diff options
Diffstat (limited to 'astroshop-platform/argocd-helmchart/templates/dex')
8 files changed, 448 insertions, 0 deletions
diff --git a/astroshop-platform/argocd-helmchart/templates/dex/deployment.yaml b/astroshop-platform/argocd-helmchart/templates/dex/deployment.yaml new file mode 100644 index 0000000..fe23a76 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/dex/deployment.yaml @@ -0,0 +1,254 @@ +{{- if .Values.dex.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentAnnotations) .Values.dex.deploymentAnnotations) }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + name: {{ template "argo-cd.dex.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} + {{- with (mergeOverwrite (deepCopy .Values.global.deploymentLabels) .Values.dex.deploymentLabels) }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- with include "argo-cd.strategy" (mergeOverwrite (deepCopy .Values.global.deploymentStrategy) .Values.dex.deploymentStrategy) }} + strategy: + {{- trim . | nindent 4 }} + {{- end }} + replicas: 1 + revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.dex.name) | nindent 6 }} + template: + metadata: + annotations: + checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }} + {{- if (index .Values.configs.cm "dex.config") }} + checksum/cm: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cm.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.dex.certificateSecret.enabled }} + checksum/dex-server-tls: {{ include (print $.Template.BasePath "/argocd-configs/argocd-dex-server-tls-secret.yaml") . | sha256sum }} + {{- end }} + {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.dex.podAnnotations) }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 8 }} + {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.dex.podLabels) }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.dex.runtimeClassName | default .Values.global.runtimeClassName }} + runtimeClassName: {{ . }} + {{- end }} + {{- with .Values.dex.imagePullSecrets | default .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with.Values.global.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.dex.priorityClassName | default .Values.global.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + {{- if .Values.dex.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.dex.terminationGracePeriodSeconds }} + {{- end }} + serviceAccountName: {{ template "argo-cd.dex.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.dex.automountServiceAccountToken }} + containers: + - name: {{ .Values.dex.name }} + image: {{ .Values.dex.image.repository }}:{{ .Values.dex.image.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.dex.image.imagePullPolicy }} + command: + - /shared/argocd-dex + {{- with .Values.dex.logLevel }} + - --loglevel={{ . }} + {{- end }} + {{- with .Values.dex.logFormat }} + - --logformat={{ . }} + {{- end }} + args: + - rundex + {{- with .Values.dex.extraArgs }} + {{- toYaml . | nindent 8 }} + {{- end }} + env: + {{- with (concat .Values.global.env .Values.dex.env) }} + {{- toYaml . | nindent 10 }} + {{- end }} + - name: ARGOCD_DEX_SERVER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: dexserver.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_DEX_SERVER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: dexserver.log.level + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_LOG_FORMAT_TIMESTAMP + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: log.format.timestamp + optional: true + - name: ARGOCD_DEX_SERVER_DISABLE_TLS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: dexserver.disable.tls + optional: true + {{- with .Values.dex.envFrom }} + envFrom: + {{- toYaml . | nindent 10 }} + {{- end }} + ports: + - name: http + containerPort: {{ .Values.dex.containerPorts.http }} + protocol: TCP + - name: grpc + containerPort: {{ .Values.dex.containerPorts.grpc }} + protocol: TCP + - name: metrics + containerPort: {{ .Values.dex.containerPorts.metrics }} + protocol: TCP + {{- if .Values.dex.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.dex.livenessProbe.httpPath }} + port: {{ .Values.dex.livenessProbe.httpPort }} + scheme: {{ .Values.dex.livenessProbe.httpScheme }} + initialDelaySeconds: {{ .Values.dex.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.dex.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.dex.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.dex.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.dex.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.dex.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.dex.readinessProbe.httpPath }} + port: {{ .Values.dex.readinessProbe.httpPort }} + scheme: {{ .Values.dex.readinessProbe.httpScheme }} + initialDelaySeconds: {{ .Values.dex.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.dex.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.dex.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.dex.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.dex.readinessProbe.failureThreshold }} + {{- end }} + resources: + {{- toYaml .Values.dex.resources | nindent 10 }} + {{- with .Values.dex.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + volumeMounts: + {{- with .Values.dex.volumeMounts }} + {{- toYaml . | nindent 8 }} + {{- end }} + - name: static-files + mountPath: /shared + - name: dexconfig + mountPath: /tmp + - name: argocd-dex-server-tls + mountPath: /tls + {{- with .Values.dex.extraContainers }} + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + initContainers: + - name: copyutil + image: {{ default .Values.global.image.repository .Values.dex.initImage.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.dex.initImage.tag }} + imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.dex.initImage.imagePullPolicy }} + command: + - /bin/cp + - -n + - /usr/local/bin/argocd + - /shared/argocd-dex + volumeMounts: + - mountPath: /shared + name: static-files + - mountPath: /tmp + name: dexconfig + resources: + {{- toYaml (default .Values.dex.resources .Values.dex.initImage.resources) | nindent 10 }} + {{- with .Values.dex.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.dex.initContainers }} + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + {{- with include "argo-cd.affinity" (dict "context" . "component" .Values.dex) }} + affinity: + {{- trim . | nindent 8 }} + {{- end }} + {{- with .Values.dex.nodeSelector | default .Values.global.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.dex.tolerations | default .Values.global.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.dex.topologySpreadConstraints | default .Values.global.topologySpreadConstraints }} + topologySpreadConstraints: + {{- range $constraint := . }} + - {{ toYaml $constraint | nindent 8 | trim }} + {{- if not $constraint.labelSelector }} + labelSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" $ "name" $.Values.dex.name) | nindent 12 }} + {{- end }} + {{- end }} + {{- end }} + volumes: + - name: static-files + {{- if .Values.dex.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.dex.emptyDir.sizeLimit }} + {{- else }} + emptyDir: {} + {{- end }} + - name: dexconfig + {{- if .Values.dex.emptyDir.sizeLimit }} + emptyDir: + sizeLimit: {{ .Values.dex.emptyDir.sizeLimit }} + {{- else }} + emptyDir: {} + {{- end }} + - name: argocd-dex-server-tls + secret: + secretName: argocd-dex-server-tls + optional: true + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + {{- with .Values.dex.volumes }} + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.dex.dnsConfig }} + dnsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: {{ .Values.dex.dnsPolicy }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/dex/networkpolicy.yaml b/astroshop-platform/argocd-helmchart/templates/dex/networkpolicy.yaml new file mode 100644 index 0000000..6f3088f --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/dex/networkpolicy.yaml @@ -0,0 +1,30 @@ +{{- if and (or .Values.dex.networkPolicy.create .Values.global.networkPolicy.create) .Values.dex.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} + name: {{ template "argo-cd.dex.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} +spec: + ingress: + - from: + - podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 10 }} + ports: + - port: http + protocol: TCP + - port: grpc + protocol: TCP + - from: + - namespaceSelector: {} + ports: + - port: metrics + protocol: TCP + podSelector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.dex.name) | nindent 6 }} + policyTypes: + - Ingress +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/dex/pdb.yaml b/astroshop-platform/argocd-helmchart/templates/dex/pdb.yaml new file mode 100644 index 0000000..1216102 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/dex/pdb.yaml @@ -0,0 +1,27 @@ +{{- if and .Values.dex.enabled .Values.dex.pdb.enabled }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "argo-cd.dex.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} + {{- with .Values.dex.pdb.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.dex.pdb.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + {{- with .Values.dex.pdb.maxUnavailable }} + maxUnavailable: {{ . }} + {{- else }} + minAvailable: {{ .Values.dex.pdb.minAvailable | default 0 }} + {{- end }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.dex.name) | nindent 6 }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/dex/role.yaml b/astroshop-platform/argocd-helmchart/templates/dex/role.yaml new file mode 100644 index 0000000..e79b3cf --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/dex/role.yaml @@ -0,0 +1,19 @@ +{{- if .Values.dex.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "argo-cd.dex.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get + - list + - watch +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/dex/rolebinding.yaml b/astroshop-platform/argocd-helmchart/templates/dex/rolebinding.yaml new file mode 100644 index 0000000..792a465 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/dex/rolebinding.yaml @@ -0,0 +1,17 @@ +{{- if .Values.dex.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "argo-cd.dex.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "argo-cd.dex.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "argo-cd.dex.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/dex/service.yaml b/astroshop-platform/argocd-helmchart/templates/dex/service.yaml new file mode 100644 index 0000000..b52acfb --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/dex/service.yaml @@ -0,0 +1,37 @@ +{{- if .Values.dex.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "argo-cd.dex.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} +{{- if .Values.dex.metrics.service.annotations }} + annotations: + {{- range $key, $value := .Values.dex.metrics.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} +{{- if .Values.dex.metrics.service.labels }} +{{- toYaml .Values.dex.metrics.service.labels | nindent 4 }} +{{- end }} +spec: + {{- include "argo-cd.dualStack" . | indent 2 }} + ports: + - name: {{ .Values.dex.servicePortHttpName }} + protocol: TCP + port: {{ .Values.dex.servicePortHttp }} + targetPort: http + - name: {{ .Values.dex.servicePortGrpcName }} + protocol: TCP + port: {{ .Values.dex.servicePortGrpc }} + targetPort: grpc +{{- if .Values.dex.metrics.enabled }} + - name: {{ .Values.dex.metrics.service.portName }} + protocol: TCP + port: {{ .Values.dex.servicePortMetrics }} + targetPort: metrics +{{- end }} + selector: + {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.dex.name) | nindent 4 }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/dex/serviceaccount.yaml b/astroshop-platform/argocd-helmchart/templates/dex/serviceaccount.yaml new file mode 100644 index 0000000..aeff244 --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/dex/serviceaccount.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.dex.enabled .Values.dex.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.dex.serviceAccount.automountServiceAccountToken }} +metadata: + name: {{ include "argo-cd.dex.serviceAccountName" . }} + namespace: {{ include "argo-cd.namespace" . }} + {{- with .Values.dex.serviceAccount.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} +{{- end }} diff --git a/astroshop-platform/argocd-helmchart/templates/dex/servicemonitor.yaml b/astroshop-platform/argocd-helmchart/templates/dex/servicemonitor.yaml new file mode 100644 index 0000000..2564cfa --- /dev/null +++ b/astroshop-platform/argocd-helmchart/templates/dex/servicemonitor.yaml @@ -0,0 +1,48 @@ +{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.dex.enabled .Values.dex.metrics.enabled .Values.dex.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "argo-cd.dex.fullname" . }} + namespace: {{ default (include "argo-cd.namespace" .) .Values.dex.metrics.serviceMonitor.namespace | quote }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} + {{- with .Values.dex.metrics.serviceMonitor.selector }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.dex.metrics.serviceMonitor.additionalLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.dex.metrics.serviceMonitor.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + endpoints: + - port: {{ .Values.dex.metrics.service.portName }} + {{- with .Values.dex.metrics.serviceMonitor.interval }} + interval: {{ . }} + {{- end }} + path: /metrics + {{- with .Values.dex.metrics.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.dex.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: + {{- toYaml . |nindent 8 }} + {{- end }} + honorLabels: {{ .Values.dex.metrics.serviceMonitor.honorLabels }} + {{- with .Values.dex.metrics.serviceMonitor.scheme }} + scheme: {{ . }} + {{- end }} + {{- with .Values.dex.metrics.serviceMonitor.tlsConfig }} + tlsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ include "argo-cd.namespace" . }} + selector: + matchLabels: + {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 6 }} +{{- end }} |