +++ b/charts/argo-cd/templates/argocd-metrics-service.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-metrics + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: server + name: argocd-metrics +spec: + ports: + - name: http + protocol: TCP + port: {{ .Values.server.serviceMetricsPort }} + targetPort: {{ .Values.server.containerMetricsPort }} + selector: + app: {{ include "argo-cd.name" . }}-server + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-server diff --git a/charts/argo-cd/templates/argocd-rbac-cm.yaml b/charts/argo-cd/templates/argocd-rbac-cm.yaml new file mode 100755 index 00000000..fb688d03 --- /dev/null +++ b/charts/argo-cd/templates/argocd-rbac-cm.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: argocd-rbac-cm + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} +data: +{{- if .Values.rbac.policyDefault }} + policy.default: {{ .Values.rbac.policyDefault }} +{{- end }} +{{- if .Values.rbac.policyCsv }} + policy.csv: +{{- toYaml .Values.rbac.policyCsv | indent 4 }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-repo-server-deployment.yaml b/charts/argo-cd/templates/argocd-repo-server-deployment.yaml new file mode 100755 index 00000000..66229263 --- /dev/null +++ b/charts/argo-cd/templates/argocd-repo-server-deployment.yaml @@ -0,0 +1,38 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: argocd-repo-server + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-repo-server + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: repo-server +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-repo-server + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-repo-server + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: repo-server + spec: + automountServiceAccountToken: false + containers: + - name: argocd-repo-server + image: {{ .Values.repoServer.image.repository }}:{{ .Values.repoServer.image.tag }} + imagePullPolicy: {{ .Values.repoServer.image.pullPolicy}} + command: [argocd-repo-server] + ports: + - containerPort: {{ .Values.repoServer.containerPort }} + readinessProbe: + tcpSocket: + port: {{ .Values.repoServer.containerPort }} + initialDelaySeconds: 5 + periodSeconds: 10 diff --git a/charts/argo-cd/templates/argocd-repo-server-service.yaml b/charts/argo-cd/templates/argocd-repo-server-service.yaml new file mode 100755 index 00000000..68b80200 --- /dev/null +++ b/charts/argo-cd/templates/argocd-repo-server-service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: argocd-repo-server + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-repo-server + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: repo-server +spec: + ports: + - port: {{ .Values.repoServer.servicePort }} + targetPort: {{ .Values.repoServer.servicePort }} + selector: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-repo-server diff --git a/charts/argo-cd/templates/argocd-secret.yaml b/charts/argo-cd/templates/argocd-secret.yaml new file mode 100755 index 00000000..c693d079 --- /dev/null +++ b/charts/argo-cd/templates/argocd-secret.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Secret +metadata: + name: argocd-secret + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} +type: Opaque +data: +{{- if .Values.config.webhook.githubSecret }} + github.webhook.secret: {{ .Values.config.webhook.githubSecret }} +{{- end }} +{{- if .Values.config.webhook.gitlabSecret }} + gitlab.webhook.secret: {{ .Values.config.webhook.gitlabSecret }} +{{- end }} +{{- if .Values.config.webhook.bitbucketSecret }} + bitbucket.webhook.uuid: {{ .Values.config.webhook.bitbucketSecret }} +{{- end }} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-server-deployment.yaml b/charts/argo-cd/templates/argocd-server-deployment.yaml new file mode 100755 index 00000000..0a3bb3dc --- /dev/null +++ b/charts/argo-cd/templates/argocd-server-deployment.yaml @@ -0,0 +1,53 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: argocd-server + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-server + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: server +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-server + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-server + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: server + spec: + serviceAccountName: argocd-server + initContainers: + - name: ui + image: {{ .Values.server.uiInitImage.repository }}:{{ .Values.server.uiInitImage.tag }} + imagePullPolicy: {{ .Values.server.uiInitImage.pullPolicy }} + command: [cp, -r, /app, /shared] + volumeMounts: + - mountPath: /shared + name: static-files + containers: + - name: argocd-server + image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag }} + imagePullPolicy: {{ .Values.server.image.pullPolicy }} + command: [argocd-server, --staticassets, /shared/app] + volumeMounts: + - mountPath: /shared + name: static-files + ports: + - containerPort: {{ .Values.server.containerPort }} + readinessProbe: + httpGet: + path: /healthz + port: {{ .Values.server.containerPort }} + initialDelaySeconds: 3 + periodSeconds: 30 + volumes: + - emptyDir: {} + name: static-files diff --git a/charts/argo-cd/templates/argocd-server-ingress.yaml b/charts/argo-cd/templates/argocd-server-ingress.yaml new file mode 100644 index 00000000..d8b11266 --- /dev/null +++ b/charts/argo-cd/templates/argocd-server-ingress.yaml @@ -0,0 +1,29 @@ +{{- if .Values.ingress.enabled -}} +{{- $ingressPath := .Values.ingress.path -}} +{{- $servicePortHttps := .Values.server.servicePortHttps -}} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: argocd-server + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} +{{- with .Values.ingress.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + rules: + {{- range .Values.ingress.hosts }} + - host: {{ . | quote }} + http: + paths: + - path: {{ $ingressPath }} + backend: + serviceName: argocd-server + servicePort: {{ $servicePortHttps }} + {{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-server-role.yaml b/charts/argo-cd/templates/argocd-server-role.yaml new file mode 100755 index 00000000..832ca5c4 --- /dev/null +++ b/charts/argo-cd/templates/argocd-server-role.yaml @@ -0,0 +1,45 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: argocd-server + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-server + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: server +rules: +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - argoproj.io + resources: + - applications + - appprojects + verbs: + - create + - get + - list + - watch + - update + - delete + - patch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - list diff --git a/charts/argo-cd/templates/argocd-server-rolebinding.yaml b/charts/argo-cd/templates/argocd-server-rolebinding.yaml new file mode 100755 index 00000000..4c53b979 --- /dev/null +++ b/charts/argo-cd/templates/argocd-server-rolebinding.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: argocd-server + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-server + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: server + +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argocd-server +subjects: +- kind: ServiceAccount + name: argocd-server diff --git a/charts/argo-cd/templates/argocd-server-sa.yaml b/charts/argo-cd/templates/argocd-server-sa.yaml new file mode 100755 index 00000000..d764c65f --- /dev/null +++ b/charts/argo-cd/templates/argocd-server-sa.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: argocd-server + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-server + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: server diff --git a/charts/argo-cd/templates/argocd-server-service.yaml b/charts/argo-cd/templates/argocd-server-service.yaml new file mode 100755 index 00000000..371c4b2f --- /dev/null +++ b/charts/argo-cd/templates/argocd-server-service.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: Service +metadata: + name: argocd-server + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-server + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: server +spec: + ports: + - name: http + protocol: TCP + port: {{ .Values.server.servicePortHttp }} + targetPort: {{ .Values.server.containerPort }} + - name: https + protocol: TCP + port: {{ .Values.server.servicePortHttps }} + targetPort: {{ .Values.server.containerPort }} + selector: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-server + diff --git a/charts/argo-cd/templates/crds/application-crd.yaml b/charts/argo-cd/templates/crds/application-crd.yaml new file mode 100644 index 00000000..377c570f --- /dev/null +++ b/charts/argo-cd/templates/crds/application-crd.yaml @@ -0,0 +1,22 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + name: applications.argoproj.io + annotations: + "helm.sh/hook": crd-install +spec: + group: argoproj.io + names: + kind: Application + plural: applications + shortNames: + - app + - apps + scope: Namespaced + version: v1alpha1 \ No newline at end of file diff --git a/charts/argo-cd/templates/crds/appproject-crd.yaml b/charts/argo-cd/templates/crds/appproject-crd.yaml new file mode 100644 index 00000000..1b2ab3fd --- /dev/null +++ b/charts/argo-cd/templates/crds/appproject-crd.yaml @@ -0,0 +1,22 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + name: appprojects.argoproj.io + annotations: + "helm.sh/hook": crd-install +spec: + group: argoproj.io + names: + kind: AppProject + plural: appprojects + shortNames: + - appproj + - appprojs + scope: Namespaced + version: v1alpha1 \ No newline at end of file diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml new file mode 100644 index 00000000..c107e6f1 --- /dev/null +++ b/charts/argo-cd/values.yaml @@ -0,0 +1,128 @@ +applicationController: + containerPort: 8083 + servicePort: 8083 + image: + repository: argoproj/argocd + tag: v0.11.0 + pullPolicy: Always + +server: + containerPort: 8080 + servicePortHttp: 80 + servicePortHttps: 443 + containerMetricsPort: 8082 + serviceMetricsPort: 8082 + image: + repository: argoproj/argocd + tag: v0.11.0 + pullPolicy: Always + uiInitImage: + repository: argoproj/argocd-ui + tag: v0.11.0 + pullPolicy: Always + +repoServer: + containerPort: 8081 + servicePort: 8081 + image: + repository: argoproj/argocd + tag: v0.11.0 + pullPolicy: Always + +dexServer: + containerPortHttp: 5556 + containerPortGrpc: 5557 + servicePortHttp: 5556 + servicePortGrpc: 5557 + image: + repository: quay.io/dexidp/dex + tag: v2.12.0 + pullPolicy: Always + initImage: + repository: argoproj/argocd + tag: v0.11.0 + pullPolicy: Always + +# terminate tls at ArgoCD level +ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + # nginx.ingress.kubernetes.io/ssl-passthrough: "true" + path: / + hosts: + - argocd.example.com + +# Standard Argo CD installation with cluster-admin access. +# Set this true if you plan to use Argo CD to deploy applications in the same cluster that +# Argo CD runs in (i.e. kubernetes.svc.default). +# Will still be able to deploy to external clusters with inputted credentials. + +clusterAdminAccess: + enabled: true + +config: + helmRepositories: + # - name: privateRepo + # url: http://chartmuseum.privatecloud.com + # usernameSecret: + # name: private-chartmuseum + # key: username + # passwordSecret: + # name: private-chartmuseum + # key: password + # - name: incubator + # url: https://kubernetes-charts-incubator.storage.googleapis.com/ + repositories: + # - url: git@gitlab.com:usersprivategroup/users-gitops-config.git + # sshPrivateKeySecret: + # key: privateKey + # name: argocd-dev-key + # - url: git@gitlab.com:accountingprivategroup/accounting-gitops-config.git + # sshPrivateKeySecret: + # key: privateKey + # name: argocd-dev-key + dexConfig: + # # Argo CD's externally facing base URL. Required for configuring SSO + # # url: https://argo-cd-demo.argoproj.io + # + # # A dex connector configuration. See documentation on how to configure SSO: + # # https://github.com/argoproj/argo-cd/blob/master/docs/sso.md#2-configure-argocd-for-sso + # connectors: + # # GitHub example + # - type: github + # id: github + # name: GitHub + # config: + # clientID: aabbccddeeff00112233 + # clientSecret: $dex.github.clientSecret + # orgs: + # - name: your-github-org + # teams: + # The following keys hold the shared secret for authenticating GitHub/GitLab/BitBucket webhook + # events. To enable webhooks, configure one or more of the following keys with the shared git + # provider webhook secret. The payload URL configured in the git provider should use the + # /api/webhook endpoint of your Argo CD instance (e.g. https://argocd.example.com/api/webhook) + webhook: + githubSecret: + gitlabSecret: + bitbucketSecret: +rbac: +# # An RBAC policy .csv file containing additional policy and role definitions. +# # See https://github.com/argoproj/argo-cd/blob/master/docs/rbac.md on how to write RBAC policies. +# policy.csv: | +# # Give all members of "my-org:team-alpha" the ability to sync apps in "my-project" +# p, my-org:team-alpha, applications, sync, my-project/*, allow +# # Make all members of "my-org:team-beta" admins +# g, my-org:team-beta, role:admin + policyCsv: #| + # p, role:org-admin, applications, *, */*, allow + # p, role:org-admin, clusters, get, *, allow + # p, role:org-admin, repositories, get, *, allow + # p, role:org-admin, repositories, create, *, allow + # p, role:org-admin, repositories, update, *, allow + # p, role:org-admin, repositories, delete, *, allow + # g, your-github-org:your-team, role:org-admin + # The default role Argo CD will fall back to, when authorizing API requests + policyDefault: #role:readonly \ No newline at end of file