DevFW-CICD/argocd-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add ApplicationSet chart (#577)

Browse source 
Co-authored-by: Alex Collins <alexec@users.noreply.github.com>
This commit is contained in:
Matteo Ruina 2021-03-31 19:37:15 +02:00 committed by GitHub
parent af0d6b8957
commit 37cd1ef042
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
11 changed files with 2201 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

65
charts/argo-applicationset/templates/_helpers.tpl Normal file
View file

@ -0,0 +1,65 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "argo-applicationset.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "argo-applicationset.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "argo-applicationset.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "argo-applicationset.labels" -}}
helm.sh/chart: {{ include "argo-applicationset.chart" . }}
{{ include "argo-applicationset.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/name: {{ include "argo-applicationset.name" . }}
app.kubernetes.io/part-of: argo-cd-applicationset
app.kubernetes.io/component: controller
{{- end }}
{{/*
Selector labels
*/}}
{{- define "argo-applicationset.selectorLabels" -}}
app.kubernetes.io/name: {{ include "argo-applicationset.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "argo-applicationset.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "argo-applicationset.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

6
charts/argo-applicationset/templates/crds.yaml Normal file
View file

@ -0,0 +1,6 @@
{{- if .Values.installCRDs }}
{{- range $path, $_ := .Files.Glob "crds/*.yaml" }}
{{ $.Files.Get $path }}
---
{{- end }}
{{- end }}

63
charts/argo-applicationset/templates/deployment.yaml Normal file
View file

@ -0,0 +1,63 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "argo-applicationset.fullname" . }}
labels:
{{- include "argo-applicationset.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
{{- include "argo-applicationset.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "argo-applicationset.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "argo-applicationset.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
command:
- applicationset-controller
- --metrics-addr={{ .Values.args.metricsAddr }}
- --probe-addr={{ .Values.args.probeBindAddr }}
{{- if or (gt ( .Values.replicaCount | int64) 1) .Values.args.enableLeaderElection }}
- --enable-leader-election=true
{{- end }}
- --namespace={{ .Values.args.namespace }}
- --argocd-repo-server={{ .Values.args.argocdRepoServer }}
- --policy={{ .Values.args.policy }}
- --debug={{ .Values.args.debug }}
- --dry-run={{ .Values.args.dryRun }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: http
containerPort: {{ (split ":" .Values.args.probeBindAddr)._1 }}
protocol: TCP
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

57
charts/argo-applicationset/templates/psp.yaml Normal file
View file

@ -0,0 +1,57 @@
{{- if .Values.rbac.pspEnabled }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ template "argo-applicationset.fullname" . }}
labels:
{{- include "argo-applicationset.labels" . | nindent 4 }}
annotations:
seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
spec:
privileged: false
hostIPC: false
hostNetwork: false
hostPID: false
readOnlyRootFilesystem: false
allowPrivilegeEscalation: false
allowedCapabilities:
- '*'
fsGroup:
rule: RunAsAny
runAsUser:
rule: RunAsAny
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
volumes:
- '*'
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ template "argo-applicationset.fullname" . }}-psp
labels:
{{- include "argo-applicationset.labels" . | nindent 4 }}
rules:
- apiGroups: ['policy']
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames:
- {{ template "argo-applicationset.fullname" . }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "argo-applicationset.fullname" . }}-psp
labels:
{{- include "argo-applicationset.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "argo-applicationset.fullname" . }}-psp
subjects:
- kind: ServiceAccount
name: {{ template "argo-applicationset.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}

89
charts/argo-applicationset/templates/rbac.yaml Normal file
View file

@ -0,0 +1,89 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "argo-applicationset.fullname" . }}
labels:
{{- include "argo-applicationset.labels" . | nindent 4 }}
rules:
- apiGroups:
- argoproj.io
resources:
- applications
- applicationsets
- applicationsets/finalizers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- argoproj.io
resources:
- applicationsets/status
verbs:
- get
- patch
- update
- apiGroups:
- ''
resources:
- events
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ''
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- ''
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ''
resources:
- configmaps/status
verbs:
- get
- update
- patch
- apiGroups:
- ''
resources:
- events
verbs:
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "argo-applicationset.fullname" . }}
labels:
{{- include "argo-applicationset.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "argo-applicationset.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ include "argo-applicationset.serviceAccountName" . }}

12
charts/argo-applicationset/templates/serviceaccount.yaml Normal file
View file

@ -0,0 +1,12 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "argo-applicationset.serviceAccountName" . }}
labels:
{{- include "argo-applicationset.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}