diff options
| author | Saumit <justsaumit@protonmail.com> | 2025-10-11 02:34:38 +0530 |
|---|---|---|
| committer | Saumit <justsaumit@protonmail.com> | 2025-10-11 02:34:38 +0530 |
| commit | 88a326bacdffde9e065b08ba893a17149584e72e (patch) | |
| tree | 20e380438497afb8c4b33a932505602590721690 /astroshop-platform | |
| parent | ef773bd27019ec6597bd12237e3b4f4f0f46f244 (diff) | |
platform: Adding argocd helm chart
Diffstat (limited to 'astroshop-platform')
165 files changed, 41738 insertions, 0 deletions
diff --git a/astroshop-platform/argocd-helmchart/.helmignore b/astroshop-platform/argocd-helmchart/.helmignore new file mode 100644 index 0000000..3a06329 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/.helmignore @@ -0,0 +1,4 @@ +/*.tgz +output +ci/ +*.gotmpl diff --git a/astroshop-platform/argocd-helmchart/Chart.lock b/astroshop-platform/argocd-helmchart/Chart.lock new file mode 100644 index 0000000..21d9303 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: redis-ha + repository: https://dandydeveloper.github.io/charts/ + version: 4.33.7 +digest: sha256:a3eba6bba484e9fbfaca33e7f1ea3e6daed74014df7e7b077c496c2201b01996 +generated: "2025-05-25T11:18:29.356017-05:00" diff --git a/astroshop-platform/argocd-helmchart/Chart.yaml b/astroshop-platform/argocd-helmchart/Chart.yaml new file mode 100644 index 0000000..fa51c79 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/Chart.yaml @@ -0,0 +1,31 @@ +annotations: + artifacthub.io/changes: | + - kind: added + description: Add Gateway API support (HTTPRoute, GRPCRoute, BackendTLSPolicy) - EXPERIMENTAL + artifacthub.io/signKey: | + fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 + url: https://argoproj.github.io/argo-helm/pgp_keys.asc +apiVersion: v2 +appVersion: v3.1.8 +dependencies: +- condition: redis-ha.enabled + name: redis-ha + repository: https://dandydeveloper.github.io/charts/ + version: 4.33.7 +description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool + for Kubernetes. +home: https://github.com/argoproj/argo-helm +icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png +keywords: +- argoproj +- argocd +- gitops +kubeVersion: '>=1.25.0-0' +maintainers: +- name: argoproj + url: https://argoproj.github.io/ +name: argo-cd +sources: +- https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd +- https://github.com/argoproj/argo-cd +version: 8.6.0 diff --git a/astroshop-platform/argocd-helmchart/README.md b/astroshop-platform/argocd-helmchart/README.md new file mode 100644 index 0000000..07389d1 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/README.md @@ -0,0 +1,1901 @@ +# Argo CD Chart + +A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. + +Source code can be found here: + +* <https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd> +* <https://github.com/argoproj/argo-cd> + +This is a **community maintained** chart. This chart installs [argo-cd](https://argo-cd.readthedocs.io/en/stable/), a declarative, GitOps continuous delivery tool for Kubernetes. + +The default installation is intended to be similar to the provided Argo CD [releases](https://github.com/argoproj/argo-cd/releases). + +If you want to avoid including sensitive information unencrypted (clear text) in your version control, make use of the [declarative setup] of Argo CD. +For instance, rather than adding repositories and their keys in your Helm values, you could deploy [SealedSecrets](https://github.com/bitnami-labs/sealed-secrets) with contents as seen in this [repositories section](https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#repositories) or any other secrets manager service (i.e. HashiCorp Vault, AWS/GCP Secrets Manager, etc.). + +## High Availability + +This chart installs the non-HA version of Argo CD by default. If you want to run Argo CD in HA mode, you can use one of the example values in the next sections. +Please also have a look into the upstream [Operator Manual regarding High Availability](https://argo-cd.readthedocs.io/en/stable/operator-manual/high_availability/) to understand how scaling of Argo CD works in detail. + +> **Warning:** +> You need at least 3 worker nodes as the HA mode of redis enforces Pods to run on separate nodes. + +### HA mode with autoscaling + +```yaml +redis-ha: + enabled: true + +controller: + replicas: 1 + +server: + autoscaling: + enabled: true + minReplicas: 2 + +repoServer: + autoscaling: + enabled: true + minReplicas: 2 + +applicationSet: + replicas: 2 +``` + +### HA mode without autoscaling + +```yaml +redis-ha: + enabled: true + +controller: + replicas: 1 + +server: + replicas: 2 + +repoServer: + replicas: 2 + +applicationSet: + replicas: 2 +``` + +## Ingress configuration + +Please refer to the [Operator Manual](https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#ingress-configurationh) for details as the samples +below corespond to their respective sections. + +### SSL-Passthrough + +The `tls: true` option will expect that the `argocd-server-tls` secret exists as Argo CD server loads TLS certificates from this place. + +```yaml +global: + domain: argocd.example.com + +certificate: + enabled: true + +server: + ingress: + enabled: true + ingressClassName: nginx + annotations: + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/ssl-passthrough: "true" + tls: true +``` + +### SSL Termination at Ingress Controller + +```yaml +global: + domain: argocd.example.com + +configs: + params: + server.insecure: true + +server: + ingress: + enabled: true + ingressClassName: nginx + annotations: + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + extraTls: + - hosts: + - argocd.example.com + # Based on the ingress controller used secret might be optional + secretName: wildcard-tls +``` + +> **Note:** +> If you don't plan on using a wildcard certificate it's also possible to use `tls: true` without `extraTls` section. + +### Multiple ingress resources for gRPC protocol support + +Use `ingressGrpc` section if your ingress controller supports only a single protocol per Ingress resource (i.e.: Contour). + +```yaml +global: + domain: argocd.example.com + +configs: + params: + server.insecure: true + +server: + ingress: + enabled: true + ingressClassName: contour-internal + extraTls: + - hosts: + - argocd.example.com + secretName: wildcard-tls + + ingressGrpc: + enabled: true + ingressClassName: contour-internal + extraTls: + - hosts: + - grpc.argocd.example.com + secretName: wildcard-tls +``` + +### Multiple ingress domains + +```yaml +global: + domain: argocd.example.com + +server: + ingress: + enabled: true + ingressClassName: nginx + annotations: + cert-manager.io/cluster-issuer: "<my-issuer>" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + tls: true + extraHosts: + - name: argocd-alias.example.com + path: / +``` + +### AWS Application Load Balancer + +Refer to the Operator Manual for [AWS Application Load Balancer mode](https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#aws-application-load-balancers-albs-and-classic-elb-http-mode). +The provided example assumes you are using TLS off-loading via AWS ACM service. + +> **Note:** +> Using `controller: aws` creates additional service for gRPC traffic and it's no longer need to use `ingressGrpc` configuration section. + +```yaml +global: + domain: argocd.example.com + +configs: + params: + server.insecure: true + +server: + ingress: + enabled: true + controller: aws + ingressClassName: alb + annotations: + alb.ingress.kubernetes.io/scheme: internal + alb.ingress.kubernetes.io/target-type: ip + alb.ingress.kubernetes.io/backend-protocol: HTTP + alb.ingress.kubernetes.io/listen-ports: '[{"HTTP":80}, {"HTTPS":443}]' + alb.ingress.kubernetes.io/ssl-redirect: '443' + aws: + serviceType: ClusterIP # <- Used with target-type: ip + backendProtocolVersion: GRPC +``` + +### GKE Application Load Balancer + +The implementation will populate `ingressClassName`, `networking.gke.io/managed-certificates` and `networking.gke.io/v1beta1.FrontendConfig` annotations +automatically if you provide configuration for GKE resources. + +```yaml +global: + domain: argocd.example.com + +configs: + params: + server.insecure: true + +server: + service: + annotations: + cloud.google.com/neg: '{"ingress": true}' + cloud.google.com/backend-config: '{"ports": {"http":"argocd-server"}}' + + ingress: + enabled: true + controller: gke + gke: + backendConfig: + healthCheck: + checkIntervalSec: 30 + timeoutSec: 5 + healthyThreshold: 1 + unhealthyThreshold: 2 + type: HTTP + requestPath: /healthz + port: 8080 + frontendConfig: + redirectToHttps: + enabled: true + managedCertificate: + enabled: true +``` + +### Gateway API HTTPRoute + +The Gateway API provides a modern, extensible way to configure ingress traffic routing. This chart supports HTTPRoute resources as an alternative to traditional Ingress. + +> **Note:** +> Gateway API support is **EXPERIMENTAL**. Support depends on your Gateway controller implementation. Some controllers may require additional configuration (e.g., BackendTLSPolicy for HTTPS backends). Refer to [Gateway API implementations](https://gateway-api.sigs.k8s.io/implementations/) for controller-specific details. + +```yaml +global: + domain: argocd.example.com + +server: + httproute: + enabled: true + parentRefs: + - name: example-gateway + namespace: gateway-system + sectionName: https +``` + +#### Gateway API with gRPC support + +For deployments requiring gRPC routing, use GRPCRoute alongside HTTPRoute: + +```yaml +server: + httproute: + enabled: true + parentRefs: + - name: example-gateway + namespace: gateway-system + sectionName: https + + grpcroute: + enabled: true + parentRefs: + - name: example-gateway + namespace: gateway-system + sectionName: grpc +``` + +#### Gateway API with TLS backend + +For HTTPS backends with Gateway API, you may need to configure BackendTLSPolicy (experimental, v1alpha3): + +> **Warning:** +> BackendTLSPolicy is in **EXPERIMENTAL** status. Not all Gateway controllers support this resource (e.g., Cilium does not yet support it). + +```yaml +configs: + params: + server.insecure: false # HTTPS backend + +server: + httproute: + enabled: true + parentRefs: + - name: example-gateway + namespace: gateway-system + + backendTLSPolicy: + enabled: true + hostname: argocd-server.argocd.svc.cluster.local + wellKnownCACertificates: System +``` + +## Setting the initial admin password via Argo CD Application CR + +> **Note:** When deploying the `argo-cd` chart via an Argo CD `Application` CR, define your bcrypt-hashed admin password under `helm.values`—not `helm.parameters`—because Argo CD performs variable substitution on `parameters`, which will mangle any `$…` in your hash. + +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: argocd-testing +spec: + destination: + namespace: testing + server: https://kubernetes.default.svc + project: default + source: + chart: argo-cd + repoURL: https://argoproj.github.io/argo-helm + targetRevision: 3.21.0 + helm: + values: | + configs: + secret: + argocdServerAdminPassword: $2a$10$H1a30nMr9v2QE2nkyz0BoOD2J0I6FQFMtHS0csEg12RBWzfRuuoE6 +``` + +## Synchronizing Changes from Original Repository + +In the original [Argo CD repository](https://github.com/argoproj/argo-cd/) an [`manifests/install.yaml`](https://github.com/argoproj/argo-cd/blob/master/manifests/install.yaml) is generated using `kustomize`. It's the basis for the installation as [described in the docs](https://argo-cd.readthedocs.io/en/stable/getting_started/#1-install-argo-cd). + +When installing Argo CD using this helm chart the user should have a similar experience and configuration rolled out. Hence, it makes sense to try to achieve a similar output of rendered `.yaml` resources when calling `helm template` using the default settings in `values.yaml`. + +To update the templates and default settings in `values.yaml` it may come in handy to look up the diff of the `manifests/install.yaml` between two versions accordingly. This can either be done directly via github and look for `manifests/install.yaml`: + +https://github.com/argoproj/argo-cd/compare/v1.8.7...v2.0.0#files_bucket + +Or you clone the repository and do a local `git-diff`: + +```bash +git clone https://github.com/argoproj/argo-cd.git +cd argo-cd +git diff v1.8.7 v2.0.0 -- manifests/install.yaml +``` + +Changes in the `CustomResourceDefinition` resources shall be fixed easily by copying 1:1 from the [`manifests/crds` folder](https://github.com/argoproj/argo-cd/tree/master/manifests/crds) into this [`charts/argo-cd/templates/crds` folder](https://github.com/argoproj/argo-helm/tree/master/charts/argo-cd/templates/crds). + +### Custom resource definitions + +Some users would prefer to install the CRDs _outside_ of the chart. You can disable the CRD installation of this chart by using `--set crds.install=false` when installing the chart. + +Helm cannot upgrade custom resource definitions in the `<chart>/crds` folder [by design](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#some-caveats-and-explanations). Starting with 5.2.0, the CRDs have been moved to `<chart>/templates` to address this design decision. + +If you are using Argo CD chart version prior to 5.2.0 or have elected to manage the Argo CD CRDs outside of the chart, please use `kubectl` to upgrade CRDs manually from [templates/crds](templates/crds/) folder or via the manifests from the upstream project repo: + +```bash +kubectl apply -k "https://github.com/argoproj/argo-cd/manifests/crds?ref=<appVersion>" + +# Eg. version v2.4.9 +kubectl apply -k "https://github.com/argoproj/argo-cd/manifests/crds?ref=v2.4.9" +``` + +## Changelog + +For full list of changes please check ArtifactHub [changelog]. + +Highlighted versions provide information about additional steps that should be performed by user when upgrading to newer version. + +### 8.0.0 + +In this release we upgrade the Helm chart to deploy the next major version of Argo CD (v3.0.0). +Please carefully read at least those resources: +- [v2.14 to 3.0 upgrade instructions] +- [Argo CD v3.0 Release Blog Post] + +### 7.9.0 + +Chart versions from >= 7.7.2 and < 7.9.0 are using a Redis version which is no longer using an open source version of Redis. +Thus we downgraded Redis to latest available 7.2 (from 7.4) to be in-line with upstream manifests and fully honor +[CNCF Allowlist License Policy]. + +**Users using redis-ha may encounter issues** which can be resolved by either deleting all redis-ha pods after the +deployment/upgrade: + +```bash +kubectl delete pods -l app=redis-ha +``` + +Or alternatively by temporary switching to a single redis installation, then back to HA. +1. Evaluate current chart version in use + ```bash + $ helm ls + NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION + argocd argocd 3 2025-04-29 00:07:43.099922 +0200 CEST deployed argo-cd-7.8.28 v2.14.11 + ``` +2. Switch to single redis + ```bash + helm upgrade argocd argo/argo-cd --version <your current chart version> --reuse-values --set redis-ha.enabled=false + ``` +3. Upgrade to chart version 7.9 or newer and re-enable redis HA again + ```bash + helm upgrade argocd argo/argo-cd --version 7.9.0 --reuse-values --set redis-ha.enabled=true + ``` + +### 7.0.0 + +We changed the type of `.Values.configs.clusterCredentials` from `list` to `object`. +If you used the value, please migrate like below. + +```yaml +# before +configs: + clusterCredentials: + - mycluster: + server: https://mycluster.example.com + labels: {} + annotations: {} + # ... + +# after +configs: + clusterCredentials: + mycluster: + server: https://mycluster.example.com + labels: {} + annotations: {} + # ... +``` + +### 6.10.0 + +This version introduces authentication for Redis to mitigate GHSA-9766-5277-j5hr. + +#### How to rotate Redis secret? + +Upstream steps in the [FAQ] are not enough, since we chose a different approach. +(We use a Kubernetes Job with [Chart Hooks] to create the auth secret `argocd-redis`.) + +Steps to rotate the secret when using the helm chart (bold step is additional to upstream): +* Delete `argocd-redis` secret in the namespace where Argo CD is installed. + ```bash + kubectl delete secret argocd-redis -n <argocd namespace> + ``` +* **Perform a helm upgrade** + ```bash + helm upgrade argocd argo/argo-cd --reuse-values --wait + ``` +* If you are running Redis in HA mode, restart Redis in HA. + ```bash + kubectl rollout restart deployment argocd-redis-ha-haproxy + kubectl rollout restart statefulset argocd-redis-ha-server + ``` +* If you are running Redis in non-HA mode, restart Redis. + ```bash + kubectl rollout restart deployment argocd-redis + ``` +* Restart other components. + ```bash + kubectl rollout restart deployment argocd-server argocd-repo-server + kubectl rollout restart statefulset argocd-application-controller + ``` + +### 6.9.0 +ApplicationSet controller is always created to follow [upstream's manifest](https://github.com/argoproj/argo-cd/blob/v2.11.0/manifests/core-install/kustomization.yaml#L9). + +### 6.4.0 + +Added support for application controller dynamic cluster distribution. +Please refer to [the docs](https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution) for more information. + +Added env variables to handle the non-standard names generated by the helm chart. +Here are the [docs](https://argo-cd.readthedocs.io/en/release-2.9/user-guide/environment-variables/) +and [code](https://github.com/argoproj/argo-cd/blob/99723143b96ceec9ef5b0a7feb7b4f4b0dce3497/common/common.go#L252) + +### 6.1.0 + +Added support for global domain used by all components. + +### 6.0.0 + +This version **removes support for**: + +* deprecated component options `logLevel` and `logFormat` +* deprecated component arguments `<components>.args.<feature>` that were replaced with `configs.params` +* deprecated configuration `server.config` that was replaced with `configs.cm` +* deprecated configuration `server.rbacConfig` that was replaced with `configs.rbac` + +Major version also contains breaking **changes related to Argo CD Ingress** resources that were hard to extend and maintain for various ingress controller implementations. +Please review your setup and adjust to new configuration options: + +* catch all rule was removed for security reasons. If you need this please use `server.ingress.extraRules` to provide ingress rule without hostname +* ingress rule for `paths` changed to `path` as there is only single Argo CD backend path +* ingress rule for `hosts` changed to `hostname` as there can be only single SSO redirect for given hostname +* ingress TLS for server uses by default `argocd-server-tls` secret required by Argo CD server, additional ingresses are using `<hostname>-tls` secret when `tls: true` +* additional hostnames and routing can be provided via `extraHosts` configuration section +* additional TLS secrets can be provided via `extraTls` configuration section + +Please refer to [ingress configuration](#ingress-configuration) for examples. + +### 5.53.0 + +Argocd-repo-server can now optionally use Persistent Volumes for its mountpoints instead of only emptydir() + +### 5.52.0 + +Because [Argo CD Extensions] is now deprecated and no further changes will be made, we switched to [Argo CD Extension Installer], adding an Argo CD Extension Installer to init-container in the Argo CD API server. +If you used old mechanism, please move to new mechanism. For more details, please refer `.Values.server.extensions` in values.yaml. + +### 5.35.0 + +This version supports Kubernetes version `>=1.23.0-0`. The current supported version of Kubernetes is v1.24 or later and we align with the Amazon EKS calendar, because many AWS users follow a conservative approach. + +Please see more information about EoL: [Amazon EKS EoL][EKS EoL]. + +### 5.31.0 +The manifests are now using [`tini` as entrypoint][tini], instead of `entrypoint.sh`. Until Argo CD v2.8, `entrypoint.sh` is retained for upgrade compatibility. +This means that the deployment manifests have to be updated after upgrading to Argo CD v2.7, and before upgrading to Argo CD v2.8 later. +In case the manifests are updated before moving to Argo CD v2.8, the containers will not be able to start. + +### 5.26.0 + +This version adds support for Config Management Plugins using the sidecar model and configured in a ConfigMap named `argocd-cmp-cm`. +Users will need to migrate from the previous `argocd-cm` ConfigMap method to using the sidecar method before Argo CD v2.8. See the [Argo CD CMP migration guide](https://argo-cd.readthedocs.io/en/stable/operator-manual/config-management-plugins/#migrating-from-argocd-cm-plugins) for more specifics. + +To migrate your plugins, you can now set the `configs.cmp.create` to `true` and move your plugins from `configs.cm` to `configs.cmp.plugins`. +You will also need to configure the sidecar containers under `repoServer.extraContainers` and ensure you are mounting any custom volumes you need from `repoServer.volumes` into here also. + +### 5.24.0 + +This version adds additional global parameters for scheduling (`nodeSelector`, `tolerations`, `topologySpreadConstraints`). +Default `global.affinity` rules can be disabled when `none` value is used for the preset. + +### 5.22.0 + +This version adds `global.affinity` options that are used as a presets. Override on component level works as before and replaces the default preset completely. + +### 5.19.0 + +This version consolidates config for custom repository TLS certificates and SSH known hosts. If you provided these values (`configs.knownHosts.*`, `configs.knownHostsAnnotations`, `configs.tlsCerts`, `configs.tlsCertsAnnotations`) please move them into new `configs.ssh` and `configs.tls` sections. +You can also use new option `configs.ssh.extraHosts` to configure your SSH keys without maintaing / overwritting keys for public Git repositories. + +### 5.13.0 + +This version reduces history limit for Argo CD deployment replicas to 3 to provide more visibility for Argo CD deployments that manage itself. If you need more deployment revisions for rollbacks set `global.revisionHistoryLimit` parameter. + +### 5.12.0 + +If Argo CD is managing termination of TLS and you are using `configs.secret.argocdServerTlsConfig` option to provide custom TLS configuration for this chart, please use `server.certificate` or `server.certificateSecret` instead. +For the secrets for tls termination, please use a secret named `argocd-server-tls` instead of `argocd-secret`. +For the technical details please check the [Argo CD documentation](https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-certificates-used-by-argocd-server). When transitioning from the one secret to the other pay attention to `tls.key` and `tls.crt` keys. + +### 5.10.0 + +This version hardens security by configuring default container security contexts and adds hard requirement for Kubernetes 1.22+ to work properly. +The change aligns chart with officially [supported versions](https://argo-cd.readthedocs.io/en/release-2.5/operator-manual/installation/#supported-versions) by upstream project. + +### 5.7.0 + +This version introcudes new `configs.cm` and `configs.rbac` sections that replaces `server.config` and `server.rbacConfig` respectively. +Please move your current configuration to the new place. The Argo CD RBAC config now also sets defaults in the `argocd-rbac-cm`. +If you have manually created this ConfigMap please ensure templating is disabled so you will not lose your changes. + +### 5.5.20 + +This version moved API version templates into dedicated helper. If you are using these in your umbrella +chart please migrate your templates to pattern `argo-cd.apiVersion.<component>`. + +### 5.5.0 + +This version introduces new `configs.params` section that replaces command line arguments for containers. +Please refer to documentation in values.yaml for migrating the configuration. + +### 5.2.0 + +Custom resource definitions were moved to `templates` folder so they can be managed by Helm. + +To adopt already created CRDs, please use following command: + +```bash +YOUR_ARGOCD_NAMESPACE="" # e.g. argo-cd +YOUR_ARGOCD_RELEASENAME="" # e.g. argo-cd + +for crd in "applications.argoproj.io" "applicationsets.argoproj.io" "argocdextensions.argoproj.io" "appprojects.argoproj.io"; do + kubectl label --overwrite crd $crd app.kubernetes.io/managed-by=Helm + kubectl annotate --overwrite crd $crd meta.helm.sh/release-namespace="$YOUR_ARGOCD_NAMESPACE" + kubectl annotate --overwrite crd $crd meta.helm.sh/release-name="$YOUR_ARGOCD_RELEASENAME" +done +``` + +### 5.0.0 + +This version **removes support for**: + +- deprecated repository credentials (parameter `configs.repositoryCredentials`) +- option to run application controller as a Deployment +- the parameters `server.additionalApplications` and `server.additionalProjects` + +Please carefully read the following section if you are using these parameters! + +In order to upgrade Applications and Projects safely against CRDs' upgrade, `server.additionalApplications` and `server.additionalProjects` are moved to [argocd-apps](../argocd-apps). + +If you are using `server.additionalApplications` or `server.additionalProjects`, you can adopt to [argocd-apps](../argocd-apps) as below: + +1. Add [helm.sh/resource-policy annotation](https://helm.sh/docs/howto/charts_tips_and_tricks/#tell-helm-not-to-uninstall-a-resource) to avoid resources being removed by upgrading Helm chart + +You can keep your existing CRDs by adding `"helm.sh/resource-policy": keep` on `additionalAnnotations`, under `server.additionalApplications` and `server.additionalProjects` blocks, and running `helm upgrade`. + +e.g: + +```yaml +server: + additionalApplications: + - name: guestbook + namespace: argocd + additionalLabels: {} + additionalAnnotations: + "helm.sh/resource-policy": keep # <-- add this + finalizers: + - resources-finalizer.argocd.argoproj.io + project: guestbook + source: + repoURL: https://github.com/argoproj/argocd-example-apps.git + targetRevision: HEAD + path: guestbook + directory: + recurse: true + destination: + server: https://kubernetes.default.svc + namespace: guestbook + syncPolicy: + automated: + prune: false + selfHeal: false + ignoreDifferences: + - group: apps + kind: Deployment + jsonPointers: + - /spec/replicas + info: + - name: url + value: https://argoproj.github.io/ +``` + +You can also keep your existing CRDs by running the following scripts. + +```bash +# keep Applications +for app in "guestbook"; do + kubectl annotate --overwrite application $app helm.sh/resource-policy=keep +done + +# keep Projects +for project in "guestbook"; do + kubectl annotate --overwrite appproject $project helm.sh/resource-policy=keep +done +``` + +2. Upgrade argo-cd Helm chart to v5.0.0 + +3. Remove keep [helm.sh/resource-policy annotation](https://helm.sh/docs/howto/charts_tips_and_tricks/#tell-helm-not-to-uninstall-a-resource) + +```bash +# delete annotations from Applications +for app in "guestbook"; do + kubectl annotate --overwrite application $app helm.sh/resource-policy- +done + +# delete annotations from Projects +for project in "guestbook"; do + kubectl annotate --overwrite appproject $project helm.sh/resource-policy- +done +``` + +4. Adopt existing resources to [argocd-apps](../argocd-apps) + +### 4.9.0 + +This version starts to use upstream image with applicationset binary. Start command was changed from `applicationset-controller` to `argocd-applicationset-controller` + +### 4.3.* + +With this minor version, the notification notifier's `service.slack` is no longer configured by default. + +### 4.0.0 and above + +This helm chart version deploys Argo CD v2.3. The Argo CD Notifications and ApplicationSet are part of Argo CD now. You no longer need to install them separately. The Notifications and ApplicationSet components **are bundled into default** Argo CD installation. +Please read the [v2.2 to 2.3 upgrade instructions] in the upstream repository. + +### 3.13.0 + +This release removes the flag `--staticassets` from argocd server as it has been dropped upstream. If this flag needs to be enabled e.g for older releases of Argo CD, it can be passed via the `server.extraArgs` field + +### 3.10.2 + +Argo CD has recently deprecated the flag `--staticassets` and from chart version `3.10.2` has been disabled by default +It can be re-enabled by setting `server.staticAssets.enabled` to true + +### 3.8.1 + +This bugfix version potentially introduces a rename (and recreation) of one or more ServiceAccounts. It _only happens_ when you use one of these customization: + +```yaml +# Case 1) - only happens when you do not specify a custom name (repoServer.serviceAccount.name) +repoServer: + serviceAccount: + create: true + +# Case 2) +controller: + serviceAccount: + name: "" # or <nil> + +# Case 3) +dex: + serviceAccount: + name: "" # or <nil> + +# Case 4) +server: + serviceAccount: + name: "" # or <nil> +``` + +Please check if you are affected by one of these cases **before you upgrade**, especially when you use **cloud IAM roles for service accounts.** (eg. IRSA on AWS or Workload Identity for GKE) + +### 3.2.* + +With this minor version we introduced the evaluation for the ingress manifest (depending on the capabilities version), See [Pull Request](https://github.com/argoproj/argo-helm/pull/637). +[Issue 703](https://github.com/argoproj/argo-helm/issues/703) reported that the capabilities evaluation is **not handled correctly when deploying the chart via an Argo CD instance**, +especially deploying on clusters running a cluster version prior to `1.19` (which misses `Ingress` on apiVersion `networking.k8s.io/v1`). + +If you are running a cluster version prior to `1.19` you can avoid this issue by directly installing chart version `3.6.0` and setting `kubeVersionOverride` like: + +```yaml +kubeVersionOverride: "1.18.0" +``` + +Then you should no longer encounter this issue. + +### 3.0.0 and above + +Helm apiVersion switched to `v2`. Requires Helm `3.0.0` or above to install. [Read More](https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/) on how to migrate your release from Helm 2 to Helm 3. + +### 2.14.7 and above + +The `matchLabels` key in the Argo CD Application Controller is no longer hard-coded. Note that labels are immutable so caution should be exercised when making changes to this resource. + +### 2.10.x to 2.11.0 + +The application controller is now available as a `StatefulSet` when the `controller.enableStatefulSet` flag is set to true. Depending on your Helm deployment this may be a downtime or breaking change if enabled when using HA and will become the default in 3.x. + +### 1.8.7 to 2.x.x + +`controller.extraArgs`, `repoServer.extraArgs` and `server.extraArgs` are now arrays of strings instead of a map + +What was + +```yaml +server: + extraArgs: + insecure: "" +``` + +is now + +```yaml +server: + extraArgs: + - --insecure +``` + +## Prerequisites + +- Kubernetes: `>=1.25.0-0` + - We align with [Amazon EKS calendar][EKS EoL] because there are many AWS users and it's a conservative approach. + - Please check [Support Matrix of Argo CD][Kubernetes Compatibility Matrix] for official info. +- Helm v3.0.0+ + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +$ helm repo add argo https://argoproj.github.io/argo-helm +"argo" has been added to your repositories + +$ helm install my-release argo/argo-cd +NAME: my-release +... +``` + +## General parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| apiVersionOverrides | object | `{}` | | +| crds.additionalLabels | object | `{}` | Additional labels to be added to all CRDs | +| crds.annotations | object | `{}` | Annotations to be added to all CRDs | +| crds.install | bool | `true` | Install and upgrade CRDs | +| crds.keep | bool | `true` | Keep CRDs on chart uninstall | +| createAggregateRoles | bool | `false` | Create aggregated roles that extend existing cluster roles to interact with argo-cd resources | +| createClusterRoles | bool | `true` | Create cluster roles for cluster-wide installation. | +| extraObjects | list | `[]` | Array of extra K8s manifests to deploy | +| fullnameOverride | string | `""` | String to fully override `"argo-cd.fullname"` | +| kubeVersionOverride | string | `""` | Override the Kubernetes version, which is used to evaluate certain manifests | +| nameOverride | string | `"argocd"` | Provide a name in place of `argocd` | +| namespaceOverride | string | `.Release.Namespace` | Override the namespace | +| openshift.enabled | bool | `false` | enables using arbitrary uid for argo repo server | + +## Global Configs + +> **Note:** +> Any values you put under `.Values.configs.cm` are passed to argocd-cm ConfigMap, and under `.Values.configs.params` are passed to argocd-params-cm ConfigMap. + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| global.addPrometheusAnnotations | bool | `false` | Add Prometheus scrape annotations to all metrics services. This can be used as an alternative to the ServiceMonitors. | +| global.additionalLabels | object | `{}` | Common labels for the all resources | +| global.affinity.nodeAffinity.matchExpressions | list | `[]` | Default match expressions for node affinity | +| global.affinity.nodeAffinity.type | string | `"hard"` | Default node affinity rules. Either: `none`, `soft` or `hard` | +| global.affinity.podAntiAffinity | string | `"soft"` | Default pod anti-affinity rules. Either: `none`, `soft` or `hard` | +| global.certificateAnnotations | object | `{}` | Annotations for the all deployed Certificates | +| global.deploymentAnnotations | object | `{}` | Annotations for the all deployed Deployments | +| global.deploymentLabels | object | `{}` | Labels for the all deployed Deployments | +| global.deploymentStrategy | object | `{}` | Deployment strategy for the all deployed Deployments | +| global.domain | string | `"argocd.example.com"` | Default domain used by all components | +| global.dualStack.ipFamilies | list | `[]` | IP families that should be supported and the order in which they should be applied to ClusterIP as well. Can be IPv4 and/or IPv6. | +| global.dualStack.ipFamilyPolicy | string | `""` | IP family policy to configure dual-stack see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services) | +| global.env | list | `[]` | Environment variables to pass to all deployed Deployments | +| global.hostAliases | list | `[]` | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | +| global.image.imagePullPolicy | string | `"IfNotPresent"` | If defined, a imagePullPolicy applied to all Argo CD deployments | +| global.image.repository | string | `"quay.io/argoproj/argocd"` | If defined, a repository applied to all Argo CD deployments | +| global.image.tag | string | `""` | Overrides the global Argo CD image tag whose default is the chart appVersion | +| global.imagePullSecrets | list | `[]` | Secrets with credentials to pull images from a private registry | +| global.logging.format | string | `"text"` | Set the global logging format. Either: `text` or `json` | +| global.logging.level | string | `"info"` | Set the global logging level. One of: `debug`, `info`, `warn` or `error` | +| global.networkPolicy.create | bool | `false` | Create NetworkPolicy objects for all components | +| global.networkPolicy.defaultDenyIngress | bool | `false` | Default deny all ingress traffic | +| global.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Default node selector for all components | +| global.podAnnotations | object | `{}` | Annotations for the all deployed pods | +| global.podLabels | object | `{}` | Labels for the all deployed pods | +| global.priorityClassName | string | `""` | Default priority class for all components | +| global.revisionHistoryLimit | int | `3` | Number of old deployment ReplicaSets to retain. The rest will be garbage collected. | +| global.runtimeClassName | string | `""` | Runtime class name for all components | +| global.securityContext | object | `{}` (See [values.yaml]) | Toggle and define pod-level security context. | +| global.statefulsetAnnotations | object | `{}` | Annotations for the all deployed Statefulsets | +| global.tolerations | list | `[]` | Default tolerations for all components | +| global.topologySpreadConstraints | list | `[]` | Default [TopologySpreadConstraints] rules for all components | + +## Argo CD Configs + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| configs.clusterCredentials | object | `{}` (See [values.yaml]) | Provide one or multiple [external cluster credentials] | +| configs.cm."admin.enabled" | bool | `true` | Enable local admin user | +| configs.cm."application.instanceLabelKey" | string | `"argocd.argoproj.io/instance"` | The name of tracking label used by Argo CD for resource pruning | +| configs.cm."application.sync.impersonation.enabled" | bool | `false` | Enable control of the service account used for the sync operation (alpha) | +| configs.cm."exec.enabled" | bool | `false` | Enable exec feature in Argo UI | +| configs.cm."resource.customizations.ignoreResourceUpdates.ConfigMap" | string | See [values.yaml] | Ignore the cluster-autoscaler status | +| configs.cm."resource.customizations.ignoreResourceUpdates.Endpoints" | string | See [values.yaml] | Ignores update if Endpoints is not excluded globally | +| configs.cm."resource.customizations.ignoreResourceUpdates.all" | string | See [values.yaml] | Ignoring status for all resources. An update will still be sent if the status update causes the health to change. | +| configs.cm."resource.customizations.ignoreResourceUpdates.apps_ReplicaSet" | string | See [values.yaml] | Ignore the common scaling annotations | +| configs.cm."resource.customizations.ignoreResourceUpdates.argoproj.io_Application" | string | See [values.yaml] | Some Application fields are generated and not related to the application updates itself | +| configs.cm."resource.customizations.ignoreResourceUpdates.argoproj.io_Rollout" | string | See [values.yaml] | Ignore Argo Rollouts generated fields | +| configs.cm."resource.customizations.ignoreResourceUpdates.autoscaling_HorizontalPodAutoscaler" | string | See [values.yaml] | Legacy annotations used on HPA autoscaling/v1 | +| configs.cm."resource.customizations.ignoreResourceUpdates.discovery.k8s.io_EndpointSlice" | string | See [values.yaml] | Ignores update if EndpointSlice is not excluded globally | +| configs.cm."resource.exclusions" | string | See [values.yaml] | Resource Exclusion/Inclusion | +| configs.cm."server.rbac.log.enforce.enable" | bool | `false` | Enable logs RBAC enforcement | +| configs.cm."statusbadge.enabled" | bool | `false` | Enable Status Badge | +| configs.cm."timeout.hard.reconciliation" | string | `"0s"` | Timeout to refresh application data as well as target manifests cache | +| configs.cm."timeout.reconciliation" | string | `"180s"` | Timeout to discover if a new manifests version got published to the repository | +| configs.cm.annotations | object | `{}` | Annotations to be added to argocd-cm configmap | +| configs.cm.create | bool | `true` | Create the argocd-cm configmap for [declarative setup] | +| configs.cmp.annotations | object | `{}` | Annotations to be added to argocd-cmp-cm configmap | +| configs.cmp.create | bool | `false` | Create the argocd-cmp-cm configmap | +| configs.cmp.plugins | object | `{}` | Plugin yaml files to be added to argocd-cmp-cm | +| configs.credentialTemplates | object | `{}` | Repository credentials to be used as Templates for other repos | +| configs.credentialTemplatesAnnotations | object | `{}` | Annotations to be added to `configs.credentialTemplates` Secret | +| configs.gpg.annotations | object | `{}` | Annotations to be added to argocd-gpg-keys-cm configmap | +| configs.gpg.keys | object | `{}` (See [values.yaml]) | [GnuPG] public keys to add to the keyring | +| configs.params."application.namespaces" | string | `""` | Enables [Applications in any namespace] | +| configs.params."applicationsetcontroller.enable.progressive.syncs" | bool | `false` | Enables use of the Progressive Syncs capability | +| configs.params."applicationsetcontroller.namespaces" | string | `""` (default is only the ns where the controller is installed) | A list of glob patterns specifying where to look for ApplicationSet resources. (e.g. `"argocd,argocd-appsets-*"`) | +| configs.params."applicationsetcontroller.policy" | string | `"sync"` | Modify how application is synced between the generator and the cluster. One of: `sync`, `create-only`, `create-update`, `create-delete` | +| configs.params."controller.ignore.normalizer.jq.timeout" | string | `"1s"` | JQ Path expression timeout | +| configs.params."controller.operation.processors" | int | `10` | Number of application operation processors | +| configs.params."controller.repo.server.timeout.seconds" | int | `60` | Repo server RPC call timeout seconds. | +| configs.params."controller.self.heal.timeout.seconds" | int | `5` | Specifies timeout between application self heal attempts | +| configs.params."controller.status.processors" | int | `20` | Number of application status processors | +| configs.params."controller.sync.timeout.seconds" | int | `0` | Specifies the timeout after which a sync would be terminated. 0 means no timeout | +| configs.params."hydrator.enabled" | bool | `false` | Enable the hydrator feature (hydrator is in Alpha phase) | +| configs.params."otlp.address" | string | `""` | Open-Telemetry collector address: (e.g. "otel-collector:4317") | +| configs.params."reposerver.parallelism.limit" | int | `0` | Limit on number of concurrent manifests generate requests. Any value less the 1 means no limit. | +| configs.params."server.basehref" | string | `"/"` | Value for base href in index.html. Used if Argo CD is running behind reverse proxy under subpath different from / | +| configs.params."server.disable.auth" | bool | `false` | Disable Argo CD RBAC for user authentication | +| configs.params."server.enable.gzip" | bool | `true` | Enable GZIP compression | +| configs.params."server.enable.proxy.extension" | bool | `false` | Enable proxy extension feature. (proxy extension is in Alpha phase) | +| configs.params."server.insecure" | bool | `false` | Run server without TLS | +| configs.params."server.rootpath" | string | `""` | Used if Argo CD is running behind reverse proxy under subpath different from / | +| configs.params."server.staticassets" | string | `"/shared/app"` | Directory path that contains additional static assets | +| configs.params."server.x.frame.options" | string | `"sameorigin"` | Set X-Frame-Options header in HTTP responses to value. To disable, set to "". | +| configs.params.annotations | object | `{}` | Annotations to be added to the argocd-cmd-params-cm ConfigMap | +| configs.params.create | bool | `true` | Create the argocd-cmd-params-cm configmap If false, it is expected the configmap will be created by something else. | +| configs.rbac."policy.csv" | string | `''` (See [values.yaml]) | File containing user-defined policies and role definitions. | +| configs.rbac."policy.default" | string | `""` | The name of the default role which Argo CD will falls back to, when authorizing API requests (optional). If omitted or empty, users may be still be able to login, but will see no apps, projects, etc... | +| configs.rbac."policy.matchMode" | string | `"glob"` | Matcher function for Casbin, `glob` for glob matcher and `regex` for regex matcher. | +| configs.rbac.annotations | object | `{}` | Annotations to be added to argocd-rbac-cm configmap | +| configs.rbac.create | bool | `true` | Create the argocd-rbac-cm configmap with ([Argo CD RBAC policy]) definitions. If false, it is expected the configmap will be created by something else. Argo CD will not work if there is no configmap created with the name above. | +| configs.rbac.scopes | string | `"[groups]"` | OIDC scopes to examine during rbac enforcement (in addition to `sub` scope). The scope value can be a string, or a list of strings. | +| configs.repositories | object | `{}` | Repositories list to be used by applications | +| configs.repositoriesAnnotations | object | `{}` | Annotations to be added to `configs.repositories` Secret | +| configs.secret.annotations | object | `{}` | Annotations to be added to argocd-secret | +| configs.secret.argocdServerAdminPassword | string | `""` | Bcrypt hashed admin password | +| configs.secret.argocdServerAdminPasswordMtime | string | `""` (defaults to current time) | Admin password modification time. Eg. `"2006-01-02T15:04:05Z"` | +| configs.secret.azureDevops.password | string | `""` | Shared secret password for authenticating Azure DevOps webhook events | +| configs.secret.azureDevops.username | string | `""` | Shared secret username for authenticating Azure DevOps webhook events | +| configs.secret.bitbucketServerSecret | string | `""` | Shared secret for authenticating BitbucketServer webhook events | +| configs.secret.bitbucketUUID | string | `""` | UUID for authenticating Bitbucket webhook events | +| configs.secret.createSecret | bool | `true` | Create the argocd-secret | +| configs.secret.extra | object | `{}` | add additional secrets to be added to argocd-secret | +| configs.secret.githubSecret | string | `""` | Shared secret for authenticating GitHub webhook events | +| configs.secret.gitlabSecret | string | `""` | Shared secret for authenticating GitLab webhook events | +| configs.secret.gogsSecret | string | `""` | Shared secret for authenticating Gogs webhook events | +| configs.secret.labels | object | `{}` | Labels to be added to argocd-secret | +| configs.ssh.annotations | object | `{}` | Annotations to be added to argocd-ssh-known-hosts-cm configmap | +| configs.ssh.create | bool | `true` | Specifies if the argocd-ssh-known-hosts-cm configmap should be created by Helm. | +| configs.ssh.extraHosts | string | `""` | Additional known hosts for private repositories | +| configs.ssh.knownHosts | string | See [values.yaml] | Known hosts to be added to the known host list by default. | +| configs.styles | string | `""` (See [values.yaml]) | Define custom [CSS styles] for your argo instance. This setting will automatically mount the provided CSS and reference it in the argo configuration. | +| configs.tls.annotations | object | `{}` | Annotations to be added to argocd-tls-certs-cm configmap | +| configs.tls.certificates | object | `{}` (See [values.yaml]) | TLS certificates for Git repositories | +| configs.tls.create | bool | `true` | Specifies if the argocd-tls-certs-cm configmap should be created by Helm. | + +## Argo CD Controller + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| controller.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment | +| controller.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account into the pod. | +| controller.clusterRoleRules.enabled | bool | `false` | Enable custom rules for the application controller's ClusterRole resource | +| controller.clusterRoleRules.rules | list | `[]` | List of custom rules for the application controller's ClusterRole resource | +| controller.containerPorts.metrics | int | `8082` | Metrics container port | +| controller.containerSecurityContext | object | See [values.yaml] | Application controller container-level security context | +| controller.deploymentAnnotations | object | `{}` | Annotations for the application controller Deployment | +| controller.deploymentLabels | object | `{}` | Labels for the application controller Deployment | +| controller.dnsConfig | object | `{}` | [DNS configuration] | +| controller.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for application controller pods | +| controller.dynamicClusterDistribution | bool | `false` | Enable dynamic cluster distribution (alpha) Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution | +| controller.emptyDir.sizeLimit | string | `""` (defaults not set if not specified i.e. no size limit) | EmptyDir size limit for application controller | +| controller.env | list | `[]` | Environment variables to pass to application controller | +| controller.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to application controller | +| controller.extraArgs | list | `[]` | Additional command line arguments to pass to application controller | +| controller.extraContainers | list | `[]` | Additional containers to be added to the application controller pod | +| controller.heartbeatTime | int | `10` | Application controller heartbeat time Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution/#working-of-dynamic-distribution | +| controller.hostNetwork | bool | `false` | Host Network for application controller pods | +| controller.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the application controller | +| controller.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the application controller | +| controller.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the application controller | +| controller.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | +| controller.initContainers | list | `[]` | Init containers to add to the application controller pod | +| controller.metrics.applicationLabels.enabled | bool | `false` | Enables additional labels in argocd_app_labels metric | +| controller.metrics.applicationLabels.labels | list | `[]` | Additional labels | +| controller.metrics.enabled | bool | `false` | Deploy metrics service | +| controller.metrics.rules.additionalLabels | object | `{}` | PrometheusRule labels | +| controller.metrics.rules.annotations | object | `{}` | PrometheusRule annotations | +| controller.metrics.rules.enabled | bool | `false` | Deploy a PrometheusRule for the application controller | +| controller.metrics.rules.namespace | string | `""` | PrometheusRule namespace | +| controller.metrics.rules.selector | object | `{}` | PrometheusRule selector | +| controller.metrics.rules.spec | list | `[]` | PrometheusRule.Spec for the application controller | +| controller.metrics.scrapeTimeout | string | `""` | Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. | +| controller.metrics.service.annotations | object | `{}` | Metrics service annotations | +| controller.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) | +| controller.metrics.service.labels | object | `{}` | Metrics service labels | +| controller.metrics.service.portName | string | `"http-metrics"` | Metrics service port name | +| controller.metrics.service.servicePort | int | `8082` | Metrics service port | +| controller.metrics.service.type | string | `"ClusterIP"` | Metrics service type | +| controller.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | +| controller.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | +| controller.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| controller.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | +| controller.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval | +| controller.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | +| controller.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | +| controller.metrics.serviceMonitor.relabelings | list | `[]` | Prometheus [RelabelConfigs] to apply to samples before scraping | +| controller.metrics.serviceMonitor.scheme | string | `""` | Prometheus ServiceMonitor scheme | +| controller.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | +| controller.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig | +| controller.name | string | `"application-controller"` | Application controller name string | +| controller.networkPolicy.create | bool | `false` (defaults to global.networkPolicy.create) | Default network policy rules used by application controller | +| controller.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] | +| controller.pdb.annotations | object | `{}` | Annotations to be added to application controller pdb | +| controller.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the application controller | +| controller.pdb.labels | object | `{}` | Labels to be added to application controller pdb | +| controller.pdb.maxUnavailable | string | `""` | Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). | +| controller.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) | +| controller.podAnnotations | object | `{}` | Annotations to be added to application controller pods | +| controller.podLabels | object | `{}` | Labels to be added to application controller pods | +| controller.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the application controller pods | +| controller.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| controller.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | +| controller.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| controller.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| controller.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| controller.replicas | int | `1` | The number of application controller pods to run. Additional replicas will cause sharding of managed clusters across number of replicas. | +| controller.resources | object | `{}` | Resource limits and requests for the application controller pods | +| controller.revisionHistoryLimit | int | `5` | Maximum number of controller revisions that will be maintained in StatefulSet history | +| controller.roleRules | list | `[]` | List of custom rules for the application controller's Role resource | +| controller.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the application controller | +| controller.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | +| controller.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | +| controller.serviceAccount.create | bool | `true` | Create a service account for the application controller | +| controller.serviceAccount.labels | object | `{}` | Labels applied to created service account | +| controller.serviceAccount.name | string | `"argocd-application-controller"` | Service account name | +| controller.statefulsetAnnotations | object | `{}` | Annotations for the application controller StatefulSet | +| controller.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | +| controller.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | +| controller.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the application controller | +| controller.volumeMounts | list | `[]` | Additional volumeMounts to the application controller main container | +| controller.volumes | list | `[]` | Additional volumes to the application controller pod | +| controller.vpa.annotations | object | `{}` | Annotations to be added to application controller vpa | +| controller.vpa.containerPolicy | object | `{}` | Controls how VPA computes the recommended resources for application controller container | +| controller.vpa.enabled | bool | `false` | Deploy a [VerticalPodAutoscaler](https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/) for the application controller | +| controller.vpa.labels | object | `{}` | Labels to be added to application controller vpa | +| controller.vpa.updateMode | string | `"Initial"` | One of the VPA operation modes | + +## Argo Repo Server + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| repoServer.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment | +| repoServer.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account into the pod. | +| repoServer.autoscaling.behavior | object | `{}` | Configures the scaling behavior of the target in both Up and Down directions. | +| repoServer.autoscaling.enabled | bool | `false` | Enable Horizontal Pod Autoscaler ([HPA]) for the repo server | +| repoServer.autoscaling.maxReplicas | int | `5` | Maximum number of replicas for the repo server [HPA] | +| repoServer.autoscaling.metrics | list | `[]` | Configures custom HPA metrics for the Argo CD repo server Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ | +| repoServer.autoscaling.minReplicas | int | `1` | Minimum number of replicas for the repo server [HPA] | +| repoServer.autoscaling.targetCPUUtilizationPercentage | int | `50` | Average CPU utilization percentage for the repo server [HPA] | +| repoServer.autoscaling.targetMemoryUtilizationPercentage | int | `50` | Average memory utilization percentage for the repo server [HPA] | +| repoServer.certificateSecret.annotations | object | `{}` | Annotations to be added to argocd-repo-server-tls secret | +| repoServer.certificateSecret.ca | string | `""` | Certificate authority. Required for self-signed certificates. | +| repoServer.certificateSecret.crt | string | `""` | Certificate data. Must contain SANs of Repo service (ie: argocd-repo-server, argocd-repo-server.argo-cd.svc) | +| repoServer.certificateSecret.enabled | bool | `false` | Create argocd-repo-server-tls secret | +| repoServer.certificateSecret.key | string | `""` | Certificate private key | +| repoServer.certificateSecret.labels | object | `{}` | Labels to be added to argocd-repo-server-tls secret | +| repoServer.clusterRoleRules.enabled | bool | `false` | Enable custom rules for the Repo server's Cluster Role resource | +| repoServer.clusterRoleRules.rules | list | `[]` | List of custom rules for the Repo server's Cluster Role resource | +| repoServer.containerPorts.metrics | int | `8084` | Metrics container port | +| repoServer.containerPorts.server | int | `8081` | Repo server container port | +| repoServer.containerSecurityContext | object | See [values.yaml] | Repo server container-level security context | +| repoServer.copyutil.resources | object | `{}` | Resource limits and requests for the repo server copyutil initContainer | +| repoServer.deploymentAnnotations | object | `{}` | Annotations to be added to repo server Deployment | +| repoServer.deploymentLabels | object | `{}` | Labels for the repo server Deployment | +| repoServer.deploymentStrategy | object | `{}` | Deployment strategy to be added to the repo server Deployment | +| repoServer.dnsConfig | object | `{}` | [DNS configuration] | +| repoServer.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Repo server pods | +| repoServer.emptyDir.sizeLimit | string | `""` (defaults not set if not specified i.e. no size limit) | EmptyDir size limit for repo server | +| repoServer.env | list | `[]` | Environment variables to pass to repo server | +| repoServer.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to repo server | +| repoServer.existingVolumes | object | `{}` | Volumes to be used in replacement of emptydir on default volumes | +| repoServer.extraArgs | list | `[]` | Additional command line arguments to pass to repo server | +| repoServer.extraContainers | list | `[]` | Additional containers to be added to the repo server pod | +| repoServer.hostNetwork | bool | `false` | Host Network for Repo server pods | +| repoServer.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the repo server | +| repoServer.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the repo server | +| repoServer.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the repo server | +| repoServer.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | +| repoServer.initContainers | list | `[]` | Init containers to add to the repo server pods | +| repoServer.lifecycle | object | `{}` | Specify postStart and preStop lifecycle hooks for your argo-repo-server container | +| repoServer.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| repoServer.livenessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | +| repoServer.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| repoServer.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| repoServer.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| repoServer.metrics.enabled | bool | `false` | Deploy metrics service | +| repoServer.metrics.service.annotations | object | `{}` | Metrics service annotations | +| repoServer.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) | +| repoServer.metrics.service.labels | object | `{}` | Metrics service labels | +| repoServer.metrics.service.portName | string | `"http-metrics"` | Metrics service port name | +| repoServer.metrics.service.servicePort | int | `8084` | Metrics service port | +| repoServer.metrics.service.type | string | `"ClusterIP"` | Metrics service type | +| repoServer.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | +| repoServer.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | +| repoServer.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| repoServer.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | +| repoServer.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval | +| repoServer.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | +| repoServer.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | +| repoServer.metrics.serviceMonitor.relabelings | list | `[]` | Prometheus [RelabelConfigs] to apply to samples before scraping | +| repoServer.metrics.serviceMonitor.scheme | string | `""` | Prometheus ServiceMonitor scheme | +| repoServer.metrics.serviceMonitor.scrapeTimeout | string | `""` | Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. | +| repoServer.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | +| repoServer.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig | +| repoServer.name | string | `"repo-server"` | Repo server name | +| repoServer.networkPolicy.create | bool | `false` (defaults to global.networkPolicy.create) | Default network policy rules used by repo server | +| repoServer.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] | +| repoServer.pdb.annotations | object | `{}` | Annotations to be added to repo server pdb | +| repoServer.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the repo server | +| repoServer.pdb.labels | object | `{}` | Labels to be added to repo server pdb | +| repoServer.pdb.maxUnavailable | string | `""` | Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). | +| repoServer.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) | +| repoServer.podAnnotations | object | `{}` | Annotations to be added to repo server pods | +| repoServer.podLabels | object | `{}` | Labels to be added to repo server pods | +| repoServer.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the repo server pods | +| repoServer.rbac | list | `[]` | Repo server rbac rules | +| repoServer.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| repoServer.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | +| repoServer.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| repoServer.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| repoServer.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| repoServer.replicas | int | `1` | The number of repo server pods to run | +| repoServer.resources | object | `{}` | Resource limits and requests for the repo server pods | +| repoServer.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the repo server | +| repoServer.service.annotations | object | `{}` | Repo server service annotations | +| repoServer.service.labels | object | `{}` | Repo server service labels | +| repoServer.service.port | int | `8081` | Repo server service port | +| repoServer.service.portName | string | `"tcp-repo-server"` | Repo server service port name | +| repoServer.service.trafficDistribution | string | `""` | Traffic distribution preference for the repo server service. If the field is not set, the implementation will apply its default routing strategy. | +| repoServer.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | +| repoServer.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | +| repoServer.serviceAccount.create | bool | `true` | Create repo server service account | +| repoServer.serviceAccount.labels | object | `{}` | Labels applied to created service account | +| repoServer.serviceAccount.name | string | `""` | Repo server service account name | +| repoServer.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | +| repoServer.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | +| repoServer.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the repo server | +| repoServer.useEphemeralHelmWorkingDir | bool | `true` | Toggle the usage of a ephemeral Helm working directory | +| repoServer.volumeMounts | list | `[]` | Additional volumeMounts to the repo server main container | +| repoServer.volumes | list | `[]` | Additional volumes to the repo server pod | + +## Argo Server + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| server.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment | +| server.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account into the pod. | +| server.autoscaling.behavior | object | `{}` | Configures the scaling behavior of the target in both Up and Down directions. | +| server.autoscaling.enabled | bool | `false` | Enable Horizontal Pod Autoscaler ([HPA]) for the Argo CD server | +| server.autoscaling.maxReplicas | int | `5` | Maximum number of replicas for the Argo CD server [HPA] | +| server.autoscaling.metrics | list | `[]` | Configures custom HPA metrics for the Argo CD server Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ | +| server.autoscaling.minReplicas | int | `1` | Minimum number of replicas for the Argo CD server [HPA] | +| server.autoscaling.targetCPUUtilizationPercentage | int | `50` | Average CPU utilization percentage for the Argo CD server [HPA] | +| server.autoscaling.targetMemoryUtilizationPercentage | int | `50` | Average memory utilization percentage for the Argo CD server [HPA] | +| server.backendTLSPolicy.annotations | object | `{}` | Additional BackendTLSPolicy annotations | +| server.backendTLSPolicy.enabled | bool | `false` | Enable BackendTLSPolicy resource for Argo CD server (Gateway API) | +| server.backendTLSPolicy.labels | object | `{}` | Additional BackendTLSPolicy labels | +| server.backendTLSPolicy.targetRefs | list | `[]` (See [values.yaml]) | Target references for the BackendTLSPolicy | +| server.backendTLSPolicy.validation | object | `{}` (See [values.yaml]) | TLS validation configuration | +| server.certificate.additionalHosts | list | `[]` | Certificate Subject Alternate Names (SANs) | +| server.certificate.annotations | object | `{}` | Annotations to be applied to the Server Certificate | +| server.certificate.domain | string | `""` (defaults to global.domain) | Certificate primary domain (commonName) | +| server.certificate.duration | string | `""` (defaults to 2160h = 90d if not specified) | The requested 'duration' (i.e. lifetime) of the certificate. | +| server.certificate.enabled | bool | `false` | Deploy a Certificate resource (requires cert-manager) | +| server.certificate.issuer.group | string | `""` | Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io` | +| server.certificate.issuer.kind | string | `""` | Certificate issuer kind. Either `Issuer` or `ClusterIssuer` | +| server.certificate.issuer.name | string | `""` | Certificate issuer name. Eg. `letsencrypt` | +| server.certificate.privateKey.algorithm | string | `"RSA"` | Algorithm used to generate certificate private key. One of: `RSA`, `Ed25519` or `ECDSA` | +| server.certificate.privateKey.encoding | string | `"PKCS1"` | The private key cryptography standards (PKCS) encoding for private key. Either: `PCKS1` or `PKCS8` | +| server.certificate.privateKey.rotationPolicy | string | `"Never"` | Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always` | +| server.certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. | +| server.certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. | +| server.certificate.secretTemplateAnnotations | object | `{}` | Annotations that allow the certificate to be composed from data residing in existing Kubernetes Resources | +| server.certificate.usages | list | `[]` | Usages for the certificate | +| server.certificateSecret.annotations | object | `{}` | Annotations to be added to argocd-server-tls secret | +| server.certificateSecret.crt | string | `""` | Certificate data | +| server.certificateSecret.enabled | bool | `false` | Create argocd-server-tls secret | +| server.certificateSecret.key | string | `""` | Private Key of the certificate | +| server.certificateSecret.labels | object | `{}` | Labels to be added to argocd-server-tls secret | +| server.clusterRoleRules.enabled | bool | `false` | Enable custom rules for the server's ClusterRole resource | +| server.clusterRoleRules.rules | list | `[]` | List of custom rules for the server's ClusterRole resource | +| server.containerPorts.metrics | int | `8083` | Metrics container port | +| server.containerPorts.server | int | `8080` | Server container port | +| server.containerSecurityContext | object | See [values.yaml] | Server container-level security context | +| server.deploymentAnnotations | object | `{}` | Annotations to be added to server Deployment | +| server.deploymentLabels | object | `{}` | Labels for the server Deployment | +| server.deploymentStrategy | object | `{}` | Deployment strategy to be added to the server Deployment | +| server.dnsConfig | object | `{}` | [DNS configuration] | +| server.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Server pods | +| server.emptyDir.sizeLimit | string | `""` (defaults not set if not specified i.e. no size limit) | EmptyDir size limit for the Argo CD server | +| server.env | list | `[]` | Environment variables to pass to Argo CD server | +| server.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to Argo CD server | +| server.extensions.containerSecurityContext | object | See [values.yaml] | Server UI extensions container-level security context | +| server.extensions.enabled | bool | `false` | Enable support for Argo CD extensions | +| server.extensions.extensionList | list | `[]` (See [values.yaml]) | Extensions for Argo CD | +| server.extensions.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for extensions | +| server.extensions.image.repository | string | `"quay.io/argoprojlabs/argocd-extension-installer"` | Repository to use for extension installer image | +| server.extensions.image.tag | string | `"v0.0.8"` | Tag to use for extension installer image | +| server.extensions.resources | object | `{}` | Resource limits and requests for the argocd-extensions container | +| server.extraArgs | list | `[]` | Additional command line arguments to pass to Argo CD server | +| server.extraContainers | list | `[]` | Additional containers to be added to the server pod | +| server.grpcroute.annotations | object | `{}` | Additional GRPCRoute annotations | +| server.grpcroute.enabled | bool | `false` | Enable GRPCRoute resource for Argo CD server (Gateway API) | +| server.grpcroute.hostnames | list | `[]` (See [values.yaml]) | List of hostnames for the GRPCRoute | +| server.grpcroute.labels | object | `{}` | Additional GRPCRoute labels | +| server.grpcroute.parentRefs | list | `[]` (See [values.yaml]) | Gateway API parentRefs for the GRPCRoute | +| server.grpcroute.rules | list | `[]` (See [values.yaml]) | GRPCRoute rules configuration | +| server.hostNetwork | bool | `false` | Host Network for Server pods | +| server.httproute.annotations | object | `{}` | Additional HTTPRoute annotations | +| server.httproute.enabled | bool | `false` | Enable HTTPRoute resource for Argo CD server (Gateway API) | +| server.httproute.hostnames | list | `[]` (See [values.yaml]) | List of hostnames for the HTTPRoute | +| server.httproute.labels | object | `{}` | Additional HTTPRoute labels | +| server.httproute.parentRefs | list | `[]` (See [values.yaml]) | Gateway API parentRefs for the HTTPRoute | +| server.httproute.rules | list | `[]` (See [values.yaml]) | HTTPRoute rules configuration | +| server.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the Argo CD server | +| server.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the Argo CD server | +| server.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the Argo CD server | +| server.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | +| server.ingress.annotations | object | `{}` | Additional ingress annotations | +| server.ingress.aws.backendProtocolVersion | string | `"GRPC"` | Backend protocol version for the AWS ALB gRPC service | +| server.ingress.aws.serviceType | string | `"NodePort"` | Service type for the AWS ALB gRPC service | +| server.ingress.controller | string | `"generic"` | Specific implementation for ingress controller. One of `generic`, `aws` or `gke` | +| server.ingress.enabled | bool | `false` | Enable an ingress resource for the Argo CD server | +| server.ingress.extraHosts | list | `[]` (See [values.yaml]) | The list of additional hostnames to be covered by ingress record | +| server.ingress.extraPaths | list | `[]` (See [values.yaml]) | Additional ingress paths | +| server.ingress.extraRules | list | `[]` (See [values.yaml]) | Additional ingress rules | +| server.ingress.extraTls | list | `[]` (See [values.yaml]) | Additional TLS configuration | +| server.ingress.gke.backendConfig | object | `{}` (See [values.yaml]) | Google [BackendConfig] resource, for use with the GKE Ingress Controller | +| server.ingress.gke.frontendConfig | object | `{}` (See [values.yaml]) | Google [FrontendConfig] resource, for use with the GKE Ingress Controller | +| server.ingress.gke.managedCertificate.create | bool | `true` | Create ManagedCertificate resource and annotations for Google Load balancer | +| server.ingress.gke.managedCertificate.extraDomains | list | `[]` | Additional domains for ManagedCertificate resource | +| server.ingress.hostname | string | `""` (defaults to global.domain) | Argo CD server hostname | +| server.ingress.ingressClassName | string | `""` | Defines which ingress controller will implement the resource | +| server.ingress.labels | object | `{}` | Additional ingress labels | +| server.ingress.path | string | `"/"` | The path to Argo CD server | +| server.ingress.pathType | string | `"Prefix"` | Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` | +| server.ingress.tls | bool | `false` | Enable TLS configuration for the hostname defined at `server.ingress.hostname` | +| server.ingressGrpc.annotations | object | `{}` | Additional ingress annotations for dedicated [gRPC-ingress] | +| server.ingressGrpc.enabled | bool | `false` | Enable an ingress resource for the Argo CD server for dedicated [gRPC-ingress] | +| server.ingressGrpc.extraHosts | list | `[]` (See [values.yaml]) | The list of additional hostnames to be covered by ingress record | +| server.ingressGrpc.extraPaths | list | `[]` (See [values.yaml]) | Additional ingress paths for dedicated [gRPC-ingress] | +| server.ingressGrpc.extraRules | list | `[]` (See [values.yaml]) | Additional ingress rules | +| server.ingressGrpc.extraTls | list | `[]` (See [values.yaml]) | Additional TLS configuration for dedicated [gRPC-ingress] | +| server.ingressGrpc.hostname | string | `""` (defaults to grpc.`server.ingress.hostname`) | Argo CD server hostname for dedicated [gRPC-ingress] | +| server.ingressGrpc.ingressClassName | string | `""` | Defines which ingress controller will implement the resource [gRPC-ingress] | +| server.ingressGrpc.labels | object | `{}` | Additional ingress labels for dedicated [gRPC-ingress] | +| server.ingressGrpc.path | string | `"/"` | Argo CD server ingress path for dedicated [gRPC-ingress] | +| server.ingressGrpc.pathType | string | `"Prefix"` | Ingress path type for dedicated [gRPC-ingress]. One of `Exact`, `Prefix` or `ImplementationSpecific` | +| server.ingressGrpc.tls | bool | `false` | Enable TLS configuration for the hostname defined at `server.ingressGrpc.hostname` | +| server.initContainers | list | `[]` | Init containers to add to the server pod | +| server.lifecycle | object | `{}` | Specify postStart and preStop lifecycle hooks for your argo-cd-server container | +| server.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| server.livenessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | +| server.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| server.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| server.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| server.metrics.enabled | bool | `false` | Deploy metrics service | +| server.metrics.service.annotations | object | `{}` | Metrics service annotations | +| server.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) | +| server.metrics.service.labels | object | `{}` | Metrics service labels | +| server.metrics.service.portName | string | `"http-metrics"` | Metrics service port name | +| server.metrics.service.servicePort | int | `8083` | Metrics service port | +| server.metrics.service.type | string | `"ClusterIP"` | Metrics service type | +| server.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | +| server.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | +| server.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| server.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | +| server.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval | +| server.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | +| server.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | +| server.metrics.serviceMonitor.relabelings | list | `[]` | Prometheus [RelabelConfigs] to apply to samples before scraping | +| server.metrics.serviceMonitor.scheme | string | `""` | Prometheus ServiceMonitor scheme | +| server.metrics.serviceMonitor.scrapeTimeout | string | `""` | Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. | +| server.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | +| server.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig | +| server.name | string | `"server"` | Argo CD server name | +| server.networkPolicy.create | bool | `false` (defaults to global.networkPolicy.create) | Default network policy rules used by ArgoCD Server | +| server.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] | +| server.pdb.annotations | object | `{}` | Annotations to be added to Argo CD server pdb | +| server.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the Argo CD server | +| server.pdb.labels | object | `{}` | Labels to be added to Argo CD server pdb | +| server.pdb.maxUnavailable | string | `""` | Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). | +| server.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) | +| server.podAnnotations | object | `{}` | Annotations to be added to server pods | +| server.podLabels | object | `{}` | Labels to be added to server pods | +| server.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the Argo CD server pods | +| server.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| server.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | +| server.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| server.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| server.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| server.replicas | int | `1` | The number of server pods to run | +| server.resources | object | `{}` | Resource limits and requests for the Argo CD server | +| server.route.annotations | object | `{}` | Openshift Route annotations | +| server.route.enabled | bool | `false` | Enable an OpenShift Route for the Argo CD server | +| server.route.hostname | string | `""` | Hostname of OpenShift Route | +| server.route.termination_policy | string | `"None"` | Termination policy of Openshift Route | +| server.route.termination_type | string | `"passthrough"` | Termination type of Openshift Route | +| server.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the Argo CD server | +| server.service.annotations | object | `{}` | Server service annotations | +| server.service.externalIPs | list | `[]` | Server service external IPs | +| server.service.externalTrafficPolicy | string | `"Cluster"` | Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints | +| server.service.labels | object | `{}` | Server service labels | +| server.service.loadBalancerClass | string | `""` | The class of the load balancer implementation | +| server.service.loadBalancerIP | string | `""` | LoadBalancer will get created with the IP specified in this field | +| server.service.loadBalancerSourceRanges | list | `[]` | Source IP ranges to allow access to service from | +| server.service.nodePortHttp | int | `30080` | Server service http port for NodePort service type (only if `server.service.type` is set to "NodePort") | +| server.service.nodePortHttps | int | `30443` | Server service https port for NodePort service type (only if `server.service.type` is set to "NodePort") | +| server.service.servicePortHttp | int | `80` | Server service http port | +| server.service.servicePortHttpName | string | `"http"` | Server service http port name, can be used to route traffic via istio | +| server.service.servicePortHttps | int | `443` | Server service https port | +| server.service.servicePortHttpsAppProtocol | string | `""` | Server service https port appProtocol | +| server.service.servicePortHttpsName | string | `"https"` | Server service https port name, can be used to route traffic via istio | +| server.service.sessionAffinity | string | `"None"` | Used to maintain session affinity. Supports `ClientIP` and `None` | +| server.service.type | string | `"ClusterIP"` | Server service type | +| server.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | +| server.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | +| server.serviceAccount.create | bool | `true` | Create server service account | +| server.serviceAccount.labels | object | `{}` | Labels applied to created service account | +| server.serviceAccount.name | string | `"argocd-server"` | Server service account name | +| server.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | +| server.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | +| server.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the Argo CD server | +| server.volumeMounts | list | `[]` | Additional volumeMounts to the server main container | +| server.volumes | list | `[]` | Additional volumes to the server pod | + +## Dex + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| dex.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment | +| dex.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account into the pod. | +| dex.certificateSecret.annotations | object | `{}` | Annotations to be added to argocd-dex-server-tls secret | +| dex.certificateSecret.ca | string | `""` | Certificate authority. Required for self-signed certificates. | +| dex.certificateSecret.crt | string | `""` | Certificate data. Must contain SANs of Dex service (ie: argocd-dex-server, argocd-dex-server.argo-cd.svc) | +| dex.certificateSecret.enabled | bool | `false` | Create argocd-dex-server-tls secret | +| dex.certificateSecret.key | string | `""` | Certificate private key | +| dex.certificateSecret.labels | object | `{}` | Labels to be added to argocd-dex-server-tls secret | +| dex.containerPorts.grpc | int | `5557` | gRPC container port | +| dex.containerPorts.http | int | `5556` | HTTP container port | +| dex.containerPorts.metrics | int | `5558` | Metrics container port | +| dex.containerSecurityContext | object | See [values.yaml] | Dex container-level security context | +| dex.deploymentAnnotations | object | `{}` | Annotations to be added to the Dex server Deployment | +| dex.deploymentLabels | object | `{}` | Labels for the Dex server Deployment | +| dex.deploymentStrategy | object | `{}` | Deployment strategy to be added to the Dex server Deployment | +| dex.dnsConfig | object | `{}` | [DNS configuration] | +| dex.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Dex server pods | +| dex.emptyDir.sizeLimit | string | `""` (defaults not set if not specified i.e. no size limit) | EmptyDir size limit for Dex server | +| dex.enabled | bool | `true` | Enable dex | +| dex.env | list | `[]` | Environment variables to pass to the Dex server | +| dex.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to the Dex server | +| dex.extraArgs | list | `[]` | Additional command line arguments to pass to the Dex server | +| dex.extraContainers | list | `[]` | Additional containers to be added to the dex pod | +| dex.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Dex imagePullPolicy | +| dex.image.repository | string | `"ghcr.io/dexidp/dex"` | Dex image repository | +| dex.image.tag | string | `"v2.44.0"` | Dex image tag | +| dex.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | +| dex.initContainers | list | `[]` | Init containers to add to the dex pod | +| dex.initImage.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Argo CD init image imagePullPolicy | +| dex.initImage.repository | string | `""` (defaults to global.image.repository) | Argo CD init image repository | +| dex.initImage.resources | object | `{}` (defaults to dex.resources) | Argo CD init image resources | +| dex.initImage.tag | string | `""` (defaults to global.image.tag) | Argo CD init image tag | +| dex.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Dex >= 2.28.0 | +| dex.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| dex.livenessProbe.httpPath | string | `"/healthz/live"` | Http path to use for the liveness probe | +| dex.livenessProbe.httpPort | string | `"metrics"` | Http port to use for the liveness probe | +| dex.livenessProbe.httpScheme | string | `"HTTP"` | Scheme to use for for the liveness probe (can be HTTP or HTTPS) | +| dex.livenessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | +| dex.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| dex.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| dex.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| dex.metrics.enabled | bool | `false` | Deploy metrics service | +| dex.metrics.service.annotations | object | `{}` | Metrics service annotations | +| dex.metrics.service.labels | object | `{}` | Metrics service labels | +| dex.metrics.service.portName | string | `"http-metrics"` | Metrics service port name | +| dex.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | +| dex.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | +| dex.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| dex.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | +| dex.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval | +| dex.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | +| dex.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | +| dex.metrics.serviceMonitor.relabelings | list | `[]` | Prometheus [RelabelConfigs] to apply to samples before scraping | +| dex.metrics.serviceMonitor.scheme | string | `""` | Prometheus ServiceMonitor scheme | +| dex.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | +| dex.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig | +| dex.name | string | `"dex-server"` | Dex name | +| dex.networkPolicy.create | bool | `false` (defaults to global.networkPolicy.create) | Default network policy rules used by Dex server | +| dex.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] | +| dex.pdb.annotations | object | `{}` | Annotations to be added to Dex server pdb | +| dex.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the Dex server | +| dex.pdb.labels | object | `{}` | Labels to be added to Dex server pdb | +| dex.pdb.maxUnavailable | string | `""` | Number of pods that are unavailble after eviction as number or percentage (eg.: 50%). | +| dex.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) | +| dex.podAnnotations | object | `{}` | Annotations to be added to the Dex server pods | +| dex.podLabels | object | `{}` | Labels to be added to the Dex server pods | +| dex.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the dex pods | +| dex.readinessProbe.enabled | bool | `false` | Enable Kubernetes readiness probe for Dex >= 2.28.0 | +| dex.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| dex.readinessProbe.httpPath | string | `"/healthz/ready"` | Http path to use for the readiness probe | +| dex.readinessProbe.httpPort | string | `"metrics"` | Http port to use for the readiness probe | +| dex.readinessProbe.httpScheme | string | `"HTTP"` | Scheme to use for for the liveness probe (can be HTTP or HTTPS) | +| dex.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | +| dex.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| dex.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| dex.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| dex.resources | object | `{}` | Resource limits and requests for dex | +| dex.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for Dex | +| dex.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | +| dex.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | +| dex.serviceAccount.create | bool | `true` | Create dex service account | +| dex.serviceAccount.name | string | `"argocd-dex-server"` | Dex service account name | +| dex.servicePortGrpc | int | `5557` | Service port for gRPC access | +| dex.servicePortGrpcName | string | `"grpc"` | Service port name for gRPC access | +| dex.servicePortHttp | int | `5556` | Service port for HTTP access | +| dex.servicePortHttpName | string | `"http"` | Service port name for HTTP access | +| dex.servicePortMetrics | int | `5558` | Service port for metrics access | +| dex.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | +| dex.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | +| dex.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to dex | +| dex.volumeMounts | list | `[]` | Additional volumeMounts to the dex main container | +| dex.volumes | list | `[]` | Additional volumes to the dex pod | + +## Redis + +### Option 1 - Single Redis instance (default option) + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| redis.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment | +| redis.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account into the pod. | +| redis.containerPorts.metrics | int | `9121` | Metrics container port | +| redis.containerPorts.redis | int | `6379` | Redis container port | +| redis.containerSecurityContext | object | See [values.yaml] | Redis container-level security context | +| redis.deploymentAnnotations | object | `{}` | Annotations to be added to the Redis server Deployment | +| redis.deploymentLabels | object | `{}` | Labels for the Redis server Deployment | +| redis.dnsConfig | object | `{}` | [DNS configuration] | +| redis.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Redis server pods | +| redis.enabled | bool | `true` | Enable redis | +| redis.env | list | `[]` | Environment variables to pass to the Redis server | +| redis.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to the Redis server | +| redis.exporter.containerSecurityContext | object | See [values.yaml] | Redis exporter security context | +| redis.exporter.enabled | bool | `false` | Enable Prometheus redis-exporter sidecar | +| redis.exporter.env | list | `[]` | Environment variables to pass to the Redis exporter | +| redis.exporter.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the redis-exporter | +| redis.exporter.image.repository | string | `"ghcr.io/oliver006/redis_exporter"` | Repository to use for the redis-exporter | +| redis.exporter.image.tag | string | `"v1.78.0"` | Tag to use for the redis-exporter | +| redis.exporter.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis exporter | +| redis.exporter.livenessProbe.failureThreshold | int | `5` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| redis.exporter.livenessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before [probe] is initiated | +| redis.exporter.livenessProbe.periodSeconds | int | `15` | How often (in seconds) to perform the [probe] | +| redis.exporter.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| redis.exporter.livenessProbe.timeoutSeconds | int | `15` | Number of seconds after which the [probe] times out | +| redis.exporter.readinessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis exporter (optional) | +| redis.exporter.readinessProbe.failureThreshold | int | `5` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| redis.exporter.readinessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before [probe] is initiated | +| redis.exporter.readinessProbe.periodSeconds | int | `15` | How often (in seconds) to perform the [probe] | +| redis.exporter.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| redis.exporter.readinessProbe.timeoutSeconds | int | `15` | Number of seconds after which the [probe] times out | +| redis.exporter.resources | object | `{}` | Resource limits and requests for redis-exporter sidecar | +| redis.extraArgs | list | `[]` | Additional command line arguments to pass to redis-server | +| redis.extraContainers | list | `[]` | Additional containers to be added to the redis pod | +| redis.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Redis image pull policy | +| redis.image.repository | string | `"ecr-public.aws.com/docker/library/redis"` | Redis repository | +| redis.image.tag | string | `"7.2.11-alpine"` | Redis tag | +| redis.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | +| redis.initContainers | list | `[]` | Init containers to add to the redis pod | +| redis.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis server | +| redis.livenessProbe.failureThreshold | int | `5` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| redis.livenessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before [probe] is initiated | +| redis.livenessProbe.periodSeconds | int | `15` | How often (in seconds) to perform the [probe] | +| redis.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| redis.livenessProbe.timeoutSeconds | int | `15` | Number of seconds after which the [probe] times out | +| redis.metrics.enabled | bool | `false` | Deploy metrics service | +| redis.metrics.service.annotations | object | `{}` | Metrics service annotations | +| redis.metrics.service.clusterIP | string | `"None"` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) | +| redis.metrics.service.labels | object | `{}` | Metrics service labels | +| redis.metrics.service.portName | string | `"http-metrics"` | Metrics service port name | +| redis.metrics.service.servicePort | int | `9121` | Metrics service port | +| redis.metrics.service.type | string | `"ClusterIP"` | Metrics service type | +| redis.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | +| redis.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | +| redis.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| redis.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | +| redis.metrics.serviceMonitor.interval | string | `"30s"` | Interval at which metrics should be scraped | +| redis.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | +| redis.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | +| redis.metrics.serviceMonitor.relabelings | list | `[]` | Prometheus [RelabelConfigs] to apply to samples before scraping | +| redis.metrics.serviceMonitor.scheme | string | `""` | Prometheus ServiceMonitor scheme | +| redis.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | +| redis.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig | +| redis.name | string | `"redis"` | Redis name | +| redis.networkPolicy.create | bool | `false` (defaults to global.networkPolicy.create) | Default network policy rules used by redis | +| redis.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] | +| redis.pdb.annotations | object | `{}` | Annotations to be added to Redis pdb | +| redis.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the Redis | +| redis.pdb.labels | object | `{}` | Labels to be added to Redis pdb | +| redis.pdb.maxUnavailable | string | `""` | Number of pods that are unavailble after eviction as number or percentage (eg.: 50%). | +| redis.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) | +| redis.podAnnotations | object | `{}` | Annotations to be added to the Redis server pods | +| redis.podLabels | object | `{}` | Labels to be added to the Redis server pods | +| redis.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for redis pods | +| redis.readinessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis server | +| redis.readinessProbe.failureThreshold | int | `5` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| redis.readinessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before [probe] is initiated | +| redis.readinessProbe.periodSeconds | int | `15` | How often (in seconds) to perform the [probe] | +| redis.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| redis.readinessProbe.timeoutSeconds | int | `15` | Number of seconds after which the [probe] times out | +| redis.resources | object | `{}` | Resource limits and requests for redis | +| redis.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for redis | +| redis.securityContext | object | See [values.yaml] | Redis pod-level security context | +| redis.service.annotations | object | `{}` | Redis service annotations | +| redis.service.labels | object | `{}` | Additional redis service labels | +| redis.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | +| redis.serviceAccount.automountServiceAccountToken | bool | `false` | Automount API credentials for the Service Account | +| redis.serviceAccount.create | bool | `false` | Create a service account for the redis pod | +| redis.serviceAccount.name | string | `""` | Service account name for redis pod | +| redis.servicePort | int | `6379` | Redis service port | +| redis.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | +| redis.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | +| redis.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to redis | +| redis.volumeMounts | list | `[]` | Additional volumeMounts to the redis container | +| redis.volumes | list | `[]` | Additional volumes to the redis pod | + +### Option 2 - Redis HA + +This option uses the following third-party chart to bootstrap a clustered Redis: https://github.com/DandyDeveloper/charts/tree/master/charts/redis-ha. +For all available configuration options, please read upstream README and/or chart source. +The main options are listed here: + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| redis-ha.additionalAffinities | object | `{}` | Additional affinities to add to the Redis server pods. | +| redis-ha.affinity | string | `""` | Assign custom [affinity] rules to the Redis pods. | +| redis-ha.auth | bool | `true` | Configures redis-ha with AUTH | +| redis-ha.containerSecurityContext | object | See [values.yaml] | Redis HA statefulset container-level security context | +| redis-ha.enabled | bool | `false` | Enables the Redis HA subchart and disables the custom Redis single node deployment | +| redis-ha.existingSecret | string | `"argocd-redis"` | Existing Secret to use for redis-ha authentication. By default the redis-secret-init Job is generating this Secret. | +| redis-ha.exporter.enabled | bool | `false` | Enable Prometheus redis-exporter sidecar | +| redis-ha.exporter.image | string | `"ghcr.io/oliver006/redis_exporter"` | Repository to use for the redis-exporter | +| redis-ha.exporter.tag | string | `"v1.75.0"` | Tag to use for the redis-exporter | +| redis-ha.haproxy.additionalAffinities | object | `{}` | Additional affinities to add to the haproxy pods. | +| redis-ha.haproxy.affinity | string | `""` | Assign custom [affinity] rules to the haproxy pods. | +| redis-ha.haproxy.containerSecurityContext | object | See [values.yaml] | HAProxy container-level security context | +| redis-ha.haproxy.enabled | bool | `true` | Enabled HAProxy LoadBalancing/Proxy | +| redis-ha.haproxy.hardAntiAffinity | bool | `true` | Whether the haproxy pods should be forced to run on separate nodes. | +| redis-ha.haproxy.image.repository | string | `"ecr-public.aws.com/docker/library/haproxy"` | HAProxy Image Repository | +| redis-ha.haproxy.labels | object | `{"app.kubernetes.io/name":"argocd-redis-ha-haproxy"}` | Custom labels for the haproxy pod. This is relevant for Argo CD CLI. | +| redis-ha.haproxy.metrics.enabled | bool | `true` | HAProxy enable prometheus metric scraping | +| redis-ha.haproxy.tolerations | list | `[]` | [Tolerations] for use with node taints for haproxy pods. | +| redis-ha.hardAntiAffinity | bool | `true` | Whether the Redis server pods should be forced to run on separate nodes. | +| redis-ha.image.repository | string | `"ecr-public.aws.com/docker/library/redis"` | Redis repository | +| redis-ha.image.tag | string | `"7.2.11-alpine"` | Redis tag | +| redis-ha.persistentVolume.enabled | bool | `false` | Configures persistence on Redis nodes | +| redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) | +| redis-ha.redis.config.save | string | `'""'` | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled | +| redis-ha.redis.masterGroupName | string | `"argocd"` | Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated | +| redis-ha.tolerations | list | `[]` | [Tolerations] for use with node taints for Redis pods. | +| redis-ha.topologySpreadConstraints | object | `{"enabled":false,"maxSkew":"","topologyKey":"","whenUnsatisfiable":""}` | Assign custom [TopologySpreadConstraints] rules to the Redis pods. | +| redis-ha.topologySpreadConstraints.enabled | bool | `false` | Enable Redis HA topology spread constraints | +| redis-ha.topologySpreadConstraints.maxSkew | string | `""` (defaults to `1`) | Max skew of pods tolerated | +| redis-ha.topologySpreadConstraints.topologyKey | string | `""` (defaults to `topology.kubernetes.io/zone`) | Topology key for spread | +| redis-ha.topologySpreadConstraints.whenUnsatisfiable | string | `""` (defaults to `ScheduleAnyway`) | Enforcement policy, hard or soft | +| redis-ha.exporter.image | string | `nil` (follows subchart default) | Exporter image | +| redis-ha.exporter.tag | string | `nil` (follows subchart default) | Exporter tag | +| redis-ha.haproxy.image.repository | string | `nil` (follows subchart default) | HAProxy Image Repository | +| redis-ha.haproxy.image.tag | string | `nil` (follows subchart default) | HAProxy Image Tag | +| redis-ha.image.repository | string | `nil` (follows subchart default) | Redis image repository | + +### Option 3 - External Redis + +If you want to use an existing Redis (eg. a managed service from a cloud provider), you can use these parameters: + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| externalRedis.existingSecret | string | `""` | The name of an existing secret with Redis (must contain key `redis-password`. And should contain `redis-username` if username is not `default`) and Sentinel credentials. When it's set, the `externalRedis.username` and `externalRedis.password` parameters are ignored | +| externalRedis.host | string | `""` | External Redis server host | +| externalRedis.password | string | `""` | External Redis password | +| externalRedis.port | int | `6379` | External Redis server port | +| externalRedis.secretAnnotations | object | `{}` | External Redis Secret annotations | +| externalRedis.username | string | `""` | External Redis username | + +### Redis secret-init + +The helm chart deploys a Job to setup a random password which is used to secure the Redis. The Redis password is stored in Kubernetes secret `argocd-redis` with key `auth` in the namespace where Argo CD is installed. +If you use an External Redis (See Option 3 above), this Job is not deployed. + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| redisSecretInit.affinity | object | `{}` | Assign custom [affinity] rules to the Redis secret-init Job | +| redisSecretInit.containerSecurityContext | object | See [values.yaml] | Application controller container-level security context | +| redisSecretInit.enabled | bool | `true` | Enable Redis secret initialization. If disabled, secret must be provisioned by alternative methods | +| redisSecretInit.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the Redis secret-init Job | +| redisSecretInit.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the Redis secret-init Job | +| redisSecretInit.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the Redis secret-init Job | +| redisSecretInit.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | +| redisSecretInit.jobAnnotations | object | `{}` | Annotations to be added to the Redis secret-init Job | +| redisSecretInit.name | string | `"redis-secret-init"` | Redis secret-init name | +| redisSecretInit.nodeSelector | object | `{}` (defaults to global.nodeSelector) | Node selector to be added to the Redis secret-init Job | +| redisSecretInit.podAnnotations | object | `{}` | Annotations to be added to the Redis secret-init Job | +| redisSecretInit.podLabels | object | `{}` | Labels to be added to the Redis secret-init Job | +| redisSecretInit.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for Redis secret-init Job | +| redisSecretInit.resources | object | `{}` | Resource limits and requests for Redis secret-init Job | +| redisSecretInit.securityContext | object | `{}` | Redis secret-init Job pod-level security context | +| redisSecretInit.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | +| redisSecretInit.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | +| redisSecretInit.serviceAccount.create | bool | `true` | Create a service account for the redis pod | +| redisSecretInit.serviceAccount.name | string | `""` | Service account name for redis pod | +| redisSecretInit.tolerations | list | `[]` (defaults to global.tolerations) | Tolerations to be added to the Redis secret-init Job | + +## ApplicationSet + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| applicationSet.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules | +| applicationSet.allowAnyNamespace | bool | `false` | Enable ApplicationSet in any namespace feature | +| applicationSet.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account into the pod. | +| applicationSet.certificate.additionalHosts | list | `[]` | Certificate Subject Alternate Names (SANs) | +| applicationSet.certificate.annotations | object | `{}` | Annotations to be applied to the ApplicationSet Certificate | +| applicationSet.certificate.domain | string | `""` (defaults to global.domain) | Certificate primary domain (commonName) | +| applicationSet.certificate.duration | string | `""` (defaults to 2160h = 90d if not specified) | The requested 'duration' (i.e. lifetime) of the certificate. | +| applicationSet.certificate.enabled | bool | `false` | Deploy a Certificate resource (requires cert-manager) | +| applicationSet.certificate.issuer.group | string | `""` | Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io` | +| applicationSet.certificate.issuer.kind | string | `""` | Certificate issuer kind. Either `Issuer` or `ClusterIssuer` | +| applicationSet.certificate.issuer.name | string | `""` | Certificate issuer name. Eg. `letsencrypt` | +| applicationSet.certificate.privateKey.algorithm | string | `"RSA"` | Algorithm used to generate certificate private key. One of: `RSA`, `Ed25519` or `ECDSA` | +| applicationSet.certificate.privateKey.encoding | string | `"PKCS1"` | The private key cryptography standards (PKCS) encoding for private key. Either: `PCKS1` or `PKCS8` | +| applicationSet.certificate.privateKey.rotationPolicy | string | `"Never"` | Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always` | +| applicationSet.certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. | +| applicationSet.certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. | +| applicationSet.containerPorts.metrics | int | `8080` | Metrics container port | +| applicationSet.containerPorts.probe | int | `8081` | Probe container port | +| applicationSet.containerPorts.webhook | int | `7000` | Webhook container port | +| applicationSet.containerSecurityContext | object | See [values.yaml] | ApplicationSet controller container-level security context | +| applicationSet.deploymentAnnotations | object | `{}` | Annotations to be added to ApplicationSet controller Deployment | +| applicationSet.deploymentLabels | object | `{}` | Labels for the ApplicationSet controller Deployment | +| applicationSet.deploymentStrategy | object | `{}` | Deployment strategy to be added to the ApplicationSet controller Deployment | +| applicationSet.dnsConfig | object | `{}` | [DNS configuration] | +| applicationSet.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for ApplicationSet controller pods | +| applicationSet.emptyDir.sizeLimit | string | `""` (defaults not set if not specified i.e. no size limit) | EmptyDir size limit for applicationSet controller | +| applicationSet.extraArgs | list | `[]` | ApplicationSet controller command line flags | +| applicationSet.extraContainers | list | `[]` | Additional containers to be added to the ApplicationSet controller pod | +| applicationSet.extraEnv | list | `[]` | Environment variables to pass to the ApplicationSet controller | +| applicationSet.extraEnvFrom | list | `[]` (See [values.yaml]) | envFrom to pass to the ApplicationSet controller | +| applicationSet.extraVolumeMounts | list | `[]` | List of extra mounts to add (normally used with extraVolumes) | +| applicationSet.extraVolumes | list | `[]` | List of extra volumes to add | +| applicationSet.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the ApplicationSet controller | +| applicationSet.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the ApplicationSet controller | +| applicationSet.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the ApplicationSet controller | +| applicationSet.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | If defined, uses a Secret to pull an image from a private Docker registry or repository. | +| applicationSet.ingress.annotations | object | `{}` | Additional ingress annotations | +| applicationSet.ingress.enabled | bool | `false` | Enable an ingress resource for ApplicationSet webhook | +| applicationSet.ingress.extraHosts | list | `[]` (See [values.yaml]) | The list of additional hostnames to be covered by ingress record | +| applicationSet.ingress.extraPaths | list | `[]` (See [values.yaml]) | Additional ingress paths | +| applicationSet.ingress.extraRules | list | `[]` (See [values.yaml]) | Additional ingress rules | +| applicationSet.ingress.extraTls | list | `[]` (See [values.yaml]) | Additional ingress TLS configuration | +| applicationSet.ingress.hostname | string | `""` (defaults to global.domain) | Argo CD ApplicationSet hostname | +| applicationSet.ingress.ingressClassName | string | `""` | Defines which ingress ApplicationSet controller will implement the resource | +| applicationSet.ingress.labels | object | `{}` | Additional ingress labels | +| applicationSet.ingress.path | string | `"/api/webhook"` | List of ingress paths | +| applicationSet.ingress.pathType | string | `"Prefix"` | Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` | +| applicationSet.ingress.tls | bool | `false` | Enable TLS configuration for the hostname defined at `applicationSet.webhook.ingress.hostname` | +| applicationSet.initContainers | list | `[]` | Init containers to add to the ApplicationSet controller pod | +| applicationSet.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for ApplicationSet controller | +| applicationSet.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| applicationSet.livenessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | +| applicationSet.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| applicationSet.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| applicationSet.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| applicationSet.metrics.enabled | bool | `false` | Deploy metrics service | +| applicationSet.metrics.service.annotations | object | `{}` | Metrics service annotations | +| applicationSet.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) | +| applicationSet.metrics.service.labels | object | `{}` | Metrics service labels | +| applicationSet.metrics.service.portName | string | `"http-metrics"` | Metrics service port name | +| applicationSet.metrics.service.servicePort | int | `8080` | Metrics service port | +| applicationSet.metrics.service.type | string | `"ClusterIP"` | Metrics service type | +| applicationSet.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | +| applicationSet.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | +| applicationSet.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| applicationSet.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | +| applicationSet.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval | +| applicationSet.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | +| applicationSet.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | +| applicationSet.metrics.serviceMonitor.relabelings | list | `[]` | Prometheus [RelabelConfigs] to apply to samples before scraping | +| applicationSet.metrics.serviceMonitor.scheme | string | `""` | Prometheus ServiceMonitor scheme | +| applicationSet.metrics.serviceMonitor.scrapeTimeout | string | `""` | Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. | +| applicationSet.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | +| applicationSet.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig | +| applicationSet.name | string | `"applicationset-controller"` | ApplicationSet controller name string | +| applicationSet.networkPolicy.create | bool | `false` (defaults to global.networkPolicy.create) | Default network policy rules used by ApplicationSet controller | +| applicationSet.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] | +| applicationSet.pdb.annotations | object | `{}` | Annotations to be added to ApplicationSet controller pdb | +| applicationSet.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the ApplicationSet controller | +| applicationSet.pdb.labels | object | `{}` | Labels to be added to ApplicationSet controller pdb | +| applicationSet.pdb.maxUnavailable | string | `""` | Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). | +| applicationSet.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) | +| applicationSet.podAnnotations | object | `{}` | Annotations for the ApplicationSet controller pods | +| applicationSet.podLabels | object | `{}` | Labels for the ApplicationSet controller pods | +| applicationSet.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the ApplicationSet controller pods | +| applicationSet.readinessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for ApplicationSet controller | +| applicationSet.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| applicationSet.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | +| applicationSet.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| applicationSet.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| applicationSet.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| applicationSet.replicas | int | `1` | The number of ApplicationSet controller pods to run | +| applicationSet.resources | object | `{}` | Resource limits and requests for the ApplicationSet controller pods. | +| applicationSet.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the ApplicationSet controller | +| applicationSet.service.annotations | object | `{}` | ApplicationSet service annotations | +| applicationSet.service.labels | object | `{}` | ApplicationSet service labels | +| applicationSet.service.port | int | `7000` | ApplicationSet service port | +| applicationSet.service.portName | string | `"http-webhook"` | ApplicationSet service port name | +| applicationSet.service.type | string | `"ClusterIP"` | ApplicationSet service type | +| applicationSet.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | +| applicationSet.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | +| applicationSet.serviceAccount.create | bool | `true` | Create ApplicationSet controller service account | +| applicationSet.serviceAccount.labels | object | `{}` | Labels applied to created service account | +| applicationSet.serviceAccount.name | string | `"argocd-applicationset-controller"` | ApplicationSet controller service account name | +| applicationSet.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | +| applicationSet.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | +| applicationSet.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the ApplicationSet controller | + +## Notifications + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| notifications.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules | +| notifications.argocdUrl | string | `""` (defaults to https://`global.domain`) | Argo CD dashboard url; used in place of {{.context.argocdUrl}} in templates | +| notifications.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account into the pod. | +| notifications.clusterRoleRules.rules | list | `[]` | List of custom rules for the notifications controller's ClusterRole resource | +| notifications.cm.create | bool | `true` | Whether helm chart creates notifications controller config map | +| notifications.containerPorts.metrics | int | `9001` | Metrics container port | +| notifications.containerSecurityContext | object | See [values.yaml] | Notification controller container-level security Context | +| notifications.context | object | `{}` | Define user-defined context | +| notifications.deploymentAnnotations | object | `{}` | Annotations to be applied to the notifications controller Deployment | +| notifications.deploymentLabels | object | `{}` | Labels for the notifications controller Deployment | +| notifications.deploymentStrategy | object | `{"type":"Recreate"}` | Deployment strategy to be added to the notifications controller Deployment | +| notifications.dnsConfig | object | `{}` | [DNS configuration] | +| notifications.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for notifications controller Pods | +| notifications.enabled | bool | `true` | Enable notifications controller | +| notifications.extraArgs | list | `[]` | Extra arguments to provide to the notifications controller | +| notifications.extraContainers | list | `[]` | Additional containers to be added to the notifications controller pod | +| notifications.extraEnv | list | `[]` | Additional container environment variables | +| notifications.extraEnvFrom | list | `[]` (See [values.yaml]) | envFrom to pass to the notifications controller | +| notifications.extraVolumeMounts | list | `[]` | List of extra mounts to add (normally used with extraVolumes) | +| notifications.extraVolumes | list | `[]` | List of extra volumes to add | +| notifications.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the notifications controller | +| notifications.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the notifications controller | +| notifications.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the notifications controller | +| notifications.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | +| notifications.initContainers | list | `[]` | Init containers to add to the notifications controller pod | +| notifications.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for notifications controller Pods | +| notifications.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| notifications.livenessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | +| notifications.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| notifications.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| notifications.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| notifications.metrics.enabled | bool | `false` | Enables prometheus metrics server | +| notifications.metrics.port | int | `9001` | Metrics port | +| notifications.metrics.service.annotations | object | `{}` | Metrics service annotations | +| notifications.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) | +| notifications.metrics.service.labels | object | `{}` | Metrics service labels | +| notifications.metrics.service.portName | string | `"http-metrics"` | Metrics service port name | +| notifications.metrics.service.type | string | `"ClusterIP"` | Metrics service type | +| notifications.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | +| notifications.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | +| notifications.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| notifications.metrics.serviceMonitor.honorLabels | bool | `false` | When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. | +| notifications.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | +| notifications.metrics.serviceMonitor.relabelings | list | `[]` | Prometheus [RelabelConfigs] to apply to samples before scraping | +| notifications.metrics.serviceMonitor.scheme | string | `""` | Prometheus ServiceMonitor scheme | +| notifications.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | +| notifications.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig | +| notifications.name | string | `"notifications-controller"` | Notifications controller name string | +| notifications.networkPolicy.create | bool | `false` (defaults to global.networkPolicy.create) | Default network policy rules used by notifications controller | +| notifications.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] | +| notifications.notifiers | object | See [values.yaml] | Configures notification services such as slack, email or custom webhook | +| notifications.pdb.annotations | object | `{}` | Annotations to be added to notifications controller pdb | +| notifications.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the notifications controller | +| notifications.pdb.labels | object | `{}` | Labels to be added to notifications controller pdb | +| notifications.pdb.maxUnavailable | string | `""` | Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). | +| notifications.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) | +| notifications.podAnnotations | object | `{}` | Annotations to be applied to the notifications controller Pods | +| notifications.podLabels | object | `{}` | Labels to be applied to the notifications controller Pods | +| notifications.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the notifications controller pods | +| notifications.readinessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for notifications controller Pods | +| notifications.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| notifications.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | +| notifications.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| notifications.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| notifications.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| notifications.resources | object | `{}` | Resource limits and requests for the notifications controller | +| notifications.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the notifications controller | +| notifications.secret.annotations | object | `{}` | key:value pairs of annotations to be added to the secret | +| notifications.secret.create | bool | `true` | Whether helm chart creates notifications controller secret | +| notifications.secret.items | object | `{}` | Generic key:value pairs to be inserted into the secret | +| notifications.secret.labels | object | `{}` | key:value pairs of labels to be added to the secret | +| notifications.secret.name | string | `"argocd-notifications-secret"` | notifications controller Secret name | +| notifications.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | +| notifications.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | +| notifications.serviceAccount.create | bool | `true` | Create notifications controller service account | +| notifications.serviceAccount.labels | object | `{}` | Labels applied to created service account | +| notifications.serviceAccount.name | string | `"argocd-notifications-controller"` | Notification controller service account name | +| notifications.subscriptions | list | `[]` | Contains centrally managed global application subscriptions | +| notifications.templates | object | `{}` | The notification template is used to generate the notification content | +| notifications.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | +| notifications.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | +| notifications.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the application controller | +| notifications.triggers | object | `{}` | The trigger defines the condition when the notification should be sent | + +## Commit server (Manifest Hydrator) + +The Argo CD Commit Server provides push access to git repositories for hydrated manifests. + +To read more about this component, please read [Argo CD Manifest Hydrator] and [Manifest Hydrator]. + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| commitServer.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules | +| commitServer.automountServiceAccountToken | bool | `false` | Automount API credentials for the Service Account into the pod. | +| commitServer.containerSecurityContext | object | See [values.yaml] | commit server container-level security context | +| commitServer.deploymentAnnotations | object | `{}` | Annotations to be added to commit server Deployment | +| commitServer.deploymentLabels | object | `{}` | Labels for the commit server Deployment | +| commitServer.deploymentStrategy | object | `{}` | Deployment strategy to be added to the commit server Deployment | +| commitServer.dnsConfig | object | `{}` | [DNS configuration] | +| commitServer.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for commit server pods | +| commitServer.enabled | bool | `false` | Enable commit server | +| commitServer.extraArgs | list | `[]` | commit server command line flags | +| commitServer.extraEnv | list | `[]` | Environment variables to pass to the commit server | +| commitServer.extraEnvFrom | list | `[]` (See [values.yaml]) | envFrom to pass to the commit server | +| commitServer.extraVolumeMounts | list | `[]` | List of extra mounts to add (normally used with extraVolumes) | +| commitServer.extraVolumes | list | `[]` | List of extra volumes to add | +| commitServer.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the commit server | +| commitServer.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the commit server | +| commitServer.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the commit server | +| commitServer.livenessProbe.enabled | bool | `true` | Enable Kubernetes liveness probe for commit server | +| commitServer.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| commitServer.livenessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before [probe] is initiated | +| commitServer.livenessProbe.periodSeconds | int | `30` | How often (in seconds) to perform the [probe] | +| commitServer.livenessProbe.timeoutSeconds | int | `5` | Number of seconds after which the [probe] times out | +| commitServer.metrics.enabled | bool | `false` | Enables prometheus metrics server | +| commitServer.metrics.service.annotations | object | `{}` | Metrics service annotations | +| commitServer.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) | +| commitServer.metrics.service.labels | object | `{}` | Metrics service labels | +| commitServer.metrics.service.portName | string | `"metrics"` | Metrics service port name | +| commitServer.metrics.service.servicePort | int | `8087` | Metrics service port | +| commitServer.metrics.service.type | string | `"ClusterIP"` | Metrics service type | +| commitServer.name | string | `"commit-server"` | Commit server name | +| commitServer.networkPolicy.create | bool | `false` (defaults to global.networkPolicy.create) | Default network policy rules used by commit server | +| commitServer.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] | +| commitServer.podAnnotations | object | `{}` | Annotations for the commit server pods | +| commitServer.podLabels | object | `{}` | Labels for the commit server pods | +| commitServer.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the commit server pods | +| commitServer.readinessProbe.enabled | bool | `true` | Enable Kubernetes liveness probe for commit server | +| commitServer.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| commitServer.readinessProbe.initialDelaySeconds | int | `5` | Number of seconds after the container has started before [probe] is initiated | +| commitServer.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| commitServer.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| commitServer.resources | object | `{}` | Resource limits and requests for the commit server pods. | +| commitServer.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the commit server | +| commitServer.service.annotations | object | `{}` | commit server service annotations | +| commitServer.service.labels | object | `{}` | commit server service labels | +| commitServer.service.port | int | `8086` | commit server service port | +| commitServer.service.portName | string | `"server"` | commit server service port name | +| commitServer.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | +| commitServer.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | +| commitServer.serviceAccount.create | bool | `true` | Create commit server service account | +| commitServer.serviceAccount.labels | object | `{}` | Labels applied to created service account | +| commitServer.serviceAccount.name | string | `"argocd-commit-server"` | commit server service account name | +| commitServer.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook | +| commitServer.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints | +| commitServer.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the commit server | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) + +[Argo CD RBAC policy]: https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/ +[affinity]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ +[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#backendconfigspec_v1beta1_cloudgooglecom +[CSS styles]: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/ +[changelog]: https://artifacthub.io/packages/helm/argo/argo-cd?modal=changelog +[Chart Hooks]: https://helm.sh/docs/topics/charts_hooks/ +[DNS configuration]: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ +[external cluster credentials]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters +[FAQ]: https://argo-cd.readthedocs.io/en/stable/faq/ +[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#configuring_ingress_features_through_frontendconfig_parameters +[declarative setup]: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup +[gRPC-ingress]: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/ +[GnuPG]: https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/ +[HPA]: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ +[MetricRelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs +[Node selector]: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector +[PodDisruptionBudget]: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/#pod-disruption-budgets +[probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes +[RelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config +[Tolerations]: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ +[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ +[values.yaml]: values.yaml +[v2.2 to 2.3 upgrade instructions]: https://github.com/argoproj/argo-cd/blob/v2.3.0/docs/operator-manual/upgrading/2.2-2.3.md +[tini]: https://github.com/argoproj/argo-cd/pull/12707 +[EKS EoL]: https://endoflife.date/amazon-eks +[Kubernetes Compatibility Matrix]: https://argo-cd.readthedocs.io/en/stable/operator-manual/installation/#supported-versions +[Applications in any namespace]: https://argo-cd.readthedocs.io/en/stable/operator-manual/app-any-namespace/#applications-in-any-namespace +[Argo CD Extensions]: https://github.com/argoproj-labs/argocd-extensions?tab=readme-ov-file#deprecation-notice +[Argo CD Extension Installer]: https://github.com/argoproj-labs/argocd-extension-installer +[Argo CD Manifest Hydrator]: https://argo-cd.readthedocs.io/en/stable/proposals/manifest-hydrator/ +[Manifest Hydrator]: https://github.com/argoproj/argo-cd/blob/master/docs/proposals/manifest-hydrator.md +[CNCF Allowlist License Policy]: https://github.com/cncf/foundation/blob/main/allowed-third-party-license-policy.md#cncf-allowlist-license-policy +[v2.14 to 3.0 upgrade instructions]: https://argo-cd.readthedocs.io/en/stable/operator-manual/upgrading/2.14-3.0/ +[Argo CD v3.0 Release Blog Post]: https://blog.argoproj.io/argo-cd-v3-0-release-candidate-a0b933f4e58f diff --git a/astroshop-platform/argocd-helmchart/charts/redis-ha/.helmignore b/astroshop-platform/argocd-helmchart/charts/redis-ha/.helmignore new file mode 100644 index 0000000..ee9c40f --- /dev/null +++ b/astroshop-platform/argocd-helmchart/charts/redis-ha/.helmignore @@ -0,0 +1,25 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +ci/ +*.gotmpl diff --git a/astroshop-platform/argocd-helmchart/charts/redis-ha/Chart.yaml b/astroshop-platform/argocd-helmchart/charts/redis-ha/Chart.yaml new file mode 100644 index 0000000..ee7119f --- /dev/null +++ b/astroshop-platform/argocd-helmchart/charts/redis-ha/Chart.yaml @@ -0,0 +1,19 @@ +apiVersion: v2 +appVersion: 7.2.7 +description: This Helm chart provides a highly available Redis implementation with + a master/slave configuration and uses Sentinel sidecars for failover management +home: http://redis.io/ +icon: https://upload.wikimedia.org/wikipedia/en/thumb/6/6b/Redis_Logo.svg/1200px-Redis_Logo.svg.png +keywords: +- redis +- keyvalue +- database +maintainers: +- email: aaron.layfield@gmail.com + name: dandydeveloper +name: redis-ha +sources: +- https://redis.io/download +- https://github.com/DandyDeveloper/charts/blob/master/charts/redis-ha +- https://github.com/oliver006/redis_exporter +version: 4.33.7 diff --git a/astroshop-platform/argocd-helmchart/charts/redis-ha/README.md b/astroshop-platform/argocd-helmchart/charts/redis-ha/README.md new file mode 100644 index 0000000..e1562b0 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/charts/redis-ha/README.md @@ -0,0 +1,485 @@ +# Redis + +[Redis](http://redis.io/) is an advanced key-value cache and store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets, sorted sets, bitmaps and hyperloglogs. + +## TL;DR + +```bash +helm repo add dandydev https://dandydeveloper.github.io/charts +helm install dandydev/redis-ha +``` + +By default this chart install 3 pods total: + +* one pod containing a redis master and sentinel container (optional prometheus metrics exporter sidecar available) +* two pods each containing a redis slave and sentinel containers (optional prometheus metrics exporter sidecars available) + +## Introduction + +This chart bootstraps a [Redis](https://redis.io) highly available master/slave statefulset in a [Kubernetes](http://kubernetes.io) cluster using the Helm package manager. + +## Prerequisites + +* Kubernetes 1.8+ with Beta APIs enabled +* PV provisioner support in the underlying infrastructure + +## Upgrading the Chart + +Please note that there have been a number of changes simplifying the redis management strategy (for better failover and elections) in the 3.x version of this chart. These changes allow the use of official [redis](https://hub.docker.com/_/redis/) images that do not require special RBAC or ServiceAccount roles. As a result when upgrading from version >=2.0.1 to >=3.0.0 of this chart, `Role`, `RoleBinding`, and `ServiceAccount` resources should be deleted manually. + +### Upgrading the chart from 3.x to 4.x + +Starting from version `4.x` HAProxy sidecar prometheus-exporter removed and replaced by the embedded [HAProxy metrics endpoint](https://github.com/haproxy/haproxy/tree/master/contrib/prometheus-exporter), as a result when upgrading from version 3.x to 4.x section `haproxy.exporter` should be removed and the `haproxy.metrics` need to be configured for fit your needs. + +## Installing the Chart + +To install the chart + +```bash +helm repo add dandydev https://dandydeveloper.github.io/charts +helm install dandydev/redis-ha +``` + +The command deploys Redis on the Kubernetes cluster in the default configuration. By default this chart install one master pod containing redis master container and sentinel container along with 2 redis slave pods each containing their own sentinel sidecars. The [configuration](#configuration) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the deployment: + +```bash +helm delete <chart-name> +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Configuration + +The following table lists the configurable parameters of the Redis chart and their default values. + +### General parameters + +| Parameter | Description | Type | Default | +|-----|------|---------|-------------| +| `additionalAffinities` | Additional affinities to add to the Redis server pods. # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity | object | `{}` | +| `affinity` | Override all other affinity settings for the Redis server pods with a string. | string | `""` | +| `auth` | Configures redis with AUTH (requirepass & masterauth conf params) | bool | `false` | +| `authKey` | Defines the key holding the redis password in existing secret. | string | `"auth"` | +| `configmap.labels` | Custom labels for the redis configmap | object | `{}` | +| `configmapTest.image` | Image for redis-ha-configmap-test hook | object | `{"repository":"koalaman/shellcheck","tag":"v0.10.0"}` | +| `configmapTest.image.repository` | Repository of the configmap shellcheck test image. | string | `"koalaman/shellcheck"` | +| `configmapTest.image.tag` | Tag of the configmap shellcheck test image. | string | `"v0.10.0"` | +| `configmapTest.resources` | Resources for the ConfigMap test pod | object | `{}` | +| `containerSecurityContext` | Security context to be added to the Redis containers. | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"runAsNonRoot":true,"runAsUser":1000,"seccompProfile":{"type":"RuntimeDefault"}}` | +| `emptyDir` | Configuration of `emptyDir`, used only if persistentVolume is disabled and no hostPath specified | object | `{}` | +| `existingSecret` | An existing secret containing a key defined by `authKey` that configures `requirepass` and `masterauth` in the conf parameters (Requires `auth: enabled`, cannot be used in conjunction with `.Values.redisPassword`) | string | `nil` | +| `extraContainers` | Extra containers to include in StatefulSet | list | `[]` | +| `extraInitContainers` | Extra init containers to include in StatefulSet | list | `[]` | +| `extraLabels` | Labels added here are applied to all created resources | object | `{}` | +| `extraVolumes` | Extra volumes to include in StatefulSet | list | `[]` | +| `fullnameOverride` | Full name of the Redis HA Resources | string | `""` | +| `global.compatibility` | Openshift compatibility options | object | `{"openshift":{"adaptSecurityContext":"auto"}}` | +| `global.priorityClassName` | Default priority class for all components | string | `""` | +| `hardAntiAffinity` | Whether the Redis server pods should be forced to run on separate nodes. # This is accomplished by setting their AntiAffinity with requiredDuringSchedulingIgnoredDuringExecution as opposed to preferred. # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity-beta-feature | bool | `true` | +| `hostPath.chown` | if chown is true, an init-container with root permissions is launched to change the owner of the hostPath folder to the user defined in the security context | bool | `true` | +| `hostPath.path` | Use this path on the host for data storage. path is evaluated as template so placeholders are replaced | string | `""` | +| `image.pullPolicy` | Redis image pull policy | string | `"IfNotPresent"` | +| `image.repository` | Redis image repository | string | `"public.ecr.aws/docker/library/redis"` | +| `image.tag` | Redis image tag | string | `"7.2.7-alpine"` | +| `imagePullSecrets` | Reference to one or more secrets to be used when pulling redis images | list | `[]` | +| `init.resources` | Extra init resources | object | `{}` | +| `labels` | Custom labels for the redis pod | object | `{}` | +| `nameOverride` | Name override for Redis HA resources | string | `""` | +| `networkPolicy.annotations` | Annotations for NetworkPolicy | object | `{}` | +| `networkPolicy.egressRules` | user can define egress rules too, uses the same structure as ingressRules | list | `[{"ports":[{"port":53,"protocol":"UDP"},{"port":53,"protocol":"TCP"}],"selectors":[{"namespaceSelector":{}},{"ipBlock":{"cidr":"169.254.0.0/16"}}]}]` | +| `networkPolicy.egressRules[0].selectors[0]` | Allow all destinations for DNS traffic | object | `{"namespaceSelector":{}}` | +| `networkPolicy.enabled` | whether NetworkPolicy for Redis StatefulSets should be created. when enabled, inter-Redis connectivity is created | bool | `false` | +| `networkPolicy.ingressRules` | User defined ingress rules that Redis should permit into. Uses the format defined in https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors | list | `[]` | +| `networkPolicy.labels` | Labels for NetworkPolicy | object | `{}` | +| `nodeSelector` | Node labels for pod assignment | object | `{}` | +| `persistentVolume.accessModes` | Persistent volume access modes | list | `["ReadWriteOnce"]` | +| `persistentVolume.annotations` | Annotations for the volume | object | `{}` | +| `persistentVolume.enabled` | Enable persistent volume | bool | `true` | +| `persistentVolume.labels` | Labels for the volume | object | `{}` | +| `persistentVolume.size` | Persistent volume size | string | `"10Gi"` | +| `persistentVolume.storageClass` | redis-ha data Persistent Volume Storage Class | string | `nil` | +| `podDisruptionBudget` | Pod Disruption Budget rules | object | `{}` | +| `podManagementPolicy` | The statefulset pod management policy | string | `"OrderedReady"` | +| `priorityClassName` | Kubernetes priorityClass name for the redis-ha-server pod | string | `""` | +| `rbac.create` | Create and use RBAC resources | bool | `true` | +| `redis.annotations` | Annotations for the redis statefulset | object | `{}` | +| `redis.authClients` | It is possible to disable client side certificates authentication when "authClients" is set to "no" | string | `""` | +| `redis.config` | Any valid redis config options in this section will be applied to each server, For multi-value configs use list instead of string (for example loadmodule) (see below) | object | see values.yaml | +| `redis.config.maxmemory` | Max memory to use for each redis instance. Default is unlimited. | string | `"0"` | +| `redis.config.maxmemory-policy` | Max memory policy to use for each redis instance. Default is volatile-lru. | string | `"volatile-lru"` | +| `redis.config.min-replicas-max-lag` | Value in seconds | int | `5` | +| `redis.config.repl-diskless-sync` | When enabled, directly sends the RDB over the wire to slaves, without using the disk as intermediate storage. Default is false. | string | `"yes"` | +| `redis.config.save` | Please note that local (on-disk) RDBs will still be created when re-syncing with a new slave. The only way to prevent this is to enable diskless replication. | string | `"900 1"` | +| `redis.customArgs` | Allows overriding the redis container arguments | list | `[]` | +| `redis.customCommand` | Allows overriding the redis container command | list | `[]` | +| `redis.customConfig` | Allows for custom redis.conf files to be applied. If this is used then `redis.config` is ignored | string | `nil` | +| `redis.disableCommands` | Array with commands to disable | list | `["FLUSHDB","FLUSHALL"]` | +| `redis.envFrom` | Load environment variables from ConfigMap/Secret | list | `[]` | +| `redis.extraVolumeMounts` | additional volumeMounts for Redis container | list | `[]` | +| `redis.lifecycle` | Container Lifecycle Hooks for redis container Ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/ | object | see values.yaml | +| `redis.livenessProbe` | Liveness probe parameters for redis container | object | `{"enabled":true,"failureThreshold":5,"initialDelaySeconds":30,"periodSeconds":15,"successThreshold":1,"timeoutSeconds":15}` | +| `redis.livenessProbe.enabled` | Enable the Liveness Probe | bool | `true` | +| `redis.livenessProbe.failureThreshold` | Failure threshold for liveness probe | int | `5` | +| `redis.livenessProbe.initialDelaySeconds` | Initial delay in seconds for liveness probe | int | `30` | +| `redis.livenessProbe.periodSeconds` | Period in seconds after which liveness probe will be repeated | int | `15` | +| `redis.livenessProbe.successThreshold` | Success threshold for liveness probe | int | `1` | +| `redis.livenessProbe.timeoutSeconds` | Timeout seconds for liveness probe | int | `15` | +| `redis.masterGroupName` | Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated | string | `"mymaster"` | +| `redis.port` | Port to access the redis service | int | `6379` | +| `redis.readinessProbe` | Readiness probe parameters for redis container | object | `{"enabled":true,"failureThreshold":5,"initialDelaySeconds":30,"periodSeconds":15,"successThreshold":1,"timeoutSeconds":15}` | +| `redis.readinessProbe.enabled` | Enable the Readiness Probe | bool | `true` | +| `redis.readinessProbe.failureThreshold` | Failure threshold for readiness probe | int | `5` | +| `redis.readinessProbe.initialDelaySeconds` | Initial delay in seconds for readiness probe | int | `30` | +| `redis.readinessProbe.periodSeconds` | Period in seconds after which readiness probe will be repeated | int | `15` | +| `redis.readinessProbe.successThreshold` | Success threshold for readiness probe | int | `1` | +| `redis.readinessProbe.timeoutSeconds` | Timeout seconds for readiness probe | int | `15` | +| `redis.resources` | CPU/Memory for master/slave nodes resource requests/limits | object | `{}` | +| `redis.startupProbe` | Startup probe parameters for redis container | object | `{"enabled":true,"failureThreshold":3,"initialDelaySeconds":5,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":15}` | +| `redis.startupProbe.enabled` | Enable Startup Probe | bool | `true` | +| `redis.startupProbe.failureThreshold` | Failure threshold for startup probe | int | `3` | +| `redis.startupProbe.initialDelaySeconds` | Initial delay in seconds for startup probe | int | `5` | +| `redis.startupProbe.periodSeconds` | Period in seconds after which startup probe will be repeated | int | `10` | +| `redis.startupProbe.successThreshold` | Success threshold for startup probe | int | `1` | +| `redis.startupProbe.timeoutSeconds` | Timeout seconds for startup probe | int | `15` | +| `redis.terminationGracePeriodSeconds` | Increase terminationGracePeriodSeconds to allow writing large RDB snapshots. (k8s default is 30s) ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination-forced | int | `60` | +| `redis.tlsPort` | TLS Port to access the redis service | int | `nil` | +| `redis.tlsReplication` | Configures redis with tls-replication parameter, if true sets "tls-replication yes" in redis.conf | bool | `nil` | +| `redis.updateStrategy` | Update strategy for Redis StatefulSet # ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies | object | `{"type":"RollingUpdate"}` | +| `redisPassword` | A password that configures a `requirepass` and `masterauth` in the conf parameters (Requires `auth: enabled`) | string | `nil` | +| `replicas` | Number of redis master/slave | int | `3` | +| `restore.existingSecret` | Set existingSecret to true to use secret specified in existingSecret above | bool | `false` | +| `restore.s3.access_key` | Restore init container - AWS AWS_ACCESS_KEY_ID to access restore.s3.source | string | `""` | +| `restore.s3.region` | Restore init container - AWS AWS_REGION to access restore.s3.source | string | `""` | +| `restore.s3.secret_key` | Restore init container - AWS AWS_SECRET_ACCESS_KEY to access restore.s3.source | string | `""` | +| `restore.s3.source` | Restore init container - AWS S3 location of dump - i.e. s3://bucket/dump.rdb or false | string | `""` | +| `restore.ssh.key` | Restore init container - SSH private key to scp restore.ssh.source to init container. Key should be in one line separated with \n. i.e. `-----BEGIN RSA PRIVATE KEY-----\n...\n...\n-----END RSA PRIVATE KEY-----` | string | `""` | +| `restore.ssh.source` | Restore init container - SSH scp location of dump - i.e. user@server:/path/dump.rdb or false | string | `""` | +| `restore.timeout` | Timeout for the restore | int | `600` | +| `ro_replicas` | Comma separated list of slaves which never get promoted to be master. Count starts with 0. Allowed values 1-9. i.e. 3,4 - 3th and 4th redis slave never make it to be master, where master is index 0. | string | `""` | +| `schedulerName` | Use an alternate scheduler, e.g. "stork". ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ | string | `""` | +| `securityContext` | Security context to be added to the Redis StatefulSet. | object | `{"fsGroup":1000,"runAsNonRoot":true,"runAsUser":1000}` | +| `serviceAccount.annotations` | Annotations to be added to the service account for the redis statefulset | object | `{}` | +| `serviceAccount.automountToken` | opt in/out of automounting API credentials into container. Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ | bool | `true` | +| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | bool | `true` | +| `serviceAccount.name` | The name of the ServiceAccount to use. If not set and create is true, a name is generated using the redis-ha.fullname template | string | `""` | +| `serviceLabels` | Custom labels for redis service | object | `{}` | +| `splitBrainDetection.interval` | Interval between redis sentinel and server split brain checks (in seconds) | int | `60` | +| `splitBrainDetection.resources` | splitBrainDetection resources | object | `{}` | +| `sysctlImage.command` | sysctlImage command to execute | list | `[]` | +| `sysctlImage.enabled` | Enable an init container to modify Kernel settings | bool | `false` | +| `sysctlImage.mountHostSys` | Mount the host `/sys` folder to `/host-sys` | bool | `false` | +| `sysctlImage.pullPolicy` | sysctlImage Init container pull policy | string | `"Always"` | +| `sysctlImage.registry` | sysctlImage Init container registry | string | `"public.ecr.aws/docker/library"` | +| `sysctlImage.repository` | sysctlImage Init container name | string | `"busybox"` | +| `sysctlImage.resources` | sysctlImage resources | object | `{}` | +| `sysctlImage.tag` | sysctlImage Init container tag | string | `"1.34.1"` | +| `tls.caCertFile` | Name of CA certificate file | string | `"ca.crt"` | +| `tls.certFile` | Name of certificate file | string | `"redis.crt"` | +| `tls.dhParamsFile` | Name of Diffie-Hellman (DH) key exchange parameters file (Example: redis.dh) | string | `nil` | +| `tls.keyFile` | Name of key file | string | `"redis.key"` | +| `topologySpreadConstraints.enabled` | Enable topology spread constraints | bool | `false` | +| `topologySpreadConstraints.maxSkew` | Max skew of pods tolerated | string | `""` | +| `topologySpreadConstraints.topologyKey` | Topology key for spread constraints | string | `""` | +| `topologySpreadConstraints.whenUnsatisfiable` | Enforcement policy, hard or soft | string | `""` | + +### Redis Sentinel parameters + +| Parameter | Description | Type | Default | +|-----|------|---------|-------------| +| `sentinel.auth` | Enables or disables sentinel AUTH (Requires `sentinel.password` to be set) | bool | `false` | +| `sentinel.authClients` | It is possible to disable client side certificates authentication when "authClients" is set to "no" | string | `""` | +| `sentinel.authKey` | The key holding the sentinel password in an existing secret. | string | `"sentinel-password"` | +| `sentinel.config` | Valid sentinel config options in this section will be applied as config options to each sentinel (see below) | object | see values.yaml | +| `sentinel.customArgs` | | list | `[]` | +| `sentinel.customCommand` | | list | `[]` | +| `sentinel.customConfig` | Allows for custom sentinel.conf files to be applied. If this is used then `sentinel.config` is ignored | string | `""` | +| `sentinel.existingSecret` | An existing secret containing a key defined by `sentinel.authKey` that configures `requirepass` in the conf parameters (Requires `sentinel.auth: enabled`, cannot be used in conjunction with `.Values.sentinel.password`) | string | `""` | +| `sentinel.extraVolumeMounts` | additional volumeMounts for Sentinel container | list | `[]` | +| `sentinel.lifecycle` | Container Lifecycle Hooks for sentinel container. Ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/ | object | `{}` | +| `sentinel.livenessProbe.enabled` | | bool | `true` | +| `sentinel.livenessProbe.failureThreshold` | Failure threshold for liveness probe | int | `5` | +| `sentinel.livenessProbe.initialDelaySeconds` | Initial delay in seconds for liveness probe | int | `30` | +| `sentinel.livenessProbe.periodSeconds` | Period in seconds after which liveness probe will be repeated | int | `15` | +| `sentinel.livenessProbe.successThreshold` | Success threshold for liveness probe | int | `1` | +| `sentinel.livenessProbe.timeoutSeconds` | Timeout seconds for liveness probe | int | `15` | +| `sentinel.password` | A password that configures a `requirepass` in the conf parameters (Requires `sentinel.auth: enabled`) | string | `nil` | +| `sentinel.port` | Port to access the sentinel service | int | `26379` | +| `sentinel.quorum` | Minimum number of nodes expected to be live. | int | `2` | +| `sentinel.readinessProbe.enabled` | | bool | `true` | +| `sentinel.readinessProbe.failureThreshold` | Failure threshold for readiness probe | int | `5` | +| `sentinel.readinessProbe.initialDelaySeconds` | Initial delay in seconds for readiness probe | int | `30` | +| `sentinel.readinessProbe.periodSeconds` | Period in seconds after which readiness probe will be repeated | int | `15` | +| `sentinel.readinessProbe.successThreshold` | Success threshold for readiness probe | int | `3` | +| `sentinel.readinessProbe.timeoutSeconds` | Timeout seconds for readiness probe | int | `15` | +| `sentinel.resources` | CPU/Memory for sentinel node resource requests/limits | object | `{}` | +| `sentinel.startupProbe` | Startup probe parameters for redis container | object | `{"enabled":true,"failureThreshold":3,"initialDelaySeconds":5,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":15}` | +| `sentinel.startupProbe.enabled` | Enable Startup Probe | bool | `true` | +| `sentinel.startupProbe.failureThreshold` | Failure threshold for startup probe | int | `3` | +| `sentinel.startupProbe.initialDelaySeconds` | Initial delay in seconds for startup probe | int | `5` | +| `sentinel.startupProbe.periodSeconds` | Period in seconds after which startup probe will be repeated | int | `10` | +| `sentinel.startupProbe.successThreshold` | Success threshold for startup probe | int | `1` | +| `sentinel.startupProbe.timeoutSeconds` | Timeout seconds for startup probe | int | `15` | +| `sentinel.tlsPort` | TLS Port to access the sentinel service | int | `nil` | +| `sentinel.tlsReplication` | Configures sentinel with tls-replication parameter, if true sets "tls-replication yes" in sentinel.conf | bool | `nil` | + +### HAProxy parameters + +| Parameter | Description | Type | Default | +|-----|------|---------|-------------| +| `haproxy.IPv6.enabled` | Enable HAProxy parameters to bind and consume IPv6 addresses. Enabled by default. | bool | `true` | +| `haproxy.additionalAffinities` | Additional affinities to add to the haproxy pods. | object | `{}` | +| `haproxy.affinity` | Override all other affinity settings for the haproxy pods with a string. | string | `""` | +| `haproxy.annotations` | HAProxy template annotations | object | `{}` | +| `haproxy.checkFall` | haproxy.cfg `check fall` setting | int | `1` | +| `haproxy.checkInterval` | haproxy.cfg `check inter` setting | string | `"1s"` | +| `haproxy.containerPort` | Modify HAProxy deployment container port | int | `6379` | +| `haproxy.containerSecurityContext` | Security context to be added to the HAProxy containers. | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}}` | +| `haproxy.customConfig` | Allows for custom config-haproxy.cfg file to be applied. If this is used then default config will be overwriten | string | `nil` | +| `haproxy.deploymentStrategy` | Deployment strategy for the haproxy deployment | object | `{"type":"RollingUpdate"}` | +| `haproxy.emptyDir` | Configuration of `emptyDir` | object | `{}` | +| `haproxy.enabled` | Enabled HAProxy LoadBalancing/Proxy | bool | `false` | +| `haproxy.extraConfig` | Allows to place any additional configuration section to add to the default config-haproxy.cfg | string | `nil` | +| `haproxy.hardAntiAffinity` | Whether the haproxy pods should be forced to run on separate nodes. | bool | `true` | +| `haproxy.image.pullPolicy` | HAProxy Image PullPolicy | string | `"IfNotPresent"` | +| `haproxy.image.repository` | HAProxy Image Repository | string | `"public.ecr.aws/docker/library/haproxy"` | +| `haproxy.image.tag` | HAProxy Image Tag | string | `"2.9.4-alpine"` | +| `haproxy.imagePullSecrets` | Reference to one or more secrets to be used when pulling images ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ | list | `[]` | +| `haproxy.init.resources` | Extra init resources | object | `{}` | +| `haproxy.labels` | Custom labels for the haproxy pod | object | `{}` | +| `haproxy.lifecycle` | Container lifecycle hooks. Ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/ | object | `{}` | +| `haproxy.metrics.enabled` | HAProxy enable prometheus metric scraping | bool | `false` | +| `haproxy.metrics.port` | HAProxy prometheus metrics scraping port | int | `9101` | +| `haproxy.metrics.portName` | HAProxy metrics scraping port name | string | `"http-exporter-port"` | +| `haproxy.metrics.scrapePath` | HAProxy prometheus metrics scraping path | string | `"/metrics"` | +| `haproxy.metrics.serviceMonitor.disableAPICheck` | Disable API Check on ServiceMonitor | bool | `false` | +| `haproxy.metrics.serviceMonitor.enabled` | When set true then use a ServiceMonitor to configure scraping | bool | `false` | +| `haproxy.metrics.serviceMonitor.endpointAdditionalProperties` | Set additional properties for the ServiceMonitor endpoints such as relabeling, scrapeTimeout, tlsConfig, and more. | object | `{}` | +| `haproxy.metrics.serviceMonitor.interval` | Set how frequently Prometheus should scrape (default is 30s) | string | `""` | +| `haproxy.metrics.serviceMonitor.labels` | Set labels for the ServiceMonitor, use this to define your scrape label for Prometheus Operator | object | `{}` | +| `haproxy.metrics.serviceMonitor.namespace` | Set the namespace the ServiceMonitor should be deployed | string | `.Release.Namespace` | +| `haproxy.metrics.serviceMonitor.telemetryPath` | Set path to redis-exporter telemtery-path (default is /metrics) | string | `""` | +| `haproxy.metrics.serviceMonitor.timeout` | Set timeout for scrape (default is 10s) | string | `""` | +| `haproxy.networkPolicy.annotations` | Annotations for Haproxy NetworkPolicy | object | `{}` | +| `haproxy.networkPolicy.egressRules` | user can define egress rules too, uses the same structure as ingressRules | list | `[]` | +| `haproxy.networkPolicy.enabled` | whether NetworkPolicy for Haproxy should be created | bool | `false` | +| `haproxy.networkPolicy.ingressRules` | user defined ingress rules that Haproxy should permit into. uses the format defined in https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors | list | `[]` | +| `haproxy.networkPolicy.labels` | Labels for Haproxy NetworkPolicy | object | `{}` | +| `haproxy.podDisruptionBudget` | Pod Disruption Budget ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ | object | `{}` | +| `haproxy.priorityClassName` | Kubernetes priorityClass name for the haproxy pod | string | `""` | +| `haproxy.readOnly` | Enable read-only redis-slaves | object | `{"enabled":false,"port":6380}` | +| `haproxy.readOnly.enabled` | Enable if you want a dedicated port in haproxy for redis-slaves | bool | `false` | +| `haproxy.readOnly.port` | Port for the read-only redis-slaves | int | `6380` | +| `haproxy.replicas` | Number of HAProxy instances | int | `3` | +| `haproxy.resources` | HAProxy resources | object | `{}` | +| `haproxy.securityContext` | Security context to be added to the HAProxy deployment. | object | `{"fsGroup":99,"runAsNonRoot":true,"runAsUser":99}` | +| `haproxy.service.annotations` | HAProxy service annotations | string | `nil` | +| `haproxy.service.externalIPs` | HAProxy external IPs | object | `{}` | +| `haproxy.service.externalTrafficPolicy` | HAProxy service externalTrafficPolicy value (haproxy.service.type must be LoadBalancer) | string | `nil` | +| `haproxy.service.labels` | HAProxy service labels | object | `{}` | +| `haproxy.service.loadBalancerIP` | HAProxy service loadbalancer IP | string | `nil` | +| `haproxy.service.loadBalancerSourceRanges` | List of CIDR's allowed to connect to LoadBalancer | list | `[]` | +| `haproxy.service.nodePort` | HAProxy service nodePort value (haproxy.service.type must be NodePort) | int | `nil` | +| `haproxy.service.type` | HAProxy service type "ClusterIP", "LoadBalancer" or "NodePort" | string | `"ClusterIP"` | +| `haproxy.serviceAccount.automountToken` | | bool | `false` | +| `haproxy.serviceAccount.create` | Specifies whether a ServiceAccount should be created | bool | `true` | +| `haproxy.serviceAccountName` | HAProxy serviceAccountName | string | `"redis-sa"` | +| `haproxy.servicePort` | Modify HAProxy service port | int | `6379` | +| `haproxy.stickyBalancing` | HAProxy sticky load balancing to Redis nodes. Helps with connections shutdown. | bool | `false` | +| `haproxy.tests.resources` | Pod resources for the tests against HAProxy. | object | `{}` | +| `haproxy.timeout.check` | haproxy.cfg `timeout check` setting | string | `"2s"` | +| `haproxy.timeout.client` | haproxy.cfg `timeout client` setting | string | `"330s"` | +| `haproxy.timeout.connect` | haproxy.cfg `timeout connect` setting | string | `"4s"` | +| `haproxy.timeout.server` | haproxy.cfg `timeout server` setting | string | `"330s"` | +| `haproxy.tls` | Enable TLS termination on HAproxy, This will create a volume mount | object | `{"certMountPath":"/tmp/","enabled":false,"keyName":null,"secretName":""}` | +| `haproxy.tls.certMountPath` | Path to mount the secret that contains the certificates. haproxy | string | `"/tmp/"` | +| `haproxy.tls.enabled` | If "true" this will enable TLS termination on haproxy | bool | `false` | +| `haproxy.tls.keyName` | Key file name | string | `nil` | +| `haproxy.tls.secretName` | Secret containing the .pem file | string | `""` | + +### Prometheus exporter parameters + +| Parameter | Description | Type | Default | +|-----|------|---------|-------------| +| `exporter.address` | Address/Host for Redis instance. Exists to circumvent issues with IPv6 dns resolution that occurs on certain environments | string | `"localhost"` | +| `exporter.enabled` | If `true`, the prometheus exporter sidecar is enabled | bool | `false` | +| `exporter.extraArgs` | Additional args for redis exporter | object | `{}` | +| `exporter.image` | Exporter image | string | `"oliver006/redis_exporter"` | +| `exporter.livenessProbe.httpGet.path` | Exporter liveness probe httpGet path | string | `"/metrics"` | +| `exporter.livenessProbe.httpGet.port` | Exporter liveness probe httpGet port | int | `9121` | +| `exporter.livenessProbe.initialDelaySeconds` | Initial delay in seconds for liveness probe of exporter | int | `15` | +| `exporter.livenessProbe.periodSeconds` | Period in seconds after which liveness probe will be repeated | int | `15` | +| `exporter.livenessProbe.timeoutSeconds` | Timeout seconds for liveness probe of exporter | int | `3` | +| `exporter.port` | Exporter port | int | `9121` | +| `exporter.portName` | Exporter port name | string | `"exporter-port"` | +| `exporter.pullPolicy` | Exporter image pullPolicy | string | `"IfNotPresent"` | +| `exporter.readinessProbe.httpGet.path` | Exporter readiness probe httpGet path | string | `"/metrics"` | +| `exporter.readinessProbe.httpGet.port` | Exporter readiness probe httpGet port | int | `9121` | +| `exporter.readinessProbe.initialDelaySeconds` | Initial delay in seconds for readiness probe of exporter | int | `15` | +| `exporter.readinessProbe.periodSeconds` | Period in seconds after which readiness probe will be repeated | int | `15` | +| `exporter.readinessProbe.successThreshold` | Success threshold for readiness probe of exporter | int | `2` | +| `exporter.readinessProbe.timeoutSeconds` | Timeout seconds for readiness probe of exporter | int | `3` | +| `exporter.resources` | cpu/memory resource limits/requests | object | `{}` | +| `exporter.scrapePath` | Exporter scrape path | string | `"/metrics"` | +| `exporter.script` | A custom custom Lua script that will be mounted to exporter for collection of custom metrics. Creates a ConfigMap and sets env var `REDIS_EXPORTER_SCRIPT`. | string | `""` | +| `exporter.serviceMonitor.disableAPICheck` | Disable API Check on ServiceMonitor | bool | `false` | +| `exporter.serviceMonitor.enabled` | When set true then use a ServiceMonitor to configure scraping | bool | `false` | +| `exporter.serviceMonitor.endpointAdditionalProperties` | Set additional properties for the ServiceMonitor endpoints such as relabeling, scrapeTimeout, tlsConfig, and more. | object | `{}` | +| `exporter.serviceMonitor.interval` | Set how frequently Prometheus should scrape (default is 30s) | string | `""` | +| `exporter.serviceMonitor.labels` | Set labels for the ServiceMonitor, use this to define your scrape label for Prometheus Operator | object | `{}` | +| `exporter.serviceMonitor.namespace` | Set the namespace the ServiceMonitor should be deployed | string | `.Release.Namespace` | +| `exporter.serviceMonitor.telemetryPath` | Set path to redis-exporter telemtery-path (default is /metrics) | string | `""` | +| `exporter.serviceMonitor.timeout` | Set timeout for scrape (default is 10s) | string | `""` | +| `exporter.tag` | Exporter image tag | string | `"v1.57.0"` | +| `prometheusRule.additionalLabels` | Additional labels to be set in metadata. | object | `{}` | +| `prometheusRule.enabled` | If true, creates a Prometheus Operator PrometheusRule. | bool | `false` | +| `prometheusRule.interval` | How often rules in the group are evaluated (falls back to `global.evaluation_interval` if not set). | string | `"10s"` | +| `prometheusRule.namespace` | Namespace which Prometheus is running in. | string | `nil` | +| `prometheusRule.rules` | Rules spec template (see https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#rule). | list | `[]` | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```bash +$ helm repo add dandydev https://dandydeveloper.github.io/charts +$ helm install \ + --set image=redis \ + --set tag=5.0.5-alpine \ + dandydev/redis-ha +``` + +The above command sets the Redis server within `default` namespace. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```bash +helm install -f values.yaml dandydev/redis-ha +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Custom Redis and Sentinel config options + +This chart allows for most redis or sentinel config options to be passed as a key value pair through the `values.yaml` under `redis.config` and `sentinel.config`. See links below for all available options. + +[Example redis.conf](http://download.redis.io/redis-stable/redis.conf) +[Example sentinel.conf](http://download.redis.io/redis-stable/sentinel.conf) + +For example `repl-timeout 60` would be added to the `redis.config` section of the `values.yaml` as: + +```yml + repl-timeout: "60" +``` + +Note: + +1. Some config options should be renamed by redis version,e.g.: + + ```yml + # In redis 5.x,see https://raw.githubusercontent.com/antirez/redis/5.0/redis.conf + min-replicas-to-write: 1 + min-replicas-max-lag: 5 + + # In redis 4.x and redis 3.x,see https://raw.githubusercontent.com/antirez/redis/4.0/redis.conf and https://raw.githubusercontent.com/antirez/redis/3.0/redis.conf + min-slaves-to-write 1 + min-slaves-max-lag 5 + ``` + +Sentinel options supported must be in the the `sentinel <option> <master-group-name> <value>` format. For example, `sentinel down-after-milliseconds 30000` would be added to the `sentinel.config` section of the `values.yaml` as: + +```yml + down-after-milliseconds: 30000 +``` + +If more control is needed from either the redis or sentinel config then an entire config can be defined under `redis.customConfig` or `sentinel.customConfig`. Please note that these values will override any configuration options under their respective section. For example, if you define `sentinel.customConfig` then the `sentinel.config` is ignored. + +## Host Kernel Settings + +Redis may require some changes in the kernel of the host machine to work as expected, in particular increasing the `somaxconn` value and disabling transparent huge pages. +To do so, you can set up a privileged initContainer with the `sysctlImage` config values, for example: + +```yml +sysctlImage: + enabled: true + mountHostSys: true + command: + - /bin/sh + - -xc + - |- + sysctl -w net.core.somaxconn=10000 + echo never > /host-sys/kernel/mm/transparent_hugepage/enabled +``` + +## HAProxy startup + +When HAProxy is enabled, it will attempt to connect to each announce-service of each redis replica instance in its init container before starting. +It will fail if announce-service IP is not available fast enough (10 seconds max by announce-service). +A such case could happen if the orchestator is pending the nomination of redis pods. +Risk is limited because announce-service is using `publishNotReadyAddresses: true`, although, in such case, HAProxy pod will be rescheduled afterward by the orchestrator. + +PodDisruptionBudgets are not configured by default, you may need to set the `haproxy.podDisruptionBudget` parameter in values.yaml to enable it. + +## Network policies + +If `networkPolicy.enabled` is set to `true`, then a `NetworkPolicy` resource is created with default rules to allow inter-Redis and Sentinel connectivity. +This is a requirement for Redis Pods to come up successfully. + +You will need to define `ingressRules` to permit your application connectivity to Redis. +The `selectors` block should be in the format of a [label selector](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors). +Templating is also supported in the selectors. +See such a configuration below. + +```yaml +networkPolicy: true + ingressRules: + - selectors: + - namespaceSelector: + matchLabels: + name: my-redis-client-namespace + podSelector: + matchLabels: + # template example + app: |- + {{- .App.Name }} + ## ports block is optional (defaults to below), define the block to override the defaults + # ports: + # - port: 6379 + # protocol: TCP + # - port: 26379 + # protocol: TCP +``` + +Should your Pod require additional egress rules, define them in a `egressRules` key which is structured identically to an `ingressRules` key. + +## Sentinel and redis server split brain detection + +Under not entirely known yet circumstances redis sentinel and its corresponding redis server reach a condition that this chart authors call "split brain" (for short). The observed behaviour is the following: the sentinel switches to the new re-elected master, but does not switch its redis server. Majority of original discussion on the problem has happened at the <https://github.com/DandyDeveloper/charts/issues/121>. + +The proposed solution is currently implemented as a sidecar container that runs a bash script with the following logic: + +1. Every `splitBrainDetection.interval` seconds a master (as known by sentinel) is determined +1. If it is the current node: ensure the redis server's role is master as well. +1. If it is not the current node: ensure the redis server also replicates from the same node. + +If any of the checks above fails - the redis server reinitialisation happens (it regenerates configs the same way it's done during the pod init), and then the redis server is instructed to shutdown. Then kubernetes restarts the container immediately. + +# Change Log + +## 4.14.9 - ** POTENTIAL BREAKING CHANGE. ** +Introduced the ability to change the Haproxy Deployment container pod +- Container port in redis-haproxy-deployment.yam has been changed. Was **redis.port** To **haproxy.containerPort**. Default value is 6379. +- Port in redis-haproxy-service.yaml has been changed. Was **redis.port** To **haproxy.servicePort**. Default value is 6379. + +## 4.21.0 - BREAKING CHANGES (Kubernetes Deprecation) +This version introduced the deprecation of the PSP and subsequently added fields to the securityContexts that were introduced in Kubernetes v1.19: + +https://kubernetes.io/docs/tutorials/security/seccomp/ + +As a result, from this version onwards Kubernetes versions older than 1.19 will fail to install without the removal of `.Values.containerSecurityContext.seccompProfile` and `.Values.haproxy.containerSecurityContext.seccompProfile` (If HAProxy is enabled) + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) diff --git a/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/NOTES.txt b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/NOTES.txt new file mode 100644 index 0000000..07ea429 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/NOTES.txt @@ -0,0 +1,25 @@ +Redis can be accessed via {{ if ne (int .Values.redis.port) 0 }}port {{ .Values.redis.port }}{{ end }} {{ if .Values.redis.tlsPort }} tls-port {{ .Values.redis.tlsPort }}{{ end }} and Sentinel can be accessed via {{ if ne (int .Values.sentinel.port) 0 }}port {{ .Values.sentinel.port }}{{ end }} {{ if .Values.sentinel.tlsPort }} tls-port {{ .Values.sentinel.tlsPort }}{{ end }} on the following DNS name from within your cluster: +{{ template "redis-ha.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local + +To connect to your Redis server: + +{{- if .Values.auth }} +1. To retrieve the redis password: + echo $(kubectl get secret {{ template "redis-ha.fullname" . }} -o "jsonpath={.data['auth']}" | base64 --decode) + +2. Connect to the Redis master pod that you can use as a client. By default the {{ template "redis-ha.fullname" . }}-server-0 pod is configured as the master: + + kubectl exec -it {{ template "redis-ha.fullname" . }}-server-0 -n {{ .Release.Namespace }} -c redis -- sh + +3. Connect using the Redis CLI (inside container): + + redis-cli -a <REDIS-PASS-FROM-SECRET> +{{- else }} +1. Run a Redis pod that you can use as a client: + + kubectl exec -it {{ template "redis-ha.fullname" . }}-server-0 -n {{ .Release.Namespace }} -c redis -- sh + +2. Connect using the Redis CLI: + + redis-cli -h {{ template "redis-ha.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/_configs.tpl b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/_configs.tpl new file mode 100644 index 0000000..e1222ad --- /dev/null +++ b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/_configs.tpl @@ -0,0 +1,730 @@ +{{/* vim: set filetype=mustache: */}} + +{{- define "config-redis.conf" }} +{{- if .Values.redis.customConfig }} +{{ tpl .Values.redis.customConfig . | indent 4 }} +{{- else }} + dir "/data" + port {{ .Values.redis.port }} + {{- if .Values.sentinel.tlsPort }} + tls-port {{ .Values.redis.tlsPort }} + tls-cert-file /tls-certs/{{ .Values.tls.certFile }} + tls-key-file /tls-certs/{{ .Values.tls.keyFile }} + {{- if .Values.tls.dhParamsFile }} + tls-dh-params-file /tls-certs/{{ .Values.tls.dhParamsFile }} + {{- end }} + {{- if .Values.tls.caCertFile }} + tls-ca-cert-file /tls-certs/{{ .Values.tls.caCertFile }} + {{- end }} + {{- if eq (default "yes" .Values.redis.authClients) "no"}} + tls-auth-clients no + {{- end }} + tls-replication {{ if .Values.redis.tlsReplication }}yes{{ else }}no{{ end }} + {{- end }} + {{- if .Values.redis.disableCommands }} + {{- range .Values.redis.disableCommands }} + rename-command {{ . }} "" + {{- end }} + {{- end }} + {{- range $key, $value := .Values.redis.config }} + {{- if kindIs "slice" $value }} + {{- range $value }} + {{ $key }} {{ . }} + {{- end }} + {{- else }} + {{ $key }} {{ $value }} + {{- end }} + {{- end }} +{{- if .Values.auth }} + requirepass replace-default-auth + masterauth replace-default-auth +{{- end }} +{{- end }} +{{- end }} + +{{- define "config-sentinel.conf" }} +{{- if .Values.sentinel.customConfig }} +{{ tpl .Values.sentinel.customConfig . | indent 4 }} +{{- else }} + dir "/data" + port {{ .Values.sentinel.port }} + {{- if .Values.sentinel.bind }} + bind {{ .Values.sentinel.bind }} + {{- end }} + {{- if .Values.sentinel.tlsPort }} + tls-port {{ .Values.sentinel.tlsPort }} + tls-cert-file /tls-certs/{{ .Values.tls.certFile }} + tls-key-file /tls-certs/{{ .Values.tls.keyFile }} + {{- if .Values.tls.dhParamsFile }} + tls-dh-params-file /tls-certs/{{ .Values.tls.dhParamsFile }} + {{- end }} + {{- if .Values.tls.caCertFile }} + tls-ca-cert-file /tls-certs/{{ .Values.tls.caCertFile }} + {{- end }} + {{- if eq (default "yes" .Values.sentinel.authClients) "no"}} + tls-auth-clients no + {{- end }} + tls-replication {{ if .Values.sentinel.tlsReplication }}yes{{ else }}no{{ end }} + {{- end }} + {{- range $key, $value := .Values.sentinel.config }} + {{- if eq "maxclients" $key }} + {{ $key }} {{ $value }} + {{- else }} + sentinel {{ $key }} {{ template "redis-ha.masterGroupName" $ }} {{ $value }} + {{- end }} + {{- end }} +{{- if .Values.auth }} + sentinel auth-pass {{ template "redis-ha.masterGroupName" . }} replace-default-auth +{{- end }} +{{- if .Values.sentinel.auth }} + requirepass replace-default-sentinel-auth +{{- end }} +{{- end }} +{{- end }} + +{{- define "lib.sh" }} + sentinel_get_master() { + set +e + if [ "$SENTINEL_PORT" -eq 0 ]; then + redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" {{ if .Values.sentinel.auth }} -a "${SENTINELAUTH}" --no-auth-warning{{ end }} --tls --cacert /tls-certs/{{ .Values.tls.caCertFile }} {{ if ne (default "yes" .Values.sentinel.authClients) "no"}} --cert /tls-certs/{{ .Values.tls.certFile }} --key /tls-certs/{{ .Values.tls.keyFile }}{{ end }} sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ + grep -E '((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?s*$))' + else + redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}" {{ if .Values.sentinel.auth }} -a "${SENTINELAUTH}" --no-auth-warning{{ end }} sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ + grep -E '((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?s*$))' + fi + set -e + } + + sentinel_get_master_retry() { + master='' + retry=${1} + sleep=3 + for i in $(seq 1 "${retry}"); do + master=$(sentinel_get_master) + if [ -n "${master}" ]; then + break + fi + sleep $((sleep + i)) + done + echo "${master}" + } + + identify_master() { + echo "Identifying redis master (get-master-addr-by-name).." + echo " using sentinel ({{ template "redis-ha.fullname" . }}), sentinel group name ({{ template "redis-ha.masterGroupName" . }})" + MASTER="$(sentinel_get_master_retry 3)" + if [ -n "${MASTER}" ]; then + echo " $(date) Found redis master (${MASTER})" + else + echo " $(date) Did not find redis master (${MASTER})" + fi + } + + sentinel_update() { + echo "Updating sentinel config.." + echo " evaluating sentinel id (\${SENTINEL_ID_${INDEX}})" + eval MY_SENTINEL_ID="\$SENTINEL_ID_${INDEX}" + echo " sentinel id (${MY_SENTINEL_ID}), sentinel grp (${MASTER_GROUP}), quorum (${QUORUM})" + sed -i "1s/^/sentinel myid ${MY_SENTINEL_ID}\\n/" "${SENTINEL_CONF}" + if [ "$SENTINEL_TLS_REPLICATION_ENABLED" = true ]; then + echo " redis master (${1}:${REDIS_TLS_PORT})" + sed -i "2s/^/sentinel monitor ${MASTER_GROUP} ${1} ${REDIS_TLS_PORT} ${QUORUM} \\n/" "${SENTINEL_CONF}" + else + echo " redis master (${1}:${REDIS_PORT})" + sed -i "2s/^/sentinel monitor ${MASTER_GROUP} ${1} ${REDIS_PORT} ${QUORUM} \\n/" "${SENTINEL_CONF}" + fi + echo "sentinel announce-ip ${ANNOUNCE_IP}" >> ${SENTINEL_CONF} + if [ "$SENTINEL_PORT" -eq 0 ]; then + echo " announce (${ANNOUNCE_IP}:${SENTINEL_TLS_PORT})" + echo "sentinel announce-port ${SENTINEL_TLS_PORT}" >> ${SENTINEL_CONF} + else + echo " announce (${ANNOUNCE_IP}:${SENTINEL_PORT})" + echo "sentinel announce-port ${SENTINEL_PORT}" >> ${SENTINEL_CONF} + fi + } + + redis_update() { + echo "Updating redis config.." + if [ "$REDIS_TLS_REPLICATION_ENABLED" = true ]; then + echo " we are slave of redis master (${1}:${REDIS_TLS_PORT})" + echo "slaveof ${1} ${REDIS_TLS_PORT}" >> "${REDIS_CONF}" + echo "slave-announce-port ${REDIS_TLS_PORT}" >> ${REDIS_CONF} + else + echo " we are slave of redis master (${1}:${REDIS_PORT})" + echo "slaveof ${1} ${REDIS_PORT}" >> "${REDIS_CONF}" + echo "slave-announce-port ${REDIS_PORT}" >> ${REDIS_CONF} + fi + echo "slave-announce-ip ${ANNOUNCE_IP}" >> ${REDIS_CONF} + } + + copy_config() { + echo "Copying default redis config.." + echo " to '${REDIS_CONF}'" + cp /readonly-config/redis.conf "${REDIS_CONF}" + echo "Copying default sentinel config.." + echo " to '${SENTINEL_CONF}'" + cp /readonly-config/sentinel.conf "${SENTINEL_CONF}" + } + + setup_defaults() { + echo "Setting up defaults.." + echo " using statefulset index (${INDEX})" + if [ "${INDEX}" = "0" ]; then + echo "Setting this pod as master for redis and sentinel.." + echo " using announce (${ANNOUNCE_IP})" + redis_update "${ANNOUNCE_IP}" + sentinel_update "${ANNOUNCE_IP}" + echo " make sure ${ANNOUNCE_IP} is not a slave (slaveof no one)" + sed -i "s/^.*slaveof.*//" "${REDIS_CONF}" + else + echo "Getting redis master ip.." + echo " blindly assuming (${SERVICE}-announce-0) or (${SERVICE}-server-0) are master" + DEFAULT_MASTER="$(getent_hosts 0 | awk '{ print $1 }')" + if [ -z "${DEFAULT_MASTER}" ]; then + echo "Error: Unable to resolve redis master (getent hosts)." + exit 1 + fi + echo " identified redis (may be redis master) ip (${DEFAULT_MASTER})" + echo "Setting default slave config for redis and sentinel.." + echo " using master ip (${DEFAULT_MASTER})" + redis_update "${DEFAULT_MASTER}" + sentinel_update "${DEFAULT_MASTER}" + fi + } + + redis_ping() { + set +e + if [ "$REDIS_PORT" -eq 0 ]; then + redis-cli -h "${MASTER}"{{ if .Values.auth }} -a "${AUTH}" --no-auth-warning{{ end }} -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/{{ .Values.tls.caCertFile }} {{ if ne (default "yes" .Values.sentinel.authClients) "no"}} --cert /tls-certs/{{ .Values.tls.certFile }} --key /tls-certs/{{ .Values.tls.keyFile }}{{ end }} ping + else + redis-cli -h "${MASTER}"{{ if .Values.auth }} -a "${AUTH}" --no-auth-warning{{ end }} -p "${REDIS_PORT}" ping + fi + set -e + } + + redis_ping_retry() { + ping='' + retry=${1} + sleep=3 + for i in $(seq 1 "${retry}"); do + if [ "$(redis_ping)" = "PONG" ]; then + ping='PONG' + break + fi + sleep $((sleep + i)) + MASTER=$(sentinel_get_master) + done + echo "${ping}" + } + + find_master() { + echo "Verifying redis master.." + if [ "$REDIS_PORT" -eq 0 ]; then + echo " ping (${MASTER}:${REDIS_TLS_PORT})" + else + echo " ping (${MASTER}:${REDIS_PORT})" + fi + if [ "$(redis_ping_retry 3)" != "PONG" ]; then + echo " $(date) Can't ping redis master (${MASTER})" + echo "Attempting to force failover (sentinel failover).." + + if [ "$SENTINEL_PORT" -eq 0 ]; then + echo " on sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})" + if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" {{ if .Values.sentinel.auth }} -a "${SENTINELAUTH}" --no-auth-warning{{ end }} --tls --cacert /tls-certs/{{ .Values.tls.caCertFile }} {{ if ne (default "yes" .Values.sentinel.authClients) "no"}} --cert /tls-certs/{{ .Values.tls.certFile }} --key /tls-certs/{{ .Values.tls.keyFile }}{{ end }} sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then + echo " $(date) Failover returned with 'NOGOODSLAVE'" + echo "Setting defaults for this pod.." + setup_defaults + return 0 + fi + else + echo " on sentinel (${SERVICE}:${SENTINEL_PORT}), sentinel grp (${MASTER_GROUP})" + if redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}" {{ if .Values.sentinel.auth }} -a "${SENTINELAUTH}" --no-auth-warning{{ end }} sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then + echo " $(date) Failover returned with 'NOGOODSLAVE'" + echo "Setting defaults for this pod.." + setup_defaults + return 0 + fi + fi + + echo "Hold on for 10sec" + sleep 10 + echo "We should get redis master's ip now. Asking (get-master-addr-by-name).." + if [ "$SENTINEL_PORT" -eq 0 ]; then + echo " sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})" + else + echo " sentinel (${SERVICE}:${SENTINEL_PORT}), sentinel grp (${MASTER_GROUP})" + fi + MASTER="$(sentinel_get_master)" + if [ "${MASTER}" ]; then + echo " $(date) Found redis master (${MASTER})" + echo "Updating redis and sentinel config.." + sentinel_update "${MASTER}" + redis_update "${MASTER}" + else + echo "$(date) Error: Could not failover, exiting..." + exit 1 + fi + else + echo " $(date) Found reachable redis master (${MASTER})" + echo "Updating redis and sentinel config.." + sentinel_update "${MASTER}" + redis_update "${MASTER}" + fi + } + + redis_ro_update() { + echo "Updating read-only redis config.." + echo " redis.conf set 'replica-priority 0'" + echo "replica-priority 0" >> ${REDIS_CONF} + } + + getent_hosts() { + index=${1:-${INDEX}} + service="${SERVICE}-announce-${index}" + host=$(getent hosts "${service}") + echo "${host}" + } + + identify_announce_ip() { + echo "Identify announce ip for this pod.." + echo " using (${SERVICE}-announce-${INDEX}) or (${SERVICE}-server-${INDEX})" + ANNOUNCE_IP=$(getent_hosts | awk '{ print $1 }') + echo " identified announce (${ANNOUNCE_IP})" + } +{{- end }} + +{{- define "vars.sh" }} + HOSTNAME="$(hostname)" + {{- if .Values.ro_replicas }} + RO_REPLICAS="{{ .Values.ro_replicas }}" + {{- end }} + INDEX="${HOSTNAME##*-}" + SENTINEL_PORT={{ .Values.sentinel.port }} + ANNOUNCE_IP='' + MASTER='' + MASTER_GROUP="{{ template "redis-ha.masterGroupName" . }}" + QUORUM="{{ .Values.sentinel.quorum }}" + REDIS_CONF=/data/conf/redis.conf + REDIS_PORT={{ .Values.redis.port }} + REDIS_TLS_PORT={{ .Values.redis.tlsPort }} + SENTINEL_CONF=/data/conf/sentinel.conf + SENTINEL_TLS_PORT={{ .Values.sentinel.tlsPort }} + SERVICE={{ template "redis-ha.fullname" . }} + SENTINEL_TLS_REPLICATION_ENABLED={{ default false .Values.sentinel.tlsReplication }} + REDIS_TLS_REPLICATION_ENABLED={{ default false .Values.redis.tlsReplication }} +{{- end }} + +{{- define "config-init.sh" }} + echo "$(date) Start..." + {{- include "vars.sh" . }} + + set -eu + + {{- include "lib.sh" . }} + + mkdir -p /data/conf/ + + echo "Initializing config.." + copy_config + + # where is redis master + identify_master + + identify_announce_ip + + if [ -z "${ANNOUNCE_IP}" ]; then + "Error: Could not resolve the announce ip for this pod" + exit 1 + elif [ "${MASTER}" ]; then + find_master + else + setup_defaults + fi + + {{- if .Values.ro_replicas }} + # works only if index is less than 10 + echo "Verifying redis read-only replica.." + echo " we have RO_REPLICAS='${RO_REPLICAS}' with INDEX='${INDEX}'" + if echo "${RO_REPLICAS}" | grep -q "${INDEX}" ; then + redis_ro_update + fi + {{- end }} + + if [ "${AUTH:-}" ]; then + echo "Setting redis auth values.." + ESCAPED_AUTH=$(echo "${AUTH}" | sed -e 's/[\/&]/\\&/g'); + sed -i "s/replace-default-auth/${ESCAPED_AUTH}/" "${REDIS_CONF}" "${SENTINEL_CONF}" + fi + + if [ "${SENTINELAUTH:-}" ]; then + echo "Setting sentinel auth values" + ESCAPED_AUTH_SENTINEL=$(echo "$SENTINELAUTH" | sed -e 's/[\/&]/\\&/g'); + sed -i "s/replace-default-sentinel-auth/${ESCAPED_AUTH_SENTINEL}/" "$SENTINEL_CONF" + fi + + echo "$(date) Ready..." +{{- end }} + +{{- define "trigger-failover-if-master.sh" }} + {{- if or (eq (int .Values.redis.port) 0) (eq (int .Values.sentinel.port) 0) }} + TLS_CLIENT_OPTION="--tls --cacert /tls-certs/{{ .Values.tls.caCertFile }}{{ if ne (default "yes" .Values.sentinel.authClients) "no"}} --cert /tls-certs/{{ .Values.tls.certFile }} --key /tls-certs/{{ .Values.tls.keyFile }}{{end}}" + {{- end }} + get_redis_role() { + is_master=$( + redis-cli \ + {{- if .Values.auth }} + -a "${AUTH}" --no-auth-warning \ + {{- end }} + -h localhost \ + {{- if (int .Values.redis.port) }} + -p {{ .Values.redis.port }} \ + {{- else }} + -p {{ .Values.redis.tlsPort }} ${TLS_CLIENT_OPTION} \ + {{- end}} + info | grep -c 'role:master' || true + ) + } + get_redis_role + if [[ "$is_master" -eq 1 ]]; then + echo "This node is currently master, we trigger a failover." + {{- $masterGroupName := include "redis-ha.masterGroupName" . }} + response=$( + redis-cli \ + {{- if .Values.sentinel.auth }} + -a "${SENTINELAUTH}" --no-auth-warning \ + {{- end }} + -h localhost \ + {{- if (int .Values.sentinel.port) }} + -p {{ .Values.sentinel.port }} \ + {{- else }} + -p {{ .Values.sentinel.tlsPort }} ${TLS_CLIENT_OPTION} \ + {{- end}} + SENTINEL failover {{ $masterGroupName }} + ) + if [[ "$response" != "OK" ]] ; then + echo "$response" + exit 1 + fi + timeout=30 + while [[ "$is_master" -eq 1 && $timeout -gt 0 ]]; do + sleep 1 + get_redis_role + timeout=$((timeout - 1)) + done + echo "Failover successful" + fi +{{- end }} + +{{- define "fix-split-brain.sh" }} + {{- include "vars.sh" . }} + + ROLE='' + REDIS_MASTER='' + + set -eu + + {{- include "lib.sh" . }} + + redis_role() { + set +e + if [ "$REDIS_PORT" -eq 0 ]; then + ROLE=$(redis-cli {{ if .Values.auth }} -a "${AUTH}" --no-auth-warning{{ end }} -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/{{ .Values.tls.caCertFile }} {{ if ne (default "yes" .Values.sentinel.authClients) "no"}} --cert /tls-certs/{{ .Values.tls.certFile }} --key /tls-certs/{{ .Values.tls.keyFile }}{{ end }} info | grep role | sed 's/role://' | sed 's/\r//') + else + ROLE=$(redis-cli {{ if .Values.auth }} -a "${AUTH}" --no-auth-warning{{ end }} -p "${REDIS_PORT}" info | grep role | sed 's/role://' | sed 's/\r//') + fi + set -e + } + + identify_redis_master() { + set +e + if [ "$REDIS_PORT" -eq 0 ]; then + REDIS_MASTER=$(redis-cli {{ if .Values.auth }} -a "${AUTH}" --no-auth-warning{{ end }} -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/{{ .Values.tls.caCertFile }} {{ if ne (default "yes" .Values.sentinel.authClients) "no"}} --cert /tls-certs/{{ .Values.tls.certFile }} --key /tls-certs/{{ .Values.tls.keyFile }}{{ end }} info | grep master_host | sed 's/master_host://' | sed 's/\r//') + else + REDIS_MASTER=$(redis-cli {{ if .Values.auth }} -a "${AUTH}" --no-auth-warning{{ end }} -p "${REDIS_PORT}" info | grep master_host | sed 's/master_host://' | sed 's/\r//') + fi + set -e + } + + reinit() { + set +e + sh /readonly-config/init.sh + + if [ "$REDIS_PORT" -eq 0 ]; then + echo "shutdown" | redis-cli {{ if .Values.auth }} -a "${AUTH}" --no-auth-warning{{ end }} -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/{{ .Values.tls.caCertFile }} {{ if ne (default "yes" .Values.sentinel.authClients) "no"}} --cert /tls-certs/{{ .Values.tls.certFile }} --key /tls-certs/{{ .Values.tls.keyFile }}{{ end }} + else + echo "shutdown" | redis-cli {{ if .Values.auth }} -a "${AUTH}" --no-auth-warning{{ end }} -p "${REDIS_PORT}" + fi + set -e + } + + identify_announce_ip + + while [ -z "${ANNOUNCE_IP}" ]; do + echo "Error: Could not resolve the announce ip for this pod." + sleep 30 + identify_announce_ip + done + + trap "exit 0" TERM + while true; do + sleep {{ .Values.splitBrainDetection.interval }} + + # where is redis master + identify_master + + if [ "$MASTER" = "$ANNOUNCE_IP" ]; then + redis_role + if [ "$ROLE" != "master" ]; then + reinit + fi + elif [ "${MASTER}" ]; then + identify_redis_master + if [ "$REDIS_MASTER" != "$MASTER" ]; then + reinit + fi + fi + done + +{{- end }} + +{{- define "config-haproxy.cfg" }} +{{- if .Values.haproxy.customConfig }} +{{ tpl .Values.haproxy.customConfig . | indent 4 }} +{{- else }} + defaults REDIS + mode tcp + timeout connect {{ .Values.haproxy.timeout.connect }} + timeout server {{ .Values.haproxy.timeout.server }} + timeout client {{ .Values.haproxy.timeout.client }} + timeout check {{ .Values.haproxy.timeout.check }} + + listen health_check_http_url + bind {{ if .Values.haproxy.IPv6.enabled }}[::]{{ end }}:8888 {{ if .Values.haproxy.IPv6.enabled }}v4v6{{ end }} + mode http + monitor-uri /healthz + option dontlognull + + {{- $root := . }} + {{- $fullName := include "redis-ha.fullname" . }} + {{- $replicas := int (toString .Values.replicas) }} + {{- $masterGroupName := include "redis-ha.masterGroupName" . }} + {{- range $i := until $replicas }} + # Check Sentinel and whether they are nominated master + backend check_if_redis_is_master_{{ $i }} + mode tcp + option tcp-check + tcp-check connect + {{- if $root.Values.sentinel.auth }} + tcp-check send "AUTH ${SENTINELAUTH}"\r\n + tcp-check expect string +OK + {{- end }} + tcp-check send PING\r\n + tcp-check expect string +PONG + tcp-check send SENTINEL\ get-master-addr-by-name\ {{ $masterGroupName }}\r\n + tcp-check expect string REPLACE_ANNOUNCE{{ $i }} + tcp-check send QUIT\r\n + {{- range $i := until $replicas }} + server R{{ $i }} {{ $fullName }}-announce-{{ $i }}:26379 check inter {{ $root.Values.haproxy.checkInterval }} + {{- end }} + {{- end }} + + # decide redis backend to use + #master + frontend ft_redis_master + {{- if .Values.haproxy.tls.enabled }} + bind {{ if .Values.haproxy.IPv6.enabled }}[::]{{ end }}:{{ $root.Values.haproxy.containerPort }} ssl crt {{ .Values.haproxy.tls.certMountPath }}{{ .Values.haproxy.tls.keyName }} {{ if .Values.haproxy.IPv6.enabled }}v4v6{{ end }} + {{ else }} + bind {{ if .Values.haproxy.IPv6.enabled }}[::]{{ end }}:{{ if ne (int $root.Values.redis.port) 0 }}{{ $root.Values.redis.port }}{{ else }}{{ $root.Values.redis.tlsPort }}{{ end }} {{ if .Values.haproxy.IPv6.enabled }}v4v6{{ end }} + {{- end }} + use_backend bk_redis_master + {{- if .Values.haproxy.readOnly.enabled }} + #slave + frontend ft_redis_slave + bind {{ if .Values.haproxy.IPv6.enabled }}[::]{{ end }}:{{ .Values.haproxy.readOnly.port }} {{ if .Values.haproxy.IPv6.enabled }}v4v6{{ end }} + use_backend bk_redis_slave + {{- end }} + # Check all redis servers to see if they think they are master + backend bk_redis_master + {{- if .Values.haproxy.stickyBalancing }} + balance source + hash-type consistent + {{- end }} + mode tcp + option tcp-check + tcp-check connect + {{- if .Values.auth }} + tcp-check send "AUTH ${AUTH}"\r\n + tcp-check expect string +OK + {{- end }} + tcp-check send PING\r\n + tcp-check expect string +PONG + tcp-check send info\ replication\r\n + tcp-check expect string role:master + tcp-check send QUIT\r\n + tcp-check expect string +OK + {{- range $i := until $replicas }} + use-server R{{ $i }} if { srv_is_up(R{{ $i }}) } { nbsrv(check_if_redis_is_master_{{ $i }}) ge 2 } + server R{{ $i }} {{ $fullName }}-announce-{{ $i }}:{{ $root.Values.redis.port }} check inter {{ $root.Values.haproxy.checkInterval }} fall {{ $root.Values.haproxy.checkFall }} rise 1 + {{- end }} + {{- if .Values.haproxy.readOnly.enabled }} + backend bk_redis_slave + {{- if .Values.haproxy.stickyBalancing }} + balance source + hash-type consistent + {{- end }} + mode tcp + option tcp-check + tcp-check connect + {{- if .Values.auth }} + tcp-check send "AUTH ${AUTH}"\r\n + tcp-check expect string +OK + {{- end }} + tcp-check send PING\r\n + tcp-check expect string +PONG + tcp-check send info\ replication\r\n + tcp-check expect string role:slave + tcp-check send QUIT\r\n + tcp-check expect string +OK + {{- range $i := until $replicas }} + server R{{ $i }} {{ $fullName }}-announce-{{ $i }}:{{ $root.Values.redis.port }} check inter {{ $root.Values.haproxy.checkInterval }} fall {{ $root.Values.haproxy.checkFall }} rise 1 + {{- end }} + {{- end }} + {{- if .Values.haproxy.metrics.enabled }} + frontend stats + mode http + bind {{ if .Values.haproxy.IPv6.enabled }}[::]{{ end }}:{{ .Values.haproxy.metrics.port }} {{ if .Values.haproxy.IPv6.enabled }}v4v6{{ end }} + http-request use-service prometheus-exporter if { path {{ .Values.haproxy.metrics.scrapePath }} } + stats enable + stats uri /stats + stats refresh 10s + {{- end }} +{{- if .Values.haproxy.extraConfig }} + # Additional configuration +{{ .Values.haproxy.extraConfig | indent 4 }} +{{- end }} +{{- end }} +{{- end }} + + +{{- define "config-haproxy_init.sh" }} + HAPROXY_CONF=/data/haproxy.cfg + cp /readonly/haproxy.cfg "$HAPROXY_CONF" + {{- $fullName := include "redis-ha.fullname" . }} + {{- $replicas := int (toString .Values.replicas) }} + {{- range $i := until $replicas }} + for loop in $(seq 1 10); do + getent hosts {{ $fullName }}-announce-{{ $i }} && break + echo "Waiting for service {{ $fullName }}-announce-{{ $i }} to be ready ($loop) ..." && sleep 1 + done + ANNOUNCE_IP{{ $i }}=$(getent hosts "{{ $fullName }}-announce-{{ $i }}" | awk '{ print $1 }') + if [ -z "$ANNOUNCE_IP{{ $i }}" ]; then + echo "Could not resolve the announce ip for {{ $fullName }}-announce-{{ $i }}" + exit 1 + fi + sed -i "s/REPLACE_ANNOUNCE{{ $i }}/$ANNOUNCE_IP{{ $i }}/" "$HAPROXY_CONF" + + {{- end }} +{{- end }} + +{{- define "redis_liveness.sh" }} + {{- if not (ne (int .Values.sentinel.port) 0) }} + TLS_CLIENT_OPTION="--tls --cacert /tls-certs/{{ .Values.tls.caCertFile }}{{ if ne (default "yes" .Values.sentinel.authClients) "no"}} --cert /tls-certs/{{ .Values.tls.certFile }} --key /tls-certs/{{ .Values.tls.keyFile }}{{end}}" + {{- end }} + response=$( + redis-cli \ + {{- if .Values.auth }} + -a "${AUTH}" --no-auth-warning \ + {{- end }} + -h localhost \ + {{- if ne (int .Values.redis.port) 0 }} + -p {{ .Values.redis.port }} \ + {{- else }} + -p {{ .Values.redis.tlsPort }} ${TLS_CLIENT_OPTION} \ + {{- end}} + ping + ) + echo "response=$response" + case $response in + PONG|LOADING*) ;; + *) exit 1 ;; + esac + exit 0 +{{- end }} + +{{- define "redis_readiness.sh" }} + {{- if not (ne (int .Values.sentinel.port) 0) }} + TLS_CLIENT_OPTION="--tls --cacert /tls-certs/{{ .Values.tls.caCertFile }}{{ if ne (default "yes" .Values.sentinel.authClients) "no"}} --cert /tls-certs/{{ .Values.tls.certFile }} --key /tls-certs/{{ .Values.tls.keyFile }}{{end}}" + {{- end }} + response=$( + redis-cli \ + {{- if .Values.auth }} + -a "${AUTH}" --no-auth-warning \ + {{- end }} + -h localhost \ + {{- if ne (int .Values.redis.port) 0 }} + -p {{ .Values.redis.port }} \ + {{- else }} + -p {{ .Values.redis.tlsPort }} ${TLS_CLIENT_OPTION} \ + {{- end}} + ping + ) + if [ "$response" != "PONG" ] ; then + echo "ping=$response" + exit 1 + fi + + response=$( + redis-cli \ + {{- if .Values.auth }} + -a "${AUTH}" --no-auth-warning \ + {{- end }} + -h localhost \ + {{- if ne (int .Values.redis.port) 0 }} + -p {{ .Values.redis.port }} \ + {{- else }} + -p {{ .Values.redis.tlsPort }} ${TLS_CLIENT_OPTION} \ + {{- end}} + role + ) + role=$( echo "$response" | sed "1!d" ) + if [ "$role" = "master" ]; then + echo "role=$role" + exit 0 + elif [ "$role" = "slave" ]; then + repl=$( echo "$response" | sed "4!d" ) + echo "role=$role; repl=$repl" + if [ "$repl" = "connected" ]; then + exit 0 + else + exit 1 + fi + else + echo "role=$role" + exit 1 + fi +{{- end }} + +{{- define "sentinel_liveness.sh" }} + {{- if not (ne (int .Values.sentinel.port) 0) }} + TLS_CLIENT_OPTION="--tls --cacert /tls-certs/{{ .Values.tls.caCertFile }}{{ if ne (default "yes" .Values.sentinel.authClients) "no"}} --cert /tls-certs/{{ .Values.tls.certFile }} --key /tls-certs/{{ .Values.tls.keyFile }}{{end}}" + {{- end }} + response=$( + redis-cli \ + {{- if .Values.sentinel.auth }} + -a "${SENTINELAUTH}" --no-auth-warning \ + {{- end }} + -h localhost \ + {{- if ne (int .Values.sentinel.port) 0 }} + -p {{ .Values.sentinel.port }} \ + {{- else }} + -p {{ .Values.sentinel.tlsPort }} ${TLS_CLIENT_OPTION} \ + {{- end}} + ping + ) + if [ "$response" != "PONG" ]; then + echo "$response" + exit 1 + fi + echo "response=$response" +{{- end }} + diff --git a/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/_helpers.tpl b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/_helpers.tpl new file mode 100644 index 0000000..047e05f --- /dev/null +++ b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/_helpers.tpl @@ -0,0 +1,130 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "redis-ha.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "redis-ha.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + + +{{/* +Return sysctl image +*/}} +{{- define "redis.sysctl.image" -}} +{{- $registryName := default "docker.io" .Values.sysctlImage.registry -}} +{{- $tag := default "latest" .Values.sysctlImage.tag | toString -}} +{{- printf "%s/%s:%s" $registryName .Values.sysctlImage.repository $tag -}} +{{- end -}} + +{{- /* +Credit: @technosophos +https://github.com/technosophos/common-chart/ +labels.standard prints the standard Helm labels. +The standard labels are frequently used in metadata. +*/ -}} +{{- define "labels.standard" -}} +app: {{ template "redis-ha.name" . }} +heritage: {{ .Release.Service | quote }} +release: {{ .Release.Name | quote }} +chart: {{ template "chartref" . }} +{{- end -}} + +{{- /* +Credit: @technosophos +https://github.com/technosophos/common-chart/ +chartref prints a chart name and version. +It does minimal escaping for use in Kubernetes labels. +Example output: + zookeeper-1.2.3 + wordpress-3.2.1_20170219 +*/ -}} +{{- define "chartref" -}} + {{- replace "+" "_" .Chart.Version | printf "%s-%s" .Chart.Name -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "redis-ha.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "redis-ha.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{- define "redis-ha.masterGroupName" -}} +{{- $masterGroupName := tpl ( .Values.redis.masterGroupName | default "") . -}} +{{- $validMasterGroupName := regexMatch "^[\\w-\\.]+$" $masterGroupName -}} +{{- if $validMasterGroupName -}} +{{ $masterGroupName }} +{{- else -}} +{{ required "A valid .Values.redis.masterGroupName entry is required (matching ^[\\w-\\.]+$)" ""}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for poddisruptionbudget. +*/}} +{{- define "redis-ha.podDisruptionBudget.apiVersion" -}} +{{- if .Capabilities.APIVersions.Has "policy/v1" }} +{{- print "policy/v1" -}} +{{- else -}} +{{- print "policy/v1beta1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if the detected platform is Openshift +Usage: +{{- include "common.compatibility.isOpenshift" . -}} +*/}} +{{- define "compatibility.isOpenshift" -}} +{{- if .Capabilities.APIVersions.Has "security.openshift.io/v1" -}} +{{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Render a compatible securityContext depending on the platform. By default it is maintained as it is. In other platforms like Openshift we remove default user/group values that do not work out of the box with the restricted-v1 SCC +Usage: +{{- include "compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) -}} +*/}} +{{- define "compatibility.renderSecurityContext" -}} +{{- $adaptedContext := .secContext -}} + +{{- if (((.context.Values.global).compatibility).openshift) -}} + {{- if or (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "force") (and (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "auto") (include "compatibility.isOpenshift" .context)) -}} + {{/* Remove incompatible user/group values that do not work in Openshift out of the box */}} + {{- $adaptedContext = omit $adaptedContext "fsGroup" "runAsUser" "runAsGroup" -}} + {{- if not .secContext.seLinuxOptions -}} + {{/* If it is an empty object, we remove it from the resulting context because it causes validation issues */}} + {{- $adaptedContext = omit $adaptedContext "seLinuxOptions" -}} + {{- end -}} + {{- end -}} +{{- end -}} +{{/* Remove fields that are disregarded when running the container in privileged mode */}} +{{- if $adaptedContext.privileged -}} + {{- $adaptedContext = omit $adaptedContext "capabilities" "seLinuxOptions" -}} +{{- end -}} +{{- omit $adaptedContext "enabled" | toYaml -}} +{{- end -}}
\ No newline at end of file diff --git a/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-auth-secret.yaml b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-auth-secret.yaml new file mode 100644 index 0000000..a1fd631 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-auth-secret.yaml @@ -0,0 +1,15 @@ +{{- if and .Values.auth (not .Values.existingSecret) -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "redis-ha.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: +{{ include "labels.standard" . | indent 4 }} + {{- range $key, $value := .Values.extraLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} +type: Opaque +data: + {{ .Values.authKey }}: {{ .Values.redisPassword | b64enc | quote }} +{{- end -}} diff --git a/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-ha-announce-service.yaml b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-ha-announce-service.yaml new file mode 100644 index 0000000..dc24249 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-ha-announce-service.yaml @@ -0,0 +1,64 @@ +{{- $fullName := include "redis-ha.fullname" . }} +{{- $namespace := .Release.Namespace -}} +{{- $replicas := int (toString .Values.replicas) }} +{{- $root := . }} +{{- range $i := until $replicas }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ $fullName }}-announce-{{ $i }} + namespace: {{ $namespace | quote}} + labels: +{{ include "labels.standard" $root | indent 4 }} + {{- range $key, $value := $root.Values.extraLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + annotations: +{{- if (semverCompare "<=1.10-0" $.Capabilities.KubeVersion.GitVersion) }} + service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" +{{- end }} + {{- if $root.Values.serviceAnnotations }} +{{ toYaml $root.Values.serviceAnnotations | indent 4 }} + {{- end }} +spec: +{{- if (semverCompare ">=1.11-0" $.Capabilities.KubeVersion.GitVersion) }} + publishNotReadyAddresses: true +{{- end }} + type: ClusterIP + ports: + {{- if ne (int $root.Values.redis.port) 0 }} + - name: tcp-server + port: {{ $root.Values.redis.port }} + protocol: TCP + targetPort: redis + {{- end }} + {{- if $root.Values.redis.tlsPort }} + - name: server-tls + port: {{ $root.Values.redis.tlsPort }} + protocol: TCP + targetPort: redis-tls + {{- end }} + {{- if ne (int $root.Values.sentinel.port) 0 }} + - name: tcp-sentinel + port: {{ $root.Values.sentinel.port }} + protocol: TCP + targetPort: sentinel + {{- end }} + {{- if $root.Values.sentinel.tlsPort }} + - name: sentinel-tls + port: {{ $root.Values.sentinel.tlsPort }} + protocol: TCP + targetPort: sentinel-tls + {{- end }} + {{- if $root.Values.exporter.enabled }} + - name: http-exporter + port: {{ $root.Values.exporter.port }} + protocol: TCP + targetPort: {{ $root.Values.exporter.portName }} + {{- end }} + selector: + release: {{ $root.Release.Name }} + app: {{ include "redis-ha.name" $root }} + "statefulset.kubernetes.io/pod-name": {{ $fullName }}-server-{{ $i }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-ha-configmap.yaml b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-ha-configmap.yaml new file mode 100644 index 0000000..48f2b03 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-ha-configmap.yaml @@ -0,0 +1,37 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "redis-ha.fullname" . }}-configmap + namespace: {{ .Release.Namespace | quote }} + labels: + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app: {{ template "redis-ha.fullname" . }} + {{- range $key, $value := .Values.configmap.labels }} + {{ $key }}: {{ $value | toString }} + {{- end }} + {{- range $key, $value := .Values.extraLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} +data: + redis.conf: | +{{- include "config-redis.conf" . }} + + sentinel.conf: | +{{- include "config-sentinel.conf" . }} + + init.sh: | +{{- include "config-init.sh" . }} + + fix-split-brain.sh: | +{{- include "fix-split-brain.sh" . }} + +{{ if .Values.haproxy.enabled }} + haproxy.cfg: | +{{- include "config-haproxy.cfg" . }} +{{- end }} + haproxy_init.sh: | +{{- include "config-haproxy_init.sh" . }} + trigger-failover-if-master.sh: | +{{- include "trigger-failover-if-master.sh" . }} diff --git a/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-ha-exporter-script-configmap.yaml b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-ha-exporter-script-configmap.yaml new file mode 100644 index 0000000..a649df4 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-ha-exporter-script-configmap.yaml @@ -0,0 +1,14 @@ +{{- if .Values.exporter.script }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "redis-ha.fullname" . }}-exporter-script-configmap + namespace: {{ .Release.Namespace | quote }} + labels: +{{ include "labels.standard" . | indent 4 }} + {{- range $key, $value := .Values.extraLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} +data: + script: {{ toYaml .Values.exporter.script | indent 2 }} +{{- end }}
\ No newline at end of file diff --git a/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-ha-health-configmap.yaml b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-ha-health-configmap.yaml new file mode 100644 index 0000000..7aa7002 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-ha-health-configmap.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "redis-ha.fullname" . }}-health-configmap + namespace: {{ .Release.Namespace | quote }} + labels: + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app: {{ template "redis-ha.fullname" . }} + {{- range $key, $value := .Values.extraLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} +data: + redis_liveness.sh: | +{{- include "redis_liveness.sh" . }} + redis_readiness.sh: | +{{- include "redis_readiness.sh" . }} + sentinel_liveness.sh: | +{{- include "sentinel_liveness.sh" . }} diff --git a/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-ha-network-policy.yaml b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-ha-network-policy.yaml new file mode 100644 index 0000000..8f688ca --- /dev/null +++ b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-ha-network-policy.yaml @@ -0,0 +1,80 @@ +{{- if .Values.networkPolicy.enabled }} +{{- $root := . }} +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: {{ template "redis-ha.fullname" . }}-network-policy + namespace: {{ .Release.Namespace | quote }} +{{- if .Values.networkPolicy.annotations }} + annotations: + {{- range $key, $value := .Values.networkPolicy.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- end }} + labels: +{{ include "labels.standard" . | indent 4 }} + {{- range $key, $value := .Values.networkPolicy.labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + podSelector: + matchLabels: + release: {{ .Release.Name }} + app: {{ template "redis-ha.name" . }} + policyTypes: + - Ingress + - Egress + egress: + - to: + - podSelector: + matchLabels: + release: {{ .Release.Name }} + app: {{ template "redis-ha.name" . }} + ports: + - port: {{ .Values.redis.port }} + protocol: TCP + - port: {{ .Values.sentinel.port }} + protocol: TCP +{{- range $rule := .Values.networkPolicy.egressRules }} + - to: +{{ (tpl (toYaml $rule.selectors) $) | indent 7 }} + ports: +{{ toYaml $rule.ports | indent 7 }} +{{- end }} + ingress: + - from: + - podSelector: + matchLabels: + release: {{ .Release.Name }} + app: {{ template "redis-ha.name" . }} + ports: + - port: {{ .Values.redis.port }} + protocol: TCP + - port: {{ .Values.sentinel.port }} + protocol: TCP +{{- if .Values.haproxy.enabled }} + - from: + - podSelector: + matchLabels: + release: {{ .Release.Name }} + app: {{ template "redis-ha.name" . }}-haproxy + ports: + - port: {{ .Values.redis.port }} + protocol: TCP + - port: {{ .Values.sentinel.port }} + protocol: TCP +{{- end }} +{{- range $rule := .Values.networkPolicy.ingressRules }} + - from: +{{ (tpl (toYaml $rule.selectors) $) | indent 7 }} + ports: +{{- if $rule.ports }} +{{ toYaml $rule.ports | indent 7 }} +{{- else }} + - port: {{ $root.Values.redis.port }} + protocol: TCP + - port: {{ $root.Values.sentinel.port }} + protocol: TCP +{{- end }} +{{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-ha-pdb.yaml b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-ha-pdb.yaml new file mode 100644 index 0000000..fbcb506 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-ha-pdb.yaml @@ -0,0 +1,18 @@ +{{- if .Values.podDisruptionBudget -}} +apiVersion: {{ template "redis-ha.podDisruptionBudget.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ template "redis-ha.fullname" . }}-pdb + namespace: {{ .Release.Namespace | quote }} + labels: +{{ include "labels.standard" . | indent 4 }} + {{- range $key, $value := .Values.extraLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + selector: + matchLabels: + release: {{ .Release.Name }} + app: {{ template "redis-ha.name" . }} +{{ toYaml .Values.podDisruptionBudget | indent 2 }} +{{- end -}} diff --git a/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-ha-prometheus-rule.yaml b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-ha-prometheus-rule.yaml new file mode 100644 index 0000000..e163481 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-ha-prometheus-rule.yaml @@ -0,0 +1,17 @@ +{{- if .Values.prometheusRule.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ template "redis-ha.fullname" . }} + {{- if .Values.prometheusRule.namespace }} + namespace: {{ .Values.prometheusRule.namespace }} + {{- end }} + labels: {{- toYaml .Values.prometheusRule.additionalLabels | nindent 4 }} +spec: + groups: + - name: {{ template "redis-ha.fullname" . }} + {{- if .Values.prometheusRule.interval }} + interval: {{ .Values.prometheusRule.interval }} + {{- end }} + rules: {{- tpl (toYaml .Values.prometheusRule.rules) . | nindent 8 }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-ha-role.yaml b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-ha-role.yaml new file mode 100644 index 0000000..aa65cce --- /dev/null +++ b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-ha-role.yaml @@ -0,0 +1,19 @@ +{{- if and .Values.serviceAccount.create .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "redis-ha.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: +{{ include "labels.standard" . | indent 4 }} + {{- range $key, $value := .Values.extraLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} +rules: +- apiGroups: + - "" + resources: + - endpoints + verbs: + - get +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-ha-rolebinding.yaml b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-ha-rolebinding.yaml new file mode 100644 index 0000000..402ba0d --- /dev/null +++ b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-ha-rolebinding.yaml @@ -0,0 +1,19 @@ +{{- if and .Values.serviceAccount.create .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "redis-ha.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: +{{ include "labels.standard" . | indent 4 }} + {{- range $key, $value := .Values.extraLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} +subjects: +- kind: ServiceAccount + name: {{ template "redis-ha.serviceAccountName" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "redis-ha.fullname" . }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-ha-secret.yaml b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-ha-secret.yaml new file mode 100644 index 0000000..91cc7f2 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-ha-secret.yaml @@ -0,0 +1,32 @@ +{{- if not .Values.restore.existingSecret }} + + +{{- $regexRestoreS3 := "^s3://.+|^S3://.+" -}} +{{- $regexRestoreSSH := "^.+@.+:.+" -}} + +{{- if or (regexFind $regexRestoreSSH (toString .Values.restore.ssh.source)) (regexFind $regexRestoreS3 (toString .Values.restore.s3.source)) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "redis-ha.fullname" . }}-secret + namespace: {{ .Release.Namespace | quote }} + labels: + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app: {{ template "redis-ha.fullname" . }} + {{- range $key, $value := .Values.extraLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} +type: Opaque +data: +{{- if regexFind $regexRestoreSSH (toString .Values.restore.ssh.source) }} + SSH_KEY: "{{ .Values.restore.ssh.key | b64enc }}" +{{- end }} +{{- if regexFind $regexRestoreS3 (toString .Values.restore.s3.source) }} + AWS_SECRET_ACCESS_KEY: "{{ .Values.restore.s3.secret_key | b64enc }}" + AWS_ACCESS_KEY_ID: "{{ .Values.restore.s3.access_key | b64enc }}" +{{- end }} +{{- end }} + +{{- end }}
\ No newline at end of file diff --git a/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-ha-service.yaml b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-ha-service.yaml new file mode 100644 index 0000000..5fe077e --- /dev/null +++ b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-ha-service.yaml @@ -0,0 +1,57 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "redis-ha.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: +{{ include "labels.standard" . | indent 4 }} +{{- if .Values.exporter.enabled }} + exporter: enabled +{{- end }} +{{- range $key, $value := .Values.extraLabels }} + {{ $key }}: {{ $value | quote }} +{{- end }} +{{- range $key, $value := .Values.serviceLabels }} + {{ $key }}: {{ $value | quote }} +{{- end }} + annotations: + {{- if .Values.serviceAnnotations }} +{{ toYaml .Values.serviceAnnotations | indent 4 }} + {{- end }} +spec: + type: ClusterIP + clusterIP: None + ports: + {{- if ne (int .Values.redis.port) 0 }} + - name: tcp-server + port: {{ .Values.redis.port }} + protocol: TCP + targetPort: redis + {{- end }} + {{- if .Values.redis.tlsPort }} + - name: server-tls + port: {{ .Values.redis.tlsPort }} + protocol: TCP + targetPort: redis-tls + {{- end }} + {{- if ne (int .Values.sentinel.port) 0 }} + - name: tcp-sentinel + port: {{ .Values.sentinel.port }} + protocol: TCP + targetPort: sentinel + {{- end }} + {{- if .Values.sentinel.tlsPort }} + - name: sentinel-tls + port: {{ .Values.sentinel.tlsPort }} + protocol: TCP + targetPort: sentinel-tls + {{- end }} +{{- if .Values.exporter.enabled }} + - name: http-exporter-port + port: {{ .Values.exporter.port }} + protocol: TCP + targetPort: {{ .Values.exporter.portName }} +{{- end }} + selector: + release: {{ .Release.Name }} + app: {{ template "redis-ha.name" . }} diff --git a/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-ha-serviceaccount.yaml b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-ha-serviceaccount.yaml new file mode 100644 index 0000000..9e1b21e --- /dev/null +++ b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-ha-serviceaccount.yaml @@ -0,0 +1,31 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "redis-ha.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app: {{ template "redis-ha.fullname" . }} + {{- range $key, $value := .Values.extraLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- if .Values.serviceAccount.annotations }} + annotations: +{{ toYaml .Values.serviceAccount.annotations | indent 4 }} +{{- end }} +{{- if or .Values.auth .Values.sentinel.auth }} +secrets: +{{- end }} +{{- if .Values.auth }} +- name: {{ default (include "redis-ha.fullname" .) .Values.existingSecret }} +{{- end }} +{{- if .Values.sentinel.auth }} +- name: {{ default (printf "%s-sentinel" (include "redis-ha.fullname" .)) .Values.sentinel.existingSecret }} +{{- end }} +{{- if .Values.imagePullSecrets }} +imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 0 }} +{{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-ha-servicemonitor.yaml b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-ha-servicemonitor.yaml new file mode 100644 index 0000000..6b374a8 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-ha-servicemonitor.yaml @@ -0,0 +1,39 @@ +{{- if and ( or .Values.exporter.serviceMonitor.disableAPICheck ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) ) ( .Values.exporter.serviceMonitor.enabled ) ( .Values.exporter.enabled ) }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "redis-ha.fullname" . }} + namespace: {{ .Values.exporter.serviceMonitor.namespace | default .Release.Namespace | quote }} + labels: +{{ include "labels.standard" . | indent 4 }} + {{- range $key, $value := .Values.extraLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- range $key, $value := .Values.exporter.serviceMonitor.labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + endpoints: + - targetPort: {{ .Values.exporter.port }} +{{- if .Values.exporter.serviceMonitor.interval }} + interval: {{ .Values.exporter.serviceMonitor.interval }} +{{- end }} +{{- if .Values.exporter.serviceMonitor.telemetryPath }} + path: {{ .Values.exporter.serviceMonitor.telemetryPath }} +{{- end }} +{{- if .Values.exporter.serviceMonitor.timeout }} + scrapeTimeout: {{ .Values.exporter.serviceMonitor.timeout }} +{{- end }} +{{- with .Values.exporter.serviceMonitor.endpointAdditionalProperties }} +{{- toYaml . | nindent 4 }} +{{- end }} + jobLabel: {{ template "redis-ha.fullname" . }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace | quote }} + selector: + matchLabels: + app: {{ template "redis-ha.name" . }} + release: {{ .Release.Name }} + exporter: enabled +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-ha-statefulset.yaml b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-ha-statefulset.yaml new file mode 100644 index 0000000..1351ab1 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-ha-statefulset.yaml @@ -0,0 +1,668 @@ +{{- $regexRestoreS3 := "^s3://.+|^S3://.+" -}} +{{- $regexRestoreSSH := "^.+@.+:.+" -}} +{{- $regexRestoreRedis := "^redis://(?:[A-Za-z0-9_]+(?::[^@]+)?@)?[A-Za-z0-9.-]+(?::\\d{1,5})?(?:/\\d+)?$" -}} + +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ template "redis-ha.fullname" . }}-server + namespace: {{ .Release.Namespace | quote }} + labels: + {{ template "redis-ha.fullname" . }}: replica + {{- range $key, $value := .Values.extraLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{ include "labels.standard" . | indent 4 }} + annotations: +{{ toYaml .Values.redis.annotations | indent 4 }} +spec: + selector: + matchLabels: + release: {{ .Release.Name }} + app: {{ template "redis-ha.name" . }} + serviceName: {{ template "redis-ha.fullname" . }} + replicas: {{ .Values.replicas }} + podManagementPolicy: {{ .Values.podManagementPolicy }} + updateStrategy: + type: {{ .Values.redis.updateStrategy.type }} + {{- if .Values.redis.minReadySeconds }} + minReadySeconds: {{ .Values.redis.minReadySeconds }} + {{- end }} + template: + metadata: + annotations: + checksum/init-config: {{ print (include "config-redis.conf" .) (include "config-sentinel.conf" .) (include "config-init.sh" .) (include "fix-split-brain.sh" .) (include "redis_liveness.sh" .) (include "redis_readiness.sh" .) (include "sentinel_liveness.sh" .) (include "trigger-failover-if-master.sh" .)| sha256sum }} + {{- if .Values.podAnnotations }} +{{ toYaml .Values.podAnnotations | indent 8 }} + {{- end }} + {{- if and (.Values.exporter.enabled) (not .Values.exporter.serviceMonitor.enabled) }} + prometheus.io/port: "{{ .Values.exporter.port }}" + prometheus.io/scrape: "true" + prometheus.io/path: {{ .Values.exporter.scrapePath }} + {{- end }} + labels: + release: {{ .Release.Name }} + app: {{ template "redis-ha.name" . }} + {{ template "redis-ha.fullname" . }}: replica + {{- range $key, $value := .Values.labels }} + {{ $key }}: {{ $value | toString }} + {{- end }} + {{- range $key, $value := .Values.extraLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + spec: + {{- if .Values.redis.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.redis.terminationGracePeriodSeconds }} + {{- end }} + {{- if .Values.schedulerName }} + schedulerName: "{{ .Values.schedulerName }}" + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: +{{ toYaml .Values.tolerations | indent 8 }} + {{- end }} + affinity: + {{- if .Values.affinity }} + {{- with .Values.affinity }} +{{ tpl . $ | indent 8 }} + {{- end }} + {{- else }} + {{- if .Values.additionalAffinities }} +{{ toYaml .Values.additionalAffinities | indent 8 }} + {{- end }} + podAntiAffinity: + {{- if .Values.hardAntiAffinity }} + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app: {{ template "redis-ha.name" . }} + release: {{ .Release.Name }} + {{ template "redis-ha.fullname" . }}: replica + topologyKey: kubernetes.io/hostname + {{- else }} + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchLabels: + app: {{ template "redis-ha.name" . }} + release: {{ .Release.Name }} + {{ template "redis-ha.fullname" . }}: replica + topologyKey: kubernetes.io/hostname + {{- end }} + {{- end }} + {{- if .Values.topologySpreadConstraints.enabled }} + topologySpreadConstraints: + - maxSkew: {{ .Values.topologySpreadConstraints.maxSkew | default 1 }} + topologyKey: {{ .Values.topologySpreadConstraints.topologyKey | default "topology.kubernetes.io/zone" }} + whenUnsatisfiable: {{ .Values.topologySpreadConstraints.whenUnsatisfiable | default "ScheduleAnyway" }} + labelSelector: + matchLabels: + app: {{ template "redis-ha.name" . }} + release: {{ .Release.Name }} + {{ template "redis-ha.fullname" . }}: replica + {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }} + {{- end }} + securityContext: {{- include "compatibility.renderSecurityContext" (dict "secContext" .Values.securityContext "context" $) | nindent 8 }} + serviceAccountName: {{ template "redis-ha.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.serviceAccount.automountToken }} + initContainers: + {{- if .Values.sysctlImage.enabled }} + - name: init-sysctl + image: {{ template "redis.sysctl.image" . }} + imagePullPolicy: {{ .Values.sysctlImage.pullPolicy }} + resources: {{ toYaml .Values.sysctlImage.resources | nindent 10 }} + {{- if .Values.sysctlImage.mountHostSys }} + volumeMounts: + - name: host-sys + mountPath: /host-sys + {{- end }} + command: {{ toYaml .Values.sysctlImage.command | nindent 10 }} + securityContext: {{- include "compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 10 }} + {{- end }} +{{- if and .Values.hostPath.path .Values.hostPath.chown }} + - name: hostpath-chown + image: {{ .Values.image.repository }}:{{ .Values.image.tag }} + securityContext: {{- include "compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 10 }} + command: + - chown + - "{{ .Values.containerSecurityContext.runAsUser }}" + - /data + volumeMounts: + - name: data + mountPath: /data +{{- end }} + - name: config-init + image: {{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + resources: +{{ toYaml .Values.init.resources | indent 10 }} + command: + - sh + args: + - /readonly-config/init.sh + securityContext: {{- include "compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 10 }} + env: +{{- $replicas := int (toString .Values.replicas) -}} +{{- range $i := until $replicas }} + - name: SENTINEL_ID_{{ $i }} + value: {{ printf "%s\n%s\nindex: %d" (include "redis-ha.name" $) ($.Release.Name) $i | sha256sum | trunc 40 }} +{{- end }} +{{- if .Values.auth }} + - name: AUTH + valueFrom: + secretKeyRef: + {{- if .Values.existingSecret }} + name: {{ .Values.existingSecret }} + {{- else }} + name: {{ template "redis-ha.fullname" . }} + {{- end }} + key: {{ .Values.authKey }} +{{- end }} +{{- if .Values.sentinel.auth }} + - name: SENTINELAUTH + valueFrom: + secretKeyRef: + {{- if .Values.sentinel.existingSecret }} + name: {{ .Values.sentinel.existingSecret }} + {{- else }} + name: {{ template "redis-ha.fullname" . }}-sentinel + {{- end }} + key: {{ .Values.sentinel.authKey }} +{{- end }} + volumeMounts: + - name: config + mountPath: /readonly-config + readOnly: true + - name: data + mountPath: /data + {{- if .Values.redis.tlsPort }} + - mountPath: /tls-certs + name: tls-certs + {{- end}} +{{ if regexFind $regexRestoreS3 (toString .Values.restore.s3.source) }} + - name: restore-s3 + image: s3cmd/s3cmd:latest + imagePullPolicy: {{ .Values.image.pullPolicy }} + resources: +{{ toYaml .Values.init.resources | indent 10 }} + command: + - sh + args: + - "-c" + - "timeout -t {{ .Values.restore.timeout }} \ + s3cmd get {{ if .Values.restore.s3.region }}--region {{ .Values.restore.s3.region }} {{ end }}--force '{{ .Values.restore.s3.source }}' /data/dump.rdb_ \ + && test -s /data/dump.rdb_ \ + && if test -s /data/dump.rdb; \ + then cp -v /data/dump.rdb /data/dump.rdb_orig; fi \ + && mv -v /data/dump.rdb_ /data/dump.rdb" + envFrom: + - secretRef: + {{- if .Values.restore.existingSecret }} + name: {{ .Values.existingSecret }} + {{- else }} + name: {{ include "redis-ha.fullname" . }}-secret + {{- end }} + volumeMounts: + - name: data + mountPath: /data +{{- end }} +{{ if regexFind $regexRestoreSSH (toString .Values.restore.ssh.source) }} + - name: restore-ssh + image: lgatica/openssh-client:latest + imagePullPolicy: {{ .Values.image.pullPolicy }} + resources: +{{ toYaml .Values.init.resources | indent 10 }} + command: + - sh + args: + - "-c" + - "rm -f key && echo -e \"${SSH_KEY}\" >key \ + && chmod 400 key \ + && timeout {{ .Values.restore.timeout }} \ + scp -i key \ + -o StrictHostKeyChecking=no \ + -o UserKnownHostsFile=/dev/null \ + '{{ .Values.restore.ssh.source }}' \ + /data/dump.rdb_ \ + && test -s /data/dump.rdb_ \ + && if test -s /data/dump.rdb; \ + then cp -v /data/dump.rdb /data/dump.rdb_orig; fi \ + && mv -v /data/dump.rdb_ /data/dump.rdb" + securityContext: {{- include "compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 10 }} + envFrom: + - secretRef: + {{- if .Values.restore.existingSecret }} + name: {{ .Values.existingSecret }} + {{- else }} + name: {{ include "redis-ha.fullname" . }}-secret + {{- end }} + volumeMounts: + - name: data + mountPath: /data +{{- end }} +{{ if regexFind $regexRestoreRedis (toString .Values.restore.redis.source) }} + - name: restore-redis + image: {{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + resources: +{{ toYaml .Values.init.resources | indent 10 }} + command: + - sh + args: + - "-c" + - "echo $HOSTNAME | grep -q 'ha-server-0' \ + && nc -w 5 -vz {{ regexReplaceAll "^redis:\\/\\/(.*)" .Values.restore.redis.source "${1}" }} \ + && test ! -s /data/dump.rdb \ + && timeout {{ .Values.restore.timeout }} \ + redis-cli -u {{ .Values.restore.redis.source }} --rdb /data/dump.rdb_ \ + && test -s /data/dump.rdb_ \ + && if test -s /data/dump.rdb; \ + then cp -v /data/dump.rdb /data/dump.rdb_orig; fi \ + && mv -v /data/dump.rdb_ /data/dump.rdb || true" + {{- if .Values.restore.existingSecret }} + envFrom: + - secretRef: + name: {{ .Values.existingSecret }} + {{- end }} + volumeMounts: + - name: data + mountPath: /data +{{- end }} +{{- if .Values.extraInitContainers }} +{{- toYaml .Values.extraInitContainers | nindent 6 }} +{{- end }} + containers: + - name: redis + image: {{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: + {{- if .Values.redis.customCommand }} +{{ toYaml .Values.redis.customCommand | indent 10 }} + {{- else }} + - redis-server + {{- end }} + args: + {{- if .Values.redis.customArgs }} +{{ toYaml .Values.redis.customArgs | indent 10 }} + {{- else }} + - /data/conf/redis.conf + {{- end }} + securityContext: {{- include "compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 10 }} + {{- if .Values.auth }} + env: + - name: AUTH + valueFrom: + secretKeyRef: + {{- if .Values.existingSecret }} + name: {{ .Values.existingSecret }} + {{- else }} + name: {{ template "redis-ha.fullname" . }} + {{- end }} + key: {{ .Values.authKey }} + {{- end }} + {{- if .Values.redis.envFrom }} + envFrom: +{{ toYaml .Values.redis.envFrom | indent 10 }} + {{- end }} + {{- if .Values.redis.livenessProbe.enabled }} + livenessProbe: + initialDelaySeconds: {{ .Values.redis.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.redis.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.redis.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.redis.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.redis.livenessProbe.failureThreshold }} + exec: + command: + - sh + - -c + - /health/redis_liveness.sh + {{- end }} + {{- if .Values.redis.readinessProbe.enabled }} + readinessProbe: + initialDelaySeconds: {{ .Values.redis.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.redis.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.redis.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.redis.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.redis.readinessProbe.failureThreshold }} + exec: + command: + - sh + - -c + - /health/redis_readiness.sh + {{- end }} + {{- if .Values.redis.startupProbe.enabled }} + startupProbe: + initialDelaySeconds: {{ .Values.redis.startupProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.redis.startupProbe.periodSeconds }} + timeoutSeconds: {{ .Values.redis.startupProbe.timeoutSeconds }} + successThreshold: {{ .Values.redis.startupProbe.successThreshold }} + failureThreshold: {{ .Values.redis.startupProbe.failureThreshold }} + exec: + command: + - sh + - -c + - /health/redis_readiness.sh + {{- end }} + resources: +{{ toYaml .Values.redis.resources | indent 10 }} + ports: + {{- if ne (int .Values.redis.port) 0 }} + - name: redis + containerPort: {{ .Values.redis.port }} + {{- end }} + {{- if .Values.redis.tlsPort }} + - name: redis-tls + containerPort: {{ .Values.redis.tlsPort }} + {{- end }} + volumeMounts: + - name: config + mountPath: /readonly-config + readOnly: true + - mountPath: /data + name: data + {{- if .Values.redis.tlsPort }} + - mountPath: /tls-certs + name: tls-certs + {{- end}} + - mountPath: /health + name: health +{{- if .Values.redis.extraVolumeMounts }} +{{- toYaml .Values.redis.extraVolumeMounts | nindent 8 }} +{{- end }} + lifecycle: +{{ toYaml .Values.redis.lifecycle | indent 10 }} + - name: sentinel + image: {{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: + {{- if .Values.sentinel.customCommand }} +{{ toYaml .Values.sentinel.customCommand | indent 10 }} + {{- else }} + - redis-sentinel + {{- end }} + args: + {{- if .Values.sentinel.customArgs }} +{{ toYaml .Values.sentinel.customArgs | indent 10 }} + {{- else }} + - /data/conf/sentinel.conf + {{- end }} + securityContext: {{- include "compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 10 }} +{{- if or .Values.auth .Values.sentinel.auth}} + env: + {{- if .Values.auth }} + - name: AUTH + valueFrom: + secretKeyRef: + {{- if .Values.existingSecret }} + name: {{ .Values.existingSecret }} + {{- else }} + name: {{ template "redis-ha.fullname" . }} + {{- end }} + key: {{ .Values.authKey }} + {{- end }} + {{- if .Values.sentinel.auth }} + - name: SENTINELAUTH + valueFrom: + secretKeyRef: + {{- if .Values.sentinel.existingSecret }} + name: {{ .Values.sentinel.existingSecret }} + {{- else }} + name: {{ template "redis-ha.fullname" . }}-sentinel + {{- end }} + key: {{ .Values.sentinel.authKey }} + {{- end }} +{{- end }} + {{- if .Values.sentinel.livenessProbe.enabled }} + livenessProbe: + initialDelaySeconds: {{ .Values.sentinel.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.sentinel.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.sentinel.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.sentinel.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.sentinel.livenessProbe.failureThreshold }} + exec: + command: + - sh + - -c + - /health/sentinel_liveness.sh + {{- end }} + {{- if .Values.sentinel.readinessProbe.enabled }} + readinessProbe: + initialDelaySeconds: {{ .Values.sentinel.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.sentinel.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.sentinel.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.sentinel.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.sentinel.readinessProbe.failureThreshold }} + exec: + command: + - sh + - -c + - /health/sentinel_liveness.sh + {{- end }} + {{- if .Values.sentinel.startupProbe.enabled }} + startupProbe: + initialDelaySeconds: {{ .Values.sentinel.startupProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.sentinel.startupProbe.periodSeconds }} + timeoutSeconds: {{ .Values.sentinel.startupProbe.timeoutSeconds }} + successThreshold: {{ .Values.sentinel.startupProbe.successThreshold }} + failureThreshold: {{ .Values.sentinel.startupProbe.failureThreshold }} + exec: + command: + - sh + - -c + - /health/sentinel_liveness.sh + {{- end }} + resources: +{{ toYaml .Values.sentinel.resources | indent 10 }} + ports: + {{- if ne (int .Values.sentinel.port) 0 }} + - name: sentinel + containerPort: {{ .Values.sentinel.port }} + {{- end }} + {{- if .Values.sentinel.tlsPort }} + - name: sentinel-tls + containerPort: {{ .Values.sentinel.tlsPort }} + {{- end }} + volumeMounts: + - mountPath: /data + name: data + {{- if .Values.redis.tlsPort }} + - mountPath: /tls-certs + name: tls-certs + {{- end }} + - mountPath: /health + name: health +{{- if .Values.sentinel.extraVolumeMounts }} +{{- toYaml .Values.sentinel.extraVolumeMounts | nindent 8 }} +{{- end }} + lifecycle: +{{ toYaml .Values.sentinel.lifecycle | indent 10 }} + + - name: split-brain-fix + image: {{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: + - sh + args: + - /readonly-config/fix-split-brain.sh + securityContext: {{- include "compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 10 }} + env: +{{- $replicas := int (toString .Values.replicas) -}} +{{- range $i := until $replicas }} + - name: SENTINEL_ID_{{ $i }} + value: {{ printf "%s\n%s\nindex: %d" (include "redis-ha.name" $) ($.Release.Name) $i | sha256sum | trunc 40 }} +{{- end }} +{{- if .Values.auth }} + - name: AUTH + valueFrom: + secretKeyRef: + {{- if .Values.existingSecret }} + name: {{ .Values.existingSecret }} + {{- else }} + name: {{ template "redis-ha.fullname" . }} + {{- end }} + key: {{ .Values.authKey }} +{{- end }} +{{- if .Values.sentinel.auth }} + - name: SENTINELAUTH + valueFrom: + secretKeyRef: + {{- if .Values.sentinel.existingSecret }} + name: {{ .Values.sentinel.existingSecret }} + {{- else }} + name: {{ template "redis-ha.fullname" . }}-sentinel + {{- end }} + key: {{ .Values.sentinel.authKey }} +{{- end }} + resources: + {{- toYaml .Values.splitBrainDetection.resources | nindent 10 }} + volumeMounts: + - name: config + mountPath: /readonly-config + readOnly: true + - mountPath: /data + name: data + {{- if .Values.redis.tlsPort }} + - mountPath: /tls-certs + name: tls-certs + {{- end }} + +{{- if .Values.exporter.enabled }} + - name: redis-exporter + image: "{{ .Values.exporter.image }}:{{ .Values.exporter.tag }}" + imagePullPolicy: {{ .Values.exporter.pullPolicy }} + args: + {{- range $key, $value := .Values.exporter.extraArgs }} + - --{{ $key }}={{ $value }} + {{- end }} + securityContext: {{- include "compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 10 }} + env: + - name: REDIS_ADDR + {{- if .Values.exporter.sslEnabled }} + value: rediss://{{ default "localhost" .Values.exporter.address }}:{{ .Values.redis.tlsPort }} + {{- else }} + value: redis://{{ default "localhost" .Values.exporter.address }}:{{ .Values.redis.port }} + {{- end }} + {{- if .Values.auth }} + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.existingSecret }} + name: {{ .Values.existingSecret }} + {{- else }} + name: {{ template "redis-ha.fullname" . }} + {{- end }} + key: {{ .Values.authKey }} + {{- end }} + {{- if .Values.exporter.script }} + - name: REDIS_EXPORTER_SCRIPT + value: /script/script.lua + {{- end }} + {{- if .Values.exporter.sslEnabled }} + - name: REDIS_EXPORTER_TLS_CLIENT_KEY_FILE + value: /tls-certs/{{ .Values.tls.keyFile }} + - name: REDIS_EXPORTER_TLS_CLIENT_CERT_FILE + value: /tls-certs/{{ .Values.tls.certFile }} + - name: REDIS_EXPORTER_TLS_CA_CERT_FILE + value: /tls-certs/{{ .Values.tls.caCertFile }} + {{- end }} + livenessProbe: +{{ toYaml .Values.exporter.livenessProbe | indent 10 }} + readinessProbe: +{{ toYaml .Values.exporter.readinessProbe | indent 10 }} + resources: +{{ toYaml .Values.exporter.resources | indent 10 }} + ports: + - name: {{ .Values.exporter.portName }} + containerPort: {{ .Values.exporter.port }} + volumeMounts: + {{- if .Values.exporter.script }} + - mountPath: /script + name: script-mount + {{- end }} + {{- if .Values.exporter.sslEnabled }} + - mountPath: /tls-certs + name: tls-certs + {{- end }} +{{- end }} +{{- if .Values.extraContainers }} +{{- toYaml .Values.extraContainers | nindent 6 }} +{{- end -}} + {{- with .Values.priorityClassName | default .Values.global.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + volumes: + - name: config + configMap: + name: {{ template "redis-ha.fullname" . }}-configmap + {{- if .Values.sysctlImage.mountHostSys }} + - name: host-sys + hostPath: + path: /sys + {{- end }} + {{- if .Values.exporter.script }} + - name: script-mount + configMap: + name: {{ template "redis-ha.fullname" . }}-exporter-script-configmap + items: + - key: script + path: script.lua + {{- end }} + {{- if .Values.redis.tlsPort }} + - name: tls-certs + secret: + {{- if .Values.tls.secretName }} + secretName: {{ .Values.tls.secretName }} + {{- else }} + secretName: {{ template "redis-ha.fullname" . }}-tls-secret + {{- end }} + {{- end }} + - name: health + configMap: + name: {{ template "redis-ha.fullname" . }}-health-configmap + defaultMode: 0755 +{{- if .Values.extraVolumes }} +{{- toYaml .Values.extraVolumes | nindent 6 }} +{{- end -}} +{{- if .Values.persistentVolume.enabled }} + volumeClaimTemplates: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: data + annotations: + {{- range $key, $value := .Values.persistentVolume.annotations }} + {{ $key }}: {{ $value }} + {{- end }} + labels: {{- toYaml .Values.persistentVolume.labels | nindent 8 }} + + spec: + accessModes: + {{- range .Values.persistentVolume.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistentVolume.size | quote }} + {{- if .Values.persistentVolume.storageClass }} + {{- if (eq "-" .Values.persistentVolume.storageClass) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.persistentVolume.storageClass }}" + {{- end }} +{{- end }} +{{- else if .Values.hostPath.path }} + - name: data + hostPath: + path: {{ tpl .Values.hostPath.path .}} +{{- else }} + - name: data + emptyDir: +{{ toYaml .Values.emptyDir | indent 10 }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-haproxy-deployment.yaml b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-haproxy-deployment.yaml new file mode 100644 index 0000000..07677fc --- /dev/null +++ b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-haproxy-deployment.yaml @@ -0,0 +1,202 @@ +{{- if .Values.haproxy.enabled }} +kind: Deployment +apiVersion: apps/v1 +metadata: + name: {{ template "redis-ha.fullname" . }}-haproxy + namespace: {{ .Release.Namespace | quote }} + labels: +{{ include "labels.standard" . | indent 4 }} + {{- range $key, $value := .Values.extraLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + {{- with .Values.haproxy.deploymentStrategy }} + strategy: + {{- toYaml . | nindent 4 }} + {{- end }} + revisionHistoryLimit: 1 + replicas: {{ .Values.haproxy.replicas }} + selector: + matchLabels: + app: {{ template "redis-ha.name" . }}-haproxy + release: {{ .Release.Name }} + template: + metadata: + name: {{ template "redis-ha.fullname" . }}-haproxy + labels: + app: {{ template "redis-ha.name" . }}-haproxy + release: {{ .Release.Name }} + {{- range $key, $value := .Values.haproxy.labels }} + {{ $key }}: {{ $value | toString }} + {{- end }} + {{- range $key, $value := .Values.extraLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + annotations: + {{- if and (.Values.haproxy.metrics.enabled) (not .Values.haproxy.metrics.serviceMonitor.enabled) }} + prometheus.io/port: "{{ .Values.haproxy.metrics.port }}" + prometheus.io/scrape: "true" + prometheus.io/path: "{{ .Values.haproxy.metrics.scrapePath }}" + {{- end }} + checksum/config: {{ print (include "config-haproxy.cfg" .) (include "config-haproxy_init.sh" .) | sha256sum }} + {{- if .Values.haproxy.annotations }} +{{ toYaml .Values.haproxy.annotations | indent 8 }} + {{- end }} + spec: + # Needed when using unmodified rbac-setup.yml + {{ if .Values.haproxy.serviceAccount.create }} + serviceAccountName: {{ template "redis-ha.serviceAccountName" . }}-haproxy + {{- else }} + serviceAccountName: {{ .Values.haproxy.serviceAccountName }} + {{- end }} + securityContext: {{- include "compatibility.renderSecurityContext" (dict "secContext" .Values.haproxy.securityContext "context" $) | nindent 8 }} + automountServiceAccountToken: {{ .Values.haproxy.serviceAccount.automountToken }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + tolerations: +{{ toYaml .Values.tolerations | indent 8 }} + affinity: + {{- if .Values.haproxy.affinity }} + {{- with .Values.haproxy.affinity }} +{{ tpl . $ | indent 8 }} + {{- end }} + {{- else }} + {{- if .Values.haproxy.additionalAffinities }} +{{ toYaml .Values.haproxy.additionalAffinities | indent 8 }} + {{- end }} + podAntiAffinity: + {{- if .Values.haproxy.hardAntiAffinity }} + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app: {{ template "redis-ha.name" . }}-haproxy + release: {{ .Release.Name }} + topologyKey: kubernetes.io/hostname + {{- else }} + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchLabels: + app: {{ template "redis-ha.name" . }}-haproxy + release: {{ .Release.Name }} + topologyKey: kubernetes.io/hostname + {{- end }} + {{- end }} + {{- if .Values.topologySpreadConstraints.enabled }} + topologySpreadConstraints: + - maxSkew: {{ .Values.topologySpreadConstraints.maxSkew | default 1 }} + topologyKey: {{ .Values.topologySpreadConstraints.topologyKey | default "topology.kubernetes.io/zone" }} + whenUnsatisfiable: {{ .Values.topologySpreadConstraints.whenUnsatisfiable | default "ScheduleAnyway" }} + labelSelector: + matchLabels: + app: {{ template "redis-ha.name" . }}-haproxy + release: {{ .Release.Name }} + {{- end }} + initContainers: + - name: config-init + image: {{ .Values.haproxy.image.repository }}:{{ .Values.haproxy.image.tag }} + imagePullPolicy: {{ .Values.haproxy.image.pullPolicy }} + resources: +{{ toYaml .Values.haproxy.init.resources | indent 10 }} + command: + - sh + args: + - /readonly/haproxy_init.sh + securityContext: {{- include "compatibility.renderSecurityContext" (dict "secContext" .Values.haproxy.containerSecurityContext "context" $) | nindent 10 }} + volumeMounts: + - name: config-volume + mountPath: /readonly + readOnly: true + - name: data + mountPath: /data + {{- if .Values.haproxy.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.haproxy.imagePullSecrets | nindent 8 }} + {{- end }} + containers: + - name: haproxy + image: {{ .Values.haproxy.image.repository }}:{{ .Values.haproxy.image.tag }} + imagePullPolicy: {{ .Values.haproxy.image.pullPolicy }} + securityContext: {{- include "compatibility.renderSecurityContext" (dict "secContext" .Values.haproxy.containerSecurityContext "context" $) | nindent 10 }} + {{- if or .Values.auth .Values.sentinel.auth}} + env: + {{- if .Values.auth }} + - name: AUTH + valueFrom: + secretKeyRef: + {{- if .Values.existingSecret }} + name: {{ .Values.existingSecret }} + {{- else }} + name: {{ template "redis-ha.fullname" . }} + {{- end }} + key: {{ .Values.authKey }} + {{- end }} + {{- if .Values.sentinel.auth }} + - name: SENTINELAUTH + valueFrom: + secretKeyRef: + {{- if .Values.sentinel.existingSecret }} + name: {{ .Values.sentinel.existingSecret }} + {{- else }} + name: {{ template "redis-ha.fullname" . }}-sentinel + {{- end }} + key: {{ .Values.sentinel.authKey }} + {{- end }} + {{- end }} + livenessProbe: + httpGet: + path: /healthz + port: probe + initialDelaySeconds: 5 + periodSeconds: 3 + readinessProbe: + httpGet: + path: /healthz + port: probe + initialDelaySeconds: 5 + periodSeconds: 3 + ports: + - name: probe + containerPort: 8888 + - name: redis + containerPort: {{ default "6379" .Values.haproxy.containerPort }} + {{- if .Values.haproxy.readOnly.enabled }} + - name: readonlyport + containerPort: {{ default "6380" .Values.haproxy.readOnly.port }} + {{- end }} + {{- if .Values.haproxy.metrics.enabled }} + - name: metrics-port + containerPort: {{ default "9101" .Values.haproxy.metrics.port }} + {{- end }} + resources: +{{ toYaml .Values.haproxy.resources | indent 10 }} + volumeMounts: + - name: data + mountPath: /usr/local/etc/haproxy + - name: shared-socket + mountPath: /run/haproxy +{{- if .Values.haproxy.tls.enabled }} + - name: pemfile + mountPath: {{ .Values.haproxy.tls.certMountPath }} +{{- end }} + lifecycle: +{{ toYaml .Values.haproxy.lifecycle | indent 10 }} + {{- with .Values.haproxy.priorityClassName | default .Values.global.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + volumes: +{{- if .Values.haproxy.tls.enabled }} + - name: pemfile + secret: + secretName: {{ .Values.haproxy.tls.secretName }} +{{- end }} + - name: config-volume + configMap: + name: {{ template "redis-ha.fullname" . }}-configmap + - name: shared-socket + emptyDir: +{{ toYaml .Values.haproxy.emptyDir | indent 10 }} + - name: data + emptyDir: +{{ toYaml .Values.haproxy.emptyDir | indent 10 }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-haproxy-network-policy.yaml b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-haproxy-network-policy.yaml new file mode 100644 index 0000000..2b746ea --- /dev/null +++ b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-haproxy-network-policy.yaml @@ -0,0 +1,74 @@ +{{- if and .Values.haproxy.enabled .Values.haproxy.networkPolicy.enabled }} +{{- $root := . }} +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: {{ template "redis-ha.fullname" . }}-haproxy-network-policy + namespace: {{ .Release.Namespace | quote }} + {{- if .Values.haproxy.networkPolicy.annotations }} + annotations: + {{- range $key, $value := .Values.haproxy.networkPolicy.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "labels.standard" . | nindent 4 }} + {{- range $key, $value := .Values.haproxy.networkPolicy.labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + podSelector: + matchLabels: + release: {{ .Release.Name }} + app: {{ template "redis-ha.name" . }}-haproxy + policyTypes: + - Ingress + - Egress + egress: + - to: + - podSelector: + matchLabels: + release: {{ .Release.Name }} + app: {{ template "redis-ha.name" . }} + ports: + - port: {{ .Values.redis.port }} + protocol: TCP + - port: {{ .Values.sentinel.port }} + protocol: TCP + - to: + - namespaceSelector: {} + ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + {{- range $rule := .Values.haproxy.networkPolicy.egressRules }} + - to: + {{- (tpl (toYaml $rule.selectors) $) | nindent 8 }} + ports: + {{- toYaml $rule.ports | nindent 8 }} + {{- end }} + ingress: + - from: + - podSelector: + matchLabels: + release: {{ .Release.Name }} + app: {{ template "redis-ha.name" . }} + ports: + - port: {{ .Values.redis.port }} + protocol: TCP + - port: {{ .Values.sentinel.port }} + protocol: TCP + {{- range $rule := .Values.haproxy.networkPolicy.ingressRules }} + - from: + {{- (tpl (toYaml $rule.selectors) $) | nindent 8 }} + ports: + {{- if $rule.ports }} + {{- toYaml $rule.ports | nindent 8 }} + {{- end }} + - port: {{ $root.Values.redis.port }} + protocol: TCP + - port: {{ $root.Values.sentinel.port }} + protocol: TCP + {{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-haproxy-pdb.yaml b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-haproxy-pdb.yaml new file mode 100644 index 0000000..9094ddf --- /dev/null +++ b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-haproxy-pdb.yaml @@ -0,0 +1,18 @@ +{{- if .Values.haproxy.podDisruptionBudget -}} +apiVersion: {{ template "redis-ha.podDisruptionBudget.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ template "redis-ha.fullname" . }}-haproxy-pdb + namespace: {{ .Release.Namespace | quote }} + labels: +{{ include "labels.standard" . | indent 4 }} + {{- range $key, $value := .Values.extraLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + selector: + matchLabels: + release: {{ .Release.Name }} + app: {{ template "redis-ha.name" . }}-haproxy +{{ toYaml .Values.haproxy.podDisruptionBudget | indent 2 }} +{{- end -}} diff --git a/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-haproxy-role.yaml b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-haproxy-role.yaml new file mode 100644 index 0000000..c6fd1df --- /dev/null +++ b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-haproxy-role.yaml @@ -0,0 +1,22 @@ +{{- if .Values.haproxy.enabled }} +{{- if and .Values.haproxy.serviceAccount.create .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "redis-ha.fullname" . }}-haproxy + namespace: {{ .Release.Namespace | quote }} + labels: +{{ include "labels.standard" . | indent 4 }} + component: {{ template "redis-ha.fullname" . }}-haproxy + {{- range $key, $value := .Values.extraLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} +rules: +- apiGroups: + - "" + resources: + - endpoints + verbs: + - get +{{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-haproxy-rolebinding.yaml b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-haproxy-rolebinding.yaml new file mode 100644 index 0000000..629de55 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-haproxy-rolebinding.yaml @@ -0,0 +1,22 @@ +{{- if .Values.haproxy.enabled }} +{{- if and .Values.haproxy.serviceAccount.create .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "redis-ha.fullname" . }}-haproxy + namespace: {{ .Release.Namespace | quote }} + labels: +{{ include "labels.standard" . | indent 4 }} + component: {{ template "redis-ha.fullname" . }}-haproxy + {{- range $key, $value := .Values.extraLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} +subjects: +- kind: ServiceAccount + name: {{ template "redis-ha.serviceAccountName" . }}-haproxy +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "redis-ha.fullname" . }}-haproxy +{{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-haproxy-service.yaml b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-haproxy-service.yaml new file mode 100644 index 0000000..2feff9b --- /dev/null +++ b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-haproxy-service.yaml @@ -0,0 +1,60 @@ +{{- if .Values.haproxy.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "redis-ha.fullname" . }}-haproxy + namespace: {{ .Release.Namespace | quote }} + labels: +{{ include "labels.standard" . | indent 4 }} + component: {{ template "redis-ha.fullname" . }}-haproxy +{{- range $key, $value := .Values.extraLabels }} + {{ $key }}: {{ $value | quote }} +{{- end }} +{{- range $key, $value := .Values.haproxy.service.labels }} + {{ $key }}: {{ $value | quote }} +{{- end }} + annotations: + {{- if .Values.haproxy.service.annotations }} +{{ toYaml .Values.haproxy.service.annotations | indent 4 }} + {{- end }} +spec: + type: {{ default "ClusterIP" .Values.haproxy.service.type }} + {{- if and (eq .Values.haproxy.service.type "LoadBalancer") .Values.haproxy.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.haproxy.service.loadBalancerIP }} + {{- end }} + {{- if and (eq .Values.haproxy.service.type "LoadBalancer") .Values.haproxy.service.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.haproxy.service.externalTrafficPolicy }} + {{- end }} + {{- if and (eq .Values.haproxy.service.type "LoadBalancer") .Values.haproxy.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{ toYaml .Values.haproxy.service.loadBalancerSourceRanges | nindent 2 }} + {{- end }} + {{- if .Values.haproxy.service.externalIPs }} + externalIPs: + {{- range $key, $value := .Values.haproxy.service.externalIPs }} + - {{ $value }} + {{- end }} + {{- end }} + ports: + - name: tcp-haproxy + port: {{ .Values.haproxy.servicePort }} + protocol: TCP + targetPort: redis + {{- if and (eq .Values.haproxy.service.type "NodePort") .Values.haproxy.service.nodePort }} + nodePort: {{ .Values.haproxy.service.nodePort }} + {{- end }} +{{- if .Values.haproxy.readOnly.enabled }} + - name: tcp-haproxyreadonly + port: {{ .Values.haproxy.readOnly.port }} + protocol: TCP + targetPort: {{ .Values.haproxy.readOnly.port }} +{{- end }} +{{- if .Values.haproxy.metrics.enabled }} + - name: {{ .Values.haproxy.metrics.portName }} + port: {{ .Values.haproxy.metrics.port }} + protocol: TCP + targetPort: metrics-port +{{- end }} + selector: + release: {{ .Release.Name }} + app: {{ template "redis-ha.name" . }}-haproxy +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-haproxy-serviceaccount.yaml b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-haproxy-serviceaccount.yaml new file mode 100644 index 0000000..f016855 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-haproxy-serviceaccount.yaml @@ -0,0 +1,15 @@ +{{- if and .Values.haproxy.serviceAccount.create .Values.haproxy.enabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "redis-ha.serviceAccountName" . }}-haproxy + namespace: {{ .Release.Namespace | quote }} + labels: + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app: {{ template "redis-ha.fullname" . }} + {{- range $key, $value := .Values.extraLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-haproxy-servicemonitor.yaml b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-haproxy-servicemonitor.yaml new file mode 100644 index 0000000..188eac0 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-haproxy-servicemonitor.yaml @@ -0,0 +1,39 @@ +{{- if and ( or .Values.haproxy.metrics.serviceMonitor.disableAPICheck ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) ) ( .Values.haproxy.metrics.serviceMonitor.enabled ) ( .Values.haproxy.metrics.enabled ) }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "redis-ha.fullname" . }}-haproxy + namespace: {{ .Values.haproxy.metrics.serviceMonitor.namespace | default .Release.Namespace | quote }} + labels: +{{ include "labels.standard" . | indent 4 }} + {{- range $key, $value := .Values.extraLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- range $key, $value := .Values.haproxy.metrics.serviceMonitor.labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + endpoints: + - targetPort: {{ .Values.haproxy.metrics.port }} +{{- if .Values.haproxy.metrics.serviceMonitor.interval }} + interval: {{ .Values.haproxy.metrics.serviceMonitor.interval }} +{{- end }} +{{- if .Values.haproxy.metrics.serviceMonitor.telemetryPath }} + path: {{ .Values.haproxy.metrics.serviceMonitor.telemetryPath }} +{{- end }} +{{- if .Values.haproxy.metrics.serviceMonitor.timeout }} + scrapeTimeout: {{ .Values.haproxy.metrics.serviceMonitor.timeout }} +{{- end }} +{{- with .Values.haproxy.metrics.serviceMonitor.endpointAdditionalProperties }} +{{- toYaml . | nindent 4 }} +{{- end }} + jobLabel: {{ template "redis-ha.fullname" . }}-haproxy + namespaceSelector: + matchNames: + - {{ .Release.Namespace | quote }} + selector: + matchLabels: + app: {{ template "redis-ha.name" . }} + release: {{ .Release.Name }} + component: {{ template "redis-ha.fullname" . }}-haproxy +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-tls-secret.yaml b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-tls-secret.yaml new file mode 100644 index 0000000..d303470 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/redis-tls-secret.yaml @@ -0,0 +1,27 @@ +{{- if and .Values.redis.tlsPort (not .Values.tls.secretName) -}} +apiVersion: v1 +kind: Secret +metadata: + metadata: + name: {{ template "redis-ha.fullname" . }}-tls-secret + namespace: {{ .Release.Namespace | quote }} + labels: +{{ include "labels.standard" . | indent 4 }} + {{- range $key, $value := .Values.extraLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} +type: Opaque +data: + {{- if .Values.tls.caCertFile }} + {{ .Values.tls.caCertFile }}: {{ .Files.Get "certs/ca.crt" | b64enc }} + {{- end }} + {{- if .Values.tls.certFile }} + {{ .Values.tls.certFile }}: {{ .Files.Get "certs/redis.crt" | b64enc }} + {{- end }} + {{- if .Values.tls.keyFile }} + {{ .Values.tls.keyFile }}: {{ .Files.Get "certs/redis.key" | b64enc }} + {{- end }} + {{- if .Values.tls.dhParamsFile }} + {{ .Values.tls.dhParamsFile }}: {{ .Files.Get "certs/redis.dh" | b64enc }} + {{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/sentinel-auth-secret.yaml b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/sentinel-auth-secret.yaml new file mode 100644 index 0000000..d351be6 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/sentinel-auth-secret.yaml @@ -0,0 +1,15 @@ +{{- if and .Values.sentinel.auth (not .Values.sentinel.existingSecret) -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "redis-ha.fullname" . }}-sentinel + namespace: {{ .Release.Namespace | quote }} + labels: +{{ include "labels.standard" . | indent 4 }} + {{- range $key, $value := .Values.extraLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} +type: Opaque +data: + {{ .Values.sentinel.authKey }}: {{ .Values.sentinel.password | b64enc | quote }} +{{- end -}}
\ No newline at end of file diff --git a/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/tests/test-redis-ha-configmap.yaml b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/tests/test-redis-ha-configmap.yaml new file mode 100644 index 0000000..fbf31ad --- /dev/null +++ b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/tests/test-redis-ha-configmap.yaml @@ -0,0 +1,32 @@ +apiVersion: v1 +kind: Pod +metadata: + name: {{ template "redis-ha.fullname" . }}-configmap-test + namespace: {{ .Release.Namespace | quote }} + labels: +{{ include "labels.standard" . | indent 4 }} + annotations: + "helm.sh/hook": test-success +spec: + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 4 }} + tolerations: {{ toYaml .Values.tolerations | nindent 4 }} + containers: + - name: check-init + image: {{ .Values.configmapTest.image.repository }}:{{ .Values.configmapTest.image.tag }} + args: + - --shell=sh + - /readonly-config/init.sh + volumeMounts: + - name: config + mountPath: /readonly-config + readOnly: true + resources: {{ toYaml .Values.configmapTest.resources | nindent 6 }} + securityContext: {{- include "compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 6 }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 4 }} + {{- end }} + restartPolicy: Never + volumes: + - name: config + configMap: + name: {{ template "redis-ha.fullname" . }}-configmap diff --git a/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/tests/test-redis-ha-pod.yaml b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/tests/test-redis-ha-pod.yaml new file mode 100644 index 0000000..ac0c84e --- /dev/null +++ b/astroshop-platform/argocd-helmchart/charts/redis-ha/templates/tests/test-redis-ha-pod.yaml @@ -0,0 +1,29 @@ +{{- if .Values.haproxy.enabled }} +apiVersion: v1 +kind: Pod +metadata: + name: {{ template "redis-ha.fullname" . }}-service-test + namespace: {{ .Release.Namespace | quote }} + labels: +{{ include "labels.standard" . | indent 4 }} + annotations: + "helm.sh/hook": test-success +spec: + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 4 }} + tolerations: +{{ toYaml .Values.tolerations | indent 4 }} + containers: + - name: "{{ .Release.Name }}-service-test" + image: {{ .Values.image.repository }}:{{ .Values.image.tag }} + command: + - sh + - -c + - redis-cli -h {{ template "redis-ha.fullname" . }}-haproxy -p {{ .Values.redis.port }} info server + resources: {{ toYaml .Values.haproxy.tests.resources | nindent 6 }} + securityContext: {{- include "compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 6 }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 4 }} + {{- end }} + restartPolicy: Never +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/charts/redis-ha/values.yaml b/astroshop-platform/argocd-helmchart/charts/redis-ha/values.yaml new file mode 100644 index 0000000..e857f15 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/charts/redis-ha/values.yaml @@ -0,0 +1,1010 @@ +## Globally shared configuration +global: + # -- Default priority class for all components + priorityClassName: "" + # -- Openshift compatibility options + compatibility: + openshift: + adaptSecurityContext: auto + +## -- Image information for Redis HA +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +image: + # -- Redis image repository + repository: public.ecr.aws/docker/library/redis + # -- Redis image tag + tag: 7.2.7-alpine + # -- Redis image pull policy + pullPolicy: IfNotPresent + +# -- Full name of the Redis HA Resources +fullnameOverride: "" + +# -- Name override for Redis HA resources +nameOverride: "" + +## Reference to one or more secrets to be used when pulling images +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ +## This imagePullSecrets is only for redis images +## +# -- Reference to one or more secrets to be used when pulling redis images +imagePullSecrets: [] +# - name: "image-pull-secret" + +# -- Number of redis master/slave +replicas: 3 + +## Customize the statefulset pod management policy: +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies +# -- The statefulset pod management policy +podManagementPolicy: OrderedReady + +## read-only replicas +## indexed slaves get never promoted to be master +## index starts with 0 - which is master on init +## i.e. "8,9" means 8th and 9th slave will be replica with replica-priority=0 +## see also: https://redis.io/topics/sentinel +# -- Comma separated list of slaves which never get promoted to be master. +# Count starts with 0. Allowed values 1-9. i.e. 3,4 - 3th and 4th redis slave never make it to be master, where master is index 0. +ro_replicas: "" + +# -- Kubernetes priorityClass name for the redis-ha-server pod +priorityClassName: "" + +# -- Custom labels for the redis pod +labels: {} + +# -- Custom labels for redis service +serviceLabels: {} + +## Custom labels for the redis configmap +configmap: + # -- Custom labels for the redis configmap + labels: {} + +## ConfigMap Test Parameters +configmapTest: + # -- Image for redis-ha-configmap-test hook + image: + # -- Repository of the configmap shellcheck test image. + repository: koalaman/shellcheck + # -- Tag of the configmap shellcheck test image. + tag: v0.10.0 + # -- Resources for the ConfigMap test pod + resources: {} + +## Pods Service Account +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +serviceAccount: + # -- Specifies whether a ServiceAccount should be created + create: true + # -- The name of the ServiceAccount to use. + # If not set and create is true, a name is generated using the redis-ha.fullname template + name: "" + # -- opt in/out of automounting API credentials into container. + # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + automountToken: false + # -- Annotations to be added to the service account for the redis statefulset + annotations: {} + +## Enables a HA Proxy for better LoadBalancing / Sentinel Master support. Automatically proxies to Redis master. +## Recommend for externally exposed Redis clusters. +## ref: https://cbonte.github.io/haproxy-dconv/1.9/intro.html +haproxy: + # -- Enabled HAProxy LoadBalancing/Proxy + enabled: false + # -- Modify HAProxy service port + servicePort: 6379 + # -- Modify HAProxy deployment container port + containerPort: 6379 + # -- Enable TLS termination on HAproxy, This will create a volume mount + tls: + # -- If "true" this will enable TLS termination on haproxy + enabled: false + # -- Secret containing the .pem file + secretName: "" + # -- Key file name + keyName: + # -- Path to mount the secret that contains the certificates. haproxy + certMountPath: /tmp/ + + # -- Enable read-only redis-slaves + readOnly: + # -- Enable if you want a dedicated port in haproxy for redis-slaves + enabled: false + # -- Port for the read-only redis-slaves + port: 6380 + # -- Number of HAProxy instances + replicas: 3 + # -- Deployment strategy for the haproxy deployment + deploymentStrategy: + type: RollingUpdate + # rollingUpdate: + # maxSurge: 25% + # maxUnavailable: 25% + image: + # -- HAProxy Image Repository + repository: public.ecr.aws/docker/library/haproxy + # -- HAProxy Image Tag + tag: 3.0.8-alpine + # -- HAProxy Image PullPolicy + pullPolicy: IfNotPresent + + # -- Custom labels for the haproxy pod + labels: {} + + # -- Reference to one or more secrets to be used when pulling images + # ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + imagePullSecrets: [] + # - name: "image-pull-secret" + + # -- HAProxy template annotations + annotations: {} + # -- HAProxy resources + resources: {} + # -- Configuration of `emptyDir` + emptyDir: {} + + # -- Pod Disruption Budget + # ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ + podDisruptionBudget: {} + # Use only one of the two + # maxUnavailable: 1 + # minAvailable: 1 + + ## Enable sticky sessions to Redis nodes via HAProxy + ## Very useful for long-living connections as in case of Sentry for example + # -- HAProxy sticky load balancing to Redis nodes. Helps with connections shutdown. + stickyBalancing: false + # -- Kubernetes priorityClass name for the haproxy pod + priorityClassName: "" + + ## Service for HAProxy + service: + # -- HAProxy service type "ClusterIP", "LoadBalancer" or "NodePort" + type: ClusterIP + # -- (int) HAProxy service nodePort value (haproxy.service.type must be NodePort) + nodePort: ~ + # -- HAProxy service loadbalancer IP + loadBalancerIP: + # -- (string) HAProxy service externalTrafficPolicy value (haproxy.service.type must be LoadBalancer) + externalTrafficPolicy: ~ + # -- HAProxy external IPs + externalIPs: {} + # -- HAProxy service labels + labels: {} + # -- HAProxy service annotations + annotations: null + + # -- List of CIDR's allowed to connect to LoadBalancer + loadBalancerSourceRanges: [] + + # -- HAProxy serviceAccountName + serviceAccountName: redis-sa + serviceAccount: + # -- Specifies whether a ServiceAccount should be created + create: true + automountToken: true + + ## Official HAProxy embedded prometheus metrics settings. + ## Ref: https://github.com/haproxy/haproxy/tree/master/contrib/prometheus-exporter + ## + metrics: + # -- HAProxy enable prometheus metric scraping + enabled: false + # -- HAProxy prometheus metrics scraping port + port: 9101 + # -- HAProxy metrics scraping port name + portName: http-exporter-port + # -- HAProxy prometheus metrics scraping path + scrapePath: /metrics + + serviceMonitor: + # -- When set true then use a ServiceMonitor to configure scraping + enabled: false + # -- Set the namespace the ServiceMonitor should be deployed + # @default -- `.Release.Namespace` + namespace: "" + # -- Set how frequently Prometheus should scrape (default is 30s) + interval: "" + # -- Set path to redis-exporter telemtery-path (default is /metrics) + telemetryPath: "" + # -- Set labels for the ServiceMonitor, use this to define your scrape label for Prometheus Operator + labels: {} + # -- Set timeout for scrape (default is 10s) + timeout: "" + # -- Set additional properties for the ServiceMonitor endpoints such as relabeling, scrapeTimeout, tlsConfig, and more. + endpointAdditionalProperties: {} + # -- Disable API Check on ServiceMonitor + disableAPICheck: false + init: + # -- Extra init resources + resources: {} + timeout: + # -- haproxy.cfg `timeout connect` setting + connect: 4s + # -- haproxy.cfg `timeout server` setting + server: 330s + # -- haproxy.cfg `timeout client` setting + client: 330s + # -- haproxy.cfg `timeout check` setting + check: 2s + # -- haproxy.cfg `check inter` setting + checkInterval: 1s + # -- haproxy.cfg `check fall` setting + checkFall: 1 + + # -- Security context to be added to the HAProxy deployment. + securityContext: + runAsUser: 99 + fsGroup: 99 + runAsNonRoot: true + + # -- Security context to be added to the HAProxy containers. + containerSecurityContext: + runAsNonRoot: true + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + + # -- Whether the haproxy pods should be forced to run on separate nodes. + hardAntiAffinity: true + + # -- Additional affinities to add to the haproxy pods. + additionalAffinities: {} + + # -- Override all other affinity settings for the haproxy pods with a string. + affinity: | + + ## Custom config-haproxy.cfg files used to override default settings. If this file is + ## specified then the config-haproxy.cfg above will be ignored. + # -- (string) Allows for custom config-haproxy.cfg file to be applied. If this is used then default config will be overwriten + customConfig: ~ + # customConfig: |- + # Define configuration here + + ## Place any additional configuration section to add to the default config-haproxy.cfg + # -- (string) Allows to place any additional configuration section to add to the default config-haproxy.cfg + extraConfig: ~ + # extraConfig: |- + # Define configuration here + + # -- Container lifecycle hooks. + # Ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/ + lifecycle: {} + + ## HAProxy test related options + tests: + # -- Pod resources for the tests against HAProxy. + resources: {} + + ## Enable HAProxy parameters to bind and consume IPv6 addresses. Enabled by default. + IPv6: + # -- Enable HAProxy parameters to bind and consume IPv6 addresses. Enabled by default. + enabled: true + + networkPolicy: + # -- whether NetworkPolicy for Haproxy should be created + enabled: false + # -- Annotations for Haproxy NetworkPolicy + annotations: {} + # -- Labels for Haproxy NetworkPolicy + labels: {} + # -- user defined ingress rules that Haproxy should permit into. + # uses the format defined in https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors + ingressRules: [] + # - selectors: + # - namespaceSelector: + # matchLabels: + # name: my-redis-client-namespace + # podSelector: + # matchLabels: + # application: redis-client + ## if ports is not defined then it defaults to the ports defined for enabled services (redis, sentinel) + # ports: + # - port: 6379 + # protocol: TCP + # - port: 26379 + # protocol: TCP + + # -- user can define egress rules too, uses the same structure as ingressRules + egressRules: [] + +## Role Based Access +## Ref: https://kubernetes.io/docs/admin/authorization/rbac/ +## +rbac: + # -- Create and use RBAC resources + create: true + +# NOT RECOMMENDED: Additional container in which you can execute arbitrary commands to update sysctl parameters +# You can now use securityContext.sysctls to leverage this capability +# Ref: https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ +## +sysctlImage: + # -- Enable an init container to modify Kernel settings + enabled: false + # -- sysctlImage command to execute + command: [] + # -- sysctlImage Init container registry + registry: public.ecr.aws/docker/library + # -- sysctlImage Init container name + repository: busybox + # -- sysctlImage Init container tag + tag: 1.34.1 + # -- sysctlImage Init container pull policy + pullPolicy: Always + # -- Mount the host `/sys` folder to `/host-sys` + mountHostSys: false + # -- sysctlImage resources + resources: {} + +# -- Use an alternate scheduler, e.g. "stork". +# ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +schedulerName: "" + +## Redis specific configuration options +redis: + # -- Port to access the redis service + port: 6379 + # -- Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated + masterGroupName: "mymaster" # must match ^[\\w-\\.]+$) and can be templated + + # -- Allows overriding the redis container command + customCommand: [] + # - bash + + # -- Allows overriding the redis container arguments + customArgs: [] + # - "custom-startup.sh" + + # -- Load environment variables from ConfigMap/Secret + envFrom: [] + # - secretRef: + # name: add-env-secret + + ## Configures redis with tls-port parameter + # -- (int) TLS Port to access the redis service + tlsPort: ~ + # tlsPort: 6385 + + # -- (bool) Configures redis with tls-replication parameter, if true sets "tls-replication yes" in redis.conf + tlsReplication: ~ + + # -- It is possible to disable client side certificates authentication when "authClients" is set to "no" + authClients: "" + # authClients: "no" + + # -- Increase terminationGracePeriodSeconds to allow writing large RDB snapshots. (k8s default is 30s) + # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination-forced + terminationGracePeriodSeconds: 60 + + # -- Liveness probe parameters for redis container + livenessProbe: + # -- Enable the Liveness Probe + enabled: true + # -- Initial delay in seconds for liveness probe + initialDelaySeconds: 30 + # -- Period in seconds after which liveness probe will be repeated + periodSeconds: 15 + # -- Timeout seconds for liveness probe + timeoutSeconds: 15 + # -- Success threshold for liveness probe + successThreshold: 1 + # -- Failure threshold for liveness probe + failureThreshold: 5 + + # -- Readiness probe parameters for redis container + readinessProbe: + # -- Enable the Readiness Probe + enabled: true + # -- Initial delay in seconds for readiness probe + initialDelaySeconds: 30 + # -- Period in seconds after which readiness probe will be repeated + periodSeconds: 15 + # -- Timeout seconds for readiness probe + timeoutSeconds: 15 + # -- Success threshold for readiness probe + successThreshold: 1 + # -- Failure threshold for readiness probe + failureThreshold: 5 + + # -- Startup probe parameters for redis container + startupProbe: + # -- Enable Startup Probe + enabled: true + # -- Initial delay in seconds for startup probe + initialDelaySeconds: 30 + # -- Period in seconds after which startup probe will be repeated + periodSeconds: 15 + # -- Timeout seconds for startup probe + timeoutSeconds: 15 + # -- Success threshold for startup probe + successThreshold: 1 + # -- Failure threshold for startup probe + failureThreshold: 5 + + # -- Array with commands to disable + disableCommands: + - FLUSHDB + - FLUSHALL + + # -- Any valid redis config options in this section will be applied to each server, For multi-value configs use list instead of string (for example loadmodule) (see below) + # @default -- see values.yaml + config: + ## -- Additional redis conf options can be added below + ## -- For all available options see http://download.redis.io/redis-stable/redis.conf + min-replicas-to-write: 1 + # -- Value in seconds + min-replicas-max-lag: 5 + # -- Max memory to use for each redis instance. Default is unlimited. + maxmemory: "0" + # -- Max memory policy to use for each redis instance. Default is volatile-lru. + maxmemory-policy: "volatile-lru" + # -- Determines if scheduled RDB backups are created. Default is false. + # -- Please note that local (on-disk) RDBs will still be created when re-syncing with a new slave. The only way to prevent this is to enable diskless replication. + save: "900 1" + # -- When enabled, directly sends the RDB over the wire to slaves, without using the disk as intermediate storage. Default is false. + repl-diskless-sync: "yes" + rdbcompression: "yes" + rdbchecksum: "yes" + + # -- (string) Allows for custom redis.conf files to be applied. If this is used then `redis.config` is ignored + customConfig: ~ + # customConfig: |- + # Define configuration here + + # -- CPU/Memory for master/slave nodes resource requests/limits + resources: {} + # requests: + # memory: 200Mi + # cpu: 100m + # limits: + # memory: 700Mi + + # -- Container Lifecycle Hooks for redis container + # Ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/ + # @default -- see values.yaml + lifecycle: + preStop: + exec: + command: ["/bin/sh", "/readonly-config/trigger-failover-if-master.sh"] + + # -- Annotations for the redis statefulset + annotations: {} + + # -- Update strategy for Redis StatefulSet + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + updateStrategy: + type: RollingUpdate + + # -- additional volumeMounts for Redis container + extraVolumeMounts: [] + # - name: empty + # mountPath: /empty + +## Sentinel specific configuration options +sentinel: + # -- Port to access the sentinel service + port: 26379 + + ## Configure the 'bind' directive to bind to a list of network interfaces + # bind: 0.0.0.0 + + ## Configures sentinel with tls-port parameter + # -- (int) TLS Port to access the sentinel service + tlsPort: ~ + # tlsPort: 26385 + + # -- (bool) Configures sentinel with tls-replication parameter, if true sets "tls-replication yes" in sentinel.conf + tlsReplication: ~ + # tlsReplication: true + + # -- It is possible to disable client side certificates authentication when "authClients" is set to "no" + authClients: "" + # authClients: "no" + + ## Configures sentinel with AUTH (requirepass params) + # -- Enables or disables sentinel AUTH (Requires `sentinel.password` to be set) + auth: false + + # -- (string) A password that configures a `requirepass` in the conf parameters (Requires `sentinel.auth: enabled`) + password: ~ + # password: password + + # -- An existing secret containing a key defined by `sentinel.authKey` that configures `requirepass` + # in the conf parameters (Requires `sentinel.auth: enabled`, cannot be used in conjunction with `.Values.sentinel.password`) + existingSecret: "" + + ## Defines the key holding the sentinel password in existing secret. + # -- The key holding the sentinel password in an existing secret. + authKey: sentinel-password + + customCommand: [] + customArgs: [] + + # liveness probe parameters for sentinel container + livenessProbe: + enabled: true + # -- Initial delay in seconds for liveness probe + initialDelaySeconds: 30 + # -- Period in seconds after which liveness probe will be repeated + periodSeconds: 15 + # -- Timeout seconds for liveness probe + timeoutSeconds: 15 + # -- Success threshold for liveness probe + successThreshold: 1 + # -- Failure threshold for liveness probe + failureThreshold: 5 + + # readiness probe parameters for sentinel container + readinessProbe: + enabled: true + # -- Initial delay in seconds for readiness probe + initialDelaySeconds: 30 + # -- Period in seconds after which readiness probe will be repeated + periodSeconds: 15 + # -- Timeout seconds for readiness probe + timeoutSeconds: 15 + # -- Success threshold for readiness probe + successThreshold: 3 + # -- Failure threshold for readiness probe + failureThreshold: 5 + + # -- Startup probe parameters for redis container + startupProbe: + # -- Enable Startup Probe + enabled: true + # -- Initial delay in seconds for startup probe + initialDelaySeconds: 5 + # -- Period in seconds after which startup probe will be repeated + periodSeconds: 10 + # -- Timeout seconds for startup probe + timeoutSeconds: 15 + # -- Success threshold for startup probe + successThreshold: 1 + # -- Failure threshold for startup probe + failureThreshold: 3 + + # -- Minimum number of nodes expected to be live. + quorum: 2 + + # -- Valid sentinel config options in this section will be applied as config options to each sentinel (see below) + # @default -- see values.yaml + config: + ## Additional sentinel conf options can be added below. Only options that + ## are expressed in the format simialar to 'sentinel xxx mymaster xxx' will + ## be properly templated expect maxclients option. + ## For available options see http://download.redis.io/redis-stable/sentinel.conf + down-after-milliseconds: 10000 + ## Failover timeout value in milliseconds + failover-timeout: 180000 + parallel-syncs: 5 + maxclients: 10000 + + ## Custom sentinel.conf files used to override default settings. If this file is + ## specified then the sentinel.config above will be ignored. + # -- Allows for custom sentinel.conf files to be applied. If this is used then `sentinel.config` is ignored + customConfig: "" + # customConfig: |- + # Define configuration here + + # -- CPU/Memory for sentinel node resource requests/limits + resources: {} + # requests: + # memory: 200Mi + # cpu: 100m + # limits: + # memory: 200Mi + + # -- Container Lifecycle Hooks for sentinel container. + # Ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/ + lifecycle: {} + + # -- additional volumeMounts for Sentinel container + extraVolumeMounts: [] + # - name: empty + # mountPath: /empty + +# -- Security context to be added to the Redis StatefulSet. +securityContext: + runAsUser: 1000 + fsGroup: 1000 + runAsNonRoot: true + +# -- Security context to be added to the Redis containers. +containerSecurityContext: + runAsUser: 1000 + runAsNonRoot: true + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + + ## Assuming your kubelet allows it, you can the following instructions to configure + ## specific sysctl parameters + ## + # sysctls: + # - name: net.core.somaxconn + # value: '10000' + +## Node labels, affinity, and tolerations for pod assignment +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +# -- Node labels for pod assignment +nodeSelector: {} + +# -- Whether the Redis server pods should be forced to run on separate nodes. +## This is accomplished by setting their AntiAffinity with requiredDuringSchedulingIgnoredDuringExecution as opposed to preferred. +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity-beta-feature +hardAntiAffinity: true + +# -- Additional affinities to add to the Redis server pods. +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +additionalAffinities: {} +## +## Example: +## nodeAffinity: +## preferredDuringSchedulingIgnoredDuringExecution: +## - weight: 50 +## preference: +## matchExpressions: +## - key: spot +## operator: NotIn +## values: +## - "true" +## + +# -- Override all other affinity settings for the Redis server pods with a string. +affinity: | +## +## Example: +## affinity: | +## podAntiAffinity: +## requiredDuringSchedulingIgnoredDuringExecution: +## - labelSelector: +## matchLabels: +## app: {{ template "redis-ha.name" . }} +## release: {{ .Release.Name }} +## topologyKey: kubernetes.io/hostname +## preferredDuringSchedulingIgnoredDuringExecution: +## - weight: 100 +## podAffinityTerm: +## labelSelector: +## matchLabels: +## app: {{ template "redis-ha.name" . }} +## release: {{ .Release.Name }} +## topologyKey: failure-domain.beta.kubernetes.io/zone +## + +## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ +topologySpreadConstraints: + # -- Enable topology spread constraints + enabled: false + # -- Max skew of pods tolerated + maxSkew: "" + # -- Topology key for spread constraints + topologyKey: "" + # -- Enforcement policy, hard or soft + whenUnsatisfiable: "" + +# Prometheus exporter specific configuration options +exporter: + # -- If `true`, the prometheus exporter sidecar is enabled + enabled: false + # -- Exporter image + image: quay.io/oliver006/redis_exporter + # -- Exporter image tag + tag: v1.67.0 + # -- Exporter image pullPolicy + pullPolicy: IfNotPresent + + # -- Exporter port + port: &exporter_port 9121 + # -- Exporter port name + portName: exporter-port + # -- Exporter scrape path + scrapePath: &exporter_scrapePath /metrics + + # -- Address/Host for Redis instance. + # Exists to circumvent issues with IPv6 dns resolution that occurs on certain environments + address: localhost + + ## Set this to true if you want to connect to redis tls port + # sslEnabled: true + + # -- cpu/memory resource limits/requests + resources: {} + + # -- Additional args for redis exporter + extraArgs: {} + + # -- A custom custom Lua script that will be mounted to exporter for collection of custom metrics. + # Creates a ConfigMap and sets env var `REDIS_EXPORTER_SCRIPT`. + script: "" + # Used to mount a LUA-Script via config map and use it for metrics-collection + # script: | + # -- Example script copied from: https://github.com/oliver006/redis_exporter/blob/master/contrib/sample_collect_script.lua + # -- Example collect script for -script option + # -- This returns a Lua table with alternating keys and values. + # -- Both keys and values must be strings, similar to a HGETALL result. + # -- More info about Redis Lua scripting: https://redis.io/commands/eval + # + # local result = {} + # + # -- Add all keys and values from some hash in db 5 + # redis.call("SELECT", 5) + # local r = redis.call("HGETALL", "some-hash-with-stats") + # if r ~= nil then + # for _,v in ipairs(r) do + # table.insert(result, v) -- alternating keys and values + # end + # end + # + # -- Set foo to 42 + # table.insert(result, "foo") + # table.insert(result, "42") -- note the string, use tostring() if needed + # + # return result + + serviceMonitor: + # -- When set true then use a ServiceMonitor to configure scraping + enabled: false + # -- Set the namespace the ServiceMonitor should be deployed + # @default -- `.Release.Namespace` + namespace: "" + # -- Set how frequently Prometheus should scrape (default is 30s) + interval: "" + # -- Set path to redis-exporter telemtery-path (default is /metrics) + telemetryPath: "" + # -- Set labels for the ServiceMonitor, use this to define your scrape label for Prometheus Operator + labels: {} + # -- Set timeout for scrape (default is 10s) + timeout: "" + # -- Set additional properties for the ServiceMonitor endpoints such as relabeling, scrapeTimeout, tlsConfig, and more. + endpointAdditionalProperties: {} + # -- Disable API Check on ServiceMonitor + disableAPICheck: false + + # prometheus exporter SCANS redis db which can take some time + # allow different probe settings to not let container crashloop + livenessProbe: + httpGet: + # -- Exporter liveness probe httpGet path + path: *exporter_scrapePath + # -- Exporter liveness probe httpGet port + port: *exporter_port + # -- Initial delay in seconds for liveness probe of exporter + initialDelaySeconds: 15 + # -- Timeout seconds for liveness probe of exporter + timeoutSeconds: 3 + # -- Period in seconds after which liveness probe will be repeated + periodSeconds: 15 + + readinessProbe: + httpGet: + # -- Exporter readiness probe httpGet path + path: *exporter_scrapePath + # -- Exporter readiness probe httpGet port + port: *exporter_port + # -- Initial delay in seconds for readiness probe of exporter + initialDelaySeconds: 15 + # -- Timeout seconds for readiness probe of exporter + timeoutSeconds: 3 + # -- Period in seconds after which readiness probe will be repeated + periodSeconds: 15 + # -- Success threshold for readiness probe of exporter + successThreshold: 2 + +# -- Pod Disruption Budget rules +podDisruptionBudget: {} + # Use only one of the two + # maxUnavailable: 1 + # minAvailable: 1 + +# -- Configures redis with AUTH (requirepass & masterauth conf params) +auth: false +# -- (string) A password that configures a `requirepass` and `masterauth` in the conf parameters (Requires `auth: enabled`) +redisPassword: ~ + +## Use existing secret containing key `authKey` (ignores redisPassword) +## Can also store AWS S3 or SSH secrets in this secret +# -- An existing secret containing a key defined by `authKey` that configures `requirepass` and `masterauth` in the conf +# parameters (Requires `auth: enabled`, cannot be used in conjunction with `.Values.redisPassword`) +existingSecret: ~ + +# -- Defines the key holding the redis password in existing secret. +authKey: auth + +persistentVolume: + # -- Enable persistent volume + enabled: true + ## redis-ha data Persistent Volume Storage Class + ## If defined, storageClassName: <storageClass> + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + # -- redis-ha data Persistent Volume Storage Class + storageClass: ~ + # -- Persistent volume access modes + accessModes: + - ReadWriteOnce + # -- Persistent volume size + size: 10Gi + # -- Annotations for the volume + annotations: {} + # -- Labels for the volume + labels: {} +init: + # -- Extra init resources + resources: {} + +# To use a hostPath for data, set persistentVolume.enabled to false +# and define hostPath.path. +# Warning: this might overwrite existing folders on the host system! +hostPath: + # -- Use this path on the host for data storage. + # path is evaluated as template so placeholders are replaced + path: "" + # path: "/data/{{ .Release.Name }}" + + # -- if chown is true, an init-container with root permissions is launched to + # change the owner of the hostPath folder to the user defined in the + # security context + chown: true + +# -- Configuration of `emptyDir`, used only if persistentVolume is disabled and no hostPath specified +emptyDir: {} + +tls: + ## Fill the name of secret if you want to use your own TLS certificates. + ## The secret should contains keys named by "tls.certFile" - the certificate, "tls.keyFile" - the private key, "tls.caCertFile" - the certificate of CA and "tls.dhParamsFile" - the dh parameter file + ## These secret will be genrated using files from certs folder if the secretName is not set and redis.tlsPort is set + # secretName: tls-secret + + # -- Name of certificate file + certFile: redis.crt + # -- Name of key file + keyFile: redis.key + # -- (string) Name of Diffie-Hellman (DH) key exchange parameters file (Example: redis.dh) + dhParamsFile: ~ + # -- Name of CA certificate file + caCertFile: ca.crt + +# restore init container is executed if restore.[s3|ssh].source is not false +# restore init container creates /data/dump.rdb_ from original if exists +# restore init container overrides /data/dump.rdb +# secrets are stored into environment of init container - stored encoded on k8s +# REQUIRED for s3 restore: AWS 'access_key' and 'secret_key' or stored in existingSecret +# EXAMPLE source for s3 restore: 's3://bucket/dump.rdb' +# REQUIRED for ssh restore: 'key' should be in one line including CR i.e. '-----BEGIN RSA PRIVATE KEY-----\n...\n...\n...\n-----END RSA PRIVATE KEY-----' +# EXAMPLE source for ssh restore: 'user@server:/path/dump.rdb' +# REQUIRED for redis restore: 'source' should be in form of redis connection uri: 'redis://[username:password@]host:port[/db]' +# EXAMPLE source for redis restore: 'redis://username:password@localhost:6379' +restore: + # -- Timeout for the restore + timeout: 600 + # -- Set existingSecret to true to use secret specified in existingSecret above + existingSecret: false + s3: + # -- Restore init container - AWS S3 location of dump - i.e. s3://bucket/dump.rdb or false + source: "" + # If using existingSecret, that secret must contain: + # AWS_SECRET_ACCESS_KEY: <YOUR_ACCESS_KEY:> + # AWS_ACCESS_KEY_ID: <YOUR_KEY_ID> + # If not set the key and ID as strings below: + # -- Restore init container - AWS AWS_ACCESS_KEY_ID to access restore.s3.source + access_key: "" + # -- Restore init container - AWS AWS_SECRET_ACCESS_KEY to access restore.s3.source + secret_key: "" + # -- Restore init container - AWS AWS_REGION to access restore.s3.source + region: "" + ssh: + # -- Restore init container - SSH scp location of dump - i.e. user@server:/path/dump.rdb or false + source: "" + # -- Restore init container - SSH private key to scp restore.ssh.source to init container. + # Key should be in one line separated with \n. + # i.e. `-----BEGIN RSA PRIVATE KEY-----\n...\n...\n-----END RSA PRIVATE KEY-----` + key: "" + redis: + source: "" + +## Custom PrometheusRule to be defined +## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart +## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions +prometheusRule: + # -- If true, creates a Prometheus Operator PrometheusRule. + enabled: false + # -- Additional labels to be set in metadata. + additionalLabels: {} + # -- Namespace which Prometheus is running in. + namespace: + # -- How often rules in the group are evaluated (falls back to `global.evaluation_interval` if not set). + interval: 10s + # -- Rules spec template (see https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#rule). + rules: [] + # Example: + # - alert: RedisPodDown + # expr: | + # redis_up{job="{{ include "redis-ha.fullname" . }}"} == 0 + # for: 5m + # labels: + # severity: critical + # annotations: + # description: Redis pod {{ "{{ $labels.pod }}" }} is down + # summary: Redis pod {{ "{{ $labels.pod }}" }} is down + +# -- Extra init containers to include in StatefulSet +extraInitContainers: [] +# - name: extraInit +# image: alpine + +# -- Extra containers to include in StatefulSet +extraContainers: [] +# - name: extra +# image: alpine + +# -- Extra volumes to include in StatefulSet +extraVolumes: [] +# - name: empty +# emptyDir: {} + +# -- Labels added here are applied to all created resources +extraLabels: {} + +networkPolicy: + # -- whether NetworkPolicy for Redis StatefulSets should be created. + # when enabled, inter-Redis connectivity is created + enabled: false + # -- Annotations for NetworkPolicy + annotations: {} + # -- Labels for NetworkPolicy + labels: {} + # -- User defined ingress rules that Redis should permit into. + # Uses the format defined in https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors + ingressRules: [] + # - selectors: + # - namespaceSelector: + # matchLabels: + # name: my-redis-client-namespace + # podSelector: + # matchLabels: + # application: redis-client + ## if ports is not defined then it defaults to the ports defined for enabled services (redis, sentinel) + # ports: + # - port: 6379 + # protocol: TCP + # - port: 26379 + # protocol: TCP + + # -- user can define egress rules too, uses the same structure as ingressRules + egressRules: + - selectors: + # -- Allow all destinations for DNS traffic + - namespaceSelector: {} + - ipBlock: + # Cloud Provider often uses the local link local range to host managed DNS resolvers. + # We need to allow this range to ensure that the Redis pods can resolve DNS. + # Example architecture for GCP Cloud DNS: https://cloud.google.com/kubernetes-engine/docs/how-to/cloud-dns#architecture + cidr: 169.254.0.0/16 + ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + +splitBrainDetection: + # -- Interval between redis sentinel and server split brain checks (in seconds) + interval: 60 + # -- splitBrainDetection resources + resources: {} diff --git a/astroshop-platform/argocd-helmchart/templates/NOTES.txt b/astroshop-platform/argocd-helmchart/templates/NOTES.txt new file mode 100644 index 0000000..049f5f2 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/NOTES.txt @@ -0,0 +1,37 @@ +{{- if .Values.notifications.logLevel }} +DEPRECATED option notifications.logLevel - Use `configs.params."notificationscontroller.log.level"` +{{- end }} +{{- if .Values.notifications.logFormat }} +DEPRECATED option notifications.logFormat - Use `configs.params."notificationscontroller.log.format"` +{{- end }} +{{- if .Values.dex.logLevel }} +DEPRECATED option dex.logLevel - Use `configs.params."dexserver.log.level"` +{{- end }} +{{- if .Values.dex.logFormat }} +DEPRECATED option dex.logFormat - Use `configs.params."dexserver.log.format"` +{{- end }} +In order to access the server UI you have the following options: + +{{ $rootpath := default "" (index .Values "configs" "params" "server.rootpath") -}} +1. kubectl port-forward service/{{ include "argo-cd.fullname" . }}-server -n {{ include "argo-cd.namespace" . }} 8080:443 +{{ if $rootpath }} + and then open the browser on http://localhost:8080/{{ $rootpath }} and accept the certificate +{{ else }} + and then open the browser on http://localhost:8080 and accept the certificate +{{ end }} +2. enable ingress in the values file `server.ingress.enabled` and either + - Add the annotation for ssl passthrough: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-1-ssl-passthrough + - Set the `configs.params."server.insecure"` in the values file and terminate SSL at your ingress: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-2-multiple-ingress-objects-and-hosts + + +{{ if eq (toString (index .Values.configs.cm "admin.enabled")) "true" -}} +After reaching the UI the first time you can login with username: admin and the random password generated during the installation. You can find the password by running: + +kubectl -n {{ include "argo-cd.namespace" . }} get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d + +(You should delete the initial secret afterwards as suggested by the Getting Started Guide: https://argo-cd.readthedocs.io/en/stable/getting_started/#4-login-using-the-cli) +{{ else if or (index .Values.configs.cm "dex.config") (index .Values.configs.cm "oidc.config") -}} +After reaching the UI the first time you can login using Dex or OIDC. +{{ else -}} +After reaching the UI the first time you cannot login with username and password since you've disabled it. You should enable admin back or configure Dex via `configs.cm.dex.config` or OIDC via `configs.cm.oidc.config`. +{{ end -}} diff --git a/astroshop-platform/argocd-helmchart/templates/_common.tpl b/astroshop-platform/argocd-helmchart/templates/_common.tpl new file mode 100644 index 0000000..4173876 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/_common.tpl @@ -0,0 +1,147 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "argo-cd.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "argo-cd.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "argo-cd.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create Argo CD app version +*/}} +{{- define "argo-cd.defaultTag" -}} +{{- default .Chart.AppVersion .Values.global.image.tag }} +{{- end -}} + +{{/* +Return valid version label +*/}} +{{- define "argo-cd.versionLabelValue" -}} +{{ regexReplaceAll "[^-A-Za-z0-9_.]" (include "argo-cd.defaultTag" .) "-" | trunc 63 | trimAll "-" | trimAll "_" | trimAll "." | quote }} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "argo-cd.labels" -}} +helm.sh/chart: {{ include "argo-cd.chart" .context }} +{{ include "argo-cd.selectorLabels" (dict "context" .context "component" .component "name" .name) }} +app.kubernetes.io/managed-by: {{ .context.Release.Service }} +app.kubernetes.io/part-of: argocd +app.kubernetes.io/version: {{ include "argo-cd.versionLabelValue" .context }} +{{- with .context.Values.global.additionalLabels }} +{{ toYaml . }} +{{- end }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "argo-cd.selectorLabels" -}} +{{- if .name -}} +app.kubernetes.io/name: {{ include "argo-cd.name" .context }}-{{ .name }} +{{ end -}} +app.kubernetes.io/instance: {{ .context.Release.Name }} +{{- if .component }} +app.kubernetes.io/component: {{ .component }} +{{- end }} +{{- end }} + +{{/* +Common affinity definition +Pod affinity + - Soft prefers different nodes + - Hard requires different nodes and prefers different availibility zones +Node affinity + - Soft prefers given user expressions + - Hard requires given user expressions +*/}} +{{- define "argo-cd.affinity" -}} +{{- with .component.affinity -}} + {{- toYaml . -}} +{{- else -}} +{{- $preset := .context.Values.global.affinity -}} +{{- if (eq $preset.podAntiAffinity "soft") }} +podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: {{ include "argo-cd.name" .context }}-{{ .component.name }} + topologyKey: kubernetes.io/hostname +{{- else if (eq $preset.podAntiAffinity "hard") }} +podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: {{ include "argo-cd.name" .context }}-{{ .component.name }} + topologyKey: topology.kubernetes.io/zone + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/name: {{ include "argo-cd.name" .context }}-{{ .component.name }} + topologyKey: kubernetes.io/hostname +{{- end }} +{{- with $preset.nodeAffinity.matchExpressions }} +{{- if (eq $preset.nodeAffinity.type "soft") }} +nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + preference: + matchExpressions: + {{- toYaml . | nindent 6 }} +{{- else if (eq $preset.nodeAffinity.type "hard") }} +nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + {{- toYaml . | nindent 6 }} +{{- end }} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Common deployment strategy definition +- Recreate don't have additional fields, we need to remove them if added by the mergeOverwrite +*/}} +{{- define "argo-cd.strategy" -}} +{{- $preset := . -}} +{{- if (eq (toString $preset.type) "Recreate") }} +type: Recreate +{{- else if (eq (toString $preset.type) "RollingUpdate") }} +type: RollingUpdate +{{- with $preset.rollingUpdate }} +rollingUpdate: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- end }} +{{- end -}} diff --git a/astroshop-platform/argocd-helmchart/templates/_helpers.tpl b/astroshop-platform/argocd-helmchart/templates/_helpers.tpl new file mode 100644 index 0000000..a7dcb3c --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/_helpers.tpl @@ -0,0 +1,321 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Create controller name and version as used by the chart label. +Truncated at 52 chars because StatefulSet label 'controller-revision-hash' is limited +to 63 chars and it includes 10 chars of hash and a separating '-'. +*/}} +{{- define "argo-cd.controller.fullname" -}} +{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.controller.name | trunc 52 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the controller service account to use +*/}} +{{- define "argo-cd.controller.serviceAccountName" -}} +{{- if .Values.controller.serviceAccount.create -}} + {{ default (include "argo-cd.controller.fullname" .) .Values.controller.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.controller.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create dex name and version as used by the chart label. +*/}} +{{- define "argo-cd.dex.fullname" -}} +{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.dex.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create Dex server endpoint +*/}} +{{- define "argo-cd.dex.server" -}} +{{- $insecure := index .Values.configs.params "dexserver.disable.tls" | toString -}} +{{- $scheme := (eq $insecure "true") | ternary "http" "https" -}} +{{- $host := include "argo-cd.dex.fullname" . -}} +{{- $port := int .Values.dex.servicePortHttp -}} +{{- printf "%s://%s:%d" $scheme $host $port }} +{{- end }} + +{{/* +Create the name of the dex service account to use +*/}} +{{- define "argo-cd.dex.serviceAccountName" -}} +{{- if .Values.dex.serviceAccount.create -}} + {{ default (include "argo-cd.dex.fullname" .) .Values.dex.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.dex.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create redis name and version as used by the chart label. +*/}} +{{- define "argo-cd.redis.fullname" -}} +{{- $redisHa := (index .Values "redis-ha") -}} +{{- $redisHaContext := dict "Chart" (dict "Name" "redis-ha") "Release" .Release "Values" $redisHa -}} +{{- if $redisHa.enabled -}} + {{- if $redisHa.haproxy.enabled -}} + {{- printf "%s-haproxy" (include "redis-ha.fullname" $redisHaContext) | trunc 63 | trimSuffix "-" -}} + {{- end -}} +{{- else -}} +{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.redis.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{/* +Return Redis server endpoint +*/}} +{{- define "argo-cd.redis.server" -}} +{{- $redisHa := (index .Values "redis-ha") -}} +{{- if or (and .Values.redis.enabled (not $redisHa.enabled)) (and $redisHa.enabled $redisHa.haproxy.enabled) }} + {{- printf "%s:%s" (include "argo-cd.redis.fullname" .) (toString .Values.redis.servicePort) }} +{{- else if and .Values.externalRedis.host .Values.externalRedis.port }} + {{- printf "%s:%s" .Values.externalRedis.host (toString .Values.externalRedis.port) }} +{{- end }} +{{- end -}} + +{{/* +Create the name of the redis service account to use +*/}} +{{- define "argo-cd.redis.serviceAccountName" -}} +{{- if .Values.redis.serviceAccount.create -}} + {{ default (include "argo-cd.redis.fullname" .) .Values.redis.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.redis.serviceAccount.name }} +{{- end -}} +{{- end -}} + + +{{/* +Create Redis secret-init name +*/}} +{{- define "argo-cd.redisSecretInit.fullname" -}} +{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.redisSecretInit.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the Redis secret-init service account to use +*/}} +{{- define "argo-cd.redisSecretInit.serviceAccountName" -}} +{{- if .Values.redisSecretInit.serviceAccount.create -}} + {{ default (include "argo-cd.redisSecretInit.fullname" .) .Values.redisSecretInit.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.redisSecretInit.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create argocd server name and version as used by the chart label. +*/}} +{{- define "argo-cd.server.fullname" -}} +{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.server.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the Argo CD server service account to use +*/}} +{{- define "argo-cd.server.serviceAccountName" -}} +{{- if .Values.server.serviceAccount.create -}} + {{ default (include "argo-cd.server.fullname" .) .Values.server.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.server.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create argocd repo-server name and version as used by the chart label. +*/}} +{{- define "argo-cd.repoServer.fullname" -}} +{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.repoServer.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the repo-server service account to use +*/}} +{{- define "argo-cd.repoServer.serviceAccountName" -}} +{{- if .Values.repoServer.serviceAccount.create -}} + {{ default (include "argo-cd.repoServer.fullname" .) .Values.repoServer.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.repoServer.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create argocd application set name and version as used by the chart label. +*/}} +{{- define "argo-cd.applicationSet.fullname" -}} +{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.applicationSet.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the application set service account to use +*/}} +{{- define "argo-cd.applicationSet.serviceAccountName" -}} +{{- if .Values.applicationSet.serviceAccount.create -}} + {{ default (include "argo-cd.applicationSet.fullname" .) .Values.applicationSet.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.applicationSet.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create argocd notifications name and version as used by the chart label. +*/}} +{{- define "argo-cd.notifications.fullname" -}} +{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.notifications.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the notifications service account to use +*/}} +{{- define "argo-cd.notifications.serviceAccountName" -}} +{{- if .Values.notifications.serviceAccount.create -}} + {{ default (include "argo-cd.notifications.fullname" .) .Values.notifications.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.notifications.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create argocd commit-server name and version as used by the chart label. +*/}} +{{- define "argo-cd.commitServer.fullname" -}} +{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.commitServer.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the commit-server service account to use +*/}} +{{- define "argo-cd.commitServer.serviceAccountName" -}} +{{- if .Values.commitServer.serviceAccount.create -}} + {{ default (include "argo-cd.commitServer.fullname" .) .Values.commitServer.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.commitServer.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Argo Configuration Preset Values (Influenced by Values configuration) +*/}} +{{- define "argo-cd.config.cm.presets" -}} +{{- $presets := dict -}} +{{- $_ := set $presets "url" (printf "https://%s" .Values.global.domain) -}} +{{- if eq (toString (index .Values.configs.cm "statusbadge.enabled")) "true" -}} +{{- $_ := set $presets "statusbadge.url" (printf "https://%s/" .Values.global.domain) -}} +{{- end -}} +{{- if .Values.configs.styles -}} +{{- $_ := set $presets "ui.cssurl" "./custom/custom.styles.css" -}} +{{- end -}} +{{- toYaml $presets }} +{{- end -}} + +{{/* +Merge Argo Configuration with Preset Configuration +*/}} +{{- define "argo-cd.config.cm" -}} +{{- $config := omit .Values.configs.cm "create" "annotations" -}} +{{- $preset := include "argo-cd.config.cm.presets" . | fromYaml | default dict -}} +{{- range $key, $value := mergeOverwrite $preset $config }} +{{- $fmted := $value | toString }} +{{- if not (eq $fmted "") }} +{{ $key }}: {{ $fmted | toYaml }} +{{- end }} +{{- end }} +{{- end -}} + +{{/* +Argo Params Default Configuration Presets +NOTE: Configuration keys must be stored as dict because YAML treats dot as separator +*/}} +{{- define "argo-cd.config.params.presets" -}} +{{- $presets := dict -}} +{{- $_ := set $presets "repo.server" (printf "%s:%s" (include "argo-cd.repoServer.fullname" .) (.Values.repoServer.service.port | toString)) -}} +{{- $_ := set $presets "server.repo.server.strict.tls" (.Values.repoServer.certificateSecret.enabled | toString ) -}} +{{- $_ := set $presets "redis.server" (include "argo-cd.redis.server" .) -}} +{{- $_ := set $presets "applicationsetcontroller.enable.leader.election" (gt ((.Values.applicationSet.replicas | default .Values.applicationSet.replicaCount) | int64) 1) -}} +{{- if .Values.dex.enabled -}} +{{- $_ := set $presets "server.dex.server" (include "argo-cd.dex.server" .) -}} +{{- $_ := set $presets "server.dex.server.strict.tls" .Values.dex.certificateSecret.enabled -}} +{{- end -}} +{{- if .Values.commitServer.enabled -}} +{{- $_ := set $presets "commit.server" (printf "%s:%s" (include "argo-cd.commitServer.fullname" .) (.Values.commitServer.service.port | toString)) -}} +{{- end -}} +{{- range $component := tuple "applicationsetcontroller" "controller" "server" "reposerver" "notificationscontroller" "dexserver" "commitserver" -}} +{{- $_ := set $presets (printf "%s.log.format" $component) $.Values.global.logging.format -}} +{{- $_ := set $presets (printf "%s.log.level" $component) $.Values.global.logging.level -}} +{{- end -}} +{{- toYaml $presets }} +{{- end -}} + +{{/* +Merge Argo Params Configuration with Preset Configuration +*/}} +{{- define "argo-cd.config.params" -}} +{{- $config := omit .Values.configs.params "create" "annotations" }} +{{- $preset := include "argo-cd.config.params.presets" . | fromYaml | default dict -}} +{{- range $key, $value := mergeOverwrite $preset $config }} +{{ $key }}: {{ toString $value | toYaml }} +{{- end }} +{{- end -}} + +{{/* +Expand the namespace of the release. +Allows overriding it for multi-namespace deployments in combined charts. +*/}} +{{- define "argo-cd.namespace" -}} +{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}} +{{- end }} + +{{/* +Dual stack definition +*/}} +{{- define "argo-cd.dualStack" -}} +{{- with .Values.global.dualStack.ipFamilyPolicy }} +ipFamilyPolicy: {{ . }} +{{- end }} +{{- with .Values.global.dualStack.ipFamilies }} +ipFamilies: {{ toYaml . | nindent 4 }} +{{- end }} +{{- end }} + +{{/* +secretKeyRef of env variable REDIS_USERNAME +*/}} +{{- define "argo-cd.redisUsernameSecretRef" -}} + {{- if .Values.externalRedis.host -}} +name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} +key: redis-username +optional: {{ if .Values.externalRedis.username }}false{{ else }}true{{ end }} + + {{- else -}} +name: "argocd-redis" +key: redis-username +optional: true + {{- end -}} +{{- end -}} + +{{/* +secretKeyRef of env variable REDIS_PASSWORD +*/}} +{{- define "argo-cd.redisPasswordSecretRef" -}} + {{- if .Values.externalRedis.host -}} + {{- /* External Redis use case */ -}} + {{- /* Secret is required when specifying existingSecret or a password, otherwise it is optional */ -}} +name: {{ default "argocd-redis" .Values.externalRedis.existingSecret }} +key: redis-password +optional: {{ if or .Values.externalRedis.existingSecret .Values.externalRedis.password }}false{{ else }}true{{ end }} + + {{- else if and .Values.redisSecretInit.enabled -}} + {{- /* Default case where Secret is generated by the Job with Helm pre-install hooks */ -}} +name: "argocd-redis" # hard-coded in Job command and embedded Redis deployments (standalone and redis-ha) +key: auth +optional: false # Secret is not optional in this case ! + + {{- else -}} + {{- /* All other use cases (e.g. disabled pre-install Job) */ -}} +name: "argocd-redis" +key: auth +optional: true + {{- end -}} +{{- end -}} diff --git a/astroshop-platform/argocd-helmchart/templates/_versions.tpl b/astroshop-platform/argocd-helmchart/templates/_versions.tpl new file mode 100644 index 0000000..966dad9 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/_versions.tpl @@ -0,0 +1,7 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Return the target Kubernetes version +*/}} +{{- define "argo-cd.kubeVersion" -}} +{{- default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/aggregate-roles.yaml b/astroshop-platform/argocd-helmchart/templates/aggregate-roles.yaml new file mode 100644 index 0000000..12d0e00 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/aggregate-roles.yaml @@ -0,0 +1,70 @@ +{{- if .Values.createAggregateRoles }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "argo-cd.fullname" . }}-aggregate-to-view + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" + {{- include "argo-cd.labels" (dict "context" .) | nindent 4 }} +rules: +- apiGroups: + - argoproj.io + resources: + - applications + - applicationsets + - appprojects + verbs: + - get + - list + - watch + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "argo-cd.fullname" . }}-aggregate-to-edit + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" + {{- include "argo-cd.labels" (dict "context" .) | nindent 4 }} +rules: +- apiGroups: + - argoproj.io + resources: + - applications + - applicationsets + - appprojects + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "argo-cd.fullname" . }}-aggregate-to-admin + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + {{- include "argo-cd.labels" (dict "context" .) | nindent 4 }} +rules: +- apiGroups: + - argoproj.io + resources: + - applications + - applicationsets + - appprojects + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-application-controller/clusterrole.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-application-controller/clusterrole.yaml new file mode 100644 index 0000000..615b56f --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-application-controller/clusterrole.yaml @@ -0,0 +1,23 @@ +{{- if .Values.createClusterRoles }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "argo-cd.controller.fullname" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} +rules: + {{- if .Values.controller.clusterRoleRules.enabled }} + {{- toYaml .Values.controller.clusterRoleRules.rules | nindent 2 }} + {{- else }} + - apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' + - nonResourceURLs: + - '*' + verbs: + - '*' + {{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-application-controller/clusterrolebinding.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-application-controller/clusterrolebinding.yaml new file mode 100644 index 0000000..6076c53 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-application-controller/clusterrolebinding.yaml @@ -0,0 +1,16 @@ +{{- if .Values.createClusterRoles }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "argo-cd.controller.fullname" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "argo-cd.controller.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "argo-cd.controller.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-application-controller/deployment.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-application-controller/deployment.yaml new file mode 100644 index 0000000..9e8383a --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-application-controller/deployment.yaml @@ -0,0 +1,453 @@ +{{- if .Values.controller.dynamicClusterDistribution }} +apiVersion: apps/v1 +kind: Deployment +metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.controller.deploymentAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + name: {{ template "argo-cd.controller.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentLabels) .Values.controller.deploymentLabels) }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.controller.replicas }} + revisionHistoryLimit: {{ .Values.controller.revisionHistoryLimit | default .Values.global.revisionHistoryLimit }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }} + template: + metadata: + annotations: + checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }} + {{- if .Values.configs.cm.create }} + checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }} + {{- end }} + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.controller.podAnnotations) }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 8 }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.controller.podLabels) }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.controller.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} + {{- with .Values.controller.imagePullSecrets | default .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.priorityClassName | default .Values.global.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + {{- if .Values.controller.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} + {{- end }} + serviceAccountName: {{ include "argo-cd.controller.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.controller.automountServiceAccountToken }} + containers: + - args: + - /usr/local/bin/argocd-application-controller + - --metrics-port={{ .Values.controller.containerPorts.metrics }} + {{- if .Values.controller.metrics.applicationLabels.enabled }} + {{- range .Values.controller.metrics.applicationLabels.labels }} + - --metrics-application-labels + - {{ . }} + {{- end }} + {{- end }} + {{- with .Values.controller.extraArgs }} + {{- toYaml . | nindent 8 }} + {{- end }} + image: {{ default .Values.global.image.repository .Values.controller.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.controller.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.controller.image.imagePullPolicy }} + name: {{ .Values.controller.name }} + env: + {{- with (concat .Values.global.env .Values.controller.env) }} + {{- toYaml . | nindent 10 }} + {{- end }} + - name: ARGOCD_ENABLE_DYNAMIC_CLUSTER_DISTRIBUTION + value: "true" + - name: ARGOCD_CONTROLLER_HEARTBEAT_TIME + value: {{ .Values.controller.heartbeatTime | quote }} + - name: ARGOCD_APPLICATION_CONTROLLER_NAME + value: {{ template "argo-cd.controller.fullname" . }} + - name: ARGOCD_RECONCILIATION_TIMEOUT + valueFrom: + configMapKeyRef: + name: argocd-cm + key: timeout.reconciliation + optional: true + - name: ARGOCD_HARD_RECONCILIATION_TIMEOUT + valueFrom: + configMapKeyRef: + name: argocd-cm + key: timeout.hard.reconciliation + optional: true + - name: ARGOCD_RECONCILIATION_JITTER + valueFrom: + configMapKeyRef: + key: timeout.reconciliation.jitter + name: argocd-cm + optional: true + - name: ARGOCD_REPO_ERROR_GRACE_PERIOD_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.repo.error.grace.period.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: repo.server + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.repo.server.timeout.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_STATUS_PROCESSORS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.status.processors + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OPERATION_PROCESSORS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.operation.processors + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_LOGFORMAT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.log.format + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_LOGLEVEL + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.log.level + optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: log.format.timestamp + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.metrics.cache.expiration + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.timeout.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.backoff.timeout.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_FACTOR + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.backoff.factor + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_CAP_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.backoff.cap.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_COOLDOWN_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.backoff.cooldown.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SYNC_TIMEOUT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.sync.timeout.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.repo.server.plaintext + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_STRICT_TLS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.repo.server.strict.tls + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_PERSIST_RESOURCE_HEALTH + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.resource.health.persist + optional: true + - name: ARGOCD_APP_STATE_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.app.state.cache.expiration + optional: true + - name: REDIS_SERVER + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: redis.server + optional: true + - name: REDIS_COMPRESSION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: redis.compression + optional: true + - name: REDISDB + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: redis.db + optional: true + - name: REDIS_USERNAME + valueFrom: + secretKeyRef: + {{- include "argo-cd.redisUsernameSecretRef" . | nindent 16 }} + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + {{- include "argo-cd.redisPasswordSecretRef" . | nindent 16 }} + - name: REDIS_SENTINEL_USERNAME + valueFrom: + secretKeyRef: + name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + key: redis-sentinel-username + optional: true + - name: REDIS_SENTINEL_PASSWORD + valueFrom: + secretKeyRef: + name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + key: redis-sentinel-password + optional: true + - name: ARGOCD_DEFAULT_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.default.cache.expiration + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.address + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_INSECURE + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.insecure + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_HEADERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.headers + optional: true + - name: ARGOCD_APPLICATION_NAMESPACES + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: application.namespaces + optional: true + - name: ARGOCD_CONTROLLER_SHARDING_ALGORITHM + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.sharding.algorithm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_KUBECTL_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.kubectl.parallelism.limit + optional: true + - name: ARGOCD_K8SCLIENT_RETRY_MAX + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.k8sclient.retry.max + optional: true + - name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.k8sclient.retry.base.backoff + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SERVER_SIDE_DIFF + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.diff.server.side + optional: true + - name: ARGOCD_IGNORE_NORMALIZER_JQ_TIMEOUT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.ignore.normalizer.jq.timeout + optional: true + - name: ARGOCD_HYDRATOR_ENABLED + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: hydrator.enabled + optional: true + - name: ARGOCD_CLUSTER_CACHE_BATCH_EVENTS_PROCESSING + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.cluster.cache.batch.events.processing + optional: true + - name: ARGOCD_CLUSTER_CACHE_EVENTS_PROCESSING_INTERVAL + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.cluster.cache.events.processing.interval + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_COMMIT_SERVER + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: commit.server + optional: true + {{- with .Values.controller.envFrom }} + envFrom: + {{- toYaml . | nindent 10 }} + {{- end }} + ports: + - name: metrics + containerPort: {{ .Values.controller.containerPorts.metrics }} + protocol: TCP + readinessProbe: + httpGet: + path: /healthz + port: metrics + initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.controller.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} + resources: + {{- toYaml .Values.controller.resources | nindent 10 }} + {{- with .Values.controller.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + workingDir: /home/argocd + volumeMounts: + {{- with .Values.controller.volumeMounts }} + {{- toYaml . | nindent 8 }} + {{- end }} + - mountPath: /app/config/controller/tls + name: argocd-repo-server-tls + - mountPath: /home/argocd + name: argocd-home + - name: argocd-cmd-params-cm + mountPath: /home/argocd/params + {{- with .Values.controller.extraContainers }} + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + {{- with .Values.controller.initContainers }} + initContainers: + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.controller) }} + affinity: + {{- trim . | nindent 8 }} + {{- end }} + {{- with .Values.controller.nodeSelector | default .Values.global.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.tolerations | default .Values.global.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }} + topologySpreadConstraints: + {{- range $constraint := . }} + - {{ toYaml $constraint | nindent 8 | trim }} + {{- if not $constraint.labelSelector }} + labelSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" $ "name" $.Values.controller.name) | nindent 12 }} + {{- end }} + {{- end }} + {{- end }} + volumes: + {{- with .Values.controller.volumes }} + {{- toYaml . | nindent 6 }} + {{- end }} + - name: argocd-home + {{- if .Values.controller.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.controller.emptyDir.sizeLimit }} + {{- else }} + emptyDir: {} + {{- end }} + + - name: argocd-repo-server-tls + secret: + secretName: argocd-repo-server-tls + optional: true + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + - name: argocd-cmd-params-cm + configMap: + optional: true + name: argocd-cmd-params-cm + items: + - key: controller.profile.enabled + path: profiler.enabled + {{- if .Values.controller.hostNetwork }} + hostNetwork: {{ .Values.controller.hostNetwork }} + {{- end }} + {{- with .Values.controller.dnsConfig }} + dnsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.controller.dnsPolicy }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-application-controller/metrics.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-application-controller/metrics.yaml new file mode 100644 index 0000000..086dfe9 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-application-controller/metrics.yaml @@ -0,0 +1,35 @@ +{{- if .Values.controller.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "argo-cd.controller.fullname" . }}-metrics + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" "metrics") | nindent 4 }} + {{- with .Values.controller.metrics.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.controller.metrics.service.annotations .Values.global.addPrometheusAnnotations }} + annotations: + {{- if .Values.global.addPrometheusAnnotations }} + prometheus.io/port: {{ .Values.controller.metrics.service.servicePort | quote }} + prometheus.io/scrape: "true" + {{- end }} + {{- range $key, $value := .Values.controller.metrics.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.controller.metrics.service.type }} + {{- if and .Values.controller.metrics.service.clusterIP (eq .Values.controller.metrics.service.type "ClusterIP") }} + clusterIP: {{ .Values.controller.metrics.service.clusterIP }} + {{- end }} + {{- include "argo-cd.dualStack" . | indent 2 }} + ports: + - name: {{ .Values.controller.metrics.service.portName }} + protocol: TCP + port: {{ .Values.controller.metrics.service.servicePort }} + targetPort: metrics + selector: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 4 }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-application-controller/networkpolicy.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-application-controller/networkpolicy.yaml new file mode 100644 index 0000000..cd710ab --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-application-controller/networkpolicy.yaml @@ -0,0 +1,20 @@ +{{- if or .Values.controller.networkPolicy.create .Values.global.networkPolicy.create }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} + name: {{ template "argo-cd.controller.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} +spec: + ingress: + - from: + - namespaceSelector: {} + ports: + - port: metrics + podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }} + policyTypes: + - Ingress +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-application-controller/pdb.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-application-controller/pdb.yaml new file mode 100644 index 0000000..bef0979 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-application-controller/pdb.yaml @@ -0,0 +1,27 @@ +{{- if .Values.controller.pdb.enabled }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "argo-cd.controller.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} + {{- with .Values.controller.pdb.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.controller.pdb.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + {{- with .Values.controller.pdb.maxUnavailable }} + maxUnavailable: {{ . }} + {{- else }} + minAvailable: {{ .Values.controller.pdb.minAvailable | default 0 }} + {{- end }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-application-controller/prometheusrule.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-application-controller/prometheusrule.yaml new file mode 100644 index 0000000..6ddc7f4 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-application-controller/prometheusrule.yaml @@ -0,0 +1,24 @@ +{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.controller.metrics.enabled .Values.controller.metrics.rules.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ template "argo-cd.controller.fullname" . }} + namespace: {{ default (include "argo-cd.namespace" .) .Values.controller.metrics.rules.namespace | quote }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} + {{- if .Values.controller.metrics.rules.selector }} +{{- toYaml .Values.controller.metrics.rules.selector | nindent 4 }} + {{- end }} + {{- if .Values.controller.metrics.rules.additionalLabels }} +{{- toYaml .Values.controller.metrics.rules.additionalLabels | nindent 4 }} + {{- end }} + {{- with .Values.controller.metrics.rules.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + groups: + - name: argocd + rules: +{{- toYaml .Values.controller.metrics.rules.spec | nindent 4 }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-application-controller/role.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-application-controller/role.yaml new file mode 100644 index 0000000..9165e96 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-application-controller/role.yaml @@ -0,0 +1,64 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "argo-cd.controller.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} +rules: +{{- with .Values.controller.roleRules }} +{{- toYaml . | nindent 2 }} +{{- else }} +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - argoproj.io + resources: + - applications + - applicationsets + - appprojects + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - list +- apiGroups: + - apps + resources: + - deployments + verbs: + - get + - list + - watch +{{- if and (not .Values.createClusterRoles) .Values.controller.dynamicClusterDistribution }} +- apiGroups: + - "" + resources: + - configmaps + resourceNames: + - argocd-app-controller-shard-cm + verbs: + - get + - list + - watch + - create + - update +{{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-application-controller/rolebinding.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-application-controller/rolebinding.yaml new file mode 100644 index 0000000..4868163 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-application-controller/rolebinding.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "argo-cd.controller.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "argo-cd.controller.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ include "argo-cd.controller.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-application-controller/serviceaccount.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-application-controller/serviceaccount.yaml new file mode 100644 index 0000000..575cbf6 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-application-controller/serviceaccount.yaml @@ -0,0 +1,19 @@ +{{- if .Values.controller.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.controller.serviceAccount.automountServiceAccountToken }} +metadata: + name: {{ include "argo-cd.controller.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} + {{- with .Values.controller.serviceAccount.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} + {{- with .Values.controller.serviceAccount.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-application-controller/servicemonitor.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-application-controller/servicemonitor.yaml new file mode 100644 index 0000000..d191247 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-application-controller/servicemonitor.yaml @@ -0,0 +1,51 @@ +{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.controller.metrics.enabled .Values.controller.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "argo-cd.controller.fullname" . }} + namespace: {{ default (include "argo-cd.namespace" .) .Values.controller.metrics.serviceMonitor.namespace | quote }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} + {{- with .Values.controller.metrics.serviceMonitor.selector }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.controller.metrics.serviceMonitor.additionalLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.controller.metrics.serviceMonitor.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + endpoints: + - port: {{ .Values.controller.metrics.service.portName }} + {{- with .Values.controller.metrics.serviceMonitor.interval }} + interval: {{ . }} + {{- end }} + {{- with .Values.controller.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ . }} + {{- end }} + path: /metrics + {{- with .Values.controller.metrics.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + honorLabels: {{ .Values.controller.metrics.serviceMonitor.honorLabels }} + {{- with .Values.controller.metrics.serviceMonitor.scheme }} + scheme: {{ . }} + {{- end }} + {{- with .Values.controller.metrics.serviceMonitor.tlsConfig }} + tlsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ include "argo-cd.namespace" . }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.controller.name "name" "metrics") | nindent 6 }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-application-controller/statefulset.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-application-controller/statefulset.yaml new file mode 100644 index 0000000..2598424 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-application-controller/statefulset.yaml @@ -0,0 +1,465 @@ +{{- if not .Values.controller.dynamicClusterDistribution | default false }} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.statefulsetAnnotations) .Values.controller.statefulsetAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + name: {{ template "argo-cd.controller.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} +spec: + replicas: {{ .Values.controller.replicas }} + revisionHistoryLimit: {{ .Values.controller.revisionHistoryLimit | default .Values.global.revisionHistoryLimit }} + serviceName: {{ include "argo-cd.controller.fullname" . }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }} + template: + metadata: + annotations: + checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }} + {{- if .Values.configs.cm.create }} + checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }} + {{- end }} + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.controller.podAnnotations) }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 8 }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.controller.podLabels) }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.controller.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} + {{- with .Values.controller.imagePullSecrets | default .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.priorityClassName | default .Values.global.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + {{- if .Values.controller.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} + {{- end }} + serviceAccountName: {{ include "argo-cd.controller.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.controller.automountServiceAccountToken }} + containers: + - args: + - /usr/local/bin/argocd-application-controller + - --metrics-port={{ .Values.controller.containerPorts.metrics }} + {{- if .Values.controller.metrics.applicationLabels.enabled }} + {{- range .Values.controller.metrics.applicationLabels.labels }} + - --metrics-application-labels + - {{ . }} + {{- end }} + {{- end }} + {{- with .Values.controller.extraArgs }} + {{- toYaml . | nindent 8 }} + {{- end }} + image: {{ default .Values.global.image.repository .Values.controller.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.controller.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.controller.image.imagePullPolicy }} + name: {{ .Values.controller.name }} + env: + {{- with (concat .Values.global.env .Values.controller.env) }} + {{- toYaml . | nindent 10 }} + {{- end }} + - name: ARGOCD_CONTROLLER_REPLICAS + value: {{ .Values.controller.replicas | quote }} + - name: ARGOCD_APPLICATION_CONTROLLER_NAME + value: {{ template "argo-cd.controller.fullname" . }} + - name: ARGOCD_RECONCILIATION_TIMEOUT + valueFrom: + configMapKeyRef: + name: argocd-cm + key: timeout.reconciliation + optional: true + - name: ARGOCD_HARD_RECONCILIATION_TIMEOUT + valueFrom: + configMapKeyRef: + name: argocd-cm + key: timeout.hard.reconciliation + optional: true + - name: ARGOCD_RECONCILIATION_JITTER + valueFrom: + configMapKeyRef: + key: timeout.reconciliation.jitter + name: argocd-cm + optional: true + - name: ARGOCD_REPO_ERROR_GRACE_PERIOD_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.repo.error.grace.period.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: repo.server + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.repo.server.timeout.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_STATUS_PROCESSORS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.status.processors + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OPERATION_PROCESSORS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.operation.processors + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_LOGFORMAT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.log.format + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_LOGLEVEL + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.log.level + optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: log.format.timestamp + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.metrics.cache.expiration + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.timeout.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.backoff.timeout.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_FACTOR + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.backoff.factor + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_CAP_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.backoff.cap.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_COOLDOWN_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.self.heal.backoff.cooldown.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SYNC_TIMEOUT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.sync.timeout.seconds + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.repo.server.plaintext + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_STRICT_TLS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.repo.server.strict.tls + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_PERSIST_RESOURCE_HEALTH + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.resource.health.persist + optional: true + - name: ARGOCD_APP_STATE_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.app.state.cache.expiration + optional: true + - name: REDIS_SERVER + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: redis.server + optional: true + - name: REDIS_COMPRESSION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: redis.compression + optional: true + - name: REDISDB + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: redis.db + optional: true + - name: REDIS_USERNAME + valueFrom: + secretKeyRef: + {{- include "argo-cd.redisUsernameSecretRef" . | nindent 16 }} + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + {{- include "argo-cd.redisPasswordSecretRef" . | nindent 16 }} + - name: REDIS_SENTINEL_USERNAME + valueFrom: + secretKeyRef: + name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + key: redis-sentinel-username + optional: true + - name: REDIS_SENTINEL_PASSWORD + valueFrom: + secretKeyRef: + name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + key: redis-sentinel-password + optional: true + - name: ARGOCD_DEFAULT_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.default.cache.expiration + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.address + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_INSECURE + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.insecure + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_HEADERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.headers + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_ATTRS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.attrs + optional: true + - name: ARGOCD_APPLICATION_NAMESPACES + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: application.namespaces + optional: true + - name: ARGOCD_CONTROLLER_SHARDING_ALGORITHM + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.sharding.algorithm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_KUBECTL_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.kubectl.parallelism.limit + optional: true + - name: ARGOCD_K8SCLIENT_RETRY_MAX + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.k8sclient.retry.max + optional: true + - name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.k8sclient.retry.base.backoff + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SERVER_SIDE_DIFF + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.diff.server.side + optional: true + - name: ARGOCD_IGNORE_NORMALIZER_JQ_TIMEOUT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.ignore.normalizer.jq.timeout + optional: true + - name: ARGOCD_HYDRATOR_ENABLED + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: hydrator.enabled + optional: true + - name: ARGOCD_CLUSTER_CACHE_BATCH_EVENTS_PROCESSING + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.cluster.cache.batch.events.processing + optional: true + - name: ARGOCD_CLUSTER_CACHE_EVENTS_PROCESSING_INTERVAL + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.cluster.cache.events.processing.interval + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_COMMIT_SERVER + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: commit.server + optional: true + - name: KUBECACHEDIR + value: /tmp/kubecache + {{- with .Values.controller.envFrom }} + envFrom: + {{- toYaml . | nindent 10 }} + {{- end }} + ports: + - name: metrics + containerPort: {{ .Values.controller.containerPorts.metrics }} + protocol: TCP + readinessProbe: + httpGet: + path: /healthz + port: metrics + initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.controller.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} + resources: + {{- toYaml .Values.controller.resources | nindent 10 }} + {{- with .Values.controller.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + workingDir: /home/argocd + volumeMounts: + {{- with .Values.controller.volumeMounts }} + {{- toYaml . | nindent 8 }} + {{- end }} + - mountPath: /app/config/controller/tls + name: argocd-repo-server-tls + - mountPath: /home/argocd + name: argocd-home + - name: argocd-cmd-params-cm + mountPath: /home/argocd/params + - name: argocd-application-controller-tmp + mountPath: /tmp + {{- with .Values.controller.extraContainers }} + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + {{- with .Values.controller.initContainers }} + initContainers: + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.controller) }} + affinity: + {{- trim . | nindent 8 }} + {{- end }} + {{- with .Values.controller.nodeSelector | default .Values.global.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.tolerations | default .Values.global.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }} + topologySpreadConstraints: + {{- range $constraint := . }} + - {{ toYaml $constraint | nindent 8 | trim }} + {{- if not $constraint.labelSelector }} + labelSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" $ "name" $.Values.controller.name) | nindent 12 }} + {{- end }} + {{- end }} + {{- end }} + volumes: + {{- with .Values.controller.volumes }} + {{- toYaml . | nindent 6 }} + {{- end }} + - name: argocd-home + {{- if .Values.controller.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.controller.emptyDir.sizeLimit }} + {{- else }} + emptyDir: {} + {{- end }} + - name: argocd-application-controller-tmp + {{- if .Values.controller.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.controller.emptyDir.sizeLimit }} + {{- else }} + emptyDir: {} + {{- end }} + - name: argocd-repo-server-tls + secret: + secretName: argocd-repo-server-tls + optional: true + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + - name: argocd-cmd-params-cm + configMap: + optional: true + name: argocd-cmd-params-cm + items: + - key: controller.profile.enabled + path: profiler.enabled + {{- if .Values.controller.hostNetwork }} + hostNetwork: {{ .Values.controller.hostNetwork }} + {{- end }} + {{- with .Values.controller.dnsConfig }} + dnsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.controller.dnsPolicy }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-application-controller/vpa.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-application-controller/vpa.yaml new file mode 100644 index 0000000..c5cf402 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-application-controller/vpa.yaml @@ -0,0 +1,33 @@ +{{- if and (.Values.controller.vpa) (.Values.controller.vpa.enabled) }} +apiVersion: autoscaling.k8s.io/v1 +kind: VerticalPodAutoscaler +metadata: + name: {{ include "argo-cd.controller.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} + {{- with .Values.controller.vpa.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.controller.vpa.annotations }} + annnotaions: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + targetRef: + apiVersion: "apps/v1" + {{- if .Values.controller.dynamicClusterDistribution }} + kind: Deployment + {{- else }} + kind: StatefulSet + {{- end }} + name: {{ template "argo-cd.controller.fullname" . }} + updatePolicy: + updateMode: {{ .Values.controller.vpa.updateMode }} + resourcePolicy: + containerPolicies: + - containerName: {{ .Values.controller.name }} + {{ with .Values.controller.vpa.containerPolicy }} + {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-applicationset/certificate.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-applicationset/certificate.yaml new file mode 100644 index 0000000..fce26bf --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-applicationset/certificate.yaml @@ -0,0 +1,39 @@ +{{- if .Values.applicationSet.certificate.enabled -}} +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.certificateAnnotations) .Values.applicationSet.certificate.annotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + name: {{ template "argo-cd.applicationSet.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} +spec: + secretName: argocd-applicationset-controller-tls + commonName: {{ .Values.applicationSet.certificate.domain | default .Values.global.domain }} + dnsNames: + - {{ .Values.applicationSet.certificate.domain | default .Values.global.domain }} + {{- range .Values.applicationSet.certificate.additionalHosts }} + - {{ . | quote }} + {{- end }} + {{- with .Values.applicationSet.certificate.duration }} + duration: {{ . | quote }} + {{- end }} + {{- with .Values.applicationSet.certificate.renewBefore }} + renewBefore: {{ . | quote }} + {{- end }} + issuerRef: + {{- with .Values.applicationSet.certificate.issuer.group }} + group: {{ . | quote }} + {{- end }} + kind: {{ .Values.applicationSet.certificate.issuer.kind | quote }} + name: {{ .Values.applicationSet.certificate.issuer.name | quote }} + {{- with .Values.applicationSet.certificate.privateKey }} + privateKey: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-applicationset/clusterrole.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-applicationset/clusterrole.yaml new file mode 100644 index 0000000..2723e3d --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-applicationset/clusterrole.yaml @@ -0,0 +1,90 @@ +{{- if .Values.applicationSet.allowAnyNamespace }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "argo-cd.applicationSet.fullname" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} +rules: + - apiGroups: + - argoproj.io + resources: + - applications + - applicationsets + - applicationsets/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - argoproj.io + resources: + - applicationsets/status + verbs: + - get + - patch + - update + - apiGroups: + - argoproj.io + resources: + - appprojects + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - update + - delete + - get + - list + - patch + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - apps + - extensions + resources: + - deployments + verbs: + - get + - list + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-applicationset/clusterrolebinding.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-applicationset/clusterrolebinding.yaml new file mode 100644 index 0000000..9dcae8d --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-applicationset/clusterrolebinding.yaml @@ -0,0 +1,16 @@ +{{- if .Values.applicationSet.allowAnyNamespace }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "argo-cd.applicationSet.fullname" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "argo-cd.applicationSet.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "argo-cd.applicationSet.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-applicationset/deployment.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-applicationset/deployment.yaml new file mode 100644 index 0000000..42b17b6 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-applicationset/deployment.yaml @@ -0,0 +1,375 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.applicationSet.deploymentAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + name: {{ include "argo-cd.applicationSet.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentLabels) .Values.applicationSet.deploymentLabels) }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- with include "argo-cd.strategy" (mergeOverwrite (deepCopy .Values.global.deploymentStrategy) .Values.applicationSet.deploymentStrategy) }} + strategy: + {{- trim . | nindent 4 }} + {{- end }} + replicas: {{ .Values.applicationSet.replicas }} + revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 6 }} + template: + metadata: + annotations: + checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }} + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.applicationSet.podAnnotations) }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 8 }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.applicationSet.podLabels) }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.applicationSet.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} + {{- with .Values.applicationSet.imagePullSecrets | default .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.applicationSet.priorityClassName | default .Values.global.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + {{- if .Values.applicationSet.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.applicationSet.terminationGracePeriodSeconds }} + {{- end }} + serviceAccountName: {{ include "argo-cd.applicationSet.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.applicationSet.automountServiceAccountToken }} + containers: + - name: {{ .Values.applicationSet.name }} + image: {{ default .Values.global.image.repository .Values.applicationSet.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.applicationSet.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.applicationSet.image.imagePullPolicy }} + args: + - /usr/local/bin/argocd-applicationset-controller + - --metrics-addr=:{{ .Values.applicationSet.containerPorts.metrics }} + - --probe-addr=:{{ .Values.applicationSet.containerPorts.probe }} + - --webhook-addr=:{{ .Values.applicationSet.containerPorts.webhook }} + {{- with .Values.applicationSet.extraArgs }} + {{- toYaml . | nindent 12 }} + {{- end }} + env: + {{- with (concat .Values.global.env .Values.applicationSet.extraEnv) }} + {{- toYaml . | nindent 12 }} + {{- end }} + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_ANNOTATIONS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.global.preserved.annotations + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_LABELS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.global.preserved.labels + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_LEADER_ELECTION + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.leader.election + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER + valueFrom: + configMapKeyRef: + key: repo.server + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_POLICY + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.policy + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_POLICY_OVERRIDE + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.policy.override + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_DEBUG + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.debug + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.log.level + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: log.format.timestamp + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_DRY_RUN + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.dryrun + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_GIT_MODULES_ENABLED + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.git.submodule + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_PROGRESSIVE_SYNCS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.progressive.syncs + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_TOKENREF_STRICT_MODE + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.tokenref.strict.mode + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.new.git.file.globbing + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.repo.server.plaintext + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_STRICT_TLS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.repo.server.strict.tls + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.repo.server.timeout.seconds + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_CONCURRENT_RECONCILIATIONS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.concurrent.reconciliations.max + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_NAMESPACES + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.namespaces + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.scm.root.ca.path + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.allowed.scm.providers + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.enable.scm.providers + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_GITHUB_API_METRICS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.enable.github.api.metrics + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_WEBHOOK_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.webhook.parallelism.limit + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_REQUEUE_AFTER + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.requeue.after + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_MAX_RESOURCES_STATUS_COUNT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.status.max.resources.count + optional: true + {{- with .Values.applicationSet.extraEnvFrom }} + envFrom: + {{- toYaml . | nindent 12 }} + {{- end }} + ports: + - name: metrics + containerPort: {{ .Values.applicationSet.containerPorts.metrics }} + protocol: TCP + - name: probe + containerPort: {{ .Values.applicationSet.containerPorts.probe }} + protocol: TCP + - name: webhook + containerPort: {{ .Values.applicationSet.containerPorts.webhook }} + protocol: TCP + {{- if .Values.applicationSet.livenessProbe.enabled }} + livenessProbe: + tcpSocket: + port: probe + initialDelaySeconds: {{ .Values.applicationSet.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.applicationSet.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.applicationSet.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.applicationSet.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.applicationSet.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.applicationSet.readinessProbe.enabled }} + readinessProbe: + tcpSocket: + port: probe + initialDelaySeconds: {{ .Values.applicationSet.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.applicationSet.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.applicationSet.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.applicationSet.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.applicationSet.readinessProbe.failureThreshold }} + {{- end }} + resources: + {{- toYaml .Values.applicationSet.resources | nindent 12 }} + {{- with .Values.applicationSet.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + volumeMounts: + {{- with .Values.applicationSet.extraVolumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + - mountPath: /app/config/ssh + name: ssh-known-hosts + - mountPath: /app/config/tls + name: tls-certs + - mountPath: /app/config/gpg/source + name: gpg-keys + - mountPath: /app/config/gpg/keys + name: gpg-keyring + - mountPath: /app/config/reposerver/tls + name: argocd-repo-server-tls + - mountPath: /tmp + name: tmp + {{- with .Values.applicationSet.extraContainers }} + {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} + {{- with .Values.applicationSet.initContainers }} + initContainers: + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.applicationSet) }} + affinity: + {{- trim . | nindent 8 }} + {{- end }} + {{- with .Values.applicationSet.nodeSelector | default .Values.global.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.applicationSet.tolerations | default .Values.global.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.applicationSet.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }} + topologySpreadConstraints: + {{- range $constraint := . }} + - {{ toYaml $constraint | nindent 8 | trim }} + {{- if not $constraint.labelSelector }} + labelSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" $ "name" $.Values.applicationSet.name) | nindent 12 }} + {{- end }} + {{- end }} + {{- end }} + volumes: + {{- with .Values.applicationSet.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} + - name: ssh-known-hosts + configMap: + name: argocd-ssh-known-hosts-cm + - name: tls-certs + configMap: + name: argocd-tls-certs-cm + - name: gpg-keys + configMap: + name: argocd-gpg-keys-cm + - name: gpg-keyring + {{- if .Values.applicationSet.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.applicationSet.emptyDir.sizeLimit }} + {{- else }} + emptyDir: {} + {{- end }} + - name: tmp + {{- if .Values.applicationSet.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.applicationSet.emptyDir.sizeLimit }} + {{- else }} + emptyDir: {} + {{- end }} + - name: argocd-repo-server-tls + secret: + secretName: argocd-repo-server-tls + optional: true + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + {{- with .Values.applicationSet.dnsConfig }} + dnsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.applicationSet.dnsPolicy }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-applicationset/ingress.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-applicationset/ingress.yaml new file mode 100644 index 0000000..5cdf0cf --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-applicationset/ingress.yaml @@ -0,0 +1,62 @@ +{{- if .Values.applicationSet.ingress.enabled -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "argo-cd.applicationSet.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} + {{- with .Values.applicationSet.ingress.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.applicationSet.ingress.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + {{- with .Values.applicationSet.ingress.ingressClassName }} + ingressClassName: {{ . }} + {{- end }} + rules: + - host: {{ .Values.applicationSet.ingress.hostname | default .Values.global.domain }} + http: + paths: + {{- with .Values.applicationSet.ingress.extraPaths }} + {{- tpl (toYaml .) $ | nindent 10 }} + {{- end }} + - path: {{ .Values.applicationSet.ingress.path }} + pathType: {{ .Values.applicationSet.ingress.pathType }} + backend: + service: + name: {{ include "argo-cd.applicationSet.fullname" . }} + port: + number: {{ .Values.applicationSet.service.port }} + {{- range .Values.applicationSet.ingress.extraHosts }} + - host: {{ .name | quote }} + http: + paths: + - path: {{ default $.Values.applicationSet.ingress.path .path }} + pathType: {{ default $.Values.applicationSet.ingress.pathType .pathType }} + backend: + service: + name: {{ include "argo-cd.applicationSet.fullname" $ }} + port: + number: {{ $.Values.applicationSet.service.port }} + {{- end }} + {{- with .Values.applicationSet.ingress.extraRules }} + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} + {{- if or .Values.applicationSet.ingress.tls .Values.applicationSet.ingress.extraTls }} + tls: + {{- if .Values.applicationSet.ingress.tls }} + - hosts: + - {{ .Values.applicationSet.ingress.hostname | default .Values.global.domain }} + secretName: argocd-applicationset-controller-tls + {{- end }} + {{- with .Values.applicationSet.ingress.extraTls }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-applicationset/metrics.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-applicationset/metrics.yaml new file mode 100644 index 0000000..de5638a --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-applicationset/metrics.yaml @@ -0,0 +1,35 @@ +{{- if .Values.applicationSet.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "argo-cd.applicationSet.fullname" . }}-metrics + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" "metrics") | nindent 4 }} + {{- with .Values.applicationSet.metrics.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.applicationSet.metrics.service.annotations .Values.global.addPrometheusAnnotations }} + annotations: + {{- if .Values.global.addPrometheusAnnotations }} + prometheus.io/port: {{ .Values.applicationSet.metrics.service.servicePort | quote }} + prometheus.io/scrape: "true" + {{- end }} + {{- range $key, $value := .Values.applicationSet.metrics.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.applicationSet.metrics.service.type }} + {{- if and .Values.applicationSet.metrics.service.clusterIP (eq .Values.applicationSet.metrics.service.type "ClusterIP") }} + clusterIP: {{ .Values.applicationSet.metrics.service.clusterIP }} + {{- end }} + {{- include "argo-cd.dualStack" . | indent 2 }} + ports: + - name: {{ .Values.applicationSet.metrics.service.portName }} + protocol: TCP + port: {{ .Values.applicationSet.metrics.service.servicePort }} + targetPort: metrics + selector: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 4 }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-applicationset/networkpolicy.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-applicationset/networkpolicy.yaml new file mode 100644 index 0000000..f249cfc --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-applicationset/networkpolicy.yaml @@ -0,0 +1,24 @@ +{{- if and (or .Values.applicationSet.networkPolicy.create .Values.global.networkPolicy.create) (or .Values.applicationSet.metrics.enabled .Values.applicationSet.ingress.enabled) }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ template "argo-cd.applicationSet.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} +spec: + ingress: + {{- if .Values.applicationSet.ingress.enabled }} + - ports: + - port: webhook + {{- end }} + - from: + - namespaceSelector: {} + ports: + - port: metrics + podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 6 }} + policyTypes: + - Ingress +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-applicationset/pdb.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-applicationset/pdb.yaml new file mode 100644 index 0000000..5d0ebc8 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-applicationset/pdb.yaml @@ -0,0 +1,27 @@ +{{- if .Values.applicationSet.pdb.enabled }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "argo-cd.applicationSet.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} + {{- with .Values.applicationSet.pdb.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.applicationSet.pdb.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + {{- with .Values.applicationSet.pdb.maxUnavailable }} + maxUnavailable: {{ . }} + {{- else }} + minAvailable: {{ .Values.applicationSet.pdb.minAvailable | default 0 }} + {{- end }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 6 }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-applicationset/role.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-applicationset/role.yaml new file mode 100644 index 0000000..d8cfed6 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-applicationset/role.yaml @@ -0,0 +1,89 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "argo-cd.applicationSet.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} +rules: + - apiGroups: + - argoproj.io + resources: + - applications + - applicationsets + - applicationsets/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - argoproj.io + resources: + - applicationsets/status + verbs: + - get + - patch + - update + - apiGroups: + - argoproj.io + resources: + - appprojects + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - update + - delete + - get + - list + - patch + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - apps + - extensions + resources: + - deployments + verbs: + - get + - list + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-applicationset/rolebinding.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-applicationset/rolebinding.yaml new file mode 100644 index 0000000..5d4f1e4 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-applicationset/rolebinding.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "argo-cd.applicationSet.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "argo-cd.applicationSet.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ include "argo-cd.applicationSet.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-applicationset/service.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-applicationset/service.yaml new file mode 100644 index 0000000..bf58c6b --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-applicationset/service.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: Service +metadata: +{{- if .Values.applicationSet.service.annotations }} + annotations: + {{- range $key, $value := .Values.applicationSet.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- end }} + name: {{ template "argo-cd.applicationSet.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} +{{- with .Values.applicationSet.service.labels }} +{{- toYaml . | nindent 4 }} +{{- end }} +spec: + type: {{ .Values.applicationSet.service.type }} + {{- include "argo-cd.dualStack" . | indent 2 }} + ports: + - name: {{ .Values.applicationSet.service.portName }} + port: {{ .Values.applicationSet.service.port }} + targetPort: webhook + selector: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 4 }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-applicationset/serviceaccount.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-applicationset/serviceaccount.yaml new file mode 100644 index 0000000..4869cad --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-applicationset/serviceaccount.yaml @@ -0,0 +1,19 @@ +{{- if .Values.applicationSet.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.applicationSet.serviceAccount.automountServiceAccountToken }} +metadata: + name: {{ include "argo-cd.applicationSet.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} + {{- with .Values.applicationSet.serviceAccount.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} + {{- with .Values.applicationSet.serviceAccount.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-applicationset/servicemonitor.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-applicationset/servicemonitor.yaml new file mode 100644 index 0000000..52d7070 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-applicationset/servicemonitor.yaml @@ -0,0 +1,51 @@ +{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.applicationSet.metrics.enabled .Values.applicationSet.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "argo-cd.applicationSet.fullname" . }} + namespace: {{ default (include "argo-cd.namespace" .) .Values.applicationSet.metrics.serviceMonitor.namespace | quote }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} + {{- with .Values.applicationSet.metrics.serviceMonitor.selector }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.applicationSet.metrics.serviceMonitor.additionalLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.applicationSet.metrics.serviceMonitor.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + endpoints: + - port: {{ .Values.applicationSet.metrics.service.portName }} + {{- with .Values.applicationSet.metrics.serviceMonitor.interval }} + interval: {{ . }} + {{- end }} + {{- with .Values.applicationSet.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ . }} + {{- end }} + path: /metrics + {{- with .Values.applicationSet.metrics.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.applicationSet.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + honorLabels: {{ .Values.applicationSet.metrics.serviceMonitor.honorLabels }} + {{- with .Values.applicationSet.metrics.serviceMonitor.scheme }} + scheme: {{ . }} + {{- end }} + {{- with .Values.applicationSet.metrics.serviceMonitor.tlsConfig }} + tlsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ include "argo-cd.namespace" . }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.applicationSet.name "name" "metrics") | nindent 6 }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-commit-server/deployment.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-commit-server/deployment.yaml new file mode 100644 index 0000000..76ea482 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-commit-server/deployment.yaml @@ -0,0 +1,222 @@ +{{- if .Values.commitServer.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.commitServer.deploymentAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + name: {{ template "argo-cd.commitServer.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" .Values.commitServer.name) | nindent 4 }} + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentLabels) .Values.commitServer.deploymentLabels) }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- with include "argo-cd.strategy" (mergeOverwrite (deepCopy .Values.global.deploymentStrategy) .Values.commitServer.deploymentStrategy) }} + strategy: + {{- trim . | nindent 4 }} + {{- end }} + revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 6 }} + template: + metadata: + annotations: + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.commitServer.podAnnotations) }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" .Values.commitServer.name) | nindent 8 }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.commitServer.podLabels) }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.commitServer.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} + {{- with .Values.commitServer.imagePullSecrets | default .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.commitServer.priorityClassName | default .Values.global.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + {{- with .Values.commitServer.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ . }} + {{- end }} + serviceAccountName: {{ include "argo-cd.commitServer.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.commitServer.automountServiceAccountToken }} + containers: + - name: {{ .Values.commitServer.name }} + image: {{ default .Values.global.image.repository .Values.commitServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.commitServer.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.commitServer.image.imagePullPolicy }} + args: + - /usr/local/bin/argocd-commit-server + {{- with .Values.commitServer.extraArgs }} + {{- toYaml . | nindent 8 }} + {{- end }} + env: + {{- with (concat .Values.global.env .Values.commitServer.extraEnv) }} + {{- toYaml . | nindent 10 }} + {{- end }} + - name: ARGOCD_COMMIT_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: commitserver.listen.address + optional: true + - name: ARGOCD_COMMIT_SERVER_METRICS_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: commitserver.metrics.listen.address + optional: true + - name: ARGOCD_COMMIT_SERVER_LOGFORMAT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: commitserver.log.format + optional: true + - name: ARGOCD_COMMIT_SERVER_LOGLEVEL + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: commitserver.log.level + optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: log.format.timestamp + optional: true + {{- with .Values.commitServer.envFrom }} + envFrom: + {{- toYaml . | nindent 10 }} + {{- end }} + ports: + - containerPort: 8086 + name: server + protocol: TCP + - containerPort: 8087 + name: metrics + protocol: TCP + {{- if .Values.commitServer.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: /healthz?full=true + port: 8087 + initialDelaySeconds: {{ .Values.commitServer.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.commitServer.livenessProbe.periodSeconds }} + failureThreshold: {{ .Values.commitServer.livenessProbe.failureThreshold }} + timeoutSeconds: {{ .Values.commitServer.livenessProbe.timeoutSeconds }} + {{- end }} + {{- if .Values.commitServer.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: /healthz + port: 8087 + initialDelaySeconds: {{ .Values.commitServer.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.commitServer.readinessProbe.periodSeconds }} + failureThreshold: {{ .Values.commitServer.readinessProbe.failureThreshold }} + timeoutSeconds: {{ .Values.commitServer.readinessProbe.timeoutSeconds }} + {{- end }} + resources: + {{- toYaml .Values.commitServer.resources | nindent 10 }} + {{- with .Values.commitServer.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.commitServer.lifecycle }} + lifecycle: + {{- toYaml . | nindent 10 }} + {{- end }} + volumeMounts: + {{- with .Values.commitServer.extraVolumeMounts }} + {{- toYaml . | nindent 8 }} + {{- end }} + - name: ssh-known-hosts + mountPath: /app/config/ssh + - name: tls-certs + mountPath: /app/config/tls + - name: gpg-keys + mountPath: /app/config/gpg/source + - name: gpg-keyring + mountPath: /app/config/gpg/keys + # We need a writeable temp directory for the askpass socket file. + - name: tmp + mountPath: /tmp + volumes: + {{- with .Values.commitServer.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} + - name: ssh-known-hosts + configMap: + name: argocd-ssh-known-hosts-cm + - name: tls-certs + configMap: + name: argocd-tls-certs-cm + - name: gpg-keys + configMap: + name: argocd-gpg-keys-cm + - name: gpg-keyring + emptyDir: {} + - name: tmp + emptyDir: {} + - name: argocd-commit-server-tls + secret: + secretName: argocd-commit-server-tls + optional: true + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.commitServer) }} + affinity: + {{- trim . | nindent 8 }} + {{- end }} + {{- with .Values.commitServer.nodeSelector | default .Values.global.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.commitServer.tolerations | default .Values.global.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.commitServer.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }} + topologySpreadConstraints: + {{- range $constraint := . }} + - {{ toYaml $constraint | nindent 8 | trim }} + {{- if not $constraint.labelSelector }} + labelSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" $ "name" $.Values.commitServer.name) | nindent 12 }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.commitServer.hostNetwork }} + hostNetwork: {{ .Values.commitServer.hostNetwork }} + {{- end }} + {{- with .Values.commitServer.dnsConfig }} + dnsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.commitServer.dnsPolicy }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-commit-server/metrics.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-commit-server/metrics.yaml new file mode 100644 index 0000000..7d198a7 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-commit-server/metrics.yaml @@ -0,0 +1,35 @@ +{{- if and .Values.commitServer.enabled .Values.commitServer.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "argo-cd.commitServer.fullname" . }}-metrics + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" "metrics") | nindent 4 }} + {{- with .Values.commitServer.metrics.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.commitServer.metrics.service.annotations .Values.global.addPrometheusAnnotations }} + annotations: + {{- if .Values.global.addPrometheusAnnotations }} + prometheus.io/port: {{ .Values.commitServer.metrics.service.servicePort | quote }} + prometheus.io/scrape: "true" + {{- end }} + {{- range $key, $value := .Values.commitServer.metrics.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.commitServer.metrics.service.type }} + {{- if and .Values.commitServer.metrics.service.clusterIP (eq .Values.commitServer.metrics.service.type "ClusterIP") }} + clusterIP: {{ .Values.commitServer.metrics.service.clusterIP }} + {{- end }} + {{- include "argo-cd.dualStack" . | indent 2 }} + ports: + - name: {{ .Values.commitServer.metrics.service.portName }} + protocol: TCP + port: {{ .Values.commitServer.metrics.service.servicePort }} + targetPort: 8087 + selector: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 4 }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-commit-server/networkpolicy.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-commit-server/networkpolicy.yaml new file mode 100644 index 0000000..1453cf6 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-commit-server/networkpolicy.yaml @@ -0,0 +1,25 @@ +{{- if and .Values.commitServer.enabled (or .Values.commitServer.networkPolicy.create .Values.global.networkPolicy.create)}} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ template "argo-cd.commitServer.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} +spec: + podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 6 }} + policyTypes: + - Ingress + ingress: + - from: + - podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 14 }} + ports: + - protocol: TCP + port: 8086 + - from: + - namespaceSelector: { } + ports: + - port: 8087 +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-commit-server/service.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-commit-server/service.yaml new file mode 100644 index 0000000..d4cca0e --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-commit-server/service.yaml @@ -0,0 +1,26 @@ +{{- if .Values.commitServer.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "argo-cd.commitServer.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" .Values.commitServer.name) | nindent 4 }} + {{- with .Values.commitServer.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.commitServer.service.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + ports: + - name: {{ .Values.commitServer.service.portName }} + protocol: TCP + port: {{ .Values.commitServer.service.port }} + targetPort: server + selector: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.commitServer.name) | nindent 4 }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-commit-server/serviceaccount.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-commit-server/serviceaccount.yaml new file mode 100644 index 0000000..d0cf9e7 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-commit-server/serviceaccount.yaml @@ -0,0 +1,19 @@ +{{- if and .Values.commitServer.enabled .Values.commitServer.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.commitServer.serviceAccount.automountServiceAccountToken }} +metadata: + name: {{ include "argo-cd.commitServer.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} + {{- with .Values.commitServer.serviceAccount.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.commitServer.name "name" .Values.commitServer.name) | nindent 4 }} + {{- with .Values.commitServer.serviceAccount.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-configs/argocd-cm.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-configs/argocd-cm.yaml new file mode 100644 index 0000000..6bd19f5 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-configs/argocd-cm.yaml @@ -0,0 +1,17 @@ +{{- if .Values.configs.cm.create }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: argocd-cm + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "cm") | nindent 4 }} + {{- with .Values.configs.cm.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +data: + {{- include "argo-cd.config.cm" . | trim | nindent 2 }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-configs/argocd-cmd-params-cm.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-configs/argocd-cmd-params-cm.yaml new file mode 100644 index 0000000..f0c81b2 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-configs/argocd-cmd-params-cm.yaml @@ -0,0 +1,17 @@ +{{- if .Values.configs.params.create }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: argocd-cmd-params-cm + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "cmd-params-cm") | nindent 4 }} + {{- if .Values.configs.params.annotations }} + annotations: + {{- range $key, $value := .Values.configs.params.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +data: + {{- include "argo-cd.config.params" . | trim | nindent 2 }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-configs/argocd-cmp-cm.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-configs/argocd-cmp-cm.yaml new file mode 100644 index 0000000..a5d29f6 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-configs/argocd-cmp-cm.yaml @@ -0,0 +1,25 @@ +{{- if .Values.configs.cmp.create }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: argocd-cmp-cm + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" "cmp-cm") | nindent 4 }} + {{- with .Values.configs.cmp.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +data: + {{- range $cmp_plugin, $cmp_plugin_config := .Values.configs.cmp.plugins }} + {{ $cmp_plugin }}.yaml: | + apiVersion: argoproj.io/v1alpha1 + kind: ConfigManagementPlugin + metadata: + name: {{ $cmp_plugin }} + spec: + {{- toYaml $cmp_plugin_config | nindent 6 }} + {{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-configs/argocd-dex-server-tls-secret.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-configs/argocd-dex-server-tls-secret.yaml new file mode 100644 index 0000000..747fa13 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-configs/argocd-dex-server-tls-secret.yaml @@ -0,0 +1,25 @@ +{{- if and .Values.dex.enabled .Values.dex.certificateSecret.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: argocd-dex-server-tls + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" "dex-server-tls") | nindent 4 }} + {{- with .Values.dex.certificateSecret.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.dex.certificateSecret.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +type: kubernetes.io/tls +data: + {{- with .Values.dex.certificateSecret.ca }} + ca.crt: {{ . | b64enc | quote }} + {{- end }} + tls.crt: {{ .Values.dex.certificateSecret.crt | b64enc | quote }} + tls.key: {{ .Values.dex.certificateSecret.key | b64enc | quote }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-configs/argocd-gpg-keys-cm.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-configs/argocd-gpg-keys-cm.yaml new file mode 100644 index 0000000..ed299b5 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-configs/argocd-gpg-keys-cm.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: argocd-gpg-keys-cm + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "name" "gpg-keys-cm") | nindent 4 }} + {{- with .Values.configs.gpg.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +{{- with .Values.configs.gpg.keys }} +data: + {{- toYaml . | nindent 2 }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-configs/argocd-notifications-cm.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-configs/argocd-notifications-cm.yaml new file mode 100644 index 0000000..663862e --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-configs/argocd-notifications-cm.yaml @@ -0,0 +1,28 @@ +{{- if and .Values.notifications.enabled .Values.notifications.cm.create }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: argocd-notifications-cm + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} +data: + context: | + argocdUrl: {{ .Values.notifications.argocdUrl | default (printf "https://%s" .Values.global.domain) }} + {{- with .Values.notifications.context }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.notifications.notifiers }} + {{- toYaml . | nindent 2 }} + {{- end }} + {{- with .Values.notifications.subscriptions }} + subscriptions: | + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.notifications.templates }} + {{- toYaml . | nindent 2 }} + {{- end }} + {{- with .Values.notifications.triggers }} + {{- toYaml . | nindent 2 }} + {{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-configs/argocd-notifications-secret.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-configs/argocd-notifications-secret.yaml new file mode 100644 index 0000000..f64a91f --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-configs/argocd-notifications-secret.yaml @@ -0,0 +1,23 @@ +{{- if and .Values.notifications.enabled .Values.notifications.secret.create }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.notifications.secret.name }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} + {{- with .Values.notifications.secret.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.notifications.secret.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +type: Opaque +stringData: + {{- with .Values.notifications.secret.items }} + {{- toYaml . | nindent 2 }} + {{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-configs/argocd-rbac-cm.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-configs/argocd-rbac-cm.yaml new file mode 100644 index 0000000..ae48404 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-configs/argocd-rbac-cm.yaml @@ -0,0 +1,19 @@ +{{- if .Values.configs.rbac.create }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: argocd-rbac-cm + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "rbac-cm") | nindent 4 }} + {{- with .Values.configs.rbac.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +{{- with (omit .Values.configs.rbac "create" "annotations") }} +data: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-configs/argocd-repo-server-tls-secret.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-configs/argocd-repo-server-tls-secret.yaml new file mode 100644 index 0000000..8635d64 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-configs/argocd-repo-server-tls-secret.yaml @@ -0,0 +1,25 @@ +{{- if .Values.repoServer.certificateSecret.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: argocd-repo-server-tls + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" "repo-server-tls") | nindent 4 }} + {{- with .Values.repoServer.certificateSecret.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.repoServer.certificateSecret.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +type: kubernetes.io/tls +data: + {{- with .Values.repoServer.certificateSecret.ca }} + ca.crt: {{ . | b64enc | quote }} + {{- end }} + tls.crt: {{ .Values.repoServer.certificateSecret.crt | b64enc | quote }} + tls.key: {{ .Values.repoServer.certificateSecret.key | b64enc | quote }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-configs/argocd-secret.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-configs/argocd-secret.yaml new file mode 100644 index 0000000..9462be2 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-configs/argocd-secret.yaml @@ -0,0 +1,49 @@ +{{- if .Values.configs.secret.createSecret }} +apiVersion: v1 +kind: Secret +metadata: + name: argocd-secret + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "secret") | nindent 4 }} + {{- with .Values.configs.secret.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.configs.secret.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +type: Opaque +{{- if or .Values.configs.secret.githubSecret (or .Values.configs.secret.gitlabSecret .Values.configs.secret.bitbucketUUID .Values.configs.secret.bitbucketServerSecret .Values.configs.secret.gogsSecret (and .Values.configs.secret.azureDevops.username .Values.configs.secret.azureDevops.password) .Values.configs.secret.argocdServerAdminPassword .Values.configs.secret.extra) }} +# Setting a blank data again will wipe admin password/key/cert +data: + {{- with .Values.configs.secret.githubSecret }} + webhook.github.secret: {{ . | b64enc }} + {{- end }} + {{- with .Values.configs.secret.gitlabSecret }} + webhook.gitlab.secret: {{ . | b64enc }} + {{- end }} + {{- with .Values.configs.secret.bitbucketServerSecret }} + webhook.bitbucketserver.secret: {{ . | b64enc }} + {{- end }} + {{- with .Values.configs.secret.bitbucketUUID }} + webhook.bitbucket.uuid: {{ . | b64enc }} + {{- end }} + {{- with .Values.configs.secret.gogsSecret }} + webhook.gogs.secret: {{ . | b64enc }} + {{- end }} + {{- if and .Values.configs.secret.azureDevops.username .Values.configs.secret.azureDevops.password }} + webhook.azuredevops.username: {{ .Values.configs.secret.azureDevops.username | b64enc }} + webhook.azuredevops.password: {{ .Values.configs.secret.azureDevops.password | b64enc }} + {{- end }} + {{- if .Values.configs.secret.argocdServerAdminPassword }} + admin.password: {{ .Values.configs.secret.argocdServerAdminPassword | b64enc }} + admin.passwordMtime: {{ default (dateInZone "2006-01-02T15:04:05Z" (now) "UTC") .Values.configs.secret.argocdServerAdminPasswordMtime | b64enc }} + {{- end }} + {{- range $key, $value := .Values.configs.secret.extra }} + {{ $key }}: {{ $value | b64enc }} + {{- end }} +{{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-configs/argocd-server-tls-secret.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-configs/argocd-server-tls-secret.yaml new file mode 100644 index 0000000..9711647 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-configs/argocd-server-tls-secret.yaml @@ -0,0 +1,22 @@ +{{- if and .Values.server.certificateSecret.enabled (not .Values.server.certificate.enabled) }} +apiVersion: v1 +kind: Secret +metadata: + name: argocd-server-tls + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "server-tls") | nindent 4 }} + {{- with .Values.server.certificateSecret.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.server.certificateSecret.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ .Values.server.certificateSecret.crt | b64enc | quote }} + tls.key: {{ .Values.server.certificateSecret.key | b64enc | quote }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml new file mode 100644 index 0000000..0218d40 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml @@ -0,0 +1,21 @@ +{{- if .Values.configs.ssh.create }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: argocd-ssh-known-hosts-cm + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "name" "ssh-known-hosts-cm") | nindent 4 }} + {{- with .Values.configs.ssh.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +data: + ssh_known_hosts: | + {{- .Values.configs.ssh.knownHosts | nindent 4 }} + {{- with .Values.configs.ssh.extraHosts }} + {{- . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-configs/argocd-styles-cm.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-configs/argocd-styles-cm.yaml new file mode 100644 index 0000000..7742154 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-configs/argocd-styles-cm.yaml @@ -0,0 +1,12 @@ +{{- if .Values.configs.styles }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: argocd-styles-cm + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} +data: + custom.styles.css: | + {{- .Values.configs.styles | nindent 4 }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-configs/argocd-tls-certs-cm.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-configs/argocd-tls-certs-cm.yaml new file mode 100644 index 0000000..3aad401 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-configs/argocd-tls-certs-cm.yaml @@ -0,0 +1,19 @@ +{{- if .Values.configs.tls.create }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: argocd-tls-certs-cm + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "name" "tls-certs-cm") | nindent 4 }} + {{- with .Values.configs.tls.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +{{- with .Values.configs.tls.certificates }} +data: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-configs/cluster-secrets.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-configs/cluster-secrets.yaml new file mode 100644 index 0000000..956bbf5 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-configs/cluster-secrets.yaml @@ -0,0 +1,38 @@ +{{- range $cluster_key, $cluster_value := .Values.configs.clusterCredentials }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "argo-cd.name" $ }}-cluster-{{ $cluster_key }} + namespace: {{ include "argo-cd.namespace" $ | quote }} + labels: + {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }} + {{- with $cluster_value.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + argocd.argoproj.io/secret-type: cluster + {{- with $cluster_value.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +type: Opaque +stringData: + {{- if $cluster_value.shard }} + shard: {{ $cluster_value.shard | quote }} + {{- end }} + name: {{ $cluster_key }} + server: {{ required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.server entry is required!" $cluster_value.server }} + {{- if $cluster_value.namespaces }} + namespaces: {{ $cluster_value.namespaces }} + {{- if $cluster_value.clusterResources }} + clusterResources: {{ $cluster_value.clusterResources | quote }} + {{- end }} + {{- end }} + {{- if $cluster_value.project }} + project: {{ $cluster_value.project | quote }} + {{- end }} + config: | + {{- required "A valid .Values.configs.clusterCredentials.CLUSTERNAME.config entry is required!" $cluster_value.config | toRawJson | nindent 4 }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-configs/externalredis-secret.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-configs/externalredis-secret.yaml new file mode 100644 index 0000000..2cfefde --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-configs/externalredis-secret.yaml @@ -0,0 +1,23 @@ +{{- if and (or .Values.externalRedis.username .Values.externalRedis.password) (not .Values.externalRedis.existingSecret) }} +apiVersion: v1 +kind: Secret +metadata: + name: argocd-redis + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }} + {{- with .Values.externalRedis.secretAnnotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +type: Opaque +data: + {{- with .Values.externalRedis.username }} + redis-username: {{ . | b64enc }} + {{- end }} + {{- with .Values.externalRedis.password }} + redis-password: {{ . | b64enc }} + {{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-configs/repository-credentials-secret.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-configs/repository-credentials-secret.yaml new file mode 100644 index 0000000..e4d23f9 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-configs/repository-credentials-secret.yaml @@ -0,0 +1,21 @@ +{{- range $repo_cred_key, $repo_cred_value := .Values.configs.credentialTemplates }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: argocd-repo-creds-{{ $repo_cred_key }} + namespace: {{ include "argo-cd.namespace" $ | quote }} + labels: + argocd.argoproj.io/secret-type: repo-creds + {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }} + {{- with $.Values.configs.credentialTemplatesAnnotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +data: + {{- range $key, $value := $repo_cred_value }} + {{ $key }}: {{ $value | toString | b64enc }} + {{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-configs/repository-secret.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-configs/repository-secret.yaml new file mode 100644 index 0000000..4a77cf1 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-configs/repository-secret.yaml @@ -0,0 +1,21 @@ +{{- range $repo_key, $repo_value := .Values.configs.repositories }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: argocd-repo-{{ $repo_key }} + namespace: {{ include "argo-cd.namespace" $ | quote }} + labels: + argocd.argoproj.io/secret-type: repository + {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }} + {{- with $.Values.configs.repositoriesAnnotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +data: + {{- range $key, $value := $repo_value }} + {{ $key }}: {{ $value | b64enc }} + {{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-notifications/clusterrole.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-notifications/clusterrole.yaml new file mode 100644 index 0000000..eba5973 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-notifications/clusterrole.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.notifications.enabled .Values.createClusterRoles }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "argo-cd.notifications.fullname" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} +rules: + {{- with .Values.notifications.clusterRoleRules.rules }} + {{- toYaml . | nindent 2 }} + {{- end }} + - apiGroups: + - argoproj.io + resources: + - applications + - appprojects + verbs: + - get + - list + - watch + - update + - patch + - apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - list + - watch + {{- if (index .Values.configs.params "application.namespaces") }} + - create + {{- end }} + {{- if .Values.notifications.cm.create }} + - apiGroups: + - "" + resourceNames: + - argocd-notifications-cm + resources: + - configmaps + verbs: + - get + {{- end }} + - apiGroups: + - "" + resourceNames: + - {{ .Values.notifications.secret.name }} + resources: + - secrets + verbs: + - get +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-notifications/clusterrolebinding.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-notifications/clusterrolebinding.yaml new file mode 100644 index 0000000..9a6fa7c --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-notifications/clusterrolebinding.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.notifications.enabled .Values.createClusterRoles }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "argo-cd.notifications.fullname" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "argo-cd.notifications.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "argo-cd.notifications.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-notifications/deployment.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-notifications/deployment.yaml new file mode 100644 index 0000000..4467e65 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-notifications/deployment.yaml @@ -0,0 +1,220 @@ +{{- if .Values.notifications.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.notifications.deploymentAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + name: {{ include "argo-cd.notifications.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentLabels) .Values.notifications.deploymentLabels) }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + replicas: 1 + revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }} + {{- with include "argo-cd.strategy" (mergeOverwrite (deepCopy .Values.global.deploymentStrategy) .Values.notifications.deploymentStrategy) }} + strategy: + {{- trim . | nindent 4 }} + {{- end }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.notifications.name) | nindent 6 }} + template: + metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.notifications.podAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 8 }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.notifications.podLabels) }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.notifications.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} + {{- with .Values.notifications.imagePullSecrets | default .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.notifications.priorityClassName | default .Values.global.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + {{- if .Values.notifications.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.notifications.terminationGracePeriodSeconds }} + {{- end }} + serviceAccountName: {{ include "argo-cd.notifications.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.notifications.automountServiceAccountToken }} + containers: + - name: {{ .Values.notifications.name }} + image: {{ default .Values.global.image.repository .Values.notifications.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.notifications.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.notifications.image.imagePullPolicy }} + args: + - /usr/local/bin/argocd-notifications + - --metrics-port={{ .Values.notifications.containerPorts.metrics }} + - --namespace={{ include "argo-cd.namespace" . }} + - --argocd-repo-server={{ template "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }} + - --secret-name={{ .Values.notifications.secret.name }} + {{- with .Values.notifications.logLevel }} + - --loglevel={{ . }} + {{- end }} + {{- with .Values.notifications.logFormat }} + - --logformat={{ . }} + {{- end }} + {{- range .Values.notifications.extraArgs }} + - {{ . | squote }} + {{- end }} + env: + {{- with (concat .Values.global.env .Values.notifications.extraEnv) }} + {{- toYaml . | nindent 12 }} + {{- end }} + - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: notificationscontroller.log.level + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: notificationscontroller.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: log.format.timestamp + optional: true + - name: ARGOCD_APPLICATION_NAMESPACES + valueFrom: + configMapKeyRef: + key: application.namespaces + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_NOTIFICATION_CONTROLLER_SELF_SERVICE_NOTIFICATION_ENABLED + valueFrom: + configMapKeyRef: + key: notificationscontroller.selfservice.enabled + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_NOTIFICATION_CONTROLLER_REPO_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + key: notificationscontroller.repo.server.plaintext + name: argocd-cmd-params-cm + optional: true + {{- with .Values.notifications.extraEnvFrom }} + envFrom: + {{- toYaml . | nindent 12 }} + {{- end }} + ports: + - name: metrics + containerPort: {{ .Values.notifications.containerPorts.metrics }} + protocol: TCP + {{- if .Values.notifications.livenessProbe.enabled }} + livenessProbe: + tcpSocket: + port: metrics + initialDelaySeconds: {{ .Values.notifications.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.notifications.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.notifications.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.notifications.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.notifications.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.notifications.readinessProbe.enabled }} + readinessProbe: + tcpSocket: + port: metrics + initialDelaySeconds: {{ .Values.notifications.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.notifications.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.notifications.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.notifications.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.notifications.readinessProbe.failureThreshold }} + {{- end }} + resources: + {{- toYaml .Values.notifications.resources | nindent 12 }} + {{- with .Values.notifications.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + workingDir: /app + volumeMounts: + - name: tls-certs + mountPath: /app/config/tls + - name: argocd-repo-server-tls + mountPath: /app/config/reposerver/tls + {{- with .Values.notifications.extraVolumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.notifications.extraContainers }} + {{- tpl (toYaml . ) $ | nindent 8 }} + {{- end }} + {{- with .Values.notifications.initContainers }} + initContainers: + {{- tpl (toYaml . ) $ | nindent 8 }} + {{- end }} + {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.notifications) }} + affinity: + {{- trim . | nindent 8 }} + {{- end }} + {{- with .Values.notifications.nodeSelector | default .Values.global.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.notifications.tolerations | default .Values.global.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.notifications.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }} + topologySpreadConstraints: + {{- range $constraint := . }} + - {{ toYaml $constraint | nindent 8 | trim }} + {{- if not $constraint.labelSelector }} + labelSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" $ "name" $.Values.notifications.name) | nindent 12 }} + {{- end }} + {{- end }} + {{- end }} + volumes: + {{- with .Values.notifications.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} + - name: tls-certs + configMap: + name: argocd-tls-certs-cm + - name: argocd-repo-server-tls + secret: + secretName: argocd-repo-server-tls + optional: true + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + {{- with .Values.notifications.dnsConfig }} + dnsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.notifications.dnsPolicy }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-notifications/metrics.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-notifications/metrics.yaml new file mode 100644 index 0000000..9dd18c8 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-notifications/metrics.yaml @@ -0,0 +1,35 @@ +{{- if and .Values.notifications.enabled .Values.notifications.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "argo-cd.notifications.fullname" . }}-metrics + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" "metrics") | nindent 4 }} + {{- with .Values.notifications.metrics.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.notifications.metrics.service.annotations .Values.global.addPrometheusAnnotations }} + annotations: + {{- if .Values.global.addPrometheusAnnotations }} + prometheus.io/port: {{ .Values.notifications.metrics.port | quote }} + prometheus.io/scrape: "true" + {{- end }} + {{- range $key, $value := .Values.notifications.metrics.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.notifications.metrics.service.type }} + {{- if and .Values.notifications.metrics.service.clusterIP (eq .Values.notifications.metrics.service.type "ClusterIP") }} + clusterIP: {{ .Values.notifications.metrics.service.clusterIP }} + {{- end }} + {{- include "argo-cd.dualStack" . | indent 2 }} + selector: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.notifications.name) | nindent 6 }} + ports: + - name: {{ .Values.notifications.metrics.service.portName }} + protocol: TCP + port: {{ .Values.notifications.metrics.port }} + targetPort: metrics +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-notifications/networkpolicy.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-notifications/networkpolicy.yaml new file mode 100644 index 0000000..1a5df53 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-notifications/networkpolicy.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.notifications.enabled (or .Values.notifications.networkPolicy.create .Values.global.networkPolicy.create) .Values.notifications.metrics.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ template "argo-cd.notifications.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} +spec: + ingress: + - from: + - namespaceSelector: {} + ports: + - port: metrics + podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.notifications.name) | nindent 6 }} + policyTypes: + - Ingress +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-notifications/pdb.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-notifications/pdb.yaml new file mode 100644 index 0000000..4bdf211 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-notifications/pdb.yaml @@ -0,0 +1,27 @@ +{{- if and .Values.notifications.enabled .Values.notifications.pdb.enabled }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "argo-cd.notifications.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} + {{- with .Values.notifications.pdb.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.notifications.pdb.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + {{- with .Values.notifications.pdb.maxUnavailable }} + maxUnavailable: {{ . }} + {{- else }} + minAvailable: {{ .Values.notifications.pdb.minAvailable | default 0 }} + {{- end }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.notifications.name) | nindent 6 }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-notifications/role.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-notifications/role.yaml new file mode 100644 index 0000000..800a937 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-notifications/role.yaml @@ -0,0 +1,45 @@ +{{- if .Values.notifications.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "argo-cd.notifications.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} +rules: +- apiGroups: + - argoproj.io + resources: + - applications + - appprojects + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - list + - watch +- apiGroups: + - "" + resourceNames: + - argocd-notifications-cm + resources: + - configmaps + verbs: + - get +- apiGroups: + - "" + resourceNames: + - {{ .Values.notifications.secret.name }} + resources: + - secrets + verbs: + - get +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-notifications/rolebinding.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-notifications/rolebinding.yaml new file mode 100644 index 0000000..e225962 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-notifications/rolebinding.yaml @@ -0,0 +1,17 @@ +{{- if .Values.notifications.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "argo-cd.notifications.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "argo-cd.notifications.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ include "argo-cd.notifications.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-notifications/serviceaccount.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-notifications/serviceaccount.yaml new file mode 100644 index 0000000..3da8f27 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-notifications/serviceaccount.yaml @@ -0,0 +1,19 @@ +{{- if and .Values.notifications.enabled .Values.notifications.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.notifications.serviceAccount.automountServiceAccountToken }} +metadata: + name: {{ include "argo-cd.notifications.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} + {{- with .Values.notifications.serviceAccount.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} + {{- with .Values.notifications.serviceAccount.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-notifications/servicemonitor.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-notifications/servicemonitor.yaml new file mode 100644 index 0000000..22b882a --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-notifications/servicemonitor.yaml @@ -0,0 +1,51 @@ +{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.notifications.enabled .Values.notifications.metrics.enabled .Values.notifications.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "argo-cd.notifications.fullname" . }} + namespace: {{ default (include "argo-cd.namespace" .) .Values.notifications.metrics.serviceMonitor.namespace | quote }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} + {{- with .Values.notifications.metrics.serviceMonitor.selector }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if .Values.notifications.metrics.serviceMonitor.additionalLabels }} + {{- toYaml .Values.notifications.metrics.serviceMonitor.additionalLabels | nindent 4 }} + {{- end }} + {{- with .Values.notifications.metrics.serviceMonitor.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + endpoints: + - port: {{ .Values.notifications.metrics.service.portName }} + path: /metrics + {{- if .Values.notifications.metrics.serviceMonitor.interval }} + interval: {{ .Values.notifications.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.notifications.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.notifications.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- with .Values.notifications.metrics.serviceMonitor.scheme }} + scheme: {{ . }} + {{- end }} + {{- with .Values.notifications.metrics.serviceMonitor.tlsConfig }} + tlsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.notifications.metrics.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.notifications.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + honorLabels: {{ .Values.notifications.metrics.serviceMonitor.honorLabels }} + namespaceSelector: + matchNames: + - {{ include "argo-cd.namespace" . }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.notifications.name "name" "metrics") | nindent 6 }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-repo-server/clusterrole.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-repo-server/clusterrole.yaml new file mode 100644 index 0000000..23439b1 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-repo-server/clusterrole.yaml @@ -0,0 +1,23 @@ +{{- if and .Values.createClusterRoles .Values.repoServer.clusterRoleRules.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "argo-cd.repoServer.fullname" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} +rules: + {{- with .Values.repoServer.clusterRoleRules.rules }} + {{- toYaml . | nindent 2 }} + {{- else }} + - apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' + - nonResourceURLs: + - '*' + verbs: + - '*' + {{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-repo-server/clusterrolebinding.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-repo-server/clusterrolebinding.yaml new file mode 100644 index 0000000..d8bd88a --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-repo-server/clusterrolebinding.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.createClusterRoles .Values.repoServer.clusterRoleRules.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "argo-cd.repoServer.fullname" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "argo-cd.repoServer.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "argo-cd.repoServer.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-repo-server/deployment.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-repo-server/deployment.yaml new file mode 100644 index 0000000..dc0b170 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-repo-server/deployment.yaml @@ -0,0 +1,537 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.repoServer.deploymentAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + name: {{ template "argo-cd.repoServer.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentLabels) .Values.repoServer.deploymentLabels) }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- with include "argo-cd.strategy" (mergeOverwrite (deepCopy .Values.global.deploymentStrategy) .Values.repoServer.deploymentStrategy) }} + strategy: + {{- trim . | nindent 4 }} + {{- end }} + {{- if not .Values.repoServer.autoscaling.enabled }} + replicas: {{ .Values.repoServer.replicas }} + {{- end }} + revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 6 }} + template: + metadata: + annotations: + checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }} + {{- if .Values.repoServer.certificateSecret.enabled }} + checksum/repo-server-tls: {{ include (print $.Template.BasePath "/argocd-configs/argocd-repo-server-tls-secret.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.configs.cm.create }} + checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.configs.cmp.create }} + checksum/cmp-cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmp-cm.yaml") . | sha256sum }} + {{- end }} + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.repoServer.podAnnotations) }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 8 }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.repoServer.podLabels) }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.repoServer.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} + {{- with .Values.repoServer.imagePullSecrets | default .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.repoServer.priorityClassName | default .Values.global.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + {{- if .Values.repoServer.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.repoServer.terminationGracePeriodSeconds }} + {{- end }} + serviceAccountName: {{ include "argo-cd.repoServer.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.repoServer.automountServiceAccountToken }} + containers: + - name: {{ .Values.repoServer.name }} + image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.repoServer.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.repoServer.image.imagePullPolicy }} + args: + - /usr/local/bin/argocd-repo-server + - --port={{ .Values.repoServer.containerPorts.server }} + - --metrics-port={{ .Values.repoServer.containerPorts.metrics }} + {{- with .Values.repoServer.extraArgs }} + {{- toYaml . | nindent 8 }} + {{- end }} + env: + {{- with (concat .Values.global.env .Values.repoServer.env) }} + {{- toYaml . | nindent 10 }} + {{- end }} + {{- if .Values.openshift.enabled }} + - name: USER_NAME + value: argocd + {{- end }} + - name: ARGOCD_REPO_SERVER_NAME + value: {{ template "argo-cd.repoServer.fullname" . }} + - name: ARGOCD_RECONCILIATION_TIMEOUT + valueFrom: + configMapKeyRef: + name: argocd-cm + key: timeout.reconciliation + optional: true + - name: ARGOCD_REPO_SERVER_LOGFORMAT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: reposerver.log.format + optional: true + - name: ARGOCD_REPO_SERVER_LOGLEVEL + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: reposerver.log.level + optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: log.format.timestamp + optional: true + - name: ARGOCD_REPO_SERVER_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: reposerver.parallelism.limit + optional: true + - name: ARGOCD_REPO_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: reposerver.listen.address + optional: true + - name: ARGOCD_REPO_SERVER_LISTEN_METRICS_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: reposerver.metrics.listen.address + optional: true + - name: ARGOCD_REPO_SERVER_DISABLE_TLS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: reposerver.disable.tls + optional: true + - name: ARGOCD_TLS_MIN_VERSION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: reposerver.tls.minversion + optional: true + - name: ARGOCD_TLS_MAX_VERSION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: reposerver.tls.maxversion + optional: true + - name: ARGOCD_TLS_CIPHERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: reposerver.tls.ciphers + optional: true + - name: ARGOCD_REPO_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: reposerver.repo.cache.expiration + optional: true + - name: REDIS_SERVER + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: redis.server + optional: true + - name: REDIS_COMPRESSION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: redis.compression + optional: true + - name: REDISDB + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: redis.db + optional: true + - name: REDIS_USERNAME + valueFrom: + secretKeyRef: + {{- include "argo-cd.redisUsernameSecretRef" . | nindent 16 }} + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + {{- include "argo-cd.redisPasswordSecretRef" . | nindent 16 }} + - name: REDIS_SENTINEL_USERNAME + valueFrom: + secretKeyRef: + name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + key: redis-sentinel-username + optional: true + - name: REDIS_SENTINEL_PASSWORD + valueFrom: + secretKeyRef: + name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + key: redis-sentinel-password + optional: true + - name: ARGOCD_DEFAULT_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: reposerver.default.cache.expiration + optional: true + - name: ARGOCD_REPO_SERVER_OTLP_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.address + optional: true + - name: ARGOCD_REPO_SERVER_OTLP_INSECURE + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.insecure + optional: true + - name: ARGOCD_REPO_SERVER_OTLP_HEADERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.headers + optional: true + - name: ARGOCD_REPO_SERVER_OTLP_ATTRS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.attrs + optional: true + - name: ARGOCD_REPO_SERVER_MAX_COMBINED_DIRECTORY_MANIFESTS_SIZE + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: reposerver.max.combined.directory.manifests.size + optional: true + - name: ARGOCD_REPO_SERVER_PLUGIN_TAR_EXCLUSIONS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: reposerver.plugin.tar.exclusions + optional: true + - name: ARGOCD_REPO_SERVER_PLUGIN_USE_MANIFEST_GENERATE_PATHS + valueFrom: + configMapKeyRef: + key: reposerver.plugin.use.manifest.generate.paths + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_ALLOW_OUT_OF_BOUNDS_SYMLINKS + valueFrom: + configMapKeyRef: + key: reposerver.allow.oob.symlinks + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_TAR_SIZE + valueFrom: + configMapKeyRef: + key: reposerver.streamed.manifest.max.tar.size + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_EXTRACTED_SIZE + valueFrom: + configMapKeyRef: + key: reposerver.streamed.manifest.max.extracted.size + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_HELM_MANIFEST_MAX_EXTRACTED_SIZE + valueFrom: + configMapKeyRef: + key: reposerver.helm.manifest.max.extracted.size + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_DISABLE_HELM_MANIFEST_MAX_EXTRACTED_SIZE + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: reposerver.disable.helm.manifest.max.extracted.size + optional: true + - name: ARGOCD_GIT_MODULES_ENABLED + valueFrom: + configMapKeyRef: + key: reposerver.enable.git.submodule + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_GIT_LS_REMOTE_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + key: reposerver.git.lsremote.parallelism.limit + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_GIT_REQUEST_TIMEOUT + valueFrom: + configMapKeyRef: + key: reposerver.git.request.timeout + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_OCI_MANIFEST_MAX_EXTRACTED_SIZE + valueFrom: + configMapKeyRef: + key: reposerver.oci.manifest.max.extracted.size + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_DISABLE_OCI_MANIFEST_MAX_EXTRACTED_SIZE + valueFrom: + configMapKeyRef: + key: reposerver.disable.oci.manifest.max.extracted.size + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_OCI_LAYER_MEDIA_TYPES + valueFrom: + configMapKeyRef: + key: reposerver.oci.layer.media.types + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REVISION_CACHE_LOCK_TIMEOUT + valueFrom: + configMapKeyRef: + key: reposerver.revision.cache.lock.timeout + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_INCLUDE_HIDDEN_DIRECTORIES + valueFrom: + configMapKeyRef: + key: reposerver.include.hidden.directories + name: argocd-cmd-params-cm + optional: true + {{- if .Values.repoServer.useEphemeralHelmWorkingDir }} + - name: HELM_CACHE_HOME + value: /helm-working-dir + - name: HELM_CONFIG_HOME + value: /helm-working-dir + - name: HELM_DATA_HOME + value: /helm-working-dir + {{- end }} + {{- with .Values.repoServer.envFrom }} + envFrom: + {{- toYaml . | nindent 10 }} + {{- end }} + volumeMounts: + {{- if .Values.repoServer.volumeMounts }} + {{- toYaml .Values.repoServer.volumeMounts | nindent 8 }} + {{- end }} + - mountPath: /app/config/ssh + name: ssh-known-hosts + - mountPath: /app/config/tls + name: tls-certs + - mountPath: /app/config/gpg/source + name: gpg-keys + - mountPath: /app/config/gpg/keys + name: gpg-keyring + - mountPath: /app/config/reposerver/tls + name: argocd-repo-server-tls + {{- if .Values.repoServer.useEphemeralHelmWorkingDir }} + - mountPath: /helm-working-dir + name: helm-working-dir + {{- end }} + - mountPath: /home/argocd/cmp-server/plugins + name: plugins + - mountPath: /tmp + name: tmp + ports: + - name: repo-server + containerPort: {{ .Values.repoServer.containerPorts.server }} + protocol: TCP + - name: metrics + containerPort: {{ .Values.repoServer.containerPorts.metrics }} + protocol: TCP + livenessProbe: + httpGet: + path: /healthz?full=true + port: metrics + initialDelaySeconds: {{ .Values.repoServer.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.repoServer.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.repoServer.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.repoServer.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.repoServer.livenessProbe.failureThreshold }} + readinessProbe: + httpGet: + path: /healthz + port: metrics + initialDelaySeconds: {{ .Values.repoServer.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.repoServer.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.repoServer.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.repoServer.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.repoServer.readinessProbe.failureThreshold }} + resources: + {{- toYaml .Values.repoServer.resources | nindent 10 }} + {{- with .Values.repoServer.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.repoServer.lifecycle }} + lifecycle: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.repoServer.extraContainers }} + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + initContainers: + - command: + - /bin/cp + - -n + - /usr/local/bin/argocd + - /var/run/argocd/argocd-cmp-server + image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.repoServer.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.repoServer.image.imagePullPolicy }} + name: copyutil + resources: + {{- toYaml (default .Values.repoServer.resources .Values.repoServer.copyutil.resources) | nindent 10 }} + {{- with .Values.repoServer.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + volumeMounts: + - mountPath: /var/run/argocd + name: var-files + {{- with .Values.repoServer.initContainers }} + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.repoServer) }} + affinity: + {{- trim . | nindent 8 }} + {{- end }} + {{- with .Values.repoServer.nodeSelector | default .Values.global.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.repoServer.tolerations | default .Values.global.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.repoServer.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }} + topologySpreadConstraints: + {{- range $constraint := . }} + - {{ toYaml $constraint | nindent 8 | trim }} + {{- if not $constraint.labelSelector }} + labelSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" $ "name" $.Values.repoServer.name) | nindent 12 }} + {{- end }} + {{- end }} + {{- end }} + volumes: + {{- with .Values.repoServer.volumes }} + {{- toYaml . | nindent 6 }} + {{- end }} + {{- if .Values.repoServer.useEphemeralHelmWorkingDir }} + - name: helm-working-dir + {{- if .Values.repoServer.existingVolumes.helmWorkingDir -}} + {{ toYaml .Values.repoServer.existingVolumes.helmWorkingDir | nindent 8 }} + {{- else }} + {{- if .Values.repoServer.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.repoServer.emptyDir.sizeLimit }} + {{- else }} + emptyDir: {} + {{- end }} + {{- end }} + {{- end }} + - name: plugins + {{- if .Values.repoServer.existingVolumes.plugins -}} + {{ toYaml .Values.repoServer.existingVolumes.plugins | nindent 8 }} + {{- else }} + {{- if .Values.repoServer.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.repoServer.emptyDir.sizeLimit }} + {{- else }} + emptyDir: {} + {{- end }} + {{- end }} + - name: var-files + {{- if .Values.repoServer.existingVolumes.varFiles -}} + {{ toYaml .Values.repoServer.existingVolumes.varFiles | nindent 8 }} + {{- else }} + {{- if .Values.repoServer.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.repoServer.emptyDir.sizeLimit }} + {{- else }} + emptyDir: {} + {{- end }} + {{- end }} + - name: tmp + {{- if .Values.repoServer.existingVolumes.tmp -}} + {{ toYaml .Values.repoServer.existingVolumes.tmp | nindent 8 }} + {{- else }} + {{- if .Values.repoServer.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.repoServer.emptyDir.sizeLimit }} + {{- else }} + emptyDir: {} + {{- end }} + {{- end }} + - name: ssh-known-hosts + configMap: + name: argocd-ssh-known-hosts-cm + - name: tls-certs + configMap: + name: argocd-tls-certs-cm + - name: gpg-keys + configMap: + name: argocd-gpg-keys-cm + - name: gpg-keyring + {{- if .Values.repoServer.existingVolumes.gpgKeyring -}} + {{ toYaml .Values.repoServer.existingVolumes.gpgKeyring | nindent 8 }} + {{- else }} + {{- if .Values.repoServer.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.repoServer.emptyDir.sizeLimit }} + {{- else }} + emptyDir: {} + {{- end }} + {{- end }} + - name: argocd-repo-server-tls + secret: + secretName: argocd-repo-server-tls + optional: true + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + {{- if .Values.repoServer.hostNetwork }} + hostNetwork: {{ .Values.repoServer.hostNetwork }} + {{- end }} + {{- with .Values.repoServer.dnsConfig }} + dnsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.repoServer.dnsPolicy }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-repo-server/hpa.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-repo-server/hpa.yaml new file mode 100644 index 0000000..7615a41 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-repo-server/hpa.yaml @@ -0,0 +1,41 @@ +{{- if .Values.repoServer.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "argo-cd.repoServer.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "argo-cd.repoServer.fullname" . }} + minReplicas: {{ .Values.repoServer.autoscaling.minReplicas }} + maxReplicas: {{ .Values.repoServer.autoscaling.maxReplicas }} + metrics: + {{- with .Values.repoServer.autoscaling.metrics }} + {{- toYaml . | nindent 4 }} + {{- else }} + {{- with .Values.repoServer.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ . }} + {{- end }} + {{- with .Values.repoServer.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ . }} + {{- end }} + {{- end }} + {{- with .Values.repoServer.autoscaling.behavior }} + behavior: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-repo-server/metrics.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-repo-server/metrics.yaml new file mode 100644 index 0000000..6ede9dd --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-repo-server/metrics.yaml @@ -0,0 +1,35 @@ +{{- if .Values.repoServer.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "argo-cd.repoServer.fullname" . }}-metrics + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" (printf "%s-metrics" .Values.repoServer.name)) | nindent 4 }} + {{- with .Values.repoServer.metrics.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.repoServer.metrics.service.annotations .Values.global.addPrometheusAnnotations }} + annotations: + {{- if .Values.global.addPrometheusAnnotations }} + prometheus.io/port: {{ .Values.repoServer.metrics.service.servicePort | quote }} + prometheus.io/scrape: "true" + {{- end }} + {{- range $key, $value := .Values.repoServer.metrics.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.repoServer.metrics.service.type }} + {{- if and .Values.repoServer.metrics.service.clusterIP (eq .Values.repoServer.metrics.service.type "ClusterIP") }} + clusterIP: {{ .Values.repoServer.metrics.service.clusterIP }} + {{- end }} + {{- include "argo-cd.dualStack" . | indent 2 }} + ports: + - name: {{ .Values.repoServer.metrics.service.portName }} + protocol: TCP + port: {{ .Values.repoServer.metrics.service.servicePort }} + targetPort: metrics + selector: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 4 }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-repo-server/networkpolicy.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-repo-server/networkpolicy.yaml new file mode 100644 index 0000000..89bdc8f --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-repo-server/networkpolicy.yaml @@ -0,0 +1,38 @@ +{{- if or .Values.repoServer.networkPolicy.create .Values.global.networkPolicy.create }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} + name: {{ template "argo-cd.repoServer.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} +spec: + ingress: + - from: + - podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 10 }} + - podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 10 }} + {{- if .Values.notifications.enabled }} + - podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.notifications.name) | nindent 10 }} + {{- end }} + - podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 10 }} + ports: + - port: repo-server + protocol: TCP + - from: + - namespaceSelector: {} + ports: + - port: metrics + podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 6 }} + policyTypes: + - Ingress +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-repo-server/pdb.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-repo-server/pdb.yaml new file mode 100644 index 0000000..f79af3d --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-repo-server/pdb.yaml @@ -0,0 +1,27 @@ +{{- if .Values.repoServer.pdb.enabled }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "argo-cd.repoServer.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} + {{- with .Values.repoServer.pdb.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.repoServer.pdb.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + {{- with .Values.repoServer.pdb.maxUnavailable }} + maxUnavailable: {{ . }} + {{- else }} + minAvailable: {{ .Values.repoServer.pdb.minAvailable | default 0 }} + {{- end }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 6 }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-repo-server/role.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-repo-server/role.yaml new file mode 100644 index 0000000..596874d --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-repo-server/role.yaml @@ -0,0 +1,13 @@ +{{- if .Values.repoServer.serviceAccount.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "argo-cd.repoServer.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} +rules: +{{- if .Values.repoServer.rbac }} +{{toYaml .Values.repoServer.rbac }} +{{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-repo-server/rolebinding.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-repo-server/rolebinding.yaml new file mode 100644 index 0000000..2bc88b6 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-repo-server/rolebinding.yaml @@ -0,0 +1,17 @@ +{{- if .Values.repoServer.serviceAccount.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "argo-cd.repoServer.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "argo-cd.repoServer.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "argo-cd.repoServer.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-repo-server/service.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-repo-server/service.yaml new file mode 100644 index 0000000..7e20c86 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-repo-server/service.yaml @@ -0,0 +1,28 @@ +apiVersion: v1 +kind: Service +metadata: +{{- if .Values.repoServer.service.annotations }} + annotations: + {{- range $key, $value := .Values.repoServer.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} +{{- with .Values.repoServer.service.labels }} +{{- toYaml . | nindent 4 }} +{{- end }} + name: {{ template "argo-cd.repoServer.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} +spec: + {{- include "argo-cd.dualStack" . | indent 2 }} + ports: + - name: {{ .Values.repoServer.service.portName }} + protocol: TCP + port: {{ .Values.repoServer.service.port }} + targetPort: repo-server + selector: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 4 }} + {{- if .Values.repoServer.service.trafficDistribution }} + trafficDistribution: {{ .Values.repoServer.service.trafficDistribution }} + {{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-repo-server/serviceaccount.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-repo-server/serviceaccount.yaml new file mode 100644 index 0000000..9b5777f --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-repo-server/serviceaccount.yaml @@ -0,0 +1,19 @@ +{{- if .Values.repoServer.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.repoServer.serviceAccount.automountServiceAccountToken }} +metadata: + name: {{ include "argo-cd.repoServer.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} + {{- with .Values.repoServer.serviceAccount.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} + {{- with .Values.repoServer.serviceAccount.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-repo-server/servicemonitor.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-repo-server/servicemonitor.yaml new file mode 100644 index 0000000..3d7cc49 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-repo-server/servicemonitor.yaml @@ -0,0 +1,51 @@ +{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.repoServer.metrics.enabled .Values.repoServer.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "argo-cd.repoServer.fullname" . }} + namespace: {{ default (include "argo-cd.namespace" .) .Values.repoServer.metrics.serviceMonitor.namespace | quote }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} + {{- with .Values.repoServer.metrics.serviceMonitor.selector }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.repoServer.metrics.serviceMonitor.additionalLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.repoServer.metrics.serviceMonitor.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + endpoints: + - port: {{ .Values.repoServer.metrics.service.portName }} + {{- with .Values.repoServer.metrics.serviceMonitor.interval }} + interval: {{ . }} + {{- end }} + {{- with .Values.repoServer.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ . }} + {{- end }} + path: /metrics + {{- with .Values.repoServer.metrics.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.repoServer.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + honorLabels: {{ .Values.repoServer.metrics.serviceMonitor.honorLabels }} + {{- with .Values.repoServer.metrics.serviceMonitor.scheme }} + scheme: {{ . }} + {{- end }} + {{- with .Values.repoServer.metrics.serviceMonitor.tlsConfig }} + tlsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ include "argo-cd.namespace" . }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.repoServer.name "name" (printf "%s-metrics" .Values.repoServer.name)) | nindent 6 }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-server/aws/ingress.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-server/aws/ingress.yaml new file mode 100644 index 0000000..46d24d3 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-server/aws/ingress.yaml @@ -0,0 +1,71 @@ +{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "aws") }} +{{- $insecure := index .Values.configs.params "server.insecure" | toString -}} +{{- $servicePort := eq $insecure "true" | ternary .Values.server.service.servicePortHttp .Values.server.service.servicePortHttps -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + {{- with .Values.server.ingress.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + annotations: + alb.ingress.kubernetes.io/conditions.{{ include "argo-cd.server.fullname" . }}-grpc: | + [{"field":"http-header","httpHeaderConfig":{"httpHeaderName": "Content-Type", "values":["application/grpc"]}}] + {{- range $key, $value := .Values.server.ingress.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + {{- with .Values.server.ingress.ingressClassName }} + ingressClassName: {{ . }} + {{- end }} + rules: + - host: {{ .Values.server.ingress.hostname | default .Values.global.domain }} + http: + paths: + {{- with .Values.server.ingress.extraPaths }} + {{- tpl (toYaml .) $ | nindent 10 }} + {{- end }} + - path: {{ .Values.server.ingress.path }} + pathType: {{ $.Values.server.ingressGrpc.pathType }} + backend: + service: + name: {{ include "argo-cd.server.fullname" $ }}-grpc + port: + number: {{ $servicePort }} + - path: {{ .Values.server.ingress.path }} + pathType: {{ $.Values.server.ingress.pathType }} + backend: + service: + name: {{ include "argo-cd.server.fullname" . }} + port: + number: {{ $servicePort }} + {{- range .Values.server.ingress.extraHosts }} + - host: {{ .name | quote }} + http: + paths: + - path: {{ default $.Values.server.ingress.path .path }} + pathType: {{ default $.Values.server.ingress.pathType .pathType }} + backend: + service: + name: {{ include "argo-cd.server.fullname" $ }} + port: + number: {{ $servicePort }} + {{- end }} + {{- with .Values.server.ingress.extraRules }} + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} + {{- if or .Values.server.ingress.tls .Values.server.ingress.extraTls }} + tls: + {{- if .Values.server.ingress.tls }} + - hosts: + - {{ .Values.server.ingress.hostname | default .Values.global.domain }} + secretName: argocd-server-tls + {{- end }} + {{- with .Values.server.ingress.extraTls }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-server/aws/service.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-server/aws/service.yaml new file mode 100644 index 0000000..0e9de75 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-server/aws/service.yaml @@ -0,0 +1,26 @@ +{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "aws") }} +apiVersion: v1 +kind: Service +metadata: + annotations: + alb.ingress.kubernetes.io/backend-protocol-version: {{ .Values.server.ingress.aws.backendProtocolVersion }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" (print .Values.server.name "-gprc") "name" (print .Values.server.name "-grpc")) | nindent 4 }} + name: {{ template "argo-cd.server.fullname" . }}-grpc + namespace: {{ include "argo-cd.namespace" . }} +spec: + {{- include "argo-cd.dualStack" . | indent 2 }} + ports: + - name: {{ .Values.server.service.servicePortHttpName }} + protocol: TCP + port: {{ .Values.server.service.servicePortHttp }} + targetPort: {{ .Values.server.containerPorts.server }} + - name: {{ .Values.server.service.servicePortHttpsName }} + protocol: TCP + port: {{ .Values.server.service.servicePortHttps }} + targetPort: {{ .Values.server.containerPorts.server }} + selector: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }} + sessionAffinity: None + type: {{ .Values.server.ingress.aws.serviceType }} +{{- end -}} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-server/backendtlspolicy.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-server/backendtlspolicy.yaml new file mode 100644 index 0000000..7adc7f0 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-server/backendtlspolicy.yaml @@ -0,0 +1,26 @@ +{{- if .Values.server.backendTLSPolicy.enabled -}} +{{- $fullName := include "argo-cd.server.fullname" . -}} +apiVersion: gateway.networking.k8s.io/v1alpha3 +kind: BackendTLSPolicy +metadata: + name: {{ $fullName }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + {{- with .Values.server.backendTLSPolicy.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.server.backendTLSPolicy.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + targetRefs: + {{- with .Values.server.backendTLSPolicy.targetRefs }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.server.backendTLSPolicy.validation }} + validation: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-server/certificate.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-server/certificate.yaml new file mode 100644 index 0000000..a986213 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-server/certificate.yaml @@ -0,0 +1,50 @@ +{{- if .Values.server.certificate.enabled -}} +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.certificateAnnotations) .Values.server.certificate.annotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +spec: + {{- with .Values.server.certificate.secretTemplateAnnotations }} + secretTemplate: + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + secretName: argocd-server-tls + commonName: {{ .Values.server.certificate.domain | default .Values.global.domain }} + dnsNames: + - {{ .Values.server.certificate.domain | default .Values.global.domain }} + {{- range .Values.server.certificate.additionalHosts }} + - {{ . | quote }} + {{- end }} + {{- with .Values.server.certificate.duration }} + duration: {{ . | quote }} + {{- end }} + {{- with .Values.server.certificate.renewBefore }} + renewBefore: {{ . | quote }} + {{- end }} + issuerRef: + {{- with .Values.server.certificate.issuer.group }} + group: {{ . | quote }} + {{- end }} + kind: {{ .Values.server.certificate.issuer.kind | quote }} + name: {{ .Values.server.certificate.issuer.name | quote }} + {{- with .Values.server.certificate.privateKey }} + privateKey: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.server.certificate.usages }} + usages: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-server/clusterrole.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-server/clusterrole.yaml new file mode 100644 index 0000000..1bc9aed --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-server/clusterrole.yaml @@ -0,0 +1,78 @@ +{{- if .Values.createClusterRoles }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "argo-cd.server.fullname" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +rules: + {{- if .Values.server.clusterRoleRules.enabled }} + {{- toYaml .Values.server.clusterRoleRules.rules | nindent 2 }} + {{- else }} + - apiGroups: + - '*' + resources: + - '*' + verbs: + - delete # supports deletion a live object in UI + - get # supports viewing live object manifest in UI + - patch # supports `argocd app patch` + - apiGroups: + - "" + resources: + - events + verbs: + - list # supports listing events in UI + - create + - apiGroups: + - "" + resources: + - pods + - pods/log + verbs: + - get # supports viewing pod logs from UI + {{- if eq (toString (index .Values.configs.cm "exec.enabled")) "true" }} + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - create + {{- end }} + - apiGroups: + - argoproj.io + resources: + - applications + - applicationsets + verbs: + - get + - list + - update + - watch + {{- if (index .Values.configs.params "application.namespaces") }} + - apiGroups: + - "argoproj.io" + resources: + - "applications" + verbs: + - create + - delete + - update + - patch + {{- end }} + - apiGroups: + - batch + resources: + {{/* supports triggering jobs from UI */}} + - jobs + verbs: + - create + - apiGroups: + - argoproj.io + resources: + - workflows + verbs: + {{/* supports triggering workflows from UI */}} + - create + {{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-server/clusterrolebinding.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-server/clusterrolebinding.yaml new file mode 100644 index 0000000..ce4a4d7 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-server/clusterrolebinding.yaml @@ -0,0 +1,16 @@ +{{- if .Values.createClusterRoles }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "argo-cd.server.fullname" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "argo-cd.server.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "argo-cd.server.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-server/deployment.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-server/deployment.yaml new file mode 100644 index 0000000..0edd412 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-server/deployment.yaml @@ -0,0 +1,575 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.server.deploymentAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + name: {{ template "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentLabels) .Values.server.deploymentLabels) }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- with include "argo-cd.strategy" (mergeOverwrite (deepCopy .Values.global.deploymentStrategy) .Values.server.deploymentStrategy) }} + strategy: + {{- trim . | nindent 4 }} + {{- end }} + {{- if not .Values.server.autoscaling.enabled }} + replicas: {{ .Values.server.replicas }} + {{- end }} + revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 6 }} + template: + metadata: + annotations: + checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }} + {{- if .Values.configs.cm.create }} + checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }} + {{- end }} + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.server.podAnnotations) }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 8 }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.server.podLabels) }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.server.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} + {{- with .Values.server.imagePullSecrets | default .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.server.priorityClassName | default .Values.global.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + {{- if .Values.server.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }} + {{- end }} + serviceAccountName: {{ include "argo-cd.server.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.server.automountServiceAccountToken }} + containers: + - name: {{ .Values.server.name }} + image: {{ default .Values.global.image.repository .Values.server.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.server.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.server.image.imagePullPolicy }} + args: + - /usr/local/bin/argocd-server + - --port={{ .Values.server.containerPorts.server }} + - --metrics-port={{ .Values.server.containerPorts.metrics }} + {{- with .Values.server.extraArgs }} + {{- toYaml . | nindent 8 }} + {{- end }} + env: + {{- with (concat .Values.global.env .Values.server.env) }} + {{- toYaml . | nindent 10 }} + {{- end }} + - name: ARGOCD_SERVER_NAME + value: {{ template "argo-cd.server.fullname" . }} + - name: ARGOCD_SERVER_INSECURE + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.insecure + optional: true + - name: ARGOCD_SERVER_BASEHREF + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.basehref + optional: true + - name: ARGOCD_SERVER_ROOTPATH + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.rootpath + optional: true + - name: ARGOCD_SERVER_LOGFORMAT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.log.format + optional: true + - name: ARGOCD_SERVER_LOG_LEVEL + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.log.level + optional: true + - name: ARGOCD_SERVER_REPO_SERVER + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: repo.server + optional: true + - name: ARGOCD_SERVER_DEX_SERVER + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.dex.server + optional: true + - name: ARGOCD_SERVER_DISABLE_AUTH + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.disable.auth + optional: true + - name: ARGOCD_SERVER_ENABLE_GZIP + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.enable.gzip + optional: true + - name: ARGOCD_SERVER_REPO_SERVER_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.repo.server.timeout.seconds + optional: true + - name: ARGOCD_SERVER_X_FRAME_OPTIONS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.x.frame.options + optional: true + - name: ARGOCD_SERVER_CONTENT_SECURITY_POLICY + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.content.security.policy + optional: true + - name: ARGOCD_SERVER_REPO_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.repo.server.plaintext + optional: true + - name: ARGOCD_SERVER_REPO_SERVER_STRICT_TLS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.repo.server.strict.tls + optional: true + - name: ARGOCD_SERVER_DEX_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.dex.server.plaintext + optional: true + - name: ARGOCD_SERVER_DEX_SERVER_STRICT_TLS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.dex.server.strict.tls + optional: true + - name: ARGOCD_TLS_MIN_VERSION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.tls.minversion + optional: true + - name: ARGOCD_TLS_MAX_VERSION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.tls.maxversion + optional: true + - name: ARGOCD_TLS_CIPHERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.tls.ciphers + optional: true + - name: ARGOCD_SERVER_CONNECTION_STATUS_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.connection.status.cache.expiration + optional: true + - name: ARGOCD_SERVER_OIDC_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.oidc.cache.expiration + optional: true + - name: ARGOCD_SERVER_STATIC_ASSETS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.staticassets + optional: true + - name: ARGOCD_APP_STATE_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.app.state.cache.expiration + optional: true + - name: REDIS_SERVER + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: redis.server + optional: true + - name: REDIS_COMPRESSION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: redis.compression + optional: true + - name: REDISDB + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: redis.db + optional: true + - name: REDIS_USERNAME + valueFrom: + secretKeyRef: + {{- include "argo-cd.redisUsernameSecretRef" . | nindent 16 }} + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + {{- include "argo-cd.redisPasswordSecretRef" . | nindent 16 }} + - name: REDIS_SENTINEL_USERNAME + valueFrom: + secretKeyRef: + name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + key: redis-sentinel-username + optional: true + - name: REDIS_SENTINEL_PASSWORD + valueFrom: + secretKeyRef: + name: {{ default (include "argo-cd.redis.fullname" .) .Values.externalRedis.existingSecret }} + key: redis-sentinel-password + optional: true + - name: ARGOCD_DEFAULT_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.default.cache.expiration + optional: true + - name: ARGOCD_MAX_COOKIE_NUMBER + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.http.cookie.maxnumber + optional: true + - name: ARGOCD_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.listen.address + optional: true + - name: ARGOCD_SERVER_METRICS_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.metrics.listen.address + optional: true + - name: ARGOCD_SERVER_OTLP_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.address + optional: true + - name: ARGOCD_SERVER_OTLP_INSECURE + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.insecure + optional: true + - name: ARGOCD_SERVER_OTLP_HEADERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.headers + optional: true + - name: ARGOCD_SERVER_OTLP_ATTRS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.attrs + optional: true + - name: ARGOCD_APPLICATION_NAMESPACES + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: application.namespaces + optional: true + - name: ARGOCD_SERVER_ENABLE_PROXY_EXTENSION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.enable.proxy.extension + optional: true + - name: ARGOCD_K8SCLIENT_RETRY_MAX + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.k8sclient.retry.max + optional: true + - name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.k8sclient.retry.base.backoff + optional: true + - name: ARGOCD_API_CONTENT_TYPES + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.api.content.types + optional: true + - name: ARGOCD_SERVER_WEBHOOK_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.webhook.parallelism.limit + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.new.git.file.globbing + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.scm.root.ca.path + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.allowed.scm.providers + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.enable.scm.providers + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_GITHUB_API_METRICS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: applicationsetcontroller.enable.github.api.metrics + optional: true + - name: ARGOCD_HYDRATOR_ENABLED + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: hydrator.enabled + optional: true + - name: ARGOCD_SYNC_WITH_REPLACE_ALLOWED + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.sync.replace.allowed + optional: true + {{- with .Values.server.envFrom }} + envFrom: + {{- toYaml . | nindent 10 }} + {{- end }} + volumeMounts: + {{- with .Values.server.volumeMounts }} + {{- toYaml . | nindent 8 }} + {{- end }} + - mountPath: /app/config/ssh + name: ssh-known-hosts + - mountPath: /app/config/tls + name: tls-certs + - mountPath: /app/config/server/tls + name: argocd-repo-server-tls + - mountPath: /app/config/dex/tls + name: argocd-dex-server-tls + - mountPath: /home/argocd + name: plugins-home + - mountPath: /shared/app/custom + name: styles + - mountPath: /tmp + name: tmp + - name: argocd-cmd-params-cm + mountPath: /home/argocd/params + {{- if .Values.server.extensions.enabled }} + - mountPath: /tmp/extensions + name: extensions + {{- end }} + ports: + - name: server + containerPort: {{ .Values.server.containerPorts.server }} + protocol: TCP + - name: metrics + containerPort: {{ .Values.server.containerPorts.metrics }} + protocol: TCP + livenessProbe: + httpGet: + path: /healthz?full=true + port: server + initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.server.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }} + readinessProbe: + httpGet: + path: /healthz + port: server + initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.server.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }} + resources: + {{- toYaml .Values.server.resources | nindent 10 }} + {{- with .Values.server.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.server.lifecycle }} + lifecycle: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.server.extraContainers }} + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + {{- if or .Values.server.initContainers (and .Values.server.extensions.enabled .Values.server.extensions.extensionList) }} + initContainers: + {{- with .Values.server.initContainers }} + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + {{- if .Values.server.extensions.enabled }} + {{- range .Values.server.extensions.extensionList }} + - name: {{ .name }} + image: {{ $.Values.server.extensions.image.repository }}:{{ $.Values.server.extensions.image.tag }} + imagePullPolicy: {{ default $.Values.global.image.imagePullPolicy $.Values.server.extensions.image.imagePullPolicy }} + resources: + {{- toYaml $.Values.server.extensions.resources | nindent 10 }} + {{- with $.Values.server.extensions.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + volumeMounts: + - name: extensions + mountPath: /tmp/extensions/ + - name: tmp + mountPath: /tmp + env: + {{- toYaml .env | nindent 10 }} + {{- end }} + {{- end }} + {{- end }} + {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.server) }} + affinity: + {{- trim . | nindent 8 }} + {{- end }} + {{- with .Values.server.nodeSelector | default .Values.global.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.server.tolerations | default .Values.global.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.server.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }} + topologySpreadConstraints: + {{- range $constraint := . }} + - {{ toYaml $constraint | nindent 8 | trim }} + {{- if not $constraint.labelSelector }} + labelSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" $ "name" $.Values.server.name) | nindent 12 }} + {{- end }} + {{- end }} + {{- end }} + volumes: + {{- with .Values.server.volumes }} + {{- toYaml . | nindent 6}} + {{- end }} + {{- if .Values.server.extensions.enabled }} + - name: extensions + {{- if .Values.server.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.server.emptyDir.sizeLimit }} + {{- else }} + emptyDir: {} + {{- end }} + {{- end }} + - name: plugins-home + {{- if .Values.server.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.server.emptyDir.sizeLimit }} + {{- else }} + emptyDir: {} + {{- end }} + - name: tmp + {{- if .Values.server.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.server.emptyDir.sizeLimit }} + {{- else }} + emptyDir: {} + {{- end }} + - name: ssh-known-hosts + configMap: + name: argocd-ssh-known-hosts-cm + - name: tls-certs + configMap: + name: argocd-tls-certs-cm + - name: styles + configMap: + name: argocd-styles-cm + optional: true + - name: argocd-repo-server-tls + secret: + secretName: argocd-repo-server-tls + optional: true + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + - name: argocd-dex-server-tls + secret: + secretName: argocd-dex-server-tls + optional: true + items: + - key: tls.crt + path: tls.crt + - key: ca.crt + path: ca.crt + - name: argocd-cmd-params-cm + configMap: + optional: true + name: argocd-cmd-params-cm + items: + - key: server.profile.enabled + path: profiler.enabled + {{- if .Values.server.hostNetwork }} + hostNetwork: {{ .Values.server.hostNetwork }} + {{- end }} + {{- with .Values.server.dnsConfig }} + dnsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.server.dnsPolicy }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-server/gke/backendconfig.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-server/gke/backendconfig.yaml new file mode 100644 index 0000000..515e6d7 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-server/gke/backendconfig.yaml @@ -0,0 +1,13 @@ +{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "gke") .Values.server.ingress.gke.backendConfig }} +apiVersion: cloud.google.com/v1 +kind: BackendConfig +metadata: + name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +{{- with .Values.server.ingress.gke.backendConfig }} +spec: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-server/gke/frontendconfig.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-server/gke/frontendconfig.yaml new file mode 100644 index 0000000..ae460a3 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-server/gke/frontendconfig.yaml @@ -0,0 +1,13 @@ +{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "gke") .Values.server.ingress.gke.frontendConfig }} +apiVersion: networking.gke.io/v1beta1 +kind: FrontendConfig +metadata: + name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +{{- with .Values.server.ingress.gke.frontendConfig }} +spec: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-server/gke/ingress.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-server/gke/ingress.yaml new file mode 100644 index 0000000..235c8a5 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-server/gke/ingress.yaml @@ -0,0 +1,68 @@ +{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "gke") }} +{{- $insecure := index .Values.configs.params "server.insecure" | toString -}} +{{- $servicePort := eq $insecure "true" | ternary .Values.server.service.servicePortHttp .Values.server.service.servicePortHttps -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + {{- with .Values.server.ingress.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + annotations: + {{- with .Values.server.ingress.ingressClassName }} + kubernetes.io/ingress.class: {{ . }} + {{- end }} + {{- if .Values.server.ingress.gke.managedCertificate.create }} + networking.gke.io/managed-certificates: {{ include "argo-cd.server.fullname" . }} + {{- end }} + {{- if .Values.server.ingress.gke.frontendConfig }} + networking.gke.io/v1beta1.FrontendConfig: {{ include "argo-cd.server.fullname" . }} + {{- end }} + {{- range $key, $value := .Values.server.ingress.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + rules: + - host: {{ .Values.server.ingress.hostname | default .Values.global.domain }} + http: + paths: + {{- with .Values.server.ingress.extraPaths }} + {{- tpl (toYaml .) $ | nindent 10 }} + {{- end }} + - path: {{ .Values.server.ingress.path }} + pathType: {{ .Values.server.ingress.pathType }} + backend: + service: + name: {{ include "argo-cd.server.fullname" . }} + port: + number: {{ $servicePort }} + {{- range .Values.server.ingress.extraHosts }} + - host: {{ .name | quote }} + http: + paths: + - path: {{ default $.Values.server.ingress.path .path }} + pathType: {{ default $.Values.server.ingress.pathType .pathType }} + backend: + service: + name: {{ include "argo-cd.server.fullname" $ }} + port: + number: {{ $servicePort }} + {{- end }} + {{- with .Values.server.ingress.extraRules }} + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} + {{- if or .Values.server.ingress.tls .Values.server.ingress.extraTls }} + tls: + {{- if .Values.server.ingress.tls }} + - hosts: + - {{ .Values.server.ingress.hostname | default .Values.global.domain }} + secretName: argocd-server-tls + {{- end }} + {{- with .Values.server.ingress.extraTls }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-server/gke/managedcertificate.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-server/gke/managedcertificate.yaml new file mode 100644 index 0000000..2dd6f5e --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-server/gke/managedcertificate.yaml @@ -0,0 +1,15 @@ +{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "gke") .Values.server.ingress.gke.managedCertificate.create }} +apiVersion: networking.gke.io/v1 +kind: ManagedCertificate +metadata: + name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +spec: + domains: + - {{ .Values.server.ingress.hostname | default .Values.global.domain }} + {{- with .Values.server.ingress.gke.managedCertificate.extraDomains }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-server/grpcroute.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-server/grpcroute.yaml new file mode 100644 index 0000000..a88537f --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-server/grpcroute.yaml @@ -0,0 +1,43 @@ +{{- if .Values.server.grpcroute.enabled -}} +{{- $fullName := include "argo-cd.server.fullname" . -}} +{{- $insecure := index .Values.configs.params "server.insecure" | toString -}} +{{- $servicePort := eq $insecure "true" | ternary .Values.server.service.servicePortHttp .Values.server.service.servicePortHttps -}} +apiVersion: gateway.networking.k8s.io/v1 +kind: GRPCRoute +metadata: + name: {{ $fullName }}-grpc + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + {{- with .Values.server.grpcroute.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.server.grpcroute.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + parentRefs: + {{- with .Values.server.grpcroute.parentRefs }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.server.grpcroute.hostnames }} + hostnames: + {{- toYaml . | nindent 4 }} + {{- end }} + rules: + {{- range .Values.server.grpcroute.rules }} + {{- with .matches }} + - matches: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .filters }} + filters: + {{- toYaml . | nindent 8 }} + {{- end }} + backendRefs: + - name: {{ $fullName }} + port: {{ $servicePort }} + weight: 1 + {{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-server/hpa.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-server/hpa.yaml new file mode 100644 index 0000000..51fe559 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-server/hpa.yaml @@ -0,0 +1,41 @@ +{{- if .Values.server.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "argo-cd.server.fullname" . }} + minReplicas: {{ .Values.server.autoscaling.minReplicas }} + maxReplicas: {{ .Values.server.autoscaling.maxReplicas }} + metrics: + {{- with .Values.server.autoscaling.metrics }} + {{- toYaml . | nindent 4 }} + {{- else }} + {{- with .Values.server.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ . }} + {{- end }} + {{- with .Values.server.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ . }} + {{- end }} + {{- end }} + {{- with .Values.server.autoscaling.behavior }} + behavior: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-server/httproute.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-server/httproute.yaml new file mode 100644 index 0000000..ca30f91 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-server/httproute.yaml @@ -0,0 +1,43 @@ +{{- if .Values.server.httproute.enabled -}} +{{- $fullName := include "argo-cd.server.fullname" . -}} +{{- $insecure := index .Values.configs.params "server.insecure" | toString -}} +{{- $servicePort := eq $insecure "true" | ternary .Values.server.service.servicePortHttp .Values.server.service.servicePortHttps -}} +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: {{ $fullName }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + {{- with .Values.server.httproute.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.server.httproute.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + parentRefs: + {{- with .Values.server.httproute.parentRefs }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.server.httproute.hostnames }} + hostnames: + {{- toYaml . | nindent 4 }} + {{- end }} + rules: + {{- range .Values.server.httproute.rules }} + {{- with .matches }} + - matches: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .filters }} + filters: + {{- toYaml . | nindent 8 }} + {{- end }} + backendRefs: + - name: {{ $fullName }} + port: {{ $servicePort }} + weight: 1 + {{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-server/ingress-grpc.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-server/ingress-grpc.yaml new file mode 100644 index 0000000..3ad5a51 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-server/ingress-grpc.yaml @@ -0,0 +1,63 @@ +{{- if .Values.server.ingressGrpc.enabled -}} +{{- $hostname := printf "grpc.%s" (.Values.server.ingress.hostname | default .Values.global.domain) -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "argo-cd.server.fullname" . }}-grpc + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + {{- with .Values.server.ingressGrpc.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.server.ingressGrpc.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + {{- with .Values.server.ingressGrpc.ingressClassName }} + ingressClassName: {{ . }} + {{- end }} + rules: + - host: {{ .Values.server.ingressGrpc.hostname | default $hostname }} + http: + paths: + {{- with .Values.server.ingressGrpc.extraPaths }} + {{- tpl (toYaml .) $ | nindent 10 }} + {{- end }} + - path: {{ .Values.server.ingressGrpc.path }} + pathType: {{ .Values.server.ingressGrpc.pathType }} + backend: + service: + name: {{ include "argo-cd.server.fullname" . }} + port: + number: {{ .Values.server.service.servicePortHttps }} + {{- range .Values.server.ingressGrpc.extraHosts }} + - host: {{ .name | quote }} + http: + paths: + - path: {{ default $.Values.server.ingressGrpc.path .path }} + pathType: {{ default $.Values.server.ingressGrpc.pathType .pathType }} + backend: + service: + name: {{ include "argo-cd.server.fullname" $ }} + port: + number: {{ $.Values.server.service.servicePortHttps }} + {{- end }} + {{- with .Values.server.ingressGrpc.extraRules }} + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} + {{- if or .Values.server.ingressGrpc.tls .Values.server.ingressGrpc.extraTls }} + tls: + {{- if .Values.server.ingressGrpc.tls }} + - hosts: + - {{ .Values.server.ingressGrpc.hostname | default $hostname }} + secretName: argocd-server-grpc-tls + {{- end }} + {{- with .Values.server.ingressGrpc.extraTls }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-server/ingress.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-server/ingress.yaml new file mode 100644 index 0000000..8724baa --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-server/ingress.yaml @@ -0,0 +1,69 @@ +{{- if and .Values.server.ingress.enabled (eq .Values.server.ingress.controller "generic") }} +{{- $insecure := index .Values.configs.params "server.insecure" | toString -}} +{{- $servicePort := eq $insecure "true" | ternary .Values.server.service.servicePortHttp .Values.server.service.servicePortHttps -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + {{- with .Values.server.ingress.labels }} + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} + {{- with .Values.server.ingress.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ tpl (toString $value) $ | quote }} + {{- end }} + {{- end }} +spec: + {{- with .Values.server.ingress.ingressClassName }} + ingressClassName: {{ tpl . $ }} + {{- end }} + rules: + - host: {{ tpl (.Values.server.ingress.hostname) $ | default .Values.global.domain }} + http: + paths: + {{- with .Values.server.ingress.extraPaths }} + {{- tpl (toYaml .) $ | nindent 10 }} + {{- end }} + - path: {{ .Values.server.ingress.path }} + pathType: {{ $.Values.server.ingress.pathType }} + backend: + service: + name: {{ include "argo-cd.server.fullname" . }} + port: + number: {{ $servicePort }} + {{- range .Values.server.ingress.extraHosts }} + - host: {{ tpl .name $ | quote }} + http: + paths: + - path: {{ default $.Values.server.ingress.path .path }} + pathType: {{ default $.Values.server.ingress.pathType .pathType }} + backend: + service: + name: {{ include "argo-cd.server.fullname" $ }} + port: + number: {{ $servicePort }} + {{- end }} + {{- with .Values.server.ingress.extraRules }} + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} + {{- if or .Values.server.ingress.tls .Values.server.ingress.extraTls }} + tls: + {{- if .Values.server.ingress.tls }} + - hosts: + - {{ tpl (.Values.server.ingress.hostname) $ | default .Values.global.domain }} + {{- range .Values.server.ingress.extraHosts }} + {{- if .name }} + - {{ tpl .name $ }} + {{- end }} + {{- end }} + secretName: argocd-server-tls + {{- end }} + {{- with .Values.server.ingress.extraTls }} + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-server/metrics.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-server/metrics.yaml new file mode 100644 index 0000000..d08dbae --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-server/metrics.yaml @@ -0,0 +1,35 @@ +{{- if .Values.server.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "argo-cd.server.fullname" . }}-metrics + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" (printf "%s-metrics" .Values.server.name)) | nindent 4 }} + {{- with .Values.server.metrics.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.server.metrics.service.annotations .Values.global.addPrometheusAnnotations }} + annotations: + {{- if .Values.global.addPrometheusAnnotations }} + prometheus.io/port: {{ .Values.server.metrics.service.servicePort | quote }} + prometheus.io/scrape: "true" + {{- end }} + {{- range $key, $value := .Values.server.metrics.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.server.metrics.service.type }} + {{- if and .Values.server.metrics.service.clusterIP (eq .Values.server.metrics.service.type "ClusterIP") }} + clusterIP: {{ .Values.server.metrics.service.clusterIP }} + {{- end }} + {{- include "argo-cd.dualStack" . | indent 2 }} + ports: + - name: {{ .Values.server.metrics.service.portName }} + protocol: TCP + port: {{ .Values.server.metrics.service.servicePort }} + targetPort: metrics + selector: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-server/networkpolicy.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-server/networkpolicy.yaml new file mode 100644 index 0000000..3234d5a --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-server/networkpolicy.yaml @@ -0,0 +1,17 @@ +{{- if or .Values.server.networkPolicy.create .Values.global.networkPolicy.create }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + name: {{ template "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} +spec: + ingress: + - {} + podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 6 }} + policyTypes: + - Ingress +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-server/openshift/route.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-server/openshift/route.yaml new file mode 100644 index 0000000..b018f72 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-server/openshift/route.yaml @@ -0,0 +1,27 @@ +{{- if .Values.server.route.enabled -}} +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: {{ template "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +{{- with .Values.server.route.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- end }} +spec: + host: {{ .Values.server.route.hostname | default .Values.global.domain | quote }} + to: + kind: Service + name: {{ template "argo-cd.server.fullname" . }} + weight: 100 + port: + targetPort: https + tls: + termination: {{ .Values.server.route.termination_type | quote }} + insecureEdgeTerminationPolicy: {{ .Values.server.route.termination_policy | quote }} + wildcardPolicy: None +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-server/pdb.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-server/pdb.yaml new file mode 100644 index 0000000..6bc9330 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-server/pdb.yaml @@ -0,0 +1,27 @@ +{{- if .Values.server.pdb.enabled }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + {{- with .Values.server.pdb.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.server.pdb.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + {{- with .Values.server.pdb.maxUnavailable }} + maxUnavailable: {{ . }} + {{- else }} + minAvailable: {{ .Values.server.pdb.minAvailable | default 0 }} + {{- end }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 6 }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-server/role.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-server/role.yaml new file mode 100644 index 0000000..8d12e30 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-server/role.yaml @@ -0,0 +1,50 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - argoproj.io + resources: + - applications + - applicationsets + - appprojects + verbs: + - create + - get + - list + - watch + - update + - delete + - patch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - list +{{- if eq (toString (index .Values.configs.cm "exec.enabled")) "true" }} +- apiGroups: + - "" + resources: + - pods/exec + verbs: + - create +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-server/rolebinding.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-server/rolebinding.yaml new file mode 100644 index 0000000..4d635aa --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-server/rolebinding.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "argo-cd.server.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "argo-cd.server.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-server/service.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-server/service.yaml new file mode 100644 index 0000000..86f8abb --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-server/service.yaml @@ -0,0 +1,59 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + {{- with .Values.server.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.server.service.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.server.service.type }} + {{- include "argo-cd.dualStack" . | indent 2 }} + {{- with .Values.server.service.externalIPs }} + externalIPs: {{ . }} + {{- end }} + {{- if or (eq .Values.server.service.type "LoadBalancer") (eq .Values.server.service.type "NodePort") }} + externalTrafficPolicy: {{ .Values.server.service.externalTrafficPolicy }} + {{- end }} + {{- if eq .Values.server.service.type "LoadBalancer" }} + {{- with .Values.server.service.loadBalancerClass }} + loadBalancerClass: {{ . }} + {{- end }} + {{- with .Values.server.service.loadBalancerIP }} + loadBalancerIP: {{ . }} + {{- end }} + {{- with .Values.server.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} + sessionAffinity: {{ .Values.server.service.sessionAffinity }} + ports: + - name: {{ .Values.server.service.servicePortHttpName }} + protocol: TCP + port: {{ .Values.server.service.servicePortHttp }} + targetPort: {{ .Values.server.containerPorts.server }} + {{- if eq .Values.server.service.type "NodePort" }} + nodePort: {{ .Values.server.service.nodePortHttp }} + {{- end }} + - name: {{ .Values.server.service.servicePortHttpsName }} + protocol: TCP + port: {{ .Values.server.service.servicePortHttps }} + targetPort: {{ .Values.server.containerPorts.server }} + {{- if eq .Values.server.service.type "NodePort" }} + nodePort: {{ .Values.server.service.nodePortHttps }} + {{- end }} + {{- with .Values.server.service.servicePortHttpsAppProtocol }} + appProtocol: {{ . }} + {{- end }} + selector: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }} + diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-server/serviceaccount.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-server/serviceaccount.yaml new file mode 100644 index 0000000..9789e1d --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-server/serviceaccount.yaml @@ -0,0 +1,19 @@ +{{- if .Values.server.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.server.serviceAccount.automountServiceAccountToken }} +metadata: + name: {{ include "argo-cd.server.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} + {{- with .Values.server.serviceAccount.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + {{- with .Values.server.serviceAccount.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/argocd-server/servicemonitor.yaml b/astroshop-platform/argocd-helmchart/templates/argocd-server/servicemonitor.yaml new file mode 100644 index 0000000..49c2413 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/argocd-server/servicemonitor.yaml @@ -0,0 +1,51 @@ +{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.server.metrics.enabled .Values.server.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "argo-cd.server.fullname" . }} + namespace: {{ default (include "argo-cd.namespace" .) .Values.server.metrics.serviceMonitor.namespace | quote }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + {{- with .Values.server.metrics.serviceMonitor.selector }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.server.metrics.serviceMonitor.additionalLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.server.metrics.serviceMonitor.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + endpoints: + - port: {{ .Values.server.metrics.service.portName }} + {{- with .Values.server.metrics.serviceMonitor.interval }} + interval: {{ . }} + {{- end }} + {{- with .Values.server.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ . }} + {{- end }} + path: /metrics + {{- with .Values.server.metrics.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.server.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + honorLabels: {{ .Values.server.metrics.serviceMonitor.honorLabels }} + {{- with .Values.server.metrics.serviceMonitor.scheme }} + scheme: {{ . }} + {{- end }} + {{- with .Values.server.metrics.serviceMonitor.tlsConfig }} + tlsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ include "argo-cd.namespace" . }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.server.name "name" (printf "%s-metrics" .Values.server.name)) | nindent 6 }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/crds/crd-application.yaml b/astroshop-platform/argocd-helmchart/templates/crds/crd-application.yaml new file mode 100644 index 0000000..f7b7511 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/crds/crd-application.yaml @@ -0,0 +1,5903 @@ +{{- if .Values.crds.install }} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + {{- if .Values.crds.keep }} + "helm.sh/resource-policy": keep + {{- end }} + {{- with .Values.crds.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + app.kubernetes.io/name: applications.argoproj.io + app.kubernetes.io/part-of: argocd + {{- with .Values.crds.additionalLabels }} + {{- toYaml . | nindent 4}} + {{- end }} + name: applications.argoproj.io +spec: + group: argoproj.io + names: + kind: Application + listKind: ApplicationList + plural: applications + shortNames: + - app + - apps + singular: application + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.sync.status + name: Sync Status + type: string + - jsonPath: .status.health.status + name: Health Status + type: string + - jsonPath: .status.sync.revision + name: Revision + priority: 10 + type: string + - jsonPath: .spec.project + name: Project + priority: 10 + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: Application is a definition of Application resource. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + operation: + description: Operation contains information about a requested or running + operation + properties: + info: + description: Info is a list of informational items for this operation + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + initiatedBy: + description: InitiatedBy contains information about who initiated + the operations + properties: + automated: + description: Automated is set to true if operation was initiated + automatically by the application controller. + type: boolean + username: + description: Username contains the name of a user who started + operation + type: string + type: object + retry: + description: Retry controls the strategy to apply if a sync fails + properties: + backoff: + description: Backoff controls how to backoff on subsequent retries + of failed syncs + properties: + duration: + description: Duration is the amount to back off. Default unit + is seconds, but could also be a duration (e.g. "2m", "1h") + type: string + factor: + description: Factor is a factor to multiply the base duration + after each failed retry + format: int64 + type: integer + maxDuration: + description: MaxDuration is the maximum amount of time allowed + for the backoff strategy + type: string + type: object + limit: + description: Limit is the maximum number of attempts for retrying + a failed sync. If set to 0, no retries will be performed. + format: int64 + type: integer + type: object + sync: + description: Sync contains parameters for the operation + properties: + autoHealAttemptsCount: + description: SelfHealAttemptsCount contains the number of auto-heal + attempts + format: int64 + type: integer + dryRun: + description: DryRun specifies to perform a `kubectl apply --dry-run` + without actually performing the sync + type: boolean + manifests: + description: Manifests is an optional field that overrides sync + source with a local directory for development + items: + type: string + type: array + prune: + description: Prune specifies to delete resources from the cluster + that are no longer tracked in git + type: boolean + resources: + description: Resources describes which resources shall be part + of the sync + items: + description: SyncOperationResource contains resources to sync. + properties: + group: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + type: array + revision: + description: |- + Revision is the revision (Git) or chart version (Helm) which to sync the application to + If omitted, will use the revision specified in app spec. + type: string + revisions: + description: |- + Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to + If omitted, will use the revision specified in app spec. + items: + type: string + type: array + source: + description: |- + Source overrides the source definition set in the application. + This is typically set in a Rollback operation and is nil during a Sync operation + properties: + chart: + description: Chart is a Helm chart name, and must be specified + for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match + paths against that should be explicitly excluded from + being used during manifest generation + type: string + include: + description: Include contains a glob pattern to match + paths against that should be explicitly included during + manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar represents a variable to + be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level Arguments + items: + description: JsonnetVar represents a variable to + be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters to the + helm template + items: + description: HelmFileParameter is a file parameter that's + passed to helm template during manifest generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing + the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm template + from failing when valueFiles do not exist locally by + not appending them to helm template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination + namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters which + are passed to the helm template command upon manifest + generation + items: + description: HelmParameter is a parameter that's passed + to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether to tell + Helm to interpret booleans and numbers as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all domains + (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name to use. + If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema validation + (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files + to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed + to helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values to be + passed to helm template, defined as a map. This takes + precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use for templating + ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional labels + to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources for + Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to force + applying common labels to resources for Kustomize apps + type: boolean + ignoreMissingComponents: + description: IgnoreMissingComponents prevents kustomize + from failing when components do not exist locally by + not appending them to kustomization file + type: boolean + images: + description: Images is a list of Kustomize image override + specifications + items: + description: KustomizeImage represents a Kustomize image + definition in the format [old_image_name=]<image_name>:<image_tag> + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelIncludeTemplates: + description: LabelIncludeTemplates specifies whether to + apply common labels to resource templates or not + type: boolean + labelWithoutSelector: + description: LabelWithoutSelector specifies whether to + apply common labels to resource selectors or not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to resources + for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is displayed + in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git repository, + and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable entries + items: + description: EnvEntry represents an entry in the application's + environment + properties: + name: + description: Name is the name of the variable, usually + expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array type + parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type parameter. + type: object + name: + description: Name is the name identifying a parameter. + type: string + string: + description: String_ is the value of a string type + parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within sources + field. This field will not be used if used with a `source` + tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git or + Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + sources: + description: |- + Sources overrides the source definition set in the application. + This is typically set in a Rollback operation and is nil during a Sync operation + items: + description: ApplicationSource contains all required information + about the source of an application + properties: + chart: + description: Chart is a Helm chart name, and must be specified + for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match + paths against that should be explicitly excluded from + being used during manifest generation + type: string + include: + description: Include contains a glob pattern to match + paths against that should be explicitly included during + manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters to the + helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing + the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm template + from failing when valueFiles do not exist locally + by not appending them to helm template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination + namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command upon + manifest generation + items: + description: HelmParameter is a parameter that's passed + to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether to + tell Helm to interpret booleans and numbers + as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all + domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name to + use. If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files + to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed + to helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values to be + passed to helm template, defined as a map. This takes + precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use for + templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation + values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional labels + to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources + for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to + force applying common labels to resources for Kustomize + apps + type: boolean + ignoreMissingComponents: + description: IgnoreMissingComponents prevents kustomize + from failing when components do not exist locally + by not appending them to kustomization file + type: boolean + images: + description: Images is a list of Kustomize image override + specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]<image_name>:<image_tag> + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelIncludeTemplates: + description: LabelIncludeTemplates specifies whether + to apply common labels to resource templates or not + type: boolean + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to resources + for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is displayed + in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git repository, + and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable entries + items: + description: EnvEntry represents an entry in the application's + environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array type + parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type parameter. + type: object + name: + description: Name is the name identifying a parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within sources + field. This field will not be used if used with a `source` + tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git or + Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + type: array + syncOptions: + description: SyncOptions provide per-sync sync-options, e.g. Validate=false + items: + type: string + type: array + syncStrategy: + description: SyncStrategy describes how to perform the sync + properties: + apply: + description: Apply will perform a `kubectl apply` to perform + the sync. + properties: + force: + description: |- + Force indicates whether or not to supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, when PATCH encounters conflict and has + retried for 5 times. + type: boolean + type: object + hook: + description: Hook will submit any referenced resources to + perform the sync. This is the default strategy + properties: + force: + description: |- + Force indicates whether or not to supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, when PATCH encounters conflict and has + retried for 5 times. + type: boolean + type: object + type: object + type: object + type: object + spec: + description: ApplicationSpec represents desired application state. Contains + link to repository with application definition and additional parameters + link definition revision. + properties: + destination: + description: Destination is a reference to the target Kubernetes server + and namespace + properties: + name: + description: Name is an alternate way of specifying the target + cluster by its symbolic name. This must be set if Server is + not set. + type: string + namespace: + description: |- + Namespace specifies the target namespace for the application's resources. + The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + type: string + server: + description: Server specifies the URL of the target cluster's + Kubernetes control plane API. This must be set if Name is not + set. + type: string + type: object + ignoreDifferences: + description: IgnoreDifferences is a list of resources and their fields + which should be ignored during comparison + items: + description: ResourceIgnoreDifferences contains resource filter + and list of json paths which should be ignored during comparison + with live state. + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + description: |- + ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the + desired state defined in the SCM and won't be displayed in diffs + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + description: Info contains a list of information (URLs, email addresses, + and plain text) that relates to the application + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + description: |- + Project is a reference to the project this application belongs to. + The empty string means that application belongs to the 'default' project. + type: string + revisionHistoryLimit: + description: |- + RevisionHistoryLimit limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. + This should only be changed in exceptional circumstances. + Setting to zero will store no history. This will reduce storage used. + Increasing will increase the space used to store the history, so we do not recommend increasing it. + Default is 10. + format: int64 + type: integer + source: + description: Source is a reference to the location of the application's + manifests or chart + properties: + chart: + description: Chart is a Helm chart name, and must be specified + for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match paths + against that should be explicitly excluded from being used + during manifest generation + type: string + include: + description: Include contains a glob pattern to match paths + against that should be explicitly included during manifest + generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External Variables + items: + description: JsonnetVar represents a variable to be + passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level Arguments + items: + description: JsonnetVar represents a variable to be + passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters to the helm + template + items: + description: HelmFileParameter is a file parameter that's + passed to helm template during manifest generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing + the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm template + from failing when valueFiles do not exist locally by not + appending them to helm template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters which + are passed to the helm template command upon manifest generation + items: + description: HelmParameter is a parameter that's passed + to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether to tell + Helm to interpret booleans and numbers as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all domains + (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name to use. + If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition installation + step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema validation + (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation step + (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files to + use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed to + helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values to be passed + to helm template, defined as a map. This takes precedence + over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use for templating + ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional annotations + to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether to + apply env variables substitution for annotation values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional labels to + add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize components + to add to the kustomization before building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether to force + applying common annotations to resources for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to force + applying common labels to resources for Kustomize apps + type: boolean + ignoreMissingComponents: + description: IgnoreMissingComponents prevents kustomize from + failing when components do not exist locally by not appending + them to kustomization file + type: boolean + images: + description: Images is a list of Kustomize image override + specifications + items: + description: KustomizeImage represents a Kustomize image + definition in the format [old_image_name=]<image_name>:<image_tag> + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelIncludeTemplates: + description: LabelIncludeTemplates specifies whether to apply + common labels to resource templates or not + type: boolean + labelWithoutSelector: + description: LabelWithoutSelector specifies whether to apply + common labels to resource selectors or not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to resources + for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize adds + to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas override + specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize to + use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is displayed + in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git repository, + and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific options + properties: + env: + description: Env is a list of environment variable entries + items: + description: EnvEntry represents an entry in the application's + environment + properties: + name: + description: Name is the name of the variable, usually + expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type parameter. + type: object + name: + description: Name is the name identifying a parameter. + type: string + string: + description: String_ is the value of a string type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within sources + field. This field will not be used if used with a `source` tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git or Helm) + that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + sourceHydrator: + description: SourceHydrator provides a way to push hydrated manifests + back to git before syncing them to the cluster. + properties: + drySource: + description: DrySource specifies where the dry "don't repeat yourself" + manifest source lives. + properties: + path: + description: Path is a directory path within the Git repository + where the manifests are located + type: string + repoURL: + description: RepoURL is the URL to the git repository that + contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of the source + to hydrate + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + description: |- + HydrateTo specifies an optional "staging" location to push hydrated manifests to. An external system would then + have to move manifests to the SyncSource, e.g. by pull request. + properties: + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - targetBranch + type: object + syncSource: + description: SyncSource specifies where to sync hydrated manifests + from. + properties: + path: + description: |- + Path is a directory path within the git repository where hydrated manifests should be committed to and synced + from. If hydrateTo is set, this is just the path from which hydrated manifests will be synced. + type: string + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + description: Sources is a reference to the location of the application's + manifests or chart + items: + description: ApplicationSource contains all required information + about the source of an application + properties: + chart: + description: Chart is a Helm chart name, and must be specified + for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match paths + against that should be explicitly excluded from being + used during manifest generation + type: string + include: + description: Include contains a glob pattern to match paths + against that should be explicitly included during manifest + generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External Variables + items: + description: JsonnetVar represents a variable to be + passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level Arguments + items: + description: JsonnetVar represents a variable to be + passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters to the helm + template + items: + description: HelmFileParameter is a file parameter that's + passed to helm template during manifest generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing + the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm template + from failing when valueFiles do not exist locally by not + appending them to helm template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination + namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters which + are passed to the helm template command upon manifest + generation + items: + description: HelmParameter is a parameter that's passed + to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether to tell + Helm to interpret booleans and numbers as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all domains + (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name to use. + If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition installation + step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema validation + (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files to + use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed to + helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values to be passed + to helm template, defined as a map. This takes precedence + over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use for templating + ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional annotations + to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional labels + to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize components + to add to the kustomization before building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether to + force applying common annotations to resources for Kustomize + apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to force + applying common labels to resources for Kustomize apps + type: boolean + ignoreMissingComponents: + description: IgnoreMissingComponents prevents kustomize + from failing when components do not exist locally by not + appending them to kustomization file + type: boolean + images: + description: Images is a list of Kustomize image override + specifications + items: + description: KustomizeImage represents a Kustomize image + definition in the format [old_image_name=]<image_name>:<image_tag> + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelIncludeTemplates: + description: LabelIncludeTemplates specifies whether to + apply common labels to resource templates or not + type: boolean + labelWithoutSelector: + description: LabelWithoutSelector specifies whether to apply + common labels to resource selectors or not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to resources + for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas override + specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is displayed + in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git repository, + and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable entries + items: + description: EnvEntry represents an entry in the application's + environment + properties: + name: + description: Name is the name of the variable, usually + expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type parameter. + type: object + name: + description: Name is the name identifying a parameter. + type: string + string: + description: String_ is the value of a string type + parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within sources + field. This field will not be used if used with a `source` + tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git or Helm) + that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + description: SyncPolicy controls when and how a sync will be performed + properties: + automated: + description: Automated will keep an application synced to the + target revision + properties: + allowEmpty: + description: 'AllowEmpty allows apps have zero live resources + (default: false)' + type: boolean + enabled: + description: Enable allows apps to explicitly control automated + sync + type: boolean + prune: + description: 'Prune specifies whether to delete resources + from the cluster that are not found in the sources anymore + as part of automated sync (default: false)' + type: boolean + selfHeal: + description: 'SelfHeal specifies whether to revert resources + back to their desired state upon modification in the cluster + (default: false)' + type: boolean + type: object + managedNamespaceMetadata: + description: ManagedNamespaceMetadata controls metadata in the + given namespace (if CreateNamespace=true) + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + description: Retry controls failed sync retry behavior + properties: + backoff: + description: Backoff controls how to backoff on subsequent + retries of failed syncs + properties: + duration: + description: Duration is the amount to back off. Default + unit is seconds, but could also be a duration (e.g. + "2m", "1h") + type: string + factor: + description: Factor is a factor to multiply the base duration + after each failed retry + format: int64 + type: integer + maxDuration: + description: MaxDuration is the maximum amount of time + allowed for the backoff strategy + type: string + type: object + limit: + description: Limit is the maximum number of attempts for retrying + a failed sync. If set to 0, no retries will be performed. + format: int64 + type: integer + type: object + syncOptions: + description: Options allow you to specify whole app sync-options + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + status: + description: ApplicationStatus contains status information for the application + properties: + conditions: + description: Conditions is a list of currently observed application + conditions + items: + description: ApplicationCondition contains details about an application + condition, which is usually an error or warning + properties: + lastTransitionTime: + description: LastTransitionTime is the time the condition was + last observed + format: date-time + type: string + message: + description: Message contains human-readable message indicating + details about condition + type: string + type: + description: Type is an application condition type + type: string + required: + - message + - type + type: object + type: array + controllerNamespace: + description: ControllerNamespace indicates the namespace in which + the application controller is located + type: string + health: + description: Health contains information about the application's current + health status + properties: + lastTransitionTime: + description: LastTransitionTime is the time the HealthStatus was + set or updated + format: date-time + type: string + message: + description: |- + Message is a human-readable informational message describing the health status + + Deprecated: this field is not used and will be removed in a future release. + type: string + status: + description: Status holds the status code of the application + type: string + type: object + history: + description: History contains information about the application's + sync history + items: + description: RevisionHistory contains history information about + a previous sync + properties: + deployStartedAt: + description: DeployStartedAt holds the time the sync operation + started + format: date-time + type: string + deployedAt: + description: DeployedAt holds the time the sync operation completed + format: date-time + type: string + id: + description: ID is an auto incrementing identifier of the RevisionHistory + format: int64 + type: integer + initiatedBy: + description: InitiatedBy contains information about who initiated + the operations + properties: + automated: + description: Automated is set to true if operation was initiated + automatically by the application controller. + type: boolean + username: + description: Username contains the name of a user who started + operation + type: string + type: object + revision: + description: Revision holds the revision the sync was performed + against + type: string + revisions: + description: Revisions holds the revision of each source in + sources field the sync was performed against + items: + type: string + type: array + source: + description: Source is a reference to the application source + used for the sync operation + properties: + chart: + description: Chart is a Helm chart name, and must be specified + for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match + paths against that should be explicitly excluded from + being used during manifest generation + type: string + include: + description: Include contains a glob pattern to match + paths against that should be explicitly included during + manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters to the + helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing + the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm template + from failing when valueFiles do not exist locally + by not appending them to helm template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination + namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command upon + manifest generation + items: + description: HelmParameter is a parameter that's passed + to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether to + tell Helm to interpret booleans and numbers + as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all + domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name to + use. If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files + to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed + to helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values to be + passed to helm template, defined as a map. This takes + precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use for + templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation + values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional labels + to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources + for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to + force applying common labels to resources for Kustomize + apps + type: boolean + ignoreMissingComponents: + description: IgnoreMissingComponents prevents kustomize + from failing when components do not exist locally + by not appending them to kustomization file + type: boolean + images: + description: Images is a list of Kustomize image override + specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]<image_name>:<image_tag> + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelIncludeTemplates: + description: LabelIncludeTemplates specifies whether + to apply common labels to resource templates or not + type: boolean + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to resources + for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is displayed + in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git repository, + and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable entries + items: + description: EnvEntry represents an entry in the application's + environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array type + parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type parameter. + type: object + name: + description: Name is the name identifying a parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within sources + field. This field will not be used if used with a `source` + tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git or + Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + sources: + description: Sources is a reference to the application sources + used for the sync operation + items: + description: ApplicationSource contains all required information + about the source of an application + properties: + chart: + description: Chart is a Helm chart name, and must be specified + for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match + paths against that should be explicitly excluded + from being used during manifest generation + type: string + include: + description: Include contains a glob pattern to match + paths against that should be explicitly included + during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters to + the helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest + generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing + the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm + template from failing when valueFiles do not exist + locally by not appending them to helm template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to + template with. If left empty, defaults to the app's + destination namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command upon + manifest generation + items: + description: HelmParameter is a parameter that's + passed to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether + to tell Helm to interpret booleans and numbers + as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm + parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all + domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name + to use. If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files + to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed + to helm template, typically defined as a block. + ValuesObject takes precedence over Values, so use + one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values to + be passed to helm template, defined as a map. This + takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use for + templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation + values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional + labels to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources + for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to + force applying common labels to resources for Kustomize + apps + type: boolean + ignoreMissingComponents: + description: IgnoreMissingComponents prevents kustomize + from failing when components do not exist locally + by not appending them to kustomization file + type: boolean + images: + description: Images is a list of Kustomize image override + specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]<image_name>:<image_tag> + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelIncludeTemplates: + description: LabelIncludeTemplates specifies whether + to apply common labels to resource templates or + not + type: boolean + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or + not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to resources + for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is + displayed in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git repository, + and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable + entries + items: + description: EnvEntry represents an entry in the + application's environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array + type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type + parameter. + type: object + name: + description: Name is the name identifying a + parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within + sources field. This field will not be used if used with + a `source` tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git + or Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + type: array + required: + - deployedAt + - id + type: object + type: array + observedAt: + description: |- + ObservedAt indicates when the application state was updated without querying latest git state + Deprecated: controller no longer updates ObservedAt field + format: date-time + type: string + operationState: + description: OperationState contains information about any ongoing + operations, such as a sync + properties: + finishedAt: + description: FinishedAt contains time of operation completion + format: date-time + type: string + message: + description: Message holds any pertinent messages when attempting + to perform operation (typically errors). + type: string + operation: + description: Operation is the original requested operation + properties: + info: + description: Info is a list of informational items for this + operation + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + initiatedBy: + description: InitiatedBy contains information about who initiated + the operations + properties: + automated: + description: Automated is set to true if operation was + initiated automatically by the application controller. + type: boolean + username: + description: Username contains the name of a user who + started operation + type: string + type: object + retry: + description: Retry controls the strategy to apply if a sync + fails + properties: + backoff: + description: Backoff controls how to backoff on subsequent + retries of failed syncs + properties: + duration: + description: Duration is the amount to back off. Default + unit is seconds, but could also be a duration (e.g. + "2m", "1h") + type: string + factor: + description: Factor is a factor to multiply the base + duration after each failed retry + format: int64 + type: integer + maxDuration: + description: MaxDuration is the maximum amount of + time allowed for the backoff strategy + type: string + type: object + limit: + description: Limit is the maximum number of attempts for + retrying a failed sync. If set to 0, no retries will + be performed. + format: int64 + type: integer + type: object + sync: + description: Sync contains parameters for the operation + properties: + autoHealAttemptsCount: + description: SelfHealAttemptsCount contains the number + of auto-heal attempts + format: int64 + type: integer + dryRun: + description: DryRun specifies to perform a `kubectl apply + --dry-run` without actually performing the sync + type: boolean + manifests: + description: Manifests is an optional field that overrides + sync source with a local directory for development + items: + type: string + type: array + prune: + description: Prune specifies to delete resources from + the cluster that are no longer tracked in git + type: boolean + resources: + description: Resources describes which resources shall + be part of the sync + items: + description: SyncOperationResource contains resources + to sync. + properties: + group: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + type: array + revision: + description: |- + Revision is the revision (Git) or chart version (Helm) which to sync the application to + If omitted, will use the revision specified in app spec. + type: string + revisions: + description: |- + Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to + If omitted, will use the revision specified in app spec. + items: + type: string + type: array + source: + description: |- + Source overrides the source definition set in the application. + This is typically set in a Rollback operation and is nil during a Sync operation + properties: + chart: + description: Chart is a Helm chart name, and must + be specified for applications sourced from a Helm + repo. + type: string + directory: + description: Directory holds path/directory specific + options + properties: + exclude: + description: Exclude contains a glob pattern to + match paths against that should be explicitly + excluded from being used during manifest generation + type: string + include: + description: Include contains a glob pattern to + match paths against that should be explicitly + included during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to + Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet + External Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan + a directory recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters + to the helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest + generation + properties: + name: + description: Name is the name of the Helm + parameter + type: string + path: + description: Path is the path to the file + containing the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents + helm template from failing when valueFiles do + not exist locally by not appending them to helm + template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults to + the app's destination namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command + upon manifest generation + items: + description: HelmParameter is a parameter that's + passed to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether + to tell Helm to interpret booleans and + numbers as strings + type: boolean + name: + description: Name is the name of the Helm + parameter + type: string + value: + description: Value is the value for the + Helm parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials + to all domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name + to use. If omitted it will use the application + name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value + files to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be + passed to helm template, typically defined as + a block. ValuesObject takes precedence over + Values, so use one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values + to be passed to helm template, defined as a + map. This takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use + for templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies + whether to apply env variables substitution + for annotation values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional + labels to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before + building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies + whether to force applying common annotations + to resources for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether + to force applying common labels to resources + for Kustomize apps + type: boolean + ignoreMissingComponents: + description: IgnoreMissingComponents prevents + kustomize from failing when components do not + exist locally by not appending them to kustomization + file + type: boolean + images: + description: Images is a list of Kustomize image + override specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]<image_name>:<image_tag> + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelIncludeTemplates: + description: LabelIncludeTemplates specifies whether + to apply common labels to resource templates + or not + type: boolean + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors + or not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to + resources for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to + resources for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that + Kustomize adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of + Kustomize to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and + is displayed in the UI. It is used in multi-source + Applications. + type: string + path: + description: Path is a directory path within the Git + repository, and is only valid for applications sourced + from Git. + type: string + plugin: + description: Plugin holds config management plugin + specific options + properties: + env: + description: Env is a list of environment variable + entries + items: + description: EnvEntry represents an entry in + the application's environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array + type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type + parameter. + type: object + name: + description: Name is the name identifying + a parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within + sources field. This field will not be used if used + with a `source` tag. + type: string + repoURL: + description: RepoURL is the URL to the repository + (Git or Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + sources: + description: |- + Sources overrides the source definition set in the application. + This is typically set in a Rollback operation and is nil during a Sync operation + items: + description: ApplicationSource contains all required + information about the source of an application + properties: + chart: + description: Chart is a Helm chart name, and must + be specified for applications sourced from a Helm + repo. + type: string + directory: + description: Directory holds path/directory specific + options + properties: + exclude: + description: Exclude contains a glob pattern + to match paths against that should be explicitly + excluded from being used during manifest generation + type: string + include: + description: Include contains a glob pattern + to match paths against that should be explicitly + included during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific + to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet + External Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan + a directory recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters + to the helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest + generation + properties: + name: + description: Name is the name of the Helm + parameter + type: string + path: + description: Path is the path to the file + containing the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents + helm template from failing when valueFiles + do not exist locally by not appending them + to helm template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults + to the app's destination namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command + upon manifest generation + items: + description: HelmParameter is a parameter + that's passed to helm template during manifest + generation + properties: + forceString: + description: ForceString determines whether + to tell Helm to interpret booleans and + numbers as strings + type: boolean + name: + description: Name is the name of the Helm + parameter + type: string + value: + description: Value is the value for the + Helm parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials + to all domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release + name to use. If omitted it will use the application + name + type: string + skipCrds: + description: SkipCrds skips custom resource + definition installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON + schema validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value + files to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to + be passed to helm template, typically defined + as a block. ValuesObject takes precedence + over Values, so use one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values + to be passed to helm template, defined as + a map. This takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to + use for templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific + options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of + additional annotations to add to rendered + manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies + whether to apply env variables substitution + for annotation values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional + labels to add to rendered manifests + type: object + components: + description: Components specifies a list of + kustomize components to add to the kustomization + before building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies + whether to force applying common annotations + to resources for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether + to force applying common labels to resources + for Kustomize apps + type: boolean + ignoreMissingComponents: + description: IgnoreMissingComponents prevents + kustomize from failing when components do + not exist locally by not appending them to + kustomization file + type: boolean + images: + description: Images is a list of Kustomize image + override specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]<image_name>:<image_tag> + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelIncludeTemplates: + description: LabelIncludeTemplates specifies + whether to apply common labels to resource + templates or not + type: boolean + labelWithoutSelector: + description: LabelWithoutSelector specifies + whether to apply common labels to resource + selectors or not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended + to resources for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended + to resources for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that + Kustomize adds to all resources + type: string + patches: + description: Patches is a list of Kustomize + patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize + Replicas override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version + of Kustomize to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and + is displayed in the UI. It is used in multi-source + Applications. + type: string + path: + description: Path is a directory path within the + Git repository, and is only valid for applications + sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin + specific options + properties: + env: + description: Env is a list of environment variable + entries + items: + description: EnvEntry represents an entry + in the application's environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the + variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an + array type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map + type parameter. + type: object + name: + description: Name is the name identifying + a parameter. + type: string + string: + description: String_ is the value of a + string type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source + within sources field. This field will not be used + if used with a `source` tag. + type: string + repoURL: + description: RepoURL is the URL to the repository + (Git or Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + type: array + syncOptions: + description: SyncOptions provide per-sync sync-options, + e.g. Validate=false + items: + type: string + type: array + syncStrategy: + description: SyncStrategy describes how to perform the + sync + properties: + apply: + description: Apply will perform a `kubectl apply` + to perform the sync. + properties: + force: + description: |- + Force indicates whether or not to supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, when PATCH encounters conflict and has + retried for 5 times. + type: boolean + type: object + hook: + description: Hook will submit any referenced resources + to perform the sync. This is the default strategy + properties: + force: + description: |- + Force indicates whether or not to supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, when PATCH encounters conflict and has + retried for 5 times. + type: boolean + type: object + type: object + type: object + type: object + phase: + description: Phase is the current phase of the operation + type: string + retryCount: + description: RetryCount contains time of operation retries + format: int64 + type: integer + startedAt: + description: StartedAt contains time of operation start + format: date-time + type: string + syncResult: + description: SyncResult is the result of a Sync operation + properties: + managedNamespaceMetadata: + description: ManagedNamespaceMetadata contains the current + sync state of managed namespace metadata + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + resources: + description: Resources contains a list of sync result items + for each individual resource in a sync operation + items: + description: ResourceResult holds the operation result details + of a specific resource + properties: + group: + description: Group specifies the API group of the resource + type: string + hookPhase: + description: |- + HookPhase contains the state of any operation associated with this resource OR hook + This can also contain values for non-hook resources. + type: string + hookType: + description: HookType specifies the type of the hook. + Empty for non-hook resources + type: string + images: + description: Images contains the images related to the + ResourceResult + items: + type: string + type: array + kind: + description: Kind specifies the API kind of the resource + type: string + message: + description: Message contains an informational or error + message for the last sync OR operation + type: string + name: + description: Name specifies the name of the resource + type: string + namespace: + description: Namespace specifies the target namespace + of the resource + type: string + status: + description: Status holds the final result of the sync. + Will be empty if the resources is yet to be applied/pruned + and is always zero-value for hooks + type: string + syncPhase: + description: SyncPhase indicates the particular phase + of the sync that this result was acquired in + type: string + version: + description: Version specifies the API version of the + resource + type: string + required: + - group + - kind + - name + - namespace + - version + type: object + type: array + revision: + description: Revision holds the revision this sync operation + was performed to + type: string + revisions: + description: Revisions holds the revision this sync operation + was performed for respective indexed source in sources field + items: + type: string + type: array + source: + description: Source records the application source information + of the sync, used for comparing auto-sync + properties: + chart: + description: Chart is a Helm chart name, and must be specified + for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match + paths against that should be explicitly excluded + from being used during manifest generation + type: string + include: + description: Include contains a glob pattern to match + paths against that should be explicitly included + during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters to + the helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest + generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing + the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm + template from failing when valueFiles do not exist + locally by not appending them to helm template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to + template with. If left empty, defaults to the app's + destination namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command upon + manifest generation + items: + description: HelmParameter is a parameter that's + passed to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether + to tell Helm to interpret booleans and numbers + as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm + parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all + domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name + to use. If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files + to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed + to helm template, typically defined as a block. + ValuesObject takes precedence over Values, so use + one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values to + be passed to helm template, defined as a map. This + takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use for + templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation + values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional + labels to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources + for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to + force applying common labels to resources for Kustomize + apps + type: boolean + ignoreMissingComponents: + description: IgnoreMissingComponents prevents kustomize + from failing when components do not exist locally + by not appending them to kustomization file + type: boolean + images: + description: Images is a list of Kustomize image override + specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]<image_name>:<image_tag> + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelIncludeTemplates: + description: LabelIncludeTemplates specifies whether + to apply common labels to resource templates or + not + type: boolean + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or + not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to resources + for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is + displayed in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git repository, + and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable + entries + items: + description: EnvEntry represents an entry in the + application's environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array + type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type + parameter. + type: object + name: + description: Name is the name identifying a + parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within + sources field. This field will not be used if used with + a `source` tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git + or Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + sources: + description: Source records the application source information + of the sync, used for comparing auto-sync + items: + description: ApplicationSource contains all required information + about the source of an application + properties: + chart: + description: Chart is a Helm chart name, and must be + specified for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific + options + properties: + exclude: + description: Exclude contains a glob pattern to + match paths against that should be explicitly + excluded from being used during manifest generation + type: string + include: + description: Include contains a glob pattern to + match paths against that should be explicitly + included during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a + directory recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters + to the helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest + generation + properties: + name: + description: Name is the name of the Helm + parameter + type: string + path: + description: Path is the path to the file + containing the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm + template from failing when valueFiles do not exist + locally by not appending them to helm template + --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults to the + app's destination namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command + upon manifest generation + items: + description: HelmParameter is a parameter that's + passed to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether + to tell Helm to interpret booleans and numbers + as strings + type: boolean + name: + description: Name is the name of the Helm + parameter + type: string + value: + description: Value is the value for the Helm + parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to + all domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name + to use. If omitted it will use the application + name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value + files to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be + passed to helm template, typically defined as + a block. ValuesObject takes precedence over Values, + so use one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values + to be passed to helm template, defined as a map. + This takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use + for templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies + whether to apply env variables substitution for + annotation values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional + labels to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before + building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources + for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether + to force applying common labels to resources for + Kustomize apps + type: boolean + ignoreMissingComponents: + description: IgnoreMissingComponents prevents kustomize + from failing when components do not exist locally + by not appending them to kustomization file + type: boolean + images: + description: Images is a list of Kustomize image + override specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]<image_name>:<image_tag> + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelIncludeTemplates: + description: LabelIncludeTemplates specifies whether + to apply common labels to resource templates or + not + type: boolean + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or + not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to + resources for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to + resources for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is + displayed in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git + repository, and is only valid for applications sourced + from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable + entries + items: + description: EnvEntry represents an entry in the + application's environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array + type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type + parameter. + type: object + name: + description: Name is the name identifying + a parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within + sources field. This field will not be used if used + with a `source` tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git + or Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + type: array + required: + - revision + type: object + required: + - operation + - phase + - startedAt + type: object + reconciledAt: + description: ReconciledAt indicates when the application state was + reconciled using the latest git version + format: date-time + type: string + resourceHealthSource: + description: 'ResourceHealthSource indicates where the resource health + status is stored: inline if not set or appTree' + type: string + resources: + description: Resources is a list of Kubernetes resources managed by + this application + items: + description: ResourceStatus holds the current synchronization and + health status of a Kubernetes resource. + properties: + group: + description: Group represents the API group of the resource + (e.g., "apps" for Deployments). + type: string + health: + description: Health indicates the health status of the resource + (e.g., Healthy, Degraded, Progressing). + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the time the HealthStatus was set or updated + + Deprecated: this field is not used and will be removed in a future release. + format: date-time + type: string + message: + description: Message is a human-readable informational message + describing the health status + type: string + status: + description: Status holds the status code of the resource + type: string + type: object + hook: + description: Hook is true if the resource is used as a lifecycle + hook in an Argo CD application. + type: boolean + kind: + description: Kind specifies the type of the resource (e.g., + "Deployment", "Service"). + type: string + name: + description: Name is the unique name of the resource within + the namespace. + type: string + namespace: + description: Namespace defines the Kubernetes namespace where + the resource is located. + type: string + requiresDeletionConfirmation: + description: RequiresDeletionConfirmation is true if the resource + requires explicit user confirmation before deletion. + type: boolean + requiresPruning: + description: RequiresPruning is true if the resource needs to + be pruned (deleted) as part of synchronization. + type: boolean + status: + description: Status represents the synchronization state of + the resource (e.g., Synced, OutOfSync). + type: string + syncWave: + description: |- + SyncWave determines the order in which resources are applied during a sync operation. + Lower values are applied first. + format: int64 + type: integer + version: + description: Version indicates the API version of the resource + (e.g., "v1", "v1beta1"). + type: string + type: object + type: array + sourceHydrator: + description: SourceHydrator stores information about the current state + of source hydration + properties: + currentOperation: + description: CurrentOperation holds the status of the hydrate + operation + properties: + drySHA: + description: DrySHA holds the resolved revision (sha) of the + dry source as of the most recent reconciliation + type: string + finishedAt: + description: FinishedAt indicates when the hydrate operation + finished + format: date-time + type: string + hydratedSHA: + description: HydratedSHA holds the resolved revision (sha) + of the hydrated source as of the most recent reconciliation + type: string + message: + description: Message contains a message describing the current + status of the hydrate operation + type: string + phase: + description: Phase indicates the status of the hydrate operation + enum: + - Hydrating + - Failed + - Hydrated + type: string + sourceHydrator: + description: SourceHydrator holds the hydrator config used + for the hydrate operation + properties: + drySource: + description: DrySource specifies where the dry "don't + repeat yourself" manifest source lives. + properties: + path: + description: Path is a directory path within the Git + repository where the manifests are located + type: string + repoURL: + description: RepoURL is the URL to the git repository + that contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of + the source to hydrate + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + description: |- + HydrateTo specifies an optional "staging" location to push hydrated manifests to. An external system would then + have to move manifests to the SyncSource, e.g. by pull request. + properties: + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - targetBranch + type: object + syncSource: + description: SyncSource specifies where to sync hydrated + manifests from. + properties: + path: + description: |- + Path is a directory path within the git repository where hydrated manifests should be committed to and synced + from. If hydrateTo is set, this is just the path from which hydrated manifests will be synced. + type: string + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + startedAt: + description: StartedAt indicates when the hydrate operation + started + format: date-time + type: string + required: + - message + - phase + type: object + lastSuccessfulOperation: + description: LastSuccessfulOperation holds info about the most + recent successful hydration + properties: + drySHA: + description: DrySHA holds the resolved revision (sha) of the + dry source as of the most recent reconciliation + type: string + hydratedSHA: + description: HydratedSHA holds the resolved revision (sha) + of the hydrated source as of the most recent reconciliation + type: string + sourceHydrator: + description: SourceHydrator holds the hydrator config used + for the hydrate operation + properties: + drySource: + description: DrySource specifies where the dry "don't + repeat yourself" manifest source lives. + properties: + path: + description: Path is a directory path within the Git + repository where the manifests are located + type: string + repoURL: + description: RepoURL is the URL to the git repository + that contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of + the source to hydrate + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + description: |- + HydrateTo specifies an optional "staging" location to push hydrated manifests to. An external system would then + have to move manifests to the SyncSource, e.g. by pull request. + properties: + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - targetBranch + type: object + syncSource: + description: SyncSource specifies where to sync hydrated + manifests from. + properties: + path: + description: |- + Path is a directory path within the git repository where hydrated manifests should be committed to and synced + from. If hydrateTo is set, this is just the path from which hydrated manifests will be synced. + type: string + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + type: object + type: object + sourceType: + description: SourceType specifies the type of this application + type: string + sourceTypes: + description: SourceTypes specifies the type of the sources included + in the application + items: + description: ApplicationSourceType specifies the type of the application's + source + type: string + type: array + summary: + description: Summary contains a list of URLs and container images + used by this application + properties: + externalURLs: + description: ExternalURLs holds all external URLs of application + child resources. + items: + type: string + type: array + images: + description: Images holds all images of application child resources. + items: + type: string + type: array + type: object + sync: + description: Sync contains information about the application's current + sync status + properties: + comparedTo: + description: ComparedTo contains information about what has been + compared + properties: + destination: + description: Destination is a reference to the application's + destination used for comparison + properties: + name: + description: Name is an alternate way of specifying the + target cluster by its symbolic name. This must be set + if Server is not set. + type: string + namespace: + description: |- + Namespace specifies the target namespace for the application's resources. + The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + type: string + server: + description: Server specifies the URL of the target cluster's + Kubernetes control plane API. This must be set if Name + is not set. + type: string + type: object + ignoreDifferences: + description: IgnoreDifferences is a reference to the application's + ignored differences used for comparison + items: + description: ResourceIgnoreDifferences contains resource + filter and list of json paths which should be ignored + during comparison with live state. + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + description: |- + ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the + desired state defined in the SCM and won't be displayed in diffs + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + source: + description: Source is a reference to the application's source + used for comparison + properties: + chart: + description: Chart is a Helm chart name, and must be specified + for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match + paths against that should be explicitly excluded + from being used during manifest generation + type: string + include: + description: Include contains a glob pattern to match + paths against that should be explicitly included + during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters to + the helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest + generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing + the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm + template from failing when valueFiles do not exist + locally by not appending them to helm template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to + template with. If left empty, defaults to the app's + destination namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command upon + manifest generation + items: + description: HelmParameter is a parameter that's + passed to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether + to tell Helm to interpret booleans and numbers + as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm + parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all + domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name + to use. If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files + to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed + to helm template, typically defined as a block. + ValuesObject takes precedence over Values, so use + one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values to + be passed to helm template, defined as a map. This + takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use for + templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation + values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional + labels to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources + for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to + force applying common labels to resources for Kustomize + apps + type: boolean + ignoreMissingComponents: + description: IgnoreMissingComponents prevents kustomize + from failing when components do not exist locally + by not appending them to kustomization file + type: boolean + images: + description: Images is a list of Kustomize image override + specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]<image_name>:<image_tag> + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelIncludeTemplates: + description: LabelIncludeTemplates specifies whether + to apply common labels to resource templates or + not + type: boolean + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or + not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to resources + for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is + displayed in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git repository, + and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable + entries + items: + description: EnvEntry represents an entry in the + application's environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array + type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type + parameter. + type: object + name: + description: Name is the name identifying a + parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within + sources field. This field will not be used if used with + a `source` tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git + or Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + sources: + description: Sources is a reference to the application's multiple + sources used for comparison + items: + description: ApplicationSource contains all required information + about the source of an application + properties: + chart: + description: Chart is a Helm chart name, and must be + specified for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific + options + properties: + exclude: + description: Exclude contains a glob pattern to + match paths against that should be explicitly + excluded from being used during manifest generation + type: string + include: + description: Include contains a glob pattern to + match paths against that should be explicitly + included during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a + directory recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters + to the helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest + generation + properties: + name: + description: Name is the name of the Helm + parameter + type: string + path: + description: Path is the path to the file + containing the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm + template from failing when valueFiles do not exist + locally by not appending them to helm template + --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults to the + app's destination namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command + upon manifest generation + items: + description: HelmParameter is a parameter that's + passed to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether + to tell Helm to interpret booleans and numbers + as strings + type: boolean + name: + description: Name is the name of the Helm + parameter + type: string + value: + description: Value is the value for the Helm + parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to + all domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name + to use. If omitted it will use the application + name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value + files to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be + passed to helm template, typically defined as + a block. ValuesObject takes precedence over Values, + so use one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values + to be passed to helm template, defined as a map. + This takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use + for templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies + whether to apply env variables substitution for + annotation values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional + labels to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before + building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources + for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether + to force applying common labels to resources for + Kustomize apps + type: boolean + ignoreMissingComponents: + description: IgnoreMissingComponents prevents kustomize + from failing when components do not exist locally + by not appending them to kustomization file + type: boolean + images: + description: Images is a list of Kustomize image + override specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]<image_name>:<image_tag> + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelIncludeTemplates: + description: LabelIncludeTemplates specifies whether + to apply common labels to resource templates or + not + type: boolean + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or + not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to + resources for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to + resources for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is + displayed in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git + repository, and is only valid for applications sourced + from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable + entries + items: + description: EnvEntry represents an entry in the + application's environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array + type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type + parameter. + type: object + name: + description: Name is the name identifying + a parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within + sources field. This field will not be used if used + with a `source` tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git + or Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + type: array + required: + - destination + type: object + revision: + description: Revision contains information about the revision + the comparison has been performed to + type: string + revisions: + description: Revisions contains information about the revisions + of multiple sources the comparison has been performed to + items: + type: string + type: array + status: + description: Status is the sync state of the comparison + type: string + required: + - status + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: {} +{{- end }} + diff --git a/astroshop-platform/argocd-helmchart/templates/crds/crd-applicationset.yaml b/astroshop-platform/argocd-helmchart/templates/crds/crd-applicationset.yaml new file mode 100644 index 0000000..2572144 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/crds/crd-applicationset.yaml @@ -0,0 +1,17737 @@ +{{- if .Values.crds.install }} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + {{- if .Values.crds.keep }} + "helm.sh/resource-policy": keep + {{- end }} + {{- with .Values.crds.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + app.kubernetes.io/name: applicationsets.argoproj.io + app.kubernetes.io/part-of: argocd + {{- with .Values.crds.additionalLabels }} + {{- toYaml . | nindent 4}} + {{- end }} + name: applicationsets.argoproj.io +spec: + group: argoproj.io + names: + kind: ApplicationSet + listKind: ApplicationSetList + plural: applicationsets + shortNames: + - appset + - appsets + singular: applicationset + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + applyNestedSelectors: + type: boolean + generators: + items: + properties: + clusterDecisionResource: + properties: + configMapRef: + type: string + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + enabled: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef + type: object + clusters: + properties: + flatList: + type: boolean + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + enabled: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + type: object + git: + properties: + directories: + items: + properties: + exclude: + type: boolean + path: + type: string + required: + - path + type: object + type: array + files: + items: + properties: + exclude: + type: boolean + path: + type: string + required: + - path + type: object + type: array + pathParamPrefix: + type: string + repoURL: + type: string + requeueAfterSeconds: + format: int64 + type: integer + revision: + type: string + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + enabled: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - repoURL + - revision + type: object + list: + properties: + elements: + items: + x-kubernetes-preserve-unknown-fields: true + type: array + elementsYaml: + type: string + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + enabled: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + type: object + matrix: + properties: + generators: + items: + properties: + clusterDecisionResource: + properties: + configMapRef: + type: string + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + enabled: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef + type: object + clusters: + properties: + flatList: + type: boolean + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + enabled: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + type: object + git: + properties: + directories: + items: + properties: + exclude: + type: boolean + path: + type: string + required: + - path + type: object + type: array + files: + items: + properties: + exclude: + type: boolean + path: + type: string + required: + - path + type: object + type: array + pathParamPrefix: + type: string + repoURL: + type: string + requeueAfterSeconds: + format: int64 + type: integer + revision: + type: string + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + enabled: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - repoURL + - revision + type: object + list: + properties: + elements: + items: + x-kubernetes-preserve-unknown-fields: true + type: array + elementsYaml: + type: string + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + enabled: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + type: object + matrix: + x-kubernetes-preserve-unknown-fields: true + merge: + x-kubernetes-preserve-unknown-fields: true + plugin: + properties: + configMapRef: + properties: + name: + type: string + required: + - name + type: object + input: + properties: + parameters: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + enabled: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef + type: object + pullRequest: + properties: + azuredevops: + properties: + api: + type: string + labels: + items: + type: string + type: array + organization: + type: string + project: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - organization + - project + - repo + type: object + bitbucket: + properties: + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + owner: + type: string + repo: + type: string + required: + - owner + - repo + type: object + bitbucketServer: + properties: + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean + project: + type: string + repo: + type: string + required: + - api + - project + - repo + type: object + filters: + items: + properties: + branchMatch: + type: string + targetBranchMatch: + type: string + type: object + type: array + gitea: + properties: + api: + type: string + insecure: + type: boolean + labels: + items: + type: string + type: array + owner: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - api + - owner + - repo + type: object + github: + properties: + api: + type: string + appSecretName: + type: string + labels: + items: + type: string + type: array + owner: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - owner + - repo + type: object + gitlab: + properties: + api: + type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean + labels: + items: + type: string + type: array + project: + type: string + pullRequestState: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - project + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + enabled: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + type: object + scmProvider: + properties: + awsCodeCommit: + properties: + allBranches: + type: boolean + region: + type: string + role: + type: string + tagFilters: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + type: object + azureDevOps: + properties: + accessTokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + allBranches: + type: boolean + api: + type: string + organization: + type: string + teamProject: + type: string + required: + - accessTokenRef + - organization + - teamProject + type: object + bitbucket: + properties: + allBranches: + type: boolean + appPasswordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + owner: + type: string + user: + type: string + required: + - appPasswordRef + - owner + - user + type: object + bitbucketServer: + properties: + allBranches: + type: boolean + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean + project: + type: string + required: + - api + - project + type: object + cloneProtocol: + type: string + filters: + items: + properties: + branchMatch: + type: string + labelMatch: + type: string + pathsDoNotExist: + items: + type: string + type: array + pathsExist: + items: + type: string + type: array + repositoryMatch: + type: string + type: object + type: array + gitea: + properties: + allBranches: + type: boolean + api: + type: string + insecure: + type: boolean + owner: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - api + - owner + type: object + github: + properties: + allBranches: + type: boolean + api: + type: string + appSecretName: + type: string + organization: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - organization + type: object + gitlab: + properties: + allBranches: + type: boolean + api: + type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + group: + type: string + includeSharedProjects: + type: boolean + includeSubgroups: + type: boolean + insecure: + type: boolean + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + topic: + type: string + required: + - group + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + enabled: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + type: object + type: array + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + enabled: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + required: + - generators + type: object + merge: + properties: + generators: + items: + properties: + clusterDecisionResource: + properties: + configMapRef: + type: string + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + enabled: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef + type: object + clusters: + properties: + flatList: + type: boolean + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + enabled: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + type: object + git: + properties: + directories: + items: + properties: + exclude: + type: boolean + path: + type: string + required: + - path + type: object + type: array + files: + items: + properties: + exclude: + type: boolean + path: + type: string + required: + - path + type: object + type: array + pathParamPrefix: + type: string + repoURL: + type: string + requeueAfterSeconds: + format: int64 + type: integer + revision: + type: string + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + enabled: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - repoURL + - revision + type: object + list: + properties: + elements: + items: + x-kubernetes-preserve-unknown-fields: true + type: array + elementsYaml: + type: string + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + enabled: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + type: object + matrix: + x-kubernetes-preserve-unknown-fields: true + merge: + x-kubernetes-preserve-unknown-fields: true + plugin: + properties: + configMapRef: + properties: + name: + type: string + required: + - name + type: object + input: + properties: + parameters: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + enabled: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef + type: object + pullRequest: + properties: + azuredevops: + properties: + api: + type: string + labels: + items: + type: string + type: array + organization: + type: string + project: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - organization + - project + - repo + type: object + bitbucket: + properties: + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + owner: + type: string + repo: + type: string + required: + - owner + - repo + type: object + bitbucketServer: + properties: + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean + project: + type: string + repo: + type: string + required: + - api + - project + - repo + type: object + filters: + items: + properties: + branchMatch: + type: string + targetBranchMatch: + type: string + type: object + type: array + gitea: + properties: + api: + type: string + insecure: + type: boolean + labels: + items: + type: string + type: array + owner: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - api + - owner + - repo + type: object + github: + properties: + api: + type: string + appSecretName: + type: string + labels: + items: + type: string + type: array + owner: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - owner + - repo + type: object + gitlab: + properties: + api: + type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean + labels: + items: + type: string + type: array + project: + type: string + pullRequestState: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - project + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + enabled: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + type: object + scmProvider: + properties: + awsCodeCommit: + properties: + allBranches: + type: boolean + region: + type: string + role: + type: string + tagFilters: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + type: object + azureDevOps: + properties: + accessTokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + allBranches: + type: boolean + api: + type: string + organization: + type: string + teamProject: + type: string + required: + - accessTokenRef + - organization + - teamProject + type: object + bitbucket: + properties: + allBranches: + type: boolean + appPasswordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + owner: + type: string + user: + type: string + required: + - appPasswordRef + - owner + - user + type: object + bitbucketServer: + properties: + allBranches: + type: boolean + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean + project: + type: string + required: + - api + - project + type: object + cloneProtocol: + type: string + filters: + items: + properties: + branchMatch: + type: string + labelMatch: + type: string + pathsDoNotExist: + items: + type: string + type: array + pathsExist: + items: + type: string + type: array + repositoryMatch: + type: string + type: object + type: array + gitea: + properties: + allBranches: + type: boolean + api: + type: string + insecure: + type: boolean + owner: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - api + - owner + type: object + github: + properties: + allBranches: + type: boolean + api: + type: string + appSecretName: + type: string + organization: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - organization + type: object + gitlab: + properties: + allBranches: + type: boolean + api: + type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + group: + type: string + includeSharedProjects: + type: boolean + includeSubgroups: + type: boolean + insecure: + type: boolean + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + topic: + type: string + required: + - group + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + enabled: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + type: object + type: array + mergeKeys: + items: + type: string + type: array + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + enabled: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + required: + - generators + - mergeKeys + type: object + plugin: + properties: + configMapRef: + properties: + name: + type: string + required: + - name + type: object + input: + properties: + parameters: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + enabled: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef + type: object + pullRequest: + properties: + azuredevops: + properties: + api: + type: string + labels: + items: + type: string + type: array + organization: + type: string + project: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - organization + - project + - repo + type: object + bitbucket: + properties: + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + owner: + type: string + repo: + type: string + required: + - owner + - repo + type: object + bitbucketServer: + properties: + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean + project: + type: string + repo: + type: string + required: + - api + - project + - repo + type: object + filters: + items: + properties: + branchMatch: + type: string + targetBranchMatch: + type: string + type: object + type: array + gitea: + properties: + api: + type: string + insecure: + type: boolean + labels: + items: + type: string + type: array + owner: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - api + - owner + - repo + type: object + github: + properties: + api: + type: string + appSecretName: + type: string + labels: + items: + type: string + type: array + owner: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - owner + - repo + type: object + gitlab: + properties: + api: + type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean + labels: + items: + type: string + type: array + project: + type: string + pullRequestState: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - project + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + enabled: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + type: object + scmProvider: + properties: + awsCodeCommit: + properties: + allBranches: + type: boolean + region: + type: string + role: + type: string + tagFilters: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + type: object + azureDevOps: + properties: + accessTokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + allBranches: + type: boolean + api: + type: string + organization: + type: string + teamProject: + type: string + required: + - accessTokenRef + - organization + - teamProject + type: object + bitbucket: + properties: + allBranches: + type: boolean + appPasswordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + owner: + type: string + user: + type: string + required: + - appPasswordRef + - owner + - user + type: object + bitbucketServer: + properties: + allBranches: + type: boolean + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean + project: + type: string + required: + - api + - project + type: object + cloneProtocol: + type: string + filters: + items: + properties: + branchMatch: + type: string + labelMatch: + type: string + pathsDoNotExist: + items: + type: string + type: array + pathsExist: + items: + type: string + type: array + repositoryMatch: + type: string + type: object + type: array + gitea: + properties: + allBranches: + type: boolean + api: + type: string + insecure: + type: boolean + owner: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - api + - owner + type: object + github: + properties: + allBranches: + type: boolean + api: + type: string + appSecretName: + type: string + organization: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - organization + type: object + gitlab: + properties: + allBranches: + type: boolean + api: + type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + group: + type: string + includeSharedProjects: + type: boolean + includeSubgroups: + type: boolean + insecure: + type: boolean + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + topic: + type: string + required: + - group + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + enabled: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + type: object + type: array + goTemplate: + type: boolean + goTemplateOptions: + items: + type: string + type: array + ignoreApplicationDifferences: + items: + properties: + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + name: + type: string + type: object + type: array + preservedFields: + properties: + annotations: + items: + type: string + type: array + labels: + items: + type: string + type: array + type: object + strategy: + properties: + rollingSync: + properties: + steps: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + type: object + type: array + maxUpdate: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + type: array + type: object + type: + type: string + type: object + syncPolicy: + properties: + applicationsSync: + enum: + - create-only + - create-update + - create-delete + - sync + type: string + preserveResourcesOnDeletion: + type: boolean + type: object + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + ignoreMissingComponents: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelIncludeTemplates: + type: boolean + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + enabled: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + templatePatch: + type: string + required: + - generators + - template + type: object + status: + properties: + applicationStatus: + items: + properties: + application: + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + status: + type: string + step: + type: string + targetRevisions: + items: + type: string + type: array + required: + - application + - message + - status + - step + - targetRevisions + type: object + type: array + conditions: + items: + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + required: + - message + - reason + - status + - type + type: object + type: array + resources: + items: + properties: + group: + type: string + health: + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + status: + type: string + type: object + hook: + type: boolean + kind: + type: string + name: + type: string + namespace: + type: string + requiresDeletionConfirmation: + type: boolean + requiresPruning: + type: boolean + status: + type: string + syncWave: + format: int64 + type: integer + version: + type: string + type: object + type: array + type: object + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +{{- end }} + diff --git a/astroshop-platform/argocd-helmchart/templates/crds/crd-project.yaml b/astroshop-platform/argocd-helmchart/templates/crds/crd-project.yaml new file mode 100644 index 0000000..7e50234 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/crds/crd-project.yaml @@ -0,0 +1,379 @@ +{{- if .Values.crds.install }} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + {{- if .Values.crds.keep }} + "helm.sh/resource-policy": keep + {{- end }} + {{- with .Values.crds.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + app.kubernetes.io/name: appprojects.argoproj.io + app.kubernetes.io/part-of: argocd + {{- with .Values.crds.additionalLabels }} + {{- toYaml . | nindent 4}} + {{- end }} + name: appprojects.argoproj.io +spec: + group: argoproj.io + names: + kind: AppProject + listKind: AppProjectList + plural: appprojects + shortNames: + - appproj + - appprojs + singular: appproject + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + AppProject provides a logical grouping of applications, providing controls for: + * where the apps may deploy to (cluster whitelist) + * what may be deployed (repository whitelist, resource whitelist/blacklist) + * who can access these applications (roles, OIDC group claims bindings) + * and what they can do (RBAC policies) + * automation access to these roles (JWT tokens) + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: AppProjectSpec is the specification of an AppProject + properties: + clusterResourceBlacklist: + description: ClusterResourceBlacklist contains list of blacklisted + cluster level resources + items: + description: |- + GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying + concepts during lookup stages without having partially valid types + properties: + group: + type: string + kind: + type: string + required: + - group + - kind + type: object + type: array + clusterResourceWhitelist: + description: ClusterResourceWhitelist contains list of whitelisted + cluster level resources + items: + description: |- + GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying + concepts during lookup stages without having partially valid types + properties: + group: + type: string + kind: + type: string + required: + - group + - kind + type: object + type: array + description: + description: Description contains optional project description + maxLength: 255 + type: string + destinationServiceAccounts: + description: DestinationServiceAccounts holds information about the + service accounts to be impersonated for the application sync operation + for each destination. + items: + description: ApplicationDestinationServiceAccount holds information + about the service account to be impersonated for the application + sync operation. + properties: + defaultServiceAccount: + description: DefaultServiceAccount to be used for impersonation + during the sync operation + type: string + namespace: + description: Namespace specifies the target namespace for the + application's resources. + type: string + server: + description: Server specifies the URL of the target cluster's + Kubernetes control plane API. + type: string + required: + - defaultServiceAccount + - server + type: object + type: array + destinations: + description: Destinations contains list of destinations available + for deployment + items: + description: ApplicationDestination holds information about the + application's destination + properties: + name: + description: Name is an alternate way of specifying the target + cluster by its symbolic name. This must be set if Server is + not set. + type: string + namespace: + description: |- + Namespace specifies the target namespace for the application's resources. + The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + type: string + server: + description: Server specifies the URL of the target cluster's + Kubernetes control plane API. This must be set if Name is + not set. + type: string + type: object + type: array + namespaceResourceBlacklist: + description: NamespaceResourceBlacklist contains list of blacklisted + namespace level resources + items: + description: |- + GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying + concepts during lookup stages without having partially valid types + properties: + group: + type: string + kind: + type: string + required: + - group + - kind + type: object + type: array + namespaceResourceWhitelist: + description: NamespaceResourceWhitelist contains list of whitelisted + namespace level resources + items: + description: |- + GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying + concepts during lookup stages without having partially valid types + properties: + group: + type: string + kind: + type: string + required: + - group + - kind + type: object + type: array + orphanedResources: + description: OrphanedResources specifies if controller should monitor + orphaned resources of apps in this project + properties: + ignore: + description: Ignore contains a list of resources that are to be + excluded from orphaned resources monitoring + items: + description: OrphanedResourceKey is a reference to a resource + to be ignored from + properties: + group: + type: string + kind: + type: string + name: + type: string + type: object + type: array + warn: + description: Warn indicates if warning condition should be created + for apps which have orphaned resources + type: boolean + type: object + permitOnlyProjectScopedClusters: + description: PermitOnlyProjectScopedClusters determines whether destinations + can only reference clusters which are project-scoped + type: boolean + roles: + description: Roles are user defined RBAC roles associated with this + project + items: + description: ProjectRole represents a role that has access to a + project + properties: + description: + description: Description is a description of the role + type: string + groups: + description: Groups are a list of OIDC group claims bound to + this role + items: + type: string + type: array + jwtTokens: + description: JWTTokens are a list of generated JWT tokens bound + to this role + items: + description: JWTToken holds the issuedAt and expiresAt values + of a token + properties: + exp: + format: int64 + type: integer + iat: + format: int64 + type: integer + id: + type: string + required: + - iat + type: object + type: array + name: + description: Name is a name for this role + type: string + policies: + description: Policies Stores a list of casbin formatted strings + that define access policies for the role in the project + items: + type: string + type: array + required: + - name + type: object + type: array + signatureKeys: + description: SignatureKeys contains a list of PGP key IDs that commits + in Git must be signed with in order to be allowed for sync + items: + description: SignatureKey is the specification of a key required + to verify commit signatures with + properties: + keyID: + description: The ID of the key in hexadecimal notation + type: string + required: + - keyID + type: object + type: array + sourceNamespaces: + description: SourceNamespaces defines the namespaces application resources + are allowed to be created in + items: + type: string + type: array + sourceRepos: + description: SourceRepos contains list of repository URLs which can + be used for deployment + items: + type: string + type: array + syncWindows: + description: SyncWindows controls when syncs can be run for apps in + this project + items: + description: SyncWindow contains the kind, time, duration and attributes + that are used to assign the syncWindows to apps + properties: + andOperator: + description: UseAndOperator use AND operator for matching applications, + namespaces and clusters instead of the default OR operator + type: boolean + applications: + description: Applications contains a list of applications that + the window will apply to + items: + type: string + type: array + clusters: + description: Clusters contains a list of clusters that the window + will apply to + items: + type: string + type: array + description: + description: Description of the sync that will be applied to + the schedule, can be used to add any information such as a + ticket number for example + type: string + duration: + description: Duration is the amount of time the sync window + will be open + type: string + kind: + description: Kind defines if the window allows or blocks syncs + type: string + manualSync: + description: ManualSync enables manual syncs when they would + otherwise be blocked + type: boolean + namespaces: + description: Namespaces contains a list of namespaces that the + window will apply to + items: + type: string + type: array + schedule: + description: Schedule is the time the window will begin, specified + in cron format + type: string + timeZone: + description: TimeZone of the sync that will be applied to the + schedule + type: string + type: object + type: array + type: object + status: + description: AppProjectStatus contains status information for AppProject + CRs + properties: + jwtTokensByRole: + additionalProperties: + description: JWTTokens represents a list of JWT tokens + properties: + items: + items: + description: JWTToken holds the issuedAt and expiresAt values + of a token + properties: + exp: + format: int64 + type: integer + iat: + format: int64 + type: integer + id: + type: string + required: + - iat + type: object + type: array + type: object + description: JWTTokensByRole contains a list of JWT tokens issued + for a given role + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +{{- end }} + diff --git a/astroshop-platform/argocd-helmchart/templates/dex/deployment.yaml b/astroshop-platform/argocd-helmchart/templates/dex/deployment.yaml new file mode 100644 index 0000000..fe23a76 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/dex/deployment.yaml @@ -0,0 +1,254 @@ +{{- if .Values.dex.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.dex.deploymentAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + name: {{ template "argo-cd.dex.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentLabels) .Values.dex.deploymentLabels) }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- with include "argo-cd.strategy" (mergeOverwrite (deepCopy .Values.global.deploymentStrategy) .Values.dex.deploymentStrategy) }} + strategy: + {{- trim . | nindent 4 }} + {{- end }} + replicas: 1 + revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.dex.name) | nindent 6 }} + template: + metadata: + annotations: + checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }} + {{- if (index .Values.configs.cm "dex.config") }} + checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.dex.certificateSecret.enabled }} + checksum/dex-server-tls: {{ include (print $.Template.BasePath "/argocd-configs/argocd-dex-server-tls-secret.yaml") . | sha256sum }} + {{- end }} + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.dex.podAnnotations) }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 8 }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.dex.podLabels) }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.dex.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} + {{- with .Values.dex.imagePullSecrets | default .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with.Values.global.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.dex.priorityClassName | default .Values.global.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + {{- if .Values.dex.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.dex.terminationGracePeriodSeconds }} + {{- end }} + serviceAccountName: {{ template "argo-cd.dex.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.dex.automountServiceAccountToken }} + containers: + - name: {{ .Values.dex.name }} + image: {{ .Values.dex.image.repository }}:{{ .Values.dex.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.dex.image.imagePullPolicy }} + command: + - /shared/argocd-dex + {{- with .Values.dex.logLevel }} + - --loglevel={{ . }} + {{- end }} + {{- with .Values.dex.logFormat }} + - --logformat={{ . }} + {{- end }} + args: + - rundex + {{- with .Values.dex.extraArgs }} + {{- toYaml . | nindent 8 }} + {{- end }} + env: + {{- with (concat .Values.global.env .Values.dex.env) }} + {{- toYaml . | nindent 10 }} + {{- end }} + - name: ARGOCD_DEX_SERVER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: dexserver.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_DEX_SERVER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: dexserver.log.level + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: log.format.timestamp + optional: true + - name: ARGOCD_DEX_SERVER_DISABLE_TLS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: dexserver.disable.tls + optional: true + {{- with .Values.dex.envFrom }} + envFrom: + {{- toYaml . | nindent 10 }} + {{- end }} + ports: + - name: http + containerPort: {{ .Values.dex.containerPorts.http }} + protocol: TCP + - name: grpc + containerPort: {{ .Values.dex.containerPorts.grpc }} + protocol: TCP + - name: metrics + containerPort: {{ .Values.dex.containerPorts.metrics }} + protocol: TCP + {{- if .Values.dex.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.dex.livenessProbe.httpPath }} + port: {{ .Values.dex.livenessProbe.httpPort }} + scheme: {{ .Values.dex.livenessProbe.httpScheme }} + initialDelaySeconds: {{ .Values.dex.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.dex.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.dex.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.dex.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.dex.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.dex.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.dex.readinessProbe.httpPath }} + port: {{ .Values.dex.readinessProbe.httpPort }} + scheme: {{ .Values.dex.readinessProbe.httpScheme }} + initialDelaySeconds: {{ .Values.dex.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.dex.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.dex.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.dex.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.dex.readinessProbe.failureThreshold }} + {{- end }} + resources: + {{- toYaml .Values.dex.resources | nindent 10 }} + {{- with .Values.dex.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + volumeMounts: + {{- with .Values.dex.volumeMounts }} + {{- toYaml . | nindent 8 }} + {{- end }} + - name: static-files + mountPath: /shared + - name: dexconfig + mountPath: /tmp + - name: argocd-dex-server-tls + mountPath: /tls + {{- with .Values.dex.extraContainers }} + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + initContainers: + - name: copyutil + image: {{ default .Values.global.image.repository .Values.dex.initImage.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.dex.initImage.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.dex.initImage.imagePullPolicy }} + command: + - /bin/cp + - -n + - /usr/local/bin/argocd + - /shared/argocd-dex + volumeMounts: + - mountPath: /shared + name: static-files + - mountPath: /tmp + name: dexconfig + resources: + {{- toYaml (default .Values.dex.resources .Values.dex.initImage.resources) | nindent 10 }} + {{- with .Values.dex.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.dex.initContainers }} + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.dex) }} + affinity: + {{- trim . | nindent 8 }} + {{- end }} + {{- with .Values.dex.nodeSelector | default .Values.global.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.dex.tolerations | default .Values.global.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.dex.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }} + topologySpreadConstraints: + {{- range $constraint := . }} + - {{ toYaml $constraint | nindent 8 | trim }} + {{- if not $constraint.labelSelector }} + labelSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" $ "name" $.Values.dex.name) | nindent 12 }} + {{- end }} + {{- end }} + {{- end }} + volumes: + - name: static-files + {{- if .Values.dex.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.dex.emptyDir.sizeLimit }} + {{- else }} + emptyDir: {} + {{- end }} + - name: dexconfig + {{- if .Values.dex.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.dex.emptyDir.sizeLimit }} + {{- else }} + emptyDir: {} + {{- end }} + - name: argocd-dex-server-tls + secret: + secretName: argocd-dex-server-tls + optional: true + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + {{- with .Values.dex.volumes }} + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.dex.dnsConfig }} + dnsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.dex.dnsPolicy }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/dex/networkpolicy.yaml b/astroshop-platform/argocd-helmchart/templates/dex/networkpolicy.yaml new file mode 100644 index 0000000..6f3088f --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/dex/networkpolicy.yaml @@ -0,0 +1,30 @@ +{{- if and (or .Values.dex.networkPolicy.create .Values.global.networkPolicy.create) .Values.dex.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} + name: {{ template "argo-cd.dex.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} +spec: + ingress: + - from: + - podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 10 }} + ports: + - port: http + protocol: TCP + - port: grpc + protocol: TCP + - from: + - namespaceSelector: {} + ports: + - port: metrics + protocol: TCP + podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.dex.name) | nindent 6 }} + policyTypes: + - Ingress +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/dex/pdb.yaml b/astroshop-platform/argocd-helmchart/templates/dex/pdb.yaml new file mode 100644 index 0000000..1216102 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/dex/pdb.yaml @@ -0,0 +1,27 @@ +{{- if and .Values.dex.enabled .Values.dex.pdb.enabled }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "argo-cd.dex.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} + {{- with .Values.dex.pdb.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.dex.pdb.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + {{- with .Values.dex.pdb.maxUnavailable }} + maxUnavailable: {{ . }} + {{- else }} + minAvailable: {{ .Values.dex.pdb.minAvailable | default 0 }} + {{- end }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.dex.name) | nindent 6 }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/dex/role.yaml b/astroshop-platform/argocd-helmchart/templates/dex/role.yaml new file mode 100644 index 0000000..e79b3cf --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/dex/role.yaml @@ -0,0 +1,19 @@ +{{- if .Values.dex.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "argo-cd.dex.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get + - list + - watch +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/dex/rolebinding.yaml b/astroshop-platform/argocd-helmchart/templates/dex/rolebinding.yaml new file mode 100644 index 0000000..792a465 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/dex/rolebinding.yaml @@ -0,0 +1,17 @@ +{{- if .Values.dex.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "argo-cd.dex.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "argo-cd.dex.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "argo-cd.dex.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/dex/service.yaml b/astroshop-platform/argocd-helmchart/templates/dex/service.yaml new file mode 100644 index 0000000..b52acfb --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/dex/service.yaml @@ -0,0 +1,37 @@ +{{- if .Values.dex.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "argo-cd.dex.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} +{{- if .Values.dex.metrics.service.annotations }} + annotations: + {{- range $key, $value := .Values.dex.metrics.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} +{{- if .Values.dex.metrics.service.labels }} +{{- toYaml .Values.dex.metrics.service.labels | nindent 4 }} +{{- end }} +spec: + {{- include "argo-cd.dualStack" . | indent 2 }} + ports: + - name: {{ .Values.dex.servicePortHttpName }} + protocol: TCP + port: {{ .Values.dex.servicePortHttp }} + targetPort: http + - name: {{ .Values.dex.servicePortGrpcName }} + protocol: TCP + port: {{ .Values.dex.servicePortGrpc }} + targetPort: grpc +{{- if .Values.dex.metrics.enabled }} + - name: {{ .Values.dex.metrics.service.portName }} + protocol: TCP + port: {{ .Values.dex.servicePortMetrics }} + targetPort: metrics +{{- end }} + selector: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.dex.name) | nindent 4 }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/dex/serviceaccount.yaml b/astroshop-platform/argocd-helmchart/templates/dex/serviceaccount.yaml new file mode 100644 index 0000000..aeff244 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/dex/serviceaccount.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.dex.enabled .Values.dex.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.dex.serviceAccount.automountServiceAccountToken }} +metadata: + name: {{ include "argo-cd.dex.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} + {{- with .Values.dex.serviceAccount.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/dex/servicemonitor.yaml b/astroshop-platform/argocd-helmchart/templates/dex/servicemonitor.yaml new file mode 100644 index 0000000..2564cfa --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/dex/servicemonitor.yaml @@ -0,0 +1,48 @@ +{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.dex.enabled .Values.dex.metrics.enabled .Values.dex.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "argo-cd.dex.fullname" . }} + namespace: {{ default (include "argo-cd.namespace" .) .Values.dex.metrics.serviceMonitor.namespace | quote }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} + {{- with .Values.dex.metrics.serviceMonitor.selector }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.dex.metrics.serviceMonitor.additionalLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.dex.metrics.serviceMonitor.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + endpoints: + - port: {{ .Values.dex.metrics.service.portName }} + {{- with .Values.dex.metrics.serviceMonitor.interval }} + interval: {{ . }} + {{- end }} + path: /metrics + {{- with .Values.dex.metrics.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.dex.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: + {{- toYaml . |nindent 8 }} + {{- end }} + honorLabels: {{ .Values.dex.metrics.serviceMonitor.honorLabels }} + {{- with .Values.dex.metrics.serviceMonitor.scheme }} + scheme: {{ . }} + {{- end }} + {{- with .Values.dex.metrics.serviceMonitor.tlsConfig }} + tlsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ include "argo-cd.namespace" . }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 6 }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/extra-manifests.yaml b/astroshop-platform/argocd-helmchart/templates/extra-manifests.yaml new file mode 100644 index 0000000..fc9a76b --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/extra-manifests.yaml @@ -0,0 +1,8 @@ +{{ range .Values.extraObjects }} +--- +{{ if typeIs "string" . }} + {{- tpl . $ }} +{{- else }} + {{- tpl (toYaml .) $ }} +{{- end }} +{{ end }} diff --git a/astroshop-platform/argocd-helmchart/templates/networkpolicy-default-deny.yaml b/astroshop-platform/argocd-helmchart/templates/networkpolicy-default-deny.yaml new file mode 100644 index 0000000..06d1979 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/networkpolicy-default-deny.yaml @@ -0,0 +1,13 @@ +{{- if and .Values.global.networkPolicy.create .Values.global.networkPolicy.defaultDenyIngress }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + {{- include "argo-cd.labels" (dict "context" .) | nindent 4 }} + name: {{ template "argo-cd.fullname" . }}-default-deny + namespace: {{ include "argo-cd.namespace" . }} +spec: + podSelector: {} + policyTypes: + - Ingress +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/redis-secret-init/job.yaml b/astroshop-platform/argocd-helmchart/templates/redis-secret-init/job.yaml new file mode 100644 index 0000000..5fd41f6 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/redis-secret-init/job.yaml @@ -0,0 +1,70 @@ +{{- if and .Values.redisSecretInit.enabled (not .Values.externalRedis.host) }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "argo-cd.redisSecretInit.fullname" . }} + namespace: {{ include "argo-cd.namespace" . | quote }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": before-hook-creation + {{- range $key, $value := .Values.redisSecretInit.jobAnnotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 4 }} +spec: + ttlSecondsAfterFinished: 60 + template: + metadata: + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 8 }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.redisSecretInit.podLabels) }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.redisSecretInit.podAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + spec: + {{- with .Values.redisSecretInit.imagePullSecrets | default .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - command: + - argocd + - admin + - redis-initial-password + image: {{ default .Values.global.image.repository .Values.redisSecretInit.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.redisSecretInit.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.redisSecretInit.image.imagePullPolicy }} + name: secret-init + resources: + {{- toYaml .Values.redisSecretInit.resources | nindent 10 }} + {{- with .Values.redisSecretInit.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.redisSecretInit.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.redisSecretInit.priorityClassName | default .Values.global.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + restartPolicy: OnFailure + {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.redisSecretInit) }} + affinity: + {{- trim . | nindent 8 }} + {{- end }} + {{- with .Values.redisSecretInit.nodeSelector | default .Values.global.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.redisSecretInit.tolerations | default .Values.global.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "argo-cd.redisSecretInit.serviceAccountName" . }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/redis-secret-init/role.yaml b/astroshop-platform/argocd-helmchart/templates/redis-secret-init/role.yaml new file mode 100644 index 0000000..9e8259f --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/redis-secret-init/role.yaml @@ -0,0 +1,27 @@ +{{- if and .Values.redisSecretInit.enabled (not .Values.externalRedis.host) }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": before-hook-creation + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 4 }} + name: {{ include "argo-cd.redisSecretInit.fullname" . }} + namespace: {{ include "argo-cd.namespace" . | quote }} +rules: + - apiGroups: + - "" + resources: + - secrets + resourceNames: + - argocd-redis + verbs: + - get + - apiGroups: + - "" + resources: + - secrets + verbs: + - create +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/redis-secret-init/rolebinding.yaml b/astroshop-platform/argocd-helmchart/templates/redis-secret-init/rolebinding.yaml new file mode 100644 index 0000000..a199628 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/redis-secret-init/rolebinding.yaml @@ -0,0 +1,19 @@ +{{- if and .Values.redisSecretInit.enabled (not .Values.externalRedis.host) }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": before-hook-creation + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 4 }} + name: {{ include "argo-cd.redisSecretInit.fullname" . }} + namespace: {{ include "argo-cd.namespace" . | quote }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "argo-cd.redisSecretInit.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ include "argo-cd.redisSecretInit.serviceAccountName" . }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/redis-secret-init/serviceaccount.yaml b/astroshop-platform/argocd-helmchart/templates/redis-secret-init/serviceaccount.yaml new file mode 100644 index 0000000..85540d2 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/redis-secret-init/serviceaccount.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.redisSecretInit.enabled .Values.redisSecretInit.serviceAccount.create (not .Values.externalRedis.host) }} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.redisSecretInit.serviceAccount.automountServiceAccountToken }} +metadata: + name: {{ include "argo-cd.redisSecretInit.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . | quote }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": before-hook-creation + {{- range $key, $value := .Values.redisSecretInit.serviceAccount.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.redisSecretInit.name "name" .Values.redisSecretInit.name) | nindent 4 }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/redis/deployment.yaml b/astroshop-platform/argocd-helmchart/templates/redis/deployment.yaml new file mode 100644 index 0000000..e7c540c --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/redis/deployment.yaml @@ -0,0 +1,223 @@ +{{- $redisHa := index .Values "redis-ha" -}} +{{- if and .Values.redis.enabled (not $redisHa.enabled) -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.redis.deploymentAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + name: {{ include "argo-cd.redis.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentLabels) .Values.redis.deploymentLabels) }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + replicas: 1 + revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.redis.name }} + template: + metadata: + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 8 }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.redis.podLabels) }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.redis.podAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + spec: + {{- with .Values.redis.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} + {{- with .Values.redis.imagePullSecrets | default .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.redis.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.redis.priorityClassName | default .Values.global.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + {{- if .Values.redis.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.redis.terminationGracePeriodSeconds }} + {{- end }} + serviceAccountName: {{ include "argo-cd.redis.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.redis.automountServiceAccountToken }} + containers: + - name: {{ .Values.redis.name }} + image: {{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.redis.image.imagePullPolicy }} + args: + {{- with .Values.redis.extraArgs }} + {{- toYaml . | nindent 8 }} + {{- end }} + - --save + - "" + - --appendonly + - "no" + - --requirepass $(REDIS_PASSWORD) + env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: argocd-redis + key: auth + {{- with (concat .Values.global.env .Values.redis.env) }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.redis.envFrom }} + envFrom: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.redis.livenessProbe.enabled }} + livenessProbe: + initialDelaySeconds: {{ .Values.redis.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.redis.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.redis.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.redis.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.redis.livenessProbe.failureThreshold }} + exec: + command: + - sh + - -c + - /health/redis_liveness.sh + {{- end }} + {{- if .Values.redis.readinessProbe.enabled }} + readinessProbe: + initialDelaySeconds: {{ .Values.redis.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.redis.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.redis.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.redis.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.redis.readinessProbe.failureThreshold }} + exec: + command: + - sh + - -c + - /health/redis_readiness.sh + {{- end }} + ports: + - name: redis + containerPort: {{ .Values.redis.containerPorts.redis }} + protocol: TCP + resources: + {{- toYaml .Values.redis.resources | nindent 10 }} + {{- with .Values.redis.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + volumeMounts: + - mountPath: /health + name: health + {{- with .Values.redis.volumeMounts }} + {{- toYaml . | nindent 10 }} + {{- end }} + {{- if .Values.redis.exporter.enabled }} + - name: metrics + image: {{ .Values.redis.exporter.image.repository }}:{{ .Values.redis.exporter.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.redis.exporter.image.imagePullPolicy }} + env: + - name: REDIS_ADDR + value: {{ printf "redis://localhost:%v" .Values.redis.containerPorts.redis }} + - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS + value: {{ printf "0.0.0.0:%v" .Values.redis.containerPorts.metrics }} + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: argocd-redis + key: auth + {{- with (concat .Values.global.env .Values.redis.exporter.env) }} + {{- toYaml . | nindent 8 }} + {{- end }} + ports: + - name: metrics + containerPort: {{ .Values.redis.containerPorts.metrics }} + protocol: TCP + {{- if .Values.redis.exporter.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: /metrics + port: {{ .Values.redis.containerPorts.metrics }} + initialDelaySeconds: {{ .Values.redis.exporter.livenessProbe.initialDelaySeconds }} + timeoutSeconds: {{ .Values.redis.exporter.livenessProbe.timeoutSeconds }} + periodSeconds: {{ .Values.redis.exporter.livenessProbe.periodSeconds }} + successThreshold: {{ .Values.redis.exporter.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.redis.exporter.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.redis.exporter.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: /metrics + port: {{ .Values.redis.containerPorts.metrics }} + initialDelaySeconds: {{ .Values.redis.exporter.readinessProbe.initialDelaySeconds }} + timeoutSeconds: {{ .Values.redis.exporter.readinessProbe.timeoutSeconds }} + periodSeconds: {{ .Values.redis.exporter.readinessProbe.periodSeconds }} + successThreshold: {{ .Values.redis.exporter.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.redis.exporter.readinessProbe.failureThreshold }} + {{- end }} + resources: + {{- toYaml .Values.redis.exporter.resources | nindent 10 }} + {{- with .Values.redis.exporter.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- end }} + {{- with .Values.redis.extraContainers }} + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + {{- with .Values.redis.initContainers }} + initContainers: + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + {{- with .Values.redis.nodeSelector | default .Values.global.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.redis.tolerations | default .Values.global.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.redis) }} + affinity: + {{- trim . | nindent 8 }} + {{- end }} + {{- with .Values.redis.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }} + topologySpreadConstraints: + {{- range $constraint := . }} + - {{ toYaml $constraint | nindent 8 | trim }} + {{- if not $constraint.labelSelector }} + labelSelector: + matchLabels: + app.kubernetes.io/name: {{ include "argo-cd.name" $ }}-{{ $.Values.redis.name }} + {{- end }} + {{- end }} + {{- end }} + volumes: + - name: health + configMap: + name: {{ include "argo-cd.redis.fullname" . }}-health-configmap + defaultMode: 493 + {{- with .Values.redis.volumes }} + {{- toYaml . | nindent 8}} + {{- end }} + {{- with .Values.redis.dnsConfig }} + dnsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.redis.dnsPolicy }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/redis/health-configmap.yaml b/astroshop-platform/argocd-helmchart/templates/redis/health-configmap.yaml new file mode 100644 index 0000000..7443625 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/redis/health-configmap.yaml @@ -0,0 +1,37 @@ +{{- $redisHa := index .Values "redis-ha" -}} +{{- if and .Values.redis.enabled (not $redisHa.enabled) -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "argo-cd.redis.fullname" . }}-health-configmap + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} +data: + redis_liveness.sh: | + response=$( + redis-cli \ + -a "${REDIS_PASSWORD}" --no-auth-warning \ + -h localhost \ + -p {{ .Values.redis.containerPorts.redis }} \ + ping + ) + if [ "$response" != "PONG" ] && [ "${response:0:7}" != "LOADING" ] ; then + echo "$response" + exit 1 + fi + echo "response=$response" + redis_readiness.sh: | + response=$( + redis-cli \ + -a "${REDIS_PASSWORD}" --no-auth-warning \ + -h localhost \ + -p {{ .Values.redis.containerPorts.redis }} \ + ping + ) + if [ "$response" != "PONG" ] ; then + echo "$response" + exit 1 + fi + echo "response=$response" +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/redis/metrics.yaml b/astroshop-platform/argocd-helmchart/templates/redis/metrics.yaml new file mode 100644 index 0000000..040f5eb --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/redis/metrics.yaml @@ -0,0 +1,35 @@ +{{- $redisHa := (index .Values "redis-ha") -}} +{{- if and .Values.redis.enabled (not $redisHa.enabled) .Values.redis.metrics.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "argo-cd.redis.fullname" . }}-metrics + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} + {{- with .Values.redis.metrics.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.redis.metrics.service.annotations .Values.global.addPrometheusAnnotations }} + annotations: + {{- if .Values.global.addPrometheusAnnotations }} + prometheus.io/port: {{ .Values.redis.metrics.service.servicePort | quote }} + prometheus.io/scrape: "true" + {{- end }} + {{- range $key, $value := .Values.redis.metrics.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.redis.metrics.service.type }} + {{- if and .Values.redis.metrics.service.clusterIP (eq .Values.redis.metrics.service.type "ClusterIP") }} + clusterIP: {{ .Values.redis.metrics.service.clusterIP }} + {{- end }} + ports: + - name: {{ .Values.redis.metrics.service.portName }} + protocol: TCP + port: {{ .Values.redis.metrics.service.servicePort }} + targetPort: metrics + selector: + {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/redis/networkpolicy.yaml b/astroshop-platform/argocd-helmchart/templates/redis/networkpolicy.yaml new file mode 100644 index 0000000..ccf0699 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/redis/networkpolicy.yaml @@ -0,0 +1,35 @@ +{{- $redisHa := (index .Values "redis-ha") -}} +{{- if and (or .Values.redis.networkPolicy.create .Values.global.networkPolicy.create) .Values.redis.enabled (not $redisHa.enabled) }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} + name: {{ template "argo-cd.redis.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} +spec: + ingress: + - from: + - podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 10 }} + - podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 10 }} + - podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 10 }} + ports: + - port: redis + protocol: TCP + - from: + - namespaceSelector: {} + ports: + - port: metrics + protocol: TCP + podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.redis.name) | nindent 6 }} + policyTypes: + - Ingress +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/redis/pdb.yaml b/astroshop-platform/argocd-helmchart/templates/redis/pdb.yaml new file mode 100644 index 0000000..c614144 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/redis/pdb.yaml @@ -0,0 +1,28 @@ +{{- $redisHa := index .Values "redis-ha" -}} +{{- if and .Values.redis.enabled (not $redisHa.enabled) .Values.redis.pdb.enabled }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "argo-cd.redis.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} + {{- with .Values.redis.pdb.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.redis.pdb.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + {{- with .Values.redis.pdb.maxUnavailable }} + maxUnavailable: {{ . }} + {{- else }} + minAvailable: {{ .Values.redis.pdb.minAvailable | default 0 }} + {{- end }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.redis.name }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/redis/service.yaml b/astroshop-platform/argocd-helmchart/templates/redis/service.yaml new file mode 100644 index 0000000..a60cf77 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/redis/service.yaml @@ -0,0 +1,27 @@ +{{- $redisHa := (index .Values "redis-ha") -}} +{{- if and .Values.redis.enabled (not $redisHa.enabled) -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "argo-cd.redis.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} + {{- with .Values.redis.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.redis.service.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + {{- include "argo-cd.dualStack" . | indent 2 }} + ports: + - name: redis + port: {{ .Values.redis.servicePort }} + targetPort: redis + selector: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.redis.name) | nindent 4 }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/redis/serviceaccount.yaml b/astroshop-platform/argocd-helmchart/templates/redis/serviceaccount.yaml new file mode 100644 index 0000000..bc942e2 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/redis/serviceaccount.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.redis.enabled .Values.redis.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.redis.serviceAccount.automountServiceAccountToken }} +metadata: + name: {{ include "argo-cd.redis.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} + {{- with .Values.redis.serviceAccount.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/redis/servicemonitor.yaml b/astroshop-platform/argocd-helmchart/templates/redis/servicemonitor.yaml new file mode 100644 index 0000000..4710d28 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/redis/servicemonitor.yaml @@ -0,0 +1,49 @@ +{{- $redisHa := (index .Values "redis-ha") -}} +{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.redis.enabled (not $redisHa.enabled) .Values.redis.metrics.enabled .Values.redis.metrics.serviceMonitor.enabled -}} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "argo-cd.redis.fullname" . }} + namespace: {{ default (include "argo-cd.namespace" .) .Values.redis.metrics.serviceMonitor.namespace | quote }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} + {{- with .Values.redis.metrics.serviceMonitor.selector }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.redis.metrics.serviceMonitor.additionalLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.redis.metrics.serviceMonitor.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + endpoints: + - port: {{ .Values.redis.metrics.service.portName }} + {{- with .Values.redis.metrics.serviceMonitor.interval }} + interval: {{ . }} + {{- end }} + path: /metrics + {{- with .Values.redis.metrics.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.redis.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + honorLabels: {{ .Values.redis.metrics.serviceMonitor.honorLabels }} + {{- with .Values.redis.metrics.serviceMonitor.scheme }} + scheme: {{ . }} + {{- end }} + {{- with .Values.redis.metrics.serviceMonitor.tlsConfig }} + tlsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ include "argo-cd.namespace" . }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 6 }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/values.yaml b/astroshop-platform/argocd-helmchart/values.yaml new file mode 100644 index 0000000..28d53c4 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/values.yaml @@ -0,0 +1,4317 @@ +## Argo CD configuration +## Ref: https://github.com/argoproj/argo-cd +## + +# -- Provide a name in place of `argocd` +nameOverride: argocd +# -- String to fully override `"argo-cd.fullname"` +fullnameOverride: "" +# -- Override the namespace +# @default -- `.Release.Namespace` +namespaceOverride: "" +# -- Override the Kubernetes version, which is used to evaluate certain manifests +kubeVersionOverride: "" +# Override APIVersions +# If you want to template helm charts but cannot access k8s API server +# you can set api versions here +apiVersionOverrides: {} + +# -- Create aggregated roles that extend existing cluster roles to interact with argo-cd resources +## Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles +createAggregateRoles: false +# -- Create cluster roles for cluster-wide installation. +## Used when you manage applications in the same cluster where Argo CD runs +createClusterRoles: true + +openshift: + # -- enables using arbitrary uid for argo repo server + enabled: false + +## Custom resource configuration +crds: + # -- Install and upgrade CRDs + install: true + # -- Keep CRDs on chart uninstall + keep: true + # -- Annotations to be added to all CRDs + annotations: {} + # -- Additional labels to be added to all CRDs + additionalLabels: {} + +## Globally shared configuration +global: + # -- Default domain used by all components + ## Used for ingresses, certificates, SSO, notifications, etc. + domain: argocd.example.com + + # -- Runtime class name for all components + runtimeClassName: "" + + # -- Common labels for the all resources + additionalLabels: {} + # app: argo-cd + + # -- Number of old deployment ReplicaSets to retain. The rest will be garbage collected. + revisionHistoryLimit: 3 + + # Default image used by all components + image: + # -- If defined, a repository applied to all Argo CD deployments + repository: quay.io/argoproj/argocd + # -- Overrides the global Argo CD image tag whose default is the chart appVersion + tag: "" + # -- If defined, a imagePullPolicy applied to all Argo CD deployments + imagePullPolicy: IfNotPresent + + # -- Secrets with credentials to pull images from a private registry + imagePullSecrets: [] + + # Default logging options used by all components + logging: + # -- Set the global logging format. Either: `text` or `json` + format: text + # -- Set the global logging level. One of: `debug`, `info`, `warn` or `error` + level: info + + # -- Annotations for the all deployed Statefulsets + statefulsetAnnotations: {} + + # -- Annotations for the all deployed Deployments + deploymentAnnotations: {} + + # -- Labels for the all deployed Deployments + deploymentLabels: {} + + # -- Annotations for the all deployed pods + podAnnotations: {} + + # -- Labels for the all deployed pods + podLabels: {} + + # -- Add Prometheus scrape annotations to all metrics services. This can be used as an alternative to the ServiceMonitors. + addPrometheusAnnotations: false + + # -- Toggle and define pod-level security context. + # @default -- `{}` (See [values.yaml]) + securityContext: {} + # runAsUser: 999 + # runAsGroup: 999 + # fsGroup: 999 + + # -- Mapping between IP and hostnames that will be injected as entries in the pod's hosts files + hostAliases: [] + # - ip: 10.20.30.40 + # hostnames: + # - git.myhostname + + # Configure dual-stack used by all component services + dualStack: + # -- IP family policy to configure dual-stack see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services) + ipFamilyPolicy: "" + # -- IP families that should be supported and the order in which they should be applied to ClusterIP as well. Can be IPv4 and/or IPv6. + ipFamilies: [] + + # Default network policy rules used by all components + networkPolicy: + # -- Create NetworkPolicy objects for all components + create: false + # -- Default deny all ingress traffic + defaultDenyIngress: false + + # -- Default priority class for all components + priorityClassName: "" + + # -- Default node selector for all components + nodeSelector: + kubernetes.io/os: linux + + # -- Default tolerations for all components + tolerations: [] + + # Default affinity preset for all components + affinity: + # -- Default pod anti-affinity rules. Either: `none`, `soft` or `hard` + podAntiAffinity: soft + # Node affinity rules + nodeAffinity: + # -- Default node affinity rules. Either: `none`, `soft` or `hard` + type: hard + # -- Default match expressions for node affinity + matchExpressions: [] + # - key: topology.kubernetes.io/zone + # operator: In + # values: + # - antarctica-east1 + # - antarctica-west1 + + # -- Default [TopologySpreadConstraints] rules for all components + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ + ## If labelSelector is left out, it will default to the labelSelector of the component + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + + # -- Deployment strategy for the all deployed Deployments + deploymentStrategy: {} + # type: RollingUpdate + # rollingUpdate: + # maxSurge: 25% + # maxUnavailable: 25% + + # -- Environment variables to pass to all deployed Deployments + env: [] + + # -- Annotations for the all deployed Certificates + certificateAnnotations: {} + +## Argo Configs +configs: + # General Argo CD configuration. Any values you put under `.configs.cm` are passed to argocd-cm ConfigMap. + ## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cm.yaml + cm: + # -- Create the argocd-cm configmap for [declarative setup] + create: true + + # -- Annotations to be added to argocd-cm configmap + annotations: {} + + # -- The name of tracking label used by Argo CD for resource pruning + application.instanceLabelKey: argocd.argoproj.io/instance + + # -- Enable control of the service account used for the sync operation (alpha) + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/app-sync-using-impersonation/ + application.sync.impersonation.enabled: false + + # -- Enable logs RBAC enforcement + ## Ref: https://argo-cd.readthedocs.io/en/latest/operator-manual/upgrading/2.3-2.4/#enable-logs-rbac-enforcement + server.rbac.log.enforce.enable: false + + # -- Enable exec feature in Argo UI + ## Ref: https://argo-cd.readthedocs.io/en/latest/operator-manual/rbac/#exec-resource + exec.enabled: false + + # -- Enable local admin user + ## Ref: https://argo-cd.readthedocs.io/en/latest/faq/#how-to-disable-admin-user + admin.enabled: true + + # -- Timeout to discover if a new manifests version got published to the repository + timeout.reconciliation: 180s + + # -- Timeout to refresh application data as well as target manifests cache + timeout.hard.reconciliation: 0s + + # -- Enable Status Badge + ## Ref: https://argo-cd.readthedocs.io/en/stable/user-guide/status-badge/ + statusbadge.enabled: false + + # Dex configuration + # dex.config: | + # connectors: + # # GitHub example + # - type: github + # id: github + # name: GitHub + # config: + # clientID: aabbccddeeff00112233 + # clientSecret: $dex.github.clientSecret # Alternatively $<some_K8S_secret>:dex.github.clientSecret + # orgs: + # - name: your-github-org + + # OIDC configuration as an alternative to dex (optional). + # oidc.config: | + # name: AzureAD + # issuer: https://login.microsoftonline.com/TENANT_ID/v2.0 + # clientID: aaaabbbbccccddddeee + # clientSecret: $oidc.azuread.clientSecret + + # Some OIDC providers require a separate clientID for different callback URLs. + # For example, if configuring Argo CD with self-hosted Dex, you will need a separate client ID + # for the 'localhost' (CLI) client to Dex. This field is optional. If omitted, the CLI will + # use the same clientID as the Argo CD server + # cliClientID: vvvvwwwwxxxxyyyyzzzz + + # rootCA: | + # -----BEGIN CERTIFICATE----- + # ... encoded certificate data here ... + # -----END CERTIFICATE----- + + # Optional list of allowed aud claims. If omitted or empty, defaults to the clientID value above (and the + # cliClientID, if that is also specified). If you specify a list and want the clientID to be allowed, you must + # explicitly include it in the list. + # Token verification will pass if any of the token's audiences matches any of the audiences in this list. + # allowedAudiences: + # - aaaabbbbccccddddeee + # - qqqqwwwweeeerrrrttt + + # Optional set of OIDC claims to request on the ID token. + # requestedIDTokenClaims: + # groups: + # essential: true + + # Optional set of OIDC scopes to request. If omitted, defaults to: ["openid", "profile", "email", "groups"] + # requestedScopes: + # - openid + # - profile + # - email + + # PKCE authentication flow processes authorization flow from browser only - default false + # uses the clientID + # make sure the Identity Provider (IdP) is public and doesn't need clientSecret + # make sure the Identity Provider (IdP) has this redirect URI registered: https://argocd.example.com/pkce/verify + # enablePKCEAuthentication: true + + # Extension Configuration + ## Ref: https://argo-cd.readthedocs.io/en/latest/developer-guide/extensions/proxy-extensions/ + # extension.config: | + # extensions: + # - name: httpbin + # backend: + # connectionTimeout: 2s + # keepAlive: 15s + # idleConnectionTimeout: 60s + # maxIdleConnections: 30 + # services: + # - url: http://httpbin.org + # headers: + # - name: some-header + # value: '$some.argocd.secret.key' + # cluster: + # name: some-cluster + # server: https://some-cluster + + ## Default configuration for ignoreResourceUpdates. + ## The ignoreResourceUpdates list contains K8s resource's properties that are known to be frequently updated + ## by controllers and operators. These resources, when watched by argo, will cause many unnecessary updates. + + # -- Ignoring status for all resources. An update will still be sent if the status update causes the health to change. + # @default -- See [values.yaml] + resource.customizations.ignoreResourceUpdates.all: | + jsonPointers: + - /status + # -- Some Application fields are generated and not related to the application updates itself + ## The Application itself is already watched by the controller lister, but this configuration is applied for apps of apps + # @default -- See [values.yaml] + resource.customizations.ignoreResourceUpdates.argoproj.io_Application: | + jqPathExpressions: + - '.metadata.annotations."notified.notifications.argoproj.io"' + - '.metadata.annotations."argocd.argoproj.io/refresh"' + - '.metadata.annotations."argocd.argoproj.io/hydrate"' + - '.operation' + # -- Ignore Argo Rollouts generated fields + # @default -- See [values.yaml] + resource.customizations.ignoreResourceUpdates.argoproj.io_Rollout: | + jqPathExpressions: + - '.metadata.annotations."notified.notifications.argoproj.io"' + # -- Legacy annotations used on HPA autoscaling/v1 + # @default -- See [values.yaml] + resource.customizations.ignoreResourceUpdates.autoscaling_HorizontalPodAutoscaler: | + jqPathExpressions: + - '.metadata.annotations."autoscaling.alpha.kubernetes.io/behavior"' + - '.metadata.annotations."autoscaling.alpha.kubernetes.io/conditions"' + - '.metadata.annotations."autoscaling.alpha.kubernetes.io/metrics"' + - '.metadata.annotations."autoscaling.alpha.kubernetes.io/current-metrics"' + # -- Ignore the cluster-autoscaler status + # @default -- See [values.yaml] + resource.customizations.ignoreResourceUpdates.ConfigMap: | + jqPathExpressions: + # Ignore the cluster-autoscaler status + - '.metadata.annotations."cluster-autoscaler.kubernetes.io/last-updated"' + # Ignore the annotation of the legacy Leases election + - '.metadata.annotations."control-plane.alpha.kubernetes.io/leader"' + # -- Ignore the common scaling annotations + # @default -- See [values.yaml] + resource.customizations.ignoreResourceUpdates.apps_ReplicaSet: | + jqPathExpressions: + - '.metadata.annotations."deployment.kubernetes.io/desired-replicas"' + - '.metadata.annotations."deployment.kubernetes.io/max-replicas"' + - '.metadata.annotations."rollout.argoproj.io/desired-replicas"' + # -- Ignores update if EndpointSlice is not excluded globally + # @default -- See [values.yaml] + resource.customizations.ignoreResourceUpdates.discovery.k8s.io_EndpointSlice: | + jsonPointers: + - /metadata + - /endpoints + - /ports + # -- Ignores update if Endpoints is not excluded globally + # @default -- See [values.yaml] + resource.customizations.ignoreResourceUpdates.Endpoints: | + jsonPointers: + - /metadata + - /subsets + + ## Default configuration for exclusions. + ## The exclusion list are K8s resources that we assume will never be declared in Git, + ## and are never child objects of managed resources that need to be presented in the resource tree. + ## This list contains high volume and high churn metadata objects which we exclude for performance + ## reasons, reducing connections and load to the K8s API servers of managed clusters. + + # -- Resource Exclusion/Inclusion + # @default -- See [values.yaml] + resource.exclusions: | + ### Network resources created by the Kubernetes control plane and excluded to reduce the number of watched events and UI clutter + - apiGroups: + - '' + - discovery.k8s.io + kinds: + - Endpoints + - EndpointSlice + ### Internal Kubernetes resources excluded reduce the number of watched events + - apiGroups: + - coordination.k8s.io + kinds: + - Lease + ### Internal Kubernetes Authz/Authn resources excluded reduce the number of watched events + - apiGroups: + - authentication.k8s.io + - authorization.k8s.io + kinds: + - SelfSubjectReview + - TokenReview + - LocalSubjectAccessReview + - SelfSubjectAccessReview + - SelfSubjectRulesReview + - SubjectAccessReview + ### Intermediate Certificate Request excluded reduce the number of watched events + - apiGroups: + - certificates.k8s.io + kinds: + - CertificateSigningRequest + - apiGroups: + - cert-manager.io + kinds: + - CertificateRequest + ### Cilium internal resources excluded reduce the number of watched events and UI Clutter + - apiGroups: + - cilium.io + kinds: + - CiliumIdentity + - CiliumEndpoint + - CiliumEndpointSlice + ### Kyverno intermediate and reporting resources excluded reduce the number of watched events and improve performance + - apiGroups: + - kyverno.io + - reports.kyverno.io + - wgpolicyk8s.io + kinds: + - PolicyReport + - ClusterPolicyReport + - EphemeralReport + - ClusterEphemeralReport + - AdmissionReport + - ClusterAdmissionReport + - BackgroundScanReport + - ClusterBackgroundScanReport + - UpdateRequest + + + # Argo CD configuration parameters + ## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cmd-params-cm.yaml + params: + # -- Create the argocd-cmd-params-cm configmap + # If false, it is expected the configmap will be created by something else. + create: true + + # -- Annotations to be added to the argocd-cmd-params-cm ConfigMap + annotations: {} + + ## Generic parameters + # -- Open-Telemetry collector address: (e.g. "otel-collector:4317") + otlp.address: '' + + ## Controller Properties + # -- Number of application status processors + controller.status.processors: 20 + # -- Number of application operation processors + controller.operation.processors: 10 + # -- Specifies timeout between application self heal attempts + controller.self.heal.timeout.seconds: 5 + # -- Repo server RPC call timeout seconds. + controller.repo.server.timeout.seconds: 60 + # -- Specifies the timeout after which a sync would be terminated. 0 means no timeout + controller.sync.timeout.seconds: 0 + + ## Server properties + # -- Run server without TLS + ## NOTE: This value should be set when you generate params by other means as it changes ports used by ingress template. + server.insecure: false + # -- Value for base href in index.html. Used if Argo CD is running behind reverse proxy under subpath different from / + server.basehref: / + # -- Used if Argo CD is running behind reverse proxy under subpath different from / + server.rootpath: '' + # -- Directory path that contains additional static assets + server.staticassets: /shared/app + # -- Disable Argo CD RBAC for user authentication + server.disable.auth: false + # -- Enable GZIP compression + server.enable.gzip: true + # -- Enable proxy extension feature. (proxy extension is in Alpha phase) + server.enable.proxy.extension: false + # -- Enable the hydrator feature (hydrator is in Alpha phase) + hydrator.enabled: false + # -- Set X-Frame-Options header in HTTP responses to value. To disable, set to "". + server.x.frame.options: sameorigin + + ## Repo-server properties + # -- Limit on number of concurrent manifests generate requests. Any value less the 1 means no limit. + reposerver.parallelism.limit: 0 + + ## ApplicationSet Properties + # -- Modify how application is synced between the generator and the cluster. One of: `sync`, `create-only`, `create-update`, `create-delete` + applicationsetcontroller.policy: sync + # -- Enables use of the Progressive Syncs capability + applicationsetcontroller.enable.progressive.syncs: false + # -- A list of glob patterns specifying where to look for ApplicationSet resources. (e.g. `"argocd,argocd-appsets-*"`) + # @default -- `""` (default is only the ns where the controller is installed) + ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Appset-Any-Namespace/ + applicationsetcontroller.namespaces: "" + + # -- Enables [Applications in any namespace] + ## List of additional namespaces where applications may be created in and reconciled from. + ## The namespace where Argo CD is installed to will always be allowed. + ## Set comma-separated list. (e.g. app-team-one, app-team-two) + application.namespaces: "" + + # -- JQ Path expression timeout + ## By default, the evaluation of a JQPathExpression is limited to one second. + ## If you encounter a "JQ patch execution timed out" error message due to a complex JQPathExpression + ## that requires more time to evaluate, you can extend the timeout period. + controller.ignore.normalizer.jq.timeout: "1s" + + # Argo CD RBAC policy configuration + ## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md + rbac: + # -- Create the argocd-rbac-cm configmap with ([Argo CD RBAC policy]) definitions. + # If false, it is expected the configmap will be created by something else. + # Argo CD will not work if there is no configmap created with the name above. + create: true + + # -- Annotations to be added to argocd-rbac-cm configmap + annotations: {} + + # -- The name of the default role which Argo CD will falls back to, when authorizing API requests (optional). + # If omitted or empty, users may be still be able to login, but will see no apps, projects, etc... + policy.default: '' + + # -- File containing user-defined policies and role definitions. + # @default -- `''` (See [values.yaml]) + policy.csv: '' + # Policy rules are in the form: + # p, subject, resource, action, object, effect + # Role definitions and bindings are in the form: + # g, subject, inherited-subject + # policy.csv: | + # p, role:org-admin, applications, *, */*, allow + # p, role:org-admin, clusters, get, *, allow + # p, role:org-admin, repositories, *, *, allow + # p, role:org-admin, logs, get, *, allow + # p, role:org-admin, exec, create, */*, allow + # g, your-github-org:your-team, role:org-admin + + # -- OIDC scopes to examine during rbac enforcement (in addition to `sub` scope). + # The scope value can be a string, or a list of strings. + scopes: "[groups]" + + # -- Matcher function for Casbin, `glob` for glob matcher and `regex` for regex matcher. + policy.matchMode: "glob" + + # GnuPG public keys for commit verification + ## Ref: https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/ + gpg: + # -- Annotations to be added to argocd-gpg-keys-cm configmap + annotations: {} + + # -- [GnuPG] public keys to add to the keyring + # @default -- `{}` (See [values.yaml]) + ## Note: Public keys should be exported with `gpg --export --armor <KEY>` + keys: {} + # 4AEE18F83AFDEB23: | + # -----BEGIN PGP PUBLIC KEY BLOCK----- + # ... + # -----END PGP PUBLIC KEY BLOCK----- + + # SSH known hosts for Git repositories + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#ssh-known-host-public-keys + ssh: + # -- Specifies if the argocd-ssh-known-hosts-cm configmap should be created by Helm. + create: true + + # -- Annotations to be added to argocd-ssh-known-hosts-cm configmap + annotations: {} + + # -- Known hosts to be added to the known host list by default. + # @default -- See [values.yaml] + knownHosts: | + [ssh.github.com]:443 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= + [ssh.github.com]:443 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl + [ssh.github.com]:443 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= + bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE= + bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO + bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQeJzhupRu0u0cdegZIa8e86EG2qOCsIsD1Xw0xSeiPDlCr7kq97NLmMbpKTX6Esc30NuoqEEHCuc7yWtwp8dI76EEEB1VqY9QJq6vk+aySyboD5QF61I/1WeTwu+deCbgKMGbUijeXhtfbxSxm6JwGrXrhBdofTsbKRUsrN1WoNgUa8uqN1Vx6WAJw1JHPhglEGGHea6QICwJOAr/6mrui/oB7pkaWKHj3z7d1IC4KWLtY47elvjbaTlkN04Kc/5LFEirorGYVbt15kAUlqGM65pk6ZBxtaO3+30LVlORZkxOh+LKL/BvbZ/iRNhItLqNyieoQj/uh/7Iv4uyH/cV/0b4WDSd3DptigWq84lJubb9t/DnZlrJazxyDCulTmKdOR7vs9gMTo+uoIrPSb8ScTtvw65+odKAlBj59dhnVp9zd7QUojOpXlL62Aw56U4oO+FALuevvMjiWeavKhJqlR7i5n9srYcrNV7ttmDw7kf/97P5zauIhxcjX+xHv4M= + github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= + github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl + github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= + gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY= + gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf + gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9 + ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H + vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H + + # -- Additional known hosts for private repositories + extraHosts: '' + + # Repository TLS certificates + # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#repositories-using-self-signed-tls-certificates-or-are-signed-by-custom-ca + tls: + # -- Annotations to be added to argocd-tls-certs-cm configmap + annotations: {} + + # -- TLS certificates for Git repositories + # @default -- `{}` (See [values.yaml]) + certificates: {} + # server.example.com: | + # -----BEGIN CERTIFICATE----- + # ... + # -----END CERTIFICATE----- + + # -- Specifies if the argocd-tls-certs-cm configmap should be created by Helm. + create: true + + # ConfigMap for Config Management Plugins + # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/config-management-plugins/ + cmp: + # -- Create the argocd-cmp-cm configmap + create: false + + # -- Annotations to be added to argocd-cmp-cm configmap + annotations: {} + + # -- Plugin yaml files to be added to argocd-cmp-cm + plugins: {} + # --- First plugin + # my-plugin: + # init: + # command: [sh] + # args: [-c, 'echo "Initializing..."'] + # generate: + # command: [sh, -c] + # args: + # - | + # echo "{\"kind\": \"ConfigMap\", \"apiVersion\": \"v1\", \"metadata\": { \"name\": \"$ARGOCD_APP_NAME\", \"namespace\": \"$ARGOCD_APP_NAMESPACE\", \"annotations\": {\"Foo\": \"$ARGOCD_ENV_FOO\", \"KubeVersion\": \"$KUBE_VERSION\", \"KubeApiVersion\": \"$KUBE_API_VERSIONS\",\"Bar\": \"baz\"}}}" + # discover: + # fileName: "./subdir/s*.yaml" + # find: + # glob: "**/Chart.yaml" + # command: [sh, -c, find . -name env.yaml] + + # --- Second plugin + # my-plugin2: + # init: + # command: [sh] + # args: [-c, 'echo "Initializing..."'] + # generate: + # command: [sh, -c] + # args: + # - | + # echo "{\"kind\": \"ConfigMap\", \"apiVersion\": \"v1\", \"metadata\": { \"name\": \"$ARGOCD_APP_NAME\", \"namespace\": \"$ARGOCD_APP_NAMESPACE\", \"annotations\": {\"Foo\": \"$ARGOCD_ENV_FOO\", \"KubeVersion\": \"$KUBE_VERSION\", \"KubeApiVersion\": \"$KUBE_API_VERSIONS\",\"Bar\": \"baz\"}}}" + # discover: + # fileName: "./subdir/s*.yaml" + # find: + # glob: "**/Chart.yaml" + # command: [sh, -c, find . -name env.yaml] + + # -- Provide one or multiple [external cluster credentials] + # @default -- `{}` (See [values.yaml]) + ## Ref: + ## - https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters + ## - https://argo-cd.readthedocs.io/en/stable/operator-manual/security/#external-cluster-credentials + ## - https://argo-cd.readthedocs.io/en/stable/user-guide/projects/#project-scoped-repositories-and-clusters + clusterCredentials: {} + # mycluster: + # server: https://mycluster.example.com + # labels: {} + # annotations: {} + # config: + # bearerToken: "<authentication token>" + # tlsClientConfig: + # insecure: false + # caData: "<base64 encoded certificate>" + # mycluster2: + # server: https://mycluster2.example.com + # labels: {} + # annotations: {} + # namespaces: namespace1,namespace2 + # clusterResources: true + # config: + # bearerToken: "<authentication token>" + # tlsClientConfig: + # insecure: false + # caData: "<base64 encoded certificate>" + # mycluster3-project-scoped: + # server: https://mycluster3.example.com + # labels: {} + # annotations: {} + # project: my-project1 + # config: + # bearerToken: "<authentication token>" + # tlsClientConfig: + # insecure: false + # caData: "<base64 encoded certificate>" + # mycluster4-sharded: + # shard: 1 + # server: https://mycluster4.example.com + # labels: {} + # annotations: {} + # config: + # bearerToken: "<authentication token>" + # tlsClientConfig: + # insecure: false + # caData: "<base64 encoded certificate>" + + # -- Repository credentials to be used as Templates for other repos + ## Creates a secret for each key/value specified below to create repository credentials + credentialTemplates: {} + # github-enterprise-creds-1: + # url: https://github.com/argoproj + # githubAppID: 1 + # githubAppInstallationID: 2 + # githubAppEnterpriseBaseUrl: https://ghe.example.com/api/v3 + # githubAppPrivateKey: | + # -----BEGIN OPENSSH PRIVATE KEY----- + # ... + # -----END OPENSSH PRIVATE KEY----- + # https-creds: + # url: https://github.com/argoproj + # password: my-password + # username: my-username + # ssh-creds: + # url: git@github.com:argoproj-labs + # sshPrivateKey: | + # -----BEGIN OPENSSH PRIVATE KEY----- + # ... + # -----END OPENSSH PRIVATE KEY----- + + # -- Annotations to be added to `configs.credentialTemplates` Secret + credentialTemplatesAnnotations: {} + + # -- Repositories list to be used by applications + ## Creates a secret for each key/value specified below to create repositories + ## Note: the last example in the list would use a repository credential template, configured under "configs.credentialTemplates". + repositories: {} + # istio-helm-repo: + # url: https://storage.googleapis.com/istio-prerelease/daily-build/master-latest-daily/charts + # name: istio.io + # type: helm + # private-helm-repo: + # url: https://my-private-chart-repo.internal + # name: private-repo + # type: helm + # password: my-password + # username: my-username + # private-repo: + # url: https://github.com/argoproj/private-repo + + # -- Annotations to be added to `configs.repositories` Secret + repositoriesAnnotations: {} + + # Argo CD sensitive data + # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/user-management/#sensitive-data-and-sso-client-secrets + secret: + # -- Create the argocd-secret + createSecret: true + # -- Labels to be added to argocd-secret + labels: {} + # -- Annotations to be added to argocd-secret + annotations: {} + + # -- Shared secret for authenticating GitHub webhook events + githubSecret: "" + # -- Shared secret for authenticating GitLab webhook events + gitlabSecret: "" + # -- Shared secret for authenticating BitbucketServer webhook events + bitbucketServerSecret: "" + # -- UUID for authenticating Bitbucket webhook events + bitbucketUUID: "" + # -- Shared secret for authenticating Gogs webhook events + gogsSecret: "" + ## Azure DevOps + azureDevops: + # -- Shared secret username for authenticating Azure DevOps webhook events + username: "" + # -- Shared secret password for authenticating Azure DevOps webhook events + password: "" + + # -- add additional secrets to be added to argocd-secret + ## Custom secrets. Useful for injecting SSO secrets into environment variables. + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/user-management/#sensitive-data-and-sso-client-secrets + ## Note that all values must be non-empty. + extra: + {} + # LDAP_PASSWORD: "mypassword" + + # -- Bcrypt hashed admin password + ## Argo expects the password in the secret to be bcrypt hashed. You can create this hash with + ## `htpasswd -nbBC 10 "" $ARGO_PWD | tr -d ':\n' | sed 's/$2y/$2a/'` + argocdServerAdminPassword: "" + # -- Admin password modification time. Eg. `"2006-01-02T15:04:05Z"` + # @default -- `""` (defaults to current time) + argocdServerAdminPasswordMtime: "" + + # -- Define custom [CSS styles] for your argo instance. + # This setting will automatically mount the provided CSS and reference it in the argo configuration. + # @default -- `""` (See [values.yaml]) + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/ + styles: "" + # styles: | + # .sidebar { + # background: linear-gradient(to bottom, #999, #777, #333, #222, #111); + # } + +# -- Array of extra K8s manifests to deploy +## Note: Supports use of custom Helm templates +extraObjects: [] + # - apiVersion: secrets-store.csi.x-k8s.io/v1 + # kind: SecretProviderClass + # metadata: + # name: argocd-secrets-store + # spec: + # provider: aws + # parameters: + # objects: | + # - objectName: "argocd" + # objectType: "secretsmanager" + # jmesPath: + # - path: "client_id" + # objectAlias: "client_id" + # - path: "client_secret" + # objectAlias: "client_secret" + # secretObjects: + # - data: + # - key: client_id + # objectName: client_id + # - key: client_secret + # objectName: client_secret + # secretName: argocd-secrets-store + # type: Opaque + # labels: + # app.kubernetes.io/part-of: argocd + +## Application controller +controller: + # -- Application controller name string + name: application-controller + + # -- The number of application controller pods to run. + # Additional replicas will cause sharding of managed clusters across number of replicas. + ## With dynamic cluster distribution turned on, sharding of the clusters will gracefully + ## rebalance if the number of replica's changes or one becomes unhealthy. (alpha) + replicas: 1 + + # -- Enable dynamic cluster distribution (alpha) + # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution + ## This is done using a deployment instead of a statefulSet + ## When replicas are added or removed, the sharding algorithm is re-run to ensure that the + ## clusters are distributed according to the algorithm. If the algorithm is well-balanced, + ## like round-robin, then the shards will be well-balanced. + dynamicClusterDistribution: false + + # -- Runtime class name for the application controller + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" + + # -- Application controller heartbeat time + # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution/#working-of-dynamic-distribution + heartbeatTime: 10 + + # -- Maximum number of controller revisions that will be maintained in StatefulSet history + revisionHistoryLimit: 5 + + ## Application controller Pod Disruption Budget + ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ + pdb: + # -- Deploy a [PodDisruptionBudget] for the application controller + enabled: false + # -- Labels to be added to application controller pdb + labels: {} + # -- Annotations to be added to application controller pdb + annotations: {} + # -- Number of pods that are available after eviction as number or percentage (eg.: 50%) + # @default -- `""` (defaults to 0 if not specified) + minAvailable: "" + # -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). + ## Has higher precedence over `controller.pdb.minAvailable` + maxUnavailable: "" + + ## Application controller Vertical Pod Autoscaler + ## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/ + vpa: + # -- Deploy a [VerticalPodAutoscaler](https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/) for the application controller + enabled: false + # -- Labels to be added to application controller vpa + labels: {} + # -- Annotations to be added to application controller vpa + annotations: {} + # -- One of the VPA operation modes + ## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically + ## Note: Recreate update mode requires more than one replica unless the min-replicas VPA controller flag is overridden + updateMode: Initial + # -- Controls how VPA computes the recommended resources for application controller container + ## Ref: https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/examples/hamster.yaml + containerPolicy: {} + # controlledResources: ["cpu", "memory"] + # minAllowed: + # cpu: 250m + # memory: 256Mi + # maxAllowed: + # cpu: 1 + # memory: 1Gi + + + ## Application controller image + image: + # -- Repository to use for the application controller + # @default -- `""` (defaults to global.image.repository) + repository: "" + # -- Tag to use for the application controller + # @default -- `""` (defaults to global.image.tag) + tag: "" + # -- Image pull policy for the application controller + # @default -- `""` (defaults to global.image.imagePullPolicy) + imagePullPolicy: "" + + # -- Secrets with credentials to pull images from a private registry + # @default -- `[]` (defaults to global.imagePullSecrets) + imagePullSecrets: [] + + # -- Additional command line arguments to pass to application controller + extraArgs: [] + + # -- Environment variables to pass to application controller + env: [] + + # -- envFrom to pass to application controller + # @default -- `[]` (See [values.yaml]) + envFrom: [] + # - configMapRef: + # name: config-map-name + # - secretRef: + # name: secret-name + + # -- Additional containers to be added to the application controller pod + ## Note: Supports use of custom Helm templates + extraContainers: [] + + # -- Init containers to add to the application controller pod + ## If your target Kubernetes cluster(s) require a custom credential (exec) plugin + ## you could use this (and the same in the server pod) to provide such executable + ## Ref: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins + ## Note: Supports use of custom Helm templates + initContainers: [] + # - name: download-tools + # image: alpine:3 + # command: [sh, -c] + # args: + # - wget -qO /custom-tools/kubelogin.zip https://github.com/Azure/kubelogin/releases/download/v0.2.7/kubelogin-linux-amd64.zip && + # mkdir /custom-tools/tmp && unzip -d /custom-tools/tmp /custom-tools/kubelogin.zip && + # mv /custom-tools/tmp/bin/linux_amd64/kubelogin /custom-tools/ && rm -rf custom-tools/tmp && rm /custom-tools/kubelogin.zip + # volumeMounts: + # - mountPath: /custom-tools + # name: custom-tools + + # -- Additional volumeMounts to the application controller main container + volumeMounts: [] + # - mountPath: /usr/local/bin/kubelogin + # name: custom-tools + # subPath: kubelogin + + # -- Additional volumes to the application controller pod + volumes: [] + # - name: custom-tools + # emptyDir: {} + + ## Application controller emptyDir volumes + emptyDir: + # -- EmptyDir size limit for application controller + # @default -- `""` (defaults not set if not specified i.e. no size limit) + sizeLimit: "" + # sizeLimit: "1Gi" + + # -- Annotations for the application controller StatefulSet + statefulsetAnnotations: {} + + # -- Annotations for the application controller Deployment + deploymentAnnotations: {} + + # -- Labels for the application controller Deployment + deploymentLabels: {} + + # -- Annotations to be added to application controller pods + podAnnotations: {} + + # -- Labels to be added to application controller pods + podLabels: {} + + # -- Resource limits and requests for the application controller pods + resources: {} + # limits: + # cpu: 500m + # memory: 512Mi + # requests: + # cpu: 250m + # memory: 256Mi + + # Application controller container ports + containerPorts: + # -- Metrics container port + metrics: 8082 + + # -- Host Network for application controller pods + hostNetwork: false + + # -- [DNS configuration] + dnsConfig: {} + # -- Alternative DNS policy for application controller pods + dnsPolicy: "ClusterFirst" + + # -- Application controller container-level security context + # @default -- See [values.yaml] + containerSecurityContext: + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + + # Readiness probe for application controller + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ + readinessProbe: + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 10 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 10 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 1 + + # -- terminationGracePeriodSeconds for container lifecycle hook + terminationGracePeriodSeconds: 30 + + # -- Priority class for the application controller pods + # @default -- `""` (defaults to global.priorityClassName) + priorityClassName: "" + + # -- [Node selector] + # @default -- `{}` (defaults to global.nodeSelector) + nodeSelector: {} + + # -- [Tolerations] for use with node taints + # @default -- `[]` (defaults to global.tolerations) + tolerations: [] + + # -- Assign custom [affinity] rules to the deployment + # @default -- `{}` (defaults to global.affinity preset) + affinity: {} + + # -- Assign custom [TopologySpreadConstraints] rules to the application controller + # @default -- `[]` (defaults to global.topologySpreadConstraints) + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ + ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + + # -- Automount API credentials for the Service Account into the pod. + automountServiceAccountToken: true + + serviceAccount: + # -- Create a service account for the application controller + create: true + # -- Service account name + name: argocd-application-controller + # -- Annotations applied to created service account + annotations: {} + # -- Labels applied to created service account + labels: {} + # -- Automount API credentials for the Service Account + automountServiceAccountToken: true + + ## Application controller metrics configuration + metrics: + # -- Deploy metrics service + enabled: false + # -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + scrapeTimeout: "" + applicationLabels: + # -- Enables additional labels in argocd_app_labels metric + enabled: false + # -- Additional labels + labels: [] + service: + # -- Metrics service type + type: ClusterIP + # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) + clusterIP: "" + # -- Metrics service annotations + annotations: {} + # -- Metrics service labels + labels: {} + # -- Metrics service port + servicePort: 8082 + # -- Metrics service port name + portName: http-metrics + serviceMonitor: + # -- Enable a prometheus ServiceMonitor + enabled: false + # -- Prometheus ServiceMonitor interval + interval: 30s + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + honorLabels: false + # -- Prometheus [RelabelConfigs] to apply to samples before scraping + relabelings: [] + # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion + metricRelabelings: [] + # -- Prometheus ServiceMonitor selector + selector: {} + # prometheus: kube-prometheus + + # -- Prometheus ServiceMonitor scheme + scheme: "" + # -- Prometheus ServiceMonitor tlsConfig + tlsConfig: {} + # -- Prometheus ServiceMonitor namespace + namespace: "" # "monitoring" + # -- Prometheus ServiceMonitor labels + additionalLabels: {} + # -- Prometheus ServiceMonitor annotations + annotations: {} + rules: + # -- Deploy a PrometheusRule for the application controller + enabled: false + # -- PrometheusRule namespace + namespace: "" # "monitoring" + # -- PrometheusRule selector + selector: {} + # prometheus: kube-prometheus + + # -- PrometheusRule labels + additionalLabels: {} + # -- PrometheusRule annotations + annotations: {} + + # -- PrometheusRule.Spec for the application controller + spec: [] + # - alert: ArgoAppMissing + # expr: | + # absent(argocd_app_info) == 1 + # for: 15m + # labels: + # severity: critical + # annotations: + # summary: "[Argo CD] No reported applications" + # description: > + # Argo CD has not reported any applications data for the past 15 minutes which + # means that it must be down or not functioning properly. This needs to be + # resolved for this cloud to continue to maintain state. + # - alert: ArgoAppNotSynced + # expr: | + # argocd_app_info{sync_status!="Synced"} == 1 + # for: 12h + # labels: + # severity: warning + # annotations: + # summary: "[{{`{{$labels.name}}`}}] Application not synchronized" + # description: > + # The application [{{`{{$labels.name}}`}} has not been synchronized for over + # 12 hours which means that the state of this cloud has drifted away from the + # state inside Git. + + ## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource. + ## Defaults to off + clusterRoleRules: + # -- Enable custom rules for the application controller's ClusterRole resource + enabled: false + # -- List of custom rules for the application controller's ClusterRole resource + rules: [] + + ## Enable this and set the rules: to whatever custom rules you want for the Role resource. + ## Defaults to off + # -- List of custom rules for the application controller's Role resource + roleRules: [] + + # Default application controller's network policy + networkPolicy: + # -- Default network policy rules used by application controller + # @default -- `false` (defaults to global.networkPolicy.create) + create: false + +## Dex +dex: + # -- Enable dex + enabled: true + # -- Dex name + name: dex-server + + # -- Additional command line arguments to pass to the Dex server + extraArgs: [] + + # -- Runtime class name for Dex + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" + + metrics: + # -- Deploy metrics service + enabled: false + service: + # -- Metrics service annotations + annotations: {} + # -- Metrics service labels + labels: {} + # -- Metrics service port name + portName: http-metrics + serviceMonitor: + # -- Enable a prometheus ServiceMonitor + enabled: false + # -- Prometheus ServiceMonitor interval + interval: 30s + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + honorLabels: false + # -- Prometheus [RelabelConfigs] to apply to samples before scraping + relabelings: [] + # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion + metricRelabelings: [] + # -- Prometheus ServiceMonitor selector + selector: {} + # prometheus: kube-prometheus + + # -- Prometheus ServiceMonitor scheme + scheme: "" + # -- Prometheus ServiceMonitor tlsConfig + tlsConfig: {} + # -- Prometheus ServiceMonitor namespace + namespace: "" # "monitoring" + # -- Prometheus ServiceMonitor labels + additionalLabels: {} + # -- Prometheus ServiceMonitor annotations + annotations: {} + + ## Dex Pod Disruption Budget + ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ + pdb: + # -- Deploy a [PodDisruptionBudget] for the Dex server + enabled: false + # -- Labels to be added to Dex server pdb + labels: {} + # -- Annotations to be added to Dex server pdb + annotations: {} + # -- Number of pods that are available after eviction as number or percentage (eg.: 50%) + # @default -- `""` (defaults to 0 if not specified) + minAvailable: "" + # -- Number of pods that are unavailble after eviction as number or percentage (eg.: 50%). + ## Has higher precedence over `dex.pdb.minAvailable` + maxUnavailable: "" + + ## Dex image + image: + # -- Dex image repository + repository: ghcr.io/dexidp/dex + # -- Dex image tag + tag: v2.44.0 + # -- Dex imagePullPolicy + # @default -- `""` (defaults to global.image.imagePullPolicy) + imagePullPolicy: "" + + # -- Secrets with credentials to pull images from a private registry + # @default -- `[]` (defaults to global.imagePullSecrets) + imagePullSecrets: [] + + # Argo CD init image that creates Dex config + initImage: + # -- Argo CD init image repository + # @default -- `""` (defaults to global.image.repository) + repository: "" + # -- Argo CD init image tag + # @default -- `""` (defaults to global.image.tag) + tag: "" + # -- Argo CD init image imagePullPolicy + # @default -- `""` (defaults to global.image.imagePullPolicy) + imagePullPolicy: "" + # -- Argo CD init image resources + # @default -- `{}` (defaults to dex.resources) + resources: {} + # requests: + # cpu: 5m + # memory: 96Mi + # limits: + # cpu: 10m + # memory: 144Mi + + # -- Environment variables to pass to the Dex server + env: [] + + # -- envFrom to pass to the Dex server + # @default -- `[]` (See [values.yaml]) + envFrom: [] + # - configMapRef: + # name: config-map-name + # - secretRef: + # name: secret-name + + # -- Additional containers to be added to the dex pod + ## Note: Supports use of custom Helm templates + extraContainers: [] + + # -- Init containers to add to the dex pod + ## Note: Supports use of custom Helm templates + initContainers: [] + + # -- Additional volumeMounts to the dex main container + volumeMounts: [] + + # -- Additional volumes to the dex pod + volumes: [] + + ## Dex server emptyDir volumes + emptyDir: + # -- EmptyDir size limit for Dex server + # @default -- `""` (defaults not set if not specified i.e. no size limit) + sizeLimit: "" + # sizeLimit: "1Gi" + + # TLS certificate configuration via Secret + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#configuring-tls-to-argocd-dex-server + ## Note: Issuing certificates via cert-manager in not supported right now because it's not possible to restart Dex automatically without extra controllers. + certificateSecret: + # -- Create argocd-dex-server-tls secret + enabled: false + # -- Labels to be added to argocd-dex-server-tls secret + labels: {} + # -- Annotations to be added to argocd-dex-server-tls secret + annotations: {} + # -- Certificate authority. Required for self-signed certificates. + ca: '' + # -- Certificate private key + key: '' + # -- Certificate data. Must contain SANs of Dex service (ie: argocd-dex-server, argocd-dex-server.argo-cd.svc) + crt: '' + + # -- Annotations to be added to the Dex server Deployment + deploymentAnnotations: {} + + # -- Labels for the Dex server Deployment + deploymentLabels: {} + + # -- Annotations to be added to the Dex server pods + podAnnotations: {} + + # -- Labels to be added to the Dex server pods + podLabels: {} + + # -- Resource limits and requests for dex + resources: {} + # limits: + # cpu: 50m + # memory: 64Mi + # requests: + # cpu: 10m + # memory: 32Mi + + # Dex container ports + # NOTE: These ports are currently hardcoded and cannot be changed + containerPorts: + # -- HTTP container port + http: 5556 + # -- gRPC container port + grpc: 5557 + # -- Metrics container port + metrics: 5558 + + # -- [DNS configuration] + dnsConfig: {} + # -- Alternative DNS policy for Dex server pods + dnsPolicy: "ClusterFirst" + + # -- Dex container-level security context + # @default -- See [values.yaml] + containerSecurityContext: + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + + ## Probes for Dex server + ## Supported from Dex >= 2.28.0 + livenessProbe: + # -- Enable Kubernetes liveness probe for Dex >= 2.28.0 + enabled: false + # -- Http path to use for the liveness probe + httpPath: /healthz/live + # -- Http port to use for the liveness probe + httpPort: metrics + # -- Scheme to use for for the liveness probe (can be HTTP or HTTPS) + httpScheme: HTTP + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 10 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 10 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 1 + + readinessProbe: + # -- Enable Kubernetes readiness probe for Dex >= 2.28.0 + enabled: false + # -- Http path to use for the readiness probe + httpPath: /healthz/ready + # -- Http port to use for the readiness probe + httpPort: metrics + # -- Scheme to use for for the liveness probe (can be HTTP or HTTPS) + httpScheme: HTTP + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 10 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 10 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 1 + + # -- terminationGracePeriodSeconds for container lifecycle hook + terminationGracePeriodSeconds: 30 + + # -- Automount API credentials for the Service Account into the pod. + automountServiceAccountToken: true + + serviceAccount: + # -- Create dex service account + create: true + # -- Dex service account name + name: argocd-dex-server + # -- Annotations applied to created service account + annotations: {} + # -- Automount API credentials for the Service Account + automountServiceAccountToken: true + + # -- Service port for HTTP access + servicePortHttp: 5556 + # -- Service port name for HTTP access + servicePortHttpName: http + # -- Service port for gRPC access + servicePortGrpc: 5557 + # -- Service port name for gRPC access + servicePortGrpcName: grpc + # -- Service port for metrics access + servicePortMetrics: 5558 + + # -- Priority class for the dex pods + # @default -- `""` (defaults to global.priorityClassName) + priorityClassName: "" + + # -- [Node selector] + # @default -- `{}` (defaults to global.nodeSelector) + nodeSelector: {} + + # -- [Tolerations] for use with node taints + # @default -- `[]` (defaults to global.tolerations) + tolerations: [] + + # -- Assign custom [affinity] rules to the deployment + # @default -- `{}` (defaults to global.affinity preset) + affinity: {} + + # -- Assign custom [TopologySpreadConstraints] rules to dex + # @default -- `[]` (defaults to global.topologySpreadConstraints) + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ + ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + + # -- Deployment strategy to be added to the Dex server Deployment + deploymentStrategy: {} + # type: RollingUpdate + # rollingUpdate: + # maxSurge: 25% + # maxUnavailable: 25% + + # Default Dex server's network policy + networkPolicy: + # -- Default network policy rules used by Dex server + # @default -- `false` (defaults to global.networkPolicy.create) + create: false + + # DEPRECATED - Use configs.params to override + # -- Dex log format. Either `text` or `json` + # @default -- `""` (defaults to global.logging.format) + # logFormat: "" + # -- Dex log level. One of: `debug`, `info`, `warn`, `error` + # @default -- `""` (defaults to global.logging.level) + # logLevel: "" + +## Redis +redis: + # -- Enable redis + enabled: true + # -- Redis name + name: redis + + # -- Runtime class name for redis + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" + + ## Redis Pod Disruption Budget + ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ + pdb: + # -- Deploy a [PodDisruptionBudget] for the Redis + enabled: false + # -- Labels to be added to Redis pdb + labels: {} + # -- Annotations to be added to Redis pdb + annotations: {} + # -- Number of pods that are available after eviction as number or percentage (eg.: 50%) + # @default -- `""` (defaults to 0 if not specified) + minAvailable: "" + # -- Number of pods that are unavailble after eviction as number or percentage (eg.: 50%). + ## Has higher precedence over `redis.pdb.minAvailable` + maxUnavailable: "" + + ## Redis image + image: + # -- Redis repository + repository: ecr-public.aws.com/docker/library/redis + # -- Redis tag + ## Do not upgrade to >= 7.4.0, otherwise you are no longer using an open source version of Redis + tag: 7.2.11-alpine + # -- Redis image pull policy + # @default -- `""` (defaults to global.image.imagePullPolicy) + imagePullPolicy: "" + + ## Prometheus redis-exporter sidecar + exporter: + # -- Enable Prometheus redis-exporter sidecar + enabled: false + # -- Environment variables to pass to the Redis exporter + env: [] + ## Prometheus redis-exporter image + image: + # -- Repository to use for the redis-exporter + repository: ghcr.io/oliver006/redis_exporter + # -- Tag to use for the redis-exporter + tag: v1.78.0 + # -- Image pull policy for the redis-exporter + # @default -- `""` (defaults to global.image.imagePullPolicy) + imagePullPolicy: "" + + # -- Redis exporter security context + # @default -- See [values.yaml] + containerSecurityContext: + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + + ## Probes for Redis exporter (optional) + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ + readinessProbe: + # -- Enable Kubernetes liveness probe for Redis exporter (optional) + enabled: false + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 30 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 15 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 15 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 5 + livenessProbe: + # -- Enable Kubernetes liveness probe for Redis exporter + enabled: false + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 30 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 15 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 15 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 5 + + # -- Resource limits and requests for redis-exporter sidecar + resources: {} + # limits: + # cpu: 50m + # memory: 64Mi + # requests: + # cpu: 10m + # memory: 32Mi + + # -- Secrets with credentials to pull images from a private registry + # @default -- `[]` (defaults to global.imagePullSecrets) + imagePullSecrets: [] + + # -- Additional command line arguments to pass to redis-server + extraArgs: [] + # - --bind + # - "0.0.0.0" + + # -- Environment variables to pass to the Redis server + env: [] + + # -- envFrom to pass to the Redis server + # @default -- `[]` (See [values.yaml]) + envFrom: [] + # - configMapRef: + # name: config-map-name + # - secretRef: + # name: secret-name + + ## Probes for Redis server (optional) + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ + readinessProbe: + # -- Enable Kubernetes liveness probe for Redis server + enabled: false + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 30 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 15 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 15 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 5 + livenessProbe: + # -- Enable Kubernetes liveness probe for Redis server + enabled: false + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 30 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 15 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 15 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 5 + + # -- Additional containers to be added to the redis pod + ## Note: Supports use of custom Helm templates + extraContainers: [] + + # -- Init containers to add to the redis pod + ## Note: Supports use of custom Helm templates + initContainers: [] + + # -- Additional volumeMounts to the redis container + volumeMounts: [] + + # -- Additional volumes to the redis pod + volumes: [] + + # -- Annotations to be added to the Redis server Deployment + deploymentAnnotations: {} + + # -- Labels for the Redis server Deployment + deploymentLabels: {} + + # -- Annotations to be added to the Redis server pods + podAnnotations: {} + + # -- Labels to be added to the Redis server pods + podLabels: {} + + # -- Resource limits and requests for redis + resources: {} + # limits: + # cpu: 200m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 64Mi + + # -- Redis pod-level security context + # @default -- See [values.yaml] + securityContext: + runAsNonRoot: true + runAsUser: 999 + seccompProfile: + type: RuntimeDefault + + # Redis container ports + containerPorts: + # -- Redis container port + redis: 6379 + # -- Metrics container port + metrics: 9121 + + # -- [DNS configuration] + dnsConfig: {} + # -- Alternative DNS policy for Redis server pods + dnsPolicy: "ClusterFirst" + + # -- Redis container-level security context + # @default -- See [values.yaml] + containerSecurityContext: + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + + # -- Redis service port + servicePort: 6379 + + # -- Priority class for redis pods + # @default -- `""` (defaults to global.priorityClassName) + priorityClassName: "" + + # -- [Node selector] + # @default -- `{}` (defaults to global.nodeSelector) + nodeSelector: {} + + # -- [Tolerations] for use with node taints + # @default -- `[]` (defaults to global.tolerations) + tolerations: [] + + # -- Assign custom [affinity] rules to the deployment + # @default -- `{}` (defaults to global.affinity preset) + affinity: {} + + # -- Assign custom [TopologySpreadConstraints] rules to redis + # @default -- `[]` (defaults to global.topologySpreadConstraints) + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ + ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + + # -- terminationGracePeriodSeconds for container lifecycle hook + terminationGracePeriodSeconds: 30 + + # -- Automount API credentials for the Service Account into the pod. + automountServiceAccountToken: true + + serviceAccount: + # -- Create a service account for the redis pod + create: false + # -- Service account name for redis pod + name: "" + # -- Annotations applied to created service account + annotations: {} + # -- Automount API credentials for the Service Account + automountServiceAccountToken: false + + service: + # -- Redis service annotations + annotations: {} + # -- Additional redis service labels + labels: {} + + metrics: + # -- Deploy metrics service + enabled: false + + # Redis metrics service configuration + service: + # -- Metrics service type + type: ClusterIP + # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) + clusterIP: None + # -- Metrics service annotations + annotations: {} + # -- Metrics service labels + labels: {} + # -- Metrics service port + servicePort: 9121 + # -- Metrics service port name + portName: http-metrics + + serviceMonitor: + # -- Enable a prometheus ServiceMonitor + enabled: false + # -- Interval at which metrics should be scraped + interval: 30s + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + honorLabels: false + # -- Prometheus [RelabelConfigs] to apply to samples before scraping + relabelings: [] + # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion + metricRelabelings: [] + # -- Prometheus ServiceMonitor selector + selector: {} + # prometheus: kube-prometheus + + # -- Prometheus ServiceMonitor scheme + scheme: "" + # -- Prometheus ServiceMonitor tlsConfig + tlsConfig: {} + # -- Prometheus ServiceMonitor namespace + namespace: "" # "monitoring" + # -- Prometheus ServiceMonitor labels + additionalLabels: {} + # -- Prometheus ServiceMonitor annotations + annotations: {} + + # Default redis's network policy + networkPolicy: + # -- Default network policy rules used by redis + # @default -- `false` (defaults to global.networkPolicy.create) + create: false + +## Redis-HA subchart replaces custom redis deployment when `redis-ha.enabled=true` +# Ref: https://github.com/DandyDeveloper/charts/blob/master/charts/redis-ha/values.yaml +redis-ha: + # -- Enables the Redis HA subchart and disables the custom Redis single node deployment + enabled: false + ## Redis image + image: + # -- Redis repository + repository: ecr-public.aws.com/docker/library/redis + # -- Redis tag + ## Do not upgrade to >= 7.4.0, otherwise you are no longer using an open source version of Redis + tag: 7.2.11-alpine + ## Prometheus redis-exporter sidecar + exporter: + # -- Enable Prometheus redis-exporter sidecar + enabled: false + # -- Repository to use for the redis-exporter + image: ghcr.io/oliver006/redis_exporter + # -- Tag to use for the redis-exporter + tag: v1.75.0 + persistentVolume: + # -- Configures persistence on Redis nodes + enabled: false + ## Redis specific configuration options + redis: + # -- Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated + masterGroupName: argocd + # -- Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) + # @default -- See [values.yaml] + config: + # -- Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled + # @default -- `'""'` + save: '""' + ## Enables a HA Proxy for better LoadBalancing / Sentinel Master support. Automatically proxies to Redis master. + haproxy: + # -- Enabled HAProxy LoadBalancing/Proxy + enabled: true + # -- Custom labels for the haproxy pod. This is relevant for Argo CD CLI. + labels: + app.kubernetes.io/name: argocd-redis-ha-haproxy + image: + # -- HAProxy Image Repository + repository: ecr-public.aws.com/docker/library/haproxy + metrics: + # -- HAProxy enable prometheus metric scraping + enabled: true + # -- Whether the haproxy pods should be forced to run on separate nodes. + hardAntiAffinity: true + # -- Additional affinities to add to the haproxy pods. + additionalAffinities: {} + # -- Assign custom [affinity] rules to the haproxy pods. + affinity: | + + # -- [Tolerations] for use with node taints for haproxy pods. + tolerations: [] + # -- HAProxy container-level security context + # @default -- See [values.yaml] + containerSecurityContext: + readOnlyRootFilesystem: true + + # -- Configures redis-ha with AUTH + auth: true + # -- Existing Secret to use for redis-ha authentication. + # By default the redis-secret-init Job is generating this Secret. + existingSecret: argocd-redis + + # -- Whether the Redis server pods should be forced to run on separate nodes. + hardAntiAffinity: true + + # -- Additional affinities to add to the Redis server pods. + additionalAffinities: {} + + # -- Assign custom [affinity] rules to the Redis pods. + affinity: | + + # -- [Tolerations] for use with node taints for Redis pods. + tolerations: [] + + # -- Assign custom [TopologySpreadConstraints] rules to the Redis pods. + ## https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ + topologySpreadConstraints: + # -- Enable Redis HA topology spread constraints + enabled: false + # -- Max skew of pods tolerated + # @default -- `""` (defaults to `1`) + maxSkew: "" + # -- Topology key for spread + # @default -- `""` (defaults to `topology.kubernetes.io/zone`) + topologyKey: "" + # -- Enforcement policy, hard or soft + # @default -- `""` (defaults to `ScheduleAnyway`) + whenUnsatisfiable: "" + # -- Redis HA statefulset container-level security context + # @default -- See [values.yaml] + containerSecurityContext: + readOnlyRootFilesystem: true + +# External Redis parameters +externalRedis: + # -- External Redis server host + host: "" + # -- External Redis username + username: "" + # -- External Redis password + password: "" + # -- External Redis server port + port: 6379 + # -- The name of an existing secret with Redis (must contain key `redis-password`. And should contain `redis-username` if username is not `default`) and Sentinel credentials. + # When it's set, the `externalRedis.username` and `externalRedis.password` parameters are ignored + existingSecret: "" + # -- External Redis Secret annotations + secretAnnotations: {} + +redisSecretInit: + # -- Enable Redis secret initialization. If disabled, secret must be provisioned by alternative methods + enabled: true + # -- Redis secret-init name + name: redis-secret-init + + image: + # -- Repository to use for the Redis secret-init Job + # @default -- `""` (defaults to global.image.repository) + repository: "" # defaults to global.image.repository + # -- Tag to use for the Redis secret-init Job + # @default -- `""` (defaults to global.image.tag) + tag: "" # defaults to global.image.tag + # -- Image pull policy for the Redis secret-init Job + # @default -- `""` (defaults to global.image.imagePullPolicy) + imagePullPolicy: "" # IfNotPresent + + # -- Secrets with credentials to pull images from a private registry + # @default -- `[]` (defaults to global.imagePullSecrets) + imagePullSecrets: [] + + # -- Annotations to be added to the Redis secret-init Job + jobAnnotations: {} + + # -- Annotations to be added to the Redis secret-init Job + podAnnotations: {} + + # -- Labels to be added to the Redis secret-init Job + podLabels: {} + + # -- Resource limits and requests for Redis secret-init Job + resources: {} + # limits: + # cpu: 200m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 64Mi + + # -- Application controller container-level security context + # @default -- See [values.yaml] + containerSecurityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + + # -- Redis secret-init Job pod-level security context + securityContext: {} + + serviceAccount: + # -- Create a service account for the redis pod + create: true + # -- Service account name for redis pod + name: "" + # -- Annotations applied to created service account + annotations: {} + # -- Automount API credentials for the Service Account + automountServiceAccountToken: true + + # -- Priority class for Redis secret-init Job + # @default -- `""` (defaults to global.priorityClassName) + priorityClassName: "" + + # -- Assign custom [affinity] rules to the Redis secret-init Job + affinity: {} + + # -- Node selector to be added to the Redis secret-init Job + # @default -- `{}` (defaults to global.nodeSelector) + nodeSelector: {} + + # -- Tolerations to be added to the Redis secret-init Job + # @default -- `[]` (defaults to global.tolerations) + tolerations: [] + +## Server +server: + # -- Argo CD server name + name: server + + # -- The number of server pods to run + replicas: 1 + + # -- Runtime class name for the Argo CD server + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" + + ## Argo CD server Horizontal Pod Autoscaler + autoscaling: + # -- Enable Horizontal Pod Autoscaler ([HPA]) for the Argo CD server + enabled: false + # -- Minimum number of replicas for the Argo CD server [HPA] + minReplicas: 1 + # -- Maximum number of replicas for the Argo CD server [HPA] + maxReplicas: 5 + # -- Average CPU utilization percentage for the Argo CD server [HPA] + targetCPUUtilizationPercentage: 50 + # -- Average memory utilization percentage for the Argo CD server [HPA] + targetMemoryUtilizationPercentage: 50 + # -- Configures the scaling behavior of the target in both Up and Down directions. + behavior: {} + # scaleDown: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 1 + # periodSeconds: 180 + # scaleUp: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 2 + # periodSeconds: 60 + # -- Configures custom HPA metrics for the Argo CD server + # Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ + metrics: [] + + ## Argo CD server Pod Disruption Budget + ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ + pdb: + # -- Deploy a [PodDisruptionBudget] for the Argo CD server + enabled: false + # -- Labels to be added to Argo CD server pdb + labels: {} + # -- Annotations to be added to Argo CD server pdb + annotations: {} + # -- Number of pods that are available after eviction as number or percentage (eg.: 50%) + # @default -- `""` (defaults to 0 if not specified) + minAvailable: "" + # -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). + ## Has higher precedence over `server.pdb.minAvailable` + maxUnavailable: "" + + ## Argo CD server image + image: + # -- Repository to use for the Argo CD server + # @default -- `""` (defaults to global.image.repository) + repository: "" # defaults to global.image.repository + # -- Tag to use for the Argo CD server + # @default -- `""` (defaults to global.image.tag) + tag: "" # defaults to global.image.tag + # -- Image pull policy for the Argo CD server + # @default -- `""` (defaults to global.image.imagePullPolicy) + imagePullPolicy: "" # IfNotPresent + + # -- Secrets with credentials to pull images from a private registry + # @default -- `[]` (defaults to global.imagePullSecrets) + imagePullSecrets: [] + + # -- Additional command line arguments to pass to Argo CD server + extraArgs: [] + + # -- Environment variables to pass to Argo CD server + env: [] + + # -- envFrom to pass to Argo CD server + # @default -- `[]` (See [values.yaml]) + envFrom: [] + # - configMapRef: + # name: config-map-name + # - secretRef: + # name: secret-name + + # -- Specify postStart and preStop lifecycle hooks for your argo-cd-server container + lifecycle: {} + + ## Argo CD extensions + ## This function in tech preview stage, do expect instability or breaking changes in newer versions. + ## Ref: https://github.com/argoproj-labs/argocd-extension-installer + ## When you enable extensions, you need to configure RBAC of logged in Argo CD user. + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/#the-extensions-resource + extensions: + # -- Enable support for Argo CD extensions + enabled: false + + ## Argo CD extension installer image + image: + # -- Repository to use for extension installer image + repository: "quay.io/argoprojlabs/argocd-extension-installer" + # -- Tag to use for extension installer image + tag: "v0.0.8" + # -- Image pull policy for extensions + # @default -- `""` (defaults to global.image.imagePullPolicy) + imagePullPolicy: "" + + # -- Extensions for Argo CD + # @default -- `[]` (See [values.yaml]) + ## Ref: https://github.com/argoproj-labs/argocd-extension-metrics#install-ui-extension + extensionList: [] + # - name: extension-metrics + # env: + # - name: EXTENSION_URL + # value: https://github.com/argoproj-labs/argocd-extension-metrics/releases/download/v1.0.0/extension.tar.gz + # - name: EXTENSION_CHECKSUM_URL + # value: https://github.com/argoproj-labs/argocd-extension-metrics/releases/download/v1.0.0/extension_checksums.txt + + # -- Server UI extensions container-level security context + # @default -- See [values.yaml] + containerSecurityContext: + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + + # -- Resource limits and requests for the argocd-extensions container + resources: {} + # limits: + # cpu: 50m + # memory: 128Mi + # requests: + # cpu: 10m + # memory: 64Mi + + # -- Additional containers to be added to the server pod + ## Note: Supports use of custom Helm templates + extraContainers: [] + # - name: my-sidecar + # image: nginx:latest + # - name: lemonldap-ng-controller + # image: lemonldapng/lemonldap-ng-controller:0.2.0 + # args: + # - /lemonldap-ng-controller + # - --alsologtostderr + # - --configmap=$(POD_NAMESPACE)/lemonldap-ng-configuration + # env: + # - name: POD_NAME + # valueFrom: + # fieldRef: + # fieldPath: metadata.name + # - name: POD_NAMESPACE + # valueFrom: + # fieldRef: + # fieldPath: metadata.namespace + # volumeMounts: + # - name: copy-portal-skins + # mountPath: /srv/var/lib/lemonldap-ng/portal/skins + + # -- Init containers to add to the server pod + ## If your target Kubernetes cluster(s) require a custom credential (exec) plugin + ## you could use this (and the same in the application controller pod) to provide such executable + ## Ref: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins + initContainers: [] + # - name: download-tools + # image: alpine:3 + # command: [sh, -c] + # args: + # - wget -qO /custom-tools/kubelogin.zip https://github.com/Azure/kubelogin/releases/download/v0.2.7/kubelogin-linux-amd64.zip && + # mkdir /custom-tools/tmp && unzip -d /custom-tools/tmp /custom-tools/kubelogin.zip && + # mv /custom-tools/tmp/bin/linux_amd64/kubelogin /custom-tools/ && rm -rf custom-tools/tmp && rm /custom-tools/kubelogin.zip + # volumeMounts: + # - mountPath: /custom-tools + # name: custom-tools + + # -- Additional volumeMounts to the server main container + volumeMounts: [] + # - mountPath: /usr/local/bin/kubelogin + # name: custom-tools + # subPath: kubelogin + + # -- Additional volumes to the server pod + volumes: [] + # - name: custom-tools + # emptyDir: {} + + ## Argo CD server emptyDir volumes + emptyDir: + # -- EmptyDir size limit for the Argo CD server + # @default -- `""` (defaults not set if not specified i.e. no size limit) + sizeLimit: "" + # sizeLimit: "1Gi" + + # -- Annotations to be added to server Deployment + deploymentAnnotations: {} + + # -- Labels for the server Deployment + deploymentLabels: {} + + # -- Annotations to be added to server pods + podAnnotations: {} + + # -- Labels to be added to server pods + podLabels: {} + + # -- Resource limits and requests for the Argo CD server + resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 50m + # memory: 64Mi + + # Server container ports + containerPorts: + # -- Server container port + server: 8080 + # -- Metrics container port + metrics: 8083 + + # -- Host Network for Server pods + hostNetwork: false + + # -- [DNS configuration] + dnsConfig: {} + # -- Alternative DNS policy for Server pods + dnsPolicy: "ClusterFirst" + + # -- Server container-level security context + # @default -- See [values.yaml] + containerSecurityContext: + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + + ## Readiness and liveness probes for default backend + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ + readinessProbe: + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 10 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 10 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 1 + + livenessProbe: + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 10 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 10 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 1 + + # -- terminationGracePeriodSeconds for container lifecycle hook + terminationGracePeriodSeconds: 30 + + # -- Priority class for the Argo CD server pods + # @default -- `""` (defaults to global.priorityClassName) + priorityClassName: "" + + # -- [Node selector] + # @default -- `{}` (defaults to global.nodeSelector) + nodeSelector: {} + + # -- [Tolerations] for use with node taints + # @default -- `[]` (defaults to global.tolerations) + tolerations: [] + + # -- Assign custom [affinity] rules to the deployment + # @default -- `{}` (defaults to global.affinity preset) + affinity: {} + + # -- Assign custom [TopologySpreadConstraints] rules to the Argo CD server + # @default -- `[]` (defaults to global.topologySpreadConstraints) + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ + ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + + # -- Deployment strategy to be added to the server Deployment + deploymentStrategy: {} + # type: RollingUpdate + # rollingUpdate: + # maxSurge: 25% + # maxUnavailable: 25% + + # TLS certificate configuration via cert-manager + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-certificates-used-by-argocd-server + certificate: + # -- Deploy a Certificate resource (requires cert-manager) + enabled: false + # -- Certificate primary domain (commonName) + # @default -- `""` (defaults to global.domain) + domain: "" + # -- Certificate Subject Alternate Names (SANs) + additionalHosts: [] + # -- The requested 'duration' (i.e. lifetime) of the certificate. + # @default -- `""` (defaults to 2160h = 90d if not specified) + ## Ref: https://cert-manager.io/docs/usage/certificate/#renewal + duration: "" + # -- How long before the expiry a certificate should be renewed. + # @default -- `""` (defaults to 360h = 15d if not specified) + ## Ref: https://cert-manager.io/docs/usage/certificate/#renewal + renewBefore: "" + # Certificate issuer + ## Ref: https://cert-manager.io/docs/concepts/issuer + issuer: + # -- Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io` + group: "" + # -- Certificate issuer kind. Either `Issuer` or `ClusterIssuer` + kind: "" + # -- Certificate issuer name. Eg. `letsencrypt` + name: "" + # Private key of the certificate + privateKey: + # -- Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always` + rotationPolicy: Never + # -- The private key cryptography standards (PKCS) encoding for private key. Either: `PCKS1` or `PKCS8` + encoding: PKCS1 + # -- Algorithm used to generate certificate private key. One of: `RSA`, `Ed25519` or `ECDSA` + algorithm: RSA + # -- Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. + size: 2048 + # -- Annotations to be applied to the Server Certificate + annotations: {} + # -- Usages for the certificate + ### Ref: https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.KeyUsage + usages: [] + # -- Annotations that allow the certificate to be composed from data residing in existing Kubernetes Resources + secretTemplateAnnotations: {} + + # TLS certificate configuration via Secret + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-certificates-used-by-argocd-server + certificateSecret: + # -- Create argocd-server-tls secret + enabled: false + # -- Annotations to be added to argocd-server-tls secret + annotations: {} + # -- Labels to be added to argocd-server-tls secret + labels: {} + # -- Private Key of the certificate + key: '' + # -- Certificate data + crt: '' + + ## Server service configuration + service: + # -- Server service annotations + annotations: {} + # -- Server service labels + labels: {} + # -- Server service type + type: ClusterIP + # -- Server service http port for NodePort service type (only if `server.service.type` is set to "NodePort") + nodePortHttp: 30080 + # -- Server service https port for NodePort service type (only if `server.service.type` is set to "NodePort") + nodePortHttps: 30443 + # -- Server service http port + servicePortHttp: 80 + # -- Server service https port + servicePortHttps: 443 + # -- Server service http port name, can be used to route traffic via istio + servicePortHttpName: http + # -- Server service https port name, can be used to route traffic via istio + servicePortHttpsName: https + # -- Server service https port appProtocol + ## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol + servicePortHttpsAppProtocol: "" + # -- The class of the load balancer implementation + loadBalancerClass: "" + # -- LoadBalancer will get created with the IP specified in this field + loadBalancerIP: "" + # -- Source IP ranges to allow access to service from + ## EKS Ref: https://repost.aws/knowledge-center/eks-cidr-ip-address-loadbalancer + ## GKE Ref: https://cloud.google.com/kubernetes-engine/docs/concepts/network-overview#limit-connectivity-ext-lb + loadBalancerSourceRanges: [] + # -- Server service external IPs + externalIPs: [] + # -- Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints + ## Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + externalTrafficPolicy: Cluster + # -- Used to maintain session affinity. Supports `ClientIP` and `None` + ## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + sessionAffinity: None + + ## Server metrics service configuration + metrics: + # -- Deploy metrics service + enabled: false + service: + # -- Metrics service type + type: ClusterIP + # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) + clusterIP: "" + # -- Metrics service annotations + annotations: {} + # -- Metrics service labels + labels: {} + # -- Metrics service port + servicePort: 8083 + # -- Metrics service port name + portName: http-metrics + serviceMonitor: + # -- Enable a prometheus ServiceMonitor + enabled: false + # -- Prometheus ServiceMonitor interval + interval: 30s + # -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + scrapeTimeout: "" + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + honorLabels: false + # -- Prometheus [RelabelConfigs] to apply to samples before scraping + relabelings: [] + # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion + metricRelabelings: [] + # -- Prometheus ServiceMonitor selector + selector: {} + # prometheus: kube-prometheus + + # -- Prometheus ServiceMonitor scheme + scheme: "" + # -- Prometheus ServiceMonitor tlsConfig + tlsConfig: {} + # -- Prometheus ServiceMonitor namespace + namespace: "" # monitoring + # -- Prometheus ServiceMonitor labels + additionalLabels: {} + # -- Prometheus ServiceMonitor annotations + annotations: {} + + # -- Automount API credentials for the Service Account into the pod. + automountServiceAccountToken: true + + serviceAccount: + # -- Create server service account + create: true + # -- Server service account name + name: argocd-server + # -- Annotations applied to created service account + annotations: {} + # -- Labels applied to created service account + labels: {} + # -- Automount API credentials for the Service Account + automountServiceAccountToken: true + + # Argo CD server ingress configuration + ingress: + # -- Enable an ingress resource for the Argo CD server + enabled: false + # -- Specific implementation for ingress controller. One of `generic`, `aws` or `gke` + ## Additional configuration might be required in related configuration sections + controller: generic + # -- Additional ingress labels + labels: {} + # -- Additional ingress annotations + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-1-ssl-passthrough + annotations: {} + # nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + # nginx.ingress.kubernetes.io/ssl-passthrough: "true" + + # -- Defines which ingress controller will implement the resource + ingressClassName: "" + + # -- Argo CD server hostname + # @default -- `""` (defaults to global.domain) + hostname: "" + + # -- The path to Argo CD server + path: / + + # -- Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` + pathType: Prefix + + # -- Enable TLS configuration for the hostname defined at `server.ingress.hostname` + ## TLS certificate will be retrieved from a TLS secret `argocd-server-tls` + ## You can create this secret via `certificate` or `certificateSecret` option + tls: false + + # -- The list of additional hostnames to be covered by ingress record + # @default -- `[]` (See [values.yaml]) + extraHosts: [] + # - name: argocd.example.com + # path: / + + # -- Additional ingress paths + # @default -- `[]` (See [values.yaml]) + ## Note: Supports use of custom Helm templates + extraPaths: [] + # - path: /* + # pathType: Prefix + # backend: + # service: + # name: ssl-redirect + # port: + # name: use-annotation + + # -- Additional ingress rules + # @default -- `[]` (See [values.yaml]) + ## Note: Supports use of custom Helm templates + extraRules: [] + # - http: + # paths: + # - path: / + # pathType: Prefix + # backend: + # service: + # name: '{{ include "argo-cd.server.fullname" . }}' + # port: + # name: '{{ .Values.server.service.servicePortHttpsName }}' + + # -- Additional TLS configuration + # @default -- `[]` (See [values.yaml]) + extraTls: [] + # - hosts: + # - argocd.example.com + # secretName: your-certificate-name + + # AWS specific options for Application Load Balancer + # Applies only when `serv.ingress.controller` is set to `aws` + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#aws-application-load-balancers-albs-and-classic-elb-http-mode + aws: + # -- Backend protocol version for the AWS ALB gRPC service + ## This tells AWS to send traffic from the ALB using gRPC. + ## For more information: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/target-group-health-checks.html#health-check-settings + backendProtocolVersion: GRPC + # -- Service type for the AWS ALB gRPC service + ## Can be of type NodePort or ClusterIP depending on which mode you are running. + ## Instance mode needs type NodePort, IP mode needs type ClusterIP + ## Ref: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/how-it-works/#ingress-traffic + serviceType: NodePort + + # Google specific options for Google Application Load Balancer + # Applies only when `server.ingress.controller` is set to `gke` + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#google-cloud-load-balancers-with-kubernetes-ingress + gke: + # -- Google [BackendConfig] resource, for use with the GKE Ingress Controller + # @default -- `{}` (See [values.yaml]) + ## Ref: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters + backendConfig: {} + # iap: + # enabled: true + # oauthclientCredentials: + # secretName: argocd-secret + + # -- Google [FrontendConfig] resource, for use with the GKE Ingress Controller + # @default -- `{}` (See [values.yaml]) + ## Ref: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters + frontendConfig: {} + # redirectToHttps: + # enabled: true + # responseCodeName: RESPONSE_CODE + + # Managed GKE certificate for ingress hostname + managedCertificate: + # -- Create ManagedCertificate resource and annotations for Google Load balancer + ## Ref: https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs + create: true + # -- Additional domains for ManagedCertificate resource + extraDomains: [] + # - argocd.example.com + + # Dedicated gRPC ingress for ingress controllers that supports only single backend protocol per Ingress resource + # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-2-multiple-ingress-objects-and-hosts + ingressGrpc: + # -- Enable an ingress resource for the Argo CD server for dedicated [gRPC-ingress] + enabled: false + # -- Additional ingress annotations for dedicated [gRPC-ingress] + annotations: {} + # -- Additional ingress labels for dedicated [gRPC-ingress] + labels: {} + # -- Defines which ingress controller will implement the resource [gRPC-ingress] + ingressClassName: "" + + # -- Argo CD server hostname for dedicated [gRPC-ingress] + # @default -- `""` (defaults to grpc.`server.ingress.hostname`) + hostname: "" + + # -- Argo CD server ingress path for dedicated [gRPC-ingress] + path: / + + # -- Ingress path type for dedicated [gRPC-ingress]. One of `Exact`, `Prefix` or `ImplementationSpecific` + pathType: Prefix + + # -- Enable TLS configuration for the hostname defined at `server.ingressGrpc.hostname` + ## TLS certificate will be retrieved from a TLS secret with name: `argocd-server-grpc-tls` + tls: false + + # -- The list of additional hostnames to be covered by ingress record + # @default -- `[]` (See [values.yaml]) + extraHosts: [] + # - name: grpc.argocd.example.com + # path: / + + # -- Additional ingress paths for dedicated [gRPC-ingress] + # @default -- `[]` (See [values.yaml]) + ## Note: Supports use of custom Helm templates + extraPaths: [] + # - path: /* + # pathType: Prefix + # backend: + # service: + # name: ssl-redirect + # port: + # name: use-annotation + + # -- Additional ingress rules + # @default -- `[]` (See [values.yaml]) + ## Note: Supports use of custom Helm templates + extraRules: [] + # - http: + # paths: + # - path: / + # pathType: Prefix + # backend: + # service: + # name: '{{ include "argo-cd.server.fullname" . }}' + # port: + # name: '{{ .Values.server.service.servicePortHttpName }}' + + # -- Additional TLS configuration for dedicated [gRPC-ingress] + # @default -- `[]` (See [values.yaml]) + extraTls: [] + # - secretName: your-certificate-name + # hosts: + # - argocd.example.com + + # Create a OpenShift Route with SSL passthrough for UI and CLI + # Consider setting 'hostname' e.g. https://argocd.apps-crc.testing/ using your Default Ingress Controller Domain + # Find your domain with: kubectl describe --namespace=openshift-ingress-operator ingresscontroller/default | grep Domain: + # If 'hostname' is an empty string "" OpenShift will create a hostname for you. + route: + # -- Enable an OpenShift Route for the Argo CD server + enabled: false + # -- Openshift Route annotations + annotations: {} + # -- Hostname of OpenShift Route + hostname: "" + # -- Termination type of Openshift Route + termination_type: passthrough + # -- Termination policy of Openshift Route + termination_policy: None + + # Gateway API HTTPRoute configuration + # NOTE: Gateway API support is in EXPERIMENTAL status + # Support depends on your Gateway controller implementation + # Some controllers may require additional configuration (e.g., BackendTLSPolicy for HTTPS backends) + # Refer to https://gateway-api.sigs.k8s.io/implementations/ for controller-specific details + httproute: + # -- Enable HTTPRoute resource for Argo CD server (Gateway API) + enabled: false + # -- Additional HTTPRoute labels + labels: {} + # -- Additional HTTPRoute annotations + annotations: {} + # -- Gateway API parentRefs for the HTTPRoute + ## Must reference an existing Gateway + # @default -- `[]` (See [values.yaml]) + parentRefs: [] + # - name: example-gateway + # namespace: example-gateway-namespace + # sectionName: https + # -- List of hostnames for the HTTPRoute + # @default -- `[]` (See [values.yaml]) + hostnames: [] + # - argocd.example.com + # -- HTTPRoute rules configuration + # @default -- `[]` (See [values.yaml]) + rules: + - matches: + - path: + type: PathPrefix + value: / + # filters: [] + # - type: RequestHeaderModifier + # requestHeaderModifier: + # add: + # - name: X-Custom-Header + # value: custom-value + + # Gateway API GRPCRoute configuration + # NOTE: Gateway API support is in EXPERIMENTAL status + # Support depends on your Gateway controller implementation + # Refer to https://gateway-api.sigs.k8s.io/implementations/ for controller-specific details + grpcroute: + # -- Enable GRPCRoute resource for Argo CD server (Gateway API) + enabled: false + # -- Additional GRPCRoute labels + labels: {} + # -- Additional GRPCRoute annotations + annotations: {} + # -- Gateway API parentRefs for the GRPCRoute + ## Must reference an existing Gateway + # @default -- `[]` (See [values.yaml]) + parentRefs: [] + # - name: example-gateway + # namespace: example-gateway-namespace + # sectionName: grpc + # -- List of hostnames for the GRPCRoute + # @default -- `[]` (See [values.yaml]) + hostnames: [] + # - grpc.argocd.example.com + # -- GRPCRoute rules configuration + # @default -- `[]` (See [values.yaml]) + rules: + - matches: + - method: + type: Exact + # filters: [] + # - type: RequestHeaderModifier + # requestHeaderModifier: + # add: + # - name: X-Custom-Header + # value: custom-value + + # Gateway API BackendTLSPolicy configuration + # NOTE: BackendTLSPolicy is in EXPERIMENTAL status (v1alpha3) + # Required for HTTPS backends when using Gateway API + # Not all Gateway controllers support this resource (e.g., Cilium does not support it yet) + backendTLSPolicy: + # -- Enable BackendTLSPolicy resource for Argo CD server (Gateway API) + enabled: false + # -- Additional BackendTLSPolicy labels + labels: {} + # -- Additional BackendTLSPolicy annotations + annotations: {} + # -- Target references for the BackendTLSPolicy + # @default -- `[]` (See [values.yaml]) + targetRefs: [] + # - group: "" + # kind: Service + # name: argocd-server + # sectionName: https + # -- TLS validation configuration + # @default -- `{}` (See [values.yaml]) + validation: {} + # hostname: argocd-server.argocd.svc.cluster.local + # caCertificateRefs: + # - name: example-ca-cert + # group: "" + # kind: ConfigMap + # wellKnownCACertificates: System + + ## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource. + ## Defaults to off + clusterRoleRules: + # -- Enable custom rules for the server's ClusterRole resource + enabled: false + # -- List of custom rules for the server's ClusterRole resource + rules: [] + + # Default ArgoCD Server's network policy + networkPolicy: + # -- Default network policy rules used by ArgoCD Server + # @default -- `false` (defaults to global.networkPolicy.create) + create: false + +## Repo Server +repoServer: + # -- Repo server name + name: repo-server + + # -- The number of repo server pods to run + replicas: 1 + + # -- Runtime class name for the repo server + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" + + ## Repo server Horizontal Pod Autoscaler + autoscaling: + # -- Enable Horizontal Pod Autoscaler ([HPA]) for the repo server + enabled: false + # -- Minimum number of replicas for the repo server [HPA] + minReplicas: 1 + # -- Maximum number of replicas for the repo server [HPA] + maxReplicas: 5 + # -- Average CPU utilization percentage for the repo server [HPA] + targetCPUUtilizationPercentage: 50 + # -- Average memory utilization percentage for the repo server [HPA] + targetMemoryUtilizationPercentage: 50 + # -- Configures the scaling behavior of the target in both Up and Down directions. + behavior: {} + # scaleDown: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 1 + # periodSeconds: 180 + # scaleUp: + # stabilizationWindowSeconds: 300 + # policies: + # - type: Pods + # value: 2 + # periodSeconds: 60 + # -- Configures custom HPA metrics for the Argo CD repo server + # Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ + metrics: [] + + ## Repo server Pod Disruption Budget + ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ + pdb: + # -- Deploy a [PodDisruptionBudget] for the repo server + enabled: false + # -- Labels to be added to repo server pdb + labels: {} + # -- Annotations to be added to repo server pdb + annotations: {} + # -- Number of pods that are available after eviction as number or percentage (eg.: 50%) + # @default -- `""` (defaults to 0 if not specified) + minAvailable: "" + # -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). + ## Has higher precedence over `repoServer.pdb.minAvailable` + maxUnavailable: "" + + ## Repo server image + image: + # -- Repository to use for the repo server + # @default -- `""` (defaults to global.image.repository) + repository: "" + # -- Tag to use for the repo server + # @default -- `""` (defaults to global.image.tag) + tag: "" + # -- Image pull policy for the repo server + # @default -- `""` (defaults to global.image.imagePullPolicy) + imagePullPolicy: "" + + # -- Secrets with credentials to pull images from a private registry + # @default -- `[]` (defaults to global.imagePullSecrets) + imagePullSecrets: [] + + # -- Additional command line arguments to pass to repo server + extraArgs: [] + + # -- Environment variables to pass to repo server + env: [] + + # -- envFrom to pass to repo server + # @default -- `[]` (See [values.yaml]) + envFrom: [] + # - configMapRef: + # name: config-map-name + # - secretRef: + # name: secret-name + + # -- Specify postStart and preStop lifecycle hooks for your argo-repo-server container + lifecycle: {} + + # -- Additional containers to be added to the repo server pod + ## Ref: https://argo-cd.readthedocs.io/en/stable/user-guide/config-management-plugins/ + ## Note: Supports use of custom Helm templates + extraContainers: [] + # - name: cmp-my-plugin + # command: + # - "/var/run/argocd/argocd-cmp-server" + # image: busybox + # securityContext: + # runAsNonRoot: true + # runAsUser: 999 + # volumeMounts: + # - mountPath: /var/run/argocd + # name: var-files + # - mountPath: /home/argocd/cmp-server/plugins + # name: plugins + # # Remove this volumeMount if you've chosen to bake the config file into the sidecar image. + # - mountPath: /home/argocd/cmp-server/config/plugin.yaml + # subPath: my-plugin.yaml + # name: argocd-cmp-cm + # # Starting with v2.4, do NOT mount the same tmp volume as the repo-server container. The filesystem separation helps + # # mitigate path traversal attacks. + # - mountPath: /tmp + # name: cmp-tmp + # - name: cmp-my-plugin2 + # command: + # - "/var/run/argocd/argocd-cmp-server" + # image: busybox + # securityContext: + # runAsNonRoot: true + # runAsUser: 999 + # volumeMounts: + # - mountPath: /var/run/argocd + # name: var-files + # # Remove this volumeMount if you've chosen to bake the config file into the sidecar image. + # - mountPath: /home/argocd/cmp-server/plugins + # name: plugins + # - mountPath: /home/argocd/cmp-server/config/plugin.yaml + # subPath: my-plugin2.yaml + # name: argocd-cmp-cm + # # Starting with v2.4, do NOT mount the same tmp volume as the repo-server container. The filesystem separation helps + # # mitigate path traversal attacks. + # - mountPath: /tmp + # name: cmp-tmp + + # -- Init containers to add to the repo server pods + initContainers: [] + + copyutil: + # -- Resource limits and requests for the repo server copyutil initContainer + resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 50m + # memory: 64Mi + + # -- Additional volumeMounts to the repo server main container + volumeMounts: [] + + # -- Additional volumes to the repo server pod + volumes: [] + # - name: argocd-cmp-cm + # configMap: + # name: argocd-cmp-cm + # - name: cmp-tmp + # emptyDir: {} + + # -- Volumes to be used in replacement of emptydir on default volumes + existingVolumes: {} + # gpgKeyring: + # persistentVolumeClaim: + # claimName: pvc-argocd-repo-server-keyring + # helmWorkingDir: + # persistentVolumeClaim: + # claimName: pvc-argocd-repo-server-workdir + # tmp: + # persistentVolumeClaim: + # claimName: pvc-argocd-repo-server-tmp + # varFiles: + # persistentVolumeClaim: + # claimName: pvc-argocd-repo-server-varfiles + # plugins: + # persistentVolumeClaim: + # claimName: pvc-argocd-repo-server-plugins + + ## RepoServer emptyDir volumes + emptyDir: + # -- EmptyDir size limit for repo server + # @default -- `""` (defaults not set if not specified i.e. no size limit) + sizeLimit: "" + # sizeLimit: "1Gi" + + # -- Toggle the usage of a ephemeral Helm working directory + useEphemeralHelmWorkingDir: true + + # -- Annotations to be added to repo server Deployment + deploymentAnnotations: {} + + # -- Labels for the repo server Deployment + deploymentLabels: {} + + # -- Annotations to be added to repo server pods + podAnnotations: {} + + # -- Labels to be added to repo server pods + podLabels: {} + + # -- Resource limits and requests for the repo server pods + resources: {} + # limits: + # cpu: 50m + # memory: 128Mi + # requests: + # cpu: 10m + # memory: 64Mi + + # Repo server container ports + containerPorts: + # -- Repo server container port + server: 8081 + # -- Metrics container port + metrics: 8084 + + # -- Host Network for Repo server pods + hostNetwork: false + + # -- [DNS configuration] + dnsConfig: {} + # -- Alternative DNS policy for Repo server pods + dnsPolicy: "ClusterFirst" + + # -- Repo server container-level security context + # @default -- See [values.yaml] + containerSecurityContext: + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + + ## Readiness and liveness probes for default backend + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ + readinessProbe: + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 10 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 10 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 1 + + livenessProbe: + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 10 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 10 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 1 + + # -- terminationGracePeriodSeconds for container lifecycle hook + terminationGracePeriodSeconds: 30 + + # -- [Node selector] + # @default -- `{}` (defaults to global.nodeSelector) + nodeSelector: {} + + # -- [Tolerations] for use with node taints + # @default -- `[]` (defaults to global.tolerations) + tolerations: [] + + # -- Assign custom [affinity] rules to the deployment + # @default -- `{}` (defaults to global.affinity preset) + affinity: {} + + # -- Assign custom [TopologySpreadConstraints] rules to the repo server + # @default -- `[]` (defaults to global.topologySpreadConstraints) + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ + ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + + # -- Deployment strategy to be added to the repo server Deployment + deploymentStrategy: {} + # type: RollingUpdate + # rollingUpdate: + # maxSurge: 25% + # maxUnavailable: 25% + + # -- Priority class for the repo server pods + # @default -- `""` (defaults to global.priorityClassName) + priorityClassName: "" + + # TLS certificate configuration via Secret + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#configuring-tls-to-argocd-repo-server + ## Note: Issuing certificates via cert-manager in not supported right now because it's not possible to restart repo server automatically without extra controllers. + certificateSecret: + # -- Create argocd-repo-server-tls secret + enabled: false + # -- Annotations to be added to argocd-repo-server-tls secret + annotations: {} + # -- Labels to be added to argocd-repo-server-tls secret + labels: {} + # -- Certificate authority. Required for self-signed certificates. + ca: '' + # -- Certificate private key + key: '' + # -- Certificate data. Must contain SANs of Repo service (ie: argocd-repo-server, argocd-repo-server.argo-cd.svc) + crt: '' + + ## Repo server service configuration + service: + # -- Repo server service annotations + annotations: {} + # -- Repo server service labels + labels: {} + # -- Repo server service port + port: 8081 + # -- Repo server service port name + portName: tcp-repo-server + # -- Traffic distribution preference for the repo server service. If the field is not set, the implementation will apply its default routing strategy. + trafficDistribution: "" + + ## Repo server metrics service configuration + metrics: + # -- Deploy metrics service + enabled: false + service: + # -- Metrics service type + type: ClusterIP + # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) + clusterIP: "" + # -- Metrics service annotations + annotations: {} + # -- Metrics service labels + labels: {} + # -- Metrics service port + servicePort: 8084 + # -- Metrics service port name + portName: http-metrics + serviceMonitor: + # -- Enable a prometheus ServiceMonitor + enabled: false + # -- Prometheus ServiceMonitor interval + interval: 30s + # -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + scrapeTimeout: "" + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + honorLabels: false + # -- Prometheus [RelabelConfigs] to apply to samples before scraping + relabelings: [] + # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion + metricRelabelings: [] + # -- Prometheus ServiceMonitor selector + selector: {} + # prometheus: kube-prometheus + + # -- Prometheus ServiceMonitor scheme + scheme: "" + # -- Prometheus ServiceMonitor tlsConfig + tlsConfig: {} + # -- Prometheus ServiceMonitor namespace + namespace: "" # "monitoring" + # -- Prometheus ServiceMonitor labels + additionalLabels: {} + # -- Prometheus ServiceMonitor annotations + annotations: {} + + ## Enable Custom Rules for the Repo server's Cluster Role resource + ## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource. + ## Defaults to off + clusterRoleRules: + # -- Enable custom rules for the Repo server's Cluster Role resource + enabled: false + # -- List of custom rules for the Repo server's Cluster Role resource + rules: [] + + # -- Automount API credentials for the Service Account into the pod. + automountServiceAccountToken: true + + ## Repo server service account + ## If create is set to true, make sure to uncomment the name and update the rbac section below + serviceAccount: + # -- Create repo server service account + create: true + # -- Repo server service account name + name: "" # "argocd-repo-server" + # -- Annotations applied to created service account + annotations: {} + # -- Labels applied to created service account + labels: {} + # -- Automount API credentials for the Service Account + automountServiceAccountToken: true + + # -- Repo server rbac rules + rbac: [] + # - apiGroups: + # - argoproj.io + # resources: + # - applications + # verbs: + # - get + # - list + # - watch + + # Default repo server's network policy + networkPolicy: + # -- Default network policy rules used by repo server + # @default -- `false` (defaults to global.networkPolicy.create) + create: false + +## ApplicationSet controller +applicationSet: + # -- ApplicationSet controller name string + name: applicationset-controller + + # -- The number of ApplicationSet controller pods to run + replicas: 1 + + # -- Runtime class name for the ApplicationSet controller + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" + + ## ApplicationSet controller Pod Disruption Budget + ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ + pdb: + # -- Deploy a [PodDisruptionBudget] for the ApplicationSet controller + enabled: false + # -- Labels to be added to ApplicationSet controller pdb + labels: {} + # -- Annotations to be added to ApplicationSet controller pdb + annotations: {} + # -- Number of pods that are available after eviction as number or percentage (eg.: 50%) + # @default -- `""` (defaults to 0 if not specified) + minAvailable: "" + # -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). + ## Has higher precedence over `applicationSet.pdb.minAvailable` + maxUnavailable: "" + + ## ApplicationSet controller image + image: + # -- Repository to use for the ApplicationSet controller + # @default -- `""` (defaults to global.image.repository) + repository: "" + # -- Tag to use for the ApplicationSet controller + # @default -- `""` (defaults to global.image.tag) + tag: "" + # -- Image pull policy for the ApplicationSet controller + # @default -- `""` (defaults to global.image.imagePullPolicy) + imagePullPolicy: "" + + # -- If defined, uses a Secret to pull an image from a private Docker registry or repository. + # @default -- `[]` (defaults to global.imagePullSecrets) + imagePullSecrets: [] + + # -- ApplicationSet controller command line flags + extraArgs: [] + + # -- Environment variables to pass to the ApplicationSet controller + extraEnv: [] + # - name: "MY_VAR" + # value: "value" + + # -- envFrom to pass to the ApplicationSet controller + # @default -- `[]` (See [values.yaml]) + extraEnvFrom: [] + # - configMapRef: + # name: config-map-name + # - secretRef: + # name: secret-name + + # -- Additional containers to be added to the ApplicationSet controller pod + ## Note: Supports use of custom Helm templates + extraContainers: [] + + # -- Init containers to add to the ApplicationSet controller pod + ## Note: Supports use of custom Helm templates + initContainers: [] + + # -- List of extra mounts to add (normally used with extraVolumes) + extraVolumeMounts: [] + + # -- List of extra volumes to add + extraVolumes: [] + + ## ApplicationSet controller emptyDir volumes + emptyDir: + # -- EmptyDir size limit for applicationSet controller + # @default -- `""` (defaults not set if not specified i.e. no size limit) + sizeLimit: "" + # sizeLimit: "1Gi" + + ## Metrics service configuration + metrics: + # -- Deploy metrics service + enabled: false + service: + # -- Metrics service type + type: ClusterIP + # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) + clusterIP: "" + # -- Metrics service annotations + annotations: {} + # -- Metrics service labels + labels: {} + # -- Metrics service port + servicePort: 8080 + # -- Metrics service port name + portName: http-metrics + serviceMonitor: + # -- Enable a prometheus ServiceMonitor + enabled: false + # -- Prometheus ServiceMonitor interval + interval: 30s + # -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used. + scrapeTimeout: "" + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + honorLabels: false + # -- Prometheus [RelabelConfigs] to apply to samples before scraping + relabelings: [] + # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion + metricRelabelings: [] + # -- Prometheus ServiceMonitor selector + selector: {} + # prometheus: kube-prometheus + + # -- Prometheus ServiceMonitor scheme + scheme: "" + # -- Prometheus ServiceMonitor tlsConfig + tlsConfig: {} + # -- Prometheus ServiceMonitor namespace + namespace: "" # monitoring + # -- Prometheus ServiceMonitor labels + additionalLabels: {} + # -- Prometheus ServiceMonitor annotations + annotations: {} + + ## ApplicationSet service configuration + service: + # -- ApplicationSet service annotations + annotations: {} + # -- ApplicationSet service labels + labels: {} + # -- ApplicationSet service type + type: ClusterIP + # -- ApplicationSet service port + port: 7000 + # -- ApplicationSet service port name + portName: http-webhook + + # -- Automount API credentials for the Service Account into the pod. + automountServiceAccountToken: true + + serviceAccount: + # -- Create ApplicationSet controller service account + create: true + # -- ApplicationSet controller service account name + name: argocd-applicationset-controller + # -- Annotations applied to created service account + annotations: {} + # -- Labels applied to created service account + labels: {} + # -- Automount API credentials for the Service Account + automountServiceAccountToken: true + + # -- Annotations to be added to ApplicationSet controller Deployment + deploymentAnnotations: {} + + # -- Labels for the ApplicationSet controller Deployment + deploymentLabels: {} + + # -- Annotations for the ApplicationSet controller pods + podAnnotations: {} + + # -- Labels for the ApplicationSet controller pods + podLabels: {} + + # -- Resource limits and requests for the ApplicationSet controller pods. + resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + # ApplicationSet controller container ports + containerPorts: + # -- Metrics container port + metrics: 8080 + # -- Probe container port + probe: 8081 + # -- Webhook container port + webhook: 7000 + + # -- [DNS configuration] + dnsConfig: {} + # -- Alternative DNS policy for ApplicationSet controller pods + dnsPolicy: "ClusterFirst" + + # -- ApplicationSet controller container-level security context + # @default -- See [values.yaml] + containerSecurityContext: + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + + ## Probes for ApplicationSet controller (optional) + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ + readinessProbe: + # -- Enable Kubernetes liveness probe for ApplicationSet controller + enabled: false + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 10 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 10 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 1 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + + livenessProbe: + # -- Enable Kubernetes liveness probe for ApplicationSet controller + enabled: false + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 10 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 10 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 1 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + + # -- terminationGracePeriodSeconds for container lifecycle hook + terminationGracePeriodSeconds: 30 + + # -- [Node selector] + # @default -- `{}` (defaults to global.nodeSelector) + nodeSelector: {} + + # -- [Tolerations] for use with node taints + # @default -- `[]` (defaults to global.tolerations) + tolerations: [] + + # -- Assign custom [affinity] rules + # @default -- `{}` (defaults to global.affinity preset) + affinity: {} + + # -- Assign custom [TopologySpreadConstraints] rules to the ApplicationSet controller + # @default -- `[]` (defaults to global.topologySpreadConstraints) + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + + # -- Deployment strategy to be added to the ApplicationSet controller Deployment + deploymentStrategy: {} + # type: RollingUpdate + # rollingUpdate: + # maxSurge: 25% + # maxUnavailable: 25% + + # -- Priority class for the ApplicationSet controller pods + # @default -- `""` (defaults to global.priorityClassName) + priorityClassName: "" + + # TLS certificate configuration via cert-manager + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-configuration + certificate: + # -- Deploy a Certificate resource (requires cert-manager) + enabled: false + # -- Certificate primary domain (commonName) + # @default -- `""` (defaults to global.domain) + domain: "" + # -- Certificate Subject Alternate Names (SANs) + additionalHosts: [] + # -- The requested 'duration' (i.e. lifetime) of the certificate. + # @default -- `""` (defaults to 2160h = 90d if not specified) + ## Ref: https://cert-manager.io/docs/usage/certificate/#renewal + duration: "" + # -- How long before the expiry a certificate should be renewed. + # @default -- `""` (defaults to 360h = 15d if not specified) + ## Ref: https://cert-manager.io/docs/usage/certificate/#renewal + renewBefore: "" + # Certificate issuer + ## Ref: https://cert-manager.io/docs/concepts/issuer + issuer: + # -- Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io` + group: "" + # -- Certificate issuer kind. Either `Issuer` or `ClusterIssuer` + kind: "" + # -- Certificate issuer name. Eg. `letsencrypt` + name: "" + # Private key of the certificate + privateKey: + # -- Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always` + rotationPolicy: Never + # -- The private key cryptography standards (PKCS) encoding for private key. Either: `PCKS1` or `PKCS8` + encoding: PKCS1 + # -- Algorithm used to generate certificate private key. One of: `RSA`, `Ed25519` or `ECDSA` + algorithm: RSA + # -- Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. + size: 2048 + # -- Annotations to be applied to the ApplicationSet Certificate + annotations: {} + + ## Ingress for the Git Generator webhook + ## Ref: https://argocd-applicationset.readthedocs.io/en/master/Generators-Git/#webhook-configuration) + ingress: + # -- Enable an ingress resource for ApplicationSet webhook + enabled: false + # -- Additional ingress labels + labels: {} + # -- Additional ingress annotations + annotations: {} + + # -- Defines which ingress ApplicationSet controller will implement the resource + ingressClassName: "" + + # -- Argo CD ApplicationSet hostname + # @default -- `""` (defaults to global.domain) + hostname: "" + + # -- List of ingress paths + path: /api/webhook + + # -- Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` + pathType: Prefix + + # -- Enable TLS configuration for the hostname defined at `applicationSet.webhook.ingress.hostname` + ## TLS certificate will be retrieved from a TLS secret with name:`argocd-applicationset-controller-tls` + tls: false + + # -- The list of additional hostnames to be covered by ingress record + # @default -- `[]` (See [values.yaml]) + extraHosts: [] + # - name: argocd.example.com + # path: / + + # -- Additional ingress paths + # @default -- `[]` (See [values.yaml]) + extraPaths: [] + # - path: /* + # pathType: Prefix + # backend: + # service: + # name: ssl-redirect + # port: + # name: use-annotation + + # -- Additional ingress rules + # @default -- `[]` (See [values.yaml]) + ## Note: Supports use of custom Helm templates + extraRules: [] + # - http: + # paths: + # - path: /api/webhook + # pathType: Prefix + # backend: + # service: + # name: '{{ include "argo-cd.applicationSet.fullname" . }}' + # port: + # name: '{{ .Values.applicationSet.service.portName }}' + + # -- Additional ingress TLS configuration + # @default -- `[]` (See [values.yaml]) + extraTls: [] + # - secretName: argocd-applicationset-tls + # hosts: + # - argocd-applicationset.example.com + # -- Enable ApplicationSet in any namespace feature + allowAnyNamespace: false + + # Default ApplicationSet controller's network policy + networkPolicy: + # -- Default network policy rules used by ApplicationSet controller + # @default -- `false` (defaults to global.networkPolicy.create) + create: false + +## Notifications controller +notifications: + # -- Enable notifications controller + enabled: true + + # -- Notifications controller name string + name: notifications-controller + + # -- Argo CD dashboard url; used in place of {{.context.argocdUrl}} in templates + # @default -- `""` (defaults to https://`global.domain`) + argocdUrl: "" + + # -- Runtime class name for the notifications controller + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" + + ## Notifications controller Pod Disruption Budget + ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ + pdb: + # -- Deploy a [PodDisruptionBudget] for the notifications controller + enabled: false + # -- Labels to be added to notifications controller pdb + labels: {} + # -- Annotations to be added to notifications controller pdb + annotations: {} + # -- Number of pods that are available after eviction as number or percentage (eg.: 50%) + # @default -- `""` (defaults to 0 if not specified) + minAvailable: "" + # -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). + ## Has higher precedence over `notifications.pdb.minAvailable` + maxUnavailable: "" + + ## Notifications controller image + image: + # -- Repository to use for the notifications controller + # @default -- `""` (defaults to global.image.repository) + repository: "" + # -- Tag to use for the notifications controller + # @default -- `""` (defaults to global.image.tag) + tag: "" + # -- Image pull policy for the notifications controller + # @default -- `""` (defaults to global.image.imagePullPolicy) + imagePullPolicy: "" + + # -- Secrets with credentials to pull images from a private registry + # @default -- `[]` (defaults to global.imagePullSecrets) + imagePullSecrets: [] + + # DEPRECATED - Use configs.params to override + # -- Notifications controller log format. Either `text` or `json` + # @default -- `""` (defaults to global.logging.format) + # logFormat: "" + # -- Notifications controller log level. One of: `debug`, `info`, `warn`, `error` + # @default -- `""` (defaults to global.logging.level) + # logLevel: "" + + # -- Extra arguments to provide to the notifications controller + extraArgs: [] + + # -- Additional container environment variables + extraEnv: [] + + # -- envFrom to pass to the notifications controller + # @default -- `[]` (See [values.yaml]) + extraEnvFrom: [] + # - configMapRef: + # name: config-map-name + # - secretRef: + # name: secret-name + + # -- Additional containers to be added to the notifications controller pod + ## Note: Supports use of custom Helm templates + extraContainers: [] + + # -- Init containers to add to the notifications controller pod + ## Note: Supports use of custom Helm templates + initContainers: [] + + # -- List of extra mounts to add (normally used with extraVolumes) + extraVolumeMounts: [] + + # -- List of extra volumes to add + extraVolumes: [] + + # -- Define user-defined context + ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/templates/#defining-user-defined-context + context: {} + # region: east + # environmentName: staging + + secret: + # -- Whether helm chart creates notifications controller secret + ## If true, will create a secret with the name below. Otherwise, will assume existence of a secret with that name. + create: true + + # -- notifications controller Secret name + name: "argocd-notifications-secret" + + # -- key:value pairs of annotations to be added to the secret + annotations: {} + + # -- key:value pairs of labels to be added to the secret + labels: {} + + # -- Generic key:value pairs to be inserted into the secret + ## Can be used for templates, notification services etc. Some examples given below. + ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/overview/ + items: {} + # slack-token: + # # For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/slack/ + + # grafana-apiKey: + # # For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/grafana/ + + # webhooks-github-token: + + # email-username: + # email-password: + # For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/email/ + + metrics: + # -- Enables prometheus metrics server + enabled: false + # -- Metrics port + port: 9001 + service: + # -- Metrics service type + type: ClusterIP + # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) + clusterIP: "" + # -- Metrics service annotations + annotations: {} + # -- Metrics service labels + labels: {} + # -- Metrics service port name + portName: http-metrics + serviceMonitor: + # -- Enable a prometheus ServiceMonitor + enabled: false + # -- Prometheus ServiceMonitor selector + selector: {} + # prometheus: kube-prometheus + # -- Prometheus ServiceMonitor labels + additionalLabels: {} + # -- Prometheus ServiceMonitor annotations + annotations: {} + # namespace: monitoring + # interval: 30s + # scrapeTimeout: 10s + # -- Prometheus ServiceMonitor scheme + scheme: "" + # -- Prometheus ServiceMonitor tlsConfig + tlsConfig: {} + # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels. + honorLabels: false + # -- Prometheus [RelabelConfigs] to apply to samples before scraping + relabelings: [] + # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion + metricRelabelings: [] + + # -- Configures notification services such as slack, email or custom webhook + # @default -- See [values.yaml] + ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/overview/ + notifiers: {} + # service.slack: | + # token: $slack-token + + # -- Annotations to be applied to the notifications controller Deployment + deploymentAnnotations: {} + + # -- Labels for the notifications controller Deployment + deploymentLabels: {} + + # -- Annotations to be applied to the notifications controller Pods + podAnnotations: {} + + # -- Labels to be applied to the notifications controller Pods + podLabels: {} + + # -- Resource limits and requests for the notifications controller + resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + # Notification controller container ports + containerPorts: + # -- Metrics container port + metrics: 9001 + + # -- [DNS configuration] + dnsConfig: {} + # -- Alternative DNS policy for notifications controller Pods + dnsPolicy: "ClusterFirst" + + # -- Notification controller container-level security Context + # @default -- See [values.yaml] + containerSecurityContext: + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + + ## Probes for notifications controller Pods (optional) + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ + readinessProbe: + # -- Enable Kubernetes liveness probe for notifications controller Pods + enabled: false + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 10 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 10 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 1 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + + livenessProbe: + # -- Enable Kubernetes liveness probe for notifications controller Pods + enabled: false + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 10 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 10 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 1 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed + successThreshold: 1 + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + + # -- terminationGracePeriodSeconds for container lifecycle hook + terminationGracePeriodSeconds: 30 + + # -- [Node selector] + # @default -- `{}` (defaults to global.nodeSelector) + nodeSelector: {} + + # -- [Tolerations] for use with node taints + # @default -- `[]` (defaults to global.tolerations) + tolerations: [] + + # -- Assign custom [affinity] rules + # @default -- `{}` (defaults to global.affinity preset) + affinity: {} + + # -- Assign custom [TopologySpreadConstraints] rules to the application controller + # @default -- `[]` (defaults to global.topologySpreadConstraints) + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ + ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + + # -- Deployment strategy to be added to the notifications controller Deployment + deploymentStrategy: + type: Recreate + + # -- Priority class for the notifications controller pods + # @default -- `""` (defaults to global.priorityClassName) + priorityClassName: "" + + # -- Automount API credentials for the Service Account into the pod. + automountServiceAccountToken: true + + serviceAccount: + # -- Create notifications controller service account + create: true + # -- Notification controller service account name + name: argocd-notifications-controller + # -- Annotations applied to created service account + annotations: {} + # -- Labels applied to created service account + labels: {} + # -- Automount API credentials for the Service Account + automountServiceAccountToken: true + + cm: + # -- Whether helm chart creates notifications controller config map + create: true + + ## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource. + ## Defaults to off + clusterRoleRules: + # -- List of custom rules for the notifications controller's ClusterRole resource + rules: [] + + # -- Contains centrally managed global application subscriptions + ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/subscriptions/ + subscriptions: [] + # # subscription for on-sync-status-unknown trigger notifications + # - recipients: + # - slack:test2 + # - email:test@gmail.com + # triggers: + # - on-sync-status-unknown + # # subscription restricted to applications with matching labels only + # - recipients: + # - slack:test3 + # selector: test=true + # triggers: + # - on-sync-status-unknown + + # -- The notification template is used to generate the notification content + ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/templates/ + templates: {} + # template.app-deployed: | + # email: + # subject: New version of an application {{.app.metadata.name}} is up and running. + # message: | + # {{if eq .serviceType "slack"}}:white_check_mark:{{end}} Application {{.app.metadata.name}} is now running new version of deployments manifests. + # slack: + # attachments: | + # [{ + # "title": "{{ .app.metadata.name}}", + # "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", + # "color": "#18be52", + # "fields": [ + # { + # "title": "Sync Status", + # "value": "{{.app.status.sync.status}}", + # "short": true + # }, + # { + # "title": "Repository", + # "value": "{{.app.spec.source.repoURL}}", + # "short": true + # }, + # { + # "title": "Revision", + # "value": "{{.app.status.sync.revision}}", + # "short": true + # } + # {{range $index, $c := .app.status.conditions}} + # {{if not $index}},{{end}} + # {{if $index}},{{end}} + # { + # "title": "{{$c.type}}", + # "value": "{{$c.message}}", + # "short": true + # } + # {{end}} + # ] + # }] + # template.app-health-degraded: | + # email: + # subject: Application {{.app.metadata.name}} has degraded. + # message: | + # {{if eq .serviceType "slack"}}:exclamation:{{end}} Application {{.app.metadata.name}} has degraded. + # Application details: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}. + # slack: + # attachments: |- + # [{ + # "title": "{{ .app.metadata.name}}", + # "title_link": "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", + # "color": "#f4c030", + # "fields": [ + # { + # "title": "Sync Status", + # "value": "{{.app.status.sync.status}}", + # "short": true + # }, + # { + # "title": "Repository", + # "value": "{{.app.spec.source.repoURL}}", + # "short": true + # } + # {{range $index, $c := .app.status.conditions}} + # {{if not $index}},{{end}} + # {{if $index}},{{end}} + # { + # "title": "{{$c.type}}", + # "value": "{{$c.message}}", + # "short": true + # } + # {{end}} + # ] + # }] + # template.app-sync-failed: | + # email: + # subject: Failed to sync application {{.app.metadata.name}}. + # message: | + # {{if eq .serviceType "slack"}}:exclamation:{{end}} The sync operation of application {{.app.metadata.name}} has failed at {{.app.status.operationState.finishedAt}} with the following error: {{.app.status.operationState.message}} + # Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true . + # slack: + # attachments: |- + # [{ + # "title": "{{ .app.metadata.name}}", + # "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", + # "color": "#E96D76", + # "fields": [ + # { + # "title": "Sync Status", + # "value": "{{.app.status.sync.status}}", + # "short": true + # }, + # { + # "title": "Repository", + # "value": "{{.app.spec.source.repoURL}}", + # "short": true + # } + # {{range $index, $c := .app.status.conditions}} + # {{if not $index}},{{end}} + # {{if $index}},{{end}} + # { + # "title": "{{$c.type}}", + # "value": "{{$c.message}}", + # "short": true + # } + # {{end}} + # ] + # }] + # template.app-sync-running: | + # email: + # subject: Start syncing application {{.app.metadata.name}}. + # message: | + # The sync operation of application {{.app.metadata.name}} has started at {{.app.status.operationState.startedAt}}. + # Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true . + # slack: + # attachments: |- + # [{ + # "title": "{{ .app.metadata.name}}", + # "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", + # "color": "#0DADEA", + # "fields": [ + # { + # "title": "Sync Status", + # "value": "{{.app.status.sync.status}}", + # "short": true + # }, + # { + # "title": "Repository", + # "value": "{{.app.spec.source.repoURL}}", + # "short": true + # } + # {{range $index, $c := .app.status.conditions}} + # {{if not $index}},{{end}} + # {{if $index}},{{end}} + # { + # "title": "{{$c.type}}", + # "value": "{{$c.message}}", + # "short": true + # } + # {{end}} + # ] + # }] + # template.app-sync-status-unknown: | + # email: + # subject: Application {{.app.metadata.name}} sync status is 'Unknown' + # message: | + # {{if eq .serviceType "slack"}}:exclamation:{{end}} Application {{.app.metadata.name}} sync is 'Unknown'. + # Application details: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}. + # {{if ne .serviceType "slack"}} + # {{range $c := .app.status.conditions}} + # * {{$c.message}} + # {{end}} + # {{end}} + # slack: + # attachments: |- + # [{ + # "title": "{{ .app.metadata.name}}", + # "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", + # "color": "#E96D76", + # "fields": [ + # { + # "title": "Sync Status", + # "value": "{{.app.status.sync.status}}", + # "short": true + # }, + # { + # "title": "Repository", + # "value": "{{.app.spec.source.repoURL}}", + # "short": true + # } + # {{range $index, $c := .app.status.conditions}} + # {{if not $index}},{{end}} + # {{if $index}},{{end}} + # { + # "title": "{{$c.type}}", + # "value": "{{$c.message}}", + # "short": true + # } + # {{end}} + # ] + # }] + # template.app-sync-succeeded: | + # email: + # subject: Application {{.app.metadata.name}} has been successfully synced. + # message: | + # {{if eq .serviceType "slack"}}:white_check_mark:{{end}} Application {{.app.metadata.name}} has been successfully synced at {{.app.status.operationState.finishedAt}}. + # Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true . + # slack: + # attachments: |- + # [{ + # "title": "{{ .app.metadata.name}}", + # "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", + # "color": "#18be52", + # "fields": [ + # { + # "title": "Sync Status", + # "value": "{{.app.status.sync.status}}", + # "short": true + # }, + # { + # "title": "Repository", + # "value": "{{.app.spec.source.repoURL}}", + # "short": true + # } + # {{range $index, $c := .app.status.conditions}} + # {{if not $index}},{{end}} + # {{if $index}},{{end}} + # { + # "title": "{{$c.type}}", + # "value": "{{$c.message}}", + # "short": true + # } + # {{end}} + # ] + # }] + + # -- The trigger defines the condition when the notification should be sent + ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/triggers/ + triggers: {} + # trigger.on-deployed: | + # - description: Application is synced and healthy. Triggered once per commit. + # oncePer: app.status.sync.revision + # send: + # - app-deployed + # when: app.status.operationState.phase in ['Succeeded'] and app.status.health.status == 'Healthy' + # trigger.on-health-degraded: | + # - description: Application has degraded + # send: + # - app-health-degraded + # when: app.status.health.status == 'Degraded' + # trigger.on-sync-failed: | + # - description: Application syncing has failed + # send: + # - app-sync-failed + # when: app.status.operationState.phase in ['Error', 'Failed'] + # trigger.on-sync-running: | + # - description: Application is being synced + # send: + # - app-sync-running + # when: app.status.operationState.phase in ['Running'] + # trigger.on-sync-status-unknown: | + # - description: Application status is 'Unknown' + # send: + # - app-sync-status-unknown + # when: app.status.sync.status == 'Unknown' + # trigger.on-sync-succeeded: | + # - description: Application syncing has succeeded + # send: + # - app-sync-succeeded + # when: app.status.operationState.phase in ['Succeeded'] + # + # For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/triggers/#default-triggers + # defaultTriggers: | + # - on-sync-status-unknown + + # Default notifications controller's network policy + networkPolicy: + # -- Default network policy rules used by notifications controller + # @default -- `false` (defaults to global.networkPolicy.create) + create: false + +commitServer: + # -- Enable commit server + enabled: false + + # -- Commit server name + name: commit-server + + # -- Runtime class name for the commit server + # @default -- `""` (defaults to global.runtimeClassName) + runtimeClassName: "" + + ## commit server controller image + image: + # -- Repository to use for the commit server + # @default -- `""` (defaults to global.image.repository) + repository: "" + # -- Tag to use for the commit server + # @default -- `""` (defaults to global.image.tag) + tag: "" + # -- Image pull policy for the commit server + # @default -- `""` (defaults to global.image.imagePullPolicy) + imagePullPolicy: "" + + # -- commit server command line flags + extraArgs: [] + + # -- Environment variables to pass to the commit server + extraEnv: [] + # - name: "MY_VAR" + # value: "value" + + # -- envFrom to pass to the commit server + # @default -- `[]` (See [values.yaml]) + extraEnvFrom: [] + # - configMapRef: + # name: config-map-name + # - secretRef: + # name: secret-name + + # -- List of extra mounts to add (normally used with extraVolumes) + extraVolumeMounts: [] + + # -- List of extra volumes to add + extraVolumes: [] + + metrics: + # -- Enables prometheus metrics server + enabled: false + service: + # -- Metrics service type + type: ClusterIP + # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) + clusterIP: "" + # -- Metrics service annotations + annotations: {} + # -- Metrics service labels + labels: {} + # -- Metrics service port + servicePort: 8087 + # -- Metrics service port name + portName: metrics + + ## commit server service configuration + service: + # -- commit server service annotations + annotations: {} + # -- commit server service labels + labels: {} + # -- commit server service port + port: 8086 + # -- commit server service port name + portName: server + + # -- Automount API credentials for the Service Account into the pod. + automountServiceAccountToken: false + + serviceAccount: + # -- Create commit server service account + create: true + # -- commit server service account name + name: argocd-commit-server + # -- Annotations applied to created service account + annotations: {} + # -- Labels applied to created service account + labels: {} + # -- Automount API credentials for the Service Account + automountServiceAccountToken: true + + # -- Annotations to be added to commit server Deployment + deploymentAnnotations: {} + + # -- Labels for the commit server Deployment + deploymentLabels: {} + + # -- Annotations for the commit server pods + podAnnotations: {} + + # -- Labels for the commit server pods + podLabels: {} + + # -- Resource limits and requests for the commit server pods. + resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + # -- [DNS configuration] + dnsConfig: {} + # -- Alternative DNS policy for commit server pods + dnsPolicy: "ClusterFirst" + + # -- commit server container-level security context + # @default -- See [values.yaml] + containerSecurityContext: + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + + ## Probes for commit server (optional) + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ + readinessProbe: + # -- Enable Kubernetes liveness probe for commit server + enabled: true + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 5 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 10 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 1 + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + + livenessProbe: + # -- Enable Kubernetes liveness probe for commit server + enabled: true + # -- Number of seconds after the container has started before [probe] is initiated + initialDelaySeconds: 30 + # -- How often (in seconds) to perform the [probe] + periodSeconds: 30 + # -- Number of seconds after which the [probe] times out + timeoutSeconds: 5 + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded + failureThreshold: 3 + + # -- terminationGracePeriodSeconds for container lifecycle hook + terminationGracePeriodSeconds: 30 + + # -- [Node selector] + # @default -- `{}` (defaults to global.nodeSelector) + nodeSelector: {} + + # -- [Tolerations] for use with node taints + # @default -- `[]` (defaults to global.tolerations) + tolerations: [] + + # -- Assign custom [affinity] rules + # @default -- `{}` (defaults to global.affinity preset) + affinity: {} + + # -- Assign custom [TopologySpreadConstraints] rules to the commit server + # @default -- `[]` (defaults to global.topologySpreadConstraints) + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + + # -- Deployment strategy to be added to the commit server Deployment + deploymentStrategy: {} + # type: RollingUpdate + # rollingUpdate: + # maxSurge: 25% + # maxUnavailable: 25% + + # -- Priority class for the commit server pods + # @default -- `""` (defaults to global.priorityClassName) + priorityClassName: "" + + # Default commit server's network policy + networkPolicy: + # -- Default network policy rules used by commit server + # @default -- `false` (defaults to global.networkPolicy.create) + create: false |