argoproj · tduverge · May 12, 2024 · Sep 8, 2024 · Oct 2, 2024 · Oct 4, 2024
@@ -3,7 +3,7 @@ appVersion: v2.12.4
 kubeVersion: ">=1.25.0-0"
 description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
 name: argo-cd
-version: 7.6.8
+version: 7.7.0
 home: https://github.com/argoproj/argo-helm
 icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
 sources:
@@ -28,3 +28,9 @@ annotations:
   artifacthub.io/changes: |
     - kind: added
       description: Set affinity in redis secret-init job.
+    - kind: added
+      description: Capability to deploy gateway
+    - kind: added
+      description: Capability to deploy gateway http route
+    - kind: added
+      description: Specific GKE gateway objects
@@ -1025,6 +1025,33 @@ NAME: my-release
 | server.extensions.resources | object | `{}` | Resource limits and requests for the argocd-extensions container |
 | server.extraArgs | list | `[]` | Additional command line arguments to pass to Argo CD server |
 | server.extraContainers | list | `[]` | Additional containers to be added to the server pod |
+| server.gateway.annotations | object | `{}` | Additional gateway annotations |
+| server.gateway.controller | string | `"None"` | Specific implementation for gateway controller. Only `None` and `gke` are supported. |
+| server.gateway.enabled | bool | `false` | enable a gateway resource for ArgoCD |
+| server.gateway.gatewayClassName | string | `""` (See [values.yaml]) | Getaway class name |
+| server.gateway.gke.GCPBackendPolicy.annotations | object | `{}` (See [values.yaml]) | Additional backend policy annotations |
+| server.gateway.gke.GCPBackendPolicy.labels | object | `{}` (See [values.yaml]) | Additional backend policy labels |
+| server.gateway.gke.GCPBackendPolicy.spec.default | object | `{}` (See [values.yaml]) | Default spec for GCPBackendPolicy |
+| server.gateway.gke.GCPGatewayPolicy.annotations | object | `{}` (See [values.yaml]) | Additional gateway policy annotations |
+| server.gateway.gke.GCPGatewayPolicy.labels | object | `{}` (See [values.yaml]) | Additional gateway policy labels |
+| server.gateway.gke.GCPGatewayPolicy.spec.default | object | `{}` (See [values.yaml]) | Default spec for GCPGatewayPolicy |
+| server.gateway.gke.HealthCheckPolicy.annotations | object | `{}` (See [values.yaml]) | Additional heath check policy annotations |
+| server.gateway.gke.HealthCheckPolicy.labels | object | `{}` (See [values.yaml]) | Additional heath check policy labels |
+| server.gateway.gke.HealthCheckPolicy.spec.default | object | Logs enabled and Heath check on argo server service (See [values.yaml]) | Default spec for GCP HealthCheckPolicy |
+| server.gateway.httpRoute.annotations | object | `{}` (See [values.yaml]) | Additional route annotations |
+| server.gateway.httpRoute.enabled | string | Same value than server.gateway.enabled (See [values.yaml]) | Enable a Gateway HTTP route resources for the Argo CD server |
+| server.gateway.httpRoute.extraHosts | list | `[]` (See [values.yaml]) | The list of additional hostnames to be covered by API Gateway record |
+| server.gateway.httpRoute.extraPaths | list | `[]` (See [values.yaml]) | Additional API Gateway paths |
+| server.gateway.httpRoute.extraRules | list | `[]` (See [values.yaml]) | Additional routing rules |
+| server.gateway.httpRoute.gatewaySection | string | `""` (See [values.yaml]) | Defines which Gateway section will implement the resource |
+| server.gateway.httpRoute.hostname | string | `""` (defaults to global.domain) | Argo CD server hostname |
+| server.gateway.httpRoute.labels | object | `{}` (See [values.yaml]) | Additional route labels |
+| server.gateway.httpRoute.path | string | `/` (See [values.yaml]) | The path to Argo CD server |
+| server.gateway.httpRoute.pathType | string | `PathPrefix` (See [values.yaml]) | HTTP reoute path type. Either 'Exact' or `PathPrefix` |
+| server.gateway.labels | object | `{}` | Additional gateway labels |
+| server.gateway.listeners | list | Listen on http. | Gateway listeners |
+| server.gateway.name | string | `'{{ include "argo-cd.server.fullname" . }}'` (See [values.yaml]) | Name of the gateway |
+| server.gateway.namespace | string | `'{{ include  "argo-cd.namespace" . }}'` (See [values.yaml]) | Name of the namespace gateway |
 | server.hostNetwork | bool | `false` | Host Network for Server pods |
 | server.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the Argo CD server |
 | server.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the Argo CD server |

@@ -0,0 +1,49 @@
+{{- if eq (tpl (toString .Values.server.gateway.httpRoute.enabled) .) "true" }}
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: {{ include "argo-cd.server.fullname" . }}
+  namespace: {{ include  "argo-cd.namespace" . }}
+  labels:
+    {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
+    {{- with .Values.server.gateway.httpRoute.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.server.gateway.httpRoute.annotations }}
+  annotations:
+    {{- range $key, $value := . }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+  {{- end }}
+spec:
+  parentRefs:
+    - group: gateway.networking.k8s.io
+      kind: Gateway
+      name: {{ tpl (toString .Values.server.gateway.name) . }}
+      namespace: {{ tpl (toString .Values.server.gateway.namespace) . }}
+      {{- with .Values.server.gateway.httpRoute.gatewaySection }}
+      sectionName: {{ . }}
+      {{- end }}
+  hostnames:
+    - {{ .Values.server.gateway.httpRoute.hostname | default .Values.global.domain }}
+    {{- with .Values.server.gateway.httpRoute.extraHosts }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  rules:
+    {{- with .Values.server.gateway.httpRoute.extraRules }}
+      {{- tpl (toYaml .) $ | nindent 4 }}
+    {{- end }}
+    - matches:
+        - path:
+            type: {{ .Values.server.gateway.httpRoute.pathType }}
+            value: {{ .Values.server.gateway.httpRoute.path }}
+        {{- range .Values.server.gateway.httpRoute.extraPaths }}
+        - path:
+            type: {{ .type | default $.Values.server.gateway.httpRoute.pathType }}
+            value: {{ .value }}
+        {{- end }}
+      backendRefs:
+        - name: {{ include "argo-cd.server.fullname" . }}
+          port: {{ .Values.server.service.servicePortHttp }}
+          weight: 100
+{{- end }}
@@ -0,0 +1,27 @@
+{{- if and .Values.server.gateway.enabled (eq .Values.server.gateway.controller "gke") }}
+kind: Gateway
+apiVersion: gateway.networking.k8s.io/v1
+metadata:
+  name: {{ tpl (toString .Values.server.gateway.name) . }}
+  namespace: {{ tpl (toString .Values.server.gateway.namespace) . }}
+  labels:
+    {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
+    {{- with .Values.server.gateway.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.server.gateway.annotations }}
+  annotations:
+    {{- range $key, $value := . }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+  {{- end }}
+spec:
+  {{- if not .Values.server.gateway.gatewayClassName }}
+    {{- fail ".Values.server.gateway.gatewayClassName must be defined" }}
+  {{- end }}
+  gatewayClassName: {{ .Values.server.gateway.gatewayClassName }}
+  listeners:
+    {{- with .Values.server.gateway.listeners }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+{{- end }}
@@ -0,0 +1,27 @@
+{{- if and (eq .Values.server.gateway.controller "gke") (eq (tpl (toString .Values.server.gateway.httpRoute.enabled) .) "true") }}
+apiVersion: networking.gke.io/v1
+kind: GCPBackendPolicy
+metadata:
+  name: {{ include "argo-cd.server.fullname" . }}
+  namespace: {{ include  "argo-cd.namespace" . }}
+  labels:
+    {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
+    {{- with .Values.server.gateway.gke.GCPBackendPolicy.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.server.gateway.gke.GCPBackendPolicy.annotations }}
+  annotations:
+    {{- range $key, $value := . }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+  {{- end }}
+spec:
+  default:
+    {{- with .Values.server.gateway.gke.GCPBackendPolicy.spec.default }}
+      {{- tpl (toYaml .) $ | nindent 6 }}
+    {{- end }}
+  targetRef:
+    group: ""
+    kind: Service
+    name: {{ template "argo-cd.server.fullname" . }}
+{{- end }}
@@ -0,0 +1,27 @@
+{{- if and .Values.server.gateway.enabled (eq .Values.server.gateway.controller "gke") }}
+apiVersion: networking.gke.io/v1
+kind: GCPGatewayPolicy
+metadata:
+  name: {{ include "argo-cd.server.fullname" . }}
+  namespace: {{ tpl (toString .Values.server.gateway.namespace) . }}
+  labels:
+    {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
+    {{- with .Values.server.gateway.gke.GCPGatewayPolicy.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.server.gateway.gke.GCPGatewayPolicy.annotations }}
+  annotations:
+    {{- range $key, $value := . }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+  {{- end }}
+spec:
+  default:
+    {{- with .Values.server.gateway.gke.GCPGatewayPolicy.spec.default }}
+      {{- tpl (toYaml .) $ | nindent 6 }}
+    {{- end }}
+  targetRef:
+    group: gateway.networking.k8s.io
+    kind: Gateway
+    name: {{ tpl (toString .Values.server.gateway.name) . }}
+{{- end }}
@@ -0,0 +1,27 @@
+{{- if and (eq .Values.server.gateway.controller "gke") (eq (tpl (toString .Values.server.gateway.httpRoute.enabled) .) "true") }}
+apiVersion: networking.gke.io/v1
+kind: HealthCheckPolicy
+metadata:
+  name: {{ include "argo-cd.server.fullname" . }}
+  namespace: {{ include  "argo-cd.namespace" . }}
+  labels:
+    {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
+    {{- with .Values.server.gateway.gke.HealthCheckPolicy.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.server.gateway.gke.HealthCheckPolicy.annotations }}
+  annotations:
+    {{- range $key, $value := . }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+  {{- end }}
+spec:
+  default:
+    {{- with .Values.server.gateway.gke.HealthCheckPolicy.spec.default }}
+      {{- tpl (toYaml .) $ | nindent 6 }}
+    {{- end }}
+  targetRef:
+    group: ""
+    kind: Service
+    name: {{ template "argo-cd.server.fullname" . }}
+{{- end }}
@@ -2198,6 +2198,142 @@ server:
     # -- Automount API credentials for the Service Account
     automountServiceAccountToken: true
 
+  # Argo CD server Gateway API configuration
+  # NOTE: Alpha feature, gRPC & TLS pass-through will not work
+  gateway:
+    # -- enable a gateway resource for ArgoCD
+    ## Note: you can already have an existing Gateway and just wanted to add a route and backend policy to that Gateway, let false in that case
+    enabled: false
+    # -- Name of the gateway
+    # @default -- `'{{ include "argo-cd.server.fullname" . }}'` (See [values.yaml])
+    name: '{{ include "argo-cd.server.fullname" . }}'
+    # -- Name of the namespace gateway
+    # @default -- `'{{ include  "argo-cd.namespace" . }}'` (See [values.yaml])
+    namespace: '{{ include  "argo-cd.namespace" . }}'
+    # -- Specific implementation for gateway controller. Only `None` and `gke` are supported.
+    ## With `None`, the gateway is supposed to already exist and no specific object will be created
+    ## Additional configuration might be required in related configuration sections for `gke`
+    controller: None
+    # -- Additional gateway labels
+    labels: {}
+    # -- Additional gateway annotations
+    annotations: {}
+    #  networking.gke.io/certmap: "CERTIFICATE_MAP_NAME"
+
+    # -- Getaway class name
+    # @default -- `""` (See [values.yaml])
+    ## Example: gatewayClassName: gke-l7-global-external-managed
+    gatewayClassName: ""
+    # -- Gateway listeners
+    # @default -- Listen on http.
+    ## Notes: Enabled https required ssl configuration depending on your k8s environment
+    listeners:
+      - name: http
+        protocol: HTTP
+        port: 80
+        allowedRoutes:
+          namespaces:
+            from: Same
+      # - name: https
+      #   protocol: HTTPS
+      #   port: 443
+      #   allowedRoutes:
+      #     namespaces:
+      #       from: Same
+    gke:
+      GCPGatewayPolicy:
+        # -- Additional gateway policy labels
+        # @default -- `{}` (See [values.yaml])
+        labels: {}
+        # -- Additional gateway policy annotations
+        # @default -- `{}` (See [values.yaml])
+        annotations: {}
+        spec:
+          # -- Default spec for GCPGatewayPolicy
+          # @default -- `{}` (See [values.yaml])
+          default: {}
+      GCPBackendPolicy:
+        # -- Additional backend policy labels
+        # @default -- `{}` (See [values.yaml])
+        labels: {}
+        # -- Additional backend policy annotations
+        # @default -- `{}` (See [values.yaml])
+        annotations: {}
+        spec:
+          # -- Default spec for GCPBackendPolicy
+          # @default -- `{}` (See [values.yaml])
+          default: {}
+      HealthCheckPolicy:
+        # -- Additional heath check policy labels
+        # @default -- `{}` (See [values.yaml])
+        labels: {}
+        # -- Additional heath check policy annotations
+        # @default -- `{}` (See [values.yaml])
+        annotations: {}
+        spec:
+          # -- Default spec for GCP HealthCheckPolicy
+          # @default -- Logs enabled and Heath check on argo server service (See [values.yaml])
+          default:
+            logConfig:
+              enabled: true
+            config:
+              type: HTTP
+              httpHealthCheck:
+                port: 8080
+                requestPath: "/"
+    # Argo CD server Gateway API HTTPRoute configuration
+    # NOTE: Alpha feature, gRPC & TLS pass-through will not work
+    httpRoute:
+      # -- Enable a Gateway HTTP route resources for the Argo CD server
+      # @default -- Same value than server.gateway.enabled (See [values.yaml])
+      enabled: "{{ .Values.server.gateway.enabled }}"
+      # -- Additional route labels
+      # @default -- `{}` (See [values.yaml])
+      labels: {}
+      # -- Additional route annotations
+      # @default -- `{}` (See [values.yaml])
+      annotations: {}
+
+      # -- Defines which Gateway section will implement the resource
+      # @default -- `""` (See [values.yaml])
+      gatewaySection: ""
+
+      # -- Argo CD server hostname
+      # @default -- `""` (defaults to global.domain)
+      hostname: ""
+
+      # -- The path to Argo CD server
+      # @default -- `/` (See [values.yaml])
+      path: /
+
+      # -- HTTP reoute path type. Either 'Exact' or `PathPrefix`
+      # @default -- `PathPrefix` (See [values.yaml])
+      pathType: PathPrefix
+
+      # -- The list of additional hostnames to be covered by API Gateway record
+      # @default -- `[]` (See [values.yaml])
+      extraHosts: []
+
+      # -- Additional API Gateway paths
+      # @default -- `[]` (See [values.yaml])
+      ## Note: Supports use of custom Helm templates
+      extraPaths: []
+        # - type: PathPrefix
+        #   value: /*
+
+      # -- Additional routing rules
+      # @default -- `[]` (See [values.yaml])
+      ## Note: Supports use of custom Helm templates
+      extraRules: []
+        # - matches:
+        #   - path:
+        #       type: PathPrefix
+        #       value: /
+        #     backendRefs:
+        #       - name: '{{ include "argo-cd.server.fullname" . }}'
+        #         port: '{{ .Values.server.service.servicePortHttpName }}'
+
+
   # Argo CD server ingress configuration
   ingress:
     # -- Enable an ingress resource for the Argo CD server