diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 4a70abc47..503aa36a0 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v2.12.4 kubeVersion: ">=1.25.0-0" description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 7.6.8 +version: 7.7.0 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png sources: @@ -28,3 +28,9 @@ annotations: artifacthub.io/changes: | - kind: added description: Set affinity in redis secret-init job. + - kind: added + description: Capability to deploy gateway + - kind: added + description: Capability to deploy gateway http route + - kind: added + description: Specific GKE gateway objects diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index f0d146b15..cfacfb1d2 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -1025,6 +1025,33 @@ NAME: my-release | server.extensions.resources | object | `{}` | Resource limits and requests for the argocd-extensions container | | server.extraArgs | list | `[]` | Additional command line arguments to pass to Argo CD server | | server.extraContainers | list | `[]` | Additional containers to be added to the server pod | +| server.gateway.annotations | object | `{}` | Additional gateway annotations | +| server.gateway.controller | string | `"None"` | Specific implementation for gateway controller. Only `None` and `gke` are supported. | +| server.gateway.enabled | bool | `false` | enable a gateway resource for ArgoCD | +| server.gateway.gatewayClassName | string | `""` (See [values.yaml]) | Getaway class name | +| server.gateway.gke.GCPBackendPolicy.annotations | object | `{}` (See [values.yaml]) | Additional backend policy annotations | +| server.gateway.gke.GCPBackendPolicy.labels | object | `{}` (See [values.yaml]) | Additional backend policy labels | +| server.gateway.gke.GCPBackendPolicy.spec.default | object | `{}` (See [values.yaml]) | Default spec for GCPBackendPolicy | +| server.gateway.gke.GCPGatewayPolicy.annotations | object | `{}` (See [values.yaml]) | Additional gateway policy annotations | +| server.gateway.gke.GCPGatewayPolicy.labels | object | `{}` (See [values.yaml]) | Additional gateway policy labels | +| server.gateway.gke.GCPGatewayPolicy.spec.default | object | `{}` (See [values.yaml]) | Default spec for GCPGatewayPolicy | +| server.gateway.gke.HealthCheckPolicy.annotations | object | `{}` (See [values.yaml]) | Additional heath check policy annotations | +| server.gateway.gke.HealthCheckPolicy.labels | object | `{}` (See [values.yaml]) | Additional heath check policy labels | +| server.gateway.gke.HealthCheckPolicy.spec.default | object | Logs enabled and Heath check on argo server service (See [values.yaml]) | Default spec for GCP HealthCheckPolicy | +| server.gateway.httpRoute.annotations | object | `{}` (See [values.yaml]) | Additional route annotations | +| server.gateway.httpRoute.enabled | string | Same value than server.gateway.enabled (See [values.yaml]) | Enable a Gateway HTTP route resources for the Argo CD server | +| server.gateway.httpRoute.extraHosts | list | `[]` (See [values.yaml]) | The list of additional hostnames to be covered by API Gateway record | +| server.gateway.httpRoute.extraPaths | list | `[]` (See [values.yaml]) | Additional API Gateway paths | +| server.gateway.httpRoute.extraRules | list | `[]` (See [values.yaml]) | Additional routing rules | +| server.gateway.httpRoute.gatewaySection | string | `""` (See [values.yaml]) | Defines which Gateway section will implement the resource | +| server.gateway.httpRoute.hostname | string | `""` (defaults to global.domain) | Argo CD server hostname | +| server.gateway.httpRoute.labels | object | `{}` (See [values.yaml]) | Additional route labels | +| server.gateway.httpRoute.path | string | `/` (See [values.yaml]) | The path to Argo CD server | +| server.gateway.httpRoute.pathType | string | `PathPrefix` (See [values.yaml]) | HTTP reoute path type. Either 'Exact' or `PathPrefix` | +| server.gateway.labels | object | `{}` | Additional gateway labels | +| server.gateway.listeners | list | Listen on http. | Gateway listeners | +| server.gateway.name | string | `'{{ include "argo-cd.server.fullname" . }}'` (See [values.yaml]) | Name of the gateway | +| server.gateway.namespace | string | `'{{ include "argo-cd.namespace" . }}'` (See [values.yaml]) | Name of the namespace gateway | | server.hostNetwork | bool | `false` | Host Network for Server pods | | server.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the Argo CD server | | server.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the Argo CD server | diff --git a/charts/argo-cd/templates/argocd-server/gateway-httproute.yaml b/charts/argo-cd/templates/argocd-server/gateway-httproute.yaml new file mode 100644 index 000000000..d3d8bca10 --- /dev/null +++ b/charts/argo-cd/templates/argocd-server/gateway-httproute.yaml @@ -0,0 +1,49 @@ +{{- if eq (tpl (toString .Values.server.gateway.httpRoute.enabled) .) "true" }} +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + {{- with .Values.server.gateway.httpRoute.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.server.gateway.httpRoute.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + parentRefs: + - group: gateway.networking.k8s.io + kind: Gateway + name: {{ tpl (toString .Values.server.gateway.name) . }} + namespace: {{ tpl (toString .Values.server.gateway.namespace) . }} + {{- with .Values.server.gateway.httpRoute.gatewaySection }} + sectionName: {{ . }} + {{- end }} + hostnames: + - {{ .Values.server.gateway.httpRoute.hostname | default .Values.global.domain }} + {{- with .Values.server.gateway.httpRoute.extraHosts }} + {{- toYaml . | nindent 4 }} + {{- end }} + rules: + {{- with .Values.server.gateway.httpRoute.extraRules }} + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} + - matches: + - path: + type: {{ .Values.server.gateway.httpRoute.pathType }} + value: {{ .Values.server.gateway.httpRoute.path }} + {{- range .Values.server.gateway.httpRoute.extraPaths }} + - path: + type: {{ .type | default $.Values.server.gateway.httpRoute.pathType }} + value: {{ .value }} + {{- end }} + backendRefs: + - name: {{ include "argo-cd.server.fullname" . }} + port: {{ .Values.server.service.servicePortHttp }} + weight: 100 +{{- end }} diff --git a/charts/argo-cd/templates/argocd-server/gateway.yaml b/charts/argo-cd/templates/argocd-server/gateway.yaml new file mode 100644 index 000000000..468384a71 --- /dev/null +++ b/charts/argo-cd/templates/argocd-server/gateway.yaml @@ -0,0 +1,27 @@ +{{- if and .Values.server.gateway.enabled (eq .Values.server.gateway.controller "gke") }} +kind: Gateway +apiVersion: gateway.networking.k8s.io/v1 +metadata: + name: {{ tpl (toString .Values.server.gateway.name) . }} + namespace: {{ tpl (toString .Values.server.gateway.namespace) . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + {{- with .Values.server.gateway.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.server.gateway.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + {{- if not .Values.server.gateway.gatewayClassName }} + {{- fail ".Values.server.gateway.gatewayClassName must be defined" }} + {{- end }} + gatewayClassName: {{ .Values.server.gateway.gatewayClassName }} + listeners: + {{- with .Values.server.gateway.listeners }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-server/gke/backend-policy.yaml b/charts/argo-cd/templates/argocd-server/gke/backend-policy.yaml new file mode 100644 index 000000000..e8488a713 --- /dev/null +++ b/charts/argo-cd/templates/argocd-server/gke/backend-policy.yaml @@ -0,0 +1,27 @@ +{{- if and (eq .Values.server.gateway.controller "gke") (eq (tpl (toString .Values.server.gateway.httpRoute.enabled) .) "true") }} +apiVersion: networking.gke.io/v1 +kind: GCPBackendPolicy +metadata: + name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + {{- with .Values.server.gateway.gke.GCPBackendPolicy.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.server.gateway.gke.GCPBackendPolicy.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + default: + {{- with .Values.server.gateway.gke.GCPBackendPolicy.spec.default }} + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + targetRef: + group: "" + kind: Service + name: {{ template "argo-cd.server.fullname" . }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-server/gke/gateway-policy.yaml b/charts/argo-cd/templates/argocd-server/gke/gateway-policy.yaml new file mode 100644 index 000000000..9eb2dcda1 --- /dev/null +++ b/charts/argo-cd/templates/argocd-server/gke/gateway-policy.yaml @@ -0,0 +1,27 @@ +{{- if and .Values.server.gateway.enabled (eq .Values.server.gateway.controller "gke") }} +apiVersion: networking.gke.io/v1 +kind: GCPGatewayPolicy +metadata: + name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ tpl (toString .Values.server.gateway.namespace) . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + {{- with .Values.server.gateway.gke.GCPGatewayPolicy.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.server.gateway.gke.GCPGatewayPolicy.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + default: + {{- with .Values.server.gateway.gke.GCPGatewayPolicy.spec.default }} + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + targetRef: + group: gateway.networking.k8s.io + kind: Gateway + name: {{ tpl (toString .Values.server.gateway.name) . }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-server/gke/healthcheck-policy.yaml b/charts/argo-cd/templates/argocd-server/gke/healthcheck-policy.yaml new file mode 100644 index 000000000..0eb64cc95 --- /dev/null +++ b/charts/argo-cd/templates/argocd-server/gke/healthcheck-policy.yaml @@ -0,0 +1,27 @@ +{{- if and (eq .Values.server.gateway.controller "gke") (eq (tpl (toString .Values.server.gateway.httpRoute.enabled) .) "true") }} +apiVersion: networking.gke.io/v1 +kind: HealthCheckPolicy +metadata: + name: {{ include "argo-cd.server.fullname" . }} + namespace: {{ include "argo-cd.namespace" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }} + {{- with .Values.server.gateway.gke.HealthCheckPolicy.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.server.gateway.gke.HealthCheckPolicy.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +spec: + default: + {{- with .Values.server.gateway.gke.HealthCheckPolicy.spec.default }} + {{- tpl (toYaml .) $ | nindent 6 }} + {{- end }} + targetRef: + group: "" + kind: Service + name: {{ template "argo-cd.server.fullname" . }} +{{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index be3cec78d..9c9487be1 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -2198,6 +2198,142 @@ server: # -- Automount API credentials for the Service Account automountServiceAccountToken: true + # Argo CD server Gateway API configuration + # NOTE: Alpha feature, gRPC & TLS pass-through will not work + gateway: + # -- enable a gateway resource for ArgoCD + ## Note: you can already have an existing Gateway and just wanted to add a route and backend policy to that Gateway, let false in that case + enabled: false + # -- Name of the gateway + # @default -- `'{{ include "argo-cd.server.fullname" . }}'` (See [values.yaml]) + name: '{{ include "argo-cd.server.fullname" . }}' + # -- Name of the namespace gateway + # @default -- `'{{ include "argo-cd.namespace" . }}'` (See [values.yaml]) + namespace: '{{ include "argo-cd.namespace" . }}' + # -- Specific implementation for gateway controller. Only `None` and `gke` are supported. + ## With `None`, the gateway is supposed to already exist and no specific object will be created + ## Additional configuration might be required in related configuration sections for `gke` + controller: None + # -- Additional gateway labels + labels: {} + # -- Additional gateway annotations + annotations: {} + # networking.gke.io/certmap: "CERTIFICATE_MAP_NAME" + + # -- Getaway class name + # @default -- `""` (See [values.yaml]) + ## Example: gatewayClassName: gke-l7-global-external-managed + gatewayClassName: "" + # -- Gateway listeners + # @default -- Listen on http. + ## Notes: Enabled https required ssl configuration depending on your k8s environment + listeners: + - name: http + protocol: HTTP + port: 80 + allowedRoutes: + namespaces: + from: Same + # - name: https + # protocol: HTTPS + # port: 443 + # allowedRoutes: + # namespaces: + # from: Same + gke: + GCPGatewayPolicy: + # -- Additional gateway policy labels + # @default -- `{}` (See [values.yaml]) + labels: {} + # -- Additional gateway policy annotations + # @default -- `{}` (See [values.yaml]) + annotations: {} + spec: + # -- Default spec for GCPGatewayPolicy + # @default -- `{}` (See [values.yaml]) + default: {} + GCPBackendPolicy: + # -- Additional backend policy labels + # @default -- `{}` (See [values.yaml]) + labels: {} + # -- Additional backend policy annotations + # @default -- `{}` (See [values.yaml]) + annotations: {} + spec: + # -- Default spec for GCPBackendPolicy + # @default -- `{}` (See [values.yaml]) + default: {} + HealthCheckPolicy: + # -- Additional heath check policy labels + # @default -- `{}` (See [values.yaml]) + labels: {} + # -- Additional heath check policy annotations + # @default -- `{}` (See [values.yaml]) + annotations: {} + spec: + # -- Default spec for GCP HealthCheckPolicy + # @default -- Logs enabled and Heath check on argo server service (See [values.yaml]) + default: + logConfig: + enabled: true + config: + type: HTTP + httpHealthCheck: + port: 8080 + requestPath: "/" + # Argo CD server Gateway API HTTPRoute configuration + # NOTE: Alpha feature, gRPC & TLS pass-through will not work + httpRoute: + # -- Enable a Gateway HTTP route resources for the Argo CD server + # @default -- Same value than server.gateway.enabled (See [values.yaml]) + enabled: "{{ .Values.server.gateway.enabled }}" + # -- Additional route labels + # @default -- `{}` (See [values.yaml]) + labels: {} + # -- Additional route annotations + # @default -- `{}` (See [values.yaml]) + annotations: {} + + # -- Defines which Gateway section will implement the resource + # @default -- `""` (See [values.yaml]) + gatewaySection: "" + + # -- Argo CD server hostname + # @default -- `""` (defaults to global.domain) + hostname: "" + + # -- The path to Argo CD server + # @default -- `/` (See [values.yaml]) + path: / + + # -- HTTP reoute path type. Either 'Exact' or `PathPrefix` + # @default -- `PathPrefix` (See [values.yaml]) + pathType: PathPrefix + + # -- The list of additional hostnames to be covered by API Gateway record + # @default -- `[]` (See [values.yaml]) + extraHosts: [] + + # -- Additional API Gateway paths + # @default -- `[]` (See [values.yaml]) + ## Note: Supports use of custom Helm templates + extraPaths: [] + # - type: PathPrefix + # value: /* + + # -- Additional routing rules + # @default -- `[]` (See [values.yaml]) + ## Note: Supports use of custom Helm templates + extraRules: [] + # - matches: + # - path: + # type: PathPrefix + # value: / + # backendRefs: + # - name: '{{ include "argo-cd.server.fullname" . }}' + # port: '{{ .Values.server.service.servicePortHttpName }}' + + # Argo CD server ingress configuration ingress: # -- Enable an ingress resource for the Argo CD server