DevFW-CICD/argocd-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore(argo-cd): Remove deprecated features and redesign Ingress (#2407)

Browse source 
* chore(argo-cd): Remove deprecated features

Signed-off-by: Petr Drastil <petr.drastil@gmail.com>

* Remove wildcard catch all ingress rule

Signed-off-by: Petr Drastil <petr.drastil@gmail.com>

* Add ingress extra rules

Signed-off-by: Petr Drastil <petr.drastil@gmail.com>

* Remove unnecessary ingress variables

Signed-off-by: Petr Drastil <petr.drastil@gmail.com>

* Improve documentation

Signed-off-by: Petr Drastil <petr.drastil@gmail.com>

* Replace ingress paths and hosts with single backend service

Signed-off-by: Petr Drastil <petr.drastil@gmail.com>

* Use only port number to support all ingress controllers

Signed-off-by: Petr Drastil <petr.drastil@gmail.com>

* Minor gRPC fixes

Signed-off-by: Petr Drastil <petr.drastil@gmail.com>

* Simplify TLS configuration

Signed-off-by: Petr Drastil <petr.drastil@gmail.com>

* Decouple AWS and GKE ALB from generic ingress

Signed-off-by: Petr Drastil <petr.drastil@gmail.com>

* Remove map nesting for ApplicationSet ingress

Signed-off-by: Petr Drastil <petr.drastil@gmail.com>

* Use example.com domain

Signed-off-by: Petr Drastil <petr.drastil@gmail.com>

* Remove fallback for argocd-cm checksum annotation

Signed-off-by: Petr Drastil <petr.drastil@gmail.com>

* Add revisionHistoryLimit for controller

Signed-off-by: Petr Drastil <petr.drastil@gmail.com>

* Update README

Signed-off-by: Petr Drastil <petr.drastil@gmail.com>

* Update README

Signed-off-by: Petr Drastil <petr.drastil@gmail.com>

---------

Signed-off-by: Petr Drastil <petr.drastil@gmail.com>
This commit is contained in:
Petr Drastil 2024-02-07 22:40:05 +01:00 committed by GitHub
parent 0b79f5e5c1
commit b8212e0b30
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
33 changed files with 685 additions and 634 deletions
Download patch file Download diff file Expand all files Collapse all files

358
charts/argo-cd/values.yaml
View file

@ -11,9 +11,7 @@ kubeVersionOverride: ""
# Override APIVersions
# If you want to template helm charts but cannot access k8s API server
# you can set api versions here
apiVersionOverrides:
# -- String to override apiVersion of GKE resources rendered by this helm chart
cloudgoogle: "" # cloud.google.com/v1
apiVersionOverrides: {}
# -- Create aggregated roles that extend existing cluster roles to interact with argo-cd resources
## Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles
@ -442,16 +440,6 @@ configs:
# insecure: false
# caData: "<base64 encoded certificate>"
# DEPRECATED - Moved to configs.ssh.annotations
# knownHostsAnnotations: {}
# DEPRECATED - Moved to configs.ssh.knownHosts
# knownHosts: {}
# DEPRECATED - Moved to configs.tls.annotations
# tlsCertsAnnotations: {}
# DEPRECATED - Moved to configs.tls.certificates
# tlsCerts: {}
# -- Repository credentials to be used as Templates for other repos
## Creates a secret for each key/value specified below to create repository credentials
credentialTemplates: {}
@ -533,12 +521,6 @@ configs:
{}
# LDAP_PASSWORD: "mypassword"
# -- Argo TLS Data
# DEPRECATED - Use server.certificate or server.certificateSecret
# argocdServerTlsConfig:
# key: ''
# crt: ''
# -- Bcrypt hashed admin password
## Argo expects the password in the secret to be bcrypt hashed. You can create this hash with
## `htpasswd -nbBC 10 "" $ARGO_PWD | tr -d ':\n' | sed 's/$2y/$2a/'`
@ -595,6 +577,9 @@ controller:
# Additional replicas will cause sharding of managed clusters across number of replicas.
replicas: 1
# -- Maximum number of controller revisions that will be maintained in StatefulSet history
revisionHistoryLimit: 5
## Application controller Pod Disruption Budget
## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
pdb:
@ -627,22 +612,6 @@ controller:
# @default -- `[]` (defaults to global.imagePullSecrets)
imagePullSecrets: []
# -- DEPRECATED - Application controller commandline flags
args: {}
# DEPRECATED - Use configs.params to override
# # -- define the application controller `--status-processors`
# statusProcessors: "20"
# # -- define the application controller `--operation-processors`
# operationProcessors: "10"
# # -- define the application controller `--app-hard-resync`
# appHardResyncPeriod: "0"
# # -- define the application controller `--app-resync`
# appResyncPeriod: "180"
# # -- define the application controller `--self-heal-timeout-seconds`
# selfHealTimeout: "5"
# # -- define the application controller `--repo-server-timeout-seconds`
# repoServerTimeoutSeconds: "60"
# -- Additional command line arguments to pass to application controller
extraArgs: []
@ -1992,29 +1961,47 @@ server:
# -- Automount API credentials for the Service Account
automountServiceAccountToken: true
# Argo CD server ingress configuration
ingress:
# -- Enable an ingress resource for the Argo CD server
enabled: false
# -- Additional ingress annotations
annotations: {}
# -- Specific implementation for ingress controller. One of `generic`, `aws` or `gke`
## Additional configuration might be required in related configuration sections
controller: generic
# -- Additional ingress labels
labels: {}
# -- Additional ingress annotations
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-1-ssl-passthrough
annotations: {}
# nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
# nginx.ingress.kubernetes.io/ssl-passthrough: "true"
# -- Defines which ingress controller will implement the resource
ingressClassName: ""
# -- List of ingress hosts
## Argo Ingress.
## Hostnames must be provided if Ingress is enabled.
## Secrets must be manually created in the namespace
hosts: []
# - argocd.example.com
# -- Argo CD server hostname
## NOTE: Hostname must be provided if Ingress is enabled
hostname: argocd.example.com
# -- The path to Argo CD server
path: /
# -- List of ingress paths
paths:
- /
# -- Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific`
pathType: Prefix
# -- Enable TLS configuration for the hostname defined at `server.ingress.hostname`
## TLS certificate will be retrieved from a TLS secret `argocd-server-tls`
## You can create this secret via `certificate` or `certificateSecret` option
tls: false
# -- The list of additional hostnames to be covered by ingress record
# @default -- `[]` (See [values.yaml])
extraHosts: []
# - name: argocd.example.com
# path: /
# -- Additional ingress paths
# @default -- `[]` (See [values.yaml])
extraPaths: []
# - path: /*
# pathType: Prefix
@ -2024,17 +2011,70 @@ server:
# port:
# name: use-annotation
# -- Ingress TLS configuration
tls: []
# - secretName: your-certificate-name
# hosts:
# - argocd.example.com
# -- Additional ingress rules
# @default -- `[]` (See [values.yaml])
extraRules: []
# - host: example.example.com
# http:
# path: /
# backend:
# service:
# name: example-svc
# port:
# name: http
# -- Uses `server.service.servicePortHttps` instead `server.service.servicePortHttp`
https: false
# -- Additional TLS configuration
# @default -- `[]` (See [values.yaml])
extraTls: []
# - hosts:
# - argocd.example.com
# secretName: your-certificate-name
# dedicated ingress for gRPC as documented at
# Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/
# AWS specific options for Application Load Balancer
# Applies only when `serv.ingress.controller` is set to `aws`
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#aws-application-load-balancers-albs-and-classic-elb-http-mode
aws:
# -- Backend protocol version for the AWS ALB gRPC service
## This tells AWS to send traffic from the ALB using HTTP2. Can use gRPC as well if you want to leverage gRPC specific features
backendProtocolVersion: HTTP2
# -- Service type for the AWS ALB gRPC service
## Can be of type NodePort or ClusterIP depending on which mode you are running.
## Instance mode needs type NodePort, IP mode needs type ClusterIP
## Ref: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/how-it-works/#ingress-traffic
serviceType: NodePort
# Google specific options for Google Application Load Balancer
# Applies only when `server.ingress.controller` is set to `gke`
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#google-cloud-load-balancers-with-kubernetes-ingress
gke:
# -- Google [BackendConfig] resource, for use with the GKE Ingress Controller
# @default -- `{}` (See [values.yaml])
## Ref: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters
backendConfig: {}
# iap:
# enabled: true
# oauthclientCredentials:
# secretName: argocd-secret
# -- Google [FrontendConfig] resource, for use with the GKE Ingress Controller
# @default -- `{}` (See [values.yaml])
## Ref: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters
frontendConfig: {}
# redirectToHttps:
# enabled: true
# responseCodeName: RESPONSE_CODE
# Managed GKE certificate for ingress hostname
managedCertificate:
# -- Create ManagedCertificate resource and annotations for Google Load balancer
## Ref: https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs
create: true
# -- Additional domains for ManagedCertificate resource
extraDomains: []
# - argocd.example.com
# Dedicated gRPC ingress for ingress controllers that supports only single backend protocol per Ingress resource
# Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-2-multiple-ingress-objects-and-hosts
ingressGrpc:
# -- Enable an ingress resource for the Argo CD server for dedicated [gRPC-ingress]
enabled: false
@ -2047,32 +2087,27 @@ server:
# -- Defines which ingress controller will implement the resource [gRPC-ingress]
ingressClassName: ""
awsALB:
# -- Service type for the AWS ALB gRPC service
## Service Type if isAWSALB is set to true
## Can be of type NodePort or ClusterIP depending on which mode you are
## are running. Instance mode needs type NodePort, IP mode needs type
## ClusterIP
## Ref: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/how-it-works/#ingress-traffic
serviceType: NodePort
# -- Backend protocol version for the AWS ALB gRPC service
## This tells AWS to send traffic from the ALB using HTTP2. Can use gRPC as well if you want to leverage gRPC specific features
backendProtocolVersion: HTTP2
# -- Argo CD server hostname for dedicated [gRPC-ingress]
hostname: ""
# -- List of ingress hosts for dedicated [gRPC-ingress]
## Argo Ingress.
## Hostnames must be provided if Ingress is enabled.
## Secrets must be manually created in the namespace
##
hosts: []
# - argocd.example.com
# -- Argo CD server ingress path for dedicated [gRPC-ingress]
path: /
# -- List of ingress paths for dedicated [gRPC-ingress]
paths:
- /
# -- Ingress path type for dedicated [gRPC-ingress]. One of `Exact`, `Prefix` or `ImplementationSpecific`
pathType: Prefix
# -- Enable TLS configuration for the hostname defined at `server.ingressGrpc.hostname`
## TLS certificate will be retrieved from a TLS secret with name: `<hostname>-tls`
tls: false
# -- The list of additional hostnames to be covered by ingress record
# @default -- `[]` (See [values.yaml])
extraHosts: []
# - name: grpc.argocd.example.com
# path: /
# -- Additional ingress paths for dedicated [gRPC-ingress]
# @default -- `[]` (See [values.yaml])
extraPaths: []
# - path: /*
# pathType: Prefix
@ -2082,15 +2117,25 @@ server:
# port:
# name: use-annotation
# -- Ingress TLS configuration for dedicated [gRPC-ingress]
tls: []
# -- Additional ingress rules
# @default -- `[]` (See [values.yaml])
extraRules: []
# - host: example.example.com
# http:
# path: /
# backend:
# service:
# name: example-svc
# port:
# name: http
# -- Additional TLS configuration for dedicated [gRPC-ingress]
# @default -- `[]` (See [values.yaml])
extraTls: []
# - secretName: your-certificate-name
# hosts:
# - argocd.example.com
# -- Uses `server.service.servicePortHttps` instead `server.service.servicePortHttp`
https: false
# Create a OpenShift Route with SSL passthrough for UI and CLI
# Consider setting 'hostname' e.g. https://argocd.apps-crc.testing/ using your Default Ingress Controller Domain
# Find your domain with: kubectl describe --namespace=openshift-ingress-operator ingresscontroller/default | grep Domain:
@ -2107,38 +2152,6 @@ server:
# -- Termination policy of Openshift Route
termination_policy: None
GKEbackendConfig:
# -- Enable BackendConfig custom resource for Google Kubernetes Engine
enabled: false
# -- [BackendConfigSpec]
spec: {}
# spec:
# iap:
# enabled: true
# oauthclientCredentials:
# secretName: argocd-secret
## Create a Google Managed Certificate for use with the GKE Ingress Controller
## https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs
GKEmanagedCertificate:
# -- Enable ManagedCertificate custom resource for Google Kubernetes Engine.
enabled: false
# -- Domains for the Google Managed Certificate
domains:
- argocd.example.com
## Create a Google FrontendConfig Custom Resource, for use with the GKE Ingress Controller
## https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters
GKEfrontendConfig:
# -- Enable FrontConfig custom resource for Google Kubernetes Engine
enabled: false
# -- [FrontendConfigSpec]
spec: {}
# spec:
# redirectToHttps:
# enabled: true
# responseCodeName: RESPONSE_CODE
## Repo Server
repoServer:
# -- Repo server name
@ -2558,16 +2571,7 @@ applicationSet:
# @default -- `[]` (defaults to global.imagePullSecrets)
imagePullSecrets: []
# -- DEPRECATED - ApplicationSet controller command line flags
args: {}
# DEPRECATED - Use configs.params.applicationsetcontroller.policy to override
# -- How application is synced between the generator and the cluster
# policy: sync
# DEPRECATED - Use configs.params.applicationsetcontroller.dryrun to override
# -- Enable dry run mode
# dryRun: false
# -- List of extra cli args to add
# -- ApplicationSet controller command line flags
extraArgs: []
# -- Environment variables to pass to the ApplicationSet controller
@ -2772,51 +2776,6 @@ applicationSet:
# @default -- `""` (defaults to global.priorityClassName)
priorityClassName: ""
## Webhook for the Git Generator
## Ref: https://argocd-applicationset.readthedocs.io/en/master/Generators-Git/#webhook-configuration)
webhook:
ingress:
# -- Enable an ingress resource for Webhooks
enabled: false
# -- Additional ingress annotations
annotations: {}
# -- Additional ingress labels
labels: {}
# -- Defines which ingress ApplicationSet controller will implement the resource
ingressClassName: ""
# -- List of ingress hosts
## Hostnames must be provided if Ingress is enabled.
## Secrets must be manually created in the namespace
hosts: []
# - argocd-applicationset.example.com
# -- List of ingress paths
paths:
- /api/webhook
# -- Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific`
pathType: Prefix
# -- Additional ingress paths
extraPaths: []
# - path: /*
# backend:
# serviceName: ssl-redirect
# servicePort: use-annotation
## for Kubernetes >=1.19 (when "networking.k8s.io/v1" is used)
# - path: /*
# pathType: Prefix
# backend:
# service:
# name: ssl-redirect
# port:
# name: use-annotation
# -- Ingress TLS configuration
tls: []
# - secretName: argocd-applicationset-tls
# hosts:
# - argocd-applicationset.example.com
# TLS certificate configuration via cert-manager
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-configuration
certificate:
@ -2858,6 +2817,69 @@ applicationSet:
# -- Annotations to be applied to the ApplicationSet Certificate
annotations: {}
## Ingress for the Git Generator webhook
## Ref: https://argocd-applicationset.readthedocs.io/en/master/Generators-Git/#webhook-configuration)
ingress:
# -- Enable an ingress resource for ApplicationSet webhook
enabled: false
# -- Additional ingress labels
labels: {}
# -- Additional ingress annotations
annotations: {}
# -- Defines which ingress ApplicationSet controller will implement the resource
ingressClassName: ""
# -- Argo CD ApplicationSet hostname
## NOTE: Hostname must be provided if Ingress is enabled
hostname: argocd.example.com
# -- List of ingress paths
path: /api/webhook
# -- Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific`
pathType: Prefix
# -- Enable TLS configuration for the hostname defined at `applicationSet.webhook.ingress.hostname`
## TLS certificate will be retrieved from a TLS secret with name:`argocd-application-controller-tls`
tls: false
# -- The list of additional hostnames to be covered by ingress record
# @default -- `[]` (See [values.yaml])
extraHosts: []
# - name: argocd.example.com
# path: /
# -- Additional ingress paths
# @default -- `[]` (See [values.yaml])
extraPaths: []
# - path: /*
# pathType: Prefix
# backend:
# service:
# name: ssl-redirect
# port:
# name: use-annotation
# -- Additional ingress rules
# @default -- `[]` (See [values.yaml])
extraRules: []
# - host: example.example.com
# http:
# path: /
# backend:
# service:
# name: example-svc
# port:
# name: http
# -- Additional ingress TLS configuration
# @default -- `[]` (See [values.yaml])
extraTls: []
# - secretName: argocd-applicationset-tls
# hosts:
# - argocd-applicationset.example.com
## Notifications controller
notifications:
# -- Enable notifications controller