├── argocd-apps ├── README.md └── sample-app.yaml ├── .gitignore ├── argocd-appprojects ├── README.md └── sample-project.yaml ├── argocd-install ├── argo-cd │ ├── .helmignore │ ├── templates │ │ ├── crds.yaml │ │ ├── argocd-server │ │ │ ├── backendconfig.yaml │ │ │ ├── rolebinding.yaml │ │ │ ├── clusterrolebinding.yaml │ │ │ ├── serviceaccount.yaml │ │ │ ├── clusterrole.yaml │ │ │ ├── role.yaml │ │ │ ├── route.yaml │ │ │ ├── metrics-service.yaml │ │ │ ├── hpa.yaml │ │ │ ├── certificate.yaml │ │ │ ├── servicemonitor.yaml │ │ │ ├── applications.yaml │ │ │ ├── projects.yaml │ │ │ ├── service.yaml │ │ │ ├── ingress.yaml │ │ │ ├── ingress-grpc.yaml │ │ │ └── deployment.yaml │ │ ├── dex │ │ │ ├── role.yaml │ │ │ ├── rolebinding.yaml │ │ │ ├── serviceaccount.yaml │ │ │ ├── service.yaml │ │ │ ├── servicemonitor.yaml │ │ │ └── deployment.yaml │ │ ├── argocd-repo-server │ │ │ ├── role.yaml │ │ │ ├── repository-credentials-secret.yaml │ │ │ ├── rolebinding.yaml │ │ │ ├── serviceaccount.yaml │ │ │ ├── service.yaml │ │ │ ├── metrics-service.yaml │ │ │ ├── hpa.yaml │ │ │ ├── servicemonitor.yaml │ │ │ └── deployment.yaml │ │ ├── argocd-configs │ │ │ ├── argocd-ssh-known-hosts-cm.yaml │ │ │ ├── argocd-cm.yaml │ │ │ ├── argocd-tls-certs-cm.yaml │ │ │ ├── argocd-rbac-cm.yaml │ │ │ ├── cluster-secrets.yaml │ │ │ └── argocd-secret.yaml │ │ ├── argocd-application-controller │ │ │ ├── clusterrole.yaml │ │ │ ├── rolebinding.yaml │ │ │ ├── clusterrolebinding.yaml │ │ │ ├── serviceaccount.yaml │ │ │ ├── role.yaml │ │ │ ├── service.yaml │ │ │ ├── metrics-service.yaml │ │ │ ├── prometheusrule.yaml │ │ │ ├── servicemonitor.yaml │ │ │ └── deployment.yaml │ │ ├── redis │ │ │ ├── service.yaml │ │ │ └── deployment.yaml │ │ ├── NOTES.txt │ │ └── _helpers.tpl │ ├── Chart.lock │ ├── charts │ │ └── redis-ha │ │ │ ├── ci │ │ │ └── haproxy-enabled-values.yaml │ │ │ ├── templates │ │ │ ├── redis-ha-exporter-script-configmap.yaml │ │ │ ├── redis-auth-secret.yaml │ │ │ ├── sentinel-auth-secret.yaml │ │ │ ├── redis-ha-serviceaccount.yaml │ │ │ ├── redis-haproxy-serviceaccount.yaml │ │ │ ├── redis-ha-health-configmap.yaml │ │ │ ├── redis-ha-rolebinding.yaml │ │ │ ├── redis-ha-role.yaml │ │ │ ├── redis-ha-pdb.yaml │ │ │ ├── redis-haproxy-rolebinding.yaml │ │ │ ├── tests │ │ │ │ ├── test-redis-ha-pod.yaml │ │ │ │ └── test-redis-ha-configmap.yaml │ │ │ ├── redis-haproxy-role.yaml │ │ │ ├── redis-ha-configmap.yaml │ │ │ ├── redis-tls-secret.yaml │ │ │ ├── redis-ha-secret.yaml │ │ │ ├── redis-ha-psp.yaml │ │ │ ├── redis-haproxy-psp.yaml │ │ │ ├── redis-ha-servicemonitor.yaml │ │ │ ├── NOTES.txt │ │ │ ├── redis-ha-service.yaml │ │ │ ├── redis-haproxy-servicemonitor.yaml │ │ │ ├── redis-haproxy-service.yaml │ │ │ ├── redis-ha-announce-service.yaml │ │ │ ├── _helpers.tpl │ │ │ ├── redis-haproxy-deployment.yaml │ │ │ ├── redis-ha-statefulset.yaml │ │ │ └── _configs.tpl │ │ │ ├── Chart.yaml │ │ │ └── values.yaml │ ├── Chart.yaml │ └── crds │ │ └── crd-project.yaml ├── 01-install-argocd.sh └── values-override.yaml ├── README.md └── sample-app └── bookinfo.yaml /argocd-apps/README.md: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | **/**.ignore 2 | -------------------------------------------------------------------------------- /argocd-appprojects/README.md: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/.helmignore: -------------------------------------------------------------------------------- 1 | /*.tgz 2 | output 3 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/templates/crds.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.installCRDs }} 2 | {{- range $path, $_ := .Files.Glob "crds/*.yaml" }} 3 | {{ $.Files.Get $path }} 4 | --- 5 | {{- end }} 6 | {{- end }} 7 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: redis-ha 3 | repository: https://dandydeveloper.github.io/charts/ 4 | version: 4.10.4 5 | digest: sha256:e36321520ffd6f91962b0bcfeae947a86983d6b6d273eb616f08425e2b8ab9c2 6 | generated: "2021-04-14T13:41:16.151666-07:00" 7 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/charts/redis-ha/ci/haproxy-enabled-values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | ## Enable HAProxy to manage Load Balancing 3 | haproxy: 4 | enabled: true 5 | annotations: 6 | any.domain/key: "value" 7 | serviceAccount: 8 | create: true 9 | metrics: 10 | enabled: true 11 | -------------------------------------------------------------------------------- /argocd-appprojects/sample-project.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: AppProject 3 | metadata: 4 | name: sample-project 5 | namespace: argocd 6 | spec: 7 | clusterResourceWhitelist: 8 | - group: '*' 9 | kind: '*' 10 | destinations: 11 | - namespace: sample-app 12 | server: https://kubernetes.default.svc 13 | orphanedResources: 14 | warn: false 15 | sourceRepos: 16 | - '*' 17 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/charts/redis-ha/templates/redis-ha-exporter-script-configmap.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.exporter.script }} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: {{ template "redis-ha.fullname" . }}-exporter-script-configmap 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{ include "labels.standard" . | indent 4 }} 9 | data: 10 | script: {{ toYaml .Values.exporter.script | indent 2 }} 11 | {{- end }} -------------------------------------------------------------------------------- /argocd-install/argo-cd/charts/redis-ha/templates/redis-auth-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.auth (not .Values.existingSecret) -}} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ template "redis-ha.fullname" . }} 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{ include "labels.standard" . | indent 4 }} 9 | type: Opaque 10 | data: 11 | {{ .Values.authKey }}: {{ .Values.redisPassword | b64enc | quote }} 12 | {{- end -}} 13 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/charts/redis-ha/templates/sentinel-auth-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.sentinel.auth (not .Values.sentinel.existingSecret) -}} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ template "redis-ha.fullname" . }}-sentinel 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{ include "labels.standard" . | indent 4 }} 9 | type: Opaque 10 | data: 11 | {{ .Values.sentinel.authKey }}: {{ .Values.sentinel.password | b64enc | quote }} 12 | {{- end -}} -------------------------------------------------------------------------------- /argocd-install/argo-cd/templates/argocd-server/backendconfig.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.server.GKEbackendConfig.enabled }} 2 | apiVersion: cloud.google.com/v1beta1 3 | kind: BackendConfig 4 | metadata: 5 | name: {{ template "argo-cd.server.fullname" . }} 6 | labels: 7 | {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} 8 | spec: 9 | {{- toYaml .Values.server.GKEbackendConfig.spec | nindent 2 }} 10 | {{- end }} 11 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/charts/redis-ha/templates/redis-ha-serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ template "redis-ha.serviceAccountName" . }} 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | chart: {{ .Chart.Name }}-{{ .Chart.Version }} 11 | app: {{ template "redis-ha.fullname" . }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/templates/dex/role.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.dex.enabled }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: {{ template "argo-cd.dex.fullname" . }} 6 | labels: 7 | {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} 8 | rules: 9 | - apiGroups: 10 | - "" 11 | resources: 12 | - secrets 13 | - configmaps 14 | verbs: 15 | - get 16 | - list 17 | - watch 18 | {{- end }} -------------------------------------------------------------------------------- /argocd-install/argo-cd/templates/argocd-repo-server/role.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.repoServer.serviceAccount.create }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: {{ template "argo-cd.repoServer.fullname" . }} 6 | labels: 7 | {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} 8 | rules: 9 | {{- if .Values.repoServer.rbac }} 10 | {{toYaml .Values.repoServer.rbac }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/templates/argocd-repo-server/repository-credentials-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.configs.repositoryCredentials }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: argocd-repository-credentials 6 | labels: 7 | {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "secret") | nindent 4 }} 8 | type: Opaque 9 | data: 10 | {{- range $key, $value := .Values.configs.repositoryCredentials }} 11 | {{ $key }}: {{ $value | b64enc }} 12 | {{- end }} 13 | {{- end }} -------------------------------------------------------------------------------- /argocd-install/argo-cd/charts/redis-ha/templates/redis-haproxy-serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.haproxy.serviceAccount.create .Values.haproxy.enabled }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ template "redis-ha.serviceAccountName" . }}-haproxy 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | chart: {{ .Chart.Name }}-{{ .Chart.Version }} 11 | app: {{ template "redis-ha.fullname" . }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /argocd-apps/sample-app.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: sample-app 5 | namespace: argocd 6 | spec: 7 | destination: 8 | namespace: sample-app 9 | server: https://kubernetes.default.svc 10 | project: sample-project 11 | source: 12 | path: sample-app/ 13 | repoURL: https://github.com/kurtburak/argocd.git 14 | targetRevision: HEAD 15 | syncPolicy: 16 | syncOptions: 17 | - CreateNamespace=true 18 | automated: 19 | selfHeal: true 20 | prune: true 21 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/templates/argocd-configs/argocd-ssh-known-hosts-cm.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | {{- toYaml .Values.configs.knownHosts | nindent 0 }} 3 | kind: ConfigMap 4 | metadata: 5 | labels: 6 | {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "ssh-known-hosts-cm") | nindent 4 }} 7 | {{- if .Values.configs.knownHostsAnnotations }} 8 | annotations: 9 | {{- range $key, $value := .Values.configs.knownHostsAnnotations }} 10 | {{ $key }}: {{ $value | quote }} 11 | {{- end }} 12 | {{- end }} 13 | name: argocd-ssh-known-hosts-cm -------------------------------------------------------------------------------- /argocd-install/argo-cd/charts/redis-ha/templates/redis-ha-health-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ template "redis-ha.fullname" . }}-health-configmap 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | heritage: {{ .Release.Service }} 8 | release: {{ .Release.Name }} 9 | chart: {{ .Chart.Name }}-{{ .Chart.Version }} 10 | app: {{ template "redis-ha.fullname" . }} 11 | data: 12 | redis_liveness.sh: | 13 | {{- include "redis_liveness.sh" . }} 14 | sentinel_liveness.sh: | 15 | {{- include "sentinel_liveness.sh" . }} 16 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/templates/argocd-configs/argocd-cm.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.server.configEnabled }} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: argocd-cm 6 | labels: 7 | {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "cm") | nindent 4 }} 8 | {{- if .Values.server.configAnnotations }} 9 | annotations: 10 | {{- range $key, $value := .Values.server.configAnnotations }} 11 | {{ $key }}: {{ $value | quote }} 12 | {{- end }} 13 | {{- end }} 14 | data: 15 | {{- toYaml .Values.server.config | nindent 4 }} 16 | {{- end }} -------------------------------------------------------------------------------- /argocd-install/argo-cd/templates/argocd-application-controller/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.controller.clusterAdminAccess.enabled }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: {{ template "argo-cd.controller.fullname" . }} 6 | labels: 7 | {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} 8 | rules: 9 | - apiGroups: 10 | - '*' 11 | resources: 12 | - '*' 13 | verbs: 14 | - '*' 15 | - nonResourceURLs: 16 | - '*' 17 | verbs: 18 | - '*' 19 | {{- end }} -------------------------------------------------------------------------------- /argocd-install/argo-cd/templates/argocd-server/rolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: {{ template "argo-cd.server.fullname" . }} 5 | labels: 6 | {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} 7 | roleRef: 8 | apiGroup: rbac.authorization.k8s.io 9 | kind: Role 10 | name: {{ template "argo-cd.server.fullname" . }} 11 | subjects: 12 | - kind: ServiceAccount 13 | name: {{ template "argo-cd.serverServiceAccountName" . }} 14 | namespace: {{ .Release.Namespace }} -------------------------------------------------------------------------------- /argocd-install/argo-cd/charts/redis-ha/templates/redis-ha-rolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.serviceAccount.create .Values.rbac.create }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: RoleBinding 4 | metadata: 5 | name: {{ template "redis-ha.fullname" . }} 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{ include "labels.standard" . | indent 4 }} 9 | subjects: 10 | - kind: ServiceAccount 11 | name: {{ template "redis-ha.serviceAccountName" . }} 12 | roleRef: 13 | apiGroup: rbac.authorization.k8s.io 14 | kind: Role 15 | name: {{ template "redis-ha.fullname" . }} 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/templates/argocd-configs/argocd-tls-certs-cm.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | {{- if .Values.configs.tlsCerts }} 3 | {{- toYaml .Values.configs.tlsCerts | nindent 0 }} 4 | {{- end }} 5 | kind: ConfigMap 6 | metadata: 7 | labels: 8 | {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "tls-certs-cm") | nindent 4 }} 9 | {{- if .Values.configs.tlsCertsAnnotations }} 10 | annotations: 11 | {{- range $key, $value := .Values.configs.tlsCertsAnnotations }} 12 | {{ $key }}: {{ $value | quote }} 13 | {{- end }} 14 | {{- end }} 15 | name: argocd-tls-certs-cm -------------------------------------------------------------------------------- /argocd-install/argo-cd/templates/dex/rolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.dex.enabled }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: RoleBinding 4 | metadata: 5 | name: {{ template "argo-cd.dex.fullname" . }} 6 | labels: 7 | {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} 8 | roleRef: 9 | apiGroup: rbac.authorization.k8s.io 10 | kind: Role 11 | name: {{ template "argo-cd.dex.fullname" . }} 12 | subjects: 13 | - kind: ServiceAccount 14 | name: {{ template "argo-cd.dexServiceAccountName" . }} 15 | namespace: {{ .Release.Namespace }} 16 | {{- end }} -------------------------------------------------------------------------------- /argocd-install/argo-cd/templates/argocd-application-controller/rolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: {{ template "argo-cd.controller.fullname" . }} 5 | labels: 6 | {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} 7 | roleRef: 8 | apiGroup: rbac.authorization.k8s.io 9 | kind: Role 10 | name: {{ template "argo-cd.controller.fullname" . }} 11 | subjects: 12 | - kind: ServiceAccount 13 | name: {{ template "argo-cd.controllerServiceAccountName" . }} 14 | namespace: {{ .Release.Namespace }} -------------------------------------------------------------------------------- /argocd-install/argo-cd/templates/redis/service.yaml: -------------------------------------------------------------------------------- 1 | {{- $redisHa := (index .Values "redis-ha") -}} 2 | {{- if and .Values.redis.enabled (not $redisHa.enabled) -}} 3 | apiVersion: v1 4 | kind: Service 5 | metadata: 6 | name: {{ template "argo-cd.redis.fullname" . }} 7 | labels: 8 | {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} 9 | spec: 10 | ports: 11 | - port: {{ .Values.redis.servicePort }} 12 | targetPort: {{ .Values.redis.servicePort }} 13 | selector: 14 | {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.redis.name) | nindent 4 }} 15 | {{- end }} -------------------------------------------------------------------------------- /argocd-install/argo-cd/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | appVersion: 2.0.0 3 | dependencies: 4 | - condition: redis-ha.enabled 5 | name: redis-ha 6 | repository: https://dandydeveloper.github.io/charts/ 7 | version: 4.10.4 8 | description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool 9 | for Kubernetes. 10 | home: https://github.com/argoproj/argo-helm 11 | icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png 12 | keywords: 13 | - argoproj 14 | - argocd 15 | - gitops 16 | maintainers: 17 | - name: alexec 18 | - name: alexmt 19 | - name: jessesuen 20 | - name: seanson 21 | name: argo-cd 22 | version: 3.2.2 23 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.server.rbacConfigCreate }} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: argocd-rbac-cm 6 | labels: 7 | {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "rbac-cm") | nindent 4 }} 8 | {{- if .Values.server.rbacConfigAnnotations }} 9 | annotations: 10 | {{- range $key, $value := .Values.server.rbacConfigAnnotations }} 11 | {{ $key }}: {{ $value | quote }} 12 | {{- end }} 13 | {{- end }} 14 | {{- if .Values.server.rbacConfig }} 15 | data: 16 | {{- toYaml .Values.server.rbacConfig | nindent 4 }} 17 | {{- end }} 18 | {{- end }} 19 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/templates/argocd-repo-server/rolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.repoServer.serviceAccount.create }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: RoleBinding 4 | metadata: 5 | name: {{ template "argo-cd.repoServer.fullname" . }} 6 | labels: 7 | {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} 8 | roleRef: 9 | apiGroup: rbac.authorization.k8s.io 10 | kind: Role 11 | name: {{ template "argo-cd.repoServer.fullname" . }} 12 | subjects: 13 | - kind: ServiceAccount 14 | name: {{ template "argo-cd.repoServerServiceAccountName" . }} 15 | namespace: {{ .Release.Namespace }} 16 | {{- end }} -------------------------------------------------------------------------------- /argocd-install/argo-cd/templates/argocd-server/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.server.clusterAdminAccess.enabled }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRoleBinding 4 | metadata: 5 | name: {{ template "argo-cd.server.fullname" . }} 6 | labels: 7 | {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} 8 | roleRef: 9 | apiGroup: rbac.authorization.k8s.io 10 | kind: ClusterRole 11 | name: {{ template "argo-cd.server.fullname" . }} 12 | subjects: 13 | - kind: ServiceAccount 14 | name: {{ template "argo-cd.serverServiceAccountName" . }} 15 | namespace: {{ .Release.Namespace }} 16 | {{- end }} -------------------------------------------------------------------------------- /argocd-install/argo-cd/charts/redis-ha/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: 6.0.7 3 | description: Highly available Kubernetes implementation of Redis 4 | home: http://redis.io/ 5 | icon: https://upload.wikimedia.org/wikipedia/en/thumb/6/6b/Redis_Logo.svg/1200px-Redis_Logo.svg.png 6 | keywords: 7 | - redis 8 | - keyvalue 9 | - database 10 | maintainers: 11 | - email: salimsalaues@gmail.com 12 | name: ssalaues 13 | - email: aaron.layfield@gmail.com 14 | name: dandydeveloper 15 | name: redis-ha 16 | sources: 17 | - https://redis.io/download 18 | - https://github.com/scality/Zenko/tree/development/1.0/kubernetes/zenko/charts/redis-ha 19 | - https://github.com/oliver006/redis_exporter 20 | version: 4.10.4 21 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/templates/dex/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.dex.enabled .Values.dex.serviceAccount.create }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | automountServiceAccountToken: {{ .Values.dex.serviceAccount.automountServiceAccountToken }} 5 | metadata: 6 | name: {{ template "argo-cd.dexServiceAccountName" . }} 7 | {{- if .Values.dex.serviceAccount.annotations }} 8 | annotations: 9 | {{- range $key, $value := .Values.dex.serviceAccount.annotations }} 10 | {{ $key }}: {{ $value | quote }} 11 | {{- end }} 12 | {{- end }} 13 | labels: 14 | {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} 15 | {{- end }} 16 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/templates/argocd-server/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.server.serviceAccount.create }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | automountServiceAccountToken: {{ .Values.server.serviceAccount.automountServiceAccountToken }} 5 | metadata: 6 | name: {{ template "argo-cd.serverServiceAccountName" . }} 7 | {{- if .Values.server.serviceAccount.annotations }} 8 | annotations: 9 | {{- range $key, $value := .Values.server.serviceAccount.annotations }} 10 | {{ $key }}: {{ $value | quote }} 11 | {{- end }} 12 | {{- end }} 13 | labels: 14 | {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} 15 | {{- end }} 16 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/charts/redis-ha/templates/redis-ha-role.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.serviceAccount.create .Values.rbac.create }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: {{ template "redis-ha.fullname" . }} 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{ include "labels.standard" . | indent 4 }} 9 | rules: 10 | - apiGroups: 11 | - "" 12 | resources: 13 | - endpoints 14 | verbs: 15 | - get 16 | {{- if .Values.podSecurityPolicy.create }} 17 | - apiGroups: 18 | - 'policy' 19 | resources: 20 | - 'podsecuritypolicies' 21 | verbs: 22 | - 'use' 23 | resourceNames: 24 | - {{ template "redis-ha.fullname" . }} 25 | {{- end }} 26 | {{- end }} 27 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.controller.clusterAdminAccess.enabled }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRoleBinding 4 | metadata: 5 | name: {{ template "argo-cd.controller.fullname" . }} 6 | labels: 7 | {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} 8 | roleRef: 9 | apiGroup: rbac.authorization.k8s.io 10 | kind: ClusterRole 11 | name: {{ template "argo-cd.controller.fullname" . }} 12 | subjects: 13 | - kind: ServiceAccount 14 | name: {{ template "argo-cd.controllerServiceAccountName" . }} 15 | namespace: {{ .Release.Namespace }} 16 | {{- end }} -------------------------------------------------------------------------------- /argocd-install/argo-cd/templates/argocd-repo-server/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.repoServer.serviceAccount.create }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | automountServiceAccountToken: {{ .Values.repoServer.serviceAccount.automountServiceAccountToken }} 5 | metadata: 6 | name: {{ template "argo-cd.repoServerServiceAccountName" . }} 7 | {{- if .Values.repoServer.serviceAccount.annotations }} 8 | annotations: 9 | {{- range $key, $value := .Values.repoServer.serviceAccount.annotations }} 10 | {{ $key }}: {{ $value | quote }} 11 | {{- end }} 12 | {{- end }} 13 | labels: 14 | {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} 15 | {{- end }} -------------------------------------------------------------------------------- /argocd-install/argo-cd/charts/redis-ha/templates/redis-ha-pdb.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.podDisruptionBudget -}} 2 | apiVersion: policy/v1beta1 3 | kind: PodDisruptionBudget 4 | metadata: 5 | name: {{ template "redis-ha.fullname" . }}-pdb 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{ include "labels.standard" . | indent 4 }} 9 | spec: 10 | selector: 11 | matchLabels: 12 | # The replica label is set on StatefulSet pods but not the Test pods 13 | # We want to avoid including the Test pods in the budget 14 | {{ template "redis-ha.fullname" . }}: replica 15 | release: {{ .Release.Name }} 16 | app: {{ template "redis-ha.name" . }} 17 | {{ toYaml .Values.podDisruptionBudget | indent 2 }} 18 | {{- end -}} 19 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/templates/argocd-application-controller/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.controller.serviceAccount.create }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | automountServiceAccountToken: {{ .Values.controller.serviceAccount.automountServiceAccountToken }} 5 | metadata: 6 | name: {{ template "argo-cd.controllerServiceAccountName" . }} 7 | {{- if .Values.controller.serviceAccount.annotations }} 8 | annotations: 9 | {{- range $key, $value := .Values.controller.serviceAccount.annotations }} 10 | {{ $key }}: {{ $value | quote }} 11 | {{- end }} 12 | {{- end }} 13 | labels: 14 | {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} 15 | {{- end }} 16 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/charts/redis-ha/templates/redis-haproxy-rolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.haproxy.enabled }} 2 | {{- if and .Values.haproxy.serviceAccount.create .Values.rbac.create }} 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: RoleBinding 5 | metadata: 6 | name: {{ template "redis-ha.fullname" . }}-haproxy 7 | namespace: {{ .Release.Namespace }} 8 | labels: 9 | {{ include "labels.standard" . | indent 4 }} 10 | component: {{ template "redis-ha.fullname" . }}-haproxy 11 | subjects: 12 | - kind: ServiceAccount 13 | name: {{ template "redis-ha.serviceAccountName" . }}-haproxy 14 | roleRef: 15 | apiGroup: rbac.authorization.k8s.io 16 | kind: Role 17 | name: {{ template "redis-ha.fullname" . }}-haproxy 18 | {{- end }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/templates/argocd-server/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.server.clusterAdminAccess.enabled }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: {{ template "argo-cd.server.fullname" . }} 6 | labels: 7 | {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} 8 | rules: 9 | - apiGroups: 10 | - '*' 11 | resources: 12 | - '*' 13 | verbs: 14 | - delete 15 | - get 16 | - patch 17 | - apiGroups: 18 | - "" 19 | resources: 20 | - events 21 | verbs: 22 | - list 23 | - apiGroups: 24 | - "" 25 | resources: 26 | - pods 27 | - pods/log 28 | verbs: 29 | - get 30 | {{- end }} -------------------------------------------------------------------------------- /argocd-install/argo-cd/templates/argocd-application-controller/role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | name: {{ template "argo-cd.controller.fullname" . }} 5 | labels: 6 | {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} 7 | rules: 8 | - apiGroups: 9 | - "" 10 | resources: 11 | - secrets 12 | - configmaps 13 | verbs: 14 | - get 15 | - list 16 | - watch 17 | - apiGroups: 18 | - argoproj.io 19 | resources: 20 | - applications 21 | - appprojects 22 | verbs: 23 | - create 24 | - get 25 | - list 26 | - watch 27 | - update 28 | - patch 29 | - delete 30 | - apiGroups: 31 | - "" 32 | resources: 33 | - events 34 | verbs: 35 | - create 36 | - list -------------------------------------------------------------------------------- /argocd-install/argo-cd/charts/redis-ha/templates/tests/test-redis-ha-pod.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.haproxy.enabled }} 2 | apiVersion: v1 3 | kind: Pod 4 | metadata: 5 | name: {{ template "redis-ha.fullname" . }}-service-test 6 | labels: 7 | {{ include "labels.standard" . | indent 4 }} 8 | annotations: 9 | "helm.sh/hook": test-success 10 | spec: 11 | containers: 12 | - name: "{{ .Release.Name }}-service-test" 13 | image: {{ .Values.image.repository }}:{{ .Values.image.tag }} 14 | command: 15 | - sh 16 | - -c 17 | - redis-cli -h {{ template "redis-ha.fullname" . }}-haproxy -p {{ .Values.redis.port }} info server 18 | {{- if .Values.imagePullSecrets }} 19 | imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 4 }} 20 | {{- end }} 21 | restartPolicy: Never 22 | {{- end }} 23 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/templates/argocd-repo-server/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | {{- if .Values.repoServer.service.annotations }} 5 | annotations: 6 | {{- range $key, $value := .Values.repoServer.service.annotations }} 7 | {{ $key }}: {{ $value | quote }} 8 | {{- end }} 9 | {{- end }} 10 | labels: 11 | {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} 12 | name: {{ template "argo-cd.repoServer.fullname" . }} 13 | spec: 14 | ports: 15 | - name: {{ .Values.repoServer.service.portName }} 16 | protocol: TCP 17 | port: {{ .Values.repoServer.service.port }} 18 | targetPort: repo-server 19 | selector: 20 | {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 4 }} -------------------------------------------------------------------------------- /argocd-install/argo-cd/templates/argocd-server/role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | name: {{ template "argo-cd.server.fullname" . }} 5 | labels: 6 | {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} 7 | rules: 8 | - apiGroups: 9 | - "" 10 | resources: 11 | - secrets 12 | - configmaps 13 | verbs: 14 | - create 15 | - get 16 | - list 17 | - watch 18 | - update 19 | - patch 20 | - delete 21 | - apiGroups: 22 | - argoproj.io 23 | resources: 24 | - applications 25 | - appprojects 26 | verbs: 27 | - create 28 | - get 29 | - list 30 | - watch 31 | - update 32 | - delete 33 | - patch 34 | - apiGroups: 35 | - "" 36 | resources: 37 | - events 38 | verbs: 39 | - create 40 | - list -------------------------------------------------------------------------------- /argocd-install/argo-cd/templates/argocd-application-controller/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | {{- if .Values.controller.service.annotations }} 5 | annotations: 6 | {{- range $key, $value := .Values.controller.service.annotations }} 7 | {{ $key }}: {{ $value | quote }} 8 | {{- end }} 9 | {{- end }} 10 | name: {{ template "argo-cd.controller.fullname" . }} 11 | labels: 12 | {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} 13 | spec: 14 | ports: 15 | - name: {{ .Values.controller.service.portName }} 16 | port: {{ .Values.controller.service.port }} 17 | targetPort: {{ .Values.controller.containerPort }} 18 | selector: 19 | {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 4 }} -------------------------------------------------------------------------------- /argocd-install/argo-cd/charts/redis-ha/templates/tests/test-redis-ha-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: {{ template "redis-ha.fullname" . }}-configmap-test 5 | labels: 6 | {{ include "labels.standard" . | indent 4 }} 7 | annotations: 8 | "helm.sh/hook": test-success 9 | spec: 10 | containers: 11 | - name: check-init 12 | image: koalaman/shellcheck:v0.5.0 13 | args: 14 | - --shell=sh 15 | - /readonly-config/init.sh 16 | volumeMounts: 17 | - name: config 18 | mountPath: /readonly-config 19 | readOnly: true 20 | {{- if .Values.imagePullSecrets }} 21 | imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 4 }} 22 | {{- end }} 23 | restartPolicy: Never 24 | volumes: 25 | - name: config 26 | configMap: 27 | name: {{ template "redis-ha.fullname" . }}-configmap 28 | -------------------------------------------------------------------------------- /argocd-install/01-install-argocd.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | DIRNAME=`dirname $0` 3 | 4 | if [ -z ${ARGOCD_NS+x} ];then 5 | ARGOCD_NS='argocd' 6 | fi 7 | 8 | if [ -z ${1+x} ]; then 9 | VALUES_FILE="${DIRNAME}/argo-cd/values.yaml" 10 | echo "INFO: Using default values file './argo-cd/values.yaml'" 11 | else 12 | if [ -f $1 ]; then 13 | echo "INFO: Using values file $1" 14 | VALUES_FILE=$1 15 | else 16 | echo "ERROR: No file exist $1" 17 | exit 1 18 | fi 19 | fi 20 | 21 | echo "INFO: Argocd will be installed on $ARGOCD_NS namespace with values file $VALUES_FILE" 22 | echo -n "Do you want to proceed? [y/n]: " 23 | read ans 24 | if [ "$ans" == "y" ]; then 25 | helm upgrade --install argocd ./argo-cd \ 26 | --namespace=$ARGOCD_NS \ 27 | --create-namespace \ 28 | -f $VALUES_FILE 29 | else 30 | echo "INFO: Exit without any action" 31 | exit 0 32 | fi 33 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/charts/redis-ha/templates/redis-haproxy-role.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.haproxy.enabled }} 2 | {{- if and .Values.haproxy.serviceAccount.create .Values.rbac.create }} 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: Role 5 | metadata: 6 | name: {{ template "redis-ha.fullname" . }}-haproxy 7 | namespace: {{ .Release.Namespace }} 8 | labels: 9 | {{ include "labels.standard" . | indent 4 }} 10 | component: {{ template "redis-ha.fullname" . }}-haproxy 11 | rules: 12 | - apiGroups: 13 | - "" 14 | resources: 15 | - endpoints 16 | verbs: 17 | - get 18 | {{- if .Values.haproxy.podSecurityPolicy.create }} 19 | - apiGroups: 20 | - 'policy' 21 | resources: 22 | - 'podsecuritypolicies' 23 | verbs: 24 | - 'use' 25 | resourceNames: 26 | - {{ template "redis-ha.fullname" . }}-haproxy 27 | {{- end }} 28 | {{- end }} 29 | {{- end }} 30 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/charts/redis-ha/templates/redis-ha-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ template "redis-ha.fullname" . }}-configmap 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | heritage: {{ .Release.Service }} 8 | release: {{ .Release.Name }} 9 | chart: {{ .Chart.Name }}-{{ .Chart.Version }} 10 | app: {{ template "redis-ha.fullname" . }} 11 | {{- range $key, $value := .Values.configmap.labels }} 12 | {{ $key }}: {{ $value | toString }} 13 | {{- end }} 14 | data: 15 | redis.conf: | 16 | {{- include "config-redis.conf" . }} 17 | 18 | sentinel.conf: | 19 | {{- include "config-sentinel.conf" . }} 20 | 21 | init.sh: | 22 | {{- include "config-init.sh" . }} 23 | {{ if .Values.haproxy.enabled }} 24 | haproxy.cfg: |- 25 | {{- include "config-haproxy.cfg" . }} 26 | {{- end }} 27 | haproxy_init.sh: | 28 | {{- include "config-haproxy_init.sh" . }} 29 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/templates/argocd-server/route.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.server.route.enabled -}} 2 | apiVersion: route.openshift.io/v1 3 | kind: Route 4 | metadata: 5 | name: {{ template "argo-cd.server.fullname" . }} 6 | labels: 7 | {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} 8 | {{- with .Values.server.route.annotations }} 9 | annotations: 10 | {{ toYaml . | indent 4 }} 11 | {{- end }} 12 | spec: 13 | host: {{ .Values.server.route.hostname | quote }} 14 | to: 15 | kind: Service 16 | name: {{ template "argo-cd.server.fullname" . }} 17 | weight: 100 18 | port: 19 | targetPort: https 20 | tls: 21 | termination: {{ .Values.server.route.termination_type | default "passthrough" }} 22 | insecureEdgeTerminationPolicy: {{ .Values.server.route.termination_policy | default "None" }} 23 | wildcardPolicy: None 24 | {{- end }} 25 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/charts/redis-ha/templates/redis-tls-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.redis.tlsPort (not .Values.tls.secretName) -}} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | metadata: 6 | name: {{ template "redis-ha.fullname" . }}-tls-secret 7 | namespace: {{ .Release.Namespace }} 8 | labels: 9 | {{ include "labels.standard" . | indent 4 }} 10 | type: Opaque 11 | data: 12 | {{- if .Values.tls.caCertFile }} 13 | {{ .Values.tls.caCertFile }}: {{ .Files.Get "certs/ca.crt" | b64enc }} 14 | {{- end }} 15 | {{- if .Values.tls.certFile }} 16 | {{ .Values.tls.certFile }}: {{ .Files.Get "certs/redis.crt" | b64enc }} 17 | {{- end }} 18 | {{- if .Values.tls.keyFile }} 19 | {{ .Values.tls.keyFile }}: {{ .Files.Get "certs/redis.key" | b64enc }} 20 | {{- end }} 21 | {{- if .Values.tls.dhParamsFile }} 22 | {{ .Values.tls.dhParamsFile }}: {{ .Files.Get "certs/redis.dh" | b64enc }} 23 | {{- end }} 24 | {{- end }} 25 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/templates/argocd-configs/cluster-secrets.yaml: -------------------------------------------------------------------------------- 1 | {{- range .Values.configs.clusterCredentials }} 2 | --- 3 | apiVersion: v1 4 | kind: Secret 5 | metadata: 6 | name: {{ include "argo-cd.name" $ }}-cluster-{{ .name }} 7 | labels: 8 | {{- include "argo-cd.labels" (dict "context" $) | nindent 4 }} 9 | {{- with .labels }} 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | argocd.argoproj.io/secret-type: cluster 13 | {{- with .annotations }} 14 | annotations: 15 | {{- toYaml . | nindent 4 }} 16 | {{- end }} 17 | type: Opaque 18 | stringData: 19 | name: {{ required "A valid .Values.configs.clusterCredentials[].name entry is required!" .name }} 20 | server: {{ required "A valid .Values.configs.clusterCredentials[].server entry is required!" .server }} 21 | {{- with .namespaces }} 22 | namespaces: {{ . }} 23 | {{- end }} 24 | config: | 25 | {{- required "A valid .Values.configs.clusterCredentials[].config entry is required!" .config | toPrettyJson | nindent 4 }} 26 | {{- end }} 27 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/templates/argocd-server/metrics-service.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.server.metrics.enabled }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | {{- if .Values.server.metrics.service.annotations }} 6 | annotations: 7 | {{- range $key, $value := .Values.server.metrics.service.annotations }} 8 | {{ $key }}: {{ $value | quote }} 9 | {{- end }} 10 | {{- end }} 11 | labels: 12 | {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" (printf "%s-metrics" .Values.server.name)) | nindent 4 }} 13 | {{- if .Values.server.metrics.service.labels }} 14 | {{- toYaml .Values.server.metrics.service.labels | nindent 4 }} 15 | {{- end }} 16 | name: {{ template "argo-cd.server.fullname" . }}-metrics 17 | spec: 18 | ports: 19 | - name: metrics 20 | protocol: TCP 21 | port: {{ .Values.server.metrics.service.servicePort }} 22 | targetPort: metrics 23 | selector: 24 | {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }} 25 | {{- end }} -------------------------------------------------------------------------------- /argocd-install/argo-cd/templates/argocd-application-controller/metrics-service.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.controller.metrics.enabled}} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | {{- if .Values.controller.metrics.service.annotations }} 6 | annotations: 7 | {{- range $key, $value := .Values.controller.metrics.service.annotations }} 8 | {{ $key }}: {{ $value | quote }} 9 | {{- end }} 10 | {{- end }} 11 | labels: 12 | {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" "metrics") | nindent 4 }} 13 | {{- if .Values.controller.metrics.service.labels }} 14 | {{- toYaml .Values.controller.metrics.service.labels | nindent 4 }} 15 | {{- end }} 16 | name: {{ template "argo-cd.controller.fullname" . }}-metrics 17 | spec: 18 | ports: 19 | - name: metrics 20 | protocol: TCP 21 | port: {{ .Values.controller.metrics.service.servicePort }} 22 | targetPort: controller 23 | selector: 24 | {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 4 }} 25 | {{- end }} -------------------------------------------------------------------------------- /argocd-install/argo-cd/templates/argocd-application-controller/prometheusrule.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.controller.metrics.enabled .Values.controller.metrics.rules.enabled }} 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: PrometheusRule 4 | metadata: 5 | name: {{ template "argo-cd.controller.fullname" . }} 6 | {{- if .Values.controller.metrics.rules.namespace }} 7 | namespace: {{ .Values.controller.metrics.rules.namespace }} 8 | {{- end }} 9 | labels: 10 | {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} 11 | {{- if .Values.controller.metrics.rules.selector }} 12 | {{- toYaml .Values.controller.metrics.rules.selector | nindent 4 }} 13 | {{- end }} 14 | {{- if .Values.controller.metrics.rules.additionalLabels }} 15 | {{- toYaml .Values.controller.metrics.rules.additionalLabels | nindent 4 }} 16 | {{- end }} 17 | spec: 18 | groups: 19 | - name: argocd 20 | rules: 21 | {{- toYaml .Values.controller.metrics.rules.spec | nindent 4 }} 22 | {{- end }} 23 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/templates/argocd-repo-server/metrics-service.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.repoServer.metrics.enabled}} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | {{- if .Values.repoServer.metrics.service.annotations }} 6 | annotations: 7 | {{- range $key, $value := .Values.repoServer.metrics.service.annotations }} 8 | {{ $key }}: {{ $value | quote }} 9 | {{- end }} 10 | {{- end }} 11 | labels: 12 | {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" (printf "%s-metrics" .Values.repoServer.name)) | nindent 4 }} 13 | {{- if .Values.repoServer.metrics.service.labels }} 14 | {{- toYaml .Values.repoServer.metrics.service.labels | nindent 4 }} 15 | {{- end }} 16 | name: {{ template "argo-cd.repoServer.fullname" . }}-metrics 17 | spec: 18 | ports: 19 | - name: metrics 20 | protocol: TCP 21 | port: {{ .Values.repoServer.metrics.service.servicePort }} 22 | targetPort: metrics 23 | selector: 24 | {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 4 }} 25 | {{- end }} -------------------------------------------------------------------------------- /argocd-install/argo-cd/charts/redis-ha/templates/redis-ha-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- $regexRestoreS3 := "^s3://.+|^S3://.+" -}} 2 | {{- $regexRestoreSSH := "^.+@.+:.+" -}} 3 | 4 | {{- if or (regexFind $regexRestoreSSH (toString .Values.restore.ssh.source)) (regexFind $regexRestoreS3 (toString .Values.restore.s3.source)) }} 5 | apiVersion: v1 6 | kind: Secret 7 | metadata: 8 | name: {{ include "redis-ha.fullname" . }}-secret 9 | namespace: {{ .Release.Namespace }} 10 | labels: 11 | heritage: {{ .Release.Service }} 12 | release: {{ .Release.Name }} 13 | chart: {{ .Chart.Name }}-{{ .Chart.Version }} 14 | app: {{ template "redis-ha.fullname" . }} 15 | type: Opaque 16 | data: 17 | {{- if regexFind $regexRestoreSSH (toString .Values.restore.ssh.source) }} 18 | SSH_KEY: "{{ .Values.restore.ssh.key | b64enc }}" 19 | {{- end }} 20 | {{- if regexFind $regexRestoreS3 (toString .Values.restore.s3.source) }} 21 | AWS_SECRET_ACCESS_KEY: "{{ .Values.restore.s3.secret_key | b64enc }}" 22 | AWS_ACCESS_KEY_ID: "{{ .Values.restore.s3.access_key | b64enc }}" 23 | {{- end }} 24 | {{- end }} 25 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | In order to access the server UI you have the following options: 2 | 3 | 1. kubectl port-forward service/{{include "argo-cd.fullname" . }}-server -n {{ .Release.Namespace }} 8080:443 4 | 5 | and then open the browser on http://localhost:8080 and accept the certificate 6 | 7 | 2. enable ingress in the values file `server.ingress.enabled` and either 8 | - Add the annotation for ssl passthrough: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ingress.md#option-1-ssl-passthrough 9 | - Add the `--insecure` flag to `server.extraArgs` in the values file and terminate SSL at your ingress: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ingress.md#option-2-multiple-ingress-objects-and-hosts 10 | 11 | 12 | After reaching the UI the first time you can login with username: admin and the password will be the 13 | name of the server pod. You can get the pod name by running: 14 | 15 | kubectl get pods -n {{ .Release.Namespace }} -l app.kubernetes.io/name={{ include "argo-cd.name" . }}-server -o name | cut -d'/' -f 2 16 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/templates/argocd-server/hpa.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.server.autoscaling.enabled }} 2 | apiVersion: autoscaling/v2beta1 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | labels: 6 | {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" (printf "%s-hpa" .Values.server.name)) | nindent 4 }} 7 | name: {{ template "argo-cd.server.fullname" . }}-hpa 8 | spec: 9 | scaleTargetRef: 10 | apiVersion: apps/v1 11 | kind: Deployment 12 | name: {{ template "argo-cd.server.fullname" . }} 13 | minReplicas: {{ .Values.server.autoscaling.minReplicas }} 14 | maxReplicas: {{ .Values.server.autoscaling.maxReplicas }} 15 | metrics: 16 | {{- with .Values.server.autoscaling.targetMemoryUtilizationPercentage }} 17 | - type: Resource 18 | resource: 19 | name: memory 20 | targetAverageUtilization: {{ . }} 21 | {{- end }} 22 | {{- with .Values.server.autoscaling.targetCPUUtilizationPercentage }} 23 | - type: Resource 24 | resource: 25 | name: cpu 26 | targetAverageUtilization: {{ . }} 27 | {{- end }} 28 | {{- end }} 29 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/templates/argocd-repo-server/hpa.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.repoServer.autoscaling.enabled }} 2 | apiVersion: autoscaling/v2beta1 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | labels: 6 | {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" (printf "%s-hpa" .Values.repoServer.name)) | nindent 4 }} 7 | name: {{ template "argo-cd.repoServer.fullname" . }}-hpa 8 | spec: 9 | scaleTargetRef: 10 | apiVersion: apps/v1 11 | kind: Deployment 12 | name: {{ template "argo-cd.repoServer.fullname" . }} 13 | minReplicas: {{ .Values.repoServer.autoscaling.minReplicas }} 14 | maxReplicas: {{ .Values.repoServer.autoscaling.maxReplicas }} 15 | metrics: 16 | {{- with .Values.repoServer.autoscaling.targetMemoryUtilizationPercentage }} 17 | - type: Resource 18 | resource: 19 | name: memory 20 | targetAverageUtilization: {{ . }} 21 | {{- end }} 22 | {{- with .Values.repoServer.autoscaling.targetCPUUtilizationPercentage }} 23 | - type: Resource 24 | resource: 25 | name: cpu 26 | targetAverageUtilization: {{ . }} 27 | {{- end }} 28 | {{- end }} 29 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/templates/argocd-server/certificate.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.server.certificate.enabled -}} 2 | {{- if .Capabilities.APIVersions.Has "cert-manager.io/v1" }} 3 | apiVersion: cert-manager.io/v1 4 | {{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1alpha3" }} 5 | apiVersion: cert-manager.io/v1alpha3 6 | {{- else if .Capabilities.APIVersions.Has "cert-manager.io/v1alpha2" }} 7 | apiVersion: cert-manager.io/v1alpha2 8 | {{- else }} 9 | apiVersion: certmanager.k8s.io/v1alpha1 10 | {{- end }} 11 | kind: Certificate 12 | metadata: 13 | name: {{ template "argo-cd.server.fullname" . }} 14 | labels: 15 | {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} 16 | spec: 17 | commonName: {{ .Values.server.certificate.domain | quote }} 18 | dnsNames: 19 | - {{ .Values.server.certificate.domain | quote }} 20 | {{- range .Values.server.certificate.additionalHosts }} 21 | - {{ . | quote }} 22 | {{- end }} 23 | issuerRef: 24 | kind: {{ .Values.server.certificate.issuer.kind | quote }} 25 | name: {{ .Values.server.certificate.issuer.name | quote }} 26 | secretName: argocd-secret 27 | {{- end }} 28 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/charts/redis-ha/templates/redis-ha-psp.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.podSecurityPolicy.create }} 2 | apiVersion: policy/v1beta1 3 | kind: PodSecurityPolicy 4 | metadata: 5 | name: {{ template "redis-ha.fullname" . }} 6 | labels: 7 | {{ include "labels.standard" . | indent 4 }} 8 | spec: 9 | allowPrivilegeEscalation: false 10 | fsGroup: 11 | rule: 'MustRunAs' 12 | ranges: 13 | - min: {{ .Values.securityContext.fsGroup }} 14 | max: {{ .Values.securityContext.fsGroup }} 15 | hostIPC: false 16 | hostNetwork: false 17 | hostPID: false 18 | privileged: false 19 | readOnlyRootFilesystem: false 20 | requiredDropCapabilities: 21 | - ALL 22 | runAsUser: 23 | rule: 'MustRunAs' 24 | ranges: 25 | - min: {{ .Values.securityContext.runAsUser }} 26 | max: {{ .Values.securityContext.runAsUser }} 27 | seLinux: 28 | rule: 'RunAsAny' 29 | supplementalGroups: 30 | rule: 'MustRunAs' 31 | ranges: 32 | - min: {{ .Values.securityContext.runAsUser }} 33 | max: {{ .Values.securityContext.runAsUser }} 34 | volumes: 35 | - 'configMap' 36 | - 'secret' 37 | - 'emptyDir' 38 | - 'persistentVolumeClaim' 39 | {{- end -}} 40 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/templates/dex/service.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.dex.enabled }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ template "argo-cd.dex.fullname" . }} 6 | {{- if .Values.dex.metrics.service.annotations }} 7 | annotations: 8 | {{- range $key, $value := .Values.dex.metrics.service.annotations }} 9 | {{ $key }}: {{ $value | quote }} 10 | {{- end }} 11 | {{- end }} 12 | labels: 13 | {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} 14 | {{- if .Values.dex.metrics.service.labels }} 15 | {{- toYaml .Values.dex.metrics.service.labels | nindent 4 }} 16 | {{- end }} 17 | spec: 18 | ports: 19 | - name: http 20 | protocol: TCP 21 | port: {{ .Values.dex.servicePortHttp }} 22 | targetPort: http 23 | - name: grpc 24 | protocol: TCP 25 | port: {{ .Values.dex.servicePortGrpc }} 26 | targetPort: grpc 27 | {{- if .Values.dex.metrics.enabled }} 28 | - name: metrics 29 | protocol: TCP 30 | port: {{ .Values.dex.servicePortMetrics }} 31 | targetPort: metrics 32 | {{- end }} 33 | selector: 34 | {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.dex.name) | nindent 4 }} 35 | {{- end }} 36 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/templates/dex/servicemonitor.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.dex.metrics.enabled .Values.dex.metrics.serviceMonitor.enabled }} 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: ServiceMonitor 4 | metadata: 5 | name: {{ template "argo-cd.dex.fullname" . }} 6 | {{- if .Values.dex.metrics.serviceMonitor.namespace }} 7 | namespace: {{ .Values.dex.metrics.serviceMonitor.namespace }} 8 | {{- end }} 9 | labels: 10 | {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} 11 | {{- if .Values.dex.metrics.serviceMonitor.selector }} 12 | {{- toYaml .Values.dex.metrics.serviceMonitor.selector | nindent 4 }} 13 | {{- end }} 14 | {{- if .Values.dex.metrics.serviceMonitor.additionalLabels }} 15 | {{- toYaml .Values.dex.metrics.serviceMonitor.additionalLabels | nindent 4 }} 16 | {{- end }} 17 | spec: 18 | endpoints: 19 | - port: metrics 20 | interval: 30s 21 | path: /metrics 22 | namespaceSelector: 23 | matchNames: 24 | - {{ .Release.Namespace }} 25 | selector: 26 | matchLabels: 27 | {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 6 }} 28 | {{- end }} -------------------------------------------------------------------------------- /argocd-install/argo-cd/templates/argocd-server/servicemonitor.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.server.metrics.enabled .Values.server.metrics.serviceMonitor.enabled }} 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: ServiceMonitor 4 | metadata: 5 | name: {{ template "argo-cd.server.fullname" . }} 6 | {{- if .Values.server.metrics.serviceMonitor.namespace }} 7 | namespace: {{ .Values.server.metrics.serviceMonitor.namespace }} 8 | {{- end }} 9 | labels: 10 | {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} 11 | {{- if .Values.server.metrics.serviceMonitor.selector }} 12 | {{- toYaml .Values.server.metrics.serviceMonitor.selector | nindent 4 }} 13 | {{- end }} 14 | {{- if .Values.server.metrics.serviceMonitor.additionalLabels }} 15 | {{- toYaml .Values.server.metrics.serviceMonitor.additionalLabels | nindent 4 }} 16 | {{- end }} 17 | spec: 18 | endpoints: 19 | - port: metrics 20 | interval: 30s 21 | path: /metrics 22 | namespaceSelector: 23 | matchNames: 24 | - {{ .Release.Namespace }} 25 | selector: 26 | matchLabels: 27 | {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.server.name "name" (printf "%s-metrics" .Values.server.name)) | nindent 6 }} 28 | {{- end }} 29 | 30 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/charts/redis-ha/templates/redis-haproxy-psp.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.haproxy.podSecurityPolicy.create .Values.haproxy.enabled }} 2 | apiVersion: policy/v1beta1 3 | kind: PodSecurityPolicy 4 | metadata: 5 | name: {{ template "redis-ha.fullname" . }}-haproxy 6 | labels: 7 | {{ include "labels.standard" . | indent 4 }} 8 | component: {{ template "redis-ha.fullname" . }}-haproxy 9 | spec: 10 | allowPrivilegeEscalation: false 11 | fsGroup: 12 | rule: 'MustRunAs' 13 | ranges: 14 | - min: {{ .Values.haproxy.securityContext.fsGroup }} 15 | max: {{ .Values.haproxy.securityContext.fsGroup }} 16 | hostIPC: false 17 | hostNetwork: false 18 | hostPID: false 19 | privileged: false 20 | readOnlyRootFilesystem: false 21 | requiredDropCapabilities: 22 | - ALL 23 | runAsUser: 24 | rule: 'MustRunAs' 25 | ranges: 26 | - min: {{ .Values.haproxy.securityContext.runAsUser }} 27 | max: {{ .Values.haproxy.securityContext.runAsUser }} 28 | seLinux: 29 | rule: 'RunAsAny' 30 | supplementalGroups: 31 | rule: 'MustRunAs' 32 | ranges: 33 | - min: {{ .Values.haproxy.securityContext.runAsUser }} 34 | max: {{ .Values.haproxy.securityContext.runAsUser }} 35 | volumes: 36 | - 'configMap' 37 | - 'secret' 38 | - 'emptyDir' 39 | {{- end -}} 40 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/templates/argocd-server/applications.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.server.additionalApplications }} 2 | apiVersion: v1 3 | kind: List 4 | items: 5 | {{- range .Values.server.additionalApplications }} 6 | - apiVersion: argoproj.io/v1alpha1 7 | kind: Application 8 | metadata: 9 | {{- if .additionalAnnotations }} 10 | annotations: 11 | {{- range $key, $value := .additionalAnnotations }} 12 | {{ $key }}: {{ $value | quote }} 13 | {{- end }} 14 | {{- end }} 15 | {{- if .additionalLabels }} 16 | labels: 17 | {{- toYaml .additionalLabels | nindent 8 }} 18 | {{- end }} 19 | name: {{ .name }} 20 | {{- if .namespace }} 21 | namespace: {{ .namespace }} 22 | {{- end }} 23 | {{- if .finalizers }} 24 | finalizers: 25 | {{- toYaml .finalizers | nindent 8 }} 26 | {{- end }} 27 | spec: 28 | project: {{ tpl .project $ }} 29 | source: 30 | {{- toYaml .source | nindent 8 }} 31 | destination: 32 | {{- toYaml .destination | nindent 8 }} 33 | {{- if .syncPolicy }} 34 | syncPolicy: 35 | {{- toYaml .syncPolicy | nindent 8 }} 36 | {{- end }} 37 | {{- if .ignoreDifferences }} 38 | ignoreDifferences: 39 | {{- toYaml .ignoreDifferences | nindent 8 }} 40 | {{- end }} 41 | {{- end }} 42 | {{- end }} -------------------------------------------------------------------------------- /argocd-install/argo-cd/templates/argocd-application-controller/servicemonitor.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.controller.metrics.enabled .Values.controller.metrics.serviceMonitor.enabled }} 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: ServiceMonitor 4 | metadata: 5 | name: {{ template "argo-cd.controller.fullname" . }} 6 | {{- if .Values.controller.metrics.serviceMonitor.namespace }} 7 | namespace: {{ .Values.controller.metrics.serviceMonitor.namespace }} 8 | {{- end }} 9 | labels: 10 | {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} 11 | {{- if .Values.controller.metrics.serviceMonitor.selector }} 12 | {{- toYaml .Values.controller.metrics.serviceMonitor.selector | nindent 4 }} 13 | {{- end }} 14 | {{- if .Values.controller.metrics.serviceMonitor.additionalLabels }} 15 | {{- toYaml .Values.controller.metrics.serviceMonitor.additionalLabels | nindent 4 }} 16 | {{- end }} 17 | spec: 18 | endpoints: 19 | - port: metrics 20 | interval: 30s 21 | path: /metrics 22 | namespaceSelector: 23 | matchNames: 24 | - {{ .Release.Namespace }} 25 | selector: 26 | matchLabels: 27 | {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.controller.name "name" "metrics") | nindent 6 }} 28 | {{- end }} 29 | 30 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/templates/argocd-repo-server/servicemonitor.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.repoServer.metrics.enabled .Values.repoServer.metrics.serviceMonitor.enabled }} 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: ServiceMonitor 4 | metadata: 5 | name: {{ template "argo-cd.repoServer.fullname" . }} 6 | {{- if .Values.repoServer.metrics.serviceMonitor.namespace }} 7 | namespace: {{ .Values.repoServer.metrics.serviceMonitor.namespace }} 8 | {{- end }} 9 | labels: 10 | {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} 11 | {{- if .Values.repoServer.metrics.serviceMonitor.selector }} 12 | {{- toYaml .Values.repoServer.metrics.serviceMonitor.selector | nindent 4 }} 13 | {{- end }} 14 | {{- if .Values.repoServer.metrics.serviceMonitor.additionalLabels }} 15 | {{- toYaml .Values.repoServer.metrics.serviceMonitor.additionalLabels | nindent 4 }} 16 | {{- end }} 17 | spec: 18 | endpoints: 19 | - port: metrics 20 | interval: 30s 21 | path: /metrics 22 | namespaceSelector: 23 | matchNames: 24 | - {{ .Release.Namespace }} 25 | selector: 26 | matchLabels: 27 | {{- include "argo-cd.selectorLabels" (dict "context" . "component" .Values.repoServer.name "name" (printf "%s-metrics" .Values.repoServer.name)) | nindent 6 }} 28 | {{- end }} 29 | 30 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/charts/redis-ha/templates/redis-ha-servicemonitor.yaml: -------------------------------------------------------------------------------- 1 | {{- if and ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) ( .Values.exporter.serviceMonitor.enabled ) ( .Values.exporter.enabled ) }} 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: ServiceMonitor 4 | metadata: 5 | {{- if .Values.exporter.serviceMonitor.labels }} 6 | labels: 7 | {{ toYaml .Values.exporter.serviceMonitor.labels | indent 4}} 8 | {{- end }} 9 | name: {{ template "redis-ha.fullname" . }} 10 | namespace: {{ .Release.Namespace }} 11 | {{- if .Values.exporter.serviceMonitor.namespace }} 12 | namespace: {{ .Values.exporter.serviceMonitor.namespace }} 13 | {{- end }} 14 | spec: 15 | endpoints: 16 | - targetPort: {{ .Values.exporter.port }} 17 | {{- if .Values.exporter.serviceMonitor.interval }} 18 | interval: {{ .Values.exporter.serviceMonitor.interval }} 19 | {{- end }} 20 | {{- if .Values.exporter.serviceMonitor.telemetryPath }} 21 | path: {{ .Values.exporter.serviceMonitor.telemetryPath }} 22 | {{- end }} 23 | {{- if .Values.exporter.serviceMonitor.timeout }} 24 | scrapeTimeout: {{ .Values.exporter.serviceMonitor.timeout }} 25 | {{- end }} 26 | jobLabel: {{ template "redis-ha.fullname" . }} 27 | namespaceSelector: 28 | matchNames: 29 | - {{ .Release.Namespace }} 30 | selector: 31 | matchLabels: 32 | app: {{ template "redis-ha.name" . }} 33 | release: {{ .Release.Name }} 34 | exporter: enabled 35 | {{- end }} 36 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/charts/redis-ha/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | Redis can be accessed via {{ if ne (int .Values.redis.port) 0 }}port {{ .Values.redis.port }}{{ end }} {{ if .Values.redis.tlsPort }} tls-port {{ .Values.redis.tlsPort }}{{ end }} and Sentinel can be accessed via {{ if ne (int .Values.sentinel.port) 0 }}port {{ .Values.sentinel.port }}{{ end }} {{ if .Values.sentinel.tlsPort }} tls-port {{ .Values.sentinel.tlsPort }}{{ end }} on the following DNS name from within your cluster: 2 | {{ template "redis-ha.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local 3 | 4 | To connect to your Redis server: 5 | 6 | {{- if .Values.auth }} 7 | 1. To retrieve the redis password: 8 | echo $(kubectl get secret {{ template "redis-ha.fullname" . }} -o "jsonpath={.data['auth']}" | base64 --decode) 9 | 10 | 2. Connect to the Redis master pod that you can use as a client. By default the {{ template "redis-ha.fullname" . }}-server-0 pod is configured as the master: 11 | 12 | kubectl exec -it {{ template "redis-ha.fullname" . }}-server-0 sh -n {{ .Release.Namespace }} 13 | 14 | 3. Connect using the Redis CLI (inside container): 15 | 16 | redis-cli -a 17 | {{- else }} 18 | 1. Run a Redis pod that you can use as a client: 19 | 20 | kubectl exec -it {{ template "redis-ha.fullname" . }}-server-0 sh -n {{ .Release.Namespace }} 21 | 22 | 2. Connect using the Redis CLI: 23 | 24 | redis-cli -h {{ template "redis-ha.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local 25 | {{- end }} 26 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/charts/redis-ha/templates/redis-ha-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "redis-ha.fullname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{ include "labels.standard" . | indent 4 }} 8 | {{- if .Values.exporter.enabled }} 9 | exporter: enabled 10 | {{- end }} 11 | annotations: 12 | {{- if .Values.serviceAnnotations }} 13 | {{ toYaml .Values.serviceAnnotations | indent 4 }} 14 | {{- end }} 15 | spec: 16 | type: ClusterIP 17 | clusterIP: None 18 | ports: 19 | {{- if ne (int .Values.redis.port) 0 }} 20 | - name: tcp-server 21 | port: {{ .Values.redis.port }} 22 | protocol: TCP 23 | targetPort: redis 24 | {{- end }} 25 | {{- if .Values.redis.tlsPort }} 26 | - name: server-tls 27 | port: {{ .Values.redis.tlsPort }} 28 | protocol: TCP 29 | targetPort: redis-tls 30 | {{- end }} 31 | {{- if ne (int .Values.sentinel.port) 0 }} 32 | - name: tcp-sentinel 33 | port: {{ .Values.sentinel.port }} 34 | protocol: TCP 35 | targetPort: sentinel 36 | {{- end }} 37 | {{- if .Values.sentinel.tlsPort }} 38 | - name: sentinel-tls 39 | port: {{ .Values.sentinel.tlsPort }} 40 | protocol: TCP 41 | targetPort: sentinel-tls 42 | {{- end }} 43 | {{- if .Values.exporter.enabled }} 44 | - name: http-exporter-port 45 | port: {{ .Values.exporter.port }} 46 | protocol: TCP 47 | targetPort: exporter-port 48 | {{- end }} 49 | selector: 50 | release: {{ .Release.Name }} 51 | app: {{ template "redis-ha.name" . }} 52 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/charts/redis-ha/templates/redis-haproxy-servicemonitor.yaml: -------------------------------------------------------------------------------- 1 | {{- if and ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) ( .Values.haproxy.metrics.serviceMonitor.enabled ) ( .Values.haproxy.metrics.enabled ) }} 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: ServiceMonitor 4 | metadata: 5 | {{- with .Values.haproxy.metrics.serviceMonitor.labels }} 6 | labels: {{ toYaml . | nindent 4}} 7 | {{- end }} 8 | name: {{ template "redis-ha.fullname" . }}-haproxy 9 | namespace: {{ .Release.Namespace }} 10 | {{- if .Values.haproxy.metrics.serviceMonitor.namespace }} 11 | namespace: {{ .Values.haproxy.metrics.serviceMonitor.namespace }} 12 | {{- end }} 13 | spec: 14 | endpoints: 15 | - targetPort: {{ .Values.haproxy.metrics.port }} 16 | {{- if .Values.haproxy.metrics.serviceMonitor.interval }} 17 | interval: {{ .Values.haproxy.metrics.serviceMonitor.interval }} 18 | {{- end }} 19 | {{- if .Values.haproxy.metrics.serviceMonitor.telemetryPath }} 20 | path: {{ .Values.haproxy.metrics.serviceMonitor.telemetryPath }} 21 | {{- end }} 22 | {{- if .Values.haproxy.metrics.serviceMonitor.timeout }} 23 | scrapeTimeout: {{ .Values.haproxy.metrics.serviceMonitor.timeout }} 24 | {{- end }} 25 | jobLabel: {{ template "redis-ha.fullname" . }}-haproxy 26 | namespaceSelector: 27 | matchNames: 28 | - {{ .Release.Namespace }} 29 | selector: 30 | matchLabels: 31 | app: {{ template "redis-ha.name" . }} 32 | release: {{ .Release.Name }} 33 | component: {{ template "redis-ha.fullname" . }}-haproxy 34 | {{- end }} 35 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/charts/redis-ha/templates/redis-haproxy-service.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.haproxy.enabled }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ template "redis-ha.fullname" . }}-haproxy 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{ include "labels.standard" . | indent 4 }} 9 | component: {{ template "redis-ha.fullname" . }}-haproxy 10 | annotations: 11 | {{- if .Values.haproxy.service.annotations }} 12 | {{ toYaml .Values.haproxy.service.annotations | indent 4 }} 13 | {{- end }} 14 | spec: 15 | type: {{ default "ClusterIP" .Values.haproxy.service.type }} 16 | {{- if and (eq .Values.haproxy.service.type "LoadBalancer") .Values.haproxy.service.loadBalancerIP }} 17 | loadBalancerIP: {{ .Values.haproxy.service.loadBalancerIP }} 18 | {{- end }} 19 | ports: 20 | - name: tcp-haproxy 21 | port: {{ .Values.redis.port }} 22 | protocol: TCP 23 | targetPort: redis 24 | {{- if and (eq .Values.haproxy.service.type "NodePort") .Values.haproxy.service.nodePort }} 25 | nodePort: {{ .Values.haproxy.service.nodePort }} 26 | {{- end }} 27 | {{- if .Values.haproxy.readOnly.enabled }} 28 | - name: tcp-haproxyreadonly 29 | port: {{ .Values.haproxy.readOnly.port }} 30 | protocol: TCP 31 | targetPort: {{ .Values.haproxy.readOnly.port }} 32 | {{- end }} 33 | {{- if .Values.haproxy.metrics.enabled }} 34 | - name: {{ .Values.haproxy.metrics.portName }} 35 | port: {{ .Values.haproxy.metrics.port }} 36 | protocol: TCP 37 | targetPort: metrics-port 38 | {{- end }} 39 | selector: 40 | release: {{ .Release.Name }} 41 | app: {{ template "redis-ha.name" . }}-haproxy 42 | {{- end }} 43 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/templates/argocd-server/projects.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.server.additionalProjects }} 2 | apiVersion: v1 3 | kind: List 4 | items: 5 | {{- range .Values.server.additionalProjects }} 6 | - apiVersion: argoproj.io/v1alpha1 7 | kind: AppProject 8 | metadata: 9 | {{- if .additionalAnnotations }} 10 | annotations: 11 | {{- range $key, $value := .additionalAnnotations }} 12 | {{ $key }}: {{ $value | quote }} 13 | {{- end }} 14 | {{- end }} 15 | {{- if .additionalLabels }} 16 | labels: 17 | {{- toYaml .additionalLabels | nindent 8 }} 18 | {{- end }} 19 | name: {{ .name }} 20 | {{- if .namespace }} 21 | namespace: {{ .namespace }} 22 | {{- end }} 23 | spec: 24 | description: {{ .description }} 25 | sourceRepos: 26 | {{- toYaml .sourceRepos | nindent 8 }} 27 | destinations: 28 | {{- toYaml .destinations | nindent 8 }} 29 | {{- if .clusterResourceWhitelist }} 30 | clusterResourceWhitelist: 31 | {{- toYaml .clusterResourceWhitelist | nindent 8 }} 32 | {{- end }} 33 | {{- if .namespaceResourceBlacklist }} 34 | namespaceResourceBlacklist: 35 | {{- toYaml .namespaceResourceBlacklist | nindent 8 }} 36 | {{- end }} 37 | {{- if .namespaceResourceWhitelist }} 38 | namespaceResourceWhitelist: 39 | {{- toYaml .namespaceResourceWhitelist | nindent 8 }} 40 | {{- end }} 41 | {{- if .orphanedResources }} 42 | orphanedResources: 43 | {{- toYaml .orphanedResources | nindent 8 }} 44 | {{- end }} 45 | {{- if .roles }} 46 | roles: 47 | {{- toYaml .roles | nindent 8 }} 48 | {{- end }} 49 | {{- if .syncWindows }} 50 | syncWindows: 51 | {{- toYaml .syncWindows | nindent 8 }} 52 | {{- end }} 53 | {{- end }} 54 | {{- end }} 55 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/charts/redis-ha/templates/redis-ha-announce-service.yaml: -------------------------------------------------------------------------------- 1 | {{- $fullName := include "redis-ha.fullname" . }} 2 | {{- $namespace := .Release.Namespace -}} 3 | {{- $replicas := int (toString .Values.replicas) }} 4 | {{- $root := . }} 5 | {{- range $i := until $replicas }} 6 | --- 7 | apiVersion: v1 8 | kind: Service 9 | metadata: 10 | name: {{ $fullName }}-announce-{{ $i }} 11 | namespace: {{ $namespace }} 12 | labels: 13 | {{ include "labels.standard" $root | indent 4 }} 14 | annotations: 15 | service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" 16 | {{- if $root.Values.serviceAnnotations }} 17 | {{ toYaml $root.Values.serviceAnnotations | indent 4 }} 18 | {{- end }} 19 | spec: 20 | publishNotReadyAddresses: true 21 | type: ClusterIP 22 | ports: 23 | {{- if ne (int $root.Values.redis.port) 0 }} 24 | - name: tcp-server 25 | port: {{ $root.Values.redis.port }} 26 | protocol: TCP 27 | targetPort: redis 28 | {{- end }} 29 | {{- if $root.Values.redis.tlsPort }} 30 | - name: server-tls 31 | port: {{ $root.Values.redis.tlsPort }} 32 | protocol: TCP 33 | targetPort: redis-tls 34 | {{- end }} 35 | {{- if ne (int $root.Values.sentinel.port) 0 }} 36 | - name: tcp-sentinel 37 | port: {{ $root.Values.sentinel.port }} 38 | protocol: TCP 39 | targetPort: sentinel 40 | {{- end }} 41 | {{- if $root.Values.sentinel.tlsPort }} 42 | - name: sentinel-tls 43 | port: {{ $root.Values.sentinel.tlsPort }} 44 | protocol: TCP 45 | targetPort: sentinel-tls 46 | {{- end }} 47 | {{- if $root.Values.exporter.enabled }} 48 | - name: http-exporter 49 | port: {{ $root.Values.exporter.port }} 50 | protocol: TCP 51 | targetPort: exporter-port 52 | {{- end }} 53 | selector: 54 | release: {{ $root.Release.Name }} 55 | app: {{ include "redis-ha.name" $root }} 56 | "statefulset.kubernetes.io/pod-name": {{ $fullName }}-server-{{ $i }} 57 | {{- end }} 58 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/templates/argocd-server/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | {{- if .Values.server.service.annotations }} 5 | annotations: 6 | {{- range $key, $value := .Values.server.service.annotations }} 7 | {{ $key }}: {{ $value | quote }} 8 | {{- end }} 9 | {{- end }} 10 | name: {{ template "argo-cd.server.fullname" . }} 11 | labels: 12 | {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} 13 | {{- if .Values.server.service.labels }} 14 | {{- toYaml .Values.server.service.labels | nindent 4 }} 15 | {{- end }} 16 | spec: 17 | type: {{ .Values.server.service.type }} 18 | ports: 19 | - name: {{ .Values.server.service.servicePortHttpName }} 20 | protocol: TCP 21 | port: {{ .Values.server.service.servicePortHttp }} 22 | targetPort: {{- if .Values.server.service.namedTargetPort }} {{ .Values.server.name }} {{- else }} {{ .Values.server.containerPort }} {{- end }} 23 | {{- if eq .Values.server.service.type "NodePort" }} 24 | nodePort: {{ .Values.server.service.nodePortHttp }} 25 | {{- end }} 26 | - name: {{ .Values.server.service.servicePortHttpsName }} 27 | protocol: TCP 28 | port: {{ .Values.server.service.servicePortHttps }} 29 | targetPort: {{- if .Values.server.service.namedTargetPort }} {{ .Values.server.name }} {{- else }} {{ .Values.server.containerPort }} {{- end }} 30 | {{- if eq .Values.server.service.type "NodePort" }} 31 | nodePort: {{ .Values.server.service.nodePortHttps }} 32 | {{- end }} 33 | selector: 34 | {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }} 35 | {{- if eq .Values.server.service.type "LoadBalancer" }} 36 | {{- if .Values.server.service.loadBalancerIP }} 37 | loadBalancerIP: {{ .Values.server.service.loadBalancerIP | quote }} 38 | {{- end }} 39 | {{- if .Values.server.service.externalIPs }} 40 | externalIPs: {{ .Values.server.service.externalIPs }} 41 | {{- end }} 42 | {{- if .Values.server.service.loadBalancerSourceRanges }} 43 | loadBalancerSourceRanges: 44 | {{ toYaml .Values.server.service.loadBalancerSourceRanges | indent 4 }} 45 | {{- end }} 46 | {{- end -}} 47 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/templates/argocd-configs/argocd-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.configs.secret.createSecret }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: argocd-secret 6 | labels: 7 | {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" "secret") | nindent 4 }} 8 | {{- if .Values.configs.secret.annotations }} 9 | annotations: 10 | {{- range $key, $value := .Values.configs.secret.annotations }} 11 | {{ $key }}: {{ $value | quote }} 12 | {{- end }} 13 | {{- end }} 14 | type: Opaque 15 | {{- if or .Values.configs.secret.githubSecret (or .Values.configs.secret.gitlabSecret .Values.configs.secret.bitbucketUUID .Values.configs.secret.bitbucketServerSecret .Values.configs.secret.gogsSecret .Values.configs.secret.argocdServerAdminPassword .Values.configs.secret.argocdServerTlsConfig .Values.configs.secret.extra) }} 16 | # Setting a blank data again will wipe admin password/key/cert 17 | data: 18 | {{- if .Values.configs.secret.githubSecret }} 19 | webhook.github.secret: {{ .Values.configs.secret.githubSecret | b64enc }} 20 | {{- end }} 21 | {{- if .Values.configs.secret.gitlabSecret }} 22 | webhook.gitlab.secret: {{ .Values.configs.secret.gitlabSecret | b64enc }} 23 | {{- end }} 24 | {{- if .Values.configs.secret.bitbucketServerSecret }} 25 | webhook.bitbucketserver.secret: {{ .Values.configs.secret.bitbucketServerSecret | b64enc }} 26 | {{- end }} 27 | {{- if .Values.configs.secret.bitbucketUUID }} 28 | webhook.bitbucket.uuid: {{ .Values.configs.secret.bitbucketUUID | b64enc }} 29 | {{- end }} 30 | {{- if .Values.configs.secret.gogsSecret }} 31 | webhook.gogs.secret: {{ .Values.configs.secret.gogsSecret | b64enc }} 32 | {{- end }} 33 | {{- if .Values.configs.secret.argocdServerTlsConfig }} 34 | tls.key: {{ .Values.configs.secret.argocdServerTlsConfig.key | b64enc }} 35 | tls.crt: {{ .Values.configs.secret.argocdServerTlsConfig.crt | b64enc }} 36 | {{- end }} 37 | {{- if .Values.configs.secret.argocdServerAdminPassword }} 38 | admin.password: {{ .Values.configs.secret.argocdServerAdminPassword | b64enc }} 39 | admin.passwordMtime: {{ default (date "2006-01-02T15:04:05Z" now) .Values.configs.secret.argocdServerAdminPasswordMtime | b64enc }} 40 | {{- end }} 41 | {{- range $key, $value := .Values.configs.secret.extra }} 42 | {{ $key }}: {{ $value | b64enc }} 43 | {{- end }} 44 | {{- end }} 45 | {{- end }} 46 | -------------------------------------------------------------------------------- /argocd-install/values-override.yaml: -------------------------------------------------------------------------------- 1 | ## ArgoCD configuration 2 | ## Ref: https://github.com/argoproj/argo-cd 3 | ## 4 | ## Server 5 | server: 6 | ## ArgoCD config 7 | ## reference https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cm.yaml 8 | configEnabled: true 9 | config: 10 | repositories: | 11 | - type: git 12 | url: https://github.com/kurtburak/argocd.git 13 | - name: argo-helm 14 | type: helm 15 | url: https://argoproj.github.io/argo-helm 16 | additionalApplications: 17 | - name: argocd 18 | namespace: argocd 19 | destination: 20 | namespace: argocd 21 | server: https://kubernetes.default.svc 22 | project: argocd 23 | source: 24 | helm: 25 | version: v3 26 | valueFiles: 27 | - values.yaml 28 | - ../values-override.yaml 29 | path: argocd-install/argo-cd 30 | repoURL: https://github.com/kurtburak/argocd.git 31 | targetRevision: HEAD 32 | syncPolicy: 33 | syncOptions: 34 | - CreateNamespace=true 35 | - name: argocd-apps 36 | namespace: argocd 37 | destination: 38 | namespace: argocd 39 | server: https://kubernetes.default.svc 40 | project: argocd 41 | source: 42 | path: argocd-apps 43 | repoURL: https://github.com/kurtburak/argocd.git 44 | targetRevision: HEAD 45 | directory: 46 | recurse: true 47 | jsonnet: {} 48 | syncPolicy: 49 | automated: 50 | selfHeal: true 51 | prune: true 52 | - name: argocd-appprojects 53 | namespace: argocd 54 | destination: 55 | namespace: argocd 56 | server: https://kubernetes.default.svc 57 | project: argocd 58 | source: 59 | path: argocd-appprojects 60 | repoURL: https://github.com/kurtburak/argocd.git 61 | targetRevision: HEAD 62 | directory: 63 | recurse: true 64 | jsonnet: {} 65 | syncPolicy: 66 | automated: 67 | selfHeal: true 68 | prune: true 69 | additionalProjects: 70 | - name: argocd 71 | namespace: argocd 72 | additionalLabels: {} 73 | additionalAnnotations: {} 74 | description: Argocd Project 75 | sourceRepos: 76 | - '*' 77 | destinations: 78 | - namespace: argocd 79 | server: https://kubernetes.default.svc 80 | clusterResourceWhitelist: 81 | - group: '*' 82 | kind: '*' 83 | orphanedResources: 84 | warn: false 85 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/charts/redis-ha/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | 3 | {{/* 4 | Create a default fully qualified app name. 5 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 6 | */}} 7 | {{- define "redis-ha.name" -}} 8 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 9 | {{- end -}} 10 | 11 | {{/* 12 | Create a default fully qualified app name. 13 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 14 | */}} 15 | {{- define "redis-ha.fullname" -}} 16 | {{- if .Values.fullnameOverride -}} 17 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 18 | {{- else -}} 19 | {{- $name := default .Chart.Name .Values.nameOverride -}} 20 | {{- if contains $name .Release.Name -}} 21 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 22 | {{- else -}} 23 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 24 | {{- end -}} 25 | {{- end -}} 26 | {{- end -}} 27 | 28 | 29 | {{/* 30 | Return sysctl image 31 | */}} 32 | {{- define "redis.sysctl.image" -}} 33 | {{- $registryName := default "docker.io" .Values.sysctlImage.registry -}} 34 | {{- $tag := default "latest" .Values.sysctlImage.tag | toString -}} 35 | {{- printf "%s/%s:%s" $registryName .Values.sysctlImage.repository $tag -}} 36 | {{- end -}} 37 | 38 | {{- /* 39 | Credit: @technosophos 40 | https://github.com/technosophos/common-chart/ 41 | labels.standard prints the standard Helm labels. 42 | The standard labels are frequently used in metadata. 43 | */ -}} 44 | {{- define "labels.standard" -}} 45 | app: {{ template "redis-ha.name" . }} 46 | heritage: {{ .Release.Service | quote }} 47 | release: {{ .Release.Name | quote }} 48 | chart: {{ template "chartref" . }} 49 | {{- end -}} 50 | 51 | {{- /* 52 | Credit: @technosophos 53 | https://github.com/technosophos/common-chart/ 54 | chartref prints a chart name and version. 55 | It does minimal escaping for use in Kubernetes labels. 56 | Example output: 57 | zookeeper-1.2.3 58 | wordpress-3.2.1_20170219 59 | */ -}} 60 | {{- define "chartref" -}} 61 | {{- replace "+" "_" .Chart.Version | printf "%s-%s" .Chart.Name -}} 62 | {{- end -}} 63 | 64 | {{/* 65 | Create the name of the service account to use 66 | */}} 67 | {{- define "redis-ha.serviceAccountName" -}} 68 | {{- if .Values.serviceAccount.create -}} 69 | {{ default (include "redis-ha.fullname" .) .Values.serviceAccount.name }} 70 | {{- else -}} 71 | {{ default "default" .Values.serviceAccount.name }} 72 | {{- end -}} 73 | {{- end -}} 74 | 75 | {{- define "redis-ha.masterGroupName" -}} 76 | {{- $masterGroupName := tpl ( .Values.redis.masterGroupName | default "") . -}} 77 | {{- $validMasterGroupName := regexMatch "^[\\w-\\.]+$" $masterGroupName -}} 78 | {{- if $validMasterGroupName -}} 79 | {{ $masterGroupName }} 80 | {{- else -}} 81 | {{ required "A valid .Values.redis.masterGroupName entry is required (matching ^[\\w-\\.]+$)" ""}} 82 | {{- end -}} 83 | {{- end -}} 84 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/templates/redis/deployment.yaml: -------------------------------------------------------------------------------- 1 | {{- $redisHa := (index .Values "redis-ha") -}} 2 | {{- if and .Values.redis.enabled (not $redisHa.enabled) -}} 3 | apiVersion: apps/v1 4 | kind: Deployment 5 | metadata: 6 | name: {{ template "argo-cd.redis.fullname" . }} 7 | labels: 8 | {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} 9 | app.kubernetes.io/version: {{ .Values.redis.image.tag | quote }} 10 | spec: 11 | selector: 12 | matchLabels: 13 | app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.redis.name }} 14 | template: 15 | metadata: 16 | {{- if .Values.redis.podAnnotations }} 17 | annotations: 18 | {{- range $key, $value := .Values.redis.podAnnotations }} 19 | {{ $key }}: {{ $value | quote }} 20 | {{- end }} 21 | {{- end }} 22 | labels: 23 | {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 8 }} 24 | app.kubernetes.io/version: {{ .Values.redis.image.tag | quote }} 25 | {{- if .Values.redis.podLabels }} 26 | {{- toYaml .Values.redis.podLabels | nindent 8 }} 27 | {{- end }} 28 | spec: 29 | {{- with .Values.global.imagePullSecrets }} 30 | imagePullSecrets: 31 | {{- toYaml . | nindent 8 }} 32 | {{- end }} 33 | automountServiceAccountToken: false 34 | {{- if .Values.redis.securityContext }} 35 | securityContext: {{- toYaml .Values.redis.securityContext | nindent 8 }} 36 | {{- end }} 37 | containers: 38 | - name: {{ template "argo-cd.redis.fullname" . }} 39 | args: 40 | - --save 41 | - "" 42 | - --appendonly 43 | - "no" 44 | {{- with .Values.redis.extraArgs }} 45 | {{- . | toYaml | nindent 8 }} 46 | {{- end }} 47 | image: {{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }} 48 | imagePullPolicy: {{ .Values.redis.image.imagePullPolicy}} 49 | {{- if .Values.redis.containerSecurityContext }} 50 | securityContext: {{- toYaml .Values.redis.containerSecurityContext | nindent 10 }} 51 | {{- end }} 52 | {{- if .Values.redis.env }} 53 | env: 54 | {{- toYaml .Values.redis.env | nindent 8 }} 55 | {{- end }} 56 | ports: 57 | - containerPort: {{ .Values.redis.containerPort }} 58 | {{- if .Values.redis.volumeMounts }} 59 | 60 | volumeMounts: 61 | {{- toYaml .Values.redis.volumeMounts | nindent 10 }} 62 | {{- end }} 63 | resources: 64 | {{- toYaml .Values.redis.resources | nindent 10 }} 65 | {{- if .Values.redis.nodeSelector }} 66 | nodeSelector: 67 | {{- toYaml .Values.redis.nodeSelector | nindent 8 }} 68 | {{- end }} 69 | {{- if .Values.redis.tolerations }} 70 | tolerations: 71 | {{- toYaml .Values.redis.tolerations | nindent 8 }} 72 | {{- end }} 73 | {{- if .Values.redis.affinity }} 74 | affinity: 75 | {{- toYaml .Values.redis.affinity | nindent 8 }} 76 | {{- end }} 77 | {{- if .Values.redis.volumes }} 78 | volumes: 79 | {{- toYaml .Values.redis.volumes | nindent 8}} 80 | {{- end }} 81 | {{- if .Values.redis.priorityClassName }} 82 | priorityClassName: {{ .Values.redis.priorityClassName }} 83 | {{- end }} 84 | {{- end }} 85 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/templates/argocd-server/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.server.ingress.enabled -}} 2 | {{- $serviceName := include "argo-cd.server.fullname" . -}} 3 | {{- $servicePort := ternary .Values.server.service.servicePortHttps .Values.server.service.servicePortHttp .Values.server.ingress.https -}} 4 | {{- $paths := .Values.server.ingress.paths -}} 5 | {{- $extraPaths := .Values.server.ingress.extraPaths -}} 6 | apiVersion: {{ include "argo-cd.ingress.apiVersion" . }} 7 | kind: Ingress 8 | metadata: 9 | {{- if .Values.server.ingress.annotations }} 10 | annotations: 11 | {{- range $key, $value := .Values.server.ingress.annotations }} 12 | {{ $key }}: {{ $value | quote }} 13 | {{- end }} 14 | {{- end }} 15 | name: {{ template "argo-cd.server.fullname" . }} 16 | labels: 17 | {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} 18 | {{- if .Values.server.ingress.labels }} 19 | {{- toYaml .Values.server.ingress.labels | nindent 4 }} 20 | {{- end }} 21 | spec: 22 | {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} 23 | {{- with .Values.server.ingress.ingressClassName }} 24 | ingressClassName: {{ . }} 25 | {{- end }} 26 | {{- end }} 27 | rules: 28 | {{- if .Values.server.ingress.hosts }} 29 | {{- range $host := .Values.server.ingress.hosts }} 30 | - host: {{ $host }} 31 | http: 32 | paths: 33 | {{- if $extraPaths }} 34 | {{- toYaml $extraPaths | nindent 10 }} 35 | {{- end }} 36 | {{- range $p := $paths }} 37 | - path: {{ $p }} 38 | {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} 39 | pathType: Prefix 40 | {{- end }} 41 | backend: 42 | {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} 43 | service: 44 | name: {{ $serviceName }} 45 | port: 46 | {{- if kindIs "float64" $servicePort }} 47 | number: {{ $servicePort }} 48 | {{- else }} 49 | name: {{ $servicePort }} 50 | {{- end }} 51 | {{- else }} 52 | serviceName: {{ $serviceName }} 53 | servicePort: {{ $servicePort }} 54 | {{- end }} 55 | {{- end -}} 56 | {{- end -}} 57 | {{- else }} 58 | - http: 59 | paths: 60 | {{- if $extraPaths }} 61 | {{- toYaml $extraPaths | nindent 10 }} 62 | {{- end }} 63 | {{- range $p := $paths }} 64 | - path: {{ $p }} 65 | {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} 66 | pathType: Prefix 67 | {{- end }} 68 | backend: 69 | {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} 70 | service: 71 | name: {{ $serviceName }} 72 | port: 73 | {{- if kindIs "float64" $servicePort }} 74 | number: {{ $servicePort }} 75 | {{- else }} 76 | name: {{ $servicePort }} 77 | {{- end }} 78 | {{- else }} 79 | serviceName: {{ $serviceName }} 80 | servicePort: {{ $servicePort }} 81 | {{- end }} 82 | {{- end -}} 83 | {{- end -}} 84 | {{- if .Values.server.ingress.tls }} 85 | tls: 86 | {{- toYaml .Values.server.ingress.tls | nindent 4 }} 87 | {{- end -}} 88 | {{- end -}} 89 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/templates/argocd-server/ingress-grpc.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.server.ingressGrpc.enabled -}} 2 | {{- $serviceName := include "argo-cd.server.fullname" . -}} 3 | {{- $servicePort := ternary .Values.server.service.servicePortHttps .Values.server.service.servicePortHttp .Values.server.ingressGrpc.https -}} 4 | {{- $paths := .Values.server.ingressGrpc.paths -}} 5 | {{- $extraPaths := .Values.server.ingressGrpc.extraPaths -}} 6 | apiVersion: {{ include "argo-cd.ingress.apiVersion" . }} 7 | kind: Ingress 8 | metadata: 9 | {{- if .Values.server.ingressGrpc.annotations }} 10 | annotations: 11 | {{- range $key, $value := .Values.server.ingressGrpc.annotations }} 12 | {{ $key }}: {{ $value | quote }} 13 | {{- end }} 14 | {{- end }} 15 | name: {{ template "argo-cd.server.fullname" . }}-grpc 16 | labels: 17 | {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} 18 | {{- if .Values.server.ingressGrpc.labels }} 19 | {{- toYaml .Values.server.ingressGrpc.labels | nindent 4 }} 20 | {{- end }} 21 | spec: 22 | {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} 23 | {{- with .Values.server.ingress.ingressClassName }} 24 | ingressClassName: {{ . }} 25 | {{- end }} 26 | {{- end }} 27 | rules: 28 | {{- if .Values.server.ingressGrpc.hosts }} 29 | {{- range $host := .Values.server.ingressGrpc.hosts }} 30 | - host: {{ $host }} 31 | http: 32 | paths: 33 | {{- if $extraPaths }} 34 | {{- toYaml $extraPaths | nindent 10 }} 35 | {{- end -}} 36 | {{- range $p := $paths }} 37 | - path: {{ $p }} 38 | {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} 39 | pathType: Prefix 40 | {{- end }} 41 | backend: 42 | {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} 43 | service: 44 | name: {{ $serviceName }} 45 | port: 46 | {{- if kindIs "float64" $servicePort }} 47 | number: {{ $servicePort }} 48 | {{- else }} 49 | name: {{ $servicePort }} 50 | {{- end }} 51 | {{- else }} 52 | serviceName: {{ $serviceName }} 53 | servicePort: {{ $servicePort }} 54 | {{- end }} 55 | {{- end -}} 56 | {{- end -}} 57 | {{- else }} 58 | - http: 59 | paths: 60 | {{- if $extraPaths }} 61 | {{- toYaml $extraPaths | nindent 10 }} 62 | {{- end -}} 63 | {{- range $p := $paths }} 64 | - path: {{ $p }} 65 | {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} 66 | pathType: Prefix 67 | {{- end }} 68 | backend: 69 | {{- if eq (include "argo-cd.ingress.apiVersion" $) "networking.k8s.io/v1" }} 70 | service: 71 | name: {{ $serviceName }} 72 | port: 73 | {{- if kindIs "float64" $servicePort }} 74 | number: {{ $servicePort }} 75 | {{- else }} 76 | name: {{ $servicePort }} 77 | {{- end }} 78 | {{- else }} 79 | serviceName: {{ $serviceName }} 80 | servicePort: {{ $servicePort }} 81 | {{- end }} 82 | {{- end -}} 83 | {{- end -}} 84 | {{- if .Values.server.ingressGrpc.tls }} 85 | tls: 86 | {{- toYaml .Values.server.ingressGrpc.tls | nindent 4 }} 87 | {{- end -}} 88 | {{- end -}} 89 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/templates/dex/deployment.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.dex.enabled }} 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: {{ template "argo-cd.dex.fullname" . }} 6 | labels: 7 | {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 4 }} 8 | app.kubernetes.io/version: {{ .Values.dex.image.tag | quote }} 9 | spec: 10 | selector: 11 | matchLabels: 12 | {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.dex.name) | nindent 6 }} 13 | template: 14 | metadata: 15 | {{- if .Values.dex.podAnnotations }} 16 | annotations: 17 | {{- range $key, $value := .Values.dex.podAnnotations }} 18 | {{ $key }}: {{ $value | quote }} 19 | {{- end }} 20 | {{- end }} 21 | labels: 22 | {{- include "argo-cd.labels" (dict "context" . "component" .Values.dex.name "name" .Values.dex.name) | nindent 8 }} 23 | app.kubernetes.io/version: {{ .Values.dex.image.tag | quote }} 24 | {{- if .Values.dex.podLabels }} 25 | {{- toYaml .Values.dex.podLabels | nindent 8 }} 26 | {{- end }} 27 | spec: 28 | {{- with .Values.global.imagePullSecrets }} 29 | imagePullSecrets: 30 | {{- toYaml . | nindent 8 }} 31 | {{- end }} 32 | {{- if .Values.global.securityContext }} 33 | securityContext: {{- toYaml .Values.global.securityContext | nindent 8 }} 34 | {{- end }} 35 | initContainers: 36 | - name: copyutil 37 | image: {{ default .Values.global.image.repository .Values.dex.initImage.repository }}:{{ default .Values.global.image.tag .Values.dex.initImage.tag }} 38 | imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.dex.initImage.imagePullPolicy }} 39 | resources: 40 | {{- toYaml .Values.dex.resources | nindent 10 }} 41 | {{- if .Values.dex.containerSecurityContext }} 42 | securityContext: {{- toYaml .Values.dex.containerSecurityContext | nindent 10 }} 43 | {{- end }} 44 | command: 45 | - cp 46 | - -n 47 | - /usr/local/bin/argocd 48 | - /shared/argocd-dex 49 | volumeMounts: 50 | - mountPath: /shared 51 | name: static-files 52 | containers: 53 | - name: {{ .Values.dex.name }} 54 | image: {{ .Values.dex.image.repository }}:{{ .Values.dex.image.tag }} 55 | imagePullPolicy: {{ .Values.dex.image.imagePullPolicy }} 56 | command: 57 | - /shared/argocd-dex 58 | - rundex 59 | {{- if .Values.dex.containerSecurityContext }} 60 | securityContext: {{- toYaml .Values.dex.containerSecurityContext | nindent 10 }} 61 | {{- end }} 62 | {{- if .Values.dex.env }} 63 | env: 64 | {{- toYaml .Values.dex.env | nindent 8 }} 65 | {{- end }} 66 | ports: 67 | - name: http 68 | containerPort: {{ .Values.dex.containerPortHttp }} 69 | protocol: TCP 70 | - name: grpc 71 | containerPort: {{ .Values.dex.containerPortGrpc }} 72 | protocol: TCP 73 | {{- if .Values.dex.metrics.enabled }} 74 | - name: metrics 75 | containerPort: {{ .Values.dex.containerPortMetrics }} 76 | protocol: TCP 77 | {{- end }} 78 | volumeMounts: 79 | - mountPath: /tmp 80 | name: tmp-dir 81 | {{- if .Values.dex.volumeMounts }} 82 | {{- toYaml .Values.dex.volumeMounts | nindent 8 }} 83 | {{- end }} 84 | resources: 85 | {{- toYaml .Values.dex.resources | nindent 10 }} 86 | {{- if .Values.dex.nodeSelector }} 87 | nodeSelector: 88 | {{- toYaml .Values.dex.nodeSelector | nindent 8 }} 89 | {{- end }} 90 | {{- if .Values.dex.tolerations }} 91 | tolerations: 92 | {{- toYaml .Values.dex.tolerations | nindent 8 }} 93 | {{- end }} 94 | {{- if .Values.dex.affinity }} 95 | affinity: 96 | {{- toYaml .Values.dex.affinity | nindent 8 }} 97 | {{- end }} 98 | serviceAccountName: {{ template "argo-cd.dexServiceAccountName" . }} 99 | volumes: 100 | - emptyDir: {} 101 | name: tmp-dir 102 | {{- if .Values.dex.volumes }} 103 | {{- toYaml .Values.dex.volumes | nindent 6 }} 104 | {{- end }} 105 | {{- if .Values.dex.priorityClassName }} 106 | priorityClassName: {{ .Values.dex.priorityClassName }} 107 | {{- end }} 108 | {{- end }} 109 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "argo-cd.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "argo-cd.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create controller name and version as used by the chart label. 29 | */}} 30 | {{- define "argo-cd.controller.fullname" -}} 31 | {{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.controller.name | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | 34 | {{/* 35 | Create dex name and version as used by the chart label. 36 | */}} 37 | {{- define "argo-cd.dex.fullname" -}} 38 | {{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.dex.name | trunc 63 | trimSuffix "-" -}} 39 | {{- end -}} 40 | 41 | {{/* 42 | Create redis name and version as used by the chart label. 43 | */}} 44 | {{- define "argo-cd.redis.fullname" -}} 45 | {{ $redisHa := (index .Values "redis-ha") }} 46 | {{- if $redisHa.enabled -}} 47 | {{- if $redisHa.haproxy.enabled -}} 48 | {{- printf "%s-redis-ha-haproxy" .Release.Name | trunc 63 | trimSuffix "-" -}} 49 | {{- end -}} 50 | {{- else -}} 51 | {{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.redis.name | trunc 63 | trimSuffix "-" -}} 52 | {{- end -}} 53 | {{- end -}} 54 | 55 | {{/* 56 | Create argocd server name and version as used by the chart label. 57 | */}} 58 | {{- define "argo-cd.server.fullname" -}} 59 | {{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.server.name | trunc 63 | trimSuffix "-" -}} 60 | {{- end -}} 61 | 62 | {{/* 63 | Create argocd repo-server name and version as used by the chart label. 64 | */}} 65 | {{- define "argo-cd.repoServer.fullname" -}} 66 | {{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.repoServer.name | trunc 63 | trimSuffix "-" -}} 67 | {{- end -}} 68 | 69 | {{/* 70 | Create the name of the controller service account to use 71 | */}} 72 | {{- define "argo-cd.controllerServiceAccountName" -}} 73 | {{- if .Values.controller.serviceAccount.create -}} 74 | {{ default (include "argo-cd.fullname" .) .Values.controller.serviceAccount.name }} 75 | {{- else -}} 76 | {{ default "default" .Values.controller.serviceAccount.name }} 77 | {{- end -}} 78 | {{- end -}} 79 | 80 | {{/* 81 | Create the name of the dex service account to use 82 | */}} 83 | {{- define "argo-cd.dexServiceAccountName" -}} 84 | {{- if .Values.dex.serviceAccount.create -}} 85 | {{ default (include "argo-cd.fullname" .) .Values.dex.serviceAccount.name }} 86 | {{- else -}} 87 | {{ default "default" .Values.dex.serviceAccount.name }} 88 | {{- end -}} 89 | {{- end -}} 90 | 91 | {{/* 92 | Create the name of the ArgoCD server service account to use 93 | */}} 94 | {{- define "argo-cd.serverServiceAccountName" -}} 95 | {{- if .Values.server.serviceAccount.create -}} 96 | {{ default (include "argo-cd.fullname" .) .Values.server.serviceAccount.name }} 97 | {{- else -}} 98 | {{ default "default" .Values.server.serviceAccount.name }} 99 | {{- end -}} 100 | {{- end -}} 101 | 102 | {{/* 103 | Create the name of the repo-server service account to use 104 | */}} 105 | {{- define "argo-cd.repoServerServiceAccountName" -}} 106 | {{- if .Values.repoServer.serviceAccount.create -}} 107 | {{ default (include "argo-cd.fullname" .) .Values.repoServer.serviceAccount.name }} 108 | {{- else -}} 109 | {{ default "default" .Values.repoServer.serviceAccount.name }} 110 | {{- end -}} 111 | {{- end -}} 112 | 113 | {{/* 114 | Create chart name and version as used by the chart label. 115 | */}} 116 | {{- define "argo-cd.chart" -}} 117 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 118 | {{- end -}} 119 | 120 | {{/* 121 | Common labels 122 | */}} 123 | {{- define "argo-cd.labels" -}} 124 | helm.sh/chart: {{ include "argo-cd.chart" .context }} 125 | {{ include "argo-cd.selectorLabels" (dict "context" .context "component" .component "name" .name) }} 126 | app.kubernetes.io/managed-by: {{ .context.Release.Service }} 127 | app.kubernetes.io/part-of: argocd 128 | {{- end }} 129 | 130 | {{/* 131 | Selector labels 132 | */}} 133 | {{- define "argo-cd.selectorLabels" -}} 134 | {{- if .name -}} 135 | app.kubernetes.io/name: {{ include "argo-cd.name" .context }}-{{ .name }} 136 | {{ end -}} 137 | app.kubernetes.io/instance: {{ .context.Release.Name }} 138 | {{- if .component }} 139 | app.kubernetes.io/component: {{ .component }} 140 | {{- end }} 141 | {{- end }} 142 | 143 | {{/* 144 | Return the appropriate apiVersion for ingress 145 | */}} 146 | {{- define "argo-cd.ingress.apiVersion" -}} 147 | {{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} 148 | {{- print "extensions/v1beta1" -}} 149 | {{- else if semverCompare "<1.19-0" .Capabilities.KubeVersion.GitVersion -}} 150 | {{- print "networking.k8s.io/v1beta1" -}} 151 | {{- else -}} 152 | {{- print "networking.k8s.io/v1" -}} 153 | {{- end -}} 154 | {{- end -}} -------------------------------------------------------------------------------- /argocd-install/argo-cd/charts/redis-ha/templates/redis-haproxy-deployment.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.haproxy.enabled }} 2 | kind: Deployment 3 | apiVersion: apps/v1 4 | metadata: 5 | name: {{ template "redis-ha.fullname" . }}-haproxy 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{ include "labels.standard" . | indent 4 }} 9 | spec: 10 | strategy: 11 | type: RollingUpdate 12 | revisionHistoryLimit: 1 13 | replicas: {{ .Values.haproxy.replicas }} 14 | selector: 15 | matchLabels: 16 | app: {{ template "redis-ha.name" . }}-haproxy 17 | release: {{ .Release.Name }} 18 | template: 19 | metadata: 20 | name: {{ template "redis-ha.fullname" . }}-haproxy 21 | labels: 22 | app: {{ template "redis-ha.name" . }}-haproxy 23 | release: {{ .Release.Name }} 24 | {{- range $key, $value := .Values.haproxy.labels }} 25 | {{ $key }}: {{ $value | toString }} 26 | {{- end }} 27 | annotations: 28 | {{- if .Values.haproxy.metrics.enabled }} 29 | prometheus.io/port: "{{ .Values.haproxy.metrics.port }}" 30 | prometheus.io/scrape: "true" 31 | prometheus.io/path: "{{ .Values.haproxy.metrics.scrapePath }}" 32 | {{- end }} 33 | checksum/config: {{ print (include "config-haproxy.cfg" .) (include "config-haproxy_init.sh" .) | sha256sum }} 34 | {{- if .Values.haproxy.annotations }} 35 | {{ toYaml .Values.haproxy.annotations | indent 8 }} 36 | {{- end }} 37 | spec: 38 | # Needed when using unmodified rbac-setup.yml 39 | {{ if .Values.haproxy.serviceAccount.create }} 40 | serviceAccountName: {{ template "redis-ha.serviceAccountName" . }}-haproxy 41 | {{ end }} 42 | nodeSelector: 43 | {{ toYaml .Values.nodeSelector | indent 8 }} 44 | tolerations: 45 | {{ toYaml .Values.tolerations | indent 8 }} 46 | affinity: 47 | {{- if .Values.haproxy.affinity }} 48 | {{- with .Values.haproxy.affinity }} 49 | {{ tpl . $ | indent 8 }} 50 | {{- end }} 51 | {{- else }} 52 | {{- if .Values.haproxy.additionalAffinities }} 53 | {{ toYaml .Values.haproxy.additionalAffinities | indent 8 }} 54 | {{- end }} 55 | podAntiAffinity: 56 | {{- if .Values.haproxy.hardAntiAffinity }} 57 | requiredDuringSchedulingIgnoredDuringExecution: 58 | - labelSelector: 59 | matchLabels: 60 | app: {{ template "redis-ha.name" . }}-haproxy 61 | release: {{ .Release.Name }} 62 | topologyKey: kubernetes.io/hostname 63 | {{- else }} 64 | preferredDuringSchedulingIgnoredDuringExecution: 65 | - weight: 100 66 | podAffinityTerm: 67 | labelSelector: 68 | matchLabels: 69 | app: {{ template "redis-ha.name" . }}-haproxy 70 | release: {{ .Release.Name }} 71 | topologyKey: kubernetes.io/hostname 72 | {{- end }} 73 | preferredDuringSchedulingIgnoredDuringExecution: 74 | - weight: 100 75 | podAffinityTerm: 76 | labelSelector: 77 | matchLabels: 78 | app: {{ template "redis-ha.name" . }}-haproxy 79 | release: {{ .Release.Name }} 80 | topologyKey: failure-domain.beta.kubernetes.io/zone 81 | {{- end }} 82 | initContainers: 83 | - name: config-init 84 | image: {{ .Values.haproxy.image.repository }}:{{ .Values.haproxy.image.tag }} 85 | imagePullPolicy: {{ .Values.haproxy.image.pullPolicy }} 86 | resources: 87 | {{ toYaml .Values.haproxy.init.resources | indent 10 }} 88 | command: 89 | - sh 90 | args: 91 | - /readonly/haproxy_init.sh 92 | {{- if .Values.auth }} 93 | env: 94 | - name: AUTH 95 | valueFrom: 96 | secretKeyRef: 97 | {{- if .Values.existingSecret }} 98 | name: {{ .Values.existingSecret }} 99 | {{- else }} 100 | name: {{ template "redis-ha.fullname" . }} 101 | {{- end }} 102 | key: {{ .Values.authKey }} 103 | {{- end }} 104 | volumeMounts: 105 | - name: config-volume 106 | mountPath: /readonly 107 | readOnly: true 108 | - name: data 109 | mountPath: /data 110 | {{- if .Values.haproxy.imagePullSecrets }} 111 | imagePullSecrets: {{ toYaml .Values.haproxy.imagePullSecrets | nindent 8 }} 112 | {{- end }} 113 | securityContext: 114 | {{ toYaml .Values.haproxy.securityContext | indent 8 }} 115 | containers: 116 | - name: haproxy 117 | image: {{ .Values.haproxy.image.repository }}:{{ .Values.haproxy.image.tag }} 118 | imagePullPolicy: {{ .Values.haproxy.image.pullPolicy }} 119 | livenessProbe: 120 | httpGet: 121 | path: /healthz 122 | port: 8888 123 | initialDelaySeconds: 5 124 | periodSeconds: 3 125 | ports: 126 | - name: redis 127 | containerPort: {{ default "6379" .Values.redis.port }} 128 | {{- if .Values.haproxy.readOnly.enabled }} 129 | - name: readonlyport 130 | containerPort: {{ default "6380" .Values.haproxy.readOnly.port }} 131 | {{- end }} 132 | {{- if .Values.haproxy.metrics.enabled }} 133 | - name: metrics-port 134 | containerPort: {{ default "9101" .Values.haproxy.metrics.port }} 135 | {{- end }} 136 | resources: 137 | {{ toYaml .Values.haproxy.resources | indent 10 }} 138 | volumeMounts: 139 | - name: data 140 | mountPath: /usr/local/etc/haproxy 141 | - name: shared-socket 142 | mountPath: /run/haproxy 143 | lifecycle: 144 | {{ toYaml .Values.haproxy.lifecycle | indent 10 }} 145 | {{- if .Values.haproxy.priorityClassName }} 146 | priorityClassName: {{ .Values.haproxy.priorityClassName }} 147 | {{- end }} 148 | volumes: 149 | - name: config-volume 150 | configMap: 151 | name: {{ template "redis-ha.fullname" . }}-configmap 152 | - name: shared-socket 153 | emptyDir: 154 | {{ toYaml .Values.haproxy.emptyDir | indent 10 }} 155 | - name: data 156 | emptyDir: 157 | {{ toYaml .Values.haproxy.emptyDir | indent 10 }} 158 | {{- end }} 159 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/templates/argocd-application-controller/deployment.yaml: -------------------------------------------------------------------------------- 1 | {{- $redisHa := (index .Values "redis-ha") -}} 2 | apiVersion: apps/v1 3 | kind: {{ .Values.controller.enableStatefulSet | ternary "StatefulSet" "Deployment" }} 4 | metadata: 5 | name: {{ template "argo-cd.controller.fullname" . }} 6 | labels: 7 | {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} 8 | app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.controller.image.tag | quote }} 9 | spec: 10 | selector: 11 | matchLabels: 12 | {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }} 13 | {{- if .Values.controller.enableStatefulSet }} 14 | serviceName: {{ template "argo-cd.controller.fullname" . }} 15 | {{- end }} 16 | revisionHistoryLimit: 5 17 | replicas: {{ .Values.controller.replicas }} 18 | template: 19 | metadata: 20 | {{- if .Values.controller.podAnnotations }} 21 | annotations: 22 | {{- range $key, $value := .Values.controller.podAnnotations }} 23 | {{ $key }}: {{ $value | quote }} 24 | {{- end }} 25 | {{- end }} 26 | labels: 27 | {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 8 }} 28 | app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.controller.image.tag | quote }} 29 | {{- if .Values.controller.podLabels }} 30 | {{- toYaml .Values.controller.podLabels | nindent 8 }} 31 | {{- end }} 32 | spec: 33 | {{- with .Values.global.imagePullSecrets }} 34 | imagePullSecrets: 35 | {{- toYaml . | nindent 8 }} 36 | {{- end }} 37 | {{- if .Values.global.securityContext }} 38 | securityContext: {{- toYaml .Values.global.securityContext | nindent 8 }} 39 | {{- end }} 40 | containers: 41 | - command: 42 | - argocd-application-controller 43 | - --status-processors 44 | - {{ .Values.controller.args.statusProcessors | quote }} 45 | - --operation-processors 46 | - {{ .Values.controller.args.operationProcessors | quote }} 47 | - --app-resync 48 | - {{ .Values.controller.args.appResyncPeriod | quote }} 49 | - --self-heal-timeout-seconds 50 | - {{ .Values.controller.args.selfHealTimeout | quote }} 51 | - --repo-server 52 | - {{ template "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }} 53 | - --logformat 54 | - {{ .Values.controller.logFormat }} 55 | - --loglevel 56 | - {{ .Values.controller.logLevel }} 57 | {{- if or (and .Values.redis.enabled (not $redisHa.enabled)) (and $redisHa.enabled $redisHa.haproxy.enabled) }} 58 | - --redis 59 | - {{ template "argo-cd.redis.fullname" . }}:{{ .Values.redis.servicePort }} 60 | {{- end }} 61 | {{- with .Values.controller.extraArgs }} 62 | {{- . | toYaml | nindent 8 }} 63 | {{- end }} 64 | image: {{ default .Values.global.image.repository .Values.controller.image.repository }}:{{ default .Values.global.image.tag .Values.controller.image.tag }} 65 | imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.controller.image.imagePullPolicy }} 66 | name: {{ .Values.controller.name }} 67 | {{- if .Values.controller.containerSecurityContext }} 68 | securityContext: {{- toYaml .Values.controller.containerSecurityContext | nindent 10 }} 69 | {{- end }} 70 | {{- if .Values.controller.env }} 71 | env: 72 | {{- toYaml .Values.controller.env | nindent 8 }} 73 | {{- end }} 74 | ports: 75 | - name: controller 76 | containerPort: {{ .Values.controller.containerPort }} 77 | protocol: TCP 78 | livenessProbe: 79 | httpGet: 80 | path: /healthz 81 | port: {{ .Values.controller.containerPort }} 82 | initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }} 83 | periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }} 84 | timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }} 85 | successThreshold: {{ .Values.controller.livenessProbe.successThreshold }} 86 | failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }} 87 | readinessProbe: 88 | tcpSocket: 89 | port: {{ .Values.controller.containerPort }} 90 | initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }} 91 | periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }} 92 | timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }} 93 | successThreshold: {{ .Values.controller.readinessProbe.successThreshold }} 94 | failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} 95 | volumeMounts: 96 | - mountPath: /app/config/controller/tls 97 | name: argocd-repo-server-tls 98 | {{- if .Values.controller.volumeMounts }} 99 | {{- toYaml .Values.controller.volumeMounts | nindent 10}} 100 | {{- end }} 101 | resources: 102 | {{- toYaml .Values.controller.resources | nindent 10 }} 103 | {{- if .Values.controller.nodeSelector }} 104 | nodeSelector: 105 | {{- toYaml .Values.controller.nodeSelector | nindent 8 }} 106 | {{- end }} 107 | {{- if .Values.controller.tolerations }} 108 | tolerations: 109 | {{- toYaml .Values.controller.tolerations | nindent 8 }} 110 | {{- end }} 111 | {{- if .Values.controller.affinity }} 112 | affinity: 113 | {{- toYaml .Values.controller.affinity | nindent 8 }} 114 | {{- end }} 115 | serviceAccountName: {{ template "argo-cd.controllerServiceAccountName" . }} 116 | {{- with .Values.global.hostAliases }} 117 | hostAliases: 118 | {{ toYaml . | indent 6 }} 119 | {{- end }} 120 | volumes: 121 | - name: argocd-repo-server-tls 122 | secret: 123 | items: 124 | - key: tls.crt 125 | path: tls.crt 126 | - key: tls.key 127 | path: tls.key 128 | - key: ca.crt 129 | path: ca.crt 130 | optional: true 131 | secretName: argocd-repo-server-tls 132 | {{- if .Values.controller.volumes }} 133 | {{- toYaml .Values.controller.volumes | nindent 8 }} 134 | {{- end }} 135 | {{- if .Values.controller.priorityClassName }} 136 | priorityClassName: {{ .Values.controller.priorityClassName }} 137 | {{- end }} 138 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/templates/argocd-server/deployment.yaml: -------------------------------------------------------------------------------- 1 | {{- $redisHa := (index .Values "redis-ha") -}} 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: {{ template "argo-cd.server.fullname" . }} 6 | labels: 7 | {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} 8 | app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.server.image.tag | quote }} 9 | spec: 10 | selector: 11 | matchLabels: 12 | {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 6 }} 13 | revisionHistoryLimit: 5 14 | {{- if (ne .Values.server.autoscaling.enabled true) }} 15 | replicas: {{ .Values.server.replicas }} 16 | {{- end }} 17 | template: 18 | metadata: 19 | {{- if .Values.server.podAnnotations }} 20 | annotations: 21 | {{- range $key, $value := .Values.server.podAnnotations }} 22 | {{ $key }}: {{ $value | quote }} 23 | {{- end }} 24 | {{- end }} 25 | labels: 26 | {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 8 }} 27 | app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.server.image.tag | quote }} 28 | {{- if .Values.server.podLabels }} 29 | {{- toYaml .Values.server.podLabels | nindent 8 }} 30 | {{- end }} 31 | spec: 32 | {{- with .Values.global.imagePullSecrets }} 33 | imagePullSecrets: 34 | {{- toYaml . | nindent 8 }} 35 | {{- end }} 36 | {{- if .Values.global.securityContext }} 37 | securityContext: {{- toYaml .Values.global.securityContext | nindent 8 }} 38 | {{- end }} 39 | containers: 40 | - name: {{ .Values.server.name }} 41 | image: {{ default .Values.global.image.repository .Values.server.image.repository }}:{{ default .Values.global.image.tag .Values.server.image.tag }} 42 | imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.server.image.imagePullPolicy }} 43 | command: 44 | - argocd-server 45 | - --staticassets 46 | - /shared/app 47 | - --repo-server 48 | - {{ template "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }} 49 | {{- if .Values.dex.enabled }} 50 | - --dex-server 51 | - http://{{ template "argo-cd.dex.fullname" . }}:{{ .Values.dex.servicePortHttp }} 52 | {{- end }} 53 | - --logformat 54 | - {{ .Values.server.logFormat }} 55 | - --loglevel 56 | - {{ .Values.server.logLevel }} 57 | {{- if or (and .Values.redis.enabled (not $redisHa.enabled)) (and $redisHa.enabled $redisHa.haproxy.enabled) }} 58 | - --redis 59 | - {{ template "argo-cd.redis.fullname" . }}:{{ .Values.redis.servicePort }} 60 | {{- end }} 61 | {{- with .Values.server.extraArgs }} 62 | {{- . | toYaml | nindent 8 }} 63 | {{- end }} 64 | {{- if .Values.server.containerSecurityContext }} 65 | securityContext: {{- toYaml .Values.server.containerSecurityContext | nindent 10 }} 66 | {{- end }} 67 | {{- if .Values.server.env }} 68 | env: 69 | {{- toYaml .Values.server.env | nindent 8 }} 70 | {{- end }} 71 | volumeMounts: 72 | {{- if .Values.server.volumeMounts }} 73 | {{- toYaml .Values.server.volumeMounts | nindent 8}} 74 | {{- end }} 75 | {{- if .Values.configs.knownHosts }} 76 | - mountPath: /app/config/ssh 77 | name: ssh-known-hosts 78 | {{- end }} 79 | {{- if .Values.configs.tlsCerts }} 80 | - mountPath: /app/config/tls 81 | name: tls-certs 82 | {{- end }} 83 | - mountPath: /app/config/server/tls 84 | name: argocd-repo-server-tls 85 | ports: 86 | - name: {{ .Values.server.name }} 87 | containerPort: {{ .Values.server.containerPort }} 88 | protocol: TCP 89 | {{ if .Values.server.metrics.enabled }} 90 | - name: metrics 91 | containerPort: 8083 92 | protocol: TCP 93 | {{- end }} 94 | livenessProbe: 95 | httpGet: 96 | path: /healthz 97 | port: {{ .Values.server.containerPort }} 98 | initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }} 99 | periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }} 100 | timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }} 101 | successThreshold: {{ .Values.server.livenessProbe.successThreshold }} 102 | failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }} 103 | readinessProbe: 104 | httpGet: 105 | path: /healthz 106 | port: {{ .Values.server.containerPort }} 107 | initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }} 108 | periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }} 109 | timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }} 110 | successThreshold: {{ .Values.server.readinessProbe.successThreshold }} 111 | failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }} 112 | resources: 113 | {{- toYaml .Values.server.resources | nindent 10 }} 114 | {{- if .Values.server.lifecycle }} 115 | lifecycle: 116 | {{- toYaml .Values.server.lifecycle | nindent 10 }} 117 | {{- end }} 118 | {{- if .Values.server.extraContainers }} 119 | {{- toYaml .Values.server.extraContainers | nindent 6 }} 120 | {{- end }} 121 | {{- if .Values.server.nodeSelector }} 122 | nodeSelector: 123 | {{- toYaml .Values.server.nodeSelector | nindent 8 }} 124 | {{- end }} 125 | {{- if .Values.server.tolerations }} 126 | tolerations: 127 | {{- toYaml .Values.server.tolerations | nindent 8 }} 128 | {{- end }} 129 | {{- if .Values.server.affinity }} 130 | affinity: 131 | {{- toYaml .Values.server.affinity | nindent 8 }} 132 | {{- end }} 133 | serviceAccountName: {{ template "argo-cd.serverServiceAccountName" . }} 134 | {{- with .Values.global.hostAliases }} 135 | hostAliases: 136 | {{ toYaml . | indent 6 }} 137 | {{- end }} 138 | volumes: 139 | {{- if .Values.server.volumes }} 140 | {{- toYaml .Values.server.volumes | nindent 6}} 141 | {{- end }} 142 | - emptyDir: {} 143 | name: static-files 144 | {{- if .Values.configs.knownHosts }} 145 | - configMap: 146 | name: argocd-ssh-known-hosts-cm 147 | name: ssh-known-hosts 148 | {{- end }} 149 | {{- if .Values.configs.tlsCerts }} 150 | - configMap: 151 | name: argocd-tls-certs-cm 152 | name: tls-certs 153 | {{- end }} 154 | - name: argocd-repo-server-tls 155 | secret: 156 | items: 157 | - key: tls.crt 158 | path: tls.crt 159 | - key: tls.key 160 | path: tls.key 161 | - key: ca.crt 162 | path: ca.crt 163 | optional: true 164 | secretName: argocd-repo-server-tls 165 | {{- if .Values.server.priorityClassName }} 166 | priorityClassName: {{ .Values.server.priorityClassName }} 167 | {{- end }} 168 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/templates/argocd-repo-server/deployment.yaml: -------------------------------------------------------------------------------- 1 | {{- $redisHa := (index .Values "redis-ha") -}} 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: {{ template "argo-cd.repoServer.fullname" . }} 6 | labels: 7 | {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} 8 | app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.repoServer.image.tag | quote }} 9 | spec: 10 | selector: 11 | matchLabels: 12 | {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 6 }} 13 | revisionHistoryLimit: 5 14 | {{- if (ne .Values.repoServer.autoscaling.enabled true) }} 15 | replicas: {{ .Values.repoServer.replicas }} 16 | {{- end }} 17 | template: 18 | metadata: 19 | {{- if .Values.repoServer.podAnnotations }} 20 | annotations: 21 | {{- range $key, $value := .Values.repoServer.podAnnotations }} 22 | {{ $key }}: {{ $value | quote }} 23 | {{- end }} 24 | {{- end }} 25 | labels: 26 | {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 8 }} 27 | app.kubernetes.io/version: {{ default .Values.global.image.tag .Values.repoServer.image.tag | quote }} 28 | {{- if .Values.repoServer.podLabels }} 29 | {{- toYaml .Values.repoServer.podLabels | nindent 8 }} 30 | {{- end }} 31 | spec: 32 | {{- with .Values.global.imagePullSecrets }} 33 | imagePullSecrets: 34 | {{- toYaml . | nindent 8 }} 35 | {{- end }} 36 | {{- if .Values.global.securityContext }} 37 | securityContext: {{- toYaml .Values.global.securityContext | nindent 8 }} 38 | {{- end }} 39 | containers: 40 | - name: {{ .Values.repoServer.name }} 41 | image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default .Values.global.image.tag .Values.repoServer.image.tag }} 42 | imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.repoServer.image.imagePullPolicy }} 43 | command: 44 | - uid_entrypoint.sh 45 | - argocd-repo-server 46 | {{- if or (and .Values.redis.enabled (not $redisHa.enabled)) (and $redisHa.enabled $redisHa.haproxy.enabled) }} 47 | - --redis 48 | - {{ template "argo-cd.redis.fullname" . }}:{{ .Values.redis.servicePort }} 49 | {{- end }} 50 | - --logformat 51 | - {{ .Values.repoServer.logFormat }} 52 | - --loglevel 53 | - {{ .Values.repoServer.logLevel }} 54 | {{- with .Values.repoServer.extraArgs }} 55 | {{- . | toYaml | nindent 8 }} 56 | {{- end }} 57 | {{- if .Values.repoServer.containerSecurityContext }} 58 | securityContext: {{- toYaml .Values.repoServer.containerSecurityContext | nindent 10 }} 59 | {{- end }} 60 | {{- if or (.Values.repoServer.env) (.Values.openshift.enabled) }} 61 | env: 62 | {{- if .Values.repoServer.env }} 63 | {{- toYaml .Values.repoServer.env | nindent 8 }} 64 | {{- end }} 65 | {{- if .Values.openshift.enabled }} 66 | - name: USER_NAME 67 | value: argocd 68 | {{- end }} 69 | {{- end }} 70 | volumeMounts: 71 | {{- if .Values.repoServer.volumeMounts }} 72 | {{- toYaml .Values.repoServer.volumeMounts | nindent 8}} 73 | {{- end }} 74 | - mountPath: /app/config/gpg/keys 75 | name: gpg-keyring 76 | {{- if .Values.configs.knownHosts }} 77 | - mountPath: /app/config/ssh 78 | name: ssh-known-hosts 79 | {{- end }} 80 | {{- if .Values.configs.tlsCerts }} 81 | - mountPath: /app/config/tls 82 | name: tls-certs 83 | {{- end }} 84 | - mountPath: /app/config/reposerver/tls 85 | name: argocd-repo-server-tls 86 | - mountPath: /tmp 87 | name: tmp-dir 88 | ports: 89 | - name: repo-server 90 | containerPort: {{ .Values.repoServer.containerPort }} 91 | protocol: TCP 92 | {{ if .Values.repoServer.metrics.enabled }} 93 | - name: metrics 94 | containerPort: 8084 95 | protocol: TCP 96 | {{- end }} 97 | livenessProbe: 98 | tcpSocket: 99 | port: {{ .Values.repoServer.containerPort }} 100 | initialDelaySeconds: {{ .Values.repoServer.livenessProbe.initialDelaySeconds }} 101 | periodSeconds: {{ .Values.repoServer.livenessProbe.periodSeconds }} 102 | timeoutSeconds: {{ .Values.repoServer.livenessProbe.timeoutSeconds }} 103 | successThreshold: {{ .Values.repoServer.livenessProbe.successThreshold }} 104 | failureThreshold: {{ .Values.repoServer.livenessProbe.failureThreshold }} 105 | readinessProbe: 106 | tcpSocket: 107 | port: {{ .Values.repoServer.containerPort }} 108 | initialDelaySeconds: {{ .Values.repoServer.readinessProbe.initialDelaySeconds }} 109 | periodSeconds: {{ .Values.repoServer.readinessProbe.periodSeconds }} 110 | timeoutSeconds: {{ .Values.repoServer.readinessProbe.timeoutSeconds }} 111 | successThreshold: {{ .Values.repoServer.readinessProbe.successThreshold }} 112 | failureThreshold: {{ .Values.repoServer.readinessProbe.failureThreshold }} 113 | resources: 114 | {{- toYaml .Values.repoServer.resources | nindent 10 }} 115 | {{- if .Values.repoServer.nodeSelector }} 116 | nodeSelector: 117 | {{- toYaml .Values.repoServer.nodeSelector | nindent 8 }} 118 | {{- end }} 119 | {{- if .Values.repoServer.tolerations }} 120 | tolerations: 121 | {{- toYaml .Values.repoServer.tolerations | nindent 8 }} 122 | {{- end }} 123 | {{- if .Values.repoServer.affinity }} 124 | affinity: 125 | {{- toYaml .Values.repoServer.affinity | nindent 8 }} 126 | {{- end }} 127 | serviceAccountName: {{ template "argo-cd.repoServerServiceAccountName" . }} 128 | {{- with .Values.global.hostAliases }} 129 | hostAliases: 130 | {{ toYaml . | indent 6 }} 131 | {{- end }} 132 | volumes: 133 | {{- if .Values.repoServer.volumes }} 134 | {{- toYaml .Values.repoServer.volumes | nindent 6}} 135 | {{- end }} 136 | - emptyDir: {} 137 | name: gpg-keyring 138 | {{- if .Values.configs.knownHosts }} 139 | - configMap: 140 | name: argocd-ssh-known-hosts-cm 141 | name: ssh-known-hosts 142 | {{- end }} 143 | {{- if .Values.configs.tlsCerts }} 144 | - configMap: 145 | name: argocd-tls-certs-cm 146 | name: tls-certs 147 | {{- end }} 148 | - name: argocd-repo-server-tls 149 | secret: 150 | items: 151 | - key: tls.crt 152 | path: tls.crt 153 | - key: tls.key 154 | path: tls.key 155 | - key: ca.crt 156 | path: ca.crt 157 | optional: true 158 | secretName: argocd-repo-server-tls 159 | - emptyDir: {} 160 | name: tmp-dir 161 | {{- if .Values.repoServer.initContainers }} 162 | initContainers: 163 | {{- toYaml .Values.repoServer.initContainers | nindent 6 }} 164 | {{- end }} 165 | {{- if .Values.repoServer.priorityClassName }} 166 | priorityClassName: {{ .Values.repoServer.priorityClassName }} 167 | {{- end }} 168 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Self Managed Argo CD - App of Everything 2 | 3 | **Table of Contents** 4 | 5 | - [Introduction](#introduction) 6 | - [Clone Repository](#clone-repository) 7 | - [Create Local Kubernetes Cluster](#create-local-kubernetes-cluster) 8 | - [Git Repository Hierarchy](#git-repository-hierarchy) 9 | - [Create App Of Everything Pattern](#create-app-of-everything-pattern) 10 | - [Intall Argo CD Using Helm](#intall-argo-cd-using-helm) 11 | - [Demo With Sample Application](#demo-with-sample-application) 12 | - [Cleanup](#cleanup) 13 | 14 | # Introduction 15 | This project aims to install a self-managed Argo CD using the App of App pattern. Full instructions and explanation can be found in the Medium article [Self Managed Argo CD — App Of Everything](https://medium.com/devopsturkiye/self-managed-argo-cd-app-of-everything-a226eb100cf0). 16 | 17 | # Clone Repository 18 | Clone kurtburak/argocd repository to your local device. 19 | ``` 20 | git clone https://github.com/kurtburak/argocd.git 21 | ``` 22 | # Create Local Kubernetes Cluster 23 | Intall kind. 24 | ``` 25 | brew install kind 26 | ``` 27 | 28 | Create local Kubernetes Cluster using kind 29 | ``` 30 | kind create cluster — name my-cluster 31 | ``` 32 | 33 | Check cluster is running and healthy 34 | ``` 35 | kubectl cluster-info — context kind-my-cluster 36 | 37 | Kubernetes control plane is running at https://127.0.0.1:50589 38 | KubeDNS is running at https://127.0.0.1:50589/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy 39 | To further debug and diagnose cluster problems, use ‘kubectl cluster-info dump’. 40 | ``` 41 | 42 | # Git Repository Hierarchy 43 | Folder structure below is used in this project. You are free to change it. 44 | ``` 45 | argocd/ 46 | ├── argocd-appprojects # stores ArgoCD App Project's yaml files 47 | ├── argocd-apps # stores ArgoCD Application's yaml files 48 | ├── argocd-install # stores Argo CD installation files 49 | │ ├── argo-cd # argo/argo-cd helm chart 50 | │ └── values-override.yaml # custom values.yaml for argo-cd chart 51 | ``` 52 | 53 | # Create App Of Everything Pattern 54 | 55 | Open *argocd-install/values-override.yaml* with your favorite editor and modify related values. 56 | ``` 57 | vi argocd-install/values-override.yaml 58 | ``` 59 | Or update it with your values. 60 | ``` 61 | cat << EOF > argocd-install/values-override.yaml 62 | server: 63 | configEnabled: true 64 | config: 65 | repositories: | 66 | - type: git 67 | url: https://github.com/kurtburak/argocd.git 68 | - name: argo-helm 69 | type: helm 70 | url: https://argoproj.github.io/argo-helm 71 | additionalApplications: 72 | - name: argocd 73 | namespace: argocd 74 | destination: 75 | namespace: argocd 76 | server: https://kubernetes.default.svc 77 | project: argocd 78 | source: 79 | helm: 80 | version: v3 81 | valueFiles: 82 | - values.yaml 83 | - ../values-override.yaml 84 | path: argocd-install/argo-cd 85 | repoURL: https://github.com/kurtburak/argocd.git 86 | targetRevision: HEAD 87 | syncPolicy: 88 | syncOptions: 89 | - CreateNamespace=true 90 | - name: argocd-apps 91 | namespace: argocd 92 | destination: 93 | namespace: argocd 94 | server: https://kubernetes.default.svc 95 | project: argocd 96 | source: 97 | path: argocd-apps 98 | repoURL: https://github.com/kurtburak/argocd.git 99 | targetRevision: HEAD 100 | directory: 101 | recurse: true 102 | jsonnet: {} 103 | syncPolicy: 104 | automated: 105 | selfHeal: true 106 | prune: true 107 | - name: argocd-appprojects 108 | namespace: argocd 109 | destination: 110 | namespace: argocd 111 | server: https://kubernetes.default.svc 112 | project: argocd 113 | source: 114 | path: argocd-appprojects 115 | repoURL: https://github.com/kurtburak/argocd.git 116 | targetRevision: HEAD 117 | directory: 118 | recurse: true 119 | jsonnet: {} 120 | syncPolicy: 121 | automated: 122 | selfHeal: true 123 | prune: true 124 | additionalProjects: 125 | - name: argocd 126 | namespace: argocd 127 | additionalLabels: {} 128 | additionalAnnotations: {} 129 | description: Argocd Project 130 | sourceRepos: 131 | - '*' 132 | destinations: 133 | - namespace: argocd 134 | server: https://kubernetes.default.svc 135 | clusterResourceWhitelist: 136 | - group: '*' 137 | kind: '*' 138 | orphanedResources: 139 | warn: false 140 | EOF 141 | ``` 142 | 143 | # Intall Argo CD Using Helm 144 | Go to argocd directory. 145 | ``` 146 | cd argocd/argocd-install/ 147 | ``` 148 | 149 | Intall Argo CD to *argocd* namespace using argo-cd helm chart overriding default values with *values-override.yaml* file. If argocd namespace does not exist, use *--create-namespace* parameter to create it. 150 | ``` 151 | helm install argocd ./argo-cd \ 152 | --namespace=argocd \ 153 | --create-namespace \ 154 | -f values-override.yaml 155 | ``` 156 | 157 | Wait until all pods are running. 158 | ``` 159 | kubectl -n argocd get pods 160 | 161 | NAME READY STATUS RESTARTS 162 | argocd-application-controller-bcc4f7584-vsbc7 1/1 Running 0 163 | argocd-dex-server-77f6fc6cfb-v844k 1/1 Running 0 164 | argocd-redis-7966999975-68hm7 1/1 Running 0 165 | argocd-repo-server-6b76b7ff6b-2fgqr 1/1 Running 0 166 | argocd-server-848dbc6cb4-r48qp 1/1 Running 0 167 | ``` 168 | 169 | Get initial admin password. 170 | ``` 171 | kubectl -n argocd get secrets argocd-initial-admin-secret \ 172 | -o jsonpath='{.data.password}' | base64 -d 173 | ``` 174 | 175 | Forward argocd-server service port 80 to localhost:8080 using kubectl. 176 | ``` 177 | kubectl -n argocd port-forward service/argocd-server 8080:80 178 | ``` 179 | 180 | Browse http://localhost:8080 and login with initial admin password. 181 | 182 | # Demo With Sample Application 183 | Create an application project definition file called *sample-project*. 184 | ``` 185 | cat << EOF > argocd-appprojects/sample-project.yaml 186 | apiVersion: argoproj.io/v1alpha1 187 | kind: AppProject 188 | metadata: 189 | name: sample-project 190 | namespace: argocd 191 | spec: 192 | clusterResourceWhitelist: 193 | - group: '*' 194 | kind: '*' 195 | destinations: 196 | - namespace: sample-app 197 | server: https://kubernetes.default.svc 198 | orphanedResources: 199 | warn: false 200 | sourceRepos: 201 | - '*' 202 | EOF 203 | ``` 204 | 205 | Push changes to your repository. 206 | ``` 207 | git add argocd-appprojects/sample-project.yaml 208 | git commit -m "Create sample-project" 209 | git push 210 | ``` 211 | 212 | Create a saple applicaiton definition yaml file called *sample-app* under argocd-apps. 213 | ``` 214 | cat << EOF >> argocd-apps/sample-app.yaml 215 | apiVersion: argoproj.io/v1alpha1 216 | kind: Application 217 | metadata: 218 | name: sample-app 219 | namespace: argocd 220 | spec: 221 | destination: 222 | namespace: sample-app 223 | server: https://kubernetes.default.svc 224 | project: sample-project 225 | source: 226 | path: sample-app/ 227 | repoURL: https://github.com/kurtburak/argocd.git 228 | targetRevision: HEAD 229 | syncPolicy: 230 | syncOptions: 231 | - CreateNamespace=true 232 | automated: 233 | selfHeal: true 234 | prune: true 235 | EOF 236 | ``` 237 | 238 | Push changes to your repository. 239 | ``` 240 | git add argocd-apps/sample-app.yaml 241 | git commit -m "Create application" 242 | git push 243 | ``` 244 | 245 | # Cleanup 246 | Remove application and applicaiton project. 247 | ``` 248 | rm -f argocd-apps/sample-app.yaml 249 | rm -f argocd-appprojects/sample-project.yaml 250 | git rm argocd-apps/sample-app.yaml 251 | git rm argocd-appprojects/sample-project.yaml 252 | git commit -m "Remove app and project." 253 | git push 254 | ``` 255 | -------------------------------------------------------------------------------- /sample-app/bookinfo.yaml: -------------------------------------------------------------------------------- 1 | # Copyright Istio Authors 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | ################################################################################################## 16 | # This file defines the services, service accounts, and deployments for the Bookinfo sample. 17 | # 18 | # To apply all 4 Bookinfo services, their corresponding service accounts, and deployments: 19 | # 20 | # kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml 21 | # 22 | # Alternatively, you can deploy any resource separately: 23 | # 24 | # kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml -l service=reviews # reviews Service 25 | # kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml -l account=reviews # reviews ServiceAccount 26 | # kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml -l app=reviews,version=v3 # reviews-v3 Deployment 27 | ################################################################################################## 28 | 29 | ################################################################################################## 30 | # Details service 31 | ################################################################################################## 32 | apiVersion: v1 33 | kind: Service 34 | metadata: 35 | name: details 36 | labels: 37 | app: details 38 | service: details 39 | spec: 40 | ports: 41 | - port: 9080 42 | name: http 43 | selector: 44 | app: details 45 | --- 46 | apiVersion: v1 47 | kind: ServiceAccount 48 | metadata: 49 | name: bookinfo-details 50 | labels: 51 | account: details 52 | --- 53 | apiVersion: apps/v1 54 | kind: Deployment 55 | metadata: 56 | name: details-v1 57 | labels: 58 | app: details 59 | version: v1 60 | spec: 61 | replicas: 1 62 | selector: 63 | matchLabels: 64 | app: details 65 | version: v1 66 | template: 67 | metadata: 68 | labels: 69 | app: details 70 | version: v1 71 | spec: 72 | serviceAccountName: bookinfo-details 73 | containers: 74 | - name: details 75 | image: docker.io/istio/examples-bookinfo-details-v1:1.16.2 76 | imagePullPolicy: IfNotPresent 77 | ports: 78 | - containerPort: 9080 79 | securityContext: 80 | runAsUser: 1000 81 | --- 82 | ################################################################################################## 83 | # Ratings service 84 | ################################################################################################## 85 | apiVersion: v1 86 | kind: Service 87 | metadata: 88 | name: ratings 89 | labels: 90 | app: ratings 91 | service: ratings 92 | spec: 93 | ports: 94 | - port: 9080 95 | name: http 96 | selector: 97 | app: ratings 98 | --- 99 | apiVersion: v1 100 | kind: ServiceAccount 101 | metadata: 102 | name: bookinfo-ratings 103 | labels: 104 | account: ratings 105 | --- 106 | apiVersion: apps/v1 107 | kind: Deployment 108 | metadata: 109 | name: ratings-v1 110 | labels: 111 | app: ratings 112 | version: v1 113 | spec: 114 | replicas: 1 115 | selector: 116 | matchLabels: 117 | app: ratings 118 | version: v1 119 | template: 120 | metadata: 121 | labels: 122 | app: ratings 123 | version: v1 124 | spec: 125 | serviceAccountName: bookinfo-ratings 126 | containers: 127 | - name: ratings 128 | image: docker.io/istio/examples-bookinfo-ratings-v1:1.16.2 129 | imagePullPolicy: IfNotPresent 130 | ports: 131 | - containerPort: 9080 132 | securityContext: 133 | runAsUser: 1000 134 | --- 135 | ################################################################################################## 136 | # Reviews service 137 | ################################################################################################## 138 | apiVersion: v1 139 | kind: Service 140 | metadata: 141 | name: reviews 142 | labels: 143 | app: reviews 144 | service: reviews 145 | spec: 146 | ports: 147 | - port: 9080 148 | name: http 149 | selector: 150 | app: reviews 151 | --- 152 | apiVersion: v1 153 | kind: ServiceAccount 154 | metadata: 155 | name: bookinfo-reviews 156 | labels: 157 | account: reviews 158 | --- 159 | apiVersion: apps/v1 160 | kind: Deployment 161 | metadata: 162 | name: reviews-v1 163 | labels: 164 | app: reviews 165 | version: v1 166 | spec: 167 | replicas: 1 168 | selector: 169 | matchLabels: 170 | app: reviews 171 | version: v1 172 | template: 173 | metadata: 174 | labels: 175 | app: reviews 176 | version: v1 177 | spec: 178 | serviceAccountName: bookinfo-reviews 179 | containers: 180 | - name: reviews 181 | image: docker.io/istio/examples-bookinfo-reviews-v1:1.16.2 182 | imagePullPolicy: IfNotPresent 183 | env: 184 | - name: LOG_DIR 185 | value: "/tmp/logs" 186 | ports: 187 | - containerPort: 9080 188 | volumeMounts: 189 | - name: tmp 190 | mountPath: /tmp 191 | - name: wlp-output 192 | mountPath: /opt/ibm/wlp/output 193 | securityContext: 194 | runAsUser: 1000 195 | volumes: 196 | - name: wlp-output 197 | emptyDir: {} 198 | - name: tmp 199 | emptyDir: {} 200 | --- 201 | apiVersion: apps/v1 202 | kind: Deployment 203 | metadata: 204 | name: reviews-v2 205 | labels: 206 | app: reviews 207 | version: v2 208 | spec: 209 | replicas: 1 210 | selector: 211 | matchLabels: 212 | app: reviews 213 | version: v2 214 | template: 215 | metadata: 216 | labels: 217 | app: reviews 218 | version: v2 219 | spec: 220 | serviceAccountName: bookinfo-reviews 221 | containers: 222 | - name: reviews 223 | image: docker.io/istio/examples-bookinfo-reviews-v2:1.16.2 224 | imagePullPolicy: IfNotPresent 225 | env: 226 | - name: LOG_DIR 227 | value: "/tmp/logs" 228 | ports: 229 | - containerPort: 9080 230 | volumeMounts: 231 | - name: tmp 232 | mountPath: /tmp 233 | - name: wlp-output 234 | mountPath: /opt/ibm/wlp/output 235 | securityContext: 236 | runAsUser: 1000 237 | volumes: 238 | - name: wlp-output 239 | emptyDir: {} 240 | - name: tmp 241 | emptyDir: {} 242 | --- 243 | apiVersion: apps/v1 244 | kind: Deployment 245 | metadata: 246 | name: reviews-v3 247 | labels: 248 | app: reviews 249 | version: v3 250 | spec: 251 | replicas: 1 252 | selector: 253 | matchLabels: 254 | app: reviews 255 | version: v3 256 | template: 257 | metadata: 258 | labels: 259 | app: reviews 260 | version: v3 261 | spec: 262 | serviceAccountName: bookinfo-reviews 263 | containers: 264 | - name: reviews 265 | image: docker.io/istio/examples-bookinfo-reviews-v3:1.16.2 266 | imagePullPolicy: IfNotPresent 267 | env: 268 | - name: LOG_DIR 269 | value: "/tmp/logs" 270 | ports: 271 | - containerPort: 9080 272 | volumeMounts: 273 | - name: tmp 274 | mountPath: /tmp 275 | - name: wlp-output 276 | mountPath: /opt/ibm/wlp/output 277 | securityContext: 278 | runAsUser: 1000 279 | volumes: 280 | - name: wlp-output 281 | emptyDir: {} 282 | - name: tmp 283 | emptyDir: {} 284 | --- 285 | ################################################################################################## 286 | # Productpage services 287 | ################################################################################################## 288 | apiVersion: v1 289 | kind: Service 290 | metadata: 291 | name: productpage 292 | labels: 293 | app: productpage 294 | service: productpage 295 | spec: 296 | ports: 297 | - port: 9080 298 | name: http 299 | selector: 300 | app: productpage 301 | --- 302 | apiVersion: v1 303 | kind: ServiceAccount 304 | metadata: 305 | name: bookinfo-productpage 306 | labels: 307 | account: productpage 308 | --- 309 | apiVersion: apps/v1 310 | kind: Deployment 311 | metadata: 312 | name: productpage-v1 313 | labels: 314 | app: productpage 315 | version: v1 316 | spec: 317 | replicas: 1 318 | selector: 319 | matchLabels: 320 | app: productpage 321 | version: v1 322 | template: 323 | metadata: 324 | labels: 325 | app: productpage 326 | version: v1 327 | spec: 328 | serviceAccountName: bookinfo-productpage 329 | containers: 330 | - name: productpage 331 | image: docker.io/istio/examples-bookinfo-productpage-v1:1.16.2 332 | imagePullPolicy: IfNotPresent 333 | ports: 334 | - containerPort: 9080 335 | volumeMounts: 336 | - name: tmp 337 | mountPath: /tmp 338 | securityContext: 339 | runAsUser: 1000 340 | volumes: 341 | - name: tmp 342 | emptyDir: {} 343 | --- 344 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/crds/crd-project.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: appprojects.argoproj.io 6 | app.kubernetes.io/part-of: argocd 7 | name: appprojects.argoproj.io 8 | annotations: 9 | helm.sh/hook: crd-install 10 | spec: 11 | group: argoproj.io 12 | names: 13 | kind: AppProject 14 | listKind: AppProjectList 15 | plural: appprojects 16 | shortNames: 17 | - appproj 18 | - appprojs 19 | singular: appproject 20 | scope: Namespaced 21 | versions: 22 | - name: v1alpha1 23 | schema: 24 | openAPIV3Schema: 25 | description: 'AppProject provides a logical grouping of applications, providing controls for: * where the apps may deploy to (cluster whitelist) * what may be deployed (repository whitelist, resource whitelist/blacklist) * who can access these applications (roles, OIDC group claims bindings) * and what they can do (RBAC policies) * automation access to these roles (JWT tokens)' 26 | properties: 27 | apiVersion: 28 | description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 29 | type: string 30 | kind: 31 | description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 32 | type: string 33 | metadata: 34 | type: object 35 | spec: 36 | description: AppProjectSpec is the specification of an AppProject 37 | properties: 38 | clusterResourceBlacklist: 39 | description: ClusterResourceBlacklist contains list of blacklisted cluster level resources 40 | items: 41 | description: GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types 42 | properties: 43 | group: 44 | type: string 45 | kind: 46 | type: string 47 | required: 48 | - group 49 | - kind 50 | type: object 51 | type: array 52 | clusterResourceWhitelist: 53 | description: ClusterResourceWhitelist contains list of whitelisted cluster level resources 54 | items: 55 | description: GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types 56 | properties: 57 | group: 58 | type: string 59 | kind: 60 | type: string 61 | required: 62 | - group 63 | - kind 64 | type: object 65 | type: array 66 | description: 67 | description: Description contains optional project description 68 | type: string 69 | destinations: 70 | description: Destinations contains list of destinations available for deployment 71 | items: 72 | description: ApplicationDestination holds information about the application's destination 73 | properties: 74 | name: 75 | description: Name is an alternate way of specifying the target cluster by its symbolic name 76 | type: string 77 | namespace: 78 | description: Namespace specifies the target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace 79 | type: string 80 | server: 81 | description: Server specifies the URL of the target cluster and must be set to the Kubernetes control plane API 82 | type: string 83 | type: object 84 | type: array 85 | namespaceResourceBlacklist: 86 | description: NamespaceResourceBlacklist contains list of blacklisted namespace level resources 87 | items: 88 | description: GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types 89 | properties: 90 | group: 91 | type: string 92 | kind: 93 | type: string 94 | required: 95 | - group 96 | - kind 97 | type: object 98 | type: array 99 | namespaceResourceWhitelist: 100 | description: NamespaceResourceWhitelist contains list of whitelisted namespace level resources 101 | items: 102 | description: GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types 103 | properties: 104 | group: 105 | type: string 106 | kind: 107 | type: string 108 | required: 109 | - group 110 | - kind 111 | type: object 112 | type: array 113 | orphanedResources: 114 | description: OrphanedResources specifies if controller should monitor orphaned resources of apps in this project 115 | properties: 116 | ignore: 117 | description: Ignore contains a list of resources that are to be excluded from orphaned resources monitoring 118 | items: 119 | description: OrphanedResourceKey is a reference to a resource to be ignored from 120 | properties: 121 | group: 122 | type: string 123 | kind: 124 | type: string 125 | name: 126 | type: string 127 | type: object 128 | type: array 129 | warn: 130 | description: Warn indicates if warning condition should be created for apps which have orphaned resources 131 | type: boolean 132 | type: object 133 | roles: 134 | description: Roles are user defined RBAC roles associated with this project 135 | items: 136 | description: ProjectRole represents a role that has access to a project 137 | properties: 138 | description: 139 | description: Description is a description of the role 140 | type: string 141 | groups: 142 | description: Groups are a list of OIDC group claims bound to this role 143 | items: 144 | type: string 145 | type: array 146 | jwtTokens: 147 | description: JWTTokens are a list of generated JWT tokens bound to this role 148 | items: 149 | description: JWTToken holds the issuedAt and expiresAt values of a token 150 | properties: 151 | exp: 152 | format: int64 153 | type: integer 154 | iat: 155 | format: int64 156 | type: integer 157 | id: 158 | type: string 159 | required: 160 | - iat 161 | type: object 162 | type: array 163 | name: 164 | description: Name is a name for this role 165 | type: string 166 | policies: 167 | description: Policies Stores a list of casbin formated strings that define access policies for the role in the project 168 | items: 169 | type: string 170 | type: array 171 | required: 172 | - name 173 | type: object 174 | type: array 175 | signatureKeys: 176 | description: SignatureKeys contains a list of PGP key IDs that commits in Git must be signed with in order to be allowed for sync 177 | items: 178 | description: SignatureKey is the specification of a key required to verify commit signatures with 179 | properties: 180 | keyID: 181 | description: The ID of the key in hexadecimal notation 182 | type: string 183 | required: 184 | - keyID 185 | type: object 186 | type: array 187 | sourceRepos: 188 | description: SourceRepos contains list of repository URLs which can be used for deployment 189 | items: 190 | type: string 191 | type: array 192 | syncWindows: 193 | description: SyncWindows controls when syncs can be run for apps in this project 194 | items: 195 | description: SyncWindow contains the kind, time, duration and attributes that are used to assign the syncWindows to apps 196 | properties: 197 | applications: 198 | description: Applications contains a list of applications that the window will apply to 199 | items: 200 | type: string 201 | type: array 202 | clusters: 203 | description: Clusters contains a list of clusters that the window will apply to 204 | items: 205 | type: string 206 | type: array 207 | duration: 208 | description: Duration is the amount of time the sync window will be open 209 | type: string 210 | kind: 211 | description: Kind defines if the window allows or blocks syncs 212 | type: string 213 | manualSync: 214 | description: ManualSync enables manual syncs when they would otherwise be blocked 215 | type: boolean 216 | namespaces: 217 | description: Namespaces contains a list of namespaces that the window will apply to 218 | items: 219 | type: string 220 | type: array 221 | schedule: 222 | description: Schedule is the time the window will begin, specified in cron format 223 | type: string 224 | type: object 225 | type: array 226 | type: object 227 | status: 228 | description: AppProjectStatus contains status information for AppProject CRs 229 | properties: 230 | jwtTokensByRole: 231 | additionalProperties: 232 | description: JWTTokens represents a list of JWT tokens 233 | properties: 234 | items: 235 | items: 236 | description: JWTToken holds the issuedAt and expiresAt values of a token 237 | properties: 238 | exp: 239 | format: int64 240 | type: integer 241 | iat: 242 | format: int64 243 | type: integer 244 | id: 245 | type: string 246 | required: 247 | - iat 248 | type: object 249 | type: array 250 | type: object 251 | description: JWTTokensByRole contains a list of JWT tokens issued for a given role 252 | type: object 253 | type: object 254 | required: 255 | - metadata 256 | - spec 257 | type: object 258 | served: true 259 | storage: true 260 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/charts/redis-ha/values.yaml: -------------------------------------------------------------------------------- 1 | ## Configure resource requests and limits 2 | ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ 3 | ## 4 | image: 5 | repository: redis 6 | tag: 6.0.7-alpine 7 | pullPolicy: IfNotPresent 8 | 9 | ## Reference to one or more secrets to be used when pulling images 10 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ 11 | ## This imagePullSecrets is only for redis images 12 | ## 13 | imagePullSecrets: [] 14 | # - name: "image-pull-secret" 15 | 16 | ## replicas number for each component 17 | replicas: 3 18 | 19 | ## read-only replicas 20 | ## indexed slaves get never promoted to be master 21 | ## index starts with 0 - which is master on init 22 | ## i.e. "8,9" means 8th and 9th slave will be replica with replica-priority=0 23 | ## see also: https://redis.io/topics/sentinel 24 | ro_replicas: "" 25 | 26 | ## Kubernetes priorityClass name for the redis-ha-server pod 27 | # priorityClassName: "" 28 | 29 | ## Custom labels for the redis pod 30 | labels: {} 31 | 32 | configmap: 33 | ## Custom labels for the redis configmap 34 | labels: {} 35 | 36 | ## Pods Service Account 37 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ 38 | serviceAccount: 39 | ## Specifies whether a ServiceAccount should be created 40 | ## 41 | create: true 42 | ## The name of the ServiceAccount to use. 43 | ## If not set and create is true, a name is generated using the redis-ha.fullname template 44 | # name: 45 | ## opt in/out of automounting API credentials into container 46 | ## https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ 47 | automountToken: false 48 | 49 | ## Enables a HA Proxy for better LoadBalancing / Sentinel Master support. Automatically proxies to Redis master. 50 | ## Recommend for externally exposed Redis clusters. 51 | ## ref: https://cbonte.github.io/haproxy-dconv/1.9/intro.html 52 | haproxy: 53 | enabled: false 54 | # Enable if you want a dedicated port in haproxy for redis-slaves 55 | readOnly: 56 | enabled: false 57 | port: 6380 58 | replicas: 3 59 | image: 60 | repository: haproxy 61 | tag: 2.0.4 62 | pullPolicy: IfNotPresent 63 | 64 | ## Custom labels for the haproxy pod 65 | labels: {} 66 | 67 | ## Reference to one or more secrets to be used when pulling images 68 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ 69 | ## 70 | imagePullSecrets: [] 71 | # - name: "image-pull-secret" 72 | 73 | annotations: {} 74 | resources: {} 75 | emptyDir: {} 76 | 77 | ## PodSecurityPolicy configuration 78 | ## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ 79 | ## 80 | podSecurityPolicy: 81 | ## Specifies whether a PodSecurityPolicy should be created 82 | ## 83 | create: false 84 | 85 | ## Enable sticky sessions to Redis nodes via HAProxy 86 | ## Very useful for long-living connections as in case of Sentry for example 87 | stickyBalancing: false 88 | ## Kubernetes priorityClass name for the haproxy pod 89 | # priorityClassName: "" 90 | ## Service type for HAProxy 91 | ## 92 | service: 93 | type: ClusterIP 94 | loadBalancerIP: 95 | annotations: {} 96 | serviceAccount: 97 | create: true 98 | ## Official HAProxy embedded prometheus metrics settings. 99 | ## Ref: https://github.com/haproxy/haproxy/tree/master/contrib/prometheus-exporter 100 | ## 101 | metrics: 102 | enabled: false 103 | # prometheus port & scrape path 104 | port: 9101 105 | portName: http-exporter-port 106 | scrapePath: /metrics 107 | 108 | serviceMonitor: 109 | # When set true then use a ServiceMonitor to configure scraping 110 | enabled: false 111 | # Set the namespace the ServiceMonitor should be deployed 112 | # namespace: monitoring 113 | # Set how frequently Prometheus should scrape 114 | # interval: 30s 115 | # Set path to redis-exporter telemtery-path 116 | # telemetryPath: /metrics 117 | # Set labels for the ServiceMonitor, use this to define your scrape label for Prometheus Operator 118 | # labels: {} 119 | # Set timeout for scrape 120 | # timeout: 10s 121 | init: 122 | resources: {} 123 | timeout: 124 | connect: 4s 125 | server: 30s 126 | client: 30s 127 | check: 2s 128 | securityContext: 129 | runAsUser: 1000 130 | fsGroup: 1000 131 | runAsNonRoot: true 132 | 133 | ## Whether the haproxy pods should be forced to run on separate nodes. 134 | hardAntiAffinity: true 135 | 136 | ## Additional affinities to add to the haproxy pods. 137 | additionalAffinities: {} 138 | 139 | ## Override all other affinity settings for the haproxy pods with a string. 140 | affinity: | 141 | 142 | ## Custom config-haproxy.cfg files used to override default settings. If this file is 143 | ## specified then the config-haproxy.cfg above will be ignored. 144 | # customConfig: |- 145 | # Define configuration here 146 | ## Place any additional configuration section to add to the default config-haproxy.cfg 147 | # extraConfig: |- 148 | # Define configuration here 149 | 150 | ## Container lifecycle hooks 151 | ## Ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/ 152 | lifecycle: {} 153 | 154 | ## PodSecurityPolicy configuration 155 | ## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ 156 | ## 157 | podSecurityPolicy: 158 | ## Specifies whether a PodSecurityPolicy should be created 159 | ## 160 | create: false 161 | 162 | ## Role Based Access 163 | ## Ref: https://kubernetes.io/docs/admin/authorization/rbac/ 164 | ## 165 | rbac: 166 | create: true 167 | 168 | sysctlImage: 169 | enabled: false 170 | command: [] 171 | registry: docker.io 172 | repository: busybox 173 | tag: 1.31.1 174 | pullPolicy: Always 175 | mountHostSys: false 176 | resources: {} 177 | 178 | ## Use an alternate scheduler, e.g. "stork". 179 | ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ 180 | ## 181 | # schedulerName: 182 | 183 | ## Redis specific configuration options 184 | redis: 185 | port: 6379 186 | masterGroupName: "mymaster" # must match ^[\\w-\\.]+$) and can be templated 187 | 188 | ## Configures redis with tls-port parameter 189 | # tlsPort: 6385 190 | 191 | ## Configures redis with tls-replication parameter, if true sets "tls-replication yes" in redis.conf 192 | # tlsReplication: true 193 | 194 | ## It is possible to disable client side certificates authentication when "authClients" is set to "no" 195 | # authClients: "no" 196 | 197 | # liveness probe parameters for redis container 198 | livenessProbe: 199 | initialDelaySeconds: 30 200 | periodSeconds: 15 201 | timeoutSeconds: 15 202 | successThreshold: 1 203 | failureThreshold: 5 204 | 205 | config: 206 | ## Additional redis conf options can be added below 207 | ## For all available options see http://download.redis.io/redis-stable/redis.conf 208 | min-replicas-to-write: 1 209 | min-replicas-max-lag: 5 # Value in seconds 210 | maxmemory: "0" # Max memory to use for each redis instance. Default is unlimited. 211 | maxmemory-policy: "volatile-lru" # Max memory policy to use for each redis instance. Default is volatile-lru. 212 | # Determines if scheduled RDB backups are created. Default is false. 213 | # Please note that local (on-disk) RDBs will still be created when re-syncing with a new slave. The only way to prevent this is to enable diskless replication. 214 | save: "900 1" 215 | # When enabled, directly sends the RDB over the wire to slaves, without using the disk as intermediate storage. Default is false. 216 | repl-diskless-sync: "yes" 217 | rdbcompression: "yes" 218 | rdbchecksum: "yes" 219 | 220 | ## Custom redis.conf files used to override default settings. If this file is 221 | ## specified then the redis.config above will be ignored. 222 | # customConfig: |- 223 | # Define configuration here 224 | 225 | resources: {} 226 | # requests: 227 | # memory: 200Mi 228 | # cpu: 100m 229 | # limits: 230 | # memory: 700Mi 231 | 232 | ## Container lifecycle hooks 233 | ## Ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/ 234 | lifecycle: {} 235 | 236 | ## Sentinel specific configuration options 237 | sentinel: 238 | port: 26379 239 | 240 | ## Configures sentinel with tls-port parameter 241 | # tlsPort: 26385 242 | 243 | ## Configures sentinel with tls-replication parameter, if true sets "tls-replication yes" in sentinel.conf 244 | # tlsReplication: true 245 | 246 | ## It is possible to disable client side certificates authentication when "authClients" is set to "no" 247 | # authClients: "no" 248 | 249 | ## Configures sentinel with AUTH (requirepass params) 250 | auth: false 251 | 252 | # password: password 253 | 254 | ## Use existing secret containing key `authKey` (ignores sentinel.password) 255 | # existingSecret: sentinel-secret 256 | 257 | ## Defines the key holding the sentinel password in existing secret. 258 | authKey: sentinel-password 259 | 260 | # liveness probe parameters for sentinel container 261 | livenessProbe: 262 | initialDelaySeconds: 30 263 | periodSeconds: 15 264 | timeoutSeconds: 15 265 | successThreshold: 1 266 | failureThreshold: 5 267 | 268 | quorum: 2 269 | config: 270 | ## Additional sentinel conf options can be added below. Only options that 271 | ## are expressed in the format simialar to 'sentinel xxx mymaster xxx' will 272 | ## be properly templated expect maxclients option. 273 | ## For available options see http://download.redis.io/redis-stable/sentinel.conf 274 | down-after-milliseconds: 10000 275 | ## Failover timeout value in milliseconds 276 | failover-timeout: 180000 277 | parallel-syncs: 5 278 | maxclients: 10000 279 | 280 | ## Custom sentinel.conf files used to override default settings. If this file is 281 | ## specified then the sentinel.config above will be ignored. 282 | # customConfig: |- 283 | # Define configuration here 284 | 285 | resources: {} 286 | # requests: 287 | # memory: 200Mi 288 | # cpu: 100m 289 | # limits: 290 | # memory: 200Mi 291 | 292 | ## Container lifecycle hooks 293 | ## Ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/ 294 | lifecycle: {} 295 | 296 | securityContext: 297 | runAsUser: 1000 298 | fsGroup: 1000 299 | runAsNonRoot: true 300 | 301 | ## Node labels, affinity, and tolerations for pod assignment 302 | ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector 303 | ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature 304 | ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity 305 | nodeSelector: {} 306 | 307 | ## Whether the Redis server pods should be forced to run on separate nodes. 308 | ## This is accomplished by setting their AntiAffinity with requiredDuringSchedulingIgnoredDuringExecution as opposed to preferred. 309 | ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity-beta-feature 310 | ## 311 | hardAntiAffinity: true 312 | 313 | ## Additional affinities to add to the Redis server pods. 314 | ## 315 | ## Example: 316 | ## nodeAffinity: 317 | ## preferredDuringSchedulingIgnoredDuringExecution: 318 | ## - weight: 50 319 | ## preference: 320 | ## matchExpressions: 321 | ## - key: spot 322 | ## operator: NotIn 323 | ## values: 324 | ## - "true" 325 | ## 326 | ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity 327 | ## 328 | additionalAffinities: {} 329 | 330 | ## Override all other affinity settings for the Redis server pods with a string. 331 | ## 332 | ## Example: 333 | ## affinity: | 334 | ## podAntiAffinity: 335 | ## requiredDuringSchedulingIgnoredDuringExecution: 336 | ## - labelSelector: 337 | ## matchLabels: 338 | ## app: {{ template "redis-ha.name" . }} 339 | ## release: {{ .Release.Name }} 340 | ## topologyKey: kubernetes.io/hostname 341 | ## preferredDuringSchedulingIgnoredDuringExecution: 342 | ## - weight: 100 343 | ## podAffinityTerm: 344 | ## labelSelector: 345 | ## matchLabels: 346 | ## app: {{ template "redis-ha.name" . }} 347 | ## release: {{ .Release.Name }} 348 | ## topologyKey: failure-domain.beta.kubernetes.io/zone 349 | ## 350 | affinity: | 351 | 352 | # Prometheus exporter specific configuration options 353 | exporter: 354 | enabled: false 355 | image: oliver006/redis_exporter 356 | tag: v1.13.1 357 | pullPolicy: IfNotPresent 358 | 359 | # prometheus port & scrape path 360 | port: 9121 361 | scrapePath: /metrics 362 | 363 | # Address/Host for Redis instance. Default: localhost 364 | # Exists to circumvent issues with IPv6 dns resolution that occurs on certain environments 365 | ## 366 | address: localhost 367 | 368 | ## Set this to true if you want to connect to redis tls port 369 | # sslEnabled: true 370 | 371 | # cpu/memory resource limits/requests 372 | resources: {} 373 | 374 | # Additional args for redis exporter 375 | extraArgs: {} 376 | 377 | # Used to mount a LUA-Script via config map and use it for metrics-collection 378 | # script: | 379 | # -- Example script copied from: https://github.com/oliver006/redis_exporter/blob/master/contrib/sample_collect_script.lua 380 | # -- Example collect script for -script option 381 | # -- This returns a Lua table with alternating keys and values. 382 | # -- Both keys and values must be strings, similar to a HGETALL result. 383 | # -- More info about Redis Lua scripting: https://redis.io/commands/eval 384 | # 385 | # local result = {} 386 | # 387 | # -- Add all keys and values from some hash in db 5 388 | # redis.call("SELECT", 5) 389 | # local r = redis.call("HGETALL", "some-hash-with-stats") 390 | # if r ~= nil then 391 | # for _,v in ipairs(r) do 392 | # table.insert(result, v) -- alternating keys and values 393 | # end 394 | # end 395 | # 396 | # -- Set foo to 42 397 | # table.insert(result, "foo") 398 | # table.insert(result, "42") -- note the string, use tostring() if needed 399 | # 400 | # return result 401 | 402 | serviceMonitor: 403 | # When set true then use a ServiceMonitor to configure scraping 404 | enabled: false 405 | # Set the namespace the ServiceMonitor should be deployed 406 | # namespace: monitoring 407 | # Set how frequently Prometheus should scrape 408 | # interval: 30s 409 | # Set path to redis-exporter telemtery-path 410 | # telemetryPath: /metrics 411 | # Set labels for the ServiceMonitor, use this to define your scrape label for Prometheus Operator 412 | # labels: {} 413 | # Set timeout for scrape 414 | # timeout: 10s 415 | 416 | # prometheus exporter SCANS redis db which can take some time 417 | # allow different probe settings to not let container crashloop 418 | livenessProbe: 419 | initialDelaySeconds: 15 420 | timeoutSeconds: 3 421 | periodSeconds: 15 422 | 423 | podDisruptionBudget: {} 424 | # maxUnavailable: 1 425 | # minAvailable: 1 426 | 427 | ## Configures redis with AUTH (requirepass & masterauth conf params) 428 | auth: false 429 | # redisPassword: 430 | 431 | ## Use existing secret containing key `authKey` (ignores redisPassword) 432 | # existingSecret: 433 | 434 | ## Defines the key holding the redis password in existing secret. 435 | authKey: auth 436 | 437 | persistentVolume: 438 | enabled: true 439 | ## redis-ha data Persistent Volume Storage Class 440 | ## If defined, storageClassName: 441 | ## If set to "-", storageClassName: "", which disables dynamic provisioning 442 | ## If undefined (the default) or set to null, no storageClassName spec is 443 | ## set, choosing the default provisioner. (gp2 on AWS, standard on 444 | ## GKE, AWS & OpenStack) 445 | ## 446 | # storageClass: "-" 447 | accessModes: 448 | - ReadWriteOnce 449 | size: 10Gi 450 | annotations: {} 451 | init: 452 | resources: {} 453 | 454 | # To use a hostPath for data, set persistentVolume.enabled to false 455 | # and define hostPath.path. 456 | # Warning: this might overwrite existing folders on the host system! 457 | hostPath: 458 | ## path is evaluated as template so placeholders are replaced 459 | # path: "/data/{{ .Release.Name }}" 460 | 461 | # if chown is true, an init-container with root permissions is launched to 462 | # change the owner of the hostPath folder to the user defined in the 463 | # security context 464 | chown: true 465 | 466 | emptyDir: {} 467 | 468 | tls: 469 | ## Fill the name of secret if you want to use your own TLS certificates. 470 | ## The secret should contains keys named by "tls.certFile" - the certificate, "tls.keyFile" - the private key, "tls.caCertFile" - the certificate of CA and "tls.dhParamsFile" - the dh parameter file 471 | ## These secret will be genrated using files from certs folder if the secretName is not set and redis.tlsPort is set 472 | # secretName: tls-secret 473 | 474 | ## Name of certificate file 475 | certFile: redis.crt 476 | ## Name of key file 477 | keyFile: redis.key 478 | ## Name of Diffie-Hellman (DH) key exchange parameters file 479 | # dhParamsFile: redis.dh 480 | ## Name of CA certificate file 481 | caCertFile: ca.crt 482 | 483 | # restore init container is executed if restore.[s3|ssh].source is not false 484 | # restore init container creates /data/dump.rdb_ from original if exists 485 | # restore init container overrides /data/dump.rdb 486 | # secrets are stored into environment of init container - stored encoded on k8s 487 | # REQUIRED for s3 restore: AWS 'access_key' and 'secret_key' 488 | # EXAMPLE source for s3 restore: 's3://bucket/dump.rdb' 489 | # REQUIRED for ssh restore: 'key' should be in one line including CR i.e. '-----BEGIN RSA PRIVATE KEY-----\n...\n...\n...\n-----END RSA PRIVATE KEY-----' 490 | # EXAMPLE source for ssh restore: 'user@server:/path/dump.rdb' 491 | restore: 492 | timeout: 600 493 | s3: 494 | source: false 495 | access_key: "" 496 | secret_key: "" 497 | ssh: 498 | source: false 499 | key: "" 500 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/charts/redis-ha/templates/redis-ha-statefulset.yaml: -------------------------------------------------------------------------------- 1 | {{- $regexRestoreS3 := "^s3://.+|^S3://.+" -}} 2 | {{- $regexRestoreSSH := "^.+@.+:.+" -}} 3 | 4 | apiVersion: apps/v1 5 | kind: StatefulSet 6 | metadata: 7 | name: {{ template "redis-ha.fullname" . }}-server 8 | namespace: {{ .Release.Namespace }} 9 | labels: 10 | {{ template "redis-ha.fullname" . }}: replica 11 | {{ include "labels.standard" . | indent 4 }} 12 | spec: 13 | selector: 14 | matchLabels: 15 | release: {{ .Release.Name }} 16 | app: {{ template "redis-ha.name" . }} 17 | serviceName: {{ template "redis-ha.fullname" . }} 18 | replicas: {{ .Values.replicas }} 19 | podManagementPolicy: OrderedReady 20 | updateStrategy: 21 | type: RollingUpdate 22 | template: 23 | metadata: 24 | annotations: 25 | checksum/init-config: {{ print (include "config-redis.conf" .) (include "config-init.sh" .) (include "redis_liveness.sh" .) (include "sentinel_liveness.sh" .) | sha256sum }} 26 | {{- if .Values.podAnnotations }} 27 | {{ toYaml .Values.podAnnotations | indent 8 }} 28 | {{- end }} 29 | {{- if .Values.exporter.enabled }} 30 | prometheus.io/port: "{{ .Values.exporter.port }}" 31 | prometheus.io/scrape: "true" 32 | prometheus.io/path: {{ .Values.exporter.scrapePath }} 33 | {{- end }} 34 | labels: 35 | release: {{ .Release.Name }} 36 | app: {{ template "redis-ha.name" . }} 37 | {{ template "redis-ha.fullname" . }}: replica 38 | {{- range $key, $value := .Values.labels }} 39 | {{ $key }}: {{ $value | toString }} 40 | {{- end }} 41 | spec: 42 | {{- if .Values.schedulerName }} 43 | schedulerName: "{{ .Values.schedulerName }}" 44 | {{- end }} 45 | {{- if .Values.nodeSelector }} 46 | nodeSelector: 47 | {{ toYaml .Values.nodeSelector | indent 8 }} 48 | {{- end }} 49 | {{- if .Values.tolerations }} 50 | tolerations: 51 | {{ toYaml .Values.tolerations | indent 8 }} 52 | {{- end }} 53 | affinity: 54 | {{- if .Values.affinity }} 55 | {{- with .Values.affinity }} 56 | {{ tpl . $ | indent 8 }} 57 | {{- end }} 58 | {{- else }} 59 | {{- if .Values.additionalAffinities }} 60 | {{ toYaml .Values.additionalAffinities | indent 8 }} 61 | {{- end }} 62 | podAntiAffinity: 63 | {{- if .Values.hardAntiAffinity }} 64 | requiredDuringSchedulingIgnoredDuringExecution: 65 | - labelSelector: 66 | matchLabels: 67 | app: {{ template "redis-ha.name" . }} 68 | release: {{ .Release.Name }} 69 | {{ template "redis-ha.fullname" . }}: replica 70 | topologyKey: kubernetes.io/hostname 71 | {{- else }} 72 | preferredDuringSchedulingIgnoredDuringExecution: 73 | - weight: 100 74 | podAffinityTerm: 75 | labelSelector: 76 | matchLabels: 77 | app: {{ template "redis-ha.name" . }} 78 | release: {{ .Release.Name }} 79 | {{ template "redis-ha.fullname" . }}: replica 80 | topologyKey: kubernetes.io/hostname 81 | {{- end }} 82 | preferredDuringSchedulingIgnoredDuringExecution: 83 | - weight: 100 84 | podAffinityTerm: 85 | labelSelector: 86 | matchLabels: 87 | app: {{ template "redis-ha.name" . }} 88 | release: {{ .Release.Name }} 89 | {{ template "redis-ha.fullname" . }}: replica 90 | topologyKey: failure-domain.beta.kubernetes.io/zone 91 | {{- end }} 92 | {{- if .Values.imagePullSecrets }} 93 | imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }} 94 | {{- end }} 95 | securityContext: 96 | {{ toYaml .Values.securityContext | indent 8 }} 97 | serviceAccountName: {{ template "redis-ha.serviceAccountName" . }} 98 | automountServiceAccountToken: {{ .Values.serviceAccount.automountToken }} 99 | initContainers: 100 | {{- if .Values.sysctlImage.enabled }} 101 | - name: init-sysctl 102 | image: {{ template "redis.sysctl.image" . }} 103 | imagePullPolicy: {{ .Values.sysctlImage.pullPolicy }} 104 | resources: 105 | {{ toYaml .Values.sysctlImage.resources | indent 10 }} 106 | {{- if .Values.sysctlImage.mountHostSys }} 107 | volumeMounts: 108 | - name: host-sys 109 | mountPath: /host-sys 110 | {{- end }} 111 | command: 112 | {{ toYaml .Values.sysctlImage.command | indent 10 }} 113 | securityContext: 114 | runAsNonRoot: false 115 | privileged: true 116 | runAsUser: 0 117 | {{- end }} 118 | {{- if and .Values.hostPath.path .Values.hostPath.chown }} 119 | - name: hostpath-chown 120 | image: {{ .Values.image.repository }}:{{ .Values.image.tag }} 121 | securityContext: 122 | runAsNonRoot: false 123 | runAsUser: 0 124 | command: 125 | - chown 126 | - "{{ .Values.securityContext.runAsUser }}" 127 | - /data 128 | volumeMounts: 129 | - name: data 130 | mountPath: /data 131 | {{- end }} 132 | - name: config-init 133 | image: {{ .Values.image.repository }}:{{ .Values.image.tag }} 134 | imagePullPolicy: {{ .Values.image.pullPolicy }} 135 | resources: 136 | {{ toYaml .Values.init.resources | indent 10 }} 137 | command: 138 | - sh 139 | args: 140 | - /readonly-config/init.sh 141 | env: 142 | {{- $replicas := int (toString .Values.replicas) -}} 143 | {{- range $i := until $replicas }} 144 | - name: SENTINEL_ID_{{ $i }} 145 | value: {{ printf "%s\n%s\nindex: %d" (include "redis-ha.name" $) ($.Release.Name) $i | sha256sum | trunc 40 }} 146 | {{ end -}} 147 | {{- if .Values.auth }} 148 | - name: AUTH 149 | valueFrom: 150 | secretKeyRef: 151 | {{- if .Values.existingSecret }} 152 | name: {{ .Values.existingSecret }} 153 | {{- else }} 154 | name: {{ template "redis-ha.fullname" . }} 155 | {{- end }} 156 | key: {{ .Values.authKey }} 157 | {{- end }} 158 | {{- if .Values.sentinel.auth }} 159 | - name: SENTINELAUTH 160 | valueFrom: 161 | secretKeyRef: 162 | {{- if .Values.sentinel.existingSecret }} 163 | name: {{ .Values.sentinel.existingSecret }} 164 | {{- else }} 165 | name: {{ template "redis-ha.fullname" . }}-sentinel 166 | {{- end }} 167 | key: {{ .Values.sentinel.authKey }} 168 | {{- end }} 169 | volumeMounts: 170 | - name: config 171 | mountPath: /readonly-config 172 | readOnly: true 173 | - name: data 174 | mountPath: /data 175 | {{- if .Values.redis.tlsPort }} 176 | - mountPath: /tls-certs 177 | name: tls-certs 178 | {{- end}} 179 | {{ if regexFind $regexRestoreS3 (toString .Values.restore.s3.source) }} 180 | - name: restore-s3 181 | image: s3cmd/s3cmd:latest 182 | imagePullPolicy: {{ .Values.image.pullPolicy }} 183 | resources: 184 | {{ toYaml .Values.init.resources | indent 10 }} 185 | command: 186 | - sh 187 | args: 188 | - "-c" 189 | - "timeout -t {{ .Values.restore.timeout }} \ 190 | s3cmd get --force '{{ .Values.restore.s3.source }}' /data/dump.rdb_ \ 191 | && test -s /data/dump.rdb_ \ 192 | && if test -s /data/dump.rdb; \ 193 | then cp -v /data/dump.rdb /data/dump.rdb_orig; fi \ 194 | && mv -v /data/dump.rdb_ /data/dump.rdb" 195 | envFrom: 196 | - secretRef: 197 | name: {{ include "redis-ha.fullname" . }}-secret 198 | volumeMounts: 199 | - name: data 200 | mountPath: /data 201 | {{- end }} 202 | {{ if regexFind $regexRestoreSSH (toString .Values.restore.ssh.source) }} 203 | - name: restore-ssh 204 | image: lgatica/openssh-client:latest 205 | imagePullPolicy: {{ .Values.image.pullPolicy }} 206 | resources: 207 | {{ toYaml .Values.init.resources | indent 10 }} 208 | command: 209 | - sh 210 | args: 211 | - "-c" 212 | - "rm -f key && echo -e \"${SSH_KEY}\" >key \ 213 | && chmod 400 key \ 214 | && timeout {{ .Values.restore.timeout }} \ 215 | scp -i key \ 216 | -o StrictHostKeyChecking=no \ 217 | -o UserKnownHostsFile=/dev/null \ 218 | '{{ .Values.restore.ssh.source }}' \ 219 | /data/dump.rdb_ \ 220 | && test -s /data/dump.rdb_ \ 221 | && if test -s /data/dump.rdb; \ 222 | then cp -v /data/dump.rdb /data/dump.rdb_orig; fi \ 223 | && mv -v /data/dump.rdb_ /data/dump.rdb" 224 | securityContext: 225 | runAsNonRoot: false 226 | runAsUser: 0 227 | envFrom: 228 | - secretRef: 229 | name: {{ include "redis-ha.fullname" . }}-secret 230 | volumeMounts: 231 | - name: data 232 | mountPath: /data 233 | {{- end }} 234 | containers: 235 | - name: redis 236 | image: {{ .Values.image.repository }}:{{ .Values.image.tag }} 237 | imagePullPolicy: {{ .Values.image.pullPolicy }} 238 | command: 239 | - redis-server 240 | args: 241 | - /data/conf/redis.conf 242 | {{- if .Values.auth }} 243 | env: 244 | - name: AUTH 245 | valueFrom: 246 | secretKeyRef: 247 | {{- if .Values.existingSecret }} 248 | name: {{ .Values.existingSecret }} 249 | {{- else }} 250 | name: {{ template "redis-ha.fullname" . }} 251 | {{- end }} 252 | key: {{ .Values.authKey }} 253 | {{- end }} 254 | livenessProbe: 255 | initialDelaySeconds: {{ .Values.redis.livenessProbe.initialDelaySeconds }} 256 | periodSeconds: {{ .Values.redis.livenessProbe.periodSeconds }} 257 | timeoutSeconds: {{ .Values.redis.livenessProbe.timeoutSeconds }} 258 | successThreshold: {{ .Values.redis.livenessProbe.successThreshold }} 259 | failureThreshold: {{ .Values.redis.livenessProbe.failureThreshold }} 260 | exec: 261 | command: 262 | - sh 263 | - -c 264 | - /health/redis_liveness.sh 265 | resources: 266 | {{ toYaml .Values.redis.resources | indent 10 }} 267 | ports: 268 | {{- if ne (int .Values.redis.port) 0 }} 269 | - name: redis 270 | containerPort: {{ .Values.redis.port }} 271 | {{- end }} 272 | {{- if .Values.redis.tlsPort }} 273 | - name: redis-tls 274 | containerPort: {{ .Values.redis.tlsPort }} 275 | {{- end }} 276 | volumeMounts: 277 | - mountPath: /data 278 | name: data 279 | {{- if .Values.redis.tlsPort }} 280 | - mountPath: /tls-certs 281 | name: tls-certs 282 | {{- end}} 283 | - mountPath: /health 284 | name: health 285 | lifecycle: 286 | {{ toYaml .Values.redis.lifecycle | indent 10 }} 287 | - name: sentinel 288 | image: {{ .Values.image.repository }}:{{ .Values.image.tag }} 289 | imagePullPolicy: {{ .Values.image.pullPolicy }} 290 | command: 291 | - redis-sentinel 292 | args: 293 | - /data/conf/sentinel.conf 294 | {{- if .Values.auth }} 295 | env: 296 | - name: AUTH 297 | valueFrom: 298 | secretKeyRef: 299 | {{- if .Values.existingSecret }} 300 | name: {{ .Values.existingSecret }} 301 | {{- else }} 302 | name: {{ template "redis-ha.fullname" . }} 303 | {{- end }} 304 | key: {{ .Values.authKey }} 305 | {{- end }} 306 | {{- if .Values.sentinel.auth }} 307 | - name: SENTINELAUTH 308 | valueFrom: 309 | secretKeyRef: 310 | {{- if .Values.sentinel.existingSecret }} 311 | name: {{ .Values.sentinel.existingSecret }} 312 | {{- else }} 313 | name: {{ template "redis-ha.fullname" . }}-sentinel 314 | {{- end }} 315 | key: {{ .Values.sentinel.authKey }} 316 | {{- end }} 317 | livenessProbe: 318 | initialDelaySeconds: {{ .Values.sentinel.livenessProbe.initialDelaySeconds }} 319 | periodSeconds: {{ .Values.sentinel.livenessProbe.periodSeconds }} 320 | timeoutSeconds: {{ .Values.sentinel.livenessProbe.timeoutSeconds }} 321 | successThreshold: {{ .Values.sentinel.livenessProbe.successThreshold }} 322 | failureThreshold: {{ .Values.sentinel.livenessProbe.failureThreshold }} 323 | exec: 324 | command: 325 | - sh 326 | - -c 327 | - /health/sentinel_liveness.sh 328 | resources: 329 | {{ toYaml .Values.sentinel.resources | indent 10 }} 330 | ports: 331 | {{- if ne (int .Values.sentinel.port) 0 }} 332 | - name: sentinel 333 | containerPort: {{ .Values.sentinel.port }} 334 | {{- end }} 335 | {{- if .Values.sentinel.tlsPort }} 336 | - name: sentinel-tls 337 | containerPort: {{ .Values.sentinel.tlsPort }} 338 | {{- end }} 339 | volumeMounts: 340 | - mountPath: /data 341 | name: data 342 | {{- if .Values.redis.tlsPort }} 343 | - mountPath: /tls-certs 344 | name: tls-certs 345 | {{- end }} 346 | - mountPath: /health 347 | name: health 348 | lifecycle: 349 | {{ toYaml .Values.sentinel.lifecycle | indent 10 }} 350 | {{- if .Values.exporter.enabled }} 351 | - name: redis-exporter 352 | image: "{{ .Values.exporter.image }}:{{ .Values.exporter.tag }}" 353 | imagePullPolicy: {{ .Values.exporter.pullPolicy }} 354 | args: 355 | {{- range $key, $value := .Values.exporter.extraArgs }} 356 | - --{{ $key }}={{ $value }} 357 | {{- end }} 358 | env: 359 | - name: REDIS_ADDR 360 | {{- if .Values.exporter.sslEnabled }} 361 | value: rediss://{{ default "localhost" .Values.exporter.address }}:{{ .Values.redis.tlsPort }} 362 | {{- else }} 363 | value: redis://{{ default "localhost" .Values.exporter.address }}:{{ .Values.redis.port }} 364 | {{- end }} 365 | {{- if .Values.auth }} 366 | - name: REDIS_PASSWORD 367 | valueFrom: 368 | secretKeyRef: 369 | {{- if .Values.existingSecret }} 370 | name: {{ .Values.existingSecret }} 371 | {{- else }} 372 | name: {{ template "redis-ha.fullname" . }} 373 | {{- end }} 374 | key: {{ .Values.authKey }} 375 | {{- end }} 376 | {{- if .Values.exporter.script }} 377 | - name: REDIS_EXPORTER_SCRIPT 378 | value: /script/script.lua 379 | {{- end }} 380 | {{- if .Values.exporter.sslEnabled }} 381 | - name: REDIS_EXPORTER_TLS_CLIENT_KEY_FILE 382 | value: /tls-certs/{{ .Values.tls.keyFile }} 383 | - name: REDIS_EXPORTER_TLS_CLIENT_CERT_FILE 384 | value: /tls-certs/{{ .Values.tls.certFile }} 385 | - name: REDIS_EXPORTER_TLS_CA_CERT_FILE 386 | value: /tls-certs/{{ .Values.tls.caCertFile }} 387 | {{- end }} 388 | livenessProbe: 389 | httpGet: 390 | path: {{ .Values.exporter.scrapePath }} 391 | port: {{ .Values.exporter.port }} 392 | initialDelaySeconds: {{ .Values.exporter.livenessProbe.initialDelaySeconds }} 393 | timeoutSeconds: {{ .Values.exporter.livenessProbe.timeoutSeconds }} 394 | periodSeconds: {{ .Values.exporter.livenessProbe.periodSeconds }} 395 | resources: 396 | {{ toYaml .Values.exporter.resources | indent 10 }} 397 | ports: 398 | - name: exporter-port 399 | containerPort: {{ .Values.exporter.port }} 400 | volumeMounts: 401 | {{- if .Values.exporter.script }} 402 | - mountPath: /script 403 | name: script-mount 404 | {{- end }} 405 | {{- if .Values.exporter.sslEnabled }} 406 | - mountPath: /tls-certs 407 | name: tls-certs 408 | {{- end }} 409 | {{- end }} 410 | {{- if .Values.priorityClassName }} 411 | priorityClassName: {{ .Values.priorityClassName }} 412 | {{- end }} 413 | volumes: 414 | - name: config 415 | configMap: 416 | name: {{ template "redis-ha.fullname" . }}-configmap 417 | {{- if .Values.sysctlImage.mountHostSys }} 418 | - name: host-sys 419 | hostPath: 420 | path: /sys 421 | {{- end }} 422 | {{- if .Values.exporter.script }} 423 | - name: script-mount 424 | configMap: 425 | name: {{ template "redis-ha.fullname" . }}-exporter-script-configmap 426 | items: 427 | - key: script 428 | path: script.lua 429 | {{- end }} 430 | {{- if .Values.redis.tlsPort }} 431 | - name: tls-certs 432 | secret: 433 | {{- if .Values.tls.secretName }} 434 | secretName: {{ .Values.tls.secretName }} 435 | {{- else }} 436 | secretName: {{ template "redis-ha.fullname" . }}-tls-secret 437 | {{- end }} 438 | {{- end }} 439 | - name: health 440 | configMap: 441 | name: {{ template "redis-ha.fullname" . }}-health-configmap 442 | defaultMode: 0755 443 | {{- if .Values.persistentVolume.enabled }} 444 | volumeClaimTemplates: 445 | - metadata: 446 | name: data 447 | annotations: 448 | {{- range $key, $value := .Values.persistentVolume.annotations }} 449 | {{ $key }}: {{ $value }} 450 | {{- end }} 451 | spec: 452 | accessModes: 453 | {{- range .Values.persistentVolume.accessModes }} 454 | - {{ . | quote }} 455 | {{- end }} 456 | resources: 457 | requests: 458 | storage: {{ .Values.persistentVolume.size | quote }} 459 | {{- if .Values.persistentVolume.storageClass }} 460 | {{- if (eq "-" .Values.persistentVolume.storageClass) }} 461 | storageClassName: "" 462 | {{- else }} 463 | storageClassName: "{{ .Values.persistentVolume.storageClass }}" 464 | {{- end }} 465 | {{- end }} 466 | {{- else if .Values.hostPath.path }} 467 | - name: data 468 | hostPath: 469 | path: {{ tpl .Values.hostPath.path .}} 470 | {{- else }} 471 | - name: data 472 | emptyDir: 473 | {{ toYaml .Values.emptyDir | indent 10 }} 474 | {{- end }} 475 | -------------------------------------------------------------------------------- /argocd-install/argo-cd/charts/redis-ha/templates/_configs.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | 3 | {{- define "config-redis.conf" }} 4 | {{- if .Values.redis.customConfig }} 5 | {{ tpl .Values.redis.customConfig . | indent 4 }} 6 | {{- else }} 7 | dir "/data" 8 | port {{ .Values.redis.port }} 9 | {{- if .Values.sentinel.tlsPort }} 10 | tls-port {{ .Values.redis.tlsPort }} 11 | tls-cert-file /tls-certs/{{ .Values.tls.certFile }} 12 | tls-key-file /tls-certs/{{ .Values.tls.keyFile }} 13 | {{- if .Values.tls.dhParamsFile }} 14 | tls-dh-params-file /tls-certs/{{ .Values.tls.dhParamsFile }} 15 | {{- end }} 16 | {{- if .Values.tls.caCertFile }} 17 | tls-ca-cert-file /tls-certs/{{ .Values.tls.caCertFile }} 18 | {{- end }} 19 | {{- if eq (default "yes" .Values.redis.authClients) "no"}} 20 | tls-auth-clients no 21 | {{- end }} 22 | tls-replication {{ if .Values.redis.tlsReplication }}yes{{ else }}no{{ end }} 23 | {{- end }} 24 | {{- range $key, $value := .Values.redis.config }} 25 | {{ $key }} {{ $value }} 26 | {{- end }} 27 | {{- if .Values.auth }} 28 | requirepass replace-default-auth 29 | masterauth replace-default-auth 30 | {{- end }} 31 | {{- end }} 32 | {{- end }} 33 | 34 | {{- define "config-sentinel.conf" }} 35 | {{- if .Values.sentinel.customConfig }} 36 | {{ tpl .Values.sentinel.customConfig . | indent 4 }} 37 | {{- else }} 38 | dir "/data" 39 | port {{ .Values.sentinel.port }} 40 | {{- if .Values.sentinel.tlsPort }} 41 | tls-port {{ .Values.sentinel.tlsPort }} 42 | tls-cert-file /tls-certs/{{ .Values.tls.certFile }} 43 | tls-key-file /tls-certs/{{ .Values.tls.keyFile }} 44 | {{- if .Values.tls.dhParamsFile }} 45 | tls-dh-params-file /tls-certs/{{ .Values.tls.dhParamsFile }} 46 | {{- end }} 47 | {{- if .Values.tls.caCertFile }} 48 | tls-ca-cert-file /tls-certs/{{ .Values.tls.caCertFile }} 49 | {{- end }} 50 | {{- if eq (default "yes" .Values.sentinel.authClients) "no"}} 51 | tls-auth-clients no 52 | {{- end }} 53 | tls-replication {{ if .Values.sentinel.tlsReplication }}yes{{ else }}no{{ end }} 54 | {{- end }} 55 | {{- range $key, $value := .Values.sentinel.config }} 56 | {{- if eq "maxclients" $key }} 57 | {{ $key }} {{ $value }} 58 | {{- else }} 59 | sentinel {{ $key }} {{ template "redis-ha.masterGroupName" $ }} {{ $value }} 60 | {{- end }} 61 | {{- end }} 62 | {{- if .Values.auth }} 63 | sentinel auth-pass {{ template "redis-ha.masterGroupName" . }} replace-default-auth 64 | {{- if .Values.sentinel.auth }} 65 | requirepass replace-default-sentinel-auth 66 | {{- end }} 67 | {{- end }} 68 | {{- end }} 69 | {{- end }} 70 | 71 | {{- define "config-init.sh" }} 72 | echo "$(date) Start..." 73 | HOSTNAME="$(hostname)" 74 | {{- if .Values.ro_replicas }} 75 | RO_REPLICAS="{{ .Values.ro_replicas }}" 76 | {{- end }} 77 | INDEX="${HOSTNAME##*-}" 78 | SENTINEL_PORT={{ .Values.sentinel.port }} 79 | MASTER='' 80 | MASTER_GROUP="{{ template "redis-ha.masterGroupName" . }}" 81 | QUORUM="{{ .Values.sentinel.quorum }}" 82 | REDIS_CONF=/data/conf/redis.conf 83 | REDIS_PORT={{ .Values.redis.port }} 84 | REDIS_TLS_PORT={{ .Values.redis.tlsPort }} 85 | SENTINEL_CONF=/data/conf/sentinel.conf 86 | SENTINEL_TLS_PORT={{ .Values.sentinel.tlsPort }} 87 | SERVICE={{ template "redis-ha.fullname" . }} 88 | SENTINEL_TLS_REPLICATION_ENABLED={{ default false .Values.sentinel.tlsReplication }} 89 | REDIS_TLS_REPLICATION_ENABLED={{ default false .Values.redis.tlsReplication }} 90 | set -eu 91 | 92 | sentinel_get_master() { 93 | set +e 94 | if [ "$SENTINEL_PORT" -eq 0 ]; then 95 | redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" {{ if .Values.sentinel.auth }} -a "${SENTINELAUTH}"{{ end }} {{ if ne (default "yes" .Values.sentinel.authClients) "no"}} --tls --cacert /tls-certs/{{ .Values.tls.caCertFile }} --cert /tls-certs/{{ .Values.tls.certFile }} --key /tls-certs/{{ .Values.tls.keyFile }}{{ end }} sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ 96 | grep -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' 97 | else 98 | redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}" {{ if .Values.sentinel.auth }} -a "${SENTINELAUTH}"{{ end }} sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ 99 | grep -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' 100 | fi 101 | set -e 102 | } 103 | 104 | sentinel_get_master_retry() { 105 | master='' 106 | retry=${1} 107 | sleep=3 108 | for i in $(seq 1 "${retry}"); do 109 | master=$(sentinel_get_master) 110 | if [ -n "${master}" ]; then 111 | break 112 | fi 113 | sleep $((sleep + i)) 114 | done 115 | echo "${master}" 116 | } 117 | 118 | identify_master() { 119 | echo "Identifying redis master (get-master-addr-by-name).." 120 | echo " using sentinel ({{ template "redis-ha.fullname" . }}), sentinel group name ({{ .Values.redis.masterGroupName }})" 121 | echo " $(date).." 122 | MASTER="$(sentinel_get_master_retry 3)" 123 | if [ -n "${MASTER}" ]; then 124 | echo " $(date) Found redis master (${MASTER})" 125 | else 126 | echo " $(date) Did not find redis master (${MASTER})" 127 | fi 128 | } 129 | 130 | sentinel_update() { 131 | echo "Updating sentinel config.." 132 | echo " evaluating sentinel id (\${SENTINEL_ID_${INDEX}})" 133 | eval MY_SENTINEL_ID="\$SENTINEL_ID_${INDEX}" 134 | echo " sentinel id (${MY_SENTINEL_ID}), sentinel grp (${MASTER_GROUP}), quorum (${QUORUM})" 135 | sed -i "1s/^/sentinel myid ${MY_SENTINEL_ID}\\n/" "${SENTINEL_CONF}" 136 | if [ "$SENTINEL_TLS_REPLICATION_ENABLED" = true ]; then 137 | echo " redis master (${1}:${REDIS_TLS_PORT})" 138 | sed -i "2s/^/sentinel monitor ${MASTER_GROUP} ${1} ${REDIS_TLS_PORT} ${QUORUM} \\n/" "${SENTINEL_CONF}" 139 | else 140 | echo " redis master (${1}:${REDIS_PORT})" 141 | sed -i "2s/^/sentinel monitor ${MASTER_GROUP} ${1} ${REDIS_PORT} ${QUORUM} \\n/" "${SENTINEL_CONF}" 142 | fi 143 | echo "sentinel announce-ip ${ANNOUNCE_IP}" >> ${SENTINEL_CONF} 144 | if [ "$SENTINEL_PORT" -eq 0 ]; then 145 | echo " announce (${ANNOUNCE_IP}:${SENTINEL_TLS_PORT})" 146 | echo "sentinel announce-port ${SENTINEL_TLS_PORT}" >> ${SENTINEL_CONF} 147 | else 148 | echo " announce (${ANNOUNCE_IP}:${SENTINEL_PORT})" 149 | echo "sentinel announce-port ${SENTINEL_PORT}" >> ${SENTINEL_CONF} 150 | fi 151 | } 152 | 153 | redis_update() { 154 | echo "Updating redis config.." 155 | if [ "$REDIS_TLS_REPLICATION_ENABLED" = true ]; then 156 | echo " we are slave of redis master (${1}:${REDIS_TLS_PORT})" 157 | echo "slaveof ${1} ${REDIS_TLS_PORT}" >> "${REDIS_CONF}" 158 | echo "slave-announce-port ${REDIS_TLS_PORT}" >> ${REDIS_CONF} 159 | else 160 | echo " we are slave of redis master (${1}:${REDIS_PORT})" 161 | echo "slaveof ${1} ${REDIS_PORT}" >> "${REDIS_CONF}" 162 | echo "slave-announce-port ${REDIS_PORT}" >> ${REDIS_CONF} 163 | fi 164 | echo "slave-announce-ip ${ANNOUNCE_IP}" >> ${REDIS_CONF} 165 | } 166 | 167 | copy_config() { 168 | echo "Copying default redis config.." 169 | echo " to '${REDIS_CONF}'" 170 | cp /readonly-config/redis.conf "${REDIS_CONF}" 171 | echo "Copying default sentinel config.." 172 | echo " to '${SENTINEL_CONF}'" 173 | cp /readonly-config/sentinel.conf "${SENTINEL_CONF}" 174 | } 175 | 176 | setup_defaults() { 177 | echo "Setting up defaults.." 178 | echo " using statefulset index (${INDEX})" 179 | if [ "${INDEX}" = "0" ]; then 180 | echo "Setting this pod as master for redis and sentinel.." 181 | echo " using announce (${ANNOUNCE_IP})" 182 | redis_update "${ANNOUNCE_IP}" 183 | sentinel_update "${ANNOUNCE_IP}" 184 | echo " make sure ${ANNOUNCE_IP} is not a slave (slaveof no one)" 185 | sed -i "s/^.*slaveof.*//" "${REDIS_CONF}" 186 | else 187 | echo "Getting redis master ip.." 188 | echo " blindly assuming (${SERVICE}-announce-0) or (${SERVICE}-server-0) are master" 189 | DEFAULT_MASTER="$(getent_hosts 0 | awk '{ print $1 }')" 190 | echo " identified redis (may be redis master) ip (${DEFAULT_MASTER})" 191 | if [ -z "${DEFAULT_MASTER}" ]; then 192 | echo "Error: Unable to resolve redis master (getent hosts)." 193 | exit 1 194 | fi 195 | echo "Setting default slave config for redis and sentinel.." 196 | echo " using master ip (${DEFAULT_MASTER})" 197 | redis_update "${DEFAULT_MASTER}" 198 | sentinel_update "${DEFAULT_MASTER}" 199 | fi 200 | } 201 | 202 | redis_ping() { 203 | set +e 204 | if [ "$REDIS_PORT" -eq 0 ]; then 205 | redis-cli -h "${MASTER}"{{ if .Values.auth }} -a "${AUTH}"{{ end }} -p "${REDIS_TLS_PORT}" {{ if ne (default "yes" .Values.sentinel.authClients) "no"}} --tls --cacert /tls-certs/{{ .Values.tls.caCertFile }} --cert /tls-certs/{{ .Values.tls.certFile }} --key /tls-certs/{{ .Values.tls.keyFile }}{{ end }} ping 206 | else 207 | redis-cli -h "${MASTER}"{{ if .Values.auth }} -a "${AUTH}"{{ end }} -p "${REDIS_PORT}" ping 208 | fi 209 | set -e 210 | } 211 | 212 | redis_ping_retry() { 213 | ping='' 214 | retry=${1} 215 | sleep=3 216 | for i in $(seq 1 "${retry}"); do 217 | if [ "$(redis_ping)" = "PONG" ]; then 218 | ping='PONG' 219 | break 220 | fi 221 | sleep $((sleep + i)) 222 | MASTER=$(sentinel_get_master) 223 | done 224 | echo "${ping}" 225 | } 226 | 227 | find_master() { 228 | echo "Verifying redis master.." 229 | if [ "$REDIS_PORT" -eq 0 ]; then 230 | echo " ping (${MASTER}:${REDIS_TLS_PORT})" 231 | else 232 | echo " ping (${MASTER}:${REDIS_PORT})" 233 | fi 234 | echo " $(date).." 235 | if [ "$(redis_ping_retry 3)" != "PONG" ]; then 236 | echo " $(date) Can't ping redis master (${MASTER})" 237 | echo "Attempting to force failover (sentinel failover).." 238 | 239 | if [ "$SENTINEL_PORT" -eq 0 ]; then 240 | echo " on sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})" 241 | echo " $(date).." 242 | if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" {{ if .Values.sentinel.auth }} -a "${SENTINELAUTH}"{{ end }} {{ if ne (default "yes" .Values.sentinel.authClients) "no"}} --tls --cacert /tls-certs/{{ .Values.tls.caCertFile }} --cert /tls-certs/{{ .Values.tls.certFile }} --key /tls-certs/{{ .Values.tls.keyFile }}{{ end }} sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then 243 | echo " $(date) Failover returned with 'NOGOODSLAVE'" 244 | echo "Setting defaults for this pod.." 245 | setup_defaults 246 | return 0 247 | fi 248 | else 249 | echo " on sentinel (${SERVICE}:${SENTINEL_PORT}), sentinel grp (${MASTER_GROUP})" 250 | echo " $(date).." 251 | if redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}" {{ if .Values.sentinel.auth }} -a "${SENTINELAUTH}"{{ end }} sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then 252 | echo " $(date) Failover returned with 'NOGOODSLAVE'" 253 | echo "Setting defaults for this pod.." 254 | setup_defaults 255 | return 0 256 | fi 257 | fi 258 | 259 | echo "Hold on for 10sec" 260 | sleep 10 261 | echo "We should get redis master's ip now. Asking (get-master-addr-by-name).." 262 | if [ "$SENTINEL_PORT" -eq 0 ]; then 263 | echo " sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})" 264 | else 265 | echo " sentinel (${SERVICE}:${SENTINEL_PORT}), sentinel grp (${MASTER_GROUP})" 266 | fi 267 | echo " $(date).." 268 | MASTER="$(sentinel_get_master)" 269 | if [ "${MASTER}" ]; then 270 | echo " $(date) Found redis master (${MASTER})" 271 | echo "Updating redis and sentinel config.." 272 | sentinel_update "${MASTER}" 273 | redis_update "${MASTER}" 274 | else 275 | echo "$(date) Error: Could not failover, exiting..." 276 | exit 1 277 | fi 278 | else 279 | echo " $(date) Found reachable redis master (${MASTER})" 280 | echo "Updating redis and sentinel config.." 281 | sentinel_update "${MASTER}" 282 | redis_update "${MASTER}" 283 | fi 284 | } 285 | 286 | redis_ro_update() { 287 | echo "Updating read-only redis config.." 288 | echo " redis.conf set 'replica-priority 0'" 289 | echo "replica-priority 0" >> ${REDIS_CONF} 290 | } 291 | 292 | getent_hosts() { 293 | index=${1:-${INDEX}} 294 | service="${SERVICE}-announce-${index}" 295 | pod="${SERVICE}-server-${index}" 296 | host=$(getent hosts "${service}") 297 | if [ -z "${host}" ]; then 298 | host=$(getent hosts "${pod}") 299 | fi 300 | echo "${host}" 301 | } 302 | 303 | mkdir -p /data/conf/ 304 | 305 | echo "Initializing config.." 306 | copy_config 307 | 308 | # where is redis master 309 | identify_master 310 | 311 | echo "Identify announce ip for this pod.." 312 | echo " using (${SERVICE}-announce-${INDEX}) or (${SERVICE}-server-${INDEX})" 313 | ANNOUNCE_IP=$(getent_hosts | awk '{ print $1 }') 314 | echo " identified announce (${ANNOUNCE_IP})" 315 | if [ -z "${ANNOUNCE_IP}" ]; then 316 | "Error: Could not resolve the announce ip for this pod." 317 | exit 1 318 | elif [ "${MASTER}" ]; then 319 | find_master 320 | else 321 | setup_defaults 322 | fi 323 | 324 | {{- if .Values.ro_replicas }} 325 | # works only if index is less than 10 326 | echo "Verifying redis read-only replica.." 327 | echo " we have RO_REPLICAS='${RO_REPLICAS}' with INDEX='${INDEX}'" 328 | if echo "${RO_REPLICAS}" | grep -q "${INDEX}" ; then 329 | redis_ro_update 330 | fi 331 | {{- end }} 332 | 333 | if [ "${AUTH:-}" ]; then 334 | echo "Setting redis auth values.." 335 | ESCAPED_AUTH=$(echo "${AUTH}" | sed -e 's/[\/&]/\\&/g'); 336 | sed -i "s/replace-default-auth/${ESCAPED_AUTH}/" "${REDIS_CONF}" "${SENTINEL_CONF}" 337 | fi 338 | 339 | if [ "${SENTINELAUTH:-}" ]; then 340 | echo "Setting sentinel auth values" 341 | ESCAPED_AUTH_SENTINEL=$(echo "$SENTINELAUTH" | sed -e 's/[\/&]/\\&/g'); 342 | sed -i "s/replace-default-sentinel-auth/${ESCAPED_AUTH_SENTINEL}/" "$SENTINEL_CONF" 343 | fi 344 | 345 | echo "$(date) Ready..." 346 | {{- end }} 347 | 348 | {{- define "config-haproxy.cfg" }} 349 | {{- if .Values.haproxy.customConfig }} 350 | {{ tpl .Values.haproxy.customConfig . | indent 4 }} 351 | {{- else }} 352 | defaults REDIS 353 | mode tcp 354 | timeout connect {{ .Values.haproxy.timeout.connect }} 355 | timeout server {{ .Values.haproxy.timeout.server }} 356 | timeout client {{ .Values.haproxy.timeout.client }} 357 | timeout check {{ .Values.haproxy.timeout.check }} 358 | 359 | listen health_check_http_url 360 | bind :8888 361 | mode http 362 | monitor-uri /healthz 363 | option dontlognull 364 | 365 | {{- $root := . }} 366 | {{- $fullName := include "redis-ha.fullname" . }} 367 | {{- $replicas := int (toString .Values.replicas) }} 368 | {{- $masterGroupName := include "redis-ha.masterGroupName" . }} 369 | {{- range $i := until $replicas }} 370 | # Check Sentinel and whether they are nominated master 371 | backend check_if_redis_is_master_{{ $i }} 372 | mode tcp 373 | option tcp-check 374 | tcp-check connect 375 | {{- if $root.auth }} 376 | tcp-check send AUTH\ {{ $root.redisPassword }}\r\n 377 | tcp-check expect string +OK 378 | {{- end }} 379 | tcp-check send PING\r\n 380 | tcp-check expect string +PONG 381 | tcp-check send SENTINEL\ get-master-addr-by-name\ {{ $masterGroupName }}\r\n 382 | tcp-check expect string REPLACE_ANNOUNCE{{ $i }} 383 | tcp-check send QUIT\r\n 384 | tcp-check expect string +OK 385 | {{- range $i := until $replicas }} 386 | server R{{ $i }} {{ $fullName }}-announce-{{ $i }}:26379 check inter 1s 387 | {{- end }} 388 | {{- end }} 389 | 390 | # decide redis backend to use 391 | #master 392 | frontend ft_redis_master 393 | bind *:{{ $root.Values.redis.port }} 394 | use_backend bk_redis_master 395 | {{- if .Values.haproxy.readOnly.enabled }} 396 | #slave 397 | frontend ft_redis_slave 398 | bind *:{{ .Values.haproxy.readOnly.port }} 399 | use_backend bk_redis_slave 400 | {{- end }} 401 | # Check all redis servers to see if they think they are master 402 | backend bk_redis_master 403 | {{- if .Values.haproxy.stickyBalancing }} 404 | balance source 405 | hash-type consistent 406 | {{- end }} 407 | mode tcp 408 | option tcp-check 409 | tcp-check connect 410 | {{- if .Values.auth }} 411 | tcp-check send AUTH\ REPLACE_AUTH_SECRET\r\n 412 | tcp-check expect string +OK 413 | {{- end }} 414 | tcp-check send PING\r\n 415 | tcp-check expect string +PONG 416 | tcp-check send info\ replication\r\n 417 | tcp-check expect string role:master 418 | tcp-check send QUIT\r\n 419 | tcp-check expect string +OK 420 | {{- range $i := until $replicas }} 421 | use-server R{{ $i }} if { srv_is_up(R{{ $i }}) } { nbsrv(check_if_redis_is_master_{{ $i }}) ge 2 } 422 | server R{{ $i }} {{ $fullName }}-announce-{{ $i }}:{{ $root.Values.redis.port }} check inter 1s fall 1 rise 1 423 | {{- end }} 424 | {{- if .Values.haproxy.readOnly.enabled }} 425 | backend bk_redis_slave 426 | {{- if .Values.haproxy.stickyBalancing }} 427 | balance source 428 | hash-type consistent 429 | {{- end }} 430 | mode tcp 431 | option tcp-check 432 | tcp-check connect 433 | {{- if .Values.auth }} 434 | tcp-check send AUTH\ REPLACE_AUTH_SECRET\r\n 435 | tcp-check expect string +OK 436 | {{- end }} 437 | tcp-check send PING\r\n 438 | tcp-check expect string +PONG 439 | tcp-check send info\ replication\r\n 440 | tcp-check expect string role:slave 441 | tcp-check send QUIT\r\n 442 | tcp-check expect string +OK 443 | {{- range $i := until $replicas }} 444 | server R{{ $i }} {{ $fullName }}-announce-{{ $i }}:{{ $root.Values.redis.port }} check inter 1s fall 1 rise 1 445 | {{- end }} 446 | {{- end }} 447 | {{- if .Values.haproxy.metrics.enabled }} 448 | frontend metrics 449 | mode http 450 | bind *:{{ .Values.haproxy.metrics.port }} 451 | option http-use-htx 452 | http-request use-service prometheus-exporter if { path {{ .Values.haproxy.metrics.scrapePath }} } 453 | {{- end }} 454 | {{- if .Values.haproxy.extraConfig }} 455 | # Additional configuration 456 | {{ .Values.haproxy.extraConfig | indent 4 }} 457 | {{- end }} 458 | {{- end }} 459 | {{- end }} 460 | 461 | 462 | {{- define "config-haproxy_init.sh" }} 463 | HAPROXY_CONF=/data/haproxy.cfg 464 | cp /readonly/haproxy.cfg "$HAPROXY_CONF" 465 | {{- $fullName := include "redis-ha.fullname" . }} 466 | {{- $replicas := int (toString .Values.replicas) }} 467 | {{- range $i := until $replicas }} 468 | for loop in $(seq 1 10); do 469 | getent hosts {{ $fullName }}-announce-{{ $i }} && break 470 | echo "Waiting for service {{ $fullName }}-announce-{{ $i }} to be ready ($loop) ..." && sleep 1 471 | done 472 | ANNOUNCE_IP{{ $i }}=$(getent hosts "{{ $fullName }}-announce-{{ $i }}" | awk '{ print $1 }') 473 | if [ -z "$ANNOUNCE_IP{{ $i }}" ]; then 474 | echo "Could not resolve the announce ip for {{ $fullName }}-announce-{{ $i }}" 475 | exit 1 476 | fi 477 | sed -i "s/REPLACE_ANNOUNCE{{ $i }}/$ANNOUNCE_IP{{ $i }}/" "$HAPROXY_CONF" 478 | 479 | if [ "${AUTH:-}" ]; then 480 | echo "Setting auth values" 481 | ESCAPED_AUTH=$(echo "$AUTH" | sed -e 's/[\/&]/\\&/g'); 482 | sed -i "s/REPLACE_AUTH_SECRET/${ESCAPED_AUTH}/" "$HAPROXY_CONF" 483 | fi 484 | {{- end }} 485 | {{- end }} 486 | 487 | {{- define "redis_liveness.sh" }} 488 | {{- if not (ne (int .Values.sentinel.port) 0) }} 489 | TLS_CLIENT_OPTION="--tls --cacert /tls-certs/{{ .Values.tls.caCertFile }} --cert /tls-certs/{{ .Values.tls.certFile }} --key /tls-certs/{{ .Values.tls.keyFile }}" 490 | {{- end }} 491 | response=$( 492 | redis-cli \ 493 | {{- if .Values.auth }} 494 | -a "${AUTH}" --no-auth-warning \ 495 | {{- end }} 496 | -h localhost \ 497 | {{- if ne (int .Values.redis.port) 0 }} 498 | -p {{ .Values.redis.port }} \ 499 | {{- else }} 500 | -p {{ .Values.redis.tlsPort }} ${TLS_CLIENT_OPTION} \ 501 | {{- end}} 502 | ping 503 | ) 504 | if [ "$response" != "PONG" ]; then 505 | echo "$response" 506 | exit 1 507 | fi 508 | echo "response=$response" 509 | {{- end }} 510 | 511 | {{- define "sentinel_liveness.sh" }} 512 | {{- if not (ne (int .Values.sentinel.port) 0) }} 513 | TLS_CLIENT_OPTION="--tls --cacert /tls-certs/{{ .Values.tls.caCertFile }} --cert /tls-certs/{{ .Values.tls.certFile }} --key /tls-certs/{{ .Values.tls.keyFile }}" 514 | {{- end }} 515 | response=$( 516 | redis-cli \ 517 | {{- if .Values.auth }} 518 | -a "${SENTINELAUTH}" --no-auth-warning \ 519 | {{- end }} 520 | -h localhost \ 521 | {{- if ne (int .Values.sentinel.port) 0 }} 522 | -p {{ .Values.sentinel.port }} \ 523 | {{- else }} 524 | -p {{ .Values.sentinel.tlsPort }} ${TLS_CLIENT_OPTION} \ 525 | {{- end}} 526 | ping 527 | ) 528 | if [ "$response" != "PONG" ]; then 529 | echo "$response" 530 | exit 1 531 | fi 532 | echo "response=$response" 533 | {{- end }} 534 | 535 | --------------------------------------------------------------------------------