diff options
| author | Saumit <justsaumit@protonmail.com> | 2025-10-11 02:34:38 +0530 |
|---|---|---|
| committer | Saumit <justsaumit@protonmail.com> | 2025-10-11 02:34:38 +0530 |
| commit | 88a326bacdffde9e065b08ba893a17149584e72e (patch) | |
| tree | 20e380438497afb8c4b33a932505602590721690 /astroshop-platform/argocd-helmchart/templates/argocd-server | |
| parent | ef773bd27019ec6597bd12237e3b4f4f0f46f244 (diff) | |
platform: Adding argocd helm chart
Diffstat (limited to 'astroshop-platform/argocd-helmchart/templates/argocd-server')
25 files changed, 1510 insertions, 0 deletions
diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-server/aws/ingress.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-server/aws/ingress.yaml new file mode 100644 index 0000000..46d24d3 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-server/aws/ingress.yaml @@ -0,0 +1,71 @@ +{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "aws") }} +{{- $insecure := index .Values.configs.params "server.insecure" | toString -}} +{{- $servicePort := eq $insecure "true" | ternary .Values.server.service.servicePortHttp .Values.server.service.servicePortHttps -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + {{- with .Values.server.ingress.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + annotations: + alb.ingress.kubernetes.io/conditions.{{ include "argo-cd.server.fullname" . }}-grpc: | + [{"field":"http-header","httpHeaderConfig":{"httpHeaderName": "Content-Type", "values":["application/grpc"]}}] + {{- range $key, $value := .Values.server.ingress.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + {{- with .Values.server.ingress.ingressClassName }} + ingressClassName: {{ . }} + {{- end }} + rules: + - host: {{ .Values.server.ingress.hostname | default .Values.global.domain }} + http: + paths: + {{- with .Values.server.ingress.extraPaths }} + {{- tpl (toYaml .) $ | nindent 10 }} + {{- end }} + - path: {{ .Values.server.ingress.path }} + pathType: {{ $.Values.server.ingressGrpc.pathType }} + backend: + service: + name: {{ include "argo-cd.server.fullname" $ }}-grpc + port: + number: {{ $servicePort }} + - path: {{ .Values.server.ingress.path }} + pathType: {{ $.Values.server.ingress.pathType }} + backend: + service: + name: {{ include "argo-cd.server.fullname" . }} + port: + number: {{ $servicePort }} + {{- range .Values.server.ingress.extraHosts }} + - host: {{ .name | quote }} + http: + paths: + - path: {{ default $.Values.server.ingress.path .path }} + pathType: {{ default $.Values.server.ingress.pathType .pathType }} + backend: + service: + name: {{ include "argo-cd.server.fullname" $ }} + port: + number: {{ $servicePort }} + {{- end }} + {{- with .Values.server.ingress.extraRules }} + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} + {{- if or .Values.server.ingress.tls .Values.server.ingress.extraTls }} + tls: + {{- if .Values.server.ingress.tls }} + - hosts: + - {{ .Values.server.ingress.hostname | default .Values.global.domain }} + secretName: argocd-server-tls + {{- end }} + {{- with .Values.server.ingress.extraTls }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-server/aws/service.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-server/aws/service.yaml new file mode 100644 index 0000000..0e9de75 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-server/aws/service.yaml @@ -0,0 +1,26 @@ +{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "aws") }} +apiVersion: v1 +kind: Service +metadata: + annotations: + alb.ingress.kubernetes.io/backend-protocol-version: {{ .Values.server.ingress.aws.backendProtocolVersion }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" (print .Values.server.name "-gprc") "name" (print .Values.server.name "-grpc")) | nindent 4 }} + name: {{ template "argo-cd.server.fullname" . }}-grpc + namespace: {{ include "argo-cd.namespace" . }} +spec: + {{- include "argo-cd.dualStack" . | indent 2 }} + ports: + - name: {{ .Values.server.service.servicePortHttpName }} + protocol: TCP + port: {{ .Values.server.service.servicePortHttp }} + targetPort: {{ .Values.server.containerPorts.server }} + - name: {{ .Values.server.service.servicePortHttpsName }} + protocol: TCP + port: {{ .Values.server.service.servicePortHttps }} + targetPort: {{ .Values.server.containerPorts.server }} + selector: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }} + sessionAffinity: None + type: {{ .Values.server.ingress.aws.serviceType }} +{{- end -}} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-server/backendtlspolicy.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-server/backendtlspolicy.yaml new file mode 100644 index 0000000..7adc7f0 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-server/backendtlspolicy.yaml @@ -0,0 +1,26 @@ +{{- if .Values.server.backendTLSPolicy.enabled -}} +{{- $fullName := include "argo-cd.server.fullname" . -}} +apiVersion: gateway.networking.k8s.io/v1alpha3 +kind: BackendTLSPolicy +metadata: + name: {{ $fullName }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + {{- with .Values.server.backendTLSPolicy.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.server.backendTLSPolicy.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + targetRefs: + {{- with .Values.server.backendTLSPolicy.targetRefs }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.server.backendTLSPolicy.validation }} + validation: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-server/certificate.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-server/certificate.yaml new file mode 100644 index 0000000..a986213 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-server/certificate.yaml @@ -0,0 +1,50 @@ +{{- if .Values.server.certificate.enabled -}} +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.certificateAnnotations) .Values.server.certificate.annotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +spec: + {{- with .Values.server.certificate.secretTemplateAnnotations }} + secretTemplate: + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + secretName: argocd-server-tls + commonName: {{ .Values.server.certificate.domain | default .Values.global.domain }} + dnsNames: + - {{ .Values.server.certificate.domain | default .Values.global.domain }} + {{- range .Values.server.certificate.additionalHosts }} + - {{ . | quote }} + {{- end }} + {{- with .Values.server.certificate.duration }} + duration: {{ . | quote }} + {{- end }} + {{- with .Values.server.certificate.renewBefore }} + renewBefore: {{ . | quote }} + {{- end }} + issuerRef: + {{- with .Values.server.certificate.issuer.group }} + group: {{ . | quote }} + {{- end }} + kind: {{ .Values.server.certificate.issuer.kind | quote }} + name: {{ .Values.server.certificate.issuer.name | quote }} + {{- with .Values.server.certificate.privateKey }} + privateKey: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.server.certificate.usages }} + usages: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-server/clusterrole.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-server/clusterrole.yaml new file mode 100644 index 0000000..1bc9aed --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-server/clusterrole.yaml @@ -0,0 +1,78 @@ +{{- if .Values.createClusterRoles }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "argo-cd.server.fullname" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +rules: + {{- if .Values.server.clusterRoleRules.enabled }} + {{- toYaml .Values.server.clusterRoleRules.rules | nindent 2 }} + {{- else }} + - apiGroups: + - '*' + resources: + - '*' + verbs: + - delete # supports deletion a live object in UI + - get # supports viewing live object manifest in UI + - patch # supports `argocd app patch` + - apiGroups: + - "" + resources: + - events + verbs: + - list # supports listing events in UI + - create + - apiGroups: + - "" + resources: + - pods + - pods/log + verbs: + - get # supports viewing pod logs from UI + {{- if eq (toString (index .Values.configs.cm "exec.enabled")) "true" }} + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - create + {{- end }} + - apiGroups: + - argoproj.io + resources: + - applications + - applicationsets + verbs: + - get + - list + - update + - watch + {{- if (index .Values.configs.params "application.namespaces") }} + - apiGroups: + - "argoproj.io" + resources: + - "applications" + verbs: + - create + - delete + - update + - patch + {{- end }} + - apiGroups: + - batch + resources: + {{/* supports triggering jobs from UI */}} + - jobs + verbs: + - create + - apiGroups: + - argoproj.io + resources: + - workflows + verbs: + {{/* supports triggering workflows from UI */}} + - create + {{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-server/clusterrolebinding.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-server/clusterrolebinding.yaml new file mode 100644 index 0000000..ce4a4d7 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-server/clusterrolebinding.yaml @@ -0,0 +1,16 @@ +{{- if .Values.createClusterRoles }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "argo-cd.server.fullname" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "argo-cd.server.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "argo-cd.server.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-server/deployment.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-server/deployment.yaml new file mode 100644 index 0000000..0edd412 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-server/deployment.yaml @@ -0,0 +1,575 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.server.deploymentAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + name: {{ template "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentLabels) .Values.server.deploymentLabels) }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- with include "argo-cd.strategy" (mergeOverwrite (deepCopy .Values.global.deploymentStrategy) .Values.server.deploymentStrategy) }} + strategy: + {{- trim . | nindent 4 }} + {{- end }} + {{- if not .Values.server.autoscaling.enabled }} + replicas: {{ .Values.server.replicas }} + {{- end }} + revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 6 }} + template: + metadata: + annotations: + checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }} + {{- if .Values.configs.cm.create }} + checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }} + {{- end }} + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.server.podAnnotations) }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 8 }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.server.podLabels) }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.server.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} + {{- with .Values.server.imagePullSecrets | default .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.server.priorityClassName | default .Values.global.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + {{- if .Values.server.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }} + {{- end }} + serviceAccountName: {{ include "argo-cd.server.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.server.automountServiceAccountToken }} + containers: + - name: {{ .Values.server.name }} + image: {{ default .Values.global.image.repository .Values.server.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.server.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.server.image.imagePullPolicy }} + args: + - /usr/local/bin/argocd-server + - --port={{ .Values.server.containerPorts.server }} + - --metrics-port={{ .Values.server.containerPorts.metrics }} + {{- with .Values.server.extraArgs }} + {{- toYaml . | nindent 8 }} + {{- end }} + env: + {{- with (concat .Values.global.env .Values.server.env) }} + {{- toYaml . | nindent 10 }} + {{- end }} + - name: ARGOCD_SERVER_NAME + value: {{ template "argo-cd.server.fullname" . }} + - name: ARGOCD_SERVER_INSECURE + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.insecure + optional: true + - name: ARGOCD_SERVER_BASEHREF + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.basehref + optional: true + - name: ARGOCD_SERVER_ROOTPATH + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.rootpath + optional: true + - name: ARGOCD_SERVER_LOGFORMAT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.log.format + optional: true + - name: ARGOCD_SERVER_LOG_LEVEL + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.log.level + optional: true + - name: ARGOCD_SERVER_REPO_SERVER + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: repo.server + optional: true + - name: ARGOCD_SERVER_DEX_SERVER + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.dex.server + optional: true + - name: ARGOCD_SERVER_DISABLE_AUTH + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.disable.auth + optional: true + - name: ARGOCD_SERVER_ENABLE_GZIP + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.enable.gzip + optional: true + - name: ARGOCD_SERVER_REPO_SERVER_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.repo.server.timeout.seconds + optional: true + - name: ARGOCD_SERVER_X_FRAME_OPTIONS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.x.frame.options + optional: true + - name: ARGOCD_SERVER_CONTENT_SECURITY_POLICY + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.content.security.policy + optional: true + - name: ARGOCD_SERVER_REPO_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.repo.server.plaintext + optional: true + - name: ARGOCD_SERVER_REPO_SERVER_STRICT_TLS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.repo.server.strict.tls + optional: true + - name: ARGOCD_SERVER_DEX_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.dex.server.plaintext + optional: true + - name: ARGOCD_SERVER_DEX_SERVER_STRICT_TLS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.dex.server.strict.tls + optional: true + - name: ARGOCD_TLS_MIN_VERSION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.tls.minversion + optional: true + - name: ARGOCD_TLS_MAX_VERSION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.tls.maxversion + optional: true + - name: ARGOCD_TLS_CIPHERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.tls.ciphers + optional: true + - name: ARGOCD_SERVER_CONNECTION_STATUS_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.connection.status.cache.expiration + optional: true + - name: ARGOCD_SERVER_OIDC_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.oidc.cache.expiration + optional: true + - name: ARGOCD_SERVER_STATIC_ASSETS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.staticassets + optional: true + - name: ARGOCD_APP_STATE_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.app.state.cache.expiration + optional: true + - name: REDIS_SERVER + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: redis.server + optional: true + - name: REDIS_COMPRESSION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: redis.compression + optional: true + - name: REDISDB + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: redis.db + optional: true + - name: REDIS_USERNAME + valueFrom: + secretKeyRef: + {{- include "argo-cd.redisUsernameSecretRef" . | nindent 16 }} + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + {{- include "argo-cd.redisPasswordSecretRef" . | nindent 16 }} + - name: REDIS_SENTINEL_USERNAME + valueFrom: + secretKeyRef: + name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + key: redis-sentinel-username + optional: true + - name: REDIS_SENTINEL_PASSWORD + valueFrom: + secretKeyRef: + name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + key: redis-sentinel-password + optional: true + - name: ARGOCD_DEFAULT_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.default.cache.expiration + optional: true + - name: ARGOCD_MAX_COOKIE_NUMBER + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.http.cookie.maxnumber + optional: true + - name: ARGOCD_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.listen.address + optional: true + - name: ARGOCD_SERVER_METRICS_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.metrics.listen.address + optional: true + - name: ARGOCD_SERVER_OTLP_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.address + optional: true + - name: ARGOCD_SERVER_OTLP_INSECURE + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.insecure + optional: true + - name: ARGOCD_SERVER_OTLP_HEADERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.headers + optional: true + - name: ARGOCD_SERVER_OTLP_ATTRS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.attrs + optional: true + - name: ARGOCD_APPLICATION_NAMESPACES + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: application.namespaces + optional: true + - name: ARGOCD_SERVER_ENABLE_PROXY_EXTENSION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.enable.proxy.extension + optional: true + - name: ARGOCD_K8SCLIENT_RETRY_MAX + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.k8sclient.retry.max + optional: true + - name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.k8sclient.retry.base.backoff + optional: true + - name: ARGOCD_API_CONTENT_TYPES + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.api.content.types + optional: true + - name: ARGOCD_SERVER_WEBHOOK_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.webhook.parallelism.limit + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.new.git.file.globbing + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.scm.root.ca.path + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.allowed.scm.providers + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.enable.scm.providers + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_GITHUB_API_METRICS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.enable.github.api.metrics + optional: true + - name: ARGOCD_HYDRATOR_ENABLED + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: hydrator.enabled + optional: true + - name: ARGOCD_SYNC_WITH_REPLACE_ALLOWED + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.sync.replace.allowed + optional: true + {{- with .Values.server.envFrom }} + envFrom: + {{- toYaml . | nindent 10 }} + {{- end }} + volumeMounts: + {{- with .Values.server.volumeMounts }} + {{- toYaml . | nindent 8 }} + {{- end }} + - mountPath: /app/config/ssh + name: ssh-known-hosts + - mountPath: /app/config/tls + name: tls-certs + - mountPath: /app/config/server/tls + name: argocd-repo-server-tls + - mountPath: /app/config/dex/tls + name: argocd-dex-server-tls + - mountPath: /home/argocd + name: plugins-home + - mountPath: /shared/app/custom + name: styles + - mountPath: /tmp + name: tmp + - name: argocd-cmd-params-cm + mountPath: /home/argocd/params + {{- if .Values.server.extensions.enabled }} + - mountPath: /tmp/extensions + name: extensions + {{- end }} + ports: + - name: server + containerPort: {{ .Values.server.containerPorts.server }} + protocol: TCP + - name: metrics + containerPort: {{ .Values.server.containerPorts.metrics }} + protocol: TCP + livenessProbe: + httpGet: + path: /healthz?full=true + port: server + initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.server.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }} + readinessProbe: + httpGet: + path: /healthz + port: server + initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.server.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }} + resources: + {{- toYaml .Values.server.resources | nindent 10 }} + {{- with .Values.server.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.server.lifecycle }} + lifecycle: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.server.extraContainers }} + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + {{- if or .Values.server.initContainers (and .Values.server.extensions.enabled .Values.server.extensions.extensionList) }} + initContainers: + {{- with .Values.server.initContainers }} + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + {{- if .Values.server.extensions.enabled }} + {{- range .Values.server.extensions.extensionList }} + - name: {{ .name }} + image: {{ $.Values.server.extensions.image.repository }}:{{ $.Values.server.extensions.image.tag }} + imagePullPolicy: {{ default $.Values.global.image.imagePullPolicy $.Values.server.extensions.image.imagePullPolicy }} + resources: + {{- toYaml $.Values.server.extensions.resources | nindent 10 }} + {{- with $.Values.server.extensions.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + volumeMounts: + - name: extensions + mountPath: /tmp/extensions/ + - name: tmp + mountPath: /tmp + env: + {{- toYaml .env | nindent 10 }} + {{- end }} + {{- end }} + {{- end }} + {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.server) }} + affinity: + {{- trim . | nindent 8 }} + {{- end }} + {{- with .Values.server.nodeSelector | default .Values.global.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.server.tolerations | default .Values.global.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.server.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }} + topologySpreadConstraints: + {{- range $constraint := . }} + - {{ toYaml $constraint | nindent 8 | trim }} + {{- if not $constraint.labelSelector }} + labelSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" $ "name" $.Values.server.name) | nindent 12 }} + {{- end }} + {{- end }} + {{- end }} + volumes: + {{- with .Values.server.volumes }} + {{- toYaml . | nindent 6}} + {{- end }} + {{- if .Values.server.extensions.enabled }} + - name: extensions + {{- if .Values.server.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.server.emptyDir.sizeLimit }} + {{- else }} + emptyDir: {} + {{- end }} + {{- end }} + - name: plugins-home + {{- if .Values.server.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.server.emptyDir.sizeLimit }} + {{- else }} + emptyDir: {} + {{- end }} + - name: tmp + {{- if .Values.server.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.server.emptyDir.sizeLimit }} + {{- else }} + emptyDir: {} + {{- end }} + - name: ssh-known-hosts + configMap: + name: argocd-ssh-known-hosts-cm + - name: tls-certs + configMap: + name: argocd-tls-certs-cm + - name: styles + configMap: + name: argocd-styles-cm + optional: true + - name: argocd-repo-server-tls + secret: + secretName: argocd-repo-server-tls + optional: true + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + - name: argocd-dex-server-tls + secret: + secretName: argocd-dex-server-tls + optional: true + items: + - key: tls.crt + path: tls.crt + - key: ca.crt + path: ca.crt + - name: argocd-cmd-params-cm + configMap: + optional: true + name: argocd-cmd-params-cm + items: + - key: server.profile.enabled + path: profiler.enabled + {{- if .Values.server.hostNetwork }} + hostNetwork: {{ .Values.server.hostNetwork }} + {{- end }} + {{- with .Values.server.dnsConfig }} + dnsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.server.dnsPolicy }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-server/gke/backendconfig.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-server/gke/backendconfig.yaml new file mode 100644 index 0000000..515e6d7 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-server/gke/backendconfig.yaml @@ -0,0 +1,13 @@ +{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "gke") .Values.server.ingress.gke.backendConfig }} +apiVersion: cloud.google.com/v1 +kind: BackendConfig +metadata: + name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +{{- with .Values.server.ingress.gke.backendConfig }} +spec: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-server/gke/frontendconfig.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-server/gke/frontendconfig.yaml new file mode 100644 index 0000000..ae460a3 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-server/gke/frontendconfig.yaml @@ -0,0 +1,13 @@ +{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "gke") .Values.server.ingress.gke.frontendConfig }} +apiVersion: networking.gke.io/v1beta1 +kind: FrontendConfig +metadata: + name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +{{- with .Values.server.ingress.gke.frontendConfig }} +spec: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-server/gke/ingress.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-server/gke/ingress.yaml new file mode 100644 index 0000000..235c8a5 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-server/gke/ingress.yaml @@ -0,0 +1,68 @@ +{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "gke") }} +{{- $insecure := index .Values.configs.params "server.insecure" | toString -}} +{{- $servicePort := eq $insecure "true" | ternary .Values.server.service.servicePortHttp .Values.server.service.servicePortHttps -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + {{- with .Values.server.ingress.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + annotations: + {{- with .Values.server.ingress.ingressClassName }} + kubernetes.io/ingress.class: {{ . }} + {{- end }} + {{- if .Values.server.ingress.gke.managedCertificate.create }} + networking.gke.io/managed-certificates: {{ include "argo-cd.server.fullname" . }} + {{- end }} + {{- if .Values.server.ingress.gke.frontendConfig }} + networking.gke.io/v1beta1.FrontendConfig: {{ include "argo-cd.server.fullname" . }} + {{- end }} + {{- range $key, $value := .Values.server.ingress.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + rules: + - host: {{ .Values.server.ingress.hostname | default .Values.global.domain }} + http: + paths: + {{- with .Values.server.ingress.extraPaths }} + {{- tpl (toYaml .) $ | nindent 10 }} + {{- end }} + - path: {{ .Values.server.ingress.path }} + pathType: {{ .Values.server.ingress.pathType }} + backend: + service: + name: {{ include "argo-cd.server.fullname" . }} + port: + number: {{ $servicePort }} + {{- range .Values.server.ingress.extraHosts }} + - host: {{ .name | quote }} + http: + paths: + - path: {{ default $.Values.server.ingress.path .path }} + pathType: {{ default $.Values.server.ingress.pathType .pathType }} + backend: + service: + name: {{ include "argo-cd.server.fullname" $ }} + port: + number: {{ $servicePort }} + {{- end }} + {{- with .Values.server.ingress.extraRules }} + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} + {{- if or .Values.server.ingress.tls .Values.server.ingress.extraTls }} + tls: + {{- if .Values.server.ingress.tls }} + - hosts: + - {{ .Values.server.ingress.hostname | default .Values.global.domain }} + secretName: argocd-server-tls + {{- end }} + {{- with .Values.server.ingress.extraTls }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-server/gke/managedcertificate.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-server/gke/managedcertificate.yaml new file mode 100644 index 0000000..2dd6f5e --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-server/gke/managedcertificate.yaml @@ -0,0 +1,15 @@ +{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "gke") .Values.server.ingress.gke.managedCertificate.create }} +apiVersion: networking.gke.io/v1 +kind: ManagedCertificate +metadata: + name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +spec: + domains: + - {{ .Values.server.ingress.hostname | default .Values.global.domain }} + {{- with .Values.server.ingress.gke.managedCertificate.extraDomains }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-server/grpcroute.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-server/grpcroute.yaml new file mode 100644 index 0000000..a88537f --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-server/grpcroute.yaml @@ -0,0 +1,43 @@ +{{- if .Values.server.grpcroute.enabled -}} +{{- $fullName := include "argo-cd.server.fullname" . -}} +{{- $insecure := index .Values.configs.params "server.insecure" | toString -}} +{{- $servicePort := eq $insecure "true" | ternary .Values.server.service.servicePortHttp .Values.server.service.servicePortHttps -}} +apiVersion: gateway.networking.k8s.io/v1 +kind: GRPCRoute +metadata: + name: {{ $fullName }}-grpc + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + {{- with .Values.server.grpcroute.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.server.grpcroute.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + parentRefs: + {{- with .Values.server.grpcroute.parentRefs }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.server.grpcroute.hostnames }} + hostnames: + {{- toYaml . | nindent 4 }} + {{- end }} + rules: + {{- range .Values.server.grpcroute.rules }} + {{- with .matches }} + - matches: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .filters }} + filters: + {{- toYaml . | nindent 8 }} + {{- end }} + backendRefs: + - name: {{ $fullName }} + port: {{ $servicePort }} + weight: 1 + {{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-server/hpa.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-server/hpa.yaml new file mode 100644 index 0000000..51fe559 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-server/hpa.yaml @@ -0,0 +1,41 @@ +{{- if .Values.server.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "argo-cd.server.fullname" . }} + minReplicas: {{ .Values.server.autoscaling.minReplicas }} + maxReplicas: {{ .Values.server.autoscaling.maxReplicas }} + metrics: + {{- with .Values.server.autoscaling.metrics }} + {{- toYaml . | nindent 4 }} + {{- else }} + {{- with .Values.server.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ . }} + {{- end }} + {{- with .Values.server.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ . }} + {{- end }} + {{- end }} + {{- with .Values.server.autoscaling.behavior }} + behavior: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-server/httproute.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-server/httproute.yaml new file mode 100644 index 0000000..ca30f91 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-server/httproute.yaml @@ -0,0 +1,43 @@ +{{- if .Values.server.httproute.enabled -}} +{{- $fullName := include "argo-cd.server.fullname" . -}} +{{- $insecure := index .Values.configs.params "server.insecure" | toString -}} +{{- $servicePort := eq $insecure "true" | ternary .Values.server.service.servicePortHttp .Values.server.service.servicePortHttps -}} +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: {{ $fullName }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + {{- with .Values.server.httproute.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.server.httproute.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + parentRefs: + {{- with .Values.server.httproute.parentRefs }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.server.httproute.hostnames }} + hostnames: + {{- toYaml . | nindent 4 }} + {{- end }} + rules: + {{- range .Values.server.httproute.rules }} + {{- with .matches }} + - matches: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .filters }} + filters: + {{- toYaml . | nindent 8 }} + {{- end }} + backendRefs: + - name: {{ $fullName }} + port: {{ $servicePort }} + weight: 1 + {{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-server/ingress-grpc.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-server/ingress-grpc.yaml new file mode 100644 index 0000000..3ad5a51 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-server/ingress-grpc.yaml @@ -0,0 +1,63 @@ +{{- if .Values.server.ingressGrpc.enabled -}} +{{- $hostname := printf "grpc.%s" (.Values.server.ingress.hostname | default .Values.global.domain) -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "argo-cd.server.fullname" . }}-grpc + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + {{- with .Values.server.ingressGrpc.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.server.ingressGrpc.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + {{- with .Values.server.ingressGrpc.ingressClassName }} + ingressClassName: {{ . }} + {{- end }} + rules: + - host: {{ .Values.server.ingressGrpc.hostname | default $hostname }} + http: + paths: + {{- with .Values.server.ingressGrpc.extraPaths }} + {{- tpl (toYaml .) $ | nindent 10 }} + {{- end }} + - path: {{ .Values.server.ingressGrpc.path }} + pathType: {{ .Values.server.ingressGrpc.pathType }} + backend: + service: + name: {{ include "argo-cd.server.fullname" . }} + port: + number: {{ .Values.server.service.servicePortHttps }} + {{- range .Values.server.ingressGrpc.extraHosts }} + - host: {{ .name | quote }} + http: + paths: + - path: {{ default $.Values.server.ingressGrpc.path .path }} + pathType: {{ default $.Values.server.ingressGrpc.pathType .pathType }} + backend: + service: + name: {{ include "argo-cd.server.fullname" $ }} + port: + number: {{ $.Values.server.service.servicePortHttps }} + {{- end }} + {{- with .Values.server.ingressGrpc.extraRules }} + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} + {{- if or .Values.server.ingressGrpc.tls .Values.server.ingressGrpc.extraTls }} + tls: + {{- if .Values.server.ingressGrpc.tls }} + - hosts: + - {{ .Values.server.ingressGrpc.hostname | default $hostname }} + secretName: argocd-server-grpc-tls + {{- end }} + {{- with .Values.server.ingressGrpc.extraTls }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-server/ingress.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-server/ingress.yaml new file mode 100644 index 0000000..8724baa --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-server/ingress.yaml @@ -0,0 +1,69 @@ +{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "generic") }} +{{- $insecure := index .Values.configs.params "server.insecure" | toString -}} +{{- $servicePort := eq $insecure "true" | ternary .Values.server.service.servicePortHttp .Values.server.service.servicePortHttps -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + {{- with .Values.server.ingress.labels }} + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} + {{- with .Values.server.ingress.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ tpl (toString $value) $ | quote }} + {{- end }} + {{- end }} +spec: + {{- with .Values.server.ingress.ingressClassName }} + ingressClassName: {{ tpl . $ }} + {{- end }} + rules: + - host: {{ tpl (.Values.server.ingress.hostname) $ | default .Values.global.domain }} + http: + paths: + {{- with .Values.server.ingress.extraPaths }} + {{- tpl (toYaml .) $ | nindent 10 }} + {{- end }} + - path: {{ .Values.server.ingress.path }} + pathType: {{ $.Values.server.ingress.pathType }} + backend: + service: + name: {{ include "argo-cd.server.fullname" . }} + port: + number: {{ $servicePort }} + {{- range .Values.server.ingress.extraHosts }} + - host: {{ tpl .name $ | quote }} + http: + paths: + - path: {{ default $.Values.server.ingress.path .path }} + pathType: {{ default $.Values.server.ingress.pathType .pathType }} + backend: + service: + name: {{ include "argo-cd.server.fullname" $ }} + port: + number: {{ $servicePort }} + {{- end }} + {{- with .Values.server.ingress.extraRules }} + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} + {{- if or .Values.server.ingress.tls .Values.server.ingress.extraTls }} + tls: + {{- if .Values.server.ingress.tls }} + - hosts: + - {{ tpl (.Values.server.ingress.hostname) $ | default .Values.global.domain }} + {{- range .Values.server.ingress.extraHosts }} + {{- if .name }} + - {{ tpl .name $ }} + {{- end }} + {{- end }} + secretName: argocd-server-tls + {{- end }} + {{- with .Values.server.ingress.extraTls }} + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-server/metrics.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-server/metrics.yaml new file mode 100644 index 0000000..d08dbae --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-server/metrics.yaml @@ -0,0 +1,35 @@ +{{- if .Values.server.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "argo-cd.server.fullname" . }}-metrics + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" (printf "%s-metrics" .Values.server.name)) | nindent 4 }} + {{- with .Values.server.metrics.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.server.metrics.service.annotations .Values.global.addPrometheusAnnotations }} + annotations: + {{- if .Values.global.addPrometheusAnnotations }} + prometheus.io/port: {{ .Values.server.metrics.service.servicePort | quote }} + prometheus.io/scrape: "true" + {{- end }} + {{- range $key, $value := .Values.server.metrics.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.server.metrics.service.type }} + {{- if and .Values.server.metrics.service.clusterIP (eq .Values.server.metrics.service.type "ClusterIP") }} + clusterIP: {{ .Values.server.metrics.service.clusterIP }} + {{- end }} + {{- include "argo-cd.dualStack" . | indent 2 }} + ports: + - name: {{ .Values.server.metrics.service.portName }} + protocol: TCP + port: {{ .Values.server.metrics.service.servicePort }} + targetPort: metrics + selector: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-server/networkpolicy.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-server/networkpolicy.yaml new file mode 100644 index 0000000..3234d5a --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-server/networkpolicy.yaml @@ -0,0 +1,17 @@ +{{- if or .Values.server.networkPolicy.create .Values.global.networkPolicy.create }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + name: {{ template "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} +spec: + ingress: + - {} + podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 6 }} + policyTypes: + - Ingress +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-server/openshift/route.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-server/openshift/route.yaml new file mode 100644 index 0000000..b018f72 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-server/openshift/route.yaml @@ -0,0 +1,27 @@ +{{- if .Values.server.route.enabled -}} +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: {{ template "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +{{- with .Values.server.route.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- end }} +spec: + host: {{ .Values.server.route.hostname | default .Values.global.domain | quote }} + to: + kind: Service + name: {{ template "argo-cd.server.fullname" . }} + weight: 100 + port: + targetPort: https + tls: + termination: {{ .Values.server.route.termination_type | quote }} + insecureEdgeTerminationPolicy: {{ .Values.server.route.termination_policy | quote }} + wildcardPolicy: None +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-server/pdb.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-server/pdb.yaml new file mode 100644 index 0000000..6bc9330 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-server/pdb.yaml @@ -0,0 +1,27 @@ +{{- if .Values.server.pdb.enabled }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + {{- with .Values.server.pdb.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.server.pdb.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + {{- with .Values.server.pdb.maxUnavailable }} + maxUnavailable: {{ . }} + {{- else }} + minAvailable: {{ .Values.server.pdb.minAvailable | default 0 }} + {{- end }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 6 }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-server/role.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-server/role.yaml new file mode 100644 index 0000000..8d12e30 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-server/role.yaml @@ -0,0 +1,50 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - argoproj.io + resources: + - applications + - applicationsets + - appprojects + verbs: + - create + - get + - list + - watch + - update + - delete + - patch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - list +{{- if eq (toString (index .Values.configs.cm "exec.enabled")) "true" }} +- apiGroups: + - "" + resources: + - pods/exec + verbs: + - create +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-server/rolebinding.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-server/rolebinding.yaml new file mode 100644 index 0000000..4d635aa --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-server/rolebinding.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "argo-cd.server.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "argo-cd.server.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-server/service.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-server/service.yaml new file mode 100644 index 0000000..86f8abb --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-server/service.yaml @@ -0,0 +1,59 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + {{- with .Values.server.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.server.service.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.server.service.type }} + {{- include "argo-cd.dualStack" . | indent 2 }} + {{- with .Values.server.service.externalIPs }} + externalIPs: {{ . }} + {{- end }} + {{- if or (eq .Values.server.service.type "LoadBalancer") (eq .Values.server.service.type "NodePort") }} + externalTrafficPolicy: {{ .Values.server.service.externalTrafficPolicy }} + {{- end }} + {{- if eq .Values.server.service.type "LoadBalancer" }} + {{- with .Values.server.service.loadBalancerClass }} + loadBalancerClass: {{ . }} + {{- end }} + {{- with .Values.server.service.loadBalancerIP }} + loadBalancerIP: {{ . }} + {{- end }} + {{- with .Values.server.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} + sessionAffinity: {{ .Values.server.service.sessionAffinity }} + ports: + - name: {{ .Values.server.service.servicePortHttpName }} + protocol: TCP + port: {{ .Values.server.service.servicePortHttp }} + targetPort: {{ .Values.server.containerPorts.server }} + {{- if eq .Values.server.service.type "NodePort" }} + nodePort: {{ .Values.server.service.nodePortHttp }} + {{- end }} + - name: {{ .Values.server.service.servicePortHttpsName }} + protocol: TCP + port: {{ .Values.server.service.servicePortHttps }} + targetPort: {{ .Values.server.containerPorts.server }} + {{- if eq .Values.server.service.type "NodePort" }} + nodePort: {{ .Values.server.service.nodePortHttps }} + {{- end }} + {{- with .Values.server.service.servicePortHttpsAppProtocol }} + appProtocol: {{ . }} + {{- end }} + selector: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }} + diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-server/serviceaccount.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-server/serviceaccount.yaml new file mode 100644 index 0000000..9789e1d --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-server/serviceaccount.yaml @@ -0,0 +1,19 @@ +{{- if .Values.server.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.server.serviceAccount.automountServiceAccountToken }} +metadata: + name: {{ include "argo-cd.server.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} + {{- with .Values.server.serviceAccount.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + {{- with .Values.server.serviceAccount.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-server/servicemonitor.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-server/servicemonitor.yaml new file mode 100644 index 0000000..49c2413 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-server/servicemonitor.yaml @@ -0,0 +1,51 @@ +{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.server.metrics.enabled .Values.server.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "argo-cd.server.fullname" . }} + namespace: {{ default (include "argo-cd.namespace" .) .Values.server.metrics.serviceMonitor.namespace | quote }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + {{- with .Values.server.metrics.serviceMonitor.selector }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.server.metrics.serviceMonitor.additionalLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.server.metrics.serviceMonitor.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + endpoints: + - port: {{ .Values.server.metrics.service.portName }} + {{- with .Values.server.metrics.serviceMonitor.interval }} + interval: {{ . }} + {{- end }} + {{- with .Values.server.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ . }} + {{- end }} + path: /metrics + {{- with .Values.server.metrics.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.server.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + honorLabels: {{ .Values.server.metrics.serviceMonitor.honorLabels }} + {{- with .Values.server.metrics.serviceMonitor.scheme }} + scheme: {{ . }} + {{- end }} + {{- with .Values.server.metrics.serviceMonitor.tlsConfig }} + tlsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ include "argo-cd.namespace" . }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.server.name "name" (printf "%s-metrics" .Values.server.name)) | nindent 6 }} +{{- end }} |