feat(argo-events): Upgrade argo-events to v1.7.0 (#1269)

* feat(argo-events) : Upgrade argo-events to v1.7.0 Signed-off-by: Petr Drastil <petr.drastil@gmail.com> * Fix typos Signed-off-by: Petr Drastil <petr.drastil@gmail.com> * Add missing braces Signed-off-by: Petr Drastil <petr.drastil@gmail.com> * Use templates for service account names Signed-off-by: Petr Drastil <petr.drastil@gmail.com> * Drop application labels Signed-off-by: Petr Drastil <petr.drastil@gmail.com> * Update documentation Signed-off-by: Petr Drastil <petr.drastil@gmail.com> * Move CRDs to template folder Signed-off-by: Petr Drastil <petr.drastil@gmail.com> * Disable webhook by default Signed-off-by: Petr Drastil <petr.drastil@gmail.com> * Fix indentation Signed-off-by: Petr Drastil <petr.drastil@gmail.com> * Update README Signed-off-by: Petr Drastil <petr.drastil@gmail.com> * Drop prefix from aggregate-roles Signed-off-by: Petr Drastil <petr.drastil@gmail.com> * Fix typo aggragate-roles.yaml -> aggregate-roles.yaml Signed-off-by: Marco Kilchhofer <mkilchhofer@users.noreply.github.com> * Use helm-docs.sh Signed-off-by: Marco Kilchhofer <mkilchhofer@users.noreply.github.com> * Fix typo REALEASE -> RELEASE Signed-off-by: Marco Kilchhofer <mkilchhofer@users.noreply.github.com> * Use consistent wording/style Signed-off-by: Marco Kilchhofer <mkilchhofer@users.noreply.github.com> Co-authored-by: Marco Kilchhofer <mkilchhofer@users.noreply.github.com>
2022-06-14 17:37:47 +02:00 · 2022-06-14 17:37:47 +02:00 · d2c2055290
commit d2c2055290
parent 99f97cafd9
32 changed files with 1520 additions and 909 deletions
--- a/charts/argo-events/templates/argo-events-webhook/clusterrole.yaml
+++ b/charts/argo-events/templates/argo-events-webhook/clusterrole.yaml
@ -0,0 +1,79 @@
+{{- if and .Values.webhook.enabled (not .Values.controller.rbac.namespaced) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: argo-events-webhook
+  labels:
+    {{- include "argo-events.labels" (dict "context" . "name" .Values.webhook.name) | nindent 4 }}
+rules:
+{{- if .Values.openshift }}
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - clusterroles/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - apps
+  resources:
+  - deployments/finalizers
+  verbs:
+  - update
+{{- end }}
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - get
+  - list
+  - create
+  - update
+  - delete
+  - patch
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - apps
+  resources:
+  - deployments
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - admissionregistration.k8s.io
+  resources:
+  - validatingwebhookconfigurations
+  verbs:
+  - get
+  - list
+  - create
+  - update
+  - delete
+  - patch
+  - watch
+- apiGroups:
+  - argoproj.io
+  resources:
+  - eventbus
+  - eventsources
+  - sensors
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - clusterroles
+  verbs:
+  - get
+  - list
+{{- end }}
--- a/charts/argo-events/templates/argo-events-webhook/clusterrolebinding.yaml
+++ b/charts/argo-events/templates/argo-events-webhook/clusterrolebinding.yaml
@ -0,0 +1,16 @@
+{{- if and .Values.webhook.enabled (not .Values.controller.rbac.namespaced) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "argo-events.webhook.fullname" . }}
+  labels:
+    {{- include "argo-events.labels" (dict "context" . "name" .Values.webhook.name) | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: argo-events-webhook
+subjects:
+- kind: ServiceAccount
+  name: {{ include "argo-events.webhook.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+{{- end }}
--- a/charts/argo-events/templates/argo-events-webhook/deployment.yaml
+++ b/charts/argo-events/templates/argo-events-webhook/deployment.yaml
@ -0,0 +1,120 @@
+{{- if and .Values.webhook.enabled (not .Values.controller.rbac.namespaced) }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: events-webhook
+  labels:
+    {{- include "argo-events.labels" (dict "context" . "component" .Values.webhook.name "name" .Values.webhook.name) | nindent 4 }}
+    app.kubernetes.io/version: {{ default (include "argo-events.defaultTag" .) .Values.webhook.image.tag | quote }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "argo-events.selectorLabels" (dict "context" . "name" .Values.webhook.name) | nindent 6 }}
+  revisionHistoryLimit: 5
+  replicas: {{ .Values.webhook.replicas }}
+  template:
+    metadata:
+      {{- with (mergeOverwrite (deepCopy .Values.global.podAnnotations) .Values.webhook.podAnnotations) }}
+      annotations:
+        {{- range $key, $value := . }}
+        {{ $key }}: {{ $value | quote }}
+        {{- end }}
+      {{- end }}
+      labels:
+        {{- include "argo-events.labels" (dict "context" . "component" .Values.webhook.name "name" .Values.webhook.name) | nindent 8 }}
+        app.kubernetes.io/version: {{ default (include "argo-events.defaultTag" .) .Values.webhook.image.tag | quote }}
+        {{- with (mergeOverwrite (deepCopy .Values.global.podLabels) .Values.webhook.podLabels) }}
+          {{- toYaml . | nindent 8 }}
+        {{- end }}
+    spec:
+      {{- with .Values.global.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.global.securityContext }}
+      securityContext:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      containers:
+      - name: {{ .Values.webhook.name }}
+        image: {{ default .Values.global.image.repository .Values.webhook.image.repository }}:{{ default (include "argo-events.defaultTag" .) .Values.controller.image.tag }}
+        imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.webhook.image.imagePullPolicy }}
+        args:
+        - webhook-service
+        {{- with .Values.webhook.containerSecurityContext }}
+        securityContext:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+        env:
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        {{- with .Values.webhook.env }}
+          {{- toYaml . | nindent 8 }}
+        {{- end }}
+        {{- with .Values.webhook.envFrom }}
+        envFrom:
+          {{- toYaml . | nindent 8 }}
+        {{- end }}
+        {{- with .Values.webhook.volumeMounts }}
+        volumeMounts:
+          {{- toYaml . | nindent 8 }}
+        {{- end }}
+        ports:
+        - name: webhook
+          containerPort: 443
+          protocol: TCP
+        livenessProbe:
+          tcpSocket:
+            port: webhook
+          initialDelaySeconds: {{ .Values.webhook.livenessProbe.initialDelaySeconds }}
+          periodSeconds: {{ .Values.webhook.livenessProbe.periodSeconds }}
+          timeoutSeconds: {{ .Values.webhook.livenessProbe.timeoutSeconds }}
+          successThreshold: {{ .Values.webhook.livenessProbe.successThreshold }}
+          failureThreshold: {{ .Values.webhook.livenessProbe.failureThreshold }}
+        readinessProbe:
+          tcpSocket:
+            port: webhook
+          initialDelaySeconds: {{ .Values.webhook.readinessProbe.initialDelaySeconds }}
+          periodSeconds: {{ .Values.webhook.readinessProbe.periodSeconds }}
+          timeoutSeconds: {{ .Values.webhook.readinessProbe.timeoutSeconds }}
+          successThreshold: {{ .Values.webhook.readinessProbe.successThreshold }}
+          failureThreshold: {{ .Values.webhook.readinessProbe.failureThreshold }}
+        {{- with .Values.webhook.resources }}
+        resources:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+      {{- with .Values.webhook.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.webhook.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.webhook.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.webhook.topologySpreadConstraints }}
+      topologySpreadConstraints:
+      {{- range $constraint := . }}
+      - {{ toYaml $constraint | nindent 8 | trim }}
+        {{- if not $constraint.labelSelector }}
+        labelSelector:
+          matchLabels:
+            {{- include "argo-events.selectorLabels" (dict "context" $ "name" $.Values.webhook.name) | nindent 12 }}
+        {{- end }}
+        {{- end }}
+      {{- end }}
+      serviceAccountName: {{ include "argo-events.webhook.serviceAccountName" . }}
+      {{- with .Values.global.hostAliases }}
+      hostAliases:
+        {{- toYaml . | nindent 6 }}
+      {{- end }}
+      {{- with .Values.webhook.volumes }}
+      volumes:
+        {{- toYaml . | nindent 6 }}
+      {{- end }}
+{{- end }}
--- a/charts/argo-events/templates/argo-events-webhook/pdb.yaml
+++ b/charts/argo-events/templates/argo-events-webhook/pdb.yaml
@ -0,0 +1,28 @@
+{{- if and .Values.webhook.enabled .Values.webhook.pdb.enabled (not .Values.controller.rbac.namespaced) }}
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "argo-events.webhook.fullname" . }}
+  labels:
+    {{- include "argo-events.labels" (dict "context" . "component" .Values.webhook.name "name" .Values.webhook.name) | nindent 4 }}
+    {{- with .Values.webhook.pdb.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.webhook.pdb.annotations }}
+  annotations:
+    {{- range $key, $value := . }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+  {{- end }}
+spec:
+  {{- if .Values.webhook.pdb.minAvailable }}
+  minAvailable: {{ .Values.webhook.pdb.minAvailable }}
+  {{- else if .Values.webhook.pdb.maxUnavailable }}
+  maxUnavailable: {{ .Values.webhook.pdb.maxUnavailable }}
+  {{- else }}
+  minAvailable: 0
+  {{- end }}
+  selector:
+    matchLabels:
+      {{- include "argo-events.selectorLabels" (dict "context" . "name" .Values.webhook.name) | nindent 6 }}
+{{- end }}
--- a/charts/argo-events/templates/argo-events-webhook/service.yaml
+++ b/charts/argo-events/templates/argo-events-webhook/service.yaml
@ -0,0 +1,14 @@
+{{- if and .Values.webhook.enabled (not .Values.controller.rbac.namespaced) }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: events-webhook
+  labels:
+    {{- include "argo-events.labels" (dict "context" . "name" .Values.webhook.name) | nindent 4 }}
+spec:
+  ports:
+  - port: 443
+    targetPort: webhook
+  selector:
+    {{- include "argo-events.selectorLabels" (dict "context" $ "name" $.Values.webhook.name) | nindent 4 }}
+{{- end }}
--- a/charts/argo-events/templates/argo-events-webhook/serviceaccount.yaml
+++ b/charts/argo-events/templates/argo-events-webhook/serviceaccount.yaml
@ -0,0 +1,15 @@
+{{- if and .Values.webhook.serviceAccount.create (not .Values.controller.rbac.namespaced) }}
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: {{ .Values.webhook.serviceAccount.automountServiceAccountToken }}
+metadata:
+  name: {{ include "argo-events.webhook.serviceAccountName" . }}
+  {{- with .Values.webhook.serviceAccount.annotations }}
+  annotations:
+    {{- range $key, $value := . }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+  {{- end }}
+  labels:
+    {{- include "argo-events.labels" (dict "context" . "component" .Values.webhook.name "name" .Values.webhook.name) | nindent 4 }}
+{{- end }}