argoproj
/
argo-helm
mirror of https://github.com/argoproj/argo-helm.git
1
0
Fork 1
Code Issues Packages Projects Releases Wiki Activity

init v1.0.0 (#129)

pull/146/head
Jaret 2019-11-04 16:17:25 -08:00 committed by Alex Collins
parent ed127ea795
commit 30889df476
64 changed files with 1909 additions and 933 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CONTRIBUTING.md
View File

@ -26,7 +26,7 @@ Minimally:
```
helm install charts/argo-cd --namespace argocd -n argo-cd
kubectl port-forward svc/argocd-server -n argocd 8080:443
kubectl port-forward service/argo-cd-argocd-server -n argocd 8080:443
```
In a new terminal:
@ -40,6 +40,8 @@ kubectl -n argocd patch secret argocd-secret \
"admin.passwordMtime": "'$(date +%FT%T%Z)'"
}}'
argocd login localhost:8080 --username admin --password 'Password1!'
# WARNING: server certificate had error: x509: certificate signed by unknown authority. Proceed insecurely (y/n)? y
```
Create and sync app:

21
charts/argo-cd/.helmignore
View File

@ -1,21 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj

14
charts/argo-cd/Chart.yaml
View File

@ -1,6 +1,16 @@
apiVersion: v1
appVersion: "1.2.4"
description: A Helm chart for Argo-CD
description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes.
name: argo-cd
version: 0.7.2
version: 1.0.0
home: https://github.com/argoproj/argo-helm
icon: https://raw.githubusercontent.com/argoproj/argo/master/argo.png
keywords:
- argoproj
- argocd
- gitops
maintainers:
- name: alexec
- name: alexmt
- name: jessesuen
- name: seanson

273
charts/argo-cd/README.md
View File

@ -1,5 +1,12 @@
# Argo CD Chart
Argo CD Chart
======
A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes.
Current chart version is `1.0.0`
Source code can be found [here](https://argoproj.github.io/argo-cd/)
## Additional Information
This is a **community maintained** chart. This chart installs [argo-cd](https://argoproj.github.io/argo-cd/), a declarative, GitOps continuous delivery tool for Kubernetes.
The default installation is intended to be similar to the provided ArgoCD [releases](https://github.com/argoproj/argo-cd/releases).
@ -19,73 +26,201 @@ $ helm repo add argo https://argoproj.github.io/argo-helm
$ helm install --name my-release argo/argo-cd
```
## Chart Values
| Key | Type | Default | Description |
| -------------------------------------- | ------ | ---------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| applicationController.containerPort | int | `8082` | Container port for application controller server and metrics |
| applicationController.image.pullPolicy | string | `"Always"` | Docker image pull policy |
| applicationController.image.repository | string | `"argoproj/argocd"` | Docker image repo |
| applicationController.image.tag | string | `"v1.2.4"` | Docker image tag |
| applicationController.servicePort | int | `8082` | Service port for applicaiton controller server |
| applicationController.volumeMounts | list | `[]` | Additional volume mounts |
| applicationController.volumes | list | `[]` | Additional volumes |
| certificate.enabled | bool | `false` | Enable certificate (requires cert-manager) |
| clusterAdminAccess.enabled | bool | `true` | Standard Argo CD installation with cluster-admin access. Set this true if you plan to use Argo CD to deploy applications in the same cluster that Argo CD runs in (i.e. kubernetes.svc.default). Will still be able to deploy to external clusters with inputted credentials. |
| config.configManagementPlugins | string | `nil` | List of custom config management plugins, see [values.yaml](./values.yaml) for format |
| config.createSecret | bool | `true` | Creates the argocd-secret secret, set to false to manage externally |
| config.dexConfig | string | `nil` | Configuration for external auth and URL, see [values.yaml](./values.yaml) for format |
| config.helmRepositories | string | `nil` | Configuration for external Helm charts, see [values.yaml](./values.yaml) for format |
| config.oidcConfig | string | `nil` | Configuration for OpenID connect, see [values.yaml](./values.yaml) for format |
| config.repositories | string | `nil` | Configuration for remote Git repositories for Applications, see [values.yaml](./values.yaml) for format |
| config.resourceCustomizations | string | `nil` | resourceCustomizations can be used to create custom health checks for resources [https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/health.md#way-1-define-a-custom-health-check-in-argocd-cm-configmap] |
| config.url | string | `nil` | External URL for ArgoCD |
| config.instanceLabelKey | string | `nil` | Custom instance label key |
| config.webhook.bitbucketSecret | string | `nil` | BitBucket incoming webhook secret |
| config.webhook.githubSecret | string | `nil` | GitHub incoming webhook secret |
| config.webhook.gitlabSecret | string | `nil` | GitLab incoming webhook secret |
| dexServer.containerPortGrpc | int | `5557` | Container port for Dex Server GRPC |
| dexServer.containerPortHttp | int | `5556` | Container port for Dex Server HTTP |
| dexServer.image.pullPolicy | string | `"Always"` | Docker image pull policy |
| dexServer.image.repository | string | `"quay.io/dexidp/dex"` | Docker image repo |
| dexServer.image.tag | string | `"v2.12.0"` | Docker image tag |
| dexServer.initImage.pullPolicy | string | `"Always"` | Docker image pull policy |
| dexServer.initImage.repository | string | `"argoproj/argocd"` | Docker image repo |
| dexServer.initImage.tag | string | `"v1.2.0"` | Docker image tag |
| dexServer.servicePortGrpc | int | `5557` | Service port for Dex Server GRPC |
| dexServer.servicePortHttp | int | `5556` | Service port for Dex Server GRPC |
| dexServer.volumeMounts | list | `[]` | Additional volume mounts |
| dexServer.volumes | list | `[]` | Additional volumes |
| ingress.additionalHosts | list | `[]` | Ingress additional hosts |
| ingress.annotations | object | `{}` | Annotations for ingress object, set `nginx.ingress.kubernetes.io/force-ssl-redirect: "true"` and `nginx.ingress.kubernetes.io/ssl-passthrough: "true"` if serving GRPC and HTTPS on the same ingress |
| ingress.enabled | bool | `false` | Enable ingress |
| ingress.tls | object | `{}` | Ingress TLS configuration |
| rbac.policyCsv | string | `nil` | RBAC policy in CSV, see [values.yaml](./values.yaml) for format |
| rbac.policyDefault | string | `nil` | The default role Argo CD will fall back to, when authorizing API requests, ie: `role:readonly` |
| rbac.scopes | string | `nil` | Scopes controls which OIDC scopes to examine during rbac enforcement (in addition to `sub` scope). ie: `[groups]` |
| redis.containerPort | int | `6379` | Container port for Redis |
| redis.image.pullPolicy | string | `"Always"` | Docker image pull policy |
| redis.image.repository | string | `"redis"` | Docker image repo |
| redis.image.tag | string | `"5.0.3"` | Docker image tag |
| redis.servicePort | int | `6379` | Service port for Redis |
| repoServer.containerPort | int | `8081` | Container port for repo server |
| repoServer.image.pullPolicy | string | `"Always"` | Docker image pull policy |
| repoServer.image.repository | string | `"argoproj/argocd"` | Docker image repo |
| repoServer.image.tag | string | `"v1.2.0"` | Docker image tag |
| repoServer.servicePort | int | `8081` | Service port for repo server |
| repoServer.volumeMounts | list | `[]` | Additional volume mounts |
| repoServer.volumes | list | `[]` | Additional volumes |
| repoServer.initContainers | list | `[]` | Initialisation containers, see [values.yaml](./values.yaml) for syntax for Helm v2.12.3 |
| repoServer.imagePullSecrets | list | `[]` | List of image pull secrets, see [values.yaml](./values.yaml) for syntax for a secret called "docker-auth-secret" |
| server.annotations | object | `{}` | Annotations for the server deployment |
| server.containerPort | int | `8080` | Container port for server |
| server.extraArgs | list | `[]` | Add additional arguments |
| server.image.pullPolicy | string | `"Always"` | Docker image pull policy |
| server.image.repository | string | `"argoproj/argocd"` | Docker image repo |
| server.image.tag | string | `"v1.2.0"` | Docker image tag |
| server.metricsPort | int | `8083` | Container port for server metrics |
| server.serviceAnnotations | object | `{}` | Annotations for server service |
| server.servicePortHttp | int | `80` | HTTP Container port for server |
| server.servicePortHttps | int | `443` | HTTPS Container port for server |
| server.volumeMounts | list | `[]` | Additional volume mounts, see [values.yaml](./values.yaml) for syntax for SSH known hosts |
| server.volumes | list | `[]` | Additional volumes, see [values.yaml](./values.yaml) for syntax for SSH known hosts |
| Parameter | Description | Default |
|-----|------|---------|
| global.image.imagePullPolicy | If defined, a imagePullPolicy applied to all ArgoCD deployments. | `"IfNotPresent"` |
| global.image.repository | If defined, a repository applied to all ArgoCD deployments. | `"argoproj/argocd"` |
| global.image.tag | If defined, a tag applied to all ArgoCD deployments. | `"v1.2.3"` |
| nameOverride | Provide a name in place of `argocd` | `"argocd"` |
| configs.knownHosts.data.ssh_known_hosts | Known Hosts | See [values.yaml](values.yaml) |
| configs.secret.bitbucketSecret | BitBucket incoming webhook secret | `""` |
| configs.secret.createSecret | Create the argocd-secret. | `true` |
| configs.secret.githubSecret | GitHub incoming webhook secret | `""` |
| configs.secret.gitlabSecret | GitLab incoming webhook secret | `""` |
| configs.tlsCerts.data."argocd.example.com" | TLS certificate | See [values.yaml](values.yaml) |
## ArgoCD Controller
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| controller.affinity | Assign custom affinity rules to the deployment https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ | `{}` |
| controller.args.operationProcessors | define the controller `--operation-processors` | `"10"` |
| controller.args.statusProcessors | define the controller `--status-processors` | `"20"` |
| controller.clusterAdminAccess.enabled | Enable RBAC for local cluster deployments. | `true` |
| controller.containerPort | Controller listening port. | `8082` |
| controller.extraArgs | Additional arguments for the controller. | `[]` |
| controller.image.repository | Repository to use for the controller | `global.image.repository` |
| controller.image.imagePullPolicy | Image pull policy for the controller | `global.image.imagePullPolicy` |
| controller.image.tag | Tag to use for the controller | `global.image.tag` |
| controller.livenessProbe.failureThreshold | int | `3` |
| controller.livenessProbe.initialDelaySeconds | int | `10` |
| controller.livenessProbe.periodSeconds | int | `10` |
| controller.livenessProbe.successThreshold | int | `1` |
| controller.livenessProbe.timeoutSeconds | int | `1` |
| controller.logLevel | Controller log level | `"info"` |
| controller.metrics.enabled | Deploy metrics service | `false` |
| controller.metrics.service.annotations | Metrics service annotations | `{}` |
| controller.metrics.service.labels | Metrics service labels | `{}` |
| controller.metrics.service.servicePort | Metrics service port | `8082` |
| controller.metrics.serviceMonitor.enabled | Enable a prometheus ServiceMonitor. | `false` |
| controller.metrics.serviceMonitor.selector | Prometheus ServiceMonitor selector. | `{}` |
| controller.name | Controller name string. | `"application-controller"` |
| controller.nodeSelector | controller node selector https://kubernetes.io/docs/user-guide/node-selection/ | `{}` |
| controller.podAnnotations | Annotations for the controller pods | `{}` |
| controller.podLabels | Labels for the controller pods | `{}` |
| controller.priorityClassName | Priority class for the controller pods | `""` |
| controller.readinessProbe.failureThreshold | int | `3` |
| controller.readinessProbe.initialDelaySeconds | int | `10` |
| controller.readinessProbe.periodSeconds | int | `10` |
| controller.readinessProbe.successThreshold | int | `1` |
| controller.readinessProbe.timeoutSeconds | int | `1` |
| controller.resources | Resource limits and requests for the controller pods. | `{}` |
| controller.service.annotations | Controller service annotations. | `{}` |
| controller.service.labels | Controller service labels. | `{}` |
| controller.service.port | Controller service port. | `8082` |
| controller.serviceAccount.create | Create a service account for the controller | `true` |
| controller.serviceAccount.name | Service account name. | `"argocd-application-controller"` |
| controller.tolerations | Tolerations for use with node taints https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | `{}` |
| controller.volumeMounts | Controller volume mounts | `[]` |
| controller.volumes | Controller volumes | `[]` |
## Argo Repo Server
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| repoServer.affinity | Assign custom affinity rules to the deployment https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ | `{}` |
| repoServer.containerPort | Repo server port | `8081` |
| repoServer.extraArgs | Additional arguments for the repo server | `[]` |
| repoServer.image.repository | Repository to use for the repo server | `global.image.repository` |
| repoServer.image.imagePullPolicy | Image pull policy for the repo server | `global.image.imagePullPolicy` |
| repoServer.image.tag | Tag to use for the repo server | `global.image.tag` |
| repoServer.livenessProbe.failureThreshold | int | `3` |
| repoServer.livenessProbe.initialDelaySeconds | int | `10` |
| repoServer.livenessProbe.periodSeconds | int | `10` |
| repoServer.livenessProbe.successThreshold | int | `1` |
| repoServer.livenessProbe.timeoutSeconds | int | `1` |
| repoServer.logLevel | Log level | `"info"` |
| repoServer.metrics.enabled | Deploy metrics service | `false` |
| repoServer.metrics.service.annotations | Metrics service annotations | `{}` |
| repoServer.metrics.service.labels | Metrics service labels | `{}` |
| repoServer.metrics.service.servicePort | Metrics service port | `8082` |
| repoServer.metrics.serviceMonitor.enabled | Enable a prometheus ServiceMonitor. | `false` |
| repoServer.metrics.serviceMonitor.selector | Prometheus ServiceMonitor selector. | `{}` |
| repoServer.name | Repo server name | `"repo-server"` |
| repoServer.nodeSelector | controller node selector https://kubernetes.io/docs/user-guide/node-selection/ | `{}` |
| repoServer.podAnnotations | Annotations for the repo server pods | `{}` |
| repoServer.podLabels | Labels for the repo server pods | `{}` |
| repoServer.priorityClassName | Priority class for the repo server | `""` |
| repoServer.readinessProbe.failureThreshold | int | `3` |
| repoServer.readinessProbe.initialDelaySeconds | int | `10` |
| repoServer.readinessProbe.periodSeconds | int | `10` |
| repoServer.readinessProbe.successThreshold | int | `1` |
| repoServer.readinessProbe.timeoutSeconds | int | `1` |
| repoServer.resources | Resource limits and requests for the repo server pods. | `{}` |
| repoServer.service.annotations | Repo server service annotations. | `{}` |
| repoServer.service.labels | Repo server service labels. | `{}` |
| repoServer.service.port | Repo server service port. | `8081` |
| repoServer.tolerations | Tolerations for use with node taints https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | `{}` |
| repoServer.volumeMounts | Repo server volume mounts | `[]` |
| repoServer.volumes | Repo server volumes | `[]` |
## Argo Server
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| server.affinity | Assign custom affinity rules to the deployment https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ | `{}` |
| server.certificate.additionalHosts | Certificate manager additional hosts | `[]` |
| server.certificate.domain | Certificate manager domain | `"argocd.example.com"` |
| server.certificate.enabled | Enables a certificate manager certificate. | `false` |
| server.certificate.issuer | Certificate manager issuer | `{}` |
| server.config | URL for Argo CD | `{}` |
| server.containerPort | Server container port. | `8080` |
| server.extraArgs | Additional arguments for the server | `[]` |
| server.image.repository | Repository to use for the server | `global.image.repository` |
| server.image.imagePullPolicy | Image pull policy for the server | `global.image.imagePullPolicy` |
| server.image.tag | Tag to use for the repo server | `global.image.tag` |
| server.ingress.annotations | Additional ingress annotations | `{}` |
| server.ingress.enabled | Enable an ingress resource for the server | `false` |
| server.ingress.hosts | List of ingress hosts | `[]` |
| server.ingress.labels | Additional ingress labels. | `{}` |
| server.ingress.tls | Ingress TLS configuration. | `[]` |
| server.livenessProbe.failureThreshold | int | `3` |
| server.livenessProbe.initialDelaySeconds | int | `10` |
| server.livenessProbe.periodSeconds | int | `10` |
| server.livenessProbe.successThreshold | int | `1` |
| server.livenessProbe.timeoutSeconds | int | `1` |
| server.logLevel | Log level | `"info"` |
| server.metrics.enabled | Deploy metrics service | `false` |
| server.metrics.service.annotations | Metrics service annotations | `{}` |
| server.metrics.service.labels | Metrics service labels | `{}` |
| server.metrics.service.servicePort | Metrics service port | `8082` |
| server.metrics.serviceMonitor.enabled | Enable a prometheus ServiceMonitor. | `false` |
| server.metrics.serviceMonitor.selector | Prometheus ServiceMonitor selector. | `{}` |
| server.name | Argo CD server name | `"server"` |
| server.nodeSelector | controller node selector https://kubernetes.io/docs/user-guide/node-selection/ | `{}` |
| server.podAnnotations | Annotations for the repo server pods | `{}` |
| server.podLabels | Labels for the repo server pods | `{}` |
| server.priorityClassName | Priority class for the repo server | `""` |
| server.rbacConfig | Argo CD RBAC policy https://argoproj.github.io/argo-cd/operator-manual/rbac/ | `See [values.yaml](values.yaml)` |
| server.readinessProbe.failureThreshold | int | `3` |
| server.readinessProbe.initialDelaySeconds | int | `10` |
| server.readinessProbe.periodSeconds | int | `10` |
| server.readinessProbe.successThreshold | int | `1` |
| server.readinessProbe.timeoutSeconds | int | `1` |
| server.resources | Resource limits and requests for the server | `{}` |
| server.service.annotations | Server service annotations | `{}` |
| server.service.labels | Server service labels | `{}` |
| server.service.servicePortHttp | Server service http port | `80` |
| server.service.servicePortHttps | Server service https port | `443` |
| server.service.type | Server service type | `"ClusterIP"` |
| server.serviceAccount.create | Create server service account | `true` |
| server.serviceAccount.name | Server service account name | `"argocd-server"` |
| server.tolerations | Tolerations for use with node taints https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | `{}` |
| server.volumeMounts | Server volume mounts | `[]` |
| server.volumes | Server volumes | `[]` |
## Dex
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| dex.affinity | Assign custom affinity rules to the deployment https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ | `{}` |
| dex.containerPortGrpc | GRPC container port | `5557` |
| dex.containerPortHttp | HTTP container port | `5556` |
| dex.enabled | Enable dex | `true` |
| dex.image.imagePullPolicy | Dex imagePullPolicy | `"IfNotPresent"` |
| dex.image.repository | Dex image repository | `"quay.io/dexidp/dex"` |
| dex.image.tag | Dex image tag | `"v2.14.0"` |
| dex.initImage.repository | Argo CD init image repository. | `global.image.repository` |
| dex.initImage.imagePullPolicy | Argo CD init image imagePullPolicy | `global.image.imagePullPolicy` |
| dex.initImage.tag | Argo CD init image tag | `global.image.tag` |
| dex.name | Dex name | `"dex-server"` |
| dex.nodeSelector | Dex node selector https://kubernetes.io/docs/user-guide/node-selection/ | `{}` |
| dex.priorityClassName | Priority class for dex | `""` |
| dex.resources | Resource limits and requests for dex | `{}` |
| dex.serviceAccount.create | Create dex service account | `true` |
| dex.serviceAccount.name | Dex service account name | `"argocd-dex-server"` |
| dex.servicePortGrpc | Server GRPC port | `5557` |
| dex.servicePortHttp | Server HTTP port | `5556` |
| dex.tolerations | Tolerations for use with node taints https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | `{}` |
| dex.volumeMounts | Dex volume mounts | `"/shared"` |
| dex.volumes | Dex volumes | `{}` |
## Redis
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| redis.affinity | Assign custom affinity rules to the deployment https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ | `{}` |
| redis.containerPort | Redis container port | `6379` |
| redis.enabled | Enable redis | `false` |
| redis.image.imagePullPolicy | Redis imagePullPolicy | `"IfNotPresent"` |
| redis.image.repository | Redis repository | `"redis"` |
| redis.image.tag | Redis tag | `"5.0.3"` |
| redis.name | Redis name | `"redis"` |
| redis.nodeSelector | Redis node selector https://kubernetes.io/docs/user-guide/node-selection/ | `{}` |
| redis.priorityClassName | Priority class for redis | `""` |
| redis.resources | Resource limits and requests for redis | `{}` |
| redis.servicePort | Redis service port | `6379` |
| redis.tolerations | Tolerations for use with node taints https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | `{}` |

0
charts/argo-cd/requirements.yaml Normal file
View File

10
charts/argo-cd/templates/NOTES.txt
View File

@ -1,13 +1,15 @@
In order to access the server UI you have the following options:
1. kubectl port-forward svc/argocd-server -n argocd 8080:443
1. kubectl port-forward service/argo-cd-argocd-server -n argocd 8080:443
and then open the browser on http://localhost:8080 and accept the certificate
2. enable ingress and check the first option ssl passthrough:
https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ingress.md#option-1-ssl-passthrough
2. enable ingress in the values file `service.ingress.enabled` and either
- Add the annotation for ssl passthrough: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ingress.md#option-1-ssl-passthrough
- Add the `insecure: ""` flag to `server.extraArgs` in the values file and terminate SSL at your ingress: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ingress.md#option-2-multiple-ingress-objects-and-hosts
After reaching the UI the first time you can login with username: admin and the password will be the
name of the server pod. You can get the pod name by running:
kubectl get pods -n argocd -l app.kubernetes.io/name={{ include "argo-cd.name" . }}-server -o name | cut -d'/' -f 2
kubectl get pods -n argocd -l app.kubernetes.io/name={{ include "argo-cd.name" . }}-server -o name | cut -d'/' -f 2

70
charts/argo-cd/templates/_helpers.tpl
View File

@ -24,9 +24,77 @@ If release name contains chart name it will be used as a full name.
{{- end -}}
{{- end -}}
{{/*
Create controller name and version as used by the chart label.
*/}}
{{- define "argo-cd.controller.fullname" -}}
{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.controller.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create dex name and version as used by the chart label.
*/}}
{{- define "argo-cd.dex.fullname" -}}
{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.dex.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create redis name and version as used by the chart label.
*/}}
{{- define "argo-cd.redis.fullname" -}}
{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.redis.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create argocd server name and version as used by the chart label.
*/}}
{{- define "argo-cd.server.fullname" -}}
{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.server.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create argocd repo-server name and version as used by the chart label.
*/}}
{{- define "argo-cd.repoServer.fullname" -}}
{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.repoServer.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create the name of the controller service account to use
*/}}
{{- define "argo-cd.controllerServiceAccountName" -}}
{{- if .Values.controller.serviceAccount.create -}}
{{ default (include "argo-cd.fullname" .) .Values.controller.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.controller.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create the name of the dex service account to use
*/}}
{{- define "argo-cd.dexServiceAccountName" -}}
{{- if .Values.dex.serviceAccount.create -}}
{{ default (include "argo-cd.fullname" .) .Values.dex.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.dex.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create the name of the ArgoCD server service account to use
*/}}
{{- define "argo-cd.serverServiceAccountName" -}}
{{- if .Values.server.serviceAccount.create -}}
{{ default (include "argo-cd.fullname" .) .Values.server.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.server.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "argo-cd.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}

51
charts/argo-cd/templates/argocd-application-controller-deployment.yaml
View File

@ -1,51 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: argocd-application-controller
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-application-controller
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: application-controller
spec:
selector:
matchLabels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-application-controller
template:
metadata:
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-application-controller
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: application-controller
spec:
containers:
- command:
- argocd-application-controller
- --status-processors
- "20"
- --operation-processors
- "10"
image: {{ .Values.applicationController.image.repository }}:{{ .Values.applicationController.image.tag }}
imagePullPolicy: {{ .Values.applicationController.image.pullPolicy }}
name: argocd-application-controller
ports:
- containerPort: {{ .Values.applicationController.containerPort }}
readinessProbe:
tcpSocket:
port: {{ .Values.applicationController.containerPort }}
initialDelaySeconds: 5
periodSeconds: 10
volumeMounts:
{{- if .Values.applicationController.volumeMounts }}
{{ toYaml .Values.applicationController.volumeMounts | nindent 8 | trim }}
{{- end }}
serviceAccountName: argocd-application-controller
volumes:
{{- if .Values.applicationController.volumes }}
{{ toYaml .Values.applicationController.volumes | nindent 6 | trim }}
{{- end }}

19
charts/argo-cd/templates/argocd-application-controller-metrics-service.yaml
View File

@ -1,19 +0,0 @@
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-metrics
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: application-controller
name: argocd-metrics
spec:
ports:
- name: metrics
protocol: TCP
port: {{ .Values.applicationController.servicePort }}
targetPort: {{ .Values.applicationController.containerPort }}
selector:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-application-controller

17
charts/argo-cd/templates/argocd-application-controller-service.yaml
View File

@ -1,17 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: argocd-application-controller
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-application-controller
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: application-controller
spec:
ports:
- port: {{ .Values.applicationController.servicePort }}
targetPort: {{ .Values.applicationController.containerPort }}
selector:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-application-controller

8
charts/argo-cd/templates/argocd-application-controller-clusterrole.yaml → charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml
View File

@ -1,15 +1,15 @@
{{- if .Values.clusterAdminAccess.enabled }}
{{- if .Values.controller.clusterAdminAccess.enabled }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: argocd-application-controller
name: {{ template "argo-cd.controller.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-application-controller
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: application-controller
app.kubernetes.io/component: {{ .Values.controller.name }}
rules:
- apiGroups:
- '*'

21
charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml Normal file
View File

@ -0,0 +1,21 @@
{{- if .Values.controller.clusterAdminAccess.enabled }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "argo-cd.controller.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: {{ .Values.controller.name }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "argo-cd.controller.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "argo-cd.controllerServiceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}

106
charts/argo-cd/templates/argocd-application-controller/deployment.yaml Normal file
View File

@ -0,0 +1,106 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "argo-cd.controller.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: {{ .Values.controller.name }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-application-controller
app.kubernetes.io/instance: {{ .Release.Name }}
revisionHistoryLimit: 5
replicas: 1
template:
metadata:
{{- if .Values.controller.podAnnotations }}
annotations:
{{- range $key, $value := .Values.controller.podAnnotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: {{ .Values.controller.name }}
{{- if .Values.controller.podLabels }}
{{- toYaml .Values.controller.podLabels | nindent 8 }}
{{- end }}
spec:
containers:
- command:
- argocd-application-controller
- --status-processors
- {{ .Values.controller.args.statusProcessors | quote }}
- --operation-processors
- {{ .Values.controller.args.operationProcessors | quote }}
- --repo-server
- {{ template "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }}
- --loglevel
- {{ .Values.controller.logLevel }}
{{- if .Values.redis.enabled }}
- --redis
- {{ template "argo-cd.redis.fullname" . }}:{{ .Values.redis.servicePort }}
{{- end }}
{{- range $key, $value := .Values.controller.extraArgs }}
{{- if $value }}
- --{{ $key }}={{ $value }}
{{- else }}
- --{{ $key }}
{{- end }}
{{- end }}
image: {{ default .Values.global.image.repository .Values.controller.image.repository }}:{{ default .Values.global.image.tag .Values.controller.image.tag }}
imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.controller.image.imagePullPolicy }}
name: {{ .Values.controller.name }}
ports:
- name: controller
containerPort: {{ .Values.controller.containerPort }}
protocol: TCP
livenessProbe:
httpGet:
path: /healthz
port: {{ .Values.controller.containerPort }}
initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.controller.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }}
readinessProbe:
tcpSocket:
port: {{ .Values.controller.containerPort }}
initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.controller.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }}
{{- if .Values.controller.volumeMounts }}
volumeMounts:
{{- toYaml .Values.controller.volumeMounts | nindent 10}}
{{- end }}
resources:
{{- toYaml .Values.controller.resources | nindent 10 }}
{{- if .Values.controller.nodeSelector }}
nodeSelector:
{{- toYaml .Values.controller.nodeSelector | nindent 8 }}
{{- end }}
{{- if .Values.controller.tolerations }}
tolerations:
{{- toYaml .Values.controller.tolerations | nindent 8 }}
{{- end }}
{{- if .Values.controller.affinity }}
affinity:
{{- toYaml .Values.controller.affinity | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "argo-cd.controllerServiceAccountName" . }}
{{- if .Values.controller.volumes }}
volumes:
{{- toYaml .Values.controller.volumes | nindent 8 }}
{{- end }}

31
charts/argo-cd/templates/argocd-application-controller/metrics-service.yaml Normal file
View File

@ -0,0 +1,31 @@
{{- if .Values.controller.metrics.enabled}}
apiVersion: v1
kind: Service
metadata:
{{- if .Values.controller.metrics.service.annotations }}
annotations:
{{- range $key, $value := .Values.controller.metrics.service.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-metrics
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: {{ .Values.controller.name }}
{{- if .Values.controller.metrics.service.labels }}
{{- toYaml .Values.controller.metrics.service.labels | nindent 4 }}
{{- end }}
name: {{ template "argo-cd.controller.fullname" . }}-metrics
spec:
ports:
- name: metrics
protocol: TCP
port: {{ .Values.controller.metrics.service.servicePort }}
targetPort: controller
selector:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }}
{{- end }}

9
charts/argo-cd/templates/argocd-application-controller-role.yaml → charts/argo-cd/templates/argocd-application-controller/role.yaml
View File

@ -1,14 +1,14 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: argocd-application-controller
name: {{ template "argo-cd.controller.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-application-controller
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: application-controller
app.kubernetes.io/component: {{ .Values.controller.name }}
rules:
- apiGroups:
- ""
@ -38,5 +38,4 @@ rules:
- events
verbs:
- create
- list
- list

11
charts/argo-cd/templates/argocd-dex-server-rolebinding.yaml → charts/argo-cd/templates/argocd-application-controller/rolebinding.yaml
View File

@ -1,18 +1,19 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: argocd-dex-server
name: {{ template "argo-cd.controller.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-dex-server
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: dex-server
app.kubernetes.io/component: {{ .Values.controller.name }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: argocd-dex-server
name: {{ template "argo-cd.controller.fullname" . }}
subjects:
- kind: ServiceAccount
name: argocd-dex-server
name: {{ template "argo-cd.controllerServiceAccountName" . }}
namespace: {{ .Release.Namespace }}

25
charts/argo-cd/templates/argocd-application-controller/service.yaml Normal file
View File

@ -0,0 +1,25 @@
apiVersion: v1
kind: Service
metadata:
{{- if .Values.controller.service.annotations }}
annotations:
{{- range $key, $value := .Values.controller.service.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
name: {{ template "argo-cd.controller.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: {{ .Values.controller.name }}
spec:
ports:
- name: {{ .Values.controller.name }}
port: {{ .Values.controller.service.port }}
targetPort: {{ .Values.controller.containerPort }}
selector:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }}

6
charts/argo-cd/templates/argocd-application-controller-sa.yaml → charts/argo-cd/templates/argocd-application-controller/serviceaccount.yaml
View File

@ -1,11 +1,11 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: argocd-application-controller
name: {{ template "argo-cd.controllerServiceAccountName" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-application-controller
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: application-controller
app.kubernetes.io/component: {{ .Values.controller.name }}

32
charts/argo-cd/templates/argocd-application-controller/servicemonitor.yaml Normal file
View File

@ -0,0 +1,32 @@
{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "argo-cd.controller.fullname" . }}
{{- if .Values.controller.metrics.serviceMonitor.namespace }}
namespace: {{ .Values.controller.metrics.serviceMonitor.namespace }}
{{- end }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.controller.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: {{ .Values.controller.name }}
{{- toYaml .Values.controller.metrics.serviceMonitor.selector | nindent 4 }}
{{- if .Values.controller.metrics.serviceMonitor.additionalLabels }}
{{- toYaml .Values.controller.metrics.serviceMonitor.additionalLabels | nindent 4 }}
{{- end }}
spec:
endpoints:
- port: metrics
interval: 30s
path: /metrics
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
selector:
matchLabels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-metrics
app.kubernetes.io/component: {{ .Values.controller.name }}
{{- end }}

48
charts/argo-cd/templates/argocd-cm.yaml
View File

@ -1,48 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-cm
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
data:
{{- if .Values.config.enableAnonymousAccess }}
users.anonymous.enabled: "{{ .Values.config.enableAnonymousAccess }}"
{{- end }}
{{- if .Values.config.helmRepositories }}
helm.repositories: |
{{ toYaml .Values.config.helmRepositories | indent 4 }}
{{- end }}
{{- if .Values.config.repositories }}
repositories: |
{{ toYaml .Values.config.repositories | indent 4 }}
{{- end }}
{{- if .Values.config.dexConfig }}
dex.config: |
{{ toYaml .Values.config.dexConfig | indent 4 }}
{{- end }}
{{- if .Values.config.url }}
url: {{ .Values.config.url }}
{{- end }}
{{- if .Values.config.instanceLabelKey }}
application.instanceLabelKey: {{ .Values.config.instanceLabelKey }}
{{- end }}
{{- if .Values.config.oidcConfig }}
oidc.config: |
{{ toYaml .Values.config.oidcConfig | indent 4 }}
{{- end }}
{{- if .Values.config.resourceCustomizations }}
resource.customizations: |
{{ toYaml .Values.config.resourceCustomizations | indent 4 }}
{{- end }}
{{- if .Values.config.resourceExclusions }}
resource.exclusions: |
{{ toYaml .Values.config.resourceExclusions | indent 4 }}
{{- end }}
{{- if .Values.config.configManagementPlugins }}
configManagementPlugins: |
{{ toYaml .Values.config.configManagementPlugins | indent 4 }}
{{- end }}

10
charts/argo-cd/templates/argocd-dex-server-sa.yaml → charts/argo-cd/templates/argocd-configs/argocd-cm.yaml
View File

@ -1,11 +1,13 @@
apiVersion: v1
kind: ServiceAccount
kind: ConfigMap
metadata:
name: argocd-dex-server
name: argocd-cm
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-dex-server
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-cm
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: dex-server
app.kubernetes.io/component: {{ .Values.server.name }}
data:
{{- toYaml .Values.server.config | nindent 4 }}

13
charts/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-rbac-cm
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-rbac-cm
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: {{ .Values.server.name }}
data:
{{- toYaml .Values.server.rbacConfig | nindent 4 }}

27
charts/argo-cd/templates/argocd-configs/argocd-secret.yaml Normal file
View File

@ -0,0 +1,27 @@
{{- if .Values.configs.secret.createSecret }}
apiVersion: v1
kind: Secret
metadata:
name: argocd-secret
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-secret
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: {{ .Values.server.name }}
type: Opaque
{{- if or .Values.configs.secret.githubSecret (or .Values.configs.secret.gitlabSecret .Values.configs.secret.bitbucketSecret) }}
# Setting a blank data again will wipe admin password/key/cert
data:
{{- if .Values.configs.secret.githubSecret }}
github.webhook.secret: {{ .Values.configs.secret.githubSecret | b64enc }}
{{- end }}
{{- if .Values.configs.secret.gitlabSecret }}
gitlab.webhook.secret: {{ .Values.configs.secret.gitlabSecret | b64enc }}
{{- end }}
{{- if .Values.configs.secret.bitbucketSecret }}
bitbucket.webhook.uuid: {{ .Values.configs.secret.bitbucketSecret | b64enc }}
{{- end }}
{{- end }}
{{- end }}

12
charts/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: v1
{{- toYaml .Values.configs.knownHosts | nindent 0 }}
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-ssh-known-hosts-cm
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: {{ .Values.server.name }}
name: argocd-ssh-known-hosts-cm

14
charts/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml Normal file
View File

@ -0,0 +1,14 @@
apiVersion: v1
{{- if .Values.configs.tlsCerts }}
{{- toYaml .Values.configs.tlsCerts | nindent 0 }}
{{- end }}
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-tls-certs-cm
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: {{ .Values.server.name }}
name: argocd-tls-certs-cm

54
charts/argo-cd/templates/argocd-dex-server-deployment.yaml
View File

@ -1,54 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: argocd-dex-server
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-dex-server
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: dex-server
spec:
selector:
matchLabels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-dex-server
template:
metadata:
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-dex-server
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: dex-server
spec:
serviceAccountName: argocd-dex-server
initContainers:
- name: copyutil
image: {{ .Values.dexServer.initImage.repository }}:{{ .Values.dexServer.initImage.tag }}
imagePullPolicy: {{ .Values.dexServer.initImage.pullPolicy }}
command: [cp, /usr/local/bin/argocd-util, /shared]
volumeMounts:
- mountPath: /shared
name: static-files
containers:
- name: dex
image: {{ .Values.dexServer.image.repository }}:{{ .Values.dexServer.image.tag }}
imagePullPolicy: {{ .Values.dexServer.image.pullPolicy }}
command: [/shared/argocd-util, rundex]
ports:
- containerPort: {{ .Values.dexServer.containerPortHttp }}
- containerPort: {{ .Values.dexServer.containerPortGrpc }}
volumeMounts:
- mountPath: /shared
name: static-files
{{- if .Values.dexServer.volumeMounts }}
{{ toYaml .Values.dexServer.volumeMounts | nindent 8 | trim }}
{{- end }}
volumes:
- emptyDir: {}
name: static-files
{{- if .Values.dexServer.volumes }}
{{ toYaml .Values.dexServer.volumes | nindent 6 | trim }}
{{- end }}

23
charts/argo-cd/templates/argocd-dex-server-service.yaml
View File

@ -1,23 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: argocd-dex-server
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-dex-server
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: dex-server
spec:
ports:
- name: http
protocol: TCP
port: {{ .Values.dexServer.servicePortHttp }}
targetPort: {{ .Values.dexServer.containerPortHttp }}
- name: grpc
protocol: TCP
port: {{ .Values.dexServer.servicePortGrpc }}
targetPort: {{ .Values.dexServer.containerPortGrpc }}
selector:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-dex-server

21
charts/argo-cd/templates/argocd-rbac-cm.yaml
View File

@ -1,21 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-rbac-cm
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
data:
{{- if .Values.rbac.policyDefault }}
policy.default: {{ .Values.rbac.policyDefault }}
{{- end }}
{{- if .Values.rbac.policyCsv }}
policy.csv:
{{- toYaml .Values.rbac.policyCsv | indent 4 }}
{{- end }}
{{- if .Values.rbac.scopes }}
scopes: {{ .Values.rbac.scopes }}
{{- end }}

38
charts/argo-cd/templates/argocd-redis-deployment.yaml
View File

@ -1,38 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: argocd-redis
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-redis
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: redis
spec:
selector:
matchLabels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-redis
template:
metadata:
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-redis
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: redis
spec:
automountServiceAccountToken: false
containers:
- name: redis
args:
- --save
- ""
- --appendonly
- "no"
image: {{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }}
imagePullPolicy: {{ .Values.redis.image.pullPolicy}}
ports:
- containerPort: {{ .Values.redis.containerPort }}

69
charts/argo-cd/templates/argocd-repo-server-deployment.yaml
View File

@ -1,69 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: argocd-repo-server
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-repo-server
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: repo-server
spec:
selector:
matchLabels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-repo-server
template:
metadata:
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-repo-server
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: repo-server
spec:
automountServiceAccountToken: false
containers:
- name: argocd-repo-server
image: {{ .Values.repoServer.image.repository }}:{{ .Values.repoServer.image.tag }}
imagePullPolicy: {{ .Values.repoServer.image.pullPolicy}}
command: [argocd-repo-server]
ports:
- containerPort: {{ .Values.repoServer.containerPort }}
livenessProbe:
initialDelaySeconds: 5
periodSeconds: 10
tcpSocket:
port: {{ .Values.repoServer.containerPort }}
readinessProbe:
tcpSocket:
port: {{ .Values.repoServer.containerPort }}
initialDelaySeconds: 5
periodSeconds: 10
volumeMounts:
- mountPath: /app/config/ssh
name: ssh-known-hosts
- mountPath: /app/config/tls
name: tls-certs
{{- if .Values.repoServer.volumeMounts }}
{{ toYaml .Values.repoServer.volumeMounts | nindent 8 | trim }}
{{- end }}
volumes:
- configMap:
name: argocd-ssh-known-hosts-cm
name: ssh-known-hosts
- configMap:
name: argocd-tls-certs-cm
name: tls-certs
{{- if .Values.repoServer.volumes }}
{{ toYaml .Values.repoServer.volumes | nindent 6 | trim }}
{{- end }}
{{- if .Values.repoServer.initContainers }}
initContainers:
{{ toYaml .Values.repoServer.initContainers | nindent 6 | trim }}
{{- end }}
{{- if .Values.repoServer.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.repoServer.imagePullSecrets | nindent 6 | trim }}
{{- end }}

17
charts/argo-cd/templates/argocd-repo-server-service.yaml
View File

@ -1,17 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: argocd-repo-server
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-repo-server
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: repo-server
spec:
ports:
- port: {{ .Values.repoServer.servicePort }}
targetPort: {{ .Values.repoServer.servicePort }}
selector:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-repo-server

121
charts/argo-cd/templates/argocd-repo-server/deployment.yaml Normal file
View File

@ -0,0 +1,121 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "argo-cd.repoServer.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: {{ .Values.repoServer.name }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }}
app.kubernetes.io/instance: {{ .Release.Name }}
revisionHistoryLimit: 5
replicas: 1
template:
metadata:
{{- if .Values.repoServer.podAnnotations }}
annotations:
{{- range $key, $value := .Values.repoServer.podAnnotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: {{ .Values.repoServer.name }}
{{- if .Values.controller.podLabels }}
{{- toYaml .Values.controller.podLabels | nindent 8 }}
{{- end }}
spec:
containers:
- name: {{ .Values.repoServer.name }}
image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default .Values.global.image.tag .Values.repoServer.image.tag }}
imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.repoServer.image.imagePullPolicy }}
command:
- argocd-repo-server
{{- if .Values.redis.enabled }}
- --redis
- {{ template "argo-cd.redis.fullname" . }}:{{ .Values.redis.servicePort }}
{{- end }}
- --loglevel
- {{ .Values.repoServer.logLevel }}
{{- range $key, $value := .Values.repoServer.extraArgs }}
{{- if $value }}
- --{{ $key }}={{ $value }}
{{- else }}
- --{{ $key }}
{{- end }}
{{- end }}
volumeMounts:
{{- if .Values.repoServer.volumeMounts }}
{{- toYaml .Values.repoServer.volumeMounts | nindent 10}}
{{- end }}
{{- if .Values.configs.knownHosts }}
- mountPath: /app/config/ssh
name: ssh-known-hosts
{{- end }}
{{- if .Values.configs.tlsCerts }}
- mountPath: /app/config/tls
name: tls-certs
{{- end }}
ports:
- name: repo-server
containerPort: {{ .Values.repoServer.containerPort }}
protocol: TCP
{{ if .Values.repoServer.metrics.enabled }}
- name: metrics
containerPort: 8084
protocol: TCP
{{- end }}
livenessProbe:
tcpSocket:
port: {{ .Values.repoServer.containerPort }}
initialDelaySeconds: {{ .Values.repoServer.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.repoServer.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.repoServer.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.repoServer.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.repoServer.livenessProbe.failureThreshold }}
readinessProbe:
tcpSocket:
port: {{ .Values.repoServer.containerPort }}
initialDelaySeconds: {{ .Values.repoServer.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.repoServer.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.repoServer.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.repoServer.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.repoServer.readinessProbe.failureThreshold }}
resources:
{{- toYaml .Values.repoServer.resources | nindent 10 }}
{{- if .Values.repoServer.nodeSelector }}
nodeSelector:
{{- toYaml .Values.repoServer.nodeSelector | nindent 8 }}
{{- end }}
{{- if .Values.repoServer.tolerations }}
tolerations:
{{- toYaml .Values.repoServer.tolerations | nindent 8 }}
{{- end }}
{{- if .Values.repoServer.affinity }}
affinity:
{{- toYaml .Values.repoServer.affinity | nindent 8 }}
{{- end }}
volumes:
{{- if .Values.repoServer.volumes }}
{{- toYaml .Values.repoServer.volumes | nindent 8}}
{{- end }}
{{- if .Values.configs.knownHosts }}
- configMap:
name: argocd-ssh-known-hosts-cm
name: ssh-known-hosts
{{- end }}
{{- if .Values.configs.tlsCerts }}
- configMap:
name: argocd-tls-certs-cm
name: tls-certs
{{- end }}

31
charts/argo-cd/templates/argocd-repo-server/metrics-service.yaml Normal file
View File

@ -0,0 +1,31 @@
{{- if .Values.repoServer.metrics.enabled}}
apiVersion: v1
kind: Service
metadata:
{{- if .Values.repoServer.metrics.service.annotations }}
annotations:
{{- range $key, $value := .Values.repoServer.metrics.service.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
labels:
app.kubernetes.io/name: {{ template "argo-cd.repoServer.fullname" . }}-metrics
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: {{ .Values.repoServer.name }}
{{- if .Values.repoServer.metrics.service.labels }}
{{- toYaml .Values.repoServer.metrics.service.labels | nindent 4 }}
{{- end }}
name: {{ template "argo-cd.repoServer.fullname" . }}-metrics
spec:
ports:
- name: metrics
protocol: TCP
port: {{ .Values.repoServer.metrics.service.servicePort }}
targetPort: metrics
selector:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }}
{{- end }}

26
charts/argo-cd/templates/argocd-repo-server/service.yaml Normal file
View File

@ -0,0 +1,26 @@
apiVersion: v1
kind: Service
metadata:
{{- if .Values.repoServer.service.annotations }}
annotations:
{{- range $key, $value := .Values.repoServer.service.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: {{ .Values.repoServer.name }}
name: {{ template "argo-cd.repoServer.fullname" . }}
spec:
ports:
- name: repo-server
protocol: TCP
port: {{ .Values.repoServer.service.port }}
targetPort: repo-server
selector:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }}

33
charts/argo-cd/templates/argocd-repo-server/servicemonitor.yaml Normal file
View File

@ -0,0 +1,33 @@
{{- if and .Values.repoServer.metrics.enabled .Values.repoServer.metrics.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "argo-cd.repoServer.fullname" . }}
{{- if .Values.repoServer.metrics.serviceMonitor.namespace }}
namespace: {{ .Values.repoServer.metrics.serviceMonitor.namespace }}
{{- end }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: {{ .Values.repoServer.name }}
{{- toYaml .Values.repoServer.metrics.serviceMonitor.selector | nindent 4 }}
{{- if .Values.repoServer.metrics.serviceMonitor.additionalLabels }}
{{- toYaml .Values.repoServer.metrics.serviceMonitor.additionalLabels | nindent 4 }}
{{- end }}
spec:
endpoints:
- port: metrics
interval: 30s
path: /metrics
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
selector:
matchLabels:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ template "argo-cd.repoServer.fullname" . }}-metrics
app.kubernetes.io/component: {{ .Values.repoServer.name }}
{{- end }}

26
charts/argo-cd/templates/argocd-secret.yaml
View File

@ -1,26 +0,0 @@
{{- if .Values.config.createSecret }}
apiVersion: v1
kind: Secret
metadata:
name: argocd-secret
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
type: Opaque
{{- if or .Values.config.webhook.githubSecret (or .Values.config.webhook.gitlabSecret .Values.config.webhook.bitbucketSecret) }}
# Setting a blank data again will wipe admin password/key/cert
data:
{{- if .Values.config.webhook.githubSecret }}
github.webhook.secret: {{ .Values.config.webhook.githubSecret }}
{{- end }}
{{- if .Values.config.webhook.gitlabSecret }}
gitlab.webhook.secret: {{ .Values.config.webhook.gitlabSecret }}
{{- end }}
{{- if .Values.config.webhook.bitbucketSecret }}
bitbucket.webhook.uuid: {{ .Values.config.webhook.bitbucketSecret }}
{{- end }}
{{- end }}
{{- end }}

21
charts/argo-cd/templates/argocd-server-clusterrolebinding.yaml
View File

@ -1,21 +0,0 @@
{{- if .Values.clusterAdminAccess.enabled }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: argocd-server
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-server
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: server
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: argocd-server
subjects:
- kind: ServiceAccount
name: argocd-server
namespace: {{ .Release.Namespace }}
{{- end -}}

77
charts/argo-cd/templates/argocd-server-deployment.yaml
View File

@ -1,77 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: argocd-server
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-server
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: server
spec:
selector:
matchLabels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-server
template:
metadata:
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-server
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: server
annotations:
{{- range $key, $value := .Values.server.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
serviceAccountName: argocd-server
containers:
- name: argocd-server
image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag }}
imagePullPolicy: {{ .Values.server.image.pullPolicy }}
command:
- argocd-server
- --staticassets
- /shared/app
{{- range .Values.server.extraArgs }}
- {{. | quote }}
{{- end }}
volumeMounts:
- mountPath: /app/config/ssh
name: ssh-known-hosts
- mountPath: /app/config/tls
name: tls-certs
{{- if .Values.server.volumeMounts }}
{{ toYaml .Values.server.volumeMounts | nindent 8 | trim }}
{{- end }}
ports:
- containerPort: {{ .Values.server.containerPort }}
- containerPort: {{ .Values.server.metricsPort }}
livenessProbe:
httpGet:
path: /healthz
port: {{ .Values.server.containerPort }}
initialDelaySeconds: 3
periodSeconds: 30
readinessProbe:
httpGet:
path: /healthz
port: {{ .Values.server.containerPort }}
initialDelaySeconds: 3
periodSeconds: 30
volumes:
- emptyDir: {}
name: static-files
- configMap:
name: argocd-ssh-known-hosts-cm
name: ssh-known-hosts
- configMap:
name: argocd-tls-certs-cm
name: tls-certs
{{- if .Values.server.volumes }}
{{ toYaml .Values.server.volumes | nindent 6 | trim }}
{{- end }}

33
charts/argo-cd/templates/argocd-server-ingress.yaml
View File

@ -1,33 +0,0 @@
{{- if .Values.ingress.enabled -}}
{{- $host := regexReplaceAll "^https?://([^/]+)(/.*)?$" .Values.config.url "${1}" }}
{{- $path := default "/" (regexReplaceAll "^https?://([^/]+)(/.*)?$" .Values.config.url "${2}") }}
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: argocd-server
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
{{- with .Values.ingress.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
spec:
rules:
{{- range prepend .Values.ingress.additionalHosts $host }}
- host: {{ . | quote }}
http:
paths:
- path: {{ $path | quote }}
backend:
serviceName: argocd-server
servicePort: https
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{ toYaml .Values.ingress.tls | indent 4 }}
{{- end -}}
{{- end }}

19
charts/argo-cd/templates/argocd-server-metrics.yaml
View File

@ -1,19 +0,0 @@
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-server
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: server
name: argocd-server-metrics
spec:
ports:
- name: metrics
protocol: TCP
port: {{ .Values.server.servicePortHttp }}
targetPort: {{ .Values.server.metricsPort }}
selector:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-server

28
charts/argo-cd/templates/argocd-server-service.yaml
View File

@ -1,28 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: argocd-server
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-server
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: server
{{- if .Values.server.serviceAnnotations }}
annotations:
{{ toYaml .Values.server.serviceAnnotations | indent 4}}{{- end }}
spec:
type: {{ .Values.server.serviceType }}
ports:
- name: http
protocol: TCP
port: {{ .Values.server.servicePortHttp }}
targetPort: {{ .Values.server.containerPort }}
- name: https
protocol: TCP
port: {{ .Values.server.servicePortHttps }}
targetPort: {{ .Values.server.containerPort }}
selector:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-server

42
charts/argo-cd/templates/argocd-server/applications.yaml Normal file
View File

@ -0,0 +1,42 @@
{{- if .Values.server.additionalApplications }}
apiVersion: v1
kind: List
items:
{{- range .Values.server.additionalApplications }}
- apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
{{- if .additionalAnnotations }}
annotations:
{{- range $key, $value := .additionalAnnotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- if .additionalLabels }}
labels:
{{- toYaml .additionalLabels | nindent 8 }}
{{- end }}
name: {{ .name }}
{{- if .namespace }}
namespace: {{ .namespace }}
{{- end }}
{{- if .finalizers }}
finalizers:
{{- toYaml .finalizers | nindent 8 }}
{{- end }}
spec:
project: {{ tpl .project $ }}
source:
{{- toYaml .source | nindent 8 }}
destination:
{{- toYaml .destination | nindent 8 }}
{{- if .syncPolicy }}
syncPolicy:
{{- toYaml .syncPolicy | nindent 8 }}
{{- end }}
{{- if .ignoreDifferences }}
ignoreDifferences:
{{- toYaml .ignoreDifferences | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}

12
charts/argo-cd/templates/argocd-server-certificate.yaml → charts/argo-cd/templates/argocd-server/certificate.yaml
View File

@ -1,19 +1,19 @@
{{- if .Values.certificate.enabled -}}
{{- $commonName := regexReplaceAll "^https?://([^/]+)(/.*)?$" .Values.config.url "${1}" }}
{{- if .Values.server.certificate.enabled -}}
apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
name: argocd-server
name: {{ template "argo-cd.server.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: {{ .Values.server.name }}
spec:
commonName: {{ $commonName | quote }}
commonName: {{ .Values.server.certificate.domain | quote }}
dnsNames:
- {{ $commonName | quote }}
- {{ .Values.server.certificate.domain | quote }}
{{- range .Values.ingress.additionalHosts }}
- {{ . | quote }}
{{- end }}

10
charts/argo-cd/templates/argocd-server-clusterrole.yaml → charts/argo-cd/templates/argocd-server/clusterrole.yaml
View File

@ -1,15 +1,14 @@
{{- if .Values.clusterAdminAccess.enabled }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: argocd-server
name: {{ template "argo-cd.server.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-server
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: server
app.kubernetes.io/component: {{ .Values.server.name }}
rules:
- apiGroups:
- '*'
@ -31,5 +30,4 @@ rules:
- pods
- pods/log
verbs:
- get
{{- end }}
- get

14
charts/argo-cd/templates/argocd-application-controller-clusterrolebinding.yaml → charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml
View File

@ -1,21 +1,19 @@
{{- if .Values.clusterAdminAccess.enabled }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: argocd-application-controller
name: {{ template "argo-cd.server.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-application-controller
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: application-controller
app.kubernetes.io/component: {{ .Values.server.name }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: argocd-application-controller
name: {{ template "argo-cd.server.fullname" . }}
subjects:
- kind: ServiceAccount
name: argocd-application-controller
namespace: {{ .Release.Namespace }}
{{- end -}}
name: {{ template "argo-cd.serverServiceAccountName" . }}
namespace: {{ .Release.Namespace }}

134
charts/argo-cd/templates/argocd-server/deployment.yaml Normal file
View File

@ -0,0 +1,134 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "argo-cd.server.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: {{ .Values.server.name }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}
app.kubernetes.io/instance: {{ .Release.Name }}
revisionHistoryLimit: 5
replicas: 1
template:
metadata:
{{- if .Values.server.podAnnotations }}
annotations:
{{- range $key, $value := .Values.server.podAnnotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: {{ .Values.server.name }}
{{- if .Values.controller.podLabels }}
{{- toYaml .Values.controller.podLabels | nindent 8 }}
{{- end }}
spec:
containers:
- name: {{ .Values.server.name }}
image: {{ default .Values.global.image.repository .Values.server.image.repository }}:{{ default .Values.global.image.tag .Values.server.image.tag }}
imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.server.image.imagePullPolicy }}
command:
- argocd-server
- --staticassets
- /shared/app
- --repo-server
- {{ template "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }}
{{- if .Values.dex.enabled }}
- --dex-server
- http://{{ template "argo-cd.dex.fullname" . }}:{{ .Values.dex.servicePortHttp }}
{{- end }}
- --loglevel
- {{ .Values.server.logLevel }}
{{- if .Values.redis.enabled }}
- --redis
- {{ template "argo-cd.redis.fullname" . }}:{{ .Values.redis.servicePort }}
{{- end }}
{{- range $key, $value := .Values.server.extraArgs }}
{{- if $value }}
- --{{ $key }}={{ $value }}
{{- else }}
- --{{ $key }}
{{- end }}
{{- end }}
volumeMounts:
{{- if .Values.server.volumeMounts }}
{{- toYaml .Values.server.volumeMounts | nindent 10}}
{{- end }}
{{- if .Values.configs.knownHosts }}
- mountPath: /app/config/ssh
name: ssh-known-hosts
{{- end }}
{{- if .Values.configs.tlsCerts }}
- mountPath: /app/config/tls
name: tls-certs
{{- end }}
ports:
- name: {{ .Values.server.name }}
containerPort: {{ .Values.server.containerPort }}
protocol: TCP
{{ if .Values.server.metrics.enabled }}
- name: metrics
containerPort: 8083
protocol: TCP
{{- end }}
livenessProbe:
httpGet:
path: /healthz
port: {{ .Values.server.containerPort }}
initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
readinessProbe:
httpGet:
path: /healthz
port: {{ .Values.server.containerPort }}
initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
resources:
{{- toYaml .Values.server.resources | nindent 10 }}
{{- if .Values.server.nodeSelector }}
nodeSelector:
{{- toYaml .Values.server.nodeSelector | nindent 8 }}
{{- end }}
{{- if .Values.server.tolerations }}
tolerations:
{{- toYaml .Values.server.tolerations | nindent 8 }}
{{- end }}
{{- if .Values.server.affinity }}
affinity:
{{- toYaml .Values.server.affinity | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "argo-cd.serverServiceAccountName" . }}
volumes:
{{- if .Values.server.volumes }}
{{- toYaml .Values.server.volumes | nindent 8}}
{{- end }}
- emptyDir: {}
name: static-files
{{- if .Values.configs.knownHosts }}
- configMap:
name: argocd-ssh-known-hosts-cm
name: ssh-known-hosts
{{- end }}
{{- if .Values.configs.tlsCerts }}
- configMap:
name: argocd-tls-certs-cm
name: tls-certs
{{- end }}

53
charts/argo-cd/templates/argocd-server/ingress.yaml Normal file
View File

@ -0,0 +1,53 @@
{{- if .Values.server.ingress.enabled -}}
{{- $serviceName := include "argo-cd.server.fullname" . -}}
{{- $servicePort := .Values.server.name -}}
{{- $paths := .Values.server.ingress.paths -}}
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
{{- if .Values.server.ingress.annotations }}
annotations:
{{- range $key, $value := .Values.server.ingress.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
name: {{ template "argo-cd.server.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: {{ .Values.server.name }}
{{- if .Values.server.ingress.labels }}
{{- toYaml .Values.server.ingress.labels | nindent 4 }}
{{- end }}
spec:
rules:
{{- if .Values.server.ingress.hosts }}
{{- range $host := .Values.server.ingress.hosts }}
- host: {{ $host }}
http:
paths:
{{- range $p := $paths }}
- path: {{ $p }}
backend:
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end -}}
{{- end -}}
{{- else }}
- http:
paths:
{{- range $p := $paths }}
- path: {{ $p }}
backend:
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end -}}
{{- end -}}
{{- if .Values.server.ingress.tls }}
tls:
{{- toYaml .Values.server.ingress.tls | nindent 4 }}
{{- end -}}
{{- end -}}

31
charts/argo-cd/templates/argocd-server/metrics-service.yaml Normal file
View File

@ -0,0 +1,31 @@
{{- if .Values.server.metrics.enabled }}
apiVersion: v1
kind: Service
metadata:
{{- if .Values.server.metrics.service.annotations }}
annotations:
{{- range $key, $value := .Values.server.metrics.service.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}-metrics
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: {{ .Values.server.name }}
{{- if .Values.server.metrics.service.labels }}
{{- toYaml .Values.server.metrics.service.labels | nindent 4 }}
{{- end }}
name: {{ template "argo-cd.server.fullname" . }}-metrics
spec:
ports:
- name: metrics
protocol: TCP
port: {{ .Values.server.metrics.service.servicePort }}
targetPort: metrics
selector:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}
{{- end }}

46
charts/argo-cd/templates/argocd-server/projects.yaml Normal file
View File

@ -0,0 +1,46 @@
{{- if .Values.server.additionalProjects }}
apiVersion: v1
kind: List
items:
{{- range .Values.server.additionalProjects }}
- apiVersion: argoproj.io/v1alpha1
kind: AppProject
metadata:
{{- if .additionalProjects }}
annotations:
{{- range $key, $value := .additionalProjects }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- if .additionalLabels }}
labels:
{{- toYaml .additionalLabels | nindent 8 }}
{{- end }}
name: {{ .name }}
{{- if .namespace }}
namespace: {{ .namespace }}
{{- end }}
spec:
description: {{ .description }}
sourceRepos:
{{- toYaml .sourceRepos | nindent 8 }}
destinations:
{{- toYaml .destinations | nindent 8 }}
{{- if .clusterResourceWhitelist }}
clusterResourceWhitelist:
{{- toYaml .clusterResourceWhitelist | nindent 8 }}
{{- end }}
{{- if .namespaceResourceBlacklist }}
namespaceResourceBlacklist:
{{- toYaml .namespaceResourceBlacklist | nindent 8 }}
{{- end }}
{{- if .orphanedResources }}
orphanedResources:
{{- toYaml .orphanedResources | nindent 8 }}
{{- end }}
{{- if .roles }}
roles:
{{- toYaml .roles | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}

8
charts/argo-cd/templates/argocd-server-role.yaml → charts/argo-cd/templates/argocd-server/role.yaml
View File

@ -1,14 +1,14 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: argocd-server
name: {{ template "argo-cd.server.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-server
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: server
app.kubernetes.io/component: {{ .Values.server.name }}
rules:
- apiGroups:
- ""
@ -42,4 +42,4 @@ rules:
- events
verbs:
- create
- list
- list

11
charts/argo-cd/templates/argocd-application-controller-rolebinding.yaml → charts/argo-cd/templates/argocd-server/rolebinding.yaml
View File

@ -1,18 +1,19 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: argocd-application-controller
name: {{ template "argo-cd.server.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-application-controller
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: application-controller
app.kubernetes.io/component: {{ .Values.server.name }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: argocd-application-controller
name: {{ template "argo-cd.server.fullname" . }}
subjects:
- kind: ServiceAccount
name: argocd-application-controller
name: {{ template "argo-cd.serverServiceAccountName" . }}
namespace: {{ .Release.Namespace }}

31
charts/argo-cd/templates/argocd-server/service.yaml Normal file
View File

@ -0,0 +1,31 @@
apiVersion: v1
kind: Service
metadata:
{{- if .Values.server.service.annotations }}
annotations:
{{- range $key, $value := .Values.server.service.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
name: {{ template "argo-cd.server.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: {{ .Values.server.name }}
spec:
type: {{ .Values.server.service.type }}
ports:
- name: http
protocol: TCP
port: {{ .Values.server.service.servicePortHttp }}
targetPort: {{ .Values.server.name }}
- name: https
protocol: TCP
port: {{ .Values.server.service.servicePortHttps }}
targetPort: {{ .Values.server.name }}
selector:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}

6
charts/argo-cd/templates/argocd-server-sa.yaml → charts/argo-cd/templates/argocd-server/serviceaccount.yaml
View File

@ -1,11 +1,11 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: argocd-server
name: {{ template "argo-cd.serverServiceAccountName" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-server
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: server
app.kubernetes.io/component: {{ .Values.server.name }}

33
charts/argo-cd/templates/argocd-server/servicemonitor.yaml Normal file
View File

@ -0,0 +1,33 @@
{{- if and .Values.server.metrics.enabled .Values.server.metrics.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "argo-cd.server.fullname" . }}
{{- if .Values.server.metrics.serviceMonitor.namespace }}
namespace: {{ .Values.controller.metrics.serviceMonitor.namespace }}
{{- end }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: {{ .Values.server.name }}
{{- toYaml .Values.server.metrics.serviceMonitor.selector | nindent 4 }}
{{- if .Values.server.metrics.serviceMonitor.additionalLabels }}
{{- toYaml .Values.server.metrics.serviceMonitor.additionalLabels | nindent 4 }}
{{- end }}
spec:
endpoints:
- port: metrics
interval: 30s
path: /metrics
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
selector:
matchLabels:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.server.name }}-metrics
app.kubernetes.io/component: {{ .Values.server.name }}
{{- end }}

19
charts/argo-cd/templates/argocd-ssh-known-hosts-cm.yaml
View File

@ -1,19 +0,0 @@
apiVersion: v1
data:
ssh_known_hosts: |
bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw==
github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=
gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf
gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9
ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H
vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
name: argocd-ssh-known-hosts-cm

11
charts/argo-cd/templates/argocd-tls-certs-cm.yaml
View File

@ -1,11 +0,0 @@
apiVersion: v1
data: null
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: argocd
name: argocd-tls-certs-cm

76
charts/argo-cd/templates/dex/deployment.yaml Normal file
View File

@ -0,0 +1,76 @@
{{- if .Values.dex.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "argo-cd.dex.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.dex.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: {{ .Values.dex.name }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.dex.name }}
app.kubernetes.io/instance: {{ .Release.Name }}
template:
metadata:
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.dex.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: {{ .Values.dex.name }}
spec:
initContainers:
- name: copyutil
image: {{ default .Values.global.image.repository .Values.dex.initImage.repository }}:{{ default .Values.global.image.tag .Values.dex.initImage.tag }}
imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.dex.initImage.pullPolicy }}
command:
- cp
- /usr/local/bin/argocd-util
- /shared
volumeMounts:
- mountPath: /shared
name: static-files
containers:
- name: {{ .Values.dex.name }}
image: {{ .Values.dex.image.repository }}:{{ .Values.dex.image.tag }}
imagePullPolicy: {{ .Values.dex.image.pullPolicy }}
command:
- /shared/argocd-util
- rundex
ports:
- name: http
containerPort: {{ .Values.dex.containerPortHttp }}
protocol: TCP
- name: grpc
containerPort: {{ .Values.dex.containerPortGrpc }}
protocol: TCP
{{- if .Values.dex.volumeMounts }}
volumeMounts:
{{- toYaml .Values.dex.volumeMounts | nindent 10 }}
{{- end }}
resources:
{{- toYaml .Values.dex.resources | nindent 10 }}
{{- if .Values.dex.nodeSelector }}
nodeSelector:
{{- toYaml .Values.dex.nodeSelector | nindent 8 }}
{{- end }}
{{- if .Values.dex.tolerations }}
tolerations:
{{- toYaml .Values.dex.tolerations | nindent 8 }}
{{- end }}
{{- if .Values.dex.affinity }}
affinity:
{{- toYaml .Values.dex.affinity | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "argo-cd.dexServiceAccountName" . }}
{{- if .Values.dex.volumes }}
volumes:
{{- toYaml .Values.dex.volumes | nindent 8}}
{{- end }}
{{- end }}

10
charts/argo-cd/templates/argocd-dex-server-role.yaml → charts/argo-cd/templates/dex/role.yaml
View File

@ -1,14 +1,15 @@
{{- if .Values.dex.enabled }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: argocd-dex-server
name: {{ template "argo-cd.dex.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-dex-server
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.dex.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: dex-server
app.kubernetes.io/component: {{ .Values.dex.name }}
rules:
- apiGroups:
- ""
@ -18,4 +19,5 @@ rules:
verbs:
- get
- list
- watch
- watch
{{- end }}

14
charts/argo-cd/templates/argocd-server-rolebinding.yaml → charts/argo-cd/templates/dex/rolebinding.yaml
View File

@ -1,19 +1,21 @@
{{- if .Values.dex.enabled }}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: argocd-server
name: {{ template "argo-cd.dex.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-server
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.dex.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: server
app.kubernetes.io/component: {{ .Values.dex.name }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: argocd-server
name: {{ template "argo-cd.dex.fullname" . }}
subjects:
- kind: ServiceAccount
name: argocd-server
name: {{ template "argo-cd.dexServiceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}

26
charts/argo-cd/templates/dex/service.yaml Normal file
View File

@ -0,0 +1,26 @@
{{- if .Values.dex.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "argo-cd.dex.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.dex.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: {{ .Values.dex.name }}
spec:
ports:
- name: http
protocol: TCP
port: {{ .Values.dex.servicePortHttp }}
targetPort: http
- name: grpc
protocol: TCP
port: {{ .Values.dex.servicePortGrpc }}
targetPort: grpc
selector:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.dex.name }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}

13
charts/argo-cd/templates/dex/serviceaccount.yaml Normal file
View File

@ -0,0 +1,13 @@
{{- if .Values.dex.enabled }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "argo-cd.dexServiceAccountName" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.dex.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: {{ .Values.dex.name }}
{{- end }}

61
charts/argo-cd/templates/redis/deployment.yaml Normal file
View File

@ -0,0 +1,61 @@
{{- if .Values.redis.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "argo-cd.redis.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.redis.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: {{ .Values.redis.name }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.redis.name }}
template:
metadata:
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.redis.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: {{ .Values.redis.name }}
spec:
automountServiceAccountToken: false
containers:
- name: {{ template "argo-cd.redis.fullname" . }}
args:
- --save
- ""
- --appendonly
- "no"
image: {{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }}
imagePullPolicy: {{ .Values.redis.image.imagePullPolicy}}
ports:
- containerPort: {{ .Values.redis.containerPort }}
{{- if .Values.redis.volumeMounts }}
volumeMounts:
{{- toYaml .Values.redis.volumeMounts | nindent 10 }}
{{- end }}
resources:
{{- toYaml .Values.redis.resources | nindent 10 }}
{{- if .Values.redis.nodeSelector }}
nodeSelector:
{{- toYaml .Values.redis.nodeSelector | nindent 8 }}
{{- end }}
{{- if .Values.redis.tolerations }}
tolerations:
{{- toYaml .Values.redis.tolerations | nindent 8 }}
{{- end }}
{{- if .Values.redis.affinity }}
affinity:
{{- toYaml .Values.redis.affinity | nindent 8 }}
{{- end }}
{{- if .Values.redis.volumes }}
volumes:
{{- toYaml .Values.redis.volumes | nindent 8}}
{{- end }}
{{- end }}

10
charts/argo-cd/templates/argocd-redis-service.yaml → charts/argo-cd/templates/redis/service.yaml
View File

@ -1,17 +1,19 @@
{{- if .Values.redis.enabled }}
apiVersion: v1
kind: Service
metadata:
name: argocd-redis
name: {{ template "argo-cd.redis.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-redis
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.redis.name }}
helm.sh/chart: {{ include "argo-cd.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
app.kubernetes.io/component: redis
app.kubernetes.io/component: {{ .Values.redis.name }}
spec:
ports:
- port: {{ .Values.redis.servicePort }}
targetPort: {{ .Values.redis.servicePort }}
selector:
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-redis
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.redis.name }}
{{- end }}

682
charts/argo-cd/values.yaml
View File

@ -1,198 +1,526 @@
applicationController:
containerPort: 8082
servicePort: 8082
image:
repository: argoproj/argocd
tag: v1.2.4
pullPolicy: Always
volumeMounts: []
volumes: []
## ArgoCD configuration
## Ref: https://github.com/argoproj/argo-cd
##
nameOverride: argocd
server:
containerPort: 8080
metricsPort: 8083
servicePortHttp: 80
servicePortHttps: 443
serviceAnnotations: {}
global:
image:
repository: argoproj/argocd
tag: v1.2.4
pullPolicy: Always
serviceType: ClusterIP
imagePullPolicy: IfNotPresent
## Controller
controller:
name: application-controller
image: {}
# repository: argoproj/argocd
# tag: v1.2.1
# imagePullPolicy: IfNotPresent
## Argo controller commandline flags
args:
statusProcessors: "20"
operationProcessors: "10"
## Argo controller log level
logLevel: info
## Additional command line arguments to pass to argocd-controller
extraArgs: []
volumeMounts: []
# - name: ssh-known-hosts
# mountPath: /app/config/ssh
volumes: []
# - name: ssh-known-hosts
# configMap:
# name: argocd-ssh-known-hosts-cm
annotations: {}
repoServer:
containerPort: 8081
servicePort: 8081
image:
repository: argoproj/argocd
tag: v1.2.4
pullPolicy: Always
volumeMounts: []
volumes: []
# - name: custom-tools
# emptyDir: {}
initContainers: []
# - name: download-tools
# image: alpine:3.8
# command: [sh, -c]
# args:
# - wget -qO- https://storage.googleapis.com/kubernetes-helm/helm-v2.12.3-linux-amd64.tar.gz | tar -xvzf - &&
# mv linux-amd64/helm /custom-tools/
# volumeMounts:
# - mountPath: /custom-tools
# name: custom-tools
imagePullSecrets: []
# - name: docker-auth-secret
## Annotations to be added to controller pods
##
podAnnotations: {}
## Labels to be added to controller pods
##
podLabels: {}
## Configures the controller port
containerPort: 8082
## Readiness and liveness probes for default backend
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
##
readinessProbe:
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
livenessProbe:
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
## Additional volumeMounts to the controller main container.
volumeMounts: []
## Additional volumes to the controller pod.
volumes: []
## Controller service configuration
service:
annotations: {}
labels: {}
port: 8082
## Node selectors and tolerations for server scheduling to nodes with taints
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
##
nodeSelector: {}
tolerations: {}
affinity: {}
priorityClassName: ""
resources: {}
# limits:
# cpu: 500m
# memory: 512Mi
# requests:
# cpu: 250m
# memory: 256Mi
serviceAccount:
create: true
name: argocd-application-controller
## Server metrics controller configuration
metrics:
enabled: false
service:
annotations: {}
labels: {}
servicePort: 8082
serviceMonitor:
enabled: false
# selector:
# prometheus: kube-prometheus
# namespace: monitoring
# additionalLabels: {}
## Enable Admin ClusterRole resources.
## Enable if you would like to grant rights to ArgoCD to deploy to the local kuberentes cluster.
clusterAdminAccess:
enabled: true
## Dex
dex:
enabled: true
name: dex-server
dexServer:
containerPortHttp: 5556
containerPortGrpc: 5557
servicePortHttp: 5556
servicePortGrpc: 5557
image:
repository: quay.io/dexidp/dex
tag: v2.19.0
pullPolicy: Always
initImage:
repository: argoproj/argocd
tag: v1.2.4
pullPolicy: Always
volumeMounts: []
volumes: []
tag: v2.14.0
imagePullPolicy: IfNotPresent
initImage: {}
# terminate tls at ArgoCD level
ingress:
enabled: false
annotations:
{}
# kubernetes.io/ingress.class: nginx
# nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
# nginx.ingress.kubernetes.io/ssl-passthrough: "true"
path: /
additionalHosts: []
tls:
# Secrets must be manually created in the namespace.
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
serviceAccount:
create: true
name: argocd-dex-server
certificate:
enabled: false
issuer:
kind: # ClusterIssuer
name: # letsencrypt
## Additional volumeMounts to the controller main container.
volumeMounts:
- name: static-files
mountPath: /shared
clusterAdminAccess:
enabled: true
## Additional volumes to the controller pod.
volumes:
- name: static-files
emptyDir: {}
config:
createSecret: true
enableAnonymousAccess: false
resourceExclusions:
# - apiGroups:
# - "*"
# kinds:
# - "*"
# clusters:
# - https://192.168.0.20
helmRepositories:
# - name: privateRepo
# url: http://chartmuseum.privatecloud.com
# usernameSecret:
# name: private-chartmuseum
# key: username
# passwordSecret:
# name: private-chartmuseum
# key: password
# - name: incubator
# url: https://kubernetes-charts-incubator.storage.googleapis.com/
repositories:
# - url: git@gitlab.com:usersprivategroup/users-gitops-config.git
# sshPrivateKeySecret:
# key: privateKey
# name: argocd-dev-key
# - url: git@gitlab.com:accountingprivategroup/accounting-gitops-config.git
# sshPrivateKeySecret:
# key: privateKey
# name: argocd-dev-key
dexConfig:
# # Argo CD's externally facing base URL. Required for configuring SSO
# # url: https://argo-cd-demo.argoproj.io
#
# # A dex connector configuration. See documentation on how to configure SSO:
# # https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/sso.md#2-configure-argo-cd-for-sso
# connectors:
# # GitHub example
# - type: github
# id: github
# name: GitHub
# config:
# clientID: aabbccddeeff00112233
# clientSecret: $dex.github.clientSecret
# orgs:
# - name: your-github-org
# teams:
url: # https://argocd.example.com/
oidcConfig:
# name: Okta
# issuer: https://dev-123456.oktapreview.com
# clientID: aaaabbbbccccddddeee
# clientSecret: $oidc.okta.clientSecret
# The following keys hold the shared secret for authenticating GitHub/GitLab/BitBucket webhook
# events. To enable webhooks, configure one or more of the following keys with the shared git
# provider webhook secret. The payload URL configured in the git provider should use the
# /api/webhook endpoint of your Argo CD instance (e.g. https://argocd.example.com/api/webhook)
webhook:
githubSecret:
gitlabSecret:
bitbucketSecret:
resourceCustomizations:
# certmanager.k8s.io/Certificate:
# health.lua: |
# hs = {}
# ...
# return hs
configManagementPlugins:
# - name: pluginName
# init: # Optional command to initialize application source directory
# command: ["sample command"]
# args: ["sample args"]
# generate: # Command to generate manifests YAML
# command: ["sample command"]
# args: ["sample args"]
## Dex deployment container ports
containerPortHttp: 5556
servicePortHttp: 5556
containerPortGrpc: 5557
servicePortGrpc: 5557
rbac:
# # An RBAC policy .csv file containing additional policy and role definitions.
# # See https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md on how to write RBAC policies.
# policy.csv: |
# # Give all members of "my-org:team-alpha" the ability to sync apps in "my-project"
# p, my-org:team-alpha, applications, sync, my-project/*, allow
# # Make all members of "my-org:team-beta" admins
# g, my-org:team-beta, role:admin
policyCsv: #|
# p, role:org-admin, applications, *, */*, allow
# p, role:org-admin, clusters, get, *, allow
# p, role:org-admin, repositories, get, *, allow
# p, role:org-admin, repositories, create, *, allow
# p, role:org-admin, repositories, update, *, allow
# p, role:org-admin, repositories, delete, *, allow
# g, your-github-org:your-team, role:org-admin
policyDefault: #role:readonly
scopes: #[groups]
## Node selectors and tolerations for server scheduling to nodes with taints
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
##
nodeSelector: {}
tolerations: {}
affinity: {}
priorityClassName: ""
resources: {}
# limits:
# cpu: 50m
# memory: 64Mi
# requests:
# cpu: 10m
# memory: 32Mi
## Redis
redis:
enabled: false
name: redis
image:
repository: redis
tag: 5.0.3
pullPolicy: Always
imagePullPolicy: IfNotPresent
containerPort: 6379
servicePort: 6379
## Node selectors and tolerations for server scheduling to nodes with taints
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
##
nodeSelector: {}
tolerations: {}
affinity: {}
priorityClassName: ""
resources: {}
# limits:
# cpu: 200m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 64Mi
## Server
server:
name: server
image: {}
# repository: argoproj/argocd
# tag: v1.2.1
# imagePullPolicy: IfNotPresent
## Additional command line arguments to pass to argocd-server
# extraArgs: []
# - insecure
extraArgs: []
## Argo server log level
logLevel: info
## Annotations to be added to controller pods
##
podAnnotations: {}
## Labels to be added to controller pods
##
podLabels: {}
## Configures the server port
containerPort: 8080
## Readiness and liveness probes for default backend
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
##
readinessProbe:
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
livenessProbe:
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
## Additional volumeMounts to the server main container.
volumeMounts: []
## Additional volumes to the controller pod.
volumes: []
## Node selectors and tolerations for server scheduling to nodes with taints
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
##
nodeSelector: {}
tolerations: {}
affinity: {}
priorityClassName: ""
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 50m
# memory: 64Mi
## Certificate configuration
certificate:
enabled: false
domain: argocd.example.com
issuer: {}
additionalHosts: []
## Server service configuration
service:
annotations: {}
labels: {}
type: ClusterIP
servicePortHttp: 80
servicePortHttps: 443
## Server metrics service configuration
metrics:
enabled: false
service:
annotations: {}
labels: {}
servicePort: 8083
serviceMonitor:
enabled: false
# selector:
# prometheus: kube-prometheus
# namespace: monitoring
# additionalLabels: {}
serviceAccount:
create: true
name: argocd-server
ingress:
enabled: false
annotations: {}
labels: {}
## Argo Ingress.
## Hostnames must be provided if Ingress is enabled.
## Secrets must be manually created in the namespace
##
hosts: []
# - argocd.example.com
paths:
- /
tls: []
# - secretName: argocd-example-tls
# hosts:
# - argocd.example.com
## ArgoCD config
## reference https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cm.yaml
config:
# Argo CD's externally facing base URL (optional). Required when configuring SSO
url: https://argocd.example.com
# Argo CD instance label key
application.instanceLabelKey: argocd.argoproj.io/instance
## ArgoCD rbac config
## reference https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md
rbacConfig:
# policy.csv is an file containing user-defined RBAC policies and role definitions (optional).
# Policy rules are in the form:
# p, subject, resource, action, object, effect
# Role definitions and bindings are in the form:
# g, subject, inherited-subject
# See https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md for additional information.
policy.csv: |
# Grant all members of the group 'my-org:team-alpha; the ability to sync apps in 'my-project'
p, my-org:team-alpha, applications, sync, my-project/*, allow
# Grant all members of 'my-org:team-beta' admins
g, my-org:team-beta, role:admin
# policy.default is the name of the default role which Argo CD will falls back to, when
# authorizing API requests (optional). If omitted or empty, users may be still be able to login,
# but will see no apps, projects, etc...
policy.default: role:readonly
# scopes controls which OIDC scopes to examine during rbac enforcement (in addition to `sub` scope).
# If omitted, defaults to: '[groups]'. The scope value can be a string, or a list of strings.
scopes: '[cognito:groups, email]'
## Not well tested and not well supported on release v1.0.0.
## Applications
## reference: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/
additionalApplications: []
# - name: guestbook
# namespace: argocd
# additionalLabels: {}
# additionalAnnotations: {}
# project: guestbook
# source:
# repoURL: https://github.com/argoproj/argocd-example-apps.git
# targetRevision: HEAD
# path: guestbook
# directory:
# recurse: true
# destination:
# server: https://kubernetes.default.svc
# namespace: guestbook
# syncPolicy:
# automated:
# prune: false
# selfHeal: false
## Projects
## reference: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/
additionalProjects: []
# - name: guestbook
# namespace: argocd
# additionalLabels: {}
# additionalAnnotations: {}
# description: Example Project
# sourceRepos:
# - '*'
# destinations:
# - namespace: guestbook
# server: https://kubernetes.default.svc
# clusterResourceWhitelist: []
# namespaceResourceBlacklist:
# - group: ''
# kind: ResourceQuota
# - group: ''
# kind: LimitRange
# - group: ''
# kind: NetworkPolicy
# orphanedResources: {}
# roles: []
# orphanedResources: {}
# roles: []
## Repo Server
repoServer:
name: repo-server
image: {}
# repository: argoproj/argocd
# tag: v1.2.1
# imagePullPolicy: IfNotPresent
## Additional command line arguments to pass to argocd-repo-server
##
extraArgs: []
## Argo repoServer log level
logLevel: info
## Annotations to be added to repo server pods
##
podAnnotations: {}
## Labels to be added to repo server pods
##
podLabels: {}
## Configures the repo server port
containerPort: 8081
## Readiness and liveness probes for default backend
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
##
readinessProbe:
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
livenessProbe:
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
## Additional volumeMounts to the repo server main container.
volumeMounts: []
## Additional volumes to the repo server pod.
volumes: []
## Node selectors and tolerations for server scheduling to nodes with taints
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
##
nodeSelector: {}
tolerations: {}
affinity: {}
priorityClassName: ""
resources: {}
# limits:
# cpu: 50m
# memory: 128Mi
# requests:
# cpu: 10m
# memory: 64Mi
## Repo server service configuration
service:
annotations: {}
labels: {}
port: 8081
## Repo server metrics service configuration
metrics:
enabled: false
service:
annotations: {}
labels: {}
servicePort: 8084
serviceMonitor:
enabled: false
# selector:
# prometheus: kube-prometheus
# namespace: monitoring
# additionalLabels: {}
## Argo Configs
configs:
knownHosts:
data:
ssh_known_hosts: |
bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw==
github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=
gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf
gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9
ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H
vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H
tlsCerts: {}
# data:
# argocd.example.com: |
# -----BEGIN CERTIFICATE-----
# MIIF1zCCA7+gAwIBAgIUQdTcSHY2Sxd3Tq/v1eIEZPCNbOowDQYJKoZIhvcNAQEL
# BQAwezELMAkGA1UEBhMCREUxFTATBgNVBAgMDExvd2VyIFNheG9ueTEQMA4GA1UE
# BwwHSGFub3ZlcjEVMBMGA1UECgwMVGVzdGluZyBDb3JwMRIwEAYDVQQLDAlUZXN0
# c3VpdGUxGDAWBgNVBAMMD2Jhci5leGFtcGxlLmNvbTAeFw0xOTA3MDgxMzU2MTda
# Fw0yMDA3MDcxMzU2MTdaMHsxCzAJBgNVBAYTAkRFMRUwEwYDVQQIDAxMb3dlciBT
# YXhvbnkxEDAOBgNVBAcMB0hhbm92ZXIxFTATBgNVBAoMDFRlc3RpbmcgQ29ycDES
# MBAGA1UECwwJVGVzdHN1aXRlMRgwFgYDVQQDDA9iYXIuZXhhbXBsZS5jb20wggIi
# MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCv4mHMdVUcafmaSHVpUM0zZWp5
# NFXfboxA4inuOkE8kZlbGSe7wiG9WqLirdr39Ts+WSAFA6oANvbzlu3JrEQ2CHPc
# CNQm6diPREFwcDPFCe/eMawbwkQAPVSHPts0UoRxnpZox5pn69ghncBR+jtvx+/u
# P6HdwW0qqTvfJnfAF1hBJ4oIk2AXiip5kkIznsAh9W6WRy6nTVCeetmIepDOGe0G
# ZJIRn/OfSz7NzKylfDCat2z3EAutyeT/5oXZoWOmGg/8T7pn/pR588GoYYKRQnp+
# YilqCPFX+az09EqqK/iHXnkdZ/Z2fCuU+9M/Zhrnlwlygl3RuVBI6xhm/ZsXtL2E
# Gxa61lNy6pyx5+hSxHEFEJshXLtioRd702VdLKxEOuYSXKeJDs1x9o6cJ75S6hko
# Ml1L4zCU+xEsMcvb1iQ2n7PZdacqhkFRUVVVmJ56th8aYyX7KNX6M9CD+kMpNm6J
# kKC1li/Iy+RI138bAvaFplajMF551kt44dSvIoJIbTr1LigudzWPqk31QaZXV/4u
# kD1n4p/XMc9HYU/was/CmQBFqmIZedTLTtK7clkuFN6wbwzdo1wmUNgnySQuMacO
# gxhHxxzRWxd24uLyk9Px+9U3BfVPaRLiOPaPoC58lyVOykjSgfpgbus7JS69fCq7
# bEH4Jatp/10zkco+UQIDAQABo1MwUTAdBgNVHQ4EFgQUjXH6PHi92y4C4hQpey86
# r6+x1ewwHwYDVR0jBBgwFoAUjXH6PHi92y4C4hQpey86r6+x1ewwDwYDVR0TAQH/
# BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAFE4SdKsX9UsLy+Z0xuHSxhTd0jfn
# Iih5mtzb8CDNO5oTw4z0aMeAvpsUvjJ/XjgxnkiRACXh7K9hsG2r+ageRWGevyvx
# CaRXFbherV1kTnZw4Y9/pgZTYVWs9jlqFOppz5sStkfjsDQ5lmPJGDii/StENAz2
# XmtiPOgfG9Upb0GAJBCuKnrU9bIcT4L20gd2F4Y14ccyjlf8UiUi192IX6yM9OjT
# +TuXwZgqnTOq6piVgr+FTSa24qSvaXb5z/mJDLlk23npecTouLg83TNSn3R6fYQr
# d/Y9eXuUJ8U7/qTh2Ulz071AO9KzPOmleYPTx4Xty4xAtWi1QE5NHW9/Ajlv5OtO
# OnMNWIs7ssDJBsB7VFC8hcwf79jz7kC0xmQqDfw51Xhhk04kla+v+HZcFW2AO9so
# 6ZdVHHQnIbJa7yQJKZ+hK49IOoBR6JgdB5kymoplLLiuqZSYTcwSBZ72FYTm3iAr
# jzvt1hxpxVDmXvRnkhRrIRhK4QgJL0jRmirBjDY+PYYd7bdRIjN7WNZLFsgplnS8
# 9w6CwG32pRlm0c8kkiQ7FXA6BYCqOsDI8f1VGQv331OpR2Ck+FTv+L7DAmg6l37W
# +LB9LGh4OAp68ImTjqf6ioGKG0RBSznwME+r4nXtT1S/qLR6ASWUS4ViWRhbRlNK
# XWyb96wrUlv+E8I=
# -----END CERTIFICATE-----
secret:
createSecret: true
githubSecret: ""
gitlabSecret: ""
bitbucketSecret: ""