core/oc-k8s
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: core:5b90f637e342c6e93d11269ad6196d1acce42029
Branches Tags
core:main core:oc-front core:oc-auth core:openldap core:oryhydra core:mongo core:nats core:bootstraping
..
compare: core:main
Branches Tags
core:main core:oc-front core:oc-auth core:openldap core:oryhydra core:mongo core:nats core:bootstraping

18 Commits
5b90f637e3 ... main

Author SHA1 Message Date
mr
9f9b1849eb Update K8S to include an auto generator of values template 2025-11-12 13:13:43 +01:00
mr
7ad4bf0b5d add prometheus 2025-06-24 09:40:45 +02:00
mr
3ca23c0645 -openldap. 2025-04-01 10:20:55 +02:00
mr
8596fde233 Add import datas for K8s 2025-03-31 09:43:43 +02:00
mr
8487b3c43d scripted 2025-03-28 13:24:06 +01:00
mr
16eb38ca06 Add delete cluster 2025-03-27 13:18:24 +01:00
mr
cb3d135d6c adjustment script clone 2025-03-27 13:12:23 +01:00
mr
c79db0b3de adjust script 2025-03-27 13:10:23 +01:00
mr
4ef9bb399f Adjustments 2025-03-27 13:04:29 +01:00
plm
1ef92e5975 Fixing stuff for production deployment 2025-02-24 10:00:06 +01:00
plm
ab70717458 Updating procedure 2025-01-22 15:19:29 +01:00
plm
c36aead379 Fixing typo 2025-01-22 15:10:35 +01:00
plm
80ae0b79e7 add missing oc-shared 2025-01-22 15:08:18 +01:00
plm
f31c12a7b9 Updating doc, and deployment procedure 2025-01-22 14:21:31 +01:00
plm
30b04e62c0 Fixing oc-auth service, and hydra and keto integration 2025-01-21 15:25:25 +01:00
plm
2738dd614c Create service account for scheduler web service to enable workflow creation 2025-01-16 13:20:10 +01:00
plm
f6fa0e22d2 Integrating argo 2025-01-16 13:11:31 +01:00
plm
c66de05c57 scheduler, aggregator, discovery integration 2025-01-15 16:34:02 +01:00
219 changed files with 21299 additions and 189 deletions
Expand all files Collapse all files

4
.gitignore vendored
View File

@@ -1 +1,3 @@
opencloud/Chart.lock
opencloud/Chart.lock
deployed_config.sh
kind-logs

110
README.md
View File

@@ -6,28 +6,122 @@ or to ease opencloud dependencies (dex, mongo, mongo-express, ...) deployment.
Kind (https://kind.sigs.k8s.io/) is used here as a lightweight kubernetes deployment. Obviously, any kubenetes compliant
environment is a legitimate target.
HOW TO:
# Locally built microservices deployment procedure
1. Install kind
## Install OC-K8S
```
git clone https://cloud.o-forge.io/plm/oc-k8s.git
sudo cp oc-k8s.sh /usr/bin/oc-k8s
sudo chmod +x /usr/bin/oc-k8s
```
## Install kind
Follow instructions here https://kind.sigs.k8s.io/
2. Install helm
or
```
go install sigs.k8s.io/kind@v0.30.0 && kind create cluster
```
## Install helm
Download suitable helm client here https://helm.sh/docs/intro/install/
3. Fire up a kind cluster
## Resume for a first start
```
oc-k8s start
```
or
```
./oc-k8s.sh start
```
To stop :
```
oc-k8s stop
```
or
```
./oc-k8s.sh start
```
## Fire up a kind cluster
Execute following script
WARNING APACHE & NGINX ARE NOT RUNNING:
- `sudo /etc/init.d/apache2 stop`
- `sudo nginx -s stop`
Execute following script to create a single node development k8s cluster
```
create_kind_cluster.sh
oc-k8s create cluster
```
or
```
./oc-k8s.sh create cluster
```
It will create a *opencloud* docker container running kubernetes services.
4. Deploy the opencloud chart
## Build everything
You need to build and publish all the opencloud microservices images in the kind cluster before deploying the Helm package.
Proceed as following:
```
install_development.sh
oc-k8s build services [branch(default:mail)] [target(default:all)]
```
or
```
./oc-k8s.sh build services [branch(default:mail)] [target(default:all)]
```
## Deploy the opencloud chart
```
oc-k8s create helm [env(default:dev)]
```
or
```
./oc-k8s.sh create helm [env(default:dev)]
```
Feel free to modify/create a new opencloud/dev-values.yaml. Provided setup should work out of the box, but is not suitable for production usage.
## Hostname settings
Edit your /etc/hosts file, and add following line:
```
127.0.0.1 beta.opencloud.com
```
## Done
Everything should be operational now, go to http://beta.opencloud.com and enjoy the ride
# First steps
Go to http://beta.opencloud.com/users
Log in using default user/password combo ldapadmin/ldapadmin
Create a new user, or change the default one
Go to http://beta.opencloud.com
Log in using your fresh credentials
Do stuff
You can go to http://beta.opencloud.com/mongoexpress
... for mongo express web client access (default login/password is test/testme)
You can go to http://localhost/dashboard/
... for access to Traefik reverse proxy front-end

30
create_kind_cluster.sh
View File

@@ -1,30 +0,0 @@
cat <<EOF | kind create cluster --name opencloud --config=-
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
kubeadmConfigPatches:
- |
kind: InitConfiguration
nodeRegistration:
kubeletExtraArgs:
node-labels: "ingress-ready=true"
extraPortMappings:
- containerPort: 30950
hostPort: 80
protocol: TCP
- containerPort: 30951
hostPort: 443
protocol: TCP
containerdConfigPatches:
- |-
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."locahost:5000"]
endpoint = ["http://dev-docker-registry-ui-registry-server.opencloud.svc.cluster.local:5000"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."dev-docker-registry-ui-registry-server.opencloud.svc.cluster.local:5000"]
endpoint = ["http://dev-docker-registry-ui-registry-server.opencloud.svc.cluster.local:5000"]
[plugins."io.containerd.grpc.v1.cri".registry.configs."dev-docker-registry-ui-registry-server.opencloud.svc.cluster.local:5000".tls]
insecure_skip_verify = true
cert_file = ""
key_file = ""
ca_file = ""
EOF

19
deployed_config Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCVENDQWUyZ0F3SUJBZ0lJVTBLdTVWVUVnUDR3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TlRFeE1EWXdPVE0wTWpOYUZ3MHpOVEV4TURRd09UTTVNak5hTUJVeApFekFSQmdOVkJBTVRDbXQxWW1WeWJtVjBaWE13Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLCkFvSUJBUURMRVJ4QkdISURNVDJCL2dvQWovRUhxc0s0NVkrMW1jcVFDNUxON3J1N3dRV3ZvcHd1VmlkREh0Wm4KQUFRSGR3RDhCOENMeFhleHFJZU1pM3ppWm80UHBBQTRpVklubE5RVi81S3pKZUg1SFVwYXptUjJuTkhIUGFOcgpEY1BTM0VoejJSNDZYMzlsUEpld3doeXczNFZWUGR1NXA3QVd2UThtRjhxMDc1Mll0NVh0REpkWEhFVVNzR2gxClhpTGF5aVkxTDk3cnJyZGtQemluOGpWVnNFdWFqMXdyUGhuTzQ0elpmK3JpblYrVEM2MlRkdmZTQkJHQXQ1SmEKc2RnaVg4a1FVaDUzQ1J2bUVyRUxtZzVKVmVhNjc3TFFiVUZXNzFTRkRlZmFNaDBoNk1OVng2WkF2T1R0RGVFegp2SFhGYVN1WWU5NDdzYmtVVGEzZTB0MjdUTk10QWdNQkFBR2pXVEJYTUE0R0ExVWREd0VCL3dRRUF3SUNwREFQCkJnTlZIUk1CQWY4RUJUQURBUUgvTUIwR0ExVWREZ1FXQkJUUGVTQThBTXhwaGR5U05Yd3RORXRvaXk2bUtEQVYKQmdOVkhSRUVEakFNZ2dwcmRXSmxjbTVsZEdWek1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQVJaenhteFowagpCTTFSSFlJNDZrYzRoUFg2QXRJd0xPaUgvUWpkYlUwWDdqZFQzZWVPdGtTMm9SQmR0WThYbzFGVVJkUmdBc0YrClI1VDdOL0RZbFJRaWZaWTdQbDE0bzJmQWkxRG40cEhMQ3pWVzJaVUFSdDExY1p0Q1hZa3NTczJXdXV2SjRCVmIKY3FJYTUza3kza0tidm9keDRmOWFJU3lvTmx3YXZmYlNzU1BOTHVOb2VLaWg3SjdOTStBaElXblpxQU5JYWtEVgpnK0RVUi9EL1RjdHVvV3RHbVVrVnkvQWZldUt4VnpqNXhjSENleVBBaGRHUlBjVThLQTQzMHV4bW9hY2d5MG13CmtlQTB6RjJmNCtPT1JFa291MXBwMzFjYWxvSndNaEIwcXliQmxwcVFoNTI2aGdBQW1hZkFVSWhvY2liZzlLRDQKa2tUVURRbkVCNFVvCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
server: https://127.0.0.1:42767
name: kind-opencloud
contexts:
- context:
cluster: kind-opencloud
user: kind-opencloud
name: kind-opencloud
current-context: kind-opencloud
kind: Config
users:
- name: kind-opencloud
user:
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURLVENDQWhHZ0F3SUJBZ0lJU210V3NrK0RrcjB3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TlRFeE1EWXdPVE0wTWpOYUZ3MHlOakV4TURZd09UTTVNak5hTUR3eApIekFkQmdOVkJBb1RGbXQxWW1WaFpHMDZZMngxYzNSbGNpMWhaRzFwYm5NeEdUQVhCZ05WQkFNVEVHdDFZbVZ5CmJtVjBaWE10WVdSdGFXNHdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDNHEwUWIKeWFod3hMbnFyV05vRzYxcmVuc0Z3dE1XNXkzckxkeENLa3krYndpeGRjYjREQTRxU21KMU53dHo1UHMreTV1Rwo0RVRJRW9vTnZsZEtvQjhuZlBEdW44ZGd1cXdkZEdwOTRpbGJFRldoaExEeDR3VnRLQ2Y3cVZMN0VpUnFBRHFtCmYrcVlOa2FFd08xMnZoeTdCODFTdlNzQTZwQ29yOGVYL2k2K0diZGlHMGkxWGtEcFNWSGxBbE1WUlZEdUFydGwKQnZDVUdCRE5VdTBuenNKS3dkTFNsUG1RaUY3VTNwb3U4WHFRaGhvWlhFSWc4UkVpZ2FCRlJWd1dzaTRsWTlYQwp4Ym04VlpRbnFYL3NDemVma28vREtzSXJuN3VDYXpqczBJa1JyMmdXbE8wRmpkaGFocTdjYW12ZDZIaHRBMk56CkdiWHEwU0o4MVduYk1FcWxBZ01CQUFHalZqQlVNQTRHQTFVZER3RUIvd1FFQXdJRm9EQVRCZ05WSFNVRUREQUsKQmdnckJnRUZCUWNEQWpBTUJnTlZIUk1CQWY4RUFqQUFNQjhHQTFVZEl3UVlNQmFBRk05NUlEd0F6R21GM0pJMQpmQzAwUzJpTExxWW9NQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUJZaWNTTkd0cG1vOFVzVGlDc1FUVGJwTXZECmQ5V3RLeUVMdWNSMHdUN29ISkVMNU56OW9idWdmaS93ZFFUTzVualg3OFVNcXBnMEJiZHU0OGZSMXl1SWhSOVEKWVpPbEYzREwyRFhXeVJ5VU41QnJWYWhhVCtVMysvcjNWNmNnRHlrbGZ3NzQ2cFJweGJCMDZ2UUdsV3l5Smt3OQpyUjU3OFM5WTdPekZBL1B4cEp0T3prcFhVMFoxRWZ6SGhMc3UzT0J0WDZDWTRIa0JYNEpYaUwveldHRFdqWUtCClhqY3RRSlE3MzJ2c3FHbEpvR3pRNWEzN2NqbEFMV1doUWVJZXRoQm5sMFcvZUwva3czSzhMUXI0WG9OMVhwa3kKQVJ3Y3c3VVJ5UkFPanJYZTdaWnFJRk44NXdxQ0F3WFNCcU90M0Nld0pUMGNtampKNnpQaEs4Qnl6VTNjCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb2dJQkFBS0NBUUVBdUt0RUc4bW9jTVM1NnExamFCdXRhM3A3QmNMVEZ1Y3Q2eTNjUWlwTXZtOElzWFhHCitBd09La3BpZFRjTGMrVDdQc3ViaHVCRXlCS0tEYjVYU3FBZkozenc3cC9IWUxxc0hYUnFmZUlwV3hCVm9ZU3cKOGVNRmJTZ24rNmxTK3hJa2FnQTZwbi9xbURaR2hNRHRkcjRjdXdmTlVyMHJBT3FRcUsvSGwvNHV2aG0zWWh0SQp0VjVBNlVsUjVRSlRGVVZRN2dLN1pRYndsQmdRelZMdEo4N0NTc0hTMHBUNWtJaGUxTjZhTHZGNmtJWWFHVnhDCklQRVJJb0dnUlVWY0ZySXVKV1BWd3NXNXZGV1VKNmwvN0FzM241S1B3eXJDSzUrN2dtczQ3TkNKRWE5b0ZwVHQKQlkzWVdvYXUzR3ByM2VoNGJRTmpjeG0xNnRFaWZOVnAyekJLcFFJREFRQUJBb0lCQURzZzIxWHFZN3gzd08rYgpSTkQ0eTdZMktWM1cyNi9ocFpvL3ZONlNuSy84N1ZPazJtaGhzOGRtdWMrK0tEU2JoTGEraXJYTTZUa0dkcDJmCjdHTkFrYmtiRUNuWGp3Y3h2aHBRUkNpNldYT0c3MlFnRUdmaXdNSUtzWUtxM0o3M1dDRjRvVTdlZGtiMldlMzMKdUJEbEhsM2tTYUhNWUJDVENtNTRtZmZZc3k2NmthZnR5cVlSZEc2amUvWFN5YnZ0U2FRNU9CeGlWMUlKRjFCYgpoYVYwWFEyVVhKU21Ic1dCUncwcEtKYWdBR0xkQ0ROL0RFYnlJaGczNWltekpuNTdORXV3cUxadDRsOHpESzg5CndiUmZmd1UxODBKQUtUZHI0cnMrNFNVYnUrVzZ3dGFSYzZXVk10RStyQitKZkxJNkxYcHk1TmRQZnpQZk9VNEkKU0FvUWFxRUNnWUVBeTAwcm5FN3EzOGVPUCtRSGxTeG04NjMwV2F3eldwamhkZEk1dFlXMFlUSGFKcHNCcXBOVwpMUWhUUTFMSGwxY3VWZFBlWTFrRmYzcEJtRkVFdkIvOU9HWnNUL3JYZXlwQW1qRWlSSkprYlFYMVJ1Sklva0FvCkxsckV2ODQ5S0JkYlVOMEpIMWpnaTUrNUZacGNaMWUvbmpxQzIxc0N4a2QvdzVDMTA3Yk91dk1DZ1lFQTZJbXIKbmJhZ1YzZnBNOXE4ZXNjY2tGK0xwUmdOYXBnbGFXSWdxTHpTQjBpRC82YTA4QzFQdGhCR1hXYlg2czA4VGVEZwppM1RpTDlYTjNHZmo1M3UyWTltbCtYSW9zaW1WOUMxQVJEU2xyU3Bqc2k4MmdUcnlmN0pxVEpEbXR5T2cvYnhHCmUxQTl2WGw5NUtBckpkdDVYOW11NWovYlVsMi80dWlYS3ZOaG1nY0NnWUF3Unh3akcwNkZZN014RXVxR0R5eEgKazdpaUR0V0hIeVR6UUwvNWprMitnd01tQmN0SWdZS0dZU0s4cXd6QXNMQk5LMm4xTjYrcGpSUEVvd0MzMS9UZgpEdHVMeHFxakVlNlRieldQQ1NDV0QwTW0yUmVjaUJYQ3BFVnlzdndzNkJjRVJla2pxNHh2TzdmTkhJSHkvSkNCCmQ2MlpmNnhSLzZxa2UxbmljOWYxNXdLQmdHWXFwb1lpaVF3bEdRYTVZZm9ucFRzaFgzOW5zKzFUYjR4L21vM0kKZUJiUEczK2xSUFlKVW01UmREanhTSWhYSjltbnBjQmYyRWpnRFJSN2FMeDV0RWJtaDIrellvSDBsM2V5c2Z2RgpqYzBwUktneTZpV1pPcFkwVTFQVWppbUVzK1VIWllna1Z4djZWdit1QjRjWWlKaytVUVBFcHAzbnBya1JLK21wCkNRYmRBb0dBWG5tbGpwN1JjbFdiaENMaVdoWGxKSndQYnBqZjRmY2twQ3BCbnN4RnRCVEUwQ2g1ZkkzVTQxWGYKUmd5d1QvZ01OSVBnakxodU95bWh5dEdtazVlMitGWk5VVU8rZG9lanRCQjVGVXN0Y2N4VUg5QkZndjNzV3I5RAp0V1NNbjVna3RrazVLZEdQU2p5OXorSlRiMDNMNGNXajhUS0c1amRVSHVKWjhWanZ4dWs9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==

12
import_datas.sh Executable file
View File

@@ -0,0 +1,12 @@
#!/bin/bash
FILES=$(ls $1 | grep .json)
BRANCH=${2:-dev}
export KUBECONFIG=$(realpath ./deployed_config)
POD_NAME=$(kubectl get pods --all-namespaces -o=name | grep $BRANCH-mongodb-*)
for file in "${FILES[@]}"; do
echo "ADD file $file in collection ${file/.json/} : ${POD_NAME/pod\//}"
kubectl cp $file ${POD_NAME/pod\//}:/tmp/$file
kubectl exec ${POD_NAME/pod\//}: -- mongoimport --db DC_myDC --collection ${file/.json/} --file /tmp/$file --jsonArray
done

5
install_development.sh
View File

@@ -1,5 +0,0 @@
#!/bin/bash
RELEASE_NAME=dev
RELEASE_NAMESPACE=dev
helm install ${RELEASE_NAME} opencloud -n ${RELEASE_NAMESPACE} --create-namespace -f opencloud/dev-values.yaml

267
oc-k8s.sh Executable file
View File

@@ -0,0 +1,267 @@
#!/bin/bash
REPOS=(
"oc-auth"
"oc-catalog"
"oc-datacenter"
"oc-front"
"oc-monitord"
"oc-peer"
"oc-shared"
"oc-scheduler"
"oc-schedulerd"
"oc-workflow"
"oc-workspace"
)
# values template
main_create_values() {
set -euo pipefail
if [[ -z "${1:-}" ]]; then
echo "Error: No RELEASE PROVIDED."
main_help_values
exit 1
fi
TEMPLATE_FILE=./opencloud/values.yaml.template
ENV_FILE=${2:-}
OUTPUT_FILE="./opencloud/values/$1-values.yaml"
# Load environment variables from env file
if [[ -f "$ENV_FILE" ]]; then
set -a
source "$ENV_FILE"
set +a
fi
# Process the template
awk '
{
line = $0
# match ${VAR:-default} patterns
while (match(line, /\$\{([A-Za-z_][A-Za-z0-9_]*):-([^}]+)\}/, arr)) {
varname = arr[1]
defaultval = arr[2]
# get environment value or default
cmd = "bash -c '\''echo ${" varname ":-" defaultval "}'\''"
cmd | getline value
close(cmd)
line = substr(line, 1, RSTART-1) value substr(line, RSTART+RLENGTH)
}
print line
}' "$TEMPLATE_FILE" > "$OUTPUT_FILE"
echo "Rendered $OUTPUT_FILE from $TEMPLATE_FILE using $ENV_FILE"
}
# HELM SERVICE
main_create_helm() {
main_delete_helm "${1:-dev}" | true
RELEASE_NAME=${1:-dev}
RELEASE_NAMESPACE=${1:-dev}
helm install ${RELEASE_NAME} opencloud -n ${RELEASE_NAMESPACE} --create-namespace -f opencloud/${RELEASE_NAME}-values.yaml
kind get kubeconfig --name opencloud > ./deployed_config
kind export logs ./kind-logs
}
main_upgrade_helm() {
RELEASE_NAME=${1:-dev}
RELEASE_NAMESPACE=${1:-dev}
helm upgrade ${RELEASE_NAME} opencloud -n ${RELEASE_NAMESPACE} --create-namespace -f opencloud/${RELEASE_NAME}-values.yaml
}
main_delete_helm() {
RELEASE_NAME=${1:-dev}
RELEASE_NAMESPACE=${1:-dev}
helm uninstall ${RELEASE_NAME} -n ${RELEASE_NAMESPACE}
export KUBECONFIG=$(realpath ~/.kube/config)
}
# CLUSTER SERVICE
build_service() {
local repo_url="https://cloud.o-forge.io/core/$1.git"
local branch=${2:-main}
local target=${3:-all}
local repo_name=$(basename "$repo_url" .git)
echo "Processing repository: $repo_name"
if [ ! -d "$1" ]; then
echo "Cloning repository: $repo_name"
git clone "$repo_url"
if [ $? -ne 0 ]; then
echo "Error cloning $repo_url"
exit 1
fi
fi
echo "Repository '$repo_name' now exists. Pulling latest changes..."
cd "$repo_name" && git checkout $branch && git pull
echo "Running 'make $target' in $repo_name"
export HOST="${2:-http://beta.opencloud.com/}" && make "$target"
if [ $? -ne 0 ]; then
echo "Error: make $target failed in $dir"
exit 1
fi
cd ..
}
main_build_services() {
branch=${1:-main}
target=${2:-all}
cd ..
# Iterate through each repository in the list
for repo in "${REPOS[@]}"; do
build_service "$repo" "$branch" "$target"
done
echo "All repositories processed successfully."
}
# CLUSTER CONTROLLER
main_delete_cluster() {
kind delete cluster --name opencloud | true
}
main_create_cluster() {
main_delete_cluster | true
cat <<EOF | kind create cluster --name opencloud --config=-
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
kubeadmConfigPatches:
- |
kind: InitConfiguration
nodeRegistration:
kubeletExtraArgs:
node-labels: "ingress-ready=true"
extraPortMappings:
- containerPort: 30950
hostPort: 80
protocol: TCP
- containerPort: 30951
hostPort: 443
protocol: TCP
containerdConfigPatches:
- |-
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."locahost:5000"]
endpoint = ["http://dev-docker-registry-ui-registry-server.opencloud.svc.cluster.local:5000"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."dev-docker-registry-ui-registry-server.opencloud.svc.cluster.local:5000"]
endpoint = ["http://dev-docker-registry-ui-registry-server.opencloud.svc.cluster.local:5000"]
[plugins."io.containerd.grpc.v1.cri".registry.configs."dev-docker-registry-ui-registry-server.opencloud.svc.cluster.local:5000".tls]
insecure_skip_verify = true
cert_file = ""
key_file = ""
ca_file = ""
EOF
echo "[WARNING] New cluster shoulw be merged into your current config !"
kind get kubeconfig --name opencloud > /tmp/kind-opencloud.kubeconfig
KUBECONFIG=~/.kube/config:/tmp/kind-opencloud.kubeconfig kubectl config view --flatten > ~/.kube/config # fusionnate clusters config.
kubectl config get-contexts
kubectl config use-context kind-opencloud
}
main_help_values() {
echo "
Cluster commands: oc-k8s <action> values
create - Create a new values release yaml
help - Show this help message
Usage:
oc-k8s create values [release] [env_file (optionnal)]
release - Release values name (required)
env_file - env to map (optionnal)
oc-k8s help values
"
}
main_help_cluster() {
echo "
Cluster commands: oc-k8s <action> cluster
create - Create a new kind cluster named 'opencloud'
delete - Delete the kind cluster named 'opencloud'
help - Show this help message
Usage:
oc-k8s create cluster
oc-k8s delete cluster
oc-k8s help cluster
"
}
main_help_services() {
echo "
Service commands: oc-k8s <action> services
build - Build all opencloud services
help - Show this help message
Usage:
oc-k8s build services [branch] [target]
branch - Git branch to build (default: main)
target - make target (default: all)
oc-k8s help services
"
}
main_help_helm() {
echo "
Helm commands: oc-k8s <action> helm
create - Install a helm release for the given environment (default: dev)
delete - Uninstall a helm release for the given environment (default: dev)
help - Show this help message
Usage:
oc-k8s create helm [env]
dev - environnement selected (default: dev)
oc-k8s upgrade helm [env]
dev - environnement selected (default: dev)
oc-k8s delete helm [env]
dev - environnement selected (default: dev)
oc-k8sh help helm
"
}
main_help_all() {
echo "
Main commands: oc-k8s <action>
start - Start opencloud k8s
stop - Stop opencloud k8s
Usage:
oc-k8s start [args]
oc-k8s stop [args]
"
main_help_cluster
main_help_services
main_help_helm
main_help_values
}
main_start() {
sudo /etc/init.d/apache2 stop
sudo nginx -s stop
main_create_cluster "${@:1}"
main_build_services "${@:1}"
main_create_helm "${@:1}"
}
main_stop() {
main_delete_helm "${@:1}" | true
main_delete_cluster "${@:1}" | true
}
if declare -f main_${1} > /dev/null; then
main_${1} "${@:2}"
elif declare -f main_${1}_${2} > /dev/null; then
main_${1}_${2} "${@:3}"
else
echo "Function does not exist"
main_help_all
fi

3
opencloud/.helmignore
View File

@@ -21,3 +21,6 @@
.idea/
*.tmproj
.vscode/
#custom
templates/registry/dockerconfigjson

15
opencloud/Chart.yaml
View File

@@ -5,7 +5,6 @@ type: application
version: 0.0.1
appVersion: "0.0.1"
# TODO: grafana, loki
dependencies:
- name: openldap
repository: https://jp-gouin.github.io/helm-openldap/
@@ -28,7 +27,7 @@ dependencies:
repository: "https://cowboysysop.github.io/charts/"
condition: mongo-express.enabled
- name: hydra
version: "0.50.2"
version: "0.50.6"
repository: "https://k8s.ory.sh/helm/charts"
condition: hydra.enabled
- name: keto
@@ -43,3 +42,15 @@ dependencies:
version: "8.6.4"
repository: "https://grafana.github.io/helm-charts"
condition: grafana.enabled
- name: argo-workflows
version: "0.45.4"
repository: "https://argoproj.github.io/argo-helm"
condition: argo-workflows.enabled
- name: docker-registry-ui
version: 1.1.3
repository: "https://helm.joxit.dev/"
condition: docker-registry-ui.enabled
- name: prometheus
version: "27.45.0"
repository: "https://prometheus-community.github.io/helm-charts"
condition: prometheus.enabled

129
opencloud/README.md Normal file
View File

@@ -0,0 +1,129 @@
# HOW TO MAKE YOUR PROPER VALUES.YAML
Use command :
```
oc-k8s create values [release] [env_file (optionnal)]
```
or
```
./oc-k8s.sh create values [release] [env_file (optionnal)]
```
Map in a env file, any Variable you wish to override and give the path.
## ENV VARIABLE
| Variable | Default | Purpose / Explanation |
| -------------- | ---------------------- | --------------------------------------------------------------------------------- |
| `HOST` | `exemple.com` | Domain for reverse proxy rules (Traefik). |
| `REGISTRY_HOST` | `registry.exemple.com` | Docker registry URL for reverse proxy and pull secrets. |
## MONGO VARIABLE
| Variable | Default | Purpose / Explanation |
| ------------------- | ----------- | ------------------------------------------ |
| `OC_MONGO_ENABLED` | `true` | Enable/disable MongoDB deployment. |
| `OC_MONGO_ADMIN` | `admin` | Root username for MongoDB. |
| `OC_MONGO_PWD` | `admin` | Root password. |
| `OC_MONGO_DATABASE` | `opencloud` | Default database to create. |
| `OC_MONGO_SIZE` | `5000Mi` | Persistent storage size for MongoDB. |
## MONGO EXPRESS VARIABLE
| Variable | Default | Purpose / Explanation |
| ----------------------------------------- | -------------------------------------------------------- | ------------------------------------------- |
| `OC_MONGOEXPRESS_ENABLED` | `true` | Enable mongo-express UI. |
| `OC_MONGOEXPRESS_ADMIN` | `${OC_MONGO_ADMIN:-admin}` | Admin username to connect to MongoDB. |
| `OC_MONGOEXPRESS_PWD` | `${OC_MONGO_PWD:-admin}` | Admin password. |
## NATS VARIABLE
| Variable | Default | Explanation |
| ----------------- | ------- | -------------------------------------- |
| `OC_NATS_ENABLED` | `true` | Deploy NATS cluster. |
| `OC_NATS_SIZE` | `20Mi` | Storage size for JetStream file store. |
## OpenLDAP VARIABLE
| Variable | Default | Explanation |
| --------------------------- | ---------------------------- | -------------------------------------------------------- |
| `OC_LDAP_ENABLED` | `true` | Deploy OpenLDAP server. |
| `OC_LDAP_IMAGE` | `osixia/openldap` | Docker image for OpenLDAP. |
| `OC_LDAP_ORGANISATION` | `Opencloud` | LDAP organization name. |
| `OC_LDAP_DOMAIN` | `opencloud.com` | LDAP domain. |
| `OC_LDAP_TLS` | `false` | Enable TLS for LDAP. |
| `OC_LDAP_ADMIN_PWD` | `admin` | LDAP admin password. |
| `OC_LDAP_CONFIG_PWD` | `config` | Password for configuration account. |
| `OC_LDAP_EXTERNAL` | `false` | Connect to external LDAP instead of internal deployment. |
| `OC_LDAP_EXTERNAL_ENDPOINT` | (none) | LDAP server URL. |
| `OC_LDAP_EXTERNAL_DN` | `cn=admin,dc=example,dc=com` | Bind DN for external LDAP. |
| `OC_LDAP_EXTERNAL_PWD` | `admin` | Bind password for external LDAP. |
## Prometheus VARIABLE
| Variable | Default | Explanation |
| ------------------------------- | ------- | ------------------------- |
| `OC_PROMETHEUS_ENABLED` | `true` | Enable Prometheus server. |
| `OC_PROMETHEUS_SIZE` | `5Gi` | Persistent volume size. |
| `OC_PROMETHEUS_LIMITS_CPU` | `500m` | CPU limit. |
| `OC_PROMETHEUS_LIMITS_MEMORY` | `512Mi` | Memory limit. |
| `OC_PROMETHEUS_REQUESTS_CPU` | `128m` | CPU request. |
| `OC_PROMETHEUS_REQUESTS_MEMORY` | `256Mi` | Memory request. |
## Grafana VARIABLE
| VARIABLE | DEFAULT | DESCRIPTION |
| -------------------------------------- | ----------- | ------------------------------------------------------------------------------------ |
| `OC_GRAFANA_ENABLED` | `true` | Enable or disable Grafana deployment. |
| `OC_GRAFANA_ADMIN_USER` | `admin` | Username for the Grafana admin account. |
| `OC_GRAFANA_ADMIN_PWD` | `admin` | Password for the Grafana admin account. |
| `OC_GRAFANA_SIZE` | `1Gi` | Size of the persistent volume for Grafana. |
## Traefik VARIABLE
| Variable | Default | Explanation |
| ------------------------------- | ------- | ------------------------- |
| `OC_TRAEFIK_ENABLED` | `true` | Enable Traefik server. |
## Hydra VARIABLE
| Variable | Default | Explanation |
| ------------------ | ------------------------------------------------------------------------ | ------------------------------------------- |
| `OC_HYDRA_ENABLED` | `true` | Deploy Hydra (OAuth2). |
## Keto VARIABLE
| VARIABLE | DEFAULT | DESCRIPTION |
| ---------------------------- | --------------------------------- | ---------------------------------------------------------------------------------------------- |
| `OC_KETO_ENABLED` | `true` | Enable or disable Keto deployment. |
## Loki VARIABLE
| VARIABLE | DEFAULT | DESCRIPTION |
| ---------------------------- | --------------------------------- | ---------------------------------------------------------------------------------------------- |
| `OC_LOKI_ENABLED` | `true` | Enable or disable Loki deployment. |
| `OC_LOKI_SIZE` | `1Gi` | Resource allowed. |
## Minio VARIABLE
| VARIABLE | DEFAULT | DESCRIPTION |
| ---------------------------- | --------------------------------- | ---------------------------------------------------------------------------------------------- |
| `OC_MINIO_ENABLED` | `true` | Enable or disable Minio deployment. |
## Argo VARIABLE
| VARIABLE | DEFAULT | DESCRIPTION |
| ------------------------------------------ | --------------- | ---------------------------------------------- |
| `OC_ARGO_ENABLED` | `false` | Enable or disable Argo Workflows deployment. |
## OC API VARIABLE
| Variable | Default | Explanation |
| ------------------------------------ | ------------ | --------------------------------- |
| `OC_<APP>_ENABLED` | true | Deploy the service. |
| `OC_<APP>_IMAGE` | registry URL | Docker image. |
| `OC_<APP>_LIMITS_CPU/MEMORY` | 128m / 256Mi | Resource limits. |
| `OC_<APP>_REQUESTS_CPU/MEMORY` | 128m / 256Mi | Resource requests. |
| `OC_<APP>_REPLICAS_ENABLED` | true | Enable Horizontal Pod Autoscaler. |
| `OC_<APP>_REPLICAS_MAX` | 5 | Max replicas. |
| `OC_<APP>_REPLICAS_USAGE` | 80 | HPA target CPU usage (%). |

23
opencloud/charts/argo-workflows/.helmignore Normal file
View File

@@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
ci/
*.gotmpl

20
opencloud/charts/argo-workflows/Chart.yaml Normal file
View File

@@ -0,0 +1,20 @@
annotations:
artifacthub.io/changes: |
- kind: added
description: Support configuring workflow events in the controller
artifacthub.io/signKey: |
fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
apiVersion: v2
appVersion: v3.6.2
description: A Helm chart for Argo Workflows
home: https://github.com/argoproj/argo-helm
icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png
maintainers:
- name: argoproj
url: https://argoproj.github.io/
name: argo-workflows
sources:
- https://github.com/argoproj/argo-workflows
type: application
version: 0.45.4

410
opencloud/charts/argo-workflows/README.md Normal file
View File

@@ -0,0 +1,410 @@
# Argo Workflows Chart
This is a **community maintained** chart. It is used to set up argo and its needed dependencies through one command. This is used in conjunction with [helm](https://github.com/kubernetes/helm).
If you want your deployment of this helm chart to most closely match the [argo CLI](https://github.com/argoproj/argo-workflows), you should deploy it in the `kube-system` namespace.
## Pre-Requisites
### Custom resource definitions
Some users would prefer to install the CRDs _outside_ of the chart. You can disable the CRD installation of this chart by using `--set crds.install=false` when installing the chart.
Helm cannot upgrade custom resource definitions in the `<chart>/crds` folder [by design](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#some-caveats-and-explanations). Starting with 3.4.0 (chart version 0.19.0), the CRDs have been moved to `<chart>/templates` to address this design decision.
If you are using Argo Workflows chart version prior to 3.4.0 (chart version 0.19.0) or have elected to manage the Argo Workflows CRDs outside of the chart, please use `kubectl` to upgrade CRDs manually from [templates/crds](templates/crds/) folder or via the manifests from the upstream project repo:
```bash
kubectl apply -k "https://github.com/argoproj/argo-workflows/manifests/base/crds/full?ref=<appVersion>"
# Eg. version v3.3.9
kubectl apply -k "https://github.com/argoproj/argo-workflows/manifests/base/crds/full?ref=v3.3.9"
```
### ServiceAccount for Workflow Spec
In order for each Workflow run, you create ServiceAccount via `values.yaml` like below.
```yaml
workflow:
serviceAccount:
create: true
name: "argo-workflow"
rbac:
create: true
controller:
workflowNamespaces:
- default
- foo
- bar
```
Set ServiceAccount on Workflow.
```yaml
apiVersion: argoproj.io/v1alpha1
kind: Workflow
metadata:
generateName: hello-world-
spec:
entrypoint: whalesay
serviceAccountName: argo-workflow # Set ServiceAccount
templates:
- name: whalesay
container:
image: docker/whalesay
command: [ cowsay ]
args: [ "hello world" ]
```
## Installing the Chart
To install the chart with the release name `my-release`:
```console
$ helm repo add argo https://argoproj.github.io/argo-helm
"argo" has been added to your repositories
$ helm install my-release argo/argo-workflows
NAME: my-release
...
```
## Changelog
For full list of changes, please check ArtifactHub [changelog].
## Usage Notes
### High Availability
This chart installs the non-HA version of Argo Workflows by default. If you want to run in HA mode, you can use [these example values](ci/ha-values.yaml) as a starting point.
Please see the upstream [Operator Manual's High Availability page](https://argo-workflows.readthedocs.io/en/stable/high-availability/) to understand how to scale Argo Workflows in depth.
### Workflow controller
This chart defaults to setting the `controller.instanceID.enabled` to `false` now, which means the deployed controller will act upon any workflow deployed to the cluster. If you would like to limit the behavior and deploy multiple workflow controllers, please use the `controller.instanceID.enabled` attribute along with one of its configuration options to set the `instanceID` of the workflow controller to be properly scoped for your needs.
### Argo Workflows server authentication
Argo Workflows server provides some choices for authentication mechanism and you can configure `.Values.server.authModes`. By default, authentication mode is `[server]`, for local development purposes or cases where your gateway authentication is covered by some other means.
Please refer to [Argo Server Auth Mode] for more details.
Argo Workflows server also supports SSO and you can enable it to configure `.Values.server.sso` and `.Values.server.authModes`. In order to manage access levels, you can optionally add RBAC to SSO. Please refer to [SSO RBAC] for more details.
## Values
The `values.yaml` contains items used to tweak a deployment of this chart.
Fields to note:
- `controller.instanceID.enabled`: If set to true, the Argo Controller will **ONLY** monitor Workflow submissions with a `--instanceid` attribute
- `controller.instanceID.useReleaseName`: If set to true then chart set controller instance id to release name
- `controller.instanceID.explicitID`: Allows customization of an instance id for the workflow controller to monitor
- `singleNamespace`: When true, restricts the workflow controller to operate
in just the single namespace (that one of the Helm release).
- `controller.workflowNamespaces`: This is a list of namespaces where the
workflow controller will manage workflows. Only valid when `singleNamespace`
is false.
### General parameters
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| apiVersionOverrides.autoscaling | string | `""` | String to override apiVersion of autoscaling rendered by this helm chart |
| apiVersionOverrides.cloudgoogle | string | `""` | String to override apiVersion of GKE resources rendered by this helm chart |
| apiVersionOverrides.monitoring | string | `""` | String to override apiVersion of monitoring CRDs (ServiceMonitor) rendered by this helm chart |
| commonLabels | object | `{}` | Labels to set on all resources |
| crds.annotations | object | `{}` | Annotations to be added to all CRDs |
| crds.install | bool | `true` | Install and upgrade CRDs |
| crds.keep | bool | `true` | Keep CRDs on chart uninstall |
| createAggregateRoles | bool | `true` | Create clusterroles that extend existing clusterroles to interact with argo-cd crds |
| emissary.images | list | `[]` | The command/args for each image on workflow, needed when the command is not specified and the emissary executor is used. |
| extraObjects | list | `[]` | Array of extra K8s manifests to deploy |
| fullnameOverride | string | `nil` | String to fully override "argo-workflows.fullname" template |
| images.pullPolicy | string | `"Always"` | imagePullPolicy to apply to all containers |
| images.pullSecrets | list | `[]` | Secrets with credentials to pull images from a private registry |
| images.tag | string | `""` | Common tag for Argo Workflows images. Defaults to `.Chart.AppVersion`. |
| kubeVersionOverride | string | `""` | Override the Kubernetes version, which is used to evaluate certain manifests |
| nameOverride | string | `nil` | String to partially override "argo-workflows.fullname" template |
| namespaceOverride | string | `.Release.Namespace` | Override the namespace |
| singleNamespace | bool | `false` | Restrict Argo to operate only in a single namespace (the namespace of the Helm release) by apply Roles and RoleBindings instead of the Cluster equivalents, and start workflow-controller with the --namespaced flag. Use it in clusters with strict access policy. |
### Workflow
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| workflow.namespace | string | `nil` | Deprecated; use controller.workflowNamespaces instead. |
| workflow.rbac.agentPermissions | bool | `false` | Allows permissions for the Argo Agent. Only required if using http/plugin templates |
| workflow.rbac.artifactGC | bool | `false` | Allows permissions for the Argo Artifact GC pod. Only required if using artifact gc |
| workflow.rbac.create | bool | `true` | Adds Role and RoleBinding for the above specified service account to be able to run workflows. A Role and Rolebinding pair is also created for each namespace in controller.workflowNamespaces (see below) |
| workflow.rbac.serviceAccounts | list | `[]` | Extra service accounts to be added to the RoleBinding |
| workflow.serviceAccount.annotations | object | `{}` | Annotations applied to created service account |
| workflow.serviceAccount.create | bool | `false` | Specifies whether a service account should be created |
| workflow.serviceAccount.labels | object | `{}` | Labels applied to created service account |
| workflow.serviceAccount.name | string | `"argo-workflow"` | Service account which is used to run workflows |
| workflow.serviceAccount.pullSecrets | list | `[]` | Secrets with credentials to pull images from a private registry. Same format as `.Values.images.pullSecrets` |
### Workflow Controller
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| controller.affinity | object | `{}` | Assign custom [affinity] rules |
| controller.clusterWorkflowTemplates.enabled | bool | `true` | Create a ClusterRole and CRB for the controller to access ClusterWorkflowTemplates. |
| controller.clusterWorkflowTemplates.serviceAccounts | list | `[]` | Extra service accounts to be added to the ClusterRoleBinding |
| controller.columns | list | `[]` | Configure Argo Server to show custom [columns] |
| controller.configMap.annotations | object | `{}` | ConfigMap annotations |
| controller.configMap.create | bool | `true` | Create a ConfigMap for the controller |
| controller.configMap.name | string | `""` | ConfigMap name |
| controller.cronWorkflowWorkers | string | `nil` | Number of cron workflow workers Only valid for 3.5+ |
| controller.deploymentAnnotations | object | `{}` | deploymentAnnotations is an optional map of annotations to be applied to the controller Deployment |
| controller.extraArgs | list | `[]` | Extra arguments to be added to the controller |
| controller.extraContainers | list | `[]` | Extra containers to be added to the controller deployment |
| controller.extraEnv | list | `[]` | Extra environment variables to provide to the controller container |
| controller.extraInitContainers | list | `[]` | Enables init containers to be added to the controller deployment |
| controller.image.registry | string | `"quay.io"` | Registry to use for the controller |
| controller.image.repository | string | `"argoproj/workflow-controller"` | Registry to use for the controller |
| controller.image.tag | string | `""` | Image tag for the workflow controller. Defaults to `.Values.images.tag`. |
| controller.initialDelay | string | `nil` | Resolves ongoing, uncommon AWS EKS bug: https://github.com/argoproj/argo-workflows/pull/4224 |
| controller.instanceID.enabled | bool | `false` | Configures the controller to filter workflow submissions to only those which have a matching instanceID attribute. |
| controller.instanceID.explicitID | string | `""` | Use a custom instanceID |
| controller.instanceID.useReleaseName | bool | `false` | Use ReleaseName as instanceID |
| controller.kubeConfig | object | `{}` (See [values.yaml]) | Configure when workflow controller runs in a different k8s cluster with the workflow workloads, or needs to communicate with the k8s apiserver using an out-of-cluster kubeconfig secret. |
| controller.links | list | `[]` | Configure Argo Server to show custom [links] |
| controller.livenessProbe | object | See [values.yaml] | Configure liveness [probe] for the controller |
| controller.loadBalancerClass | string | `""` | The class of the load balancer implementation |
| controller.loadBalancerSourceRanges | list | `[]` | Source ranges to allow access to service from. Only applies to service type `LoadBalancer` |
| controller.logging.format | string | `"text"` | Set the logging format (one of: `text`, `json`) |
| controller.logging.globallevel | string | `"0"` | Set the glog logging level |
| controller.logging.level | string | `"info"` | Set the logging level (one of: `debug`, `info`, `warn`, `error`) |
| controller.metricsConfig.enabled | bool | `false` | Enables prometheus metrics server |
| controller.metricsConfig.headlessService | bool | `false` | Flag to enable headless service |
| controller.metricsConfig.honorLabels | bool | `false` | When true, honorLabels preserves the metrics labels when they collide with the targets labels. |
| controller.metricsConfig.ignoreErrors | bool | `false` | Flag that instructs prometheus to ignore metric emission errors. |
| controller.metricsConfig.interval | string | `"30s"` | Frequency at which prometheus scrapes metrics |
| controller.metricsConfig.metricRelabelings | list | `[]` | ServiceMonitor metric relabel configs to apply to samples before ingestion |
| controller.metricsConfig.metricsTTL | string | `""` | How often custom metrics are cleared from memory |
| controller.metricsConfig.path | string | `"/metrics"` | Path is the path where metrics are emitted. Must start with a "/". |
| controller.metricsConfig.port | int | `9090` | Port is the port where metrics are emitted |
| controller.metricsConfig.portName | string | `"metrics"` | Container metrics port name |
| controller.metricsConfig.relabelings | list | `[]` | ServiceMonitor relabel configs to apply to samples before scraping |
| controller.metricsConfig.secure | bool | `false` | Flag that use a self-signed cert for TLS |
| controller.metricsConfig.servicePort | int | `8080` | Service metrics port |
| controller.metricsConfig.servicePortName | string | `"metrics"` | Service metrics port name |
| controller.metricsConfig.targetLabels | list | `[]` | ServiceMonitor will add labels from the service to the Prometheus metric |
| controller.name | string | `"workflow-controller"` | Workflow controller name string |
| controller.namespaceParallelism | string | `nil` | Limits the maximum number of incomplete workflows in a namespace |
| controller.navColor | string | `""` | Set ui navigation bar background color |
| controller.nodeEvents.enabled | bool | `true` | Enable to emit events on node completion. |
| controller.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | [Node selector] |
| controller.parallelism | string | `nil` | parallelism dictates how many workflows can be running at the same time |
| controller.pdb.enabled | bool | `false` | Configure [Pod Disruption Budget] for the controller pods |
| controller.persistence | object | `{}` | enable Workflow Archive to store the status of workflows. Postgres and MySQL (>= 5.7.8) are available. |
| controller.podAnnotations | object | `{}` | podAnnotations is an optional map of annotations to be applied to the controller Pods |
| controller.podCleanupWorkers | string | `nil` | Number of pod cleanup workers |
| controller.podGCDeleteDelayDuration | string | `5s` (Argo Workflows default) | The duration in seconds before the pods in the GC queue get deleted. A zero value indicates that the pods will be deleted immediately. |
| controller.podGCGracePeriodSeconds | string | `30` seconds (Kubernetes default) | Specifies the duration in seconds before a terminating pod is forcefully killed. A zero value indicates that the pod will be forcefully terminated immediately. |
| controller.podLabels | object | `{}` | Optional labels to add to the controller pods |
| controller.podSecurityContext | object | `{}` | SecurityContext to set on the controller pods |
| controller.priorityClassName | string | `""` | Leverage a PriorityClass to ensure your pods survive resource shortages. |
| controller.rbac.accessAllSecrets | bool | `false` | Allows controller to get, list and watch all k8s secrets. Can only be used if secretWhitelist is empty. |
| controller.rbac.create | bool | `true` | Adds Role and RoleBinding for the controller. |
| controller.rbac.secretWhitelist | list | `[]` | Allows controller to get, list, and watch certain k8s secrets |
| controller.rbac.writeConfigMaps | bool | `false` | Allows controller to create and update ConfigMaps. Enables memoization feature |
| controller.replicas | int | `1` | The number of controller pods to run |
| controller.resourceRateLimit | object | `{}` | Globally limits the rate at which pods are created. This is intended to mitigate flooding of the Kubernetes API server by workflows with a large amount of parallel nodes. |
| controller.resources | object | `{}` | Resource limits and requests for the controller |
| controller.retentionPolicy | object | `{}` | Workflow retention by number of workflows |
| controller.revisionHistoryLimit | int | `10` | The number of revisions to keep. |
| controller.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true}` | the controller container's securityContext |
| controller.serviceAccount.annotations | object | `{}` | Annotations applied to created service account |
| controller.serviceAccount.create | bool | `true` | Create a service account for the controller |
| controller.serviceAccount.labels | object | `{}` | Labels applied to created service account |
| controller.serviceAccount.name | string | `""` | Service account name |
| controller.serviceAnnotations | object | `{}` | Annotations to be applied to the controller Service |
| controller.serviceLabels | object | `{}` | Optional labels to add to the controller Service |
| controller.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels |
| controller.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor |
| controller.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace |
| controller.serviceType | string | `"ClusterIP"` | Service type of the controller Service |
| controller.telemetryConfig.enabled | bool | `false` | Enables prometheus telemetry server |
| controller.telemetryConfig.ignoreErrors | bool | `false` | Flag that instructs prometheus to ignore metric emission errors. |
| controller.telemetryConfig.interval | string | `"30s"` | Frequency at which prometheus scrapes telemetry data |
| controller.telemetryConfig.metricsTTL | string | `""` | How often custom metrics are cleared from memory |
| controller.telemetryConfig.path | string | `"/telemetry"` | telemetry path |
| controller.telemetryConfig.port | int | `8081` | telemetry container port |
| controller.telemetryConfig.secure | bool | `false` | Flag that use a self-signed cert for TLS |
| controller.telemetryConfig.servicePort | int | `8081` | telemetry service port |
| controller.telemetryConfig.servicePortName | string | `"telemetry"` | telemetry service port name |
| controller.tolerations | list | `[]` | [Tolerations] for use with node taints |
| controller.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the workflow controller |
| controller.volumeMounts | list | `[]` | Additional volume mounts to the controller main container |
| controller.volumes | list | `[]` | Additional volumes to the controller pod |
| controller.workflowDefaults | object | `{}` | Default values that will apply to all Workflows from this controller, unless overridden on the Workflow-level. Only valid for 2.7+ |
| controller.workflowEvents.enabled | bool | `true` | Enable to emit events on workflow status changes. |
| controller.workflowNamespaces | list | `["default"]` | Specify all namespaces where this workflow controller instance will manage workflows. This controls where the service account and RBAC resources will be created. Only valid when singleNamespace is false. |
| controller.workflowRestrictions | object | `{}` | Restricts the Workflows that the controller will process. Only valid for 2.9+ |
| controller.workflowTTLWorkers | string | `nil` | Number of workflow TTL workers |
| controller.workflowWorkers | string | `nil` | Number of workflow workers |
### Workflow Main Container
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| mainContainer.env | list | `[]` | Adds environment variables for the Workflow main container |
| mainContainer.envFrom | list | `[]` | Adds reference environment variables for the Workflow main container |
| mainContainer.imagePullPolicy | string | `""` | imagePullPolicy to apply to Workflow main container. Defaults to `.Values.images.pullPolicy`. |
| mainContainer.resources | object | `{}` | Resource limits and requests for the Workflow main container |
| mainContainer.securityContext | object | `{}` | sets security context for the Workflow main container |
### Workflow Executor
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| executor.args | list | `[]` | Passes arguments to the executor processes |
| executor.env | list | `[]` | Adds environment variables for the executor. |
| executor.image.pullPolicy | string | `""` | Image PullPolicy to use for the Workflow Executors. Defaults to `.Values.images.pullPolicy`. |
| executor.image.registry | string | `"quay.io"` | Registry to use for the Workflow Executors |
| executor.image.repository | string | `"argoproj/argoexec"` | Repository to use for the Workflow Executors |
| executor.image.tag | string | `""` | Image tag for the workflow executor. Defaults to `.Values.images.tag`. |
| executor.resources | object | `{}` | Resource limits and requests for the Workflow Executors |
| executor.securityContext | object | `{}` | sets security context for the executor container |
### Workflow Server
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| server.GKEbackendConfig.enabled | bool | `false` | Enable BackendConfig custom resource for Google Kubernetes Engine |
| server.GKEbackendConfig.spec | object | `{}` | [BackendConfigSpec] |
| server.GKEfrontendConfig.enabled | bool | `false` | Enable FrontConfig custom resource for Google Kubernetes Engine |
| server.GKEfrontendConfig.spec | object | `{}` | [FrontendConfigSpec] |
| server.GKEmanagedCertificate.domains | list | `["argoworkflows.example.com"]` | Domains for the Google Managed Certificate |
| server.GKEmanagedCertificate.enabled | bool | `false` | Enable ManagedCertificate custom resource for Google Kubernetes Engine. |
| server.affinity | object | `{}` | Assign custom [affinity] rules |
| server.authMode | string | `""` | Deprecated; use server.authModes instead. |
| server.authModes | list | `[]` | A list of supported authentication modes. Available values are `server`, `client`, or `sso`. If you provide sso, please configure `.Values.server.sso` as well. |
| server.autoscaling.behavior | object | `{}` | Configures the scaling behavior of the target in both Up and Down directions. This is only available on HPA apiVersion `autoscaling/v2beta2` and newer |
| server.autoscaling.enabled | bool | `false` | Enable Horizontal Pod Autoscaler ([HPA]) for the Argo Server |
| server.autoscaling.maxReplicas | int | `5` | Maximum number of replicas for the Argo Server [HPA] |
| server.autoscaling.minReplicas | int | `1` | Minimum number of replicas for the Argo Server [HPA] |
| server.autoscaling.targetCPUUtilizationPercentage | int | `50` | Average CPU utilization percentage for the Argo Server [HPA] |
| server.autoscaling.targetMemoryUtilizationPercentage | int | `50` | Average memory utilization percentage for the Argo Server [HPA] |
| server.baseHref | string | `"/"` | Value for base href in index.html. Used if the server is running behind reverse proxy under subpath different from /. |
| server.clusterWorkflowTemplates.enableEditing | bool | `true` | Give the server permissions to edit ClusterWorkflowTemplates. |
| server.clusterWorkflowTemplates.enabled | bool | `true` | Create a ClusterRole and CRB for the server to access ClusterWorkflowTemplates. |
| server.deploymentAnnotations | object | `{}` | optional map of annotations to be applied to the ui Deployment |
| server.enabled | bool | `true` | Deploy the Argo Server |
| server.extraArgs | list | `[]` | Extra arguments to provide to the Argo server binary. |
| server.extraContainers | list | `[]` | Extra containers to be added to the server deployment |
| server.extraEnv | list | `[]` | Extra environment variables to provide to the argo-server container |
| server.extraInitContainers | list | `[]` | Enables init containers to be added to the server deployment |
| server.hostAliases | list | `[]` | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files |
| server.image.registry | string | `"quay.io"` | Registry to use for the server |
| server.image.repository | string | `"argoproj/argocli"` | Repository to use for the server |
| server.image.tag | string | `""` | Image tag for the Argo Workflows server. Defaults to `.Values.images.tag`. |
| server.ingress.annotations | object | `{}` | Additional ingress annotations |
| server.ingress.enabled | bool | `false` | Enable an ingress resource |
| server.ingress.extraPaths | list | `[]` | Additional ingress paths |
| server.ingress.hosts | list | `[]` | List of ingress hosts |
| server.ingress.ingressClassName | string | `""` | Defines which ingress controller will implement the resource |
| server.ingress.labels | object | `{}` | Additional ingress labels |
| server.ingress.pathType | string | `"Prefix"` | Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` |
| server.ingress.paths | list | `["/"]` | List of ingress paths |
| server.ingress.tls | list | `[]` | Ingress TLS configuration |
| server.lifecycle | object | `{}` | Specify postStart and preStop lifecycle hooks for server container |
| server.loadBalancerClass | string | `""` | The class of the load balancer implementation |
| server.loadBalancerIP | string | `""` | Static IP address to assign to loadBalancer service type `LoadBalancer` |
| server.loadBalancerSourceRanges | list | `[]` | Source ranges to allow access to service from. Only applies to service type `LoadBalancer` |
| server.logging.format | string | `"text"` | Set the logging format (one of: `text`, `json`) |
| server.logging.globallevel | string | `"0"` | Set the glog logging level |
| server.logging.level | string | `"info"` | Set the logging level (one of: `debug`, `info`, `warn`, `error`) |
| server.name | string | `"server"` | Server name string |
| server.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | [Node selector] |
| server.pdb.enabled | bool | `false` | Configure [Pod Disruption Budget] for the server pods |
| server.podAnnotations | object | `{}` | optional map of annotations to be applied to the ui Pods |
| server.podLabels | object | `{}` | Optional labels to add to the UI pods |
| server.podSecurityContext | object | `{}` | SecurityContext to set on the server pods |
| server.priorityClassName | string | `""` | Leverage a PriorityClass to ensure your pods survive resource shortages |
| server.rbac.create | bool | `true` | Adds Role and RoleBinding for the server. |
| server.replicas | int | `1` | The number of server pods to run |
| server.resources | object | `{}` | Resource limits and requests for the server |
| server.revisionHistoryLimit | int | `10` | The number of revisions to keep. |
| server.secure | bool | `false` | Run the argo server in "secure" mode. Configure this value instead of `--secure` in extraArgs. |
| server.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":false,"runAsNonRoot":true}` | Servers container-level security context |
| server.serviceAccount.annotations | object | `{}` | Annotations applied to created service account |
| server.serviceAccount.create | bool | `true` | Create a service account for the server |
| server.serviceAccount.labels | object | `{}` | Labels applied to created service account |
| server.serviceAccount.name | string | `""` | Service account name |
| server.serviceAnnotations | object | `{}` | Annotations to be applied to the UI Service |
| server.serviceLabels | object | `{}` | Optional labels to add to the UI Service |
| server.serviceNodePort | string | `nil` | Service node port |
| server.servicePort | int | `2746` | Service port for server |
| server.servicePortName | string | `""` | Service port name |
| server.serviceType | string | `"ClusterIP"` | Service type for server pods |
| server.sso.clientId.key | string | `"client-id"` | Key of secret to retrieve the app OIDC client ID |
| server.sso.clientId.name | string | `"argo-server-sso"` | Name of secret to retrieve the app OIDC client ID |
| server.sso.clientSecret.key | string | `"client-secret"` | Key of a secret to retrieve the app OIDC client secret |
| server.sso.clientSecret.name | string | `"argo-server-sso"` | Name of a secret to retrieve the app OIDC client secret |
| server.sso.customGroupClaimName | string | `""` | Override claim name for OIDC groups |
| server.sso.enabled | bool | `false` | Create SSO configuration. If you set `true` , please also set `.Values.server.authMode` as `sso`. |
| server.sso.filterGroupsRegex | list | `[]` | Filter the groups returned by the OIDC provider |
| server.sso.insecureSkipVerify | bool | `false` | Skip TLS verification for the HTTP client |
| server.sso.issuer | string | `"https://accounts.google.com"` | The root URL of the OIDC identity provider |
| server.sso.issuerAlias | string | `""` | Alternate root URLs that can be included for some OIDC providers |
| server.sso.rbac.enabled | bool | `true` | Adds ServiceAccount Policy to server (Cluster)Role. |
| server.sso.rbac.secretWhitelist | list | `[]` | Whitelist to allow server to fetch Secrets |
| server.sso.redirectUrl | string | `""` | The OIDC redirect URL. Should be in the form <argo-root-url>/oauth2/callback. |
| server.sso.scopes | list | `[]` | Scopes requested from the SSO ID provider |
| server.sso.sessionExpiry | string | `""` | Define how long your login is valid for (in hours) |
| server.sso.userInfoPath | string | `""` | Specify the user info endpoint that contains the groups claim |
| server.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook |
| server.tmpVolume | object | `{"emptyDir":{}}` | Volume to be mounted in Pods for temporary files. |
| server.tolerations | list | `[]` | [Tolerations] for use with node taints |
| server.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the argo server |
| server.volumeMounts | list | `[]` | Additional volume mounts to the server main container. |
| server.volumes | list | `[]` | Additional volumes to the server pod. |
### Artifact Repository
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| artifactRepository.archiveLogs | bool | `false` | Archive the main container logs as an artifact |
| artifactRepository.azure | object | `{}` (See [values.yaml]) | Store artifact in Azure Blob Storage |
| artifactRepository.gcs | object | `{}` (See [values.yaml]) | Store artifact in a GCS object store |
| artifactRepository.s3 | object | See [values.yaml] | Store artifact in a S3-compliant object store |
| artifactRepositoryRef | object | `{}` (See [values.yaml]) | The section of [artifact repository ref](https://argo-workflows.readthedocs.io/en/stable/artifact-repository-ref/). Each map key is the name of configmap |
| customArtifactRepository | object | `{}` | The section of custom artifact repository. Utilize a custom artifact repository that is not one of the current base ones (s3, gcs, azure) |
| useStaticCredentials | bool | `true` | Use static credentials for S3 (eg. when not using AWS IRSA) |
## Breaking changes from the deprecated `argo` chart
1. the `installCRD` value has been removed. CRDs are now only installed from the conventional crds/ directory
1. the CRDs were updated to `apiextensions.k8s.io/v1`
1. the container image registry/project/tag format was changed to be more in line with the more common
```yaml
image:
registry: quay.io
repository: argoproj/argocli
tag: v3.0.1
```
this also makes it easier for automatic update tooling (eg. renovate bot) to detect and update images.
1. switched to quay.io as the default registry for all images
1. removed any included usage of Minio
1. aligned the configuration of serviceAccounts with the argo-cd chart, ie: what used to be `server.createServiceAccount` is now `server.serviceAccount.create`
1. moved the field previously known as `telemetryServicePort` inside the `telemetryConfig` as `telemetryConfig.servicePort` - same for `metricsConfig`
[affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom
[FrontendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters
[links]: https://argo-workflows.readthedocs.io/en/stable/links/
[columns]: https://github.com/argoproj/argo-workflows/pull/10693
[Node selector]: https://kubernetes.io/docs/user-guide/node-selection/
[Pod Disruption Budget]: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
[probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
[Tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
[values.yaml]: values.yaml
[changelog]: https://artifacthub.io/packages/helm/argo/argo-workflows?modal=changelog
[SSO RBAC]: https://argo-workflows.readthedocs.io/en/stable/argo-server-sso/
[Argo Server Auth Mode]: https://argo-workflows.readthedocs.io/en/stable/argo-server-auth-mode/

11
opencloud/charts/argo-workflows/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,11 @@
{{- if .Values.server.authMode }}
DEPRECATED option server.authMode - Use server.authModes
{{- end }}
1. Get Argo Server external IP/domain by running:
kubectl --namespace {{ .Release.Namespace }} get services -o wide | grep {{ template "argo-workflows.server.fullname" . }}
2. Submit the hello-world workflow by running:
argo submit https://raw.githubusercontent.com/argoproj/argo-workflows/master/examples/hello-world.yaml --watch

211
opencloud/charts/argo-workflows/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,211 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Create argo workflows server name and version as used by the chart label.
*/}}
{{- define "argo-workflows.server.fullname" -}}
{{- printf "%s-%s" (include "argo-workflows.fullname" .) .Values.server.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create controller name and version as used by the chart label.
*/}}
{{- define "argo-workflows.controller.fullname" -}}
{{- printf "%s-%s" (include "argo-workflows.fullname" .) .Values.controller.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Expand the name of the chart.
*/}}
{{- define "argo-workflows.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "argo-workflows.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "argo-workflows.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create kubernetes friendly chart version label for the controller.
Examples:
image.tag = v3.4.4
output = v3.4.4
image.tag = v3.4.4@sha256:d06860f1394a94ac3ff8401126ef32ba28915aa6c3c982c7e607ea0b4dadb696
output = v3.4.4
*/}}
{{- define "argo-workflows.controller_chart_version_label" -}}
{{- regexReplaceAll "[^a-zA-Z0-9-_.]+" (regexReplaceAll "@sha256:[a-f0-9]+" (default (include "argo-workflows.defaultTag" .) .Values.controller.image.tag) "") "" | trunc 63 | quote -}}
{{- end -}}
{{/*
Create kubernetes friendly chart version label for the server.
Examples:
image.tag = v3.4.4
output = v3.4.4
image.tag = v3.4.4@sha256:d06860f1394a94ac3ff8401126ef32ba28915aa6c3c982c7e607ea0b4dadb696
output = v3.4.4
*/}}
{{- define "argo-workflows.server_chart_version_label" -}}
{{- regexReplaceAll "[^a-zA-Z0-9-_.]+" (regexReplaceAll "@sha256:[a-f0-9]+" (default (include "argo-workflows.defaultTag" .) .Values.server.image.tag) "") "" | trunc 63 | quote -}}
{{- end -}}
{{/*
Common labels
*/}}
{{- define "argo-workflows.labels" -}}
helm.sh/chart: {{ include "argo-workflows.chart" .context }}
{{ include "argo-workflows.selectorLabels" (dict "context" .context "component" .component "name" .name) }}
app.kubernetes.io/managed-by: {{ .context.Release.Service }}
app.kubernetes.io/part-of: argo-workflows
{{- with .context.Values.commonLabels }}
{{ toYaml .}}
{{- end }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "argo-workflows.selectorLabels" -}}
{{- if .name -}}
app.kubernetes.io/name: {{ include "argo-workflows.name" .context }}-{{ .name }}
{{ end -}}
app.kubernetes.io/instance: {{ .context.Release.Name }}
{{- if .component }}
app.kubernetes.io/component: {{ .component }}
app: {{ .component }}
{{- end }}
{{- end }}
{{/*
Create the name of the controller configMap
*/}}
{{- define "argo-workflows.controller.config-map.name" -}}
{{- .Values.controller.configMap.name | default (printf "%s-%s" (include "argo-workflows.controller.fullname" .) "configmap") | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create the name of the server service account to use
*/}}
{{- define "argo-workflows.serverServiceAccountName" -}}
{{- if .Values.server.serviceAccount.create -}}
{{ default (include "argo-workflows.server.fullname" .) .Values.server.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.server.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create the name of the controller service account to use
*/}}
{{- define "argo-workflows.controllerServiceAccountName" -}}
{{- if .Values.controller.serviceAccount.create -}}
{{ default (include "argo-workflows.controller.fullname" .) .Values.controller.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.controller.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for ingress
*/}}
{{- define "argo-workflows.ingress.apiVersion" -}}
{{- if semverCompare "<1.14-0" (include "argo-workflows.kubeVersion" $) -}}
{{- print "extensions/v1beta1" -}}
{{- else if semverCompare "<1.19-0" (include "argo-workflows.kubeVersion" $) -}}
{{- print "networking.k8s.io/v1beta1" -}}
{{- else -}}
{{- print "networking.k8s.io/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the target Kubernetes version
*/}}
{{- define "argo-workflows.kubeVersion" -}}
{{- default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride }}
{{- end -}}
{{/*
Return the default Argo Workflows app version
*/}}
{{- define "argo-workflows.defaultTag" -}}
{{- default .Chart.AppVersion .Values.images.tag }}
{{- end -}}
{{/*
Return full image name including or excluding registry based on existence
*/}}
{{- define "argo-workflows.image" -}}
{{- if and .image.registry .image.repository -}}
{{ .image.registry }}/{{ .image.repository }}
{{- else -}}
{{ .image.repository }}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for autoscaling
*/}}
{{- define "argo-workflows.apiVersion.autoscaling" -}}
{{- if .Values.apiVersionOverrides.autoscaling -}}
{{- print .Values.apiVersionOverrides.autoscaling -}}
{{- else if semverCompare "<1.23-0" (include "argo-workflows.kubeVersion" .) -}}
{{- print "autoscaling/v2beta1" -}}
{{- else -}}
{{- print "autoscaling/v2" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for GKE resources
*/}}
{{- define "argo-workflows.apiVersions.cloudgoogle" -}}
{{- if .Values.apiVersionOverrides.cloudgoogle -}}
{{- print .Values.apiVersionOverrides.cloudgoogle -}}
{{- else if .Capabilities.APIVersions.Has "cloud.google.com/v1" -}}
{{- print "cloud.google.com/v1" -}}
{{- else -}}
{{- print "cloud.google.com/v1beta1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for monitoring CRDs
*/}}
{{- define "argo-workflows.apiVersions.monitoring" -}}
{{- if .Values.apiVersionOverrides.monitoring -}}
{{- print .Values.apiVersionOverrides.monitoring -}}
{{- else -}}
{{- print "monitoring.coreos.com/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Expand the namespace of the release.
Allows overriding it for multi-namespace deployments in combined charts.
*/}}
{{- define "argo-workflows.namespace" -}}
{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}}
{{- end }}

29
opencloud/charts/argo-workflows/templates/controller/agent-rb.yaml Normal file
View File

@@ -0,0 +1,29 @@
{{- if .Values.workflow.rbac.agentPermissions -}}
{{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq) }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "argo-workflows.fullname" $ }}-workflow-agent
labels:
{{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $.Values.controller.name) | nindent 4 }}
{{- with $namespace }}
namespace: {{ . }}
{{- end }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "argo-workflows.fullname" $ }}-workflow-agent
subjects:
- kind: ServiceAccount
name: {{ $.Values.workflow.serviceAccount.name }}
{{- with $namespace }}
namespace: {{ . }}
{{- end }}
{{- range $.Values.workflow.rbac.serviceAccounts }}
- kind: ServiceAccount
name: {{ .name }}
namespace: {{ .namespace | quote }}
{{- end }}
{{- end }}
{{- end }}

29
opencloud/charts/argo-workflows/templates/controller/agent-role.yaml Normal file
View File

@@ -0,0 +1,29 @@
{{- if .Values.workflow.rbac.agentPermissions -}}
{{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq) }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ template "argo-workflows.fullname" $ }}-workflow-agent
labels:
{{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $.Values.controller.name) | nindent 4 }}
{{- with $namespace }}
namespace: {{ . }}
{{- end }}
rules:
- apiGroups:
- argoproj.io
resources:
- workflowtasksets
verbs:
- list
- watch
- apiGroups:
- argoproj.io
resources:
- workflowtasksets/status
verbs:
- patch
{{- end }}
{{- end }}

29
opencloud/charts/argo-workflows/templates/controller/artifact-gc-rb.yaml Normal file
View File

@@ -0,0 +1,29 @@
{{- if .Values.workflow.rbac.artifactGC -}}
{{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq) }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "argo-workflows.fullname" $ }}-wf-artifactgc
labels:
{{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $.Values.controller.name) | nindent 4 }}
{{- with $namespace }}
namespace: {{ . }}
{{- end }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "argo-workflows.fullname" $ }}-wf-artifactgc
subjects:
- kind: ServiceAccount
name: {{ $.Values.workflow.serviceAccount.name }}
{{- with $namespace }}
namespace: {{ . }}
{{- end }}
{{- range $.Values.workflow.rbac.serviceAccounts }}
- kind: ServiceAccount
name: {{ .name }}
namespace: {{ .namespace | quote }}
{{- end }}
{{- end }}
{{- end }}

29
opencloud/charts/argo-workflows/templates/controller/artifact-gc-role.yaml Normal file
View File

@@ -0,0 +1,29 @@
{{- if .Values.workflow.rbac.artifactGC -}}
{{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq) }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ template "argo-workflows.fullname" $ }}-wf-artifactgc
labels:
{{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $.Values.controller.name) | nindent 4 }}
{{- with $namespace }}
namespace: {{ . }}
{{- end }}
rules:
- apiGroups:
- argoproj.io
resources:
- workflowartifactgctasks
verbs:
- list
- watch
- apiGroups:
- argoproj.io
resources:
- workflowartifactgctasks/status
verbs:
- patch
{{- end }}
{{- end }}

19
opencloud/charts/argo-workflows/templates/controller/artifact-repository-ref-cm.yaml Normal file
View File

@@ -0,0 +1,19 @@
{{- range $cm_name, $cm_val := .Values.artifactRepositoryRef }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ $cm_name }}
namespace: {{ include "argo-workflows.namespace" $ | quote }}
labels:
{{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $cm_name) | nindent 4 }}
{{- with $cm_val.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
data:
{{- range $data_key, $data_val := (omit $cm_val "annotations") }}
{{- $data_key | nindent 2 }}: |
{{- toYaml $data_val | nindent 4 }}
{{- end }}
{{- end }}

107
opencloud/charts/argo-workflows/templates/controller/workflow-aggregate-roles.yaml Normal file
View File

@@ -0,0 +1,107 @@
{{- if .Values.createAggregateRoles }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "argo-workflows.fullname" . }}-view
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
rbac.authorization.k8s.io/aggregate-to-view: "true"
rules:
- apiGroups:
- argoproj.io
resources:
- workflows
- workflows/finalizers
- workfloweventbindings
- workfloweventbindings/finalizers
- workflowtemplates
- workflowtemplates/finalizers
- cronworkflows
- cronworkflows/finalizers
- clusterworkflowtemplates
- clusterworkflowtemplates/finalizers
- workflowtasksets
- workflowtasksets/finalizers
- workflowtaskresults
- workflowtaskresults/finalizers
- workflowartifactgctasks
- workflowartifactgctasks/finalizers
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "argo-workflows.fullname" . }}-edit
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rules:
- apiGroups:
- argoproj.io
resources:
- workflows
- workflows/finalizers
- workfloweventbindings
- workfloweventbindings/finalizers
- workflowtemplates
- workflowtemplates/finalizers
- cronworkflows
- cronworkflows/finalizers
- clusterworkflowtemplates
- clusterworkflowtemplates/finalizers
- workflowtasksets
- workflowtasksets/finalizers
- workflowtaskresults
- workflowtaskresults/finalizers
- workflowartifactgctasks
- workflowartifactgctasks/finalizers
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "argo-workflows.fullname" . }}-admin
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rules:
- apiGroups:
- argoproj.io
resources:
- workflows
- workflows/finalizers
- workfloweventbindings
- workfloweventbindings/finalizers
- workflowtemplates
- workflowtemplates/finalizers
- cronworkflows
- cronworkflows/finalizers
- clusterworkflowtemplates
- clusterworkflowtemplates/finalizers
- workflowtasksets
- workflowtasksets/finalizers
- workflowtaskresults
- workflowtaskresults/finalizers
- workflowartifactgctasks
- workflowartifactgctasks/finalizers
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
{{- end }}

220
opencloud/charts/argo-workflows/templates/controller/workflow-controller-cluster-roles.yaml Normal file
View File

@@ -0,0 +1,220 @@
{{- if .Values.controller.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1
{{- if .Values.singleNamespace }}
kind: Role
{{- else }}
kind: ClusterRole
{{- end }}
metadata:
name: {{ template "argo-workflows.controller.fullname" . }}
{{- if .Values.singleNamespace }}
namespace: {{ include "argo-workflows.namespace" . | quote }}
{{- end }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
- apiGroups:
- ""
resources:
- pods/exec
verbs:
- create
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- watch
- list
{{- if .Values.controller.rbac.writeConfigMaps }}
- create
- update
{{- end}}
- apiGroups:
- ""
resources:
- persistentvolumeclaims
- persistentvolumeclaims/finalizers
verbs:
- create
- update
- delete
- get
- apiGroups:
- argoproj.io
resources:
- workflows
- workflows/finalizers
- workflowtasksets
- workflowtasksets/finalizers
- workflowartifactgctasks
verbs:
- get
- list
- watch
- update
- patch
- delete
- create
- apiGroups:
- argoproj.io
resources:
- workflowtemplates
- workflowtemplates/finalizers
verbs:
- get
- list
- watch
- apiGroups:
- argoproj.io
resources:
- workflowtaskresults
- workflowtaskresults/finalizers
verbs:
- list
- watch
- deletecollection
- apiGroups:
- argoproj.io
resources:
- cronworkflows
- cronworkflows/finalizers
verbs:
- get
- list
- watch
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- get
- list
- apiGroups:
- "policy"
resources:
- poddisruptionbudgets
verbs:
- create
- get
- delete
{{- if .Values.controller.persistence }}
- apiGroups:
- ""
resources:
- secrets
resourceNames:
{{- if .Values.controller.persistence.postgresql }}
- {{ .Values.controller.persistence.postgresql.userNameSecret.name }}
- {{ .Values.controller.persistence.postgresql.passwordSecret.name }}
{{- end}}
{{- if .Values.controller.persistence.mysql }}
- {{ .Values.controller.persistence.mysql.userNameSecret.name }}
- {{ .Values.controller.persistence.mysql.passwordSecret.name }}
{{- end}}
verbs:
- get
{{- end}}
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- apiGroups:
- coordination.k8s.io
resources:
- leases
resourceNames:
{{- if .Values.controller.instanceID.enabled }}
{{- if .Values.controller.instanceID.useReleaseName }}
- workflow-controller-{{ .Release.Name }}
- workflow-controller-lease-{{ .Release.Name }}
{{- else }}
- workflow-controller-{{ .Values.controller.instanceID.explicitID }}
- workflow-controller-lease-{{ .Values.controller.instanceID.explicitID }}
{{- end }}
{{- else }}
- workflow-controller
- workflow-controller-lease
{{- end }}
verbs:
- get
- watch
- update
- patch
- delete
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
resourceNames:
{{/* for HTTP templates */}}
- argo-workflows-agent-ca-certificates
{{- with .Values.controller.rbac.secretWhitelist }}
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
resourceNames: {{- toYaml . | nindent 4 }}
{{- end }}
{{- if and (not .Values.controller.rbac.secretWhitelist) (.Values.controller.rbac.accessAllSecrets) }}
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
{{- end }}
{{- if and .Values.controller.clusterWorkflowTemplates.enabled (not .Values.singleNamespace) }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "argo-workflows.controller.fullname" . }}-cluster-template
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
rules:
- apiGroups:
- argoproj.io
resources:
- clusterworkflowtemplates
- clusterworkflowtemplates/finalizers
verbs:
- get
- list
- watch
{{- end }}
{{- end }}

214
opencloud/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml Normal file
View File

@@ -0,0 +1,214 @@
{{- if .Values.controller.configMap.create }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "argo-workflows.controller.config-map.name" . }}
namespace: {{ include "argo-workflows.namespace" . | quote }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" "cm") | nindent 4 }}
{{- with .Values.controller.configMap.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
data:
config: |
{{- if .Values.controller.instanceID.enabled }}
{{- if .Values.controller.instanceID.useReleaseName }}
instanceID: {{ .Release.Name }}
{{- else }}
instanceID: {{ .Values.controller.instanceID.explicitID }}
{{- end }}
{{- end }}
{{- if .Values.controller.parallelism }}
parallelism: {{ .Values.controller.parallelism }}
{{- end }}
{{- if .Values.controller.resourceRateLimit }}
resourceRateLimit: {{- toYaml .Values.controller.resourceRateLimit | nindent 6 }}
{{- end }}
{{- with .Values.controller.namespaceParallelism }}
namespaceParallelism: {{ . }}
{{- end }}
{{- with .Values.controller.initialDelay }}
initialDelay: {{ . }}
{{- end }}
{{- if or .Values.mainContainer.resources .Values.mainContainer.env .Values.mainContainer.envFrom .Values.mainContainer.securityContext}}
mainContainer:
imagePullPolicy: {{ default (.Values.images.pullPolicy) .Values.mainContainer.imagePullPolicy }}
{{- with .Values.mainContainer.resources }}
resources: {{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.mainContainer.env }}
env: {{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.mainContainer.envFrom }}
envFrom: {{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.mainContainer.securityContext }}
securityContext: {{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- if or .Values.executor.resources .Values.executor.env .Values.executor.args .Values.executor.securityContext}}
executor:
imagePullPolicy: {{ default (.Values.images.pullPolicy) .Values.executor.image.pullPolicy }}
{{- with .Values.executor.resources }}
resources: {{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.executor.args }}
args: {{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.executor.env }}
env: {{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.executor.securityContext }}
securityContext: {{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- if or .Values.artifactRepository.s3 .Values.artifactRepository.gcs .Values.artifactRepository.azure .Values.customArtifactRepository }}
artifactRepository:
{{- if .Values.artifactRepository.archiveLogs }}
archiveLogs: {{ .Values.artifactRepository.archiveLogs }}
{{- end }}
{{- with .Values.artifactRepository.gcs }}
gcs: {{- tpl (toYaml .) $ | nindent 8 }}
{{- end }}
{{- with .Values.artifactRepository.azure }}
azure: {{- tpl (toYaml .) $ | nindent 8 }}
{{- end }}
{{- if .Values.artifactRepository.s3 }}
s3:
{{- if .Values.useStaticCredentials }}
accessKeySecret:
key: {{ tpl .Values.artifactRepository.s3.accessKeySecret.key . }}
name: {{ tpl .Values.artifactRepository.s3.accessKeySecret.name . }}
secretKeySecret:
key: {{ tpl .Values.artifactRepository.s3.secretKeySecret.key . }}
name: {{ tpl .Values.artifactRepository.s3.secretKeySecret.name . }}
{{- if .Values.artifactRepository.s3.sessionTokenSecret }}
sessionTokenSecret:
key: {{ tpl .Values.artifactRepository.s3.sessionTokenSecret.key . }}
name: {{ tpl .Values.artifactRepository.s3.sessionTokenSecret.name . }}
{{- end }}
{{- end }}
bucket: {{ tpl (.Values.artifactRepository.s3.bucket | default "") . }}
endpoint: {{ tpl (.Values.artifactRepository.s3.endpoint | default "") . }}
insecure: {{ .Values.artifactRepository.s3.insecure }}
{{- if .Values.artifactRepository.s3.caSecret }}
caSecret:
name: {{ tpl .Values.artifactRepository.s3.caSecret.name . }}
key: {{ tpl .Values.artifactRepository.s3.caSecret.key . }}
{{- end }}
{{- if .Values.artifactRepository.s3.keyFormat }}
keyFormat: {{ .Values.artifactRepository.s3.keyFormat | quote }}
{{- end }}
{{- if .Values.artifactRepository.s3.region }}
region: {{ tpl .Values.artifactRepository.s3.region $ }}
{{- end }}
{{- if .Values.artifactRepository.s3.roleARN }}
roleARN: {{ .Values.artifactRepository.s3.roleARN }}
{{- end }}
{{- if .Values.artifactRepository.s3.useSDKCreds }}
useSDKCreds: {{ .Values.artifactRepository.s3.useSDKCreds }}
{{- end }}
{{- with .Values.artifactRepository.s3.encryptionOptions }}
encryptionOptions:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- end }}
{{- if .Values.customArtifactRepository }}
{{- toYaml .Values.customArtifactRepository | nindent 6 }}
{{- end }}
{{- end }}
{{- if .Values.controller.metricsConfig.enabled }}
metricsConfig:
enabled: {{ .Values.controller.metricsConfig.enabled }}
path: {{ .Values.controller.metricsConfig.path }}
port: {{ .Values.controller.metricsConfig.port }}
{{- if .Values.controller.metricsConfig.metricsTTL }}
metricsTTL: {{ .Values.controller.metricsConfig.metricsTTL }}
{{- end }}
ignoreErrors: {{ .Values.controller.metricsConfig.ignoreErrors }}
secure: {{ .Values.controller.metricsConfig.secure }}
{{- end }}
{{- if .Values.controller.telemetryConfig.enabled }}
telemetryConfig:
enabled: {{ .Values.controller.telemetryConfig.enabled }}
path: {{ .Values.controller.telemetryConfig.path }}
port: {{ .Values.controller.telemetryConfig.port }}
{{- if .Values.controller.telemetryConfig.metricsTTL }}
metricsTTL: {{ .Values.controller.telemetryConfig.metricsTTL }}
{{- end }}
ignoreErrors: {{ .Values.controller.telemetryConfig.ignoreErrors }}
secure: {{ .Values.controller.telemetryConfig.secure }}
{{- end }}
{{- if .Values.controller.persistence }}
persistence:
{{ toYaml .Values.controller.persistence | indent 6 }}{{- end }}
{{- if .Values.controller.workflowDefaults }}
workflowDefaults:
{{ toYaml .Values.controller.workflowDefaults | indent 6 }}{{- end }}
{{- if .Values.server.sso.enabled }}
sso:
issuer: {{ .Values.server.sso.issuer }}
clientId:
name: {{ .Values.server.sso.clientId.name }}
key: {{ .Values.server.sso.clientId.key }}
clientSecret:
name: {{ .Values.server.sso.clientSecret.name }}
key: {{ .Values.server.sso.clientSecret.key }}
redirectUrl: {{ .Values.server.sso.redirectUrl | quote }}
rbac:
enabled: {{ .Values.server.sso.rbac.enabled }}
{{- with .Values.server.sso.scopes }}
scopes: {{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.server.sso.issuerAlias }}
issuerAlias: {{ toYaml . }}
{{- end }}
{{- with .Values.server.sso.sessionExpiry }}
sessionExpiry: {{ toYaml . }}
{{- end }}
{{- with .Values.server.sso.customGroupClaimName }}
customGroupClaimName: {{ toYaml . }}
{{- end }}
{{- with .Values.server.sso.userInfoPath }}
userInfoPath: {{ toYaml . }}
{{- end }}
{{- with .Values.server.sso.insecureSkipVerify }}
insecureSkipVerify: {{ toYaml . }}
{{- end }}
{{- with .Values.server.sso.filterGroupsRegex }}
filterGroupsRegex: {{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- with .Values.controller.workflowRestrictions }}
workflowRestrictions: {{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.controller.links }}
links: {{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.controller.columns }}
columns: {{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.controller.navColor }}
navColor: {{ . }}
{{- end }}
{{- with .Values.controller.retentionPolicy }}
retentionPolicy: {{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.emissary.images }}
images: {{- toYaml . | nindent 6 }}
{{- end }}
nodeEvents:
enabled: {{ .Values.controller.nodeEvents.enabled }}
workflowEvents:
enabled: {{ .Values.controller.workflowEvents.enabled }}
{{- with .Values.controller.kubeConfig }}
kubeConfig: {{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.controller.podGCGracePeriodSeconds }}
podGCGracePeriodSeconds: {{ . }}
{{- end }}
{{- with .Values.controller.podGCDeleteDelayDuration }}
podGCDeleteDelayDuration: {{ . }}
{{- end }}
{{- end }}

50
opencloud/charts/argo-workflows/templates/controller/workflow-controller-crb.yaml Normal file
View File

@@ -0,0 +1,50 @@
{{- if .Values.controller.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1
{{- if .Values.singleNamespace }}
kind: RoleBinding
{{ else }}
kind: ClusterRoleBinding
{{- end }}
metadata:
name: {{ template "argo-workflows.controller.fullname" . }}
{{- if .Values.singleNamespace }}
namespace: {{ include "argo-workflows.namespace" . | quote }}
{{- end }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
{{- if .Values.singleNamespace }}
kind: Role
{{ else }}
kind: ClusterRole
{{- end }}
name: {{ template "argo-workflows.controller.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "argo-workflows.controllerServiceAccountName" . }}
namespace: {{ include "argo-workflows.namespace" . | quote }}
{{- if .Values.controller.clusterWorkflowTemplates.enabled }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "argo-workflows.controller.fullname" . }}-cluster-template
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "argo-workflows.controller.fullname" . }}-cluster-template
subjects:
- kind: ServiceAccount
name: {{ template "argo-workflows.controllerServiceAccountName" . }}
namespace: {{ include "argo-workflows.namespace" . | quote }}
{{- range .Values.controller.clusterWorkflowTemplates.serviceAccounts }}
- kind: ServiceAccount
name: {{ .name }}
namespace: {{ .namespace | quote }}
{{- end }}
{{- end }}
{{- end }}

20
opencloud/charts/argo-workflows/templates/controller/workflow-controller-deployment-pdb.yaml Normal file
View File

@@ -0,0 +1,20 @@
{{- if .Values.controller.pdb.enabled }}
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: {{ template "argo-workflows.controller.fullname" . }}
namespace: {{ include "argo-workflows.namespace" . | quote }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
spec:
{{- if .Values.controller.pdb.minAvailable }}
minAvailable: {{ .Values.controller.pdb.minAvailable }}
{{- else if .Values.controller.pdb.maxUnavailable }}
maxUnavailable: {{ .Values.controller.pdb.maxUnavailable }}
{{- else }}
minAvailable: 0
{{- end }}
selector:
matchLabels:
{{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }}
{{- end }}

146
opencloud/charts/argo-workflows/templates/controller/workflow-controller-deployment.yaml Normal file
View File

@@ -0,0 +1,146 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "argo-workflows.controller.fullname" . }}
namespace: {{ include "argo-workflows.namespace" . | quote }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
app.kubernetes.io/version: {{ include "argo-workflows.controller_chart_version_label" . }}
{{- with .Values.controller.deploymentAnnotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.controller.replicas }}
revisionHistoryLimit: {{ .Values.controller.revisionHistoryLimit }}
selector:
matchLabels:
{{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }}
template:
metadata:
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 8 }}
app.kubernetes.io/version: {{ include "argo-workflows.controller_chart_version_label" . }}
{{- with.Values.controller.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.controller.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
serviceAccountName: {{ template "argo-workflows.controllerServiceAccountName" . }}
{{- with .Values.controller.podSecurityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.controller.extraInitContainers }}
initContainers:
{{- tpl (toYaml .) $ | nindent 8 }}
{{- end }}
containers:
- name: controller
image: "{{- include "argo-workflows.image" (dict "context" . "image" .Values.controller.image) }}:{{ default (include "argo-workflows.defaultTag" .) .Values.controller.image.tag }}"
imagePullPolicy: {{ .Values.images.pullPolicy }}
command: [ "workflow-controller" ]
args:
- "--configmap"
- "{{ template "argo-workflows.controller.config-map.name" . }}"
- "--executor-image"
- "{{- include "argo-workflows.image" (dict "context" . "image" .Values.executor.image) }}:{{ default (include "argo-workflows.defaultTag" .) .Values.executor.image.tag }}"
- "--loglevel"
- "{{ .Values.controller.logging.level }}"
- "--gloglevel"
- "{{ .Values.controller.logging.globallevel }}"
- "--log-format"
- "{{ .Values.controller.logging.format }}"
{{- if .Values.singleNamespace }}
- "--namespaced"
{{- end }}
{{- with .Values.controller.workflowWorkers }}
- "--workflow-workers"
- {{ . | quote }}
{{- end }}
{{- with .Values.controller.workflowTTLWorkers }}
- "--workflow-ttl-workers"
- {{ . | quote }}
{{- end }}
{{- with .Values.controller.podCleanupWorkers }}
- "--pod-cleanup-workers"
- {{ . | quote }}
{{- end }}
{{- with .Values.controller.cronWorkflowWorkers }}
- "--cron-workflow-workers"
- {{ . | quote }}
{{- end }}
{{- with .Values.controller.extraArgs }}
{{- toYaml . | nindent 10 }}
{{- end }}
securityContext:
{{- toYaml .Values.controller.securityContext | nindent 12 }}
env:
- name: ARGO_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: LEADER_ELECTION_IDENTITY
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
{{- if eq (int .Values.controller.replicas) 1 }}
- name: LEADER_ELECTION_DISABLE
value: "true"
{{- end }}
{{- with .Values.controller.extraEnv }}
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.controller.resources | nindent 12 }}
{{- with .Values.controller.volumeMounts }}
volumeMounts:
{{- toYaml . | nindent 10 }}
{{- end }}
ports:
- name: {{ .Values.controller.metricsConfig.portName }}
containerPort: {{ .Values.controller.metricsConfig.port }}
- containerPort: 6060
livenessProbe: {{ .Values.controller.livenessProbe | toYaml | nindent 12 }}
{{- with .Values.controller.extraContainers }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.images.pullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.controller.volumes }}
volumes:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.controller.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.controller.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.controller.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.controller.topologySpreadConstraints }}
topologySpreadConstraints:
{{- range $constraint := . }}
- {{ toYaml $constraint | nindent 8 | trim }}
{{- if not $constraint.labelSelector }}
labelSelector:
matchLabels:
{{- include "argo-workflows.selectorLabels" (dict "context" $ "name" $.Values.controller.name) | nindent 12 }}
{{- end }}
{{- end }}
{{- end }}
{{- with .Values.controller.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}

16
opencloud/charts/argo-workflows/templates/controller/workflow-controller-sa.yaml Normal file
View File

@@ -0,0 +1,16 @@
{{- if .Values.controller.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "argo-workflows.controllerServiceAccountName" . }}
namespace: {{ include "argo-workflows.namespace" . | quote }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
{{- with .Values.controller.serviceAccount.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{ with .Values.controller.serviceAccount.annotations }}
annotations:
{{- toYaml .| nindent 4 }}
{{- end }}
{{- end }}

47
opencloud/charts/argo-workflows/templates/controller/workflow-controller-service.yaml Normal file
View File

@@ -0,0 +1,47 @@
{{- if or .Values.controller.metricsConfig.enabled .Values.controller.telemetryConfig.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "argo-workflows.controller.fullname" . }}
namespace: {{ include "argo-workflows.namespace" . | quote }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
app.kubernetes.io/version: {{ include "argo-workflows.controller_chart_version_label" . }}
{{- with .Values.controller.serviceLabels }}
{{ toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.controller.serviceAnnotations }}
annotations:
{{- toYaml . | nindent 4}}
{{- end }}
spec:
ports:
{{- if .Values.controller.metricsConfig.enabled }}
- name: {{ .Values.controller.metricsConfig.servicePortName }}
port: {{ .Values.controller.metricsConfig.servicePort }}
protocol: TCP
targetPort: {{ .Values.controller.metricsConfig.port }}
{{- end }}
{{- if .Values.controller.telemetryConfig.enabled }}
- name: {{ .Values.controller.telemetryConfig.servicePortName }}
port: {{ .Values.controller.telemetryConfig.servicePort }}
protocol: TCP
targetPort: {{ .Values.controller.telemetryConfig.port }}
{{- end }}
selector:
{{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 4 }}
sessionAffinity: None
type: {{ .Values.controller.serviceType }}
{{- if and (eq .Values.controller.serviceType "ClusterIP") .Values.controller.metricsConfig.headlessService }}
clusterIP: None
{{- end }}
{{- if eq .Values.controller.serviceType "LoadBalancer" }}
{{- with .Values.controller.loadBalancerClass }}
loadBalancerClass: {{ . }}
{{- end }}
{{- if .Values.controller.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{- toYaml .Values.controller.loadBalancerSourceRanges | nindent 4 }}
{{- end }}
{{- end }}
{{- end -}}

53
opencloud/charts/argo-workflows/templates/controller/workflow-controller-servicemonitor.yaml Normal file
View File

@@ -0,0 +1,53 @@
{{- $apiVersion := include "argo-workflows.apiVersions.monitoring" . }}
{{- if and (.Capabilities.APIVersions.Has $apiVersion) (or .Values.controller.metricsConfig.enabled .Values.controller.telemetryConfig.enabled) .Values.controller.serviceMonitor.enabled }}
apiVersion: {{ $apiVersion }}
kind: ServiceMonitor
metadata:
name: {{ template "argo-workflows.controller.fullname" . }}
namespace: {{ default (include "argo-workflows.namespace" .) .Values.controller.serviceMonitor.namespace | quote }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
{{- with .Values.controller.serviceMonitor.additionalLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
endpoints:
{{- if .Values.controller.metricsConfig.enabled }}
- port: {{ .Values.controller.metricsConfig.servicePortName }}
path: {{ .Values.controller.metricsConfig.path }}
interval: {{ .Values.controller.metricsConfig.interval }}
{{- with .Values.controller.metricsConfig.relabelings }}
relabelings:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.controller.metricsConfig.metricRelabelings }}
metricRelabelings:
{{- toYaml . | nindent 8 }}
{{- end }}
honorLabels: {{ .Values.controller.metricsConfig.honorLabels }}
{{- end }}
{{- if .Values.controller.telemetryConfig.enabled }}
- port: telemetry
path: {{ .Values.controller.telemetryConfig.path }}
interval: {{ .Values.controller.telemetryConfig.interval }}
{{- with .Values.controller.metricsConfig.relabelings }}
relabelings:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.controller.metricsConfig.metricRelabelings }}
metricRelabelings:
{{- toYaml . | nindent 8 }}
{{- end }}
honorLabels: {{ .Values.controller.metricsConfig.honorLabels }}
{{- end }}
{{- with .Values.controller.metricsConfig.targetLabels }}
targetLabels:
{{- toYaml . | nindent 8 }}
{{- end }}
namespaceSelector:
matchNames:
- {{ include "argo-workflows.namespace" . | quote }}
selector:
matchLabels:
{{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }}
{{- end }}

29
opencloud/charts/argo-workflows/templates/controller/workflow-rb.yaml Normal file
View File

@@ -0,0 +1,29 @@
{{- if .Values.workflow.rbac.create -}}
{{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq) }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "argo-workflows.fullname" $ }}-workflow
labels:
{{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $.Values.controller.name) | nindent 4 }}
{{- with $namespace }}
namespace: {{ . }}
{{- end }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "argo-workflows.fullname" $ }}-workflow
subjects:
- kind: ServiceAccount
name: {{ $.Values.workflow.serviceAccount.name }}
{{- with $namespace }}
namespace: {{ . }}
{{- end }}
{{- range $.Values.workflow.rbac.serviceAccounts }}
- kind: ServiceAccount
name: {{ .name }}
namespace: {{ .namespace | quote }}
{{- end }}
{{- end }}
{{- end }}

23
opencloud/charts/argo-workflows/templates/controller/workflow-role.yaml Normal file
View File

@@ -0,0 +1,23 @@
{{- if .Values.workflow.rbac.create -}}
{{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq) }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ template "argo-workflows.fullname" $ }}-workflow
labels:
{{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $.Values.controller.name) | nindent 4 }}
{{- with $namespace }}
namespace: {{ . }}
{{- end }}
rules:
- apiGroups:
- argoproj.io
resources:
- workflowtaskresults
verbs:
- create
- patch
{{- end }}
{{- end }}

25
opencloud/charts/argo-workflows/templates/controller/workflow-sa.yaml Normal file
View File

@@ -0,0 +1,25 @@
{{- if .Values.workflow.serviceAccount.create -}}
{{- range $namespace := or .Values.singleNamespace false | ternary (list "") (append .Values.controller.workflowNamespaces (coalesce .Values.workflow.namespace (include "argo-workflows.namespace" .)) | uniq) }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ $.Values.workflow.serviceAccount.name }}
labels:
{{- include "argo-workflows.labels" (dict "context" $ "component" $.Values.controller.name "name" $.Values.controller.name) | nindent 4 }}
{{- with $.Values.workflow.serviceAccount.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with $namespace }}
namespace: {{ . }}
{{- end }}
{{- with $.Values.workflow.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with $.Values.workflow.serviceAccount.pullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }}
{{- end }}

47
opencloud/charts/argo-workflows/templates/crds/argoproj.io_clusterworkflowtemplates.yaml Normal file
View File

@@ -0,0 +1,47 @@
{{- if .Values.crds.install }}
{{- if or (.Values.server.clusterWorkflowTemplates.enabled) (.Values.controller.clusterWorkflowTemplates.enabled) }}
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: clusterworkflowtemplates.argoproj.io
annotations:
{{- if .Values.crds.keep }}
"helm.sh/resource-policy": keep
{{- end }}
{{- with .Values.crds.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
group: argoproj.io
names:
kind: ClusterWorkflowTemplate
listKind: ClusterWorkflowTemplateList
plural: clusterworkflowtemplates
shortNames:
- clusterwftmpl
- cwft
singular: clusterworkflowtemplate
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
type: string
kind:
type: string
metadata:
type: object
spec:
type: object
x-kubernetes-map-type: atomic
x-kubernetes-preserve-unknown-fields: true
required:
- metadata
- spec
type: object
served: true
storage: true
{{- end }}
{{- end }}

49
opencloud/charts/argo-workflows/templates/crds/argoproj.io_cronworkflows.yaml Normal file
View File

@@ -0,0 +1,49 @@
{{- if .Values.crds.install }}
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: cronworkflows.argoproj.io
annotations:
{{- if .Values.crds.keep }}
"helm.sh/resource-policy": keep
{{- end }}
{{- with .Values.crds.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
group: argoproj.io
names:
kind: CronWorkflow
listKind: CronWorkflowList
plural: cronworkflows
shortNames:
- cwf
- cronwf
singular: cronworkflow
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
type: string
kind:
type: string
metadata:
type: object
spec:
type: object
x-kubernetes-map-type: atomic
x-kubernetes-preserve-unknown-fields: true
status:
type: object
x-kubernetes-map-type: atomic
x-kubernetes-preserve-unknown-fields: true
required:
- metadata
- spec
type: object
served: true
storage: true
{{- end }}

1146
opencloud/charts/argo-workflows/templates/crds/argoproj.io_workflowartifactgctasks.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

690
opencloud/charts/argo-workflows/templates/crds/argoproj.io_workfloweventbindings.yaml Normal file
View File

@@ -0,0 +1,690 @@
{{- if .Values.crds.install }}
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: workfloweventbindings.argoproj.io
annotations:
{{- if .Values.crds.keep }}
"helm.sh/resource-policy": keep
{{- end }}
{{- with .Values.crds.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
group: argoproj.io
names:
kind: WorkflowEventBinding
listKind: WorkflowEventBindingList
plural: workfloweventbindings
shortNames:
- wfeb
singular: workfloweventbinding
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
type: string
kind:
type: string
metadata:
type: object
spec:
properties:
event:
properties:
selector:
type: string
required:
- selector
type: object
submit:
properties:
arguments:
properties:
artifacts:
items:
properties:
archive:
properties:
none:
type: object
tar:
properties:
compressionLevel:
format: int32
type: integer
type: object
zip:
type: object
type: object
archiveLogs:
type: boolean
artifactGC:
properties:
podMetadata:
properties:
annotations:
additionalProperties:
type: string
type: object
labels:
additionalProperties:
type: string
type: object
type: object
serviceAccountName:
type: string
strategy:
enum:
- ""
- OnWorkflowCompletion
- OnWorkflowDeletion
- Never
type: string
type: object
artifactory:
properties:
passwordSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
url:
type: string
usernameSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
required:
- url
type: object
azure:
properties:
accountKeySecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
blob:
type: string
container:
type: string
endpoint:
type: string
useSDKCreds:
type: boolean
required:
- blob
- container
- endpoint
type: object
deleted:
type: boolean
from:
type: string
fromExpression:
type: string
gcs:
properties:
bucket:
type: string
key:
type: string
serviceAccountKeySecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
required:
- key
type: object
git:
properties:
branch:
type: string
depth:
format: int64
type: integer
disableSubmodules:
type: boolean
fetch:
items:
type: string
type: array
insecureIgnoreHostKey:
type: boolean
insecureSkipTLS:
type: boolean
passwordSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
repo:
type: string
revision:
type: string
singleBranch:
type: boolean
sshPrivateKeySecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
usernameSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
required:
- repo
type: object
globalName:
type: string
hdfs:
properties:
addresses:
items:
type: string
type: array
dataTransferProtection:
type: string
force:
type: boolean
hdfsUser:
type: string
krbCCacheSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
krbConfigConfigMap:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
krbKeytabSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
krbRealm:
type: string
krbServicePrincipalName:
type: string
krbUsername:
type: string
path:
type: string
required:
- path
type: object
http:
properties:
auth:
properties:
basicAuth:
properties:
passwordSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
usernameSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
clientCert:
properties:
clientCertSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
clientKeySecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
oauth2:
properties:
clientIDSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
clientSecretSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
endpointParams:
items:
properties:
key:
type: string
value:
type: string
required:
- key
type: object
type: array
scopes:
items:
type: string
type: array
tokenURLSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
type: object
headers:
items:
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
url:
type: string
required:
- url
type: object
mode:
format: int32
type: integer
name:
type: string
optional:
type: boolean
oss:
properties:
accessKeySecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
bucket:
type: string
createBucketIfNotPresent:
type: boolean
endpoint:
type: string
key:
type: string
lifecycleRule:
properties:
markDeletionAfterDays:
format: int32
type: integer
markInfrequentAccessAfterDays:
format: int32
type: integer
type: object
secretKeySecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
path:
type: string
raw:
properties:
data:
type: string
required:
- data
type: object
recurseMode:
type: boolean
s3:
properties:
accessKeySecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
createBucketIfNotPresent:
properties:
objectLocking:
type: boolean
type: object
encryptionOptions:
properties:
enableEncryption:
type: boolean
kmsEncryptionContext:
type: string
kmsKeyId:
type: string
serverSideCustomerKeySecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
endpoint:
type: string
insecure:
type: boolean
key:
type: string
region:
type: string
roleARN:
type: string
secretKeySecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
sessionTokenSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
useSDKCreds:
type: boolean
type: object
subPath:
type: string
required:
- name
type: object
type: array
parameters:
items:
properties:
default:
type: string
description:
type: string
enum:
items:
type: string
type: array
globalName:
type: string
name:
type: string
value:
type: string
valueFrom:
properties:
configMapKeyRef:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
default:
type: string
event:
type: string
expression:
type: string
jqFilter:
type: string
jsonPath:
type: string
parameter:
type: string
path:
type: string
supplied:
type: object
type: object
required:
- name
type: object
type: array
type: object
metadata:
type: object
workflowTemplateRef:
properties:
clusterScope:
type: boolean
name:
type: string
type: object
required:
- workflowTemplateRef
type: object
required:
- event
type: object
required:
- metadata
- spec
type: object
served: true
storage: true
{{- end }}

64
opencloud/charts/argo-workflows/templates/crds/argoproj.io_workflows.yaml Normal file
View File

@@ -0,0 +1,64 @@
{{- if .Values.crds.install }}
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: workflows.argoproj.io
annotations:
{{- if .Values.crds.keep }}
"helm.sh/resource-policy": keep
{{- end }}
{{- with .Values.crds.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
group: argoproj.io
names:
kind: Workflow
listKind: WorkflowList
plural: workflows
shortNames:
- wf
singular: workflow
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Status of the workflow
jsonPath: .status.phase
name: Status
type: string
- description: When the workflow was started
format: date-time
jsonPath: .status.startedAt
name: Age
type: date
- description: Human readable message indicating details about why the workflow
is in this condition.
jsonPath: .status.message
name: Message
type: string
name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
type: string
kind:
type: string
metadata:
type: object
spec:
type: object
x-kubernetes-map-type: atomic
x-kubernetes-preserve-unknown-fields: true
status:
type: object
x-kubernetes-map-type: atomic
x-kubernetes-preserve-unknown-fields: true
required:
- metadata
- spec
type: object
served: true
storage: true
subresources: {}
{{- end }}

671
opencloud/charts/argo-workflows/templates/crds/argoproj.io_workflowtaskresults.yaml Normal file
View File

@@ -0,0 +1,671 @@
{{- if .Values.crds.install }}
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: workflowtaskresults.argoproj.io
annotations:
{{- if .Values.crds.keep }}
"helm.sh/resource-policy": keep
{{- end }}
{{- with .Values.crds.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
group: argoproj.io
names:
kind: WorkflowTaskResult
listKind: WorkflowTaskResultList
plural: workflowtaskresults
singular: workflowtaskresult
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
type: string
kind:
type: string
message:
type: string
metadata:
type: object
outputs:
properties:
artifacts:
items:
properties:
archive:
properties:
none:
type: object
tar:
properties:
compressionLevel:
format: int32
type: integer
type: object
zip:
type: object
type: object
archiveLogs:
type: boolean
artifactGC:
properties:
podMetadata:
properties:
annotations:
additionalProperties:
type: string
type: object
labels:
additionalProperties:
type: string
type: object
type: object
serviceAccountName:
type: string
strategy:
enum:
- ""
- OnWorkflowCompletion
- OnWorkflowDeletion
- Never
type: string
type: object
artifactory:
properties:
passwordSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
url:
type: string
usernameSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
required:
- url
type: object
azure:
properties:
accountKeySecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
blob:
type: string
container:
type: string
endpoint:
type: string
useSDKCreds:
type: boolean
required:
- blob
- container
- endpoint
type: object
deleted:
type: boolean
from:
type: string
fromExpression:
type: string
gcs:
properties:
bucket:
type: string
key:
type: string
serviceAccountKeySecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
required:
- key
type: object
git:
properties:
branch:
type: string
depth:
format: int64
type: integer
disableSubmodules:
type: boolean
fetch:
items:
type: string
type: array
insecureIgnoreHostKey:
type: boolean
insecureSkipTLS:
type: boolean
passwordSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
repo:
type: string
revision:
type: string
singleBranch:
type: boolean
sshPrivateKeySecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
usernameSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
required:
- repo
type: object
globalName:
type: string
hdfs:
properties:
addresses:
items:
type: string
type: array
dataTransferProtection:
type: string
force:
type: boolean
hdfsUser:
type: string
krbCCacheSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
krbConfigConfigMap:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
krbKeytabSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
krbRealm:
type: string
krbServicePrincipalName:
type: string
krbUsername:
type: string
path:
type: string
required:
- path
type: object
http:
properties:
auth:
properties:
basicAuth:
properties:
passwordSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
usernameSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
clientCert:
properties:
clientCertSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
clientKeySecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
oauth2:
properties:
clientIDSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
clientSecretSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
endpointParams:
items:
properties:
key:
type: string
value:
type: string
required:
- key
type: object
type: array
scopes:
items:
type: string
type: array
tokenURLSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
type: object
headers:
items:
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
url:
type: string
required:
- url
type: object
mode:
format: int32
type: integer
name:
type: string
optional:
type: boolean
oss:
properties:
accessKeySecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
bucket:
type: string
createBucketIfNotPresent:
type: boolean
endpoint:
type: string
key:
type: string
lifecycleRule:
properties:
markDeletionAfterDays:
format: int32
type: integer
markInfrequentAccessAfterDays:
format: int32
type: integer
type: object
secretKeySecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
path:
type: string
raw:
properties:
data:
type: string
required:
- data
type: object
recurseMode:
type: boolean
s3:
properties:
accessKeySecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
createBucketIfNotPresent:
properties:
objectLocking:
type: boolean
type: object
encryptionOptions:
properties:
enableEncryption:
type: boolean
kmsEncryptionContext:
type: string
kmsKeyId:
type: string
serverSideCustomerKeySecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
endpoint:
type: string
insecure:
type: boolean
key:
type: string
region:
type: string
roleARN:
type: string
secretKeySecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
sessionTokenSecret:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
useSDKCreds:
type: boolean
type: object
subPath:
type: string
required:
- name
type: object
type: array
exitCode:
type: string
parameters:
items:
properties:
default:
type: string
description:
type: string
enum:
items:
type: string
type: array
globalName:
type: string
name:
type: string
value:
type: string
valueFrom:
properties:
configMapKeyRef:
properties:
key:
type: string
name:
default: ""
type: string
optional:
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
default:
type: string
event:
type: string
expression:
type: string
jqFilter:
type: string
jsonPath:
type: string
parameter:
type: string
path:
type: string
supplied:
type: object
type: object
required:
- name
type: object
type: array
result:
type: string
type: object
phase:
type: string
progress:
type: string
required:
- metadata
type: object
served: true
storage: true
{{- end }}

50
opencloud/charts/argo-workflows/templates/crds/argoproj.io_workflowtasksets.yaml Normal file
View File

@@ -0,0 +1,50 @@
{{- if .Values.crds.install }}
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: workflowtasksets.argoproj.io
annotations:
{{- if .Values.crds.keep }}
"helm.sh/resource-policy": keep
{{- end }}
{{- with .Values.crds.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
group: argoproj.io
names:
kind: WorkflowTaskSet
listKind: WorkflowTaskSetList
plural: workflowtasksets
shortNames:
- wfts
singular: workflowtaskset
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
type: string
kind:
type: string
metadata:
type: object
spec:
type: object
x-kubernetes-map-type: atomic
x-kubernetes-preserve-unknown-fields: true
status:
type: object
x-kubernetes-map-type: atomic
x-kubernetes-preserve-unknown-fields: true
required:
- metadata
- spec
type: object
served: true
storage: true
subresources:
status: {}
{{- end }}

44
opencloud/charts/argo-workflows/templates/crds/argoproj.io_workflowtemplates.yaml Normal file
View File

@@ -0,0 +1,44 @@
{{- if .Values.crds.install }}
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: workflowtemplates.argoproj.io
annotations:
{{- if .Values.crds.keep }}
"helm.sh/resource-policy": keep
{{- end }}
{{- with .Values.crds.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
group: argoproj.io
names:
kind: WorkflowTemplate
listKind: WorkflowTemplateList
plural: workflowtemplates
shortNames:
- wftmpl
singular: workflowtemplate
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
type: string
kind:
type: string
metadata:
type: object
spec:
type: object
x-kubernetes-map-type: atomic
x-kubernetes-preserve-unknown-fields: true
required:
- metadata
- spec
type: object
served: true
storage: true
{{- end }}

8
opencloud/charts/argo-workflows/templates/extra-manifests.yaml Normal file
View File

@@ -0,0 +1,8 @@
{{ range .Values.extraObjects }}
---
{{ if typeIs "string" . }}
{{- tpl . $ }}
{{- else }}
{{- tpl (toYaml .) $ }}
{{- end }}
{{ end }}

11
opencloud/charts/argo-workflows/templates/server/gke/backendconfig.yaml Normal file
View File

@@ -0,0 +1,11 @@
{{- if .Values.server.GKEbackendConfig.enabled }}
apiVersion: {{ include "argo-workflows.apiVersions.cloudgoogle" . }}
kind: BackendConfig
metadata:
name: {{ template "argo-workflows.server.fullname" . }}
namespace: {{ include "argo-workflows.namespace" . | quote }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
spec:
{{- toYaml .Values.server.GKEbackendConfig.spec | nindent 2 }}
{{- end }}

11
opencloud/charts/argo-workflows/templates/server/gke/frontendconfig.yaml Normal file
View File

@@ -0,0 +1,11 @@
{{- if .Values.server.GKEfrontendConfig.enabled }}
apiVersion: networking.gke.io/v1beta1
kind: FrontendConfig
metadata:
name: {{ template "argo-workflows.server.fullname" . }}
namespace: {{ include "argo-workflows.namespace" . | quote }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
spec:
{{- toYaml .Values.server.GKEfrontendConfig.spec | nindent 2 }}
{{- end }}

12
opencloud/charts/argo-workflows/templates/server/gke/managedcertificate.yaml Normal file
View File

@@ -0,0 +1,12 @@
{{- if .Values.server.GKEmanagedCertificate.enabled }}
apiVersion: networking.gke.io/v1
kind: ManagedCertificate
metadata:
name: {{ template "argo-workflows.server.fullname" . }}
namespace: {{ include "argo-workflows.namespace" . | quote }}
spec:
domains:
{{- with .Values.server.GKEmanagedCertificate.domains }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

145
opencloud/charts/argo-workflows/templates/server/server-cluster-roles.yaml Normal file
View File

@@ -0,0 +1,145 @@
{{- if and .Values.server.enabled .Values.server.rbac.create}}
apiVersion: rbac.authorization.k8s.io/v1
{{- if .Values.singleNamespace }}
kind: Role
{{- else }}
kind: ClusterRole
{{- end }}
metadata:
name: {{ template "argo-workflows.server.fullname" . }}
{{- if .Values.singleNamespace }}
namespace: {{ include "argo-workflows.namespace" . | quote }}
{{- end }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
rules:
- apiGroups:
- ""
resources:
- configmaps
- events
verbs:
- get
- watch
- list
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- watch
- delete
- apiGroups:
- ""
resources:
- pods/log
verbs:
- get
- list
{{- if .Values.server.sso.enabled }}
- apiGroups:
- ""
resources:
- secrets
resourceNames:
- sso
verbs:
- get
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
{{- if .Values.server.sso.rbac.enabled }}
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- get
- list
- watch
{{- end }}
{{- end }}
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
{{- if and .Values.server.sso.enabled .Values.server.sso.rbac.enabled }}
{{- with .Values.server.sso.rbac.secretWhitelist }}
resourceNames: {{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
- apiGroups:
- ""
resources:
- events
verbs:
- watch
- create
- patch
{{- if .Values.controller.persistence }}
- apiGroups:
- ""
resources:
- secrets
resourceNames:
{{- with .Values.controller.persistence.postgresql }}
- {{ .userNameSecret.name }}
- {{ .passwordSecret.name }}
{{- end}}
{{- with .Values.controller.persistence.mysql }}
- {{ .userNameSecret.name }}
- {{ .passwordSecret.name }}
{{- end}}
verbs:
- get
{{- end}}
- apiGroups:
- argoproj.io
resources:
- eventsources
- sensors
- workflows
- workfloweventbindings
- workflowtemplates
- cronworkflows
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
{{- if and .Values.server.clusterWorkflowTemplates.enabled (not .Values.singleNamespace) }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "argo-workflows.server.fullname" . }}-cluster-template
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
rules:
- apiGroups:
- argoproj.io
resources:
- clusterworkflowtemplates
verbs:
- get
- list
- watch
{{- if .Values.server.clusterWorkflowTemplates.enableEditing }}
- create
- update
- patch
- delete
{{- end }}
{{- end }}
{{- end }}

45
opencloud/charts/argo-workflows/templates/server/server-crb.yaml Normal file
View File

@@ -0,0 +1,45 @@
{{- if and .Values.server.enabled .Values.server.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1
{{- if .Values.singleNamespace }}
kind: RoleBinding
{{ else }}
kind: ClusterRoleBinding
{{- end }}
metadata:
name: {{ template "argo-workflows.server.fullname" . }}
{{- if .Values.singleNamespace }}
namespace: {{ include "argo-workflows.namespace" . | quote }}
{{- end }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
{{- if .Values.singleNamespace }}
kind: Role
{{ else }}
kind: ClusterRole
{{- end }}
name: {{ template "argo-workflows.server.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "argo-workflows.serverServiceAccountName" . }}
namespace: {{ include "argo-workflows.namespace" . | quote }}
{{- if .Values.server.clusterWorkflowTemplates.enabled }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "argo-workflows.server.fullname" . }}-cluster-template
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "argo-workflows.server.fullname" . }}-cluster-template
subjects:
- kind: ServiceAccount
name: {{ template "argo-workflows.serverServiceAccountName" . }}
namespace: {{ include "argo-workflows.namespace" . | quote }}
{{- end -}}
{{- end -}}

45
opencloud/charts/argo-workflows/templates/server/server-deployment-hpa.yaml Normal file
View File

@@ -0,0 +1,45 @@
{{- if and .Values.server.enabled .Values.server.autoscaling.enabled }}
apiVersion: {{ include "argo-workflows.apiVersion.autoscaling" . }}
kind: HorizontalPodAutoscaler
metadata:
name: {{ template "argo-workflows.server.fullname" . }}
namespace: {{ include "argo-workflows.namespace" . | quote }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ template "argo-workflows.server.fullname" . }}
minReplicas: {{ .Values.server.autoscaling.minReplicas }}
maxReplicas: {{ .Values.server.autoscaling.maxReplicas }}
metrics:
{{- with .Values.server.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
{{- if eq (include "argo-workflows.apiVersion.autoscaling" $) "autoscaling/v2beta1" }}
targetAverageUtilization: {{ . }}
{{- else }}
target:
averageUtilization: {{ . }}
type: Utilization
{{- end }}
{{- end }}
{{- with .Values.server.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
{{- if eq (include "argo-workflows.apiVersion.autoscaling" $) "autoscaling/v2beta1" }}
targetAverageUtilization: {{ . }}
{{- else }}
target:
averageUtilization: {{ . }}
type: Utilization
{{- end }}
{{- end }}
{{- with .Values.server.autoscaling.behavior }}
behavior:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

20
opencloud/charts/argo-workflows/templates/server/server-deployment-pdb.yaml Normal file
View File

@@ -0,0 +1,20 @@
{{- if and .Values.server.enabled .Values.server.pdb.enabled -}}
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: {{ template "argo-workflows.server.fullname" . }}
namespace: {{ include "argo-workflows.namespace" . | quote }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
spec:
{{- if .Values.server.pdb.minAvailable }}
minAvailable: {{ .Values.server.pdb.minAvailable }}
{{- else if .Values.server.pdb.maxUnavailable }}
maxUnavailable: {{ .Values.server.pdb.maxUnavailable }}
{{- else }}
minAvailable: 0
{{- end }}
selector:
matchLabels:
{{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 6 }}
{{- end -}}

157
opencloud/charts/argo-workflows/templates/server/server-deployment.yaml Normal file
View File

@@ -0,0 +1,157 @@
{{- if .Values.server.enabled -}}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "argo-workflows.server.fullname" . }}
namespace: {{ include "argo-workflows.namespace" . | quote }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
app.kubernetes.io/version: {{ include "argo-workflows.server_chart_version_label" . }}
{{- with .Values.server.deploymentAnnotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if not .Values.server.autoscaling.enabled }}
replicas: {{ .Values.server.replicas }}
{{- end }}
revisionHistoryLimit: {{ .Values.server.revisionHistoryLimit }}
selector:
matchLabels:
{{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 6 }}
template:
metadata:
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 8 }}
app.kubernetes.io/version: {{ include "argo-workflows.server_chart_version_label" . }}
{{- with .Values.server.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.server.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
serviceAccountName: {{ template "argo-workflows.serverServiceAccountName" . }}
{{- with .Values.server.podSecurityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.server.hostAliases }}
hostAliases:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.server.extraInitContainers }}
initContainers:
{{- tpl (toYaml .) $ | nindent 8 }}
{{- end }}
containers:
- name: argo-server
image: "{{- include "argo-workflows.image" (dict "context" . "image" .Values.server.image) }}:{{ default (include "argo-workflows.defaultTag" .) .Values.server.image.tag }}"
imagePullPolicy: {{ .Values.images.pullPolicy }}
securityContext:
{{- toYaml .Values.server.securityContext | nindent 12 }}
args:
- server
- --configmap={{ template "argo-workflows.controller.config-map.name" . }}
{{- with .Values.server.extraArgs }}
{{- toYaml . | nindent 10 }}
{{- end }}
{{- if .Values.server.authMode }}
- "--auth-mode={{ .Values.server.authMode }}"
{{- end }}
{{- range .Values.server.authModes }}
- "--auth-mode={{ . }}"
{{- end }}
- "--secure={{ .Values.server.secure }}"
{{- if .Values.singleNamespace }}
- "--namespaced"
{{- end }}
- "--loglevel"
- "{{ .Values.server.logging.level }}"
- "--gloglevel"
- "{{ .Values.server.logging.globallevel }}"
- "--log-format"
- "{{ .Values.server.logging.format }}"
ports:
- name: web
containerPort: 2746
readinessProbe:
httpGet:
path: /
port: 2746
{{- if .Values.server.secure }}
scheme: HTTPS
{{- else }}
scheme: HTTP
{{- end }}
initialDelaySeconds: 10
periodSeconds: 20
env:
- name: IN_CLUSTER
value: "true"
- name: ARGO_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: ARGO_BASE_HREF
value: {{ .Values.server.baseHref | quote }}
{{- with .Values.server.extraEnv }}
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.server.resources | nindent 12 }}
volumeMounts:
- name: tmp
mountPath: /tmp
{{- with .Values.server.volumeMounts }}
{{- toYaml . | nindent 10}}
{{- end }}
{{- with .Values.server.lifecycle }}
lifecycle:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.server.extraContainers }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.server.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ . }}
{{- end }}
{{- with .Values.images.pullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
- name: tmp
{{- toYaml .Values.server.tmpVolume | nindent 8 }}
{{- with .Values.server.volumes }}
{{- toYaml . | nindent 6}}
{{- end }}
{{- with .Values.server.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.server.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.server.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.server.topologySpreadConstraints }}
topologySpreadConstraints:
{{- range $constraint := . }}
- {{ toYaml $constraint | nindent 8 | trim }}
{{- if not $constraint.labelSelector }}
labelSelector:
matchLabels:
{{- include "argo-workflows.selectorLabels" (dict "context" $ "name" $.Values.server.name) | nindent 12 }}
{{- end }}
{{- end }}
{{- end }}
{{- with .Values.server.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}
{{- end -}}

90
opencloud/charts/argo-workflows/templates/server/server-ingress.yaml Normal file
View File

@@ -0,0 +1,90 @@
{{- if .Values.server.ingress.enabled -}}
{{- $serviceName := include "argo-workflows.server.fullname" . -}}
{{- $servicePort := .Values.server.servicePort -}}
{{- $paths := .Values.server.ingress.paths -}}
{{- $extraPaths := .Values.server.ingress.extraPaths -}}
{{- $pathType := .Values.server.ingress.pathType -}}
apiVersion: {{ include "argo-workflows.ingress.apiVersion" . }}
kind: Ingress
metadata:
{{- if .Values.server.ingress.annotations }}
annotations:
{{- range $key, $value := .Values.server.ingress.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
name: {{ template "argo-workflows.server.fullname" . }}
namespace: {{ include "argo-workflows.namespace" . | quote }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
{{- if .Values.server.ingress.labels }}
{{- toYaml .Values.server.ingress.labels | nindent 4 }}
{{- end }}
spec:
{{- if eq (include "argo-workflows.ingress.apiVersion" $) "networking.k8s.io/v1" }}
{{- with .Values.server.ingress.ingressClassName }}
ingressClassName: {{ . }}
{{- end }}
{{- end }}
rules:
{{- if .Values.server.ingress.hosts }}
{{- range $host := .Values.server.ingress.hosts }}
- host: {{ $host }}
http:
paths:
{{- if $extraPaths }}
{{- toYaml $extraPaths | nindent 10 }}
{{- end }}
{{- range $p := $paths }}
- path: {{ $p }}
{{- if eq (include "argo-workflows.ingress.apiVersion" $) "networking.k8s.io/v1" }}
pathType: {{ $pathType }}
{{- end }}
backend:
{{- if eq (include "argo-workflows.ingress.apiVersion" $) "networking.k8s.io/v1" }}
service:
name: {{ $serviceName }}
port:
{{- if kindIs "float64" $servicePort }}
number: {{ $servicePort }}
{{- else }}
name: {{ $servicePort }}
{{- end }}
{{- else }}
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end }}
{{- end -}}
{{- end -}}
{{- else }}
- http:
paths:
{{- if $extraPaths }}
{{- toYaml $extraPaths | nindent 10 }}
{{- end }}
{{- range $p := $paths }}
- path: {{ $p }}
{{- if eq (include "argo-workflows.ingress.apiVersion" $) "networking.k8s.io/v1" }}
pathType: {{ $pathType }}
{{- end }}
backend:
{{- if eq (include "argo-workflows.ingress.apiVersion" $) "networking.k8s.io/v1" }}
service:
name: {{ $serviceName }}
port:
{{- if kindIs "float64" $servicePort }}
number: {{ $servicePort }}
{{- else }}
name: {{ $servicePort }}
{{- end }}
{{- else }}
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end }}
{{- end -}}
{{- end -}}
{{- if .Values.server.ingress.tls }}
tls:
{{- toYaml .Values.server.ingress.tls | nindent 4 }}
{{- end -}}
{{- end -}}

16
opencloud/charts/argo-workflows/templates/server/server-sa.yaml Normal file
View File

@@ -0,0 +1,16 @@
{{- if and .Values.server.enabled .Values.server.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "argo-workflows.serverServiceAccountName" . }}
namespace: {{ include "argo-workflows.namespace" . | quote }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
{{- with .Values.server.serviceAccount.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.server.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end -}}

43
opencloud/charts/argo-workflows/templates/server/server-service.yaml Normal file
View File

@@ -0,0 +1,43 @@
{{- if .Values.server.enabled -}}
apiVersion: v1
kind: Service
metadata:
name: {{ template "argo-workflows.server.fullname" . }}
namespace: {{ include "argo-workflows.namespace" . | quote }}
labels:
{{- include "argo-workflows.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
app.kubernetes.io/version: {{ include "argo-workflows.server_chart_version_label" . }}
{{- with .Values.server.serviceLabels }}
{{ toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.server.serviceAnnotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
ports:
- port: {{ .Values.server.servicePort }}
{{- with .Values.server.servicePortName }}
name: {{ . }}
{{- end }}
targetPort: 2746
{{- if and (eq .Values.server.serviceType "NodePort") .Values.server.serviceNodePort }}
nodePort: {{ .Values.server.serviceNodePort }}
{{- end }}
selector:
{{- include "argo-workflows.selectorLabels" (dict "context" . "name" .Values.server.name) | nindent 4 }}
sessionAffinity: None
type: {{ .Values.server.serviceType }}
{{- if eq .Values.server.serviceType "LoadBalancer" }}
{{- with .Values.controller.loadBalancerClass }}
loadBalancerClass: {{ . }}
{{- end }}
{{- with .Values.server.loadBalancerIP }}
loadBalancerIP: {{ . | quote }}
{{- end }}
{{- if .Values.server.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{- toYaml .Values.server.loadBalancerSourceRanges | nindent 4 }}
{{- end }}
{{- end }}
{{- end -}}

943
opencloud/charts/argo-workflows/values.yaml Normal file
View File

@@ -0,0 +1,943 @@
images:
# -- Common tag for Argo Workflows images. Defaults to `.Chart.AppVersion`.
tag: ""
# -- imagePullPolicy to apply to all containers
pullPolicy: Always
# -- Secrets with credentials to pull images from a private registry
pullSecrets: []
# - name: argo-pull-secret
## Custom resource configuration
crds:
# -- Install and upgrade CRDs
install: true
# -- Keep CRDs on chart uninstall
keep: true
# -- Annotations to be added to all CRDs
annotations: {}
# -- Create clusterroles that extend existing clusterroles to interact with argo-cd crds
## Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles
createAggregateRoles: true
# -- String to partially override "argo-workflows.fullname" template
nameOverride:
# -- String to fully override "argo-workflows.fullname" template
fullnameOverride:
# -- Override the namespace
# @default -- `.Release.Namespace`
namespaceOverride: ""
# -- Labels to set on all resources
commonLabels: {}
# -- Override the Kubernetes version, which is used to evaluate certain manifests
kubeVersionOverride: ""
# Override APIVersions
apiVersionOverrides:
# -- String to override apiVersion of autoscaling rendered by this helm chart
autoscaling: "" # autoscaling/v2
# -- String to override apiVersion of GKE resources rendered by this helm chart
cloudgoogle: "" # cloud.google.com/v1
# -- String to override apiVersion of monitoring CRDs (ServiceMonitor) rendered by this helm chart
monitoring: "" # monitoring.coreos.com/v1
# -- Restrict Argo to operate only in a single namespace (the namespace of the
# Helm release) by apply Roles and RoleBindings instead of the Cluster
# equivalents, and start workflow-controller with the --namespaced flag. Use it
# in clusters with strict access policy.
singleNamespace: false
workflow:
# -- Deprecated; use controller.workflowNamespaces instead.
namespace:
serviceAccount:
# -- Specifies whether a service account should be created
create: false
# -- Labels applied to created service account
labels: {}
# -- Annotations applied to created service account
annotations: {}
# -- Service account which is used to run workflows
name: "argo-workflow"
# -- Secrets with credentials to pull images from a private registry. Same format as `.Values.images.pullSecrets`
pullSecrets: []
rbac:
# -- Adds Role and RoleBinding for the above specified service account to be able to run workflows.
# A Role and Rolebinding pair is also created for each namespace in controller.workflowNamespaces (see below)
create: true
# -- Allows permissions for the Argo Agent. Only required if using http/plugin templates
agentPermissions: false
# -- Allows permissions for the Argo Artifact GC pod. Only required if using artifact gc
artifactGC: false
# -- Extra service accounts to be added to the RoleBinding
serviceAccounts: []
# - name: my-service-account
# namespace: my-namespace
controller:
image:
# -- Registry to use for the controller
registry: quay.io
# -- Registry to use for the controller
repository: argoproj/workflow-controller
# -- Image tag for the workflow controller. Defaults to `.Values.images.tag`.
tag: ""
# -- parallelism dictates how many workflows can be running at the same time
parallelism:
# -- Globally limits the rate at which pods are created.
# This is intended to mitigate flooding of the Kubernetes API server by workflows with a large amount of
# parallel nodes.
resourceRateLimit: {}
# limit: 10
# burst: 1
rbac:
# -- Adds Role and RoleBinding for the controller.
create: true
# -- Allows controller to get, list, and watch certain k8s secrets
secretWhitelist: []
# -- Allows controller to get, list and watch all k8s secrets. Can only be used if secretWhitelist is empty.
accessAllSecrets: false
# -- Allows controller to create and update ConfigMaps. Enables memoization feature
writeConfigMaps: false
configMap:
# -- Create a ConfigMap for the controller
create: true
# -- ConfigMap name
name: ""
# -- ConfigMap annotations
annotations: {}
# -- Limits the maximum number of incomplete workflows in a namespace
namespaceParallelism:
# -- Resolves ongoing, uncommon AWS EKS bug: https://github.com/argoproj/argo-workflows/pull/4224
initialDelay:
# -- deploymentAnnotations is an optional map of annotations to be applied to the controller Deployment
deploymentAnnotations: {}
# -- podAnnotations is an optional map of annotations to be applied to the controller Pods
podAnnotations: {}
# -- Optional labels to add to the controller pods
podLabels: {}
# -- SecurityContext to set on the controller pods
podSecurityContext: {}
# podPortName: http
metricsConfig:
# -- Enables prometheus metrics server
enabled: false
# -- Path is the path where metrics are emitted. Must start with a "/".
path: /metrics
# -- Frequency at which prometheus scrapes metrics
interval: 30s
# -- Port is the port where metrics are emitted
port: 9090
# -- How often custom metrics are cleared from memory
metricsTTL: ""
# -- Flag that instructs prometheus to ignore metric emission errors.
ignoreErrors: false
# -- Flag that use a self-signed cert for TLS
secure: false
# -- Container metrics port name
portName: metrics
# -- Service metrics port
servicePort: 8080
# -- Service metrics port name
servicePortName: metrics
# -- Flag to enable headless service
headlessService: false
# -- When true, honorLabels preserves the metrics labels when they collide with the targets labels.
## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#honorlabels
honorLabels: false
# -- ServiceMonitor relabel configs to apply to samples before scraping
## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig
relabelings: []
# -- ServiceMonitor metric relabel configs to apply to samples before ingestion
## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#endpoint
metricRelabelings: []
# -- ServiceMonitor will add labels from the service to the Prometheus metric
## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#servicemonitorspec
targetLabels: []
# -- the controller container's securityContext
securityContext:
readOnlyRootFilesystem: true
runAsNonRoot: true
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
# -- enable Workflow Archive to store the status of workflows. Postgres and MySQL (>= 5.7.8) are available.
## Ref: https://argo-workflows.readthedocs.io/en/stable/workflow-archive/
persistence: {}
# connectionPool:
# maxIdleConns: 100
# maxOpenConns: 0
# # save the entire workflow into etcd and DB
# nodeStatusOffLoad: false
# # enable archiving of old workflows
# archive: false
# postgresql:
# host: localhost
# port: 5432
# database: postgres
# tableName: argo_workflows
# # the database secrets must be in the same namespace of the controller
# userNameSecret:
# name: argo-postgres-config
# key: username
# passwordSecret:
# name: argo-postgres-config
# key: password
# ssl: true
# # sslMode must be one of: disable, require, verify-ca, verify-full
# # you can find more information about those ssl options here: https://godoc.org/github.com/lib/pq
# sslMode: require
# mysql:
# host: localhost
# port: 3306
# database: argo
# tableName: argo_workflows
# userNameSecret:
# name: argo-mysql-config
# key: username
# passwordSecret:
# name: argo-mysql-config
# key: password
# -- Default values that will apply to all Workflows from this controller, unless overridden on the Workflow-level.
# Only valid for 2.7+
## See more: https://argo-workflows.readthedocs.io/en/stable/default-workflow-specs/
workflowDefaults: {}
# spec:
# ttlStrategy:
# secondsAfterCompletion: 86400
# # Ref: https://argo-workflows.readthedocs.io/en/stable/artifact-repository-ref/
# artifactRepositoryRef:
# configMap: my-artifact-repository # default is "artifact-repositories"
# key: v2-s3-artifact-repository # default can be set by the `workflows.argoproj.io/default-artifact-repository` annotation in config map.
# -- Number of workflow workers
workflowWorkers: # 32
# -- Number of workflow TTL workers
workflowTTLWorkers: # 4
# -- Number of pod cleanup workers
podCleanupWorkers: # 4
# -- Number of cron workflow workers
# Only valid for 3.5+
cronWorkflowWorkers: # 8
# -- Restricts the Workflows that the controller will process.
# Only valid for 2.9+
workflowRestrictions: {}
# templateReferencing: Strict|Secure
# telemetryConfig controls the path and port for prometheus telemetry. Telemetry is enabled and emitted in the same endpoint
# as metrics by default, but can be overridden using this config.
telemetryConfig:
# -- Enables prometheus telemetry server
enabled: false
# -- telemetry path
path: /telemetry
# -- Frequency at which prometheus scrapes telemetry data
interval: 30s
# -- telemetry container port
port: 8081
# -- How often custom metrics are cleared from memory
metricsTTL: ""
# -- Flag that instructs prometheus to ignore metric emission errors.
ignoreErrors: false
# -- Flag that use a self-signed cert for TLS
secure: false
# -- telemetry service port
servicePort: 8081
# -- telemetry service port name
servicePortName: telemetry
serviceMonitor:
# -- Enable a prometheus ServiceMonitor
enabled: false
# -- Prometheus ServiceMonitor labels
additionalLabels: {}
# -- Prometheus ServiceMonitor namespace
namespace: "" # "monitoring"
serviceAccount:
# -- Create a service account for the controller
create: true
# -- Service account name
name: ""
# -- Labels applied to created service account
labels: {}
# -- Annotations applied to created service account
annotations: {}
# -- Workflow controller name string
name: workflow-controller
# -- Specify all namespaces where this workflow controller instance will manage
# workflows. This controls where the service account and RBAC resources will
# be created. Only valid when singleNamespace is false.
workflowNamespaces:
- default
instanceID:
# -- Configures the controller to filter workflow submissions
# to only those which have a matching instanceID attribute.
## NOTE: If `instanceID.enabled` is set to `true` then either `instanceID.userReleaseName`
## or `instanceID.explicitID` must be defined.
enabled: false
# -- Use ReleaseName as instanceID
useReleaseName: false
# useReleaseName: true
# -- Use a custom instanceID
explicitID: ""
# explicitID: unique-argo-controller-identifier
logging:
# -- Set the logging level (one of: `debug`, `info`, `warn`, `error`)
level: info
# -- Set the glog logging level
globallevel: "0"
# -- Set the logging format (one of: `text`, `json`)
format: "text"
# -- Service type of the controller Service
serviceType: ClusterIP
# -- Annotations to be applied to the controller Service
serviceAnnotations: {}
# -- Optional labels to add to the controller Service
serviceLabels: {}
# -- The class of the load balancer implementation
loadBalancerClass: ""
# -- Source ranges to allow access to service from. Only applies to service type `LoadBalancer`
loadBalancerSourceRanges: []
# -- Resource limits and requests for the controller
resources: {}
# -- Configure liveness [probe] for the controller
# @default -- See [values.yaml]
livenessProbe:
httpGet:
port: 6060
path: /healthz
failureThreshold: 3
initialDelaySeconds: 90
periodSeconds: 60
timeoutSeconds: 30
# -- Extra environment variables to provide to the controller container
extraEnv: []
# - name: FOO
# value: "bar"
# -- Extra arguments to be added to the controller
extraArgs: []
# -- Additional volume mounts to the controller main container
volumeMounts: []
# -- Additional volumes to the controller pod
volumes: []
# -- The number of controller pods to run
replicas: 1
# -- The number of revisions to keep.
revisionHistoryLimit: 10
pdb:
# -- Configure [Pod Disruption Budget] for the controller pods
enabled: false
# minAvailable: 1
# maxUnavailable: 1
# -- [Node selector]
nodeSelector:
kubernetes.io/os: linux
# -- [Tolerations] for use with node taints
tolerations: []
# -- Assign custom [affinity] rules
affinity: {}
# -- Assign custom [TopologySpreadConstraints] rules to the workflow controller
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
topologySpreadConstraints: []
# - maxSkew: 1
# topologyKey: topology.kubernetes.io/zone
# whenUnsatisfiable: DoNotSchedule
# -- Leverage a PriorityClass to ensure your pods survive resource shortages.
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
priorityClassName: ""
# -- Configure Argo Server to show custom [links]
## Ref: https://argo-workflows.readthedocs.io/en/stable/links/
links: []
# -- Configure Argo Server to show custom [columns]
## Ref: https://github.com/argoproj/argo-workflows/pull/10693
columns: []
# -- Set ui navigation bar background color
navColor: ""
clusterWorkflowTemplates:
# -- Create a ClusterRole and CRB for the controller to access ClusterWorkflowTemplates.
enabled: true
# -- Extra service accounts to be added to the ClusterRoleBinding
serviceAccounts: []
# - name: my-service-account
# namespace: my-namespace
# -- Extra containers to be added to the controller deployment
extraContainers: []
# -- Enables init containers to be added to the controller deployment
extraInitContainers: []
# -- Workflow retention by number of workflows
retentionPolicy: {}
# completed: 10
# failed: 3
# errored: 3
nodeEvents:
# -- Enable to emit events on node completion.
## This can take up a lot of space in k8s (typically etcd) resulting in errors when trying to create new events:
## "Unable to create audit event: etcdserver: mvcc: database space exceeded"
enabled: true
workflowEvents:
# -- Enable to emit events on workflow status changes.
## This can take up a lot of space in k8s (typically etcd), resulting in errors when trying to create new events:
## "Unable to create audit event: etcdserver: mvcc: database space exceeded"
enabled: true
# -- Configure when workflow controller runs in a different k8s cluster with the workflow workloads,
# or needs to communicate with the k8s apiserver using an out-of-cluster kubeconfig secret.
# @default -- `{}` (See [values.yaml])
kubeConfig: {}
# # name of the kubeconfig secret, may not be empty when kubeConfig specified
# secretName: kubeconfig-secret
# # key of the kubeconfig secret, may not be empty when kubeConfig specified
# secretKey: kubeconfig
# # mounting path of the kubeconfig secret, default to /kube/config
# mountPath: /kubeconfig/mount/path
# # volume name when mounting the secret, default to kubeconfig
# volumeName: kube-config-volume
# -- Specifies the duration in seconds before a terminating pod is forcefully killed. A zero value indicates that the pod will be forcefully terminated immediately.
# @default -- `30` seconds (Kubernetes default)
podGCGracePeriodSeconds:
# -- The duration in seconds before the pods in the GC queue get deleted. A zero value indicates that the pods will be deleted immediately.
# @default -- `5s` (Argo Workflows default)
podGCDeleteDelayDuration: ""
# mainContainer adds default config for main container that could be overriden in workflows template
mainContainer:
# -- imagePullPolicy to apply to Workflow main container. Defaults to `.Values.images.pullPolicy`.
imagePullPolicy: ""
# -- Resource limits and requests for the Workflow main container
resources: {}
# -- Adds environment variables for the Workflow main container
env: []
# -- Adds reference environment variables for the Workflow main container
envFrom: []
# -- sets security context for the Workflow main container
securityContext: {}
# executor controls how the init and wait container should be customized
executor:
image:
# -- Registry to use for the Workflow Executors
registry: quay.io
# -- Repository to use for the Workflow Executors
repository: argoproj/argoexec
# -- Image tag for the workflow executor. Defaults to `.Values.images.tag`.
tag: ""
# -- Image PullPolicy to use for the Workflow Executors. Defaults to `.Values.images.pullPolicy`.
pullPolicy: ""
# -- Resource limits and requests for the Workflow Executors
resources: {}
# -- Passes arguments to the executor processes
args: []
# -- Adds environment variables for the executor.
env: []
# -- sets security context for the executor container
securityContext: {}
server:
# -- Deploy the Argo Server
enabled: true
# -- Value for base href in index.html. Used if the server is running behind reverse proxy under subpath different from /.
## only updates base url of resources on client side,
## it's expected that a proxy server rewrites the request URL and gets rid of this prefix
## https://github.com/argoproj/argo-workflows/issues/716#issuecomment-433213190
baseHref: /
image:
# -- Registry to use for the server
registry: quay.io
# -- Repository to use for the server
repository: argoproj/argocli
# -- Image tag for the Argo Workflows server. Defaults to `.Values.images.tag`.
tag: ""
# -- optional map of annotations to be applied to the ui Deployment
deploymentAnnotations: {}
# -- optional map of annotations to be applied to the ui Pods
podAnnotations: {}
# -- Optional labels to add to the UI pods
podLabels: {}
# -- SecurityContext to set on the server pods
podSecurityContext: {}
rbac:
# -- Adds Role and RoleBinding for the server.
create: true
# -- Servers container-level security context
securityContext:
readOnlyRootFilesystem: false
runAsNonRoot: true
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
# -- Server name string
name: server
# -- Service type for server pods
serviceType: ClusterIP
# -- Service port for server
servicePort: 2746
# -- Service node port
serviceNodePort: # 32746
# -- Service port name
servicePortName: "" # http
# -- Mapping between IP and hostnames that will be injected as entries in the pod's hosts files
hostAliases: []
# - ip: 10.20.30.40
# hostnames:
# - git.myhostname
serviceAccount:
# -- Create a service account for the server
create: true
# -- Service account name
name: ""
# -- Labels applied to created service account
labels: {}
# -- Annotations applied to created service account
annotations: {}
# -- Annotations to be applied to the UI Service
serviceAnnotations: {}
# -- Optional labels to add to the UI Service
serviceLabels: {}
# -- The class of the load balancer implementation
loadBalancerClass: ""
# -- Static IP address to assign to loadBalancer service type `LoadBalancer`
loadBalancerIP: ""
# -- Source ranges to allow access to service from. Only applies to service type `LoadBalancer`
loadBalancerSourceRanges: []
# -- Resource limits and requests for the server
resources: {}
# -- The number of server pods to run
replicas: 1
# -- The number of revisions to keep.
revisionHistoryLimit: 10
## Argo Server Horizontal Pod Autoscaler
autoscaling:
# -- Enable Horizontal Pod Autoscaler ([HPA]) for the Argo Server
enabled: false
# -- Minimum number of replicas for the Argo Server [HPA]
minReplicas: 1
# -- Maximum number of replicas for the Argo Server [HPA]
maxReplicas: 5
# -- Average CPU utilization percentage for the Argo Server [HPA]
targetCPUUtilizationPercentage: 50
# -- Average memory utilization percentage for the Argo Server [HPA]
targetMemoryUtilizationPercentage: 50
# -- Configures the scaling behavior of the target in both Up and Down directions.
# This is only available on HPA apiVersion `autoscaling/v2beta2` and newer
behavior: {}
# scaleDown:
# stabilizationWindowSeconds: 300
# policies:
# - type: Pods
# value: 1
# periodSeconds: 180
# scaleUp:
# stabilizationWindowSeconds: 300
# policies:
# - type: Pods
# value: 2
pdb:
# -- Configure [Pod Disruption Budget] for the server pods
enabled: false
# minAvailable: 1
# maxUnavailable: 1
# -- [Node selector]
nodeSelector:
kubernetes.io/os: linux
# -- [Tolerations] for use with node taints
tolerations: []
# -- Assign custom [affinity] rules
affinity: {}
# -- Assign custom [TopologySpreadConstraints] rules to the argo server
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
topologySpreadConstraints: []
# - maxSkew: 1
# topologyKey: topology.kubernetes.io/zone
# whenUnsatisfiable: DoNotSchedule
# -- Leverage a PriorityClass to ensure your pods survive resource shortages
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
priorityClassName: ""
# -- Run the argo server in "secure" mode. Configure this value instead of `--secure` in extraArgs.
## See the following documentation for more details on secure mode:
## https://argo-workflows.readthedocs.io/en/stable/tls/
secure: false
# -- Extra environment variables to provide to the argo-server container
extraEnv: []
# - name: FOO
# value: "bar"
# -- Deprecated; use server.authModes instead.
authMode: ""
# -- A list of supported authentication modes. Available values are `server`, `client`, or `sso`. If you provide sso, please configure `.Values.server.sso` as well.
## Ref: https://argo-workflows.readthedocs.io/en/stable/argo-server-auth-mode/
authModes: []
# -- Extra arguments to provide to the Argo server binary.
## Ref: https://argo-workflows.readthedocs.io/en/stable/argo-server/#options
extraArgs: []
logging:
# -- Set the logging level (one of: `debug`, `info`, `warn`, `error`)
level: info
# -- Set the glog logging level
globallevel: "0"
# -- Set the logging format (one of: `text`, `json`)
format: "text"
# -- Volume to be mounted in Pods for temporary files.
tmpVolume:
emptyDir: {}
# -- Additional volume mounts to the server main container.
volumeMounts: []
# -- Additional volumes to the server pod.
volumes: []
## Ingress configuration.
# ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
ingress:
# -- Enable an ingress resource
enabled: false
# -- Additional ingress annotations
annotations: {}
# -- Additional ingress labels
labels: {}
# -- Defines which ingress controller will implement the resource
ingressClassName: ""
# -- List of ingress hosts
## Hostnames must be provided if Ingress is enabled.
## Secrets must be manually created in the namespace
hosts: []
# - argoworkflows.example.com
# -- List of ingress paths
paths:
- /
# -- Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific`
pathType: Prefix
# -- Additional ingress paths
extraPaths: []
# - path: /*
# backend:
# serviceName: ssl-redirect
# servicePort: use-annotation
## for Kubernetes >=1.19 (when "networking.k8s.io/v1" is used)
# - path: /*
# pathType: Prefix
# backend:
# service
# name: ssl-redirect
# port:
# name: use-annotation
# -- Ingress TLS configuration
tls: []
# - secretName: argoworkflows-example-tls
# hosts:
# - argoworkflows.example.com
## Create a Google Backendconfig for use with the GKE Ingress Controller
## https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#configuring_ingress_features_through_backendconfig_parameters
GKEbackendConfig:
# -- Enable BackendConfig custom resource for Google Kubernetes Engine
enabled: false
# -- [BackendConfigSpec]
spec: {}
# spec:
# iap:
# enabled: true
# oauthclientCredentials:
# secretName: argoworkflows-secret
## Create a Google Managed Certificate for use with the GKE Ingress Controller
## https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs
GKEmanagedCertificate:
# -- Enable ManagedCertificate custom resource for Google Kubernetes Engine.
enabled: false
# -- Domains for the Google Managed Certificate
domains:
- argoworkflows.example.com
## Create a Google FrontendConfig Custom Resource, for use with the GKE Ingress Controller
## https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters
GKEfrontendConfig:
# -- Enable FrontConfig custom resource for Google Kubernetes Engine
enabled: false
# -- [FrontendConfigSpec]
spec: {}
# spec:
# redirectToHttps:
# enabled: true
# responseCodeName: RESPONSE_CODE
clusterWorkflowTemplates:
# -- Create a ClusterRole and CRB for the server to access ClusterWorkflowTemplates.
enabled: true
# -- Give the server permissions to edit ClusterWorkflowTemplates.
enableEditing: true
# SSO configuration when SSO is specified as a server auth mode.
sso:
# -- Create SSO configuration. If you set `true` , please also set `.Values.server.authMode` as `sso`.
enabled: false
# -- The root URL of the OIDC identity provider
issuer: https://accounts.google.com
clientId:
# -- Name of secret to retrieve the app OIDC client ID
name: argo-server-sso
# -- Key of secret to retrieve the app OIDC client ID
key: client-id
clientSecret:
# -- Name of a secret to retrieve the app OIDC client secret
name: argo-server-sso
# -- Key of a secret to retrieve the app OIDC client secret
key: client-secret
# -- The OIDC redirect URL. Should be in the form <argo-root-url>/oauth2/callback.
redirectUrl: ""
rbac:
# -- Adds ServiceAccount Policy to server (Cluster)Role.
enabled: true
# -- Whitelist to allow server to fetch Secrets
## When present, restricts secrets the server can read to a given list.
## You can use it to restrict the server to only be able to access the
## service account token secrets that are associated with service accounts
## used for authorization.
secretWhitelist: []
# -- Scopes requested from the SSO ID provider
## The 'groups' scope requests group membership information, which is usually used for authorization decisions.
scopes: []
# - groups
# -- Define how long your login is valid for (in hours)
## If omitted, defaults to 10h.
sessionExpiry: ""
# -- Alternate root URLs that can be included for some OIDC providers
issuerAlias: ""
# -- Override claim name for OIDC groups
customGroupClaimName: ""
# -- Specify the user info endpoint that contains the groups claim
## Configure this if your OIDC provider provides groups information only using the user-info endpoint (e.g. Okta)
userInfoPath: ""
# -- Skip TLS verification for the HTTP client
insecureSkipVerify: false
# -- Filter the groups returned by the OIDC provider
## A logical "OR" is used between each regex in the list
filterGroupsRegex: []
# - ".*argo-wf.*"
# - ".*argo-workflow.*"
# -- Extra containers to be added to the server deployment
extraContainers: []
# -- Enables init containers to be added to the server deployment
extraInitContainers: []
# -- Specify postStart and preStop lifecycle hooks for server container
lifecycle: {}
# -- terminationGracePeriodSeconds for container lifecycle hook
terminationGracePeriodSeconds: 30
# -- Array of extra K8s manifests to deploy
extraObjects: []
# - apiVersion: secrets-store.csi.x-k8s.io/v1
# kind: SecretProviderClass
# metadata:
# name: argo-server-sso
# spec:
# provider: aws
# parameters:
# objects: |
# - objectName: "argo/server/sso"
# objectType: "secretsmanager"
# jmesPath:
# - path: "client_id"
# objectAlias: "client_id"
# - path: "client_secret"
# objectAlias: "client_secret"
# secretObjects:
# - data:
# - key: client_id
# objectName: client_id
# - key: client_secret
# objectName: client_secret
# secretName: argo-server-sso-secrets-store
# type: Opaque
# -- Use static credentials for S3 (eg. when not using AWS IRSA)
useStaticCredentials: true
artifactRepository:
# -- Archive the main container logs as an artifact
archiveLogs: false
# -- Store artifact in a S3-compliant object store
# @default -- See [values.yaml]
s3: {}
# # Note the `key` attribute is not the actual secret, it's the PATH to
# # the contents in the associated secret, as defined by the `name` attribute.
# accessKeySecret:
# name: "{{ .Release.Name }}-minio"
# key: accesskey
# secretKeySecret:
# name: "{{ .Release.Name }}-minio"
# key: secretkey
# sessionTokenSecret:
# name: "{{ .Release.Name }}-minio"
# key: sessionToken
# # insecure will disable TLS. Primarily used for minio installs not configured with TLS
# insecure: false
# caSecret:
# name: ca-root
# key: cert.pem
# bucket:
# endpoint:
# region:
# roleARN:
# useSDKCreds: true
# encryptionOptions:
# enableEncryption: true
# -- Store artifact in a GCS object store
# @default -- `{}` (See [values.yaml])
gcs: {}
# bucket: <project>-argo
# keyFormat: "{{ \"{{workflow.namespace}}/{{workflow.name}}/{{pod.name}}\" }}"
# # serviceAccountKeySecret is a secret selector.
# # It references the k8s secret named 'my-gcs-credentials'.
# # This secret is expected to have have the key 'serviceAccountKey',
# # containing the base64 encoded credentials
# # to the bucket.
# #
# # If it's running on GKE and Workload Identity is used,
# # serviceAccountKeySecret is not needed.
# serviceAccountKeySecret:
# name: my-gcs-credentials
# key: serviceAccountKey
# -- Store artifact in Azure Blob Storage
# @default -- `{}` (See [values.yaml])
azure: {}
# endpoint: https://mystorageaccountname.blob.core.windows.net
# container: my-container-name
# blobNameFormat: path/in/container
# # accountKeySecret is a secret selector.
# # It references the k8s secret named 'my-azure-storage-credentials'.
# # This secret is expected to have have the key 'account-access-key',
# # containing the base64 encoded credentials to the storage account.
# # If a managed identity has been assigned to the machines running the
# # workflow (e.g., https://docs.microsoft.com/en-us/azure/aks/use-managed-identity)
# # then accountKeySecret is not needed, and useSDKCreds should be
# # set to true instead:
# useSDKCreds: true
# accountKeySecret:
# name: my-azure-storage-credentials
# key: account-access-key
# -- The section of custom artifact repository.
# Utilize a custom artifact repository that is not one of the current base ones (s3, gcs, azure)
customArtifactRepository: {}
# artifactory:
# repoUrl: https://artifactory.example.com/raw
# usernameSecret:
# name: artifactory-creds
# key: username
# passwordSecret:
# name: artifactory-creds
# key: password
# -- The section of [artifact repository ref](https://argo-workflows.readthedocs.io/en/stable/artifact-repository-ref/).
# Each map key is the name of configmap
# @default -- `{}` (See [values.yaml])
artifactRepositoryRef: {}
# # -- 1st ConfigMap
# # If you want to use this config map by default, name it "artifact-repositories".
# # Otherwise, you can provide a reference to a
# # different config map in `artifactRepositoryRef.configMap`.
# artifact-repositories:
# # -- v3.0 and after - if you want to use a specific key, put that key into this annotation.
# annotations:
# workflows.argoproj.io/default-artifact-repository: default-v1-s3-artifact-repository
# # 1st data of configmap. See above artifactRepository or customArtifactRepository.
# default-v1-s3-artifact-repository:
# archiveLogs: false
# s3:
# bucket: my-bucket
# endpoint: minio:9000
# insecure: true
# accessKeySecret:
# name: my-minio-cred
# key: accesskey
# secretKeySecret:
# name: my-minio-cred
# key: secretkey
# # 2nd data
# oss-artifact-repository:
# archiveLogs: false
# oss:
# endpoint: http://oss-cn-zhangjiakou-internal.aliyuncs.com
# bucket: $mybucket
# # accessKeySecret and secretKeySecret are secret selectors.
# # It references the k8s secret named 'bucket-workflow-artifect-credentials'.
# # This secret is expected to have have the keys 'accessKey'
# # and 'secretKey', containing the base64 encoded credentials
# # to the bucket.
# accessKeySecret:
# name: $mybucket-credentials
# key: accessKey
# secretKeySecret:
# name: $mybucket-credentials
# key: secretKey
# # 2nd ConfigMap
# another-artifact-repositories:
# annotations:
# workflows.argoproj.io/default-artifact-repository: gcs
# gcs:
# bucket: my-bucket
# keyFormat: prefix/in/bucket/{{workflow.name}}/{{pod.name}}
# serviceAccountKeySecret:
# name: my-gcs-credentials
# key: serviceAccountKey
emissary:
# -- The command/args for each image on workflow, needed when the command is not specified and the emissary executor is used.
## See more: https://argo-workflows.readthedocs.io/en/stable/workflow-executors/#emissary-emissary
images: []
# argoproj/argosay:v2:
# cmd: [/argosay]
# docker/whalesay:latest:
# cmd: [/bin/bash]

22
opencloud/charts/docker-registry-ui/.helmignore Normal file
View File

@@ -0,0 +1,22 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

30
opencloud/charts/docker-registry-ui/Chart.yaml Normal file
View File

@@ -0,0 +1,30 @@
annotations:
artifacthub.io/images: |
- name: docker-registry-ui
image: joxit/docker-registry-ui:2.5.2
- name: registry
image: registry:2.8.2
artifacthub.io/license: MIT
artifacthub.io/links: |
- name: Documentation
url: https://joxit.dev/docker-registry-ui
- name: Joxit/docker-registry-ui
url: https://github.com/Joxit/docker-registry-ui
- name: Joxit/helm-charts
url: https://github.com/Joxit/helm-charts
artifacthub.io/prerelease: "false"
apiVersion: v2
appVersion: 2.5.2
description: The simplest and most complete UI for your private registry
home: https://github.com/Joxit/docker-registry-ui
keywords:
- docker
- registry
- user-interface
- interface
kubeVersion: '>=1.19.0-0'
name: docker-registry-ui
sources:
- https://github.com/Joxit/docker-registry-ui
- https://github.com/Joxit/helm-charts
version: 1.1.3

140
opencloud/charts/docker-registry-ui/README.md Normal file
View File

@@ -0,0 +1,140 @@
# Docker Registry UI Chart
[![Stars](https://img.shields.io/github/stars/joxit/docker-registry-ui.svg?logo=github&maxAge=86400)](https://github.com/Joxit/docker-registry-ui/stargazers)
[![Pulls](https://img.shields.io/docker/pulls/joxit/docker-registry-ui.svg?maxAge=86400)](https://hub.docker.com/r/joxit/docker-registry-ui)
[![Sponsor](https://joxit.dev/images/sponsor.svg)](https://github.com/sponsors/Joxit)
[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/joxit)](https://artifacthub.io/packages/helm/joxit/docker-registry-ui)
## Overview
This project aims to provide a simple and complete user interface for your private docker registry. You can customize the interface with various options. The major option is `ui.singleRegistry` which allows you to disable the dynamic selection of docker registeries.
If you like my work and want to support it, don't hesitate to [sponsor me](https://github.com/sponsors/Joxit).
## [Project Page](https://joxit.dev/docker-registry-ui), [Live Demo](https://joxit.dev/docker-registry-ui/demo/), [Examples](https://github.com/Joxit/docker-registry-ui/tree/main/examples), [Helm Chart](https://helm.joxit.dev/charts/docker-registry-ui/)
![preview](https://raw.github.com/Joxit/docker-registry-ui/main/docker-registry-ui.gif "Preview of Docker Registry UI")
## Prerequisites
* **Helm 3.2+** (Helm 2 is not supported)
* **Kubernetes 1.19+** - This is the earliest version of Kubernetes tested.
It is possible that this chart works with earlier versions but it is untested.
## Usage
1. Add my Helm repository (named `joxit`)
```
helm repo add joxit https://helm.joxit.dev
```
2. Ensure you have access to the Helm chart and you see the latest chart version listed. If you have previously added the Helm repository, run `helm repo update`.
```
helm search repo joxit/docker-registry-ui
```
3. Now you're ready to install the Docker Registry UI! To install Docker Registry UI with the default configuration using Helm 3.2 run the following command below. This will deploy the Docker Registry UI on the default namespace.
```
helm upgrade --install docker-registry-ui joxit/docker-registry-ui
```
## Configuration
### Global
| Value | Default | Description |
| --- | --- | --- |
| `global.name` | `null` | Set the prefix used for all resources in the Helm chart. If not set, the prefix will be `<helm release name>`. |
| `global.imagePullSecrets` | `[]` | The default array of objects containing image pull secret names that will be applied. |
| `global.imagePullPolicy` | `IfNotPresent` | The default image policy for images: `IfNotPresent`, `Always`, `Never` |
### User Interface
| Value | Default | Description |
| --- | --- | --- |
| `ui.replicas` | `1` | Number of replicas for the Deployment. |
| `ui.title` | `"Docker registry UI"` | Title of the registry |
| `ui.proxy` | `false` | UI behave as a proxy of the registry |
| `ui.dockerRegistryUrl` | `null` | The URL of your docker registry, may be a service (when proxy is on) or an external URL. |
| `ui.pullUrl` | `null` | Override the pull URL |
| `ui.singleRegistry` | `true` | Remove the menu that show the dialogs to add, remove and change the endpoint of your docker registry. |
| `ui.registrySecured` | `false` | By default, the UI will check on every requests if your registry is secured or not (you will see `401` responses in your console). Set to `true` if your registry uses Basic Authentication and divide by two the number of call to your registry. |
| `ui.showCatalogNbTags` | `false` | Show number of tags per images on catalog page. This will produce + nb images requests, not recommended on large registries. |
| `ui.catalogElementsLimit` | `1000` | Limit the number of elements in the catalog page. |
| `ui.catalogDefaultExpanded` | `false` | Expand by default all repositories in catalog |
| `ui.catalogMinBranches` | `1` | Set the minimum repository/namespace to expand (e.g. `joxit/docker-registry-ui` `joxit/` is the repository/namespace). Can be 0 to disable branching. |
| `ui.catalogMaxBranches` | `1` | Set the maximum repository/namespace to expand (e.g. `joxit/docker-registry-ui` `joxit/` is the repository/namespace). Can be 0 to disable branching. |
| `ui.deleteImages` | `false` | Allow delete of images |
| `ui.showContentDigest` | `false` | Show content digest in docker tag list. |
| `ui.taglistOrder` | `alpha-asc;num-desc` | Set the default order for the taglist page, could be `num-asc;alpha-asc`, `num-desc;alpha-asc`, `num-asc;alpha-desc`, `num-desc;alpha-desc`, `alpha-asc;num-asc`, `alpha-asc;num-desc`, `alpha-desc;num-asc` or `alpha-desc;num-desc`. |
| `ui.taglistPageSize` | `100` | Set the number of tags to display in one page. |
| `ui.historyCustomLabels` | `[]` | Expose custom labels in history page, custom labels will be processed like maintainer label. |
| `ui.nginxProxyHeaders` | `[]` | Update the default Nginx configuration and **set custom headers** for your backend docker registry. Only when `ui.proxy` is used. Example: nginxProxyHeaders: [ { my-heeader-name: my-header-value } ] |
| `ui.nginxProxyPassHeaders` | `[]` | Update the default Nginx configuration and **forward custom headers** to your backend docker registry. Only when `ui.proxy` is used. Example: nginxProxyPassHeaders: [ my-first-header, my-second-header ] |
| `ui.useControlCacheHeader` | `false` | Add header Control-Cache: no-store, no-cache on requests to registry server. This needs to update your registry configuration with : `Access-Control-Allow-Headers: ['Authorization', 'Accept', 'Cache-Control']` |
| `ui.runAsRoot` | `true` | Use root or nginx user inside the container, when this is false the target port must be greater or equal to 1024. |
| `ui.defaultTheme` | `"auto"` | Select the default theme to apply, values can be `auto`, `dark` and `light` |
| `ui.theme.background` | `""` | Custom background color for the UI |
| `ui.theme.primaryText` | `""` | Custom primary text color for the UI |
| `ui.theme.neutralText` | `""` | Custom netral color for the UI (icons) |
| `ui.theme.accentText` | `""` | Custom accent color for the UI (buttons) |
| `ui.theme.hoverBackground` | `""` | Custom hover background color for the UI |
| `ui.theme.headerBackground` | `""` | Custom header background color for the UI |
| `ui.theme.headerText` | `""` | Custom header text color for the UI |
| `ui.theme.footerBackground` | `""` | Custom footer background color for the UI |
| `ui.theme.footerText` | `""` | Custom footer text color for the UI |
| `ui.theme.footerNeutralText` | `""` | Custom footer neutral color for the UI (links) |
| `ui.image` | `joxit/docker-registry-ui:2.5.2` | The name and tag of the docker image of the interface |
| `ui.imagePullSecrets` | `"-"` | Override default image pull secrets |
| `ui.imagePullPolicy` | `"-"` | Override default pull policy |
| `ui.resources` | `{}` | The resource settings for user interface pod. |
| `ui.nodeSelector` | `{}` | Optional YAML string to specify a nodeSelector config. |
| `ui.tolerations` | `[]` | Optional YAML string to specify tolerations. |
| `ui.affinity` | `{}` | This value defines the [affinity](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity) for server pods. |
| `ui.annotations` | `{}` | Annotations to apply to the user interface deployment. |
| `ui.additionalSpec` | `{}` | Optional YAML string that will be appended to the deployment spec. |
| `ui.service.type` | `ClusterIP` | Type of service: `LoadBalancer`, `ClusterIP` or `NodePort`. If using `NodePort` service type, you must set the desired `nodePorts` setting below. |
| `ui.service.port` | `80` | Ports that will be exposed on the service |
| `ui.service.targetPort` | `80` | The port to listhen on the container. If under 1024, the user must be root |
| `ui.service.nodePort` | `null` | If using a `NodePort` service type, you must specify the desired `nodePort` for each exposed port. |
| `ui.service.annotations` | `{}` | Annotations to apply to the user interface service. |
| `ui.service.additionalSpec` | `{}` | Optional YAML string that will be appended to the Service spec. |
| `ui.ingress.enabled` | `false` | Enable the ingress for the user interface. |
| `ui.ingress.host` | `null` | Fully qualified domain name of a network host. |
| `ui.ingress.path` | `/` | Path is matched against the path of an incoming request. |
| `ui.ingress.pathType` | `Prefix` | Determines the interpretation of the Path matching, must be Prefix to serve assets. |
| `ui.ingress.ingressClassName` | `nginx` | The name of an IngressClass cluster resource. |
| `ui.ingress.tls` | `[]` | TLS configuration |
| `ui.ingress.annotations` | `{}` | Annotations to apply to the user interface ingress. |
### Registry Server
| Value | Default | Description |
| --- | --- | --- |
| `registry.enabled` | `false` | Enable the registry server. |
| `registry.image` | `registry:2.8.2` | The name and tag of the docker registry server image |
| `registry.imagePullSecrets` | `"-"` | Override default image pull secrets |
| `registry.imagePullPolicy` | `"-"` | Override default pull policy |
| `registry.dataVolume` | `null` | Configuration for the data directory. When null it will create an emptyDir. |
| `registry.resources` | `{}` | The resource settings for registry server pod. |
| `registry.nodeSelector` | `{}` | Optional YAML string to specify a nodeSelector config. |
| `registry.tolerations` | `[]` | Optional YAML string to specify tolerations. |
| `registry.affinity` | `{}` | This value defines the [affinity](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity) for server pods. |
| `registry.annotations` | `{}` | Annotations to apply to the registry server deployment. |
| `registry.additionalSpec` | `{}` | Optional YAML string that will be appended to the deployment spec. |
| `registry.extraEnv` | `[]` | Extra Environmental Variables for Registry |
| `registry.auth.basic.enabled` | `false` | Enable basic auth for Registry. |
| `registry.auth.basic.realm` | `Docker registry` | Basic auth realm. |
| `registry.auth.basic.htpasswdPath` | `/etc/docker/registry/auth/htpasswd` | Full path for htpasswd file. Note that filename should match the secret key. |
| `registry.auth.basic.secretName` | `''` | htpasswd secret name volume to mount. |
| `registry.service.type` | `ClusterIP` | Type of service: `LoadBalancer`, `ClusterIP` or `NodePort`. If using `NodePort` service type, you must set the desired `nodePorts` setting below. |
| `registry.service.port` | `5000` | Ports that will be exposed on the service |
| `registry.service.targetPort` | `5000` | The port to listhen on the container. |
| `registry.service.nodePort` | `null` | If using a `NodePort` service type, you must specify the desired `nodePort` for each exposed port. |
| `registry.service.annotations` | `{}` | Annotations to apply to the registry server service. |
| `registry.service.additionalSpec` | `{}` | Optional YAML string that will be appended to the Service spec. |
| `registry.ingress.enabled` | `false` | Enable the ingress for the registry server. |
| `registry.ingress.host` | `null` | Fully qualified domain name of a network host. |
| `registry.ingress.path` | `/v2/` | Path is matched against the path of an incoming request. |
| `registry.ingress.pathType` | `Prefix` | Determines the interpretation of the Path matching, must be Prefix to serve assets. |
| `registry.ingress.ingressClassName` | `nginx` | The name of an IngressClass cluster resource. |
| `registry.ingress.tls` | `[]` | TLS configuration |
| `registry.ingress.annotations` | `{}` | Annotations to apply to the registry server ingress. |

28
opencloud/charts/docker-registry-ui/README.tmpl Normal file
View File

@@ -0,0 +1,28 @@
# {{ prettyName }} Chart
[![Stars](https://img.shields.io/github/stars/joxit/docker-registry-ui.svg?logo=github&maxAge=86400)](https://github.com/Joxit/docker-registry-ui/stargazers)
[![Pulls](https://img.shields.io/docker/pulls/joxit/docker-registry-ui.svg?maxAge=86400)](https://hub.docker.com/r/joxit/docker-registry-ui)
[![Sponsor](https://joxit.dev/images/sponsor.svg)](https://github.com/sponsors/Joxit)
[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/joxit)](https://artifacthub.io/packages/helm/joxit/docker-registry-ui)
## Overview
This project aims to provide a simple and complete user interface for your private docker registry. You can customize the interface with various options. The major option is `ui.singleRegistry` which allows you to disable the dynamic selection of docker registeries.
If you like my work and want to support it, don't hesitate to [sponsor me](https://github.com/sponsors/Joxit).
## [Project Page](https://joxit.dev/docker-registry-ui), [Live Demo](https://joxit.dev/docker-registry-ui/demo/), [Examples](https://github.com/Joxit/docker-registry-ui/tree/main/examples), [Helm Chart](https://helm.joxit.dev/charts/docker-registry-ui/)
![preview](https://raw.github.com/Joxit/docker-registry-ui/main/docker-registry-ui.gif "Preview of Docker Registry UI")
## Prerequisites
{{ prerequisites }}
## Usage
{{ usage }}
## Configuration
{{ configuration }}

8
opencloud/charts/docker-registry-ui/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,8 @@
Thank you for installing Joxit's Docker Registry UI!
Your release is named {{ .Release.Name }}.
To learn more about the release, run:
$ helm status {{ .Release.Name }} {{- if .Release.Namespace }} --namespace {{ .Release.Namespace }}{{ end }}
$ helm get all {{ .Release.Name }} {{- if .Release.Namespace }} --namespace {{ .Release.Namespace }}{{ end }}

43
opencloud/charts/docker-registry-ui/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,43 @@
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to
this (by the DNS naming spec). Supports the legacy fullnameOverride setting
as well as the global.name setting.
*/}}
{{- define "docker-registry-ui.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else if .Values.global.name -}}
{{- .Values.global.name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "docker-registry-ui.chart" -}}
{{- printf "%s-helm" .Chart.Name | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Expand the name of the chart.
*/}}
{{- define "docker-registry-ui.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Common labels.
*/}}
{{- define "docker-registry-ui.labels" -}}
app.kubernetes.io/name: {{ include "docker-registry-ui.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
helm.sh/chart: {{ include "docker-registry-ui.chart" . }}
{{- end -}}

101
opencloud/charts/docker-registry-ui/templates/registry-deployment.yaml Normal file
View File

@@ -0,0 +1,101 @@
{{- if .Values.registry.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "docker-registry-ui.fullname" . }}-registry-server
labels:
app.kubernetes.io/component : registry-server
{{- include "docker-registry-ui.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.registry.replicas }}
selector:
matchLabels:
app.kubernetes.io/component : registry-server
{{- include "docker-registry-ui.labels" . | nindent 6 }}
template:
metadata:
labels:
app.kubernetes.io/component : registry-server
{{- include "docker-registry-ui.labels" . | nindent 8 }}
{{- if .Values.registry.annotations }}
annotations:
{{- toYaml .Values.registry.annotations | nindent 8 }}
{{- end }}
spec:
{{- if ne (.Values.registry.imagePullSecrets | toString) "-" }}
imagePullSecrets:
{{- toYaml .Values.registry.imagePullSecrets | nindent 8 }}
{{- else }}
imagePullSecrets:
{{- toYaml .Values.global.imagePullSecrets | nindent 8 }}
{{- end}}
containers:
- name: "registry-server"
image: {{ .Values.registry.image | quote }}
imagePullPolicy: {{ if ne (.Values.registry.imagePullPolicy | toString) "-" }}{{ .Values.registry.imagePullPolicy }}{{ else }}{{ .Values.global.imagePullPolicy }}{{ end }}
env:
- name: REGISTRY_HTTP_ADDR
value: {{ printf "%s:%d" "0.0.0.0" (.Values.registry.service.targetPort | int) }}
{{- if .Values.ui.deleteImages }}
- name: REGISTRY_STORAGE_DELETE_ENABLED
value: 'true'
{{- end }}
{{- if .Values.registry.auth.basic.enabled }}
- name: REGISTRY_AUTH
value: htpasswd
- name: REGISTRY_AUTH_HTPASSWD_REALM
value: {{ if ne (.Values.registry.auth.basic.realm | toString) "-" }}{{ .Values.registry.auth.basic.realm }}{{ else }}{{ "Docker registry" }}{{ end }}
- name: REGISTRY_AUTH_HTPASSWD_PATH
value: {{ if ne (.Values.registry.auth.basic.htpasswdPath | toString) "-" }}{{ .Values.registry.auth.basic.htpasswdPath }}{{ else }}{{ "/etc/docker/registry/auth/htpasswd" }}{{ end }}
{{- end }}
{{- range .Values.registry.extraEnv }}
- name: {{ .name | quote }}
value: {{ .value | quote }}
{{- end }}
ports:
- name: http
containerPort: {{ .Values.registry.service.targetPort }}
protocol: TCP
volumeMounts:
- mountPath: /var/lib/registry
name: data
{{- if .Values.registry.auth.basic.enabled }}
- name: htpasswd
mountPath: {{ if ne (.Values.registry.auth.basic.htpasswdPath | toString) "-" }}{{ dir .Values.registry.auth.basic.htpasswdPath }}{{ else }}{{ "/etc/docker/registry/auth" }}{{ end }}
readOnly: true
{{- end }}
resources:
{{- toYaml .Values.registry.resources | nindent 12 }}
volumes:
- name: data
{{- if .Values.registry.dataVolume }}
{{- toYaml .Values.registry.dataVolume | nindent 10 }}
{{- else }}
emptyDir: {}
{{- end }}
{{- if .Values.registry.auth.basic.enabled }}
- name: htpasswd
secret:
secretName: {{ if .Values.registry.auth.basic.secretName }}{{ .Values.registry.auth.basic.secretName }}{{ else }}{{ fail "Basic auth secret name is required" }}{{ end }}
{{- end }}
{{- with .Values.registry.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.registry.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.registry.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if not .Values.registry.runAsRoot }}
securityContext:
runAsUser: 101
fsGroup: 101
{{- end }}
{{- if .Values.registry.additionalSpec }}
{{ tpl .Values.registry.additionalSpec . | nindent 6 | trim }}
{{- end }}
{{- end }}

38
opencloud/charts/docker-registry-ui/templates/registry-ingress.yaml Normal file
View File

@@ -0,0 +1,38 @@
{{- if .Values.registry.ingress.enabled -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "docker-registry-ui.fullname" . }}-registry-server
labels:
app.kubernetes.io/component : registry-server
{{- include "docker-registry-ui.labels" . | nindent 4 }}
{{- with .Values.registry.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.registry.ingress.ingressClassName }}
ingressClassName: {{ .Values.registry.ingress.ingressClassName }}
{{- end -}}
{{- if .Values.registry.ingress.tls }}
tls:
{{ tpl (toYaml .Values.registry.ingress.tls) $ | indent 4 }}
{{- end }}
rules:
- http:
paths:
- backend:
service:
name: {{ include "docker-registry-ui.fullname" . }}-registry-server
port:
number: {{ .Values.registry.service.port }}
{{- if .Values.registry.ingress.path }}
path: {{ .Values.registry.ingress.path }}
{{- end }}
{{- if .Values.registry.ingress.pathType }}
pathType: {{ .Values.registry.ingress.pathType }}
{{- end }}
{{- if .Values.registry.ingress.host }}
host: {{ .Values.registry.ingress.host | quote }}
{{- end -}}
{{- end }}

29
opencloud/charts/docker-registry-ui/templates/registry-service.yaml Normal file
View File

@@ -0,0 +1,29 @@
{{- if .Values.registry.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "docker-registry-ui.fullname" . }}-registry-server
labels:
app.kubernetes.io/component : registry-server
{{- include "docker-registry-ui.labels" . | nindent 4 }}
{{- with .Values.registry.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
selector:
app.kubernetes.io/component : registry-server
{{- include "docker-registry-ui.labels" . | nindent 4 }}
type: {{ .Values.registry.service.type }}
ports:
- port: {{ .Values.registry.service.port }}
targetPort: {{ .Values.registry.service.targetPort }}
protocol: TCP
name: http
{{- if (and (eq .Values.registry.service.type "NodePort") .Values.registry.service.nodePort) }}
nodePort: {{ .Values.registry.service.nodePort }}
{{- end }}
{{- if .Values.registry.service.additionalSpec }}
{{ tpl .Values.registry.service.additionalSpec . | nindent 2 | trim }}
{{- end }}
{{- end }}

139
opencloud/charts/docker-registry-ui/templates/ui-deployment.yaml Normal file
View File

@@ -0,0 +1,139 @@
{{- if and (not .Values.ui.runAsRoot) (lt (.Values.ui.service.targetPort | int) 1024) }}
{{ fail "When `ui.runAsRoot` is false `ui.service.targetPort` must be less than 1024." }}
{{- end }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "docker-registry-ui.fullname" . }}-user-interface
labels:
app.kubernetes.io/component : user-interface
{{- include "docker-registry-ui.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.ui.replicas }}
selector:
matchLabels:
app.kubernetes.io/component : user-interface
{{- include "docker-registry-ui.labels" . | nindent 6 }}
template:
metadata:
labels:
app.kubernetes.io/component : user-interface
{{- include "docker-registry-ui.labels" . | nindent 8 }}
{{- if .Values.ui.annotations }}
annotations:
{{- toYaml .Values.ui.annotations | nindent 8 }}
{{- end }}
spec:
{{- if ne (.Values.ui.imagePullSecrets | toString) "-" }}
imagePullSecrets:
{{- toYaml .Values.ui.imagePullSecrets | nindent 8 }}
{{- else }}
imagePullSecrets:
{{- toYaml .Values.global.imagePullSecrets | nindent 8 }}
{{- end}}
containers:
- name: "registry-ui"
image: {{ .Values.ui.image | quote }}
imagePullPolicy: {{ if ne (.Values.ui.imagePullPolicy | toString) "-" }}{{ .Values.ui.imagePullPolicy }}{{ else }}{{ .Values.global.imagePullPolicy }}{{ end }}
env:
- name: REGISTRY_TITLE
value: {{ .Values.ui.title | quote }}
- name: DELETE_IMAGES
value: {{ .Values.ui.deleteImages | quote }}
{{- if .Values.ui.proxy }}
{{- if .Values.ui.dockerRegistryUrl }}
- name: NGINX_PROXY_PASS_URL
value: {{ .Values.ui.dockerRegistryUrl | quote }}
{{- else if .Values.registry.enabled }}
- name: NGINX_PROXY_PASS_URL
value: {{ printf "http://%s-registry-server:%d" (include "docker-registry-ui.fullname" .) (.Values.registry.service.port | int) }}
{{- end }}
{{- range $header := .Values.ui.nginxProxyHeaders }}
{{- range $key, $value := $header }}
- name: {{ printf "NGINX_PROXY_HEADER_%s" $key }}
value: {{ $value }}
{{- end }}
{{- end }}
{{- range $header := .Values.ui.nginxProxyPassHeaders }}
- name: {{ printf "NGINX_PROXY_PASS_HEADER_%s" $header }}
{{- end }}
{{- else }}
- name: REGISTRY_URL
value: {{ .Values.ui.dockerRegistryUrl | quote }}
{{- end }}
- name: PULL_URL
value: {{ .Values.ui.pullUrl | quote }}
- name: SHOW_CATALOG_NB_TAGS
value: {{ .Values.ui.showCatalogNbTags | quote }}
- name: SHOW_CONTENT_DIGEST
value: {{ .Values.ui.showContentDigest | quote }}
- name: SINGLE_REGISTRY
value: {{ .Values.ui.singleRegistry | quote }}
- name: CATALOG_ELEMENTS_LIMIT
value: {{ .Values.ui.catalogElementsLimit | quote }}
- name: HISTORY_CUSTOM_LABELS
value: {{ .Values.ui.historyCustomLabels | join "," }}
- name: NGINX_LISTEN_PORT
value: {{ .Values.ui.service.targetPort | quote }}
- name: USE_CONTROL_CACHE_HEADER
value: {{ .Values.ui.useControlCacheHeader | quote }}
- name: TAGLIST_ORDER
value: {{ .Values.ui.taglistOrder | quote }}
- name: CATALOG_DEFAULT_EXPANDED
value: {{ .Values.ui.catalogDefaultExpanded | quote }}
- name: CATALOG_MIN_BRANCHES
value: {{ .Values.ui.catalogMinBranches | quote }}
- name: CATALOG_MAX_BRANCHES
value: {{ .Values.ui.catalogMaxBranches | quote }}
- name: TAGLIST_PAGE_SIZE
value: {{ .Values.ui.taglistPageSize | quote }}
- name: REGISTRY_SECURED
value: {{ .Values.ui.registrySecured | quote }}
- name: THEME
value: {{ .Values.ui.defaultTheme | quote }}
- name: THEME_PRIMARY_TEXT
value: {{ .Values.ui.theme.primaryText | quote }}
- name: THEME_NEUTRAL_TEXT
value: {{ .Values.ui.theme.neutralText | quote }}
- name: THEME_BACKGROUND
value: {{ .Values.ui.theme.background | quote }}
- name: THEME_HOVER_BACKGROUND
value: {{ .Values.ui.theme.hoverBackground | quote }}
- name: THEME_ACCENT_TEXT
value: {{ .Values.ui.theme.accentText | quote }}
- name: THEME_HEADER_TEXT
value: {{ .Values.ui.theme.headerText | quote }}
- name: THEME_HEADER_BACKGROUND
value: {{ .Values.ui.theme.headerBackground | quote }}
- name: THEME_FOOTER_TEXT
value: {{ .Values.ui.theme.footerText | quote }}
- name: THEME_FOOTER_NEUTRAL_TEXT
value: {{ .Values.ui.theme.footerNeutralText | quote }}
- name: THEME_FOOTER_BACKGROUND
value: {{ .Values.ui.theme.footerBackground | quote }}
ports:
- name: http
containerPort: {{ .Values.ui.service.targetPort }}
protocol: TCP
resources:
{{- toYaml .Values.ui.resources | nindent 12 }}
{{- with .Values.ui.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.ui.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.ui.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if not .Values.ui.runAsRoot }}
securityContext:
runAsUser: 101
{{- end }}
{{- if .Values.ui.additionalSpec }}
{{ tpl .Values.ui.additionalSpec . | nindent 6 | trim }}
{{- end }}

38
opencloud/charts/docker-registry-ui/templates/ui-ingress.yaml Normal file
View File

@@ -0,0 +1,38 @@
{{- if .Values.ui.ingress.enabled -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "docker-registry-ui.fullname" . }}-user-interface
labels:
app.kubernetes.io/component : user-interface
{{- include "docker-registry-ui.labels" . | nindent 4 }}
{{- with .Values.ui.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.ui.ingress.ingressClassName }}
ingressClassName: {{ .Values.ui.ingress.ingressClassName }}
{{- end -}}
{{- if .Values.ui.ingress.tls }}
tls:
{{ tpl (toYaml .Values.ui.ingress.tls) $ | indent 4 }}
{{- end }}
rules:
- http:
paths:
- backend:
service:
name: {{ include "docker-registry-ui.fullname" . }}-user-interface
port:
number: {{ .Values.ui.service.port }}
{{- if .Values.ui.ingress.path }}
path: {{ .Values.ui.ingress.path }}
{{- end }}
{{- if .Values.ui.ingress.pathType }}
pathType: {{ .Values.ui.ingress.pathType }}
{{- end }}
{{- if .Values.ui.ingress.host }}
host: {{ .Values.ui.ingress.host | quote }}
{{- end -}}
{{- end }}

27
opencloud/charts/docker-registry-ui/templates/ui-service.yaml Normal file
View File

@@ -0,0 +1,27 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "docker-registry-ui.fullname" . }}-user-interface
labels:
app.kubernetes.io/component : user-interface
{{- include "docker-registry-ui.labels" . | nindent 4 }}
{{- with .Values.ui.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
selector:
app.kubernetes.io/component : user-interface
{{- include "docker-registry-ui.labels" . | nindent 4 }}
type: {{ .Values.ui.service.type }}
ports:
- port: {{ .Values.ui.service.port }}
targetPort: {{ .Values.ui.service.targetPort }}
protocol: TCP
name: http
{{- if (and (eq .Values.ui.service.type "NodePort") .Values.ui.service.nodePort) }}
nodePort: {{ .Values.ui.service.nodePort }}
{{- end }}
{{- if .Values.ui.service.additionalSpec }}
{{ tpl .Values.ui.service.additionalSpec . | nindent 2 | trim }}
{{- end }}

218
opencloud/charts/docker-registry-ui/values.yaml Normal file
View File

@@ -0,0 +1,218 @@
## Global
global:
# Set the prefix used for all resources in the Helm chart. If not set,
# the prefix will be `<helm release name>`.
name: null
# The default array of objects containing image pull secret names that will be applied.
imagePullSecrets: []
# The default image policy for images: `IfNotPresent`, `Always`, `Never`
imagePullPolicy: IfNotPresent
## User Interface
ui:
# Number of replicas for the Deployment.
replicas: 1
# Title of the registry
title: "Docker registry UI"
# UI behave as a proxy of the registry
proxy: false
# The URL of your docker registry, may be a service (when proxy is on) or an external URL.
dockerRegistryUrl: null
# Override the pull URL
pullUrl: null
# Remove the menu that show the dialogs to add, remove and change the endpoint of your docker registry.
singleRegistry: true
# By default, the UI will check on every requests if your registry is secured or not (you will see `401` responses in your console). Set to `true` if your registry uses Basic Authentication and divide by two the number of call to your registry.
registrySecured: false
# Show number of tags per images on catalog page. This will produce + nb images requests, not recommended on large registries.
showCatalogNbTags: false
# Limit the number of elements in the catalog page.
catalogElementsLimit: 1000
# Expand by default all repositories in catalog
catalogDefaultExpanded: false
# Set the minimum repository/namespace to expand (e.g. `joxit/docker-registry-ui` `joxit/` is the repository/namespace). Can be 0 to disable branching.
catalogMinBranches: 1
# Set the maximum repository/namespace to expand (e.g. `joxit/docker-registry-ui` `joxit/` is the repository/namespace). Can be 0 to disable branching.
catalogMaxBranches: 1
# Allow delete of images
deleteImages: false
# Show content digest in docker tag list.
showContentDigest: false
# Set the default order for the taglist page, could be `num-asc;alpha-asc`, `num-desc;alpha-asc`, `num-asc;alpha-desc`, `num-desc;alpha-desc`, `alpha-asc;num-asc`, `alpha-asc;num-desc`, `alpha-desc;num-asc` or `alpha-desc;num-desc`.
taglistOrder: alpha-asc;num-desc
# Set the number of tags to display in one page.
taglistPageSize: 100
# Expose custom labels in history page, custom labels will be processed like maintainer label.
historyCustomLabels: []
# Update the default Nginx configuration and **set custom headers** for your backend docker registry. Only when `ui.proxy` is used.
# Example:
# nginxProxyHeaders:
# [ { my-heeader-name: my-header-value } ]
nginxProxyHeaders: []
# Update the default Nginx configuration and **forward custom headers** to your backend docker registry. Only when `ui.proxy` is used.
# Example:
# nginxProxyPassHeaders: [ my-first-header, my-second-header ]
nginxProxyPassHeaders: []
# Add header Control-Cache: no-store, no-cache on requests to registry server.
# This needs to update your registry configuration with : `Access-Control-Allow-Headers: ['Authorization', 'Accept', 'Cache-Control']`
useControlCacheHeader: false
# Use root or nginx user inside the container, when this is false the target port must be greater or equal to 1024.
runAsRoot: true
# Select the default theme to apply, values can be `auto`, `dark` and `light`
defaultTheme: "auto"
theme:
# Custom background color for the UI
background: ""
# Custom primary text color for the UI
primaryText: ""
# Custom netral color for the UI (icons)
neutralText: ""
# Custom accent color for the UI (buttons)
accentText: ""
# Custom hover background color for the UI
hoverBackground: ""
# Custom header background color for the UI
headerBackground: ""
# Custom header text color for the UI
headerText: ""
# Custom footer background color for the UI
footerBackground: ""
# Custom footer text color for the UI
footerText: ""
# Custom footer neutral color for the UI (links)
footerNeutralText: ""
# The name and tag of the docker image of the interface
image: joxit/docker-registry-ui:2.5.2
# Override default image pull secrets
imagePullSecrets: "-"
# Override default pull policy
imagePullPolicy: "-"
# The resource settings for user interface pod.
resources: {}
# Optional YAML string to specify a nodeSelector config.
nodeSelector: {}
# Optional YAML string to specify tolerations.
tolerations: []
# This value defines the [affinity](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity)
# for server pods.
affinity: {}
# Annotations to apply to the user interface deployment.
annotations: {}
# Optional YAML string that will be appended to the deployment spec.
additionalSpec: {}
service:
# Type of service: `LoadBalancer`, `ClusterIP` or `NodePort`. If using `NodePort` service
# type, you must set the desired `nodePorts` setting below.
type: ClusterIP
# Ports that will be exposed on the service
port: 80
# The port to listhen on the container. If under 1024, the user must be root
targetPort: 80
# If using a `NodePort` service type, you must specify the desired `nodePort` for each exposed port.
nodePort: null
# Annotations to apply to the user interface service.
annotations: {}
# Optional YAML string that will be appended to the Service spec.
additionalSpec: {}
ingress:
# Enable the ingress for the user interface.
enabled: false
# Fully qualified domain name of a network host.
host: null
# Path is matched against the path of an incoming request.
path: /
# Determines the interpretation of the Path matching, must be Prefix to serve assets.
pathType: Prefix
# The name of an IngressClass cluster resource.
ingressClassName: nginx
# TLS configuration
tls: []
# Annotations to apply to the user interface ingress.
annotations: {}
# If you want a custom path, you can try this example:
# path: /ui(/|$)(.*)
# annotations:
# { nginx.ingress.kubernetes.io/rewrite-target: /$2 }
## Registry Server
registry:
# Enable the registry server.
enabled: false
# The name and tag of the docker registry server image
image: registry:2.8.2
# Override default image pull secrets
imagePullSecrets: "-"
# Override default pull policy
imagePullPolicy: "-"
# Configuration for the data directory. When null it will create an emptyDir.
dataVolume: null
# The resource settings for registry server pod.
resources: {}
# Optional YAML string to specify a nodeSelector config.
nodeSelector: {}
# Optional YAML string to specify tolerations.
tolerations: []
# This value defines the [affinity](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity)
# for server pods.
affinity: {}
# Annotations to apply to the registry server deployment.
annotations: {}
# Optional YAML string that will be appended to the deployment spec.
additionalSpec: {}
# Extra Environmental Variables for Registry
extraEnv: []
auth:
basic:
# Enable basic auth for Registry.
enabled: false
# Basic auth realm.
realm: Docker registry
# Full path for htpasswd file. Note that filename should match the secret key.
htpasswdPath: /etc/docker/registry/auth/htpasswd
# htpasswd secret name volume to mount.
secretName: ''
service:
# Type of service: `LoadBalancer`, `ClusterIP` or `NodePort`. If using `NodePort` service
# type, you must set the desired `nodePorts` setting below.
type: ClusterIP
# Ports that will be exposed on the service
port: 5000
# The port to listhen on the container.
targetPort: 5000
# If using a `NodePort` service type, you must specify the desired `nodePort` for each exposed port.
nodePort: null
# Annotations to apply to the registry server service.
annotations: {}
# Optional YAML string that will be appended to the Service spec.
additionalSpec: {}
ingress:
# Enable the ingress for the registry server.
enabled: false
# Fully qualified domain name of a network host.
host: null
# Path is matched against the path of an incoming request.
path: /v2/
# Determines the interpretation of the Path matching, must be Prefix to serve assets.
pathType: Prefix
# The name of an IngressClass cluster resource.
ingressClassName: nginx
# TLS configuration
tls: []
# Annotations to apply to the registry server ingress.
annotations: {}
# If you want a custom path, you can try this example:
# path: /api(/|$)(.*)
# annotations:
# { nginx.ingress.kubernetes.io/rewrite-target: /$2 }

6
opencloud/charts/hydra/Chart.lock
View File

@@ -4,6 +4,6 @@ dependencies:
version: 0.1.0
- name: hydra-maester
repository: file://../hydra-maester
version: 0.50.2
digest: sha256:f39e4a74150060c63515886f4905dce57e1a90419e5a5c530684f1a363686cda
generated: "2024-11-28T10:30:15.53366383Z"
version: 0.50.6
digest: sha256:0799d168b3e83ce9b85a48ef5d3abb9a99f6cb2f8436be51d91f3612e6b2b2da
generated: "2024-12-16T15:04:47.361658969Z"

4
opencloud/charts/hydra/Chart.yaml
View File

@@ -9,7 +9,7 @@ dependencies:
condition: maester.enabled
name: hydra-maester
repository: file://../hydra-maester
version: 0.50.2
version: 0.50.6
description: A Helm chart for deploying ORY Hydra in Kubernetes
home: https://www.ory.sh/
icon: https://raw.githubusercontent.com/ory/docs/master/docs/static/img/logo-hydra.svg
@@ -30,4 +30,4 @@ sources:
- https://github.com/ory/hydra
- https://github.com/ory/k8s
type: application
version: 0.50.2
version: 0.50.6

6
opencloud/charts/hydra/README.md
View File

@@ -1,6 +1,6 @@
# hydra
![Version: 0.50.1](https://img.shields.io/badge/Version-0.50.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v2.2.0](https://img.shields.io/badge/AppVersion-v2.2.0-informational?style=flat-square)
![Version: 0.50.5](https://img.shields.io/badge/Version-0.50.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v2.2.0](https://img.shields.io/badge/AppVersion-v2.2.0-informational?style=flat-square)
A Helm chart for deploying ORY Hydra in Kubernetes
@@ -21,7 +21,7 @@ A Helm chart for deploying ORY Hydra in Kubernetes
| Repository | Name | Version |
|------------|------|---------|
| file://../hydra-maester | hydra-maester(hydra-maester) | 0.50.1 |
| file://../hydra-maester | hydra-maester(hydra-maester) | 0.50.5 |
| file://../ory-commons | ory(ory-commons) | 0.1.0 |
## Values
@@ -98,7 +98,7 @@ A Helm chart for deploying ORY Hydra in Kubernetes
| deployment.serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
| deployment.serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
| deployment.serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
| deployment.startupProbe | object | `{"failureThreshold":5,"initialDelaySeconds":0,"periodSeconds":1,"successThreshold":1,"timeoutSeconds":1}` | Default probe timers |
| deployment.startupProbe | object | `{"failureThreshold":5,"initialDelaySeconds":1,"periodSeconds":1,"successThreshold":1,"timeoutSeconds":2}` | Default probe timers |
| deployment.strategy.rollingUpdate.maxSurge | string | `"25%"` | |
| deployment.strategy.rollingUpdate.maxUnavailable | string | `"25%"` | |
| deployment.strategy.type | string | `"RollingUpdate"` | |

4
opencloud/charts/hydra/charts/hydra-maester/Chart.yaml
View File

@@ -1,7 +1,7 @@
apiVersion: v2
appVersion: v0.0.34
appVersion: v0.0.36
description: A Helm chart for Kubernetes
icon: https://raw.githubusercontent.com/ory/docs/master/docs/static/img/logo-hydra.svg
name: hydra-maester
type: application
version: 0.50.2
version: 0.50.6

5
opencloud/charts/hydra/charts/hydra-maester/README.md
View File

@@ -1,6 +1,6 @@
# hydra-maester
![Version: 0.50.1](https://img.shields.io/badge/Version-0.50.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.0.34](https://img.shields.io/badge/AppVersion-v0.0.34-informational?style=flat-square)
![Version: 0.50.5](https://img.shields.io/badge/Version-0.50.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.0.36](https://img.shields.io/badge/AppVersion-v0.0.36-informational?style=flat-square)
A Helm chart for Kubernetes
@@ -20,6 +20,7 @@ A Helm chart for Kubernetes
| deployment.automountServiceAccountToken | bool | `true` | This applications connects to the k8s API and requires the permissions |
| deployment.dnsConfig | object | `{}` | Configure pod dnsConfig. |
| deployment.extraAnnotations | object | `{}` | Deployment level extra annotations |
| deployment.extraEnv | list | `[]` | To set extra env vars for the container. |
| deployment.extraLabels | object | `{}` | Deployment level extra labels |
| deployment.extraVolumeMounts | list | `[]` | |
| deployment.extraVolumes | list | `[]` | If you want to mount external volume |
@@ -52,7 +53,7 @@ A Helm chart for Kubernetes
| forwardedProto | string | `nil` | |
| image.pullPolicy | string | `"IfNotPresent"` | Image pull policy |
| image.repository | string | `"oryd/hydra-maester"` | Ory Hydra-maester image |
| image.tag | string | `"v0.0.35-amd64"` | Ory Hydra-maester version |
| image.tag | string | `"v0.0.36"` | Ory Hydra-maester version |
| imagePullSecrets | list | `[]` | Image pull secrets |
| pdb.enabled | bool | `false` | |
| pdb.spec.maxUnavailable | string | `""` | |

7
opencloud/charts/hydra/charts/hydra-maester/crds/crd-oauth2clients.yaml
View File

@@ -78,6 +78,13 @@ spec:
ClientName is the human-readable string name of the client
to be presented to the end-user during authorization.
type: string
deletionPolicy:
description:
Indicates if a deleted OAuth2Client custom resource should
delete the database row or not. Value 1 means deletion of
the OAuth2 client, value 2 means keep an orphan oauth2
client.
type: integer
frontChannelLogoutSessionRequired:
default: false
description:

4
opencloud/charts/hydra/charts/hydra-maester/templates/deployment.yaml
View File

@@ -80,6 +80,10 @@ spec:
{{- if .Values.deployment.extraVolumeMounts }}
{{- toYaml .Values.deployment.extraVolumeMounts | nindent 12 }}
{{- end }}
{{- if .Values.deployment.extraEnv }}
env:
{{- tpl (toYaml .Values.deployment.extraEnv) . | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.deployment.resources | nindent 12 }}
terminationMessagePath: /dev/termination-log

5
opencloud/charts/hydra/charts/hydra-maester/values.yaml
View File

@@ -12,7 +12,7 @@ image:
# -- Ory Hydra-maester image
repository: oryd/hydra-maester
# -- Ory Hydra-maester version
tag: v0.0.35-amd64
tag: v0.0.36
# -- Image pull policy
pullPolicy: IfNotPresent
@@ -56,6 +56,9 @@ deployment:
# cpu: 100m
# memory: 20Mi
# -- To set extra env vars for the container.
extraEnv: []
# -- If you want to mount external volume
extraVolumes: []
# - name: my-volume

10
opencloud/charts/hydra/values.yaml
View File

@@ -88,7 +88,7 @@ ingress:
# -- Configure ingress for the proxy port.
public:
# -- En-/Disable the proxy ingress.
enabled: false
enabled: true
className: ""
annotations: {}
# kubernetes.io/ingress.class: nginx
@@ -105,7 +105,7 @@ ingress:
admin:
# -- En-/Disable the api ingress.
enabled: false
enabled: true
className: ""
annotations: {}
# If you do want to specify annotations, uncomment the following
@@ -345,8 +345,8 @@ deployment:
failureThreshold: 5
successThreshold: 1
periodSeconds: 1
timeoutSeconds: 1
initialDelaySeconds: 0
timeoutSeconds: 2
initialDelaySeconds: 1
automountServiceAccountToken: false
@@ -557,7 +557,7 @@ cronjob:
# -- If you want to mount external volume
extraVolumes: []
# - name: my-volume
# - name: my-volumep
# secret:
# secretName: my-secret
extraVolumeMounts: []

24
opencloud/charts/prometheus/.helmignore Normal file
View File

@@ -0,0 +1,24 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
ci/
OWNERS

15
opencloud/charts/prometheus/Chart.lock Normal file
View File

@@ -0,0 +1,15 @@
dependencies:
- name: alertmanager
repository: https://prometheus-community.github.io/helm-charts
version: 1.28.0
- name: kube-state-metrics
repository: https://prometheus-community.github.io/helm-charts
version: 6.4.1
- name: prometheus-node-exporter
repository: https://prometheus-community.github.io/helm-charts
version: 4.49.1
- name: prometheus-pushgateway
repository: https://prometheus-community.github.io/helm-charts
version: 3.4.2
digest: sha256:fedbc59b33be92cc31268269ffcd55336a21d62e3b9ae3874e99f4ca63479991
generated: "2025-11-04T21:27:16.796331119Z"

58
opencloud/charts/prometheus/Chart.yaml Normal file
View File

@@ -0,0 +1,58 @@
annotations:
artifacthub.io/license: Apache-2.0
artifacthub.io/links: |
- name: Chart Source
url: https://github.com/prometheus-community/helm-charts
- name: Upstream Project
url: https://github.com/prometheus/prometheus
apiVersion: v2
appVersion: v3.7.3
dependencies:
- condition: alertmanager.enabled
name: alertmanager
repository: https://prometheus-community.github.io/helm-charts
version: 1.28.*
- condition: kube-state-metrics.enabled
name: kube-state-metrics
repository: https://prometheus-community.github.io/helm-charts
version: 6.4.*
- condition: prometheus-node-exporter.enabled
name: prometheus-node-exporter
repository: https://prometheus-community.github.io/helm-charts
version: 4.49.*
- condition: prometheus-pushgateway.enabled
name: prometheus-pushgateway
repository: https://prometheus-community.github.io/helm-charts
version: 3.4.*
description: Prometheus is a monitoring system and time series database.
home: https://prometheus.io/
icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png
keywords:
- monitoring
- prometheus
kubeVersion: '>=1.19.0-0'
maintainers:
- email: gianrubio@gmail.com
name: gianrubio
url: https://github.com/gianrubio
- email: zanhsieh@gmail.com
name: zanhsieh
url: https://github.com/zanhsieh
- email: miroslav.hadzhiev@gmail.com
name: Xtigyro
url: https://github.com/Xtigyro
- email: naseem@transit.app
name: naseemkullah
url: https://github.com/naseemkullah
- email: rootsandtrees@posteo.de
name: zeritti
url: https://github.com/zeritti
name: prometheus
sources:
- https://github.com/prometheus/alertmanager
- https://github.com/prometheus/prometheus
- https://github.com/prometheus/pushgateway
- https://github.com/prometheus/node_exporter
- https://github.com/kubernetes/kube-state-metrics
type: application
version: 27.45.0

392
opencloud/charts/prometheus/README.md Normal file
View File

@@ -0,0 +1,392 @@
# Prometheus
[Prometheus](https://prometheus.io/), a [Cloud Native Computing Foundation](https://cncf.io/) project, is a systems and service monitoring system. It collects metrics from configured targets at given intervals, evaluates rule expressions, displays the results, and can trigger alerts if some condition is observed to be true.
This chart bootstraps a [Prometheus](https://prometheus.io/) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
## Prerequisites
- Kubernetes 1.19+
- Helm 3.7+
## Usage
The chart is distributed as an [OCI Artifact](https://helm.sh/docs/topics/registries/) as well as via a traditional [Helm Repository](https://helm.sh/docs/topics/chart_repository/).
- OCI Artifact: `oci://ghcr.io/prometheus-community/charts/prometheus`
- Helm Repository: `https://prometheus-community.github.io/helm-charts` with chart `prometheus`
The installation instructions use the OCI registry. Refer to the [`helm repo`]([`helm repo`](https://helm.sh/docs/helm/helm_repo/)) command documentation for information on installing charts via the traditional repository.
### Install Chart
Starting with version 16.0, the Prometheus chart requires Helm 3.7+ in order to install successfully. Please check your `helm` release before installation.
```console
helm install [RELEASE_NAME] oci://ghcr.io/prometheus-community/charts/prometheus
```
_See [configuration](#configuration) below._
_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._
### Dependencies
By default this chart installs additional, dependent charts:
- [alertmanager](https://github.com/prometheus-community/helm-charts/tree/main/charts/alertmanager)
- [kube-state-metrics](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics)
- [prometheus-node-exporter](https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-node-exporter)
- [prometheus-pushgateway](https://github.com/walker-tom/helm-charts/tree/main/charts/prometheus-pushgateway)
To disable the dependency during installation, set `alertmanager.enabled`, `kube-state-metrics.enabled`, `prometheus-node-exporter.enabled` and `prometheus-pushgateway.enabled` to `false`.
_See [helm dependency](https://helm.sh/docs/helm/helm_dependency/) for command documentation._
### Uninstall Chart
```console
helm uninstall [RELEASE_NAME]
```
This removes all the Kubernetes components associated with the chart and deletes the release.
_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._
### Updating values.schema.json
A [`values.schema.json`](https://helm.sh/docs/topics/charts/#schema-files) file has been added to validate chart values. When `values.yaml` file has a structure change (i.e. add a new field, change value type, etc.), modify `values.schema.json` file manually or run `helm schema-gen values.yaml > values.schema.json` to ensure the schema is aligned with the latest values. Refer to [helm plugin `helm-schema-gen`](https://github.com/karuppiah7890/helm-schema-gen) for plugin installation instructions.
### Upgrading Chart
```console
helm upgrade [RELEASE_NAME] oci://ghcr.io/prometheus-community/charts/prometheus --install
```
_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._
#### To 27.0
Prometheus' configuration parameter `insecure_skip_verify` in scrape configs `serverFiles."prometheus.yml".scrape_configs` has been commented out keeping thus the default Prometheus' value.
If certificate verification must be skipped, please, uncomment the line before upgrading.
#### To 26.0
This release changes default version of promethues to v3.0.0, See official [migration guide](https://prometheus.io/docs/prometheus/latest/migration/#prometheus-3-0-migration-guide
) and [release notes](https://github.com/prometheus/prometheus/releases/tag/v3.0.0) for more details.
#### To 25.0
The `server.remoteRead[].url` and `server.remoteWrite[].url` fields now support templating. Allowing for `url` values such as `https://{{ .Release.Name }}.example.com`.
Any entries in these which previously included `{{` or `}}` must be escaped with `{{ "{{" }}` and `{{ "}}" }}` respectively. Entries which did not previously include the template-like syntax will not be affected.
#### To 24.0
Require Kubernetes 1.19+
Release 1.0.0 of the _alertmanager_ replaced [configmap-reload](https://github.com/jimmidyson/configmap-reload) with [prometheus-config-reloader](https://github.com/prometheus-operator/prometheus-operator/tree/main/cmd/prometheus-config-reloader).
Extra command-line arguments specified via `configmapReload.prometheus.extraArgs` are not compatible and will break with the new prometheus-config-reloader. Please, refer to the [sources](https://github.com/prometheus-operator/prometheus-operator/blob/main/cmd/prometheus-config-reloader/main.go) in order to make the appropriate adjustment to the extra command-line arguments.
#### To 23.0
Release 5.0.0 of the _kube-state-metrics_ chart introduced a separation of the `image.repository` value in two distinct values:
```console
image:
registry: registry.k8s.io
repository: kube-state-metrics/kube-state-metrics
```
If a custom values file or CLI flags set `kube-state.metrics.image.repository`, please, set the new values accordingly.
If you are upgrading _prometheus-pushgateway_ with the chart and _prometheus-pushgateway_ has been deployed as a statefulset with a persistent volume, the statefulset must be deleted before upgrading the chart, e.g.:
```bash
kubectl delete sts -l app.kubernetes.io/name=prometheus-pushgateway -n monitoring --cascade=orphan
```
Users are advised to review changes in the corresponding chart releases before upgrading.
#### To 22.0
The `app.kubernetes.io/version` label has been removed from the pod selector.
Therefore, you must delete the previous StatefulSet or Deployment before upgrading. Performing this operation will cause **Prometheus to stop functioning** until the upgrade is complete.
```console
kubectl delete deploy,sts -l app.kubernetes.io/name=prometheus
```
#### To 21.0
The Kubernetes labels have been updated to follow [Helm 3 label and annotation best practices](https://helm.sh/docs/chart_best_practices/labels/).
Specifically, labels mapping is listed below:
| OLD | NEW |
|--------------------|------------------------------|
|heritage | app.kubernetes.io/managed-by |
|chart | helm.sh/chart |
|[container version] | app.kubernetes.io/version |
|app | app.kubernetes.io/name |
|release | app.kubernetes.io/instance |
Therefore, depending on the way you've configured the chart, the previous StatefulSet or Deployment need to be deleted before upgrade.
If `runAsStatefulSet: false` (this is the default):
```console
kubectl delete deploy -l app=prometheus
```
If `runAsStatefulSet: true`:
```console
kubectl delete sts -l app=prometheus
```
After that do the actual upgrade:
```console
helm upgrade -i prometheus prometheus-community/prometheus
```
#### To 20.0
The [configmap-reload](https://github.com/jimmidyson/configmap-reload) container was replaced by the [prometheus-config-reloader](https://github.com/prometheus-operator/prometheus-operator/tree/main/cmd/prometheus-config-reloader).
Extra command-line arguments specified via configmapReload.prometheus.extraArgs are not compatible and will break with the new prometheus-config-reloader, refer to the [sources](https://github.com/prometheus-operator/prometheus-operator/blob/main/cmd/prometheus-config-reloader/main.go) in order to make the appropriate adjustment to the extra command-line arguments.
#### To 19.0
Prometheus has been updated to version v2.40.5.
Prometheus-pushgateway was updated to version 2.0.0 which adapted [Helm label and annotation best practices](https://helm.sh/docs/chart_best_practices/labels/).
See the [upgrade docs of the prometheus-pushgateway chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-pushgateway#to-200) to see whats to do, before you upgrade Prometheus!
The condition in Chart.yaml to disable kube-state-metrics has been changed from `kubeStateMetrics.enabled` to `kube-state-metrics.enabled`
The Docker image tag is used from appVersion field in Chart.yaml by default.
Unused subchart configs has been removed and subchart config is now on the bottom of the config file.
If Prometheus is used as deployment the updatestrategy has been changed to "Recreate" by default, so Helm updates work out of the box.
`.Values.server.extraTemplates` & `.Values.server.extraObjects` has been removed in favour of `.Values.extraManifests`, which can do the same.
`.Values.server.enabled` has been removed as it's useless now that all components are created by subcharts.
All files in `templates/server` directory has been moved to `templates` directory.
```bash
helm upgrade [RELEASE_NAME] prometheus-community/prometheus --version 19.0.0
```
#### To 18.0
Version 18.0.0 uses alertmanager service from the [alertmanager chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/alertmanager). If you've made some config changes, please check the old `alertmanager` and the new `alertmanager` configuration section in values.yaml for differences.
Note that the `configmapReload` section for `alertmanager` was moved out of dedicated section (`configmapReload.alertmanager`) to alertmanager embedded (`alertmanager.configmapReload`).
Before you update, please scale down the `prometheus-server` deployment to `0` then perform upgrade:
```bash
# In 17.x
kubectl scale deploy prometheus-server --replicas=0
# Upgrade
helm upgrade [RELEASE_NAME] prometheus-community/prometheus --version 18.0.0
```
#### To 17.0
Version 17.0.0 uses pushgateway service from the [prometheus-pushgateway chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-pushgateway). If you've made some config changes, please check the old `pushgateway` and the new `prometheus-pushgateway` configuration section in values.yaml for differences.
Before you update, please scale down the `prometheus-server` deployment to `0` then perform upgrade:
```bash
# In 16.x
kubectl scale deploy prometheus-server --replicas=0
# Upgrade
helm upgrade [RELEASE_NAME] prometheus-community/prometheus --version 17.0.0
```
#### To 16.0
Starting from version 16.0 embedded services (like alertmanager, node-exporter etc.) are moved out of Prometheus chart and the respecting charts from this repository are used as dependencies. Version 16.0.0 moves node-exporter service to [prometheus-node-exporter chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-node-exporter). If you've made some config changes, please check the old `nodeExporter` and the new `prometheus-node-exporter` configuration section in values.yaml for differences.
Before you update, please scale down the `prometheus-server` deployment to `0` then perform upgrade:
```bash
# In 15.x
kubectl scale deploy prometheus-server --replicas=0
# Upgrade
helm upgrade [RELEASE_NAME] prometheus-community/prometheus --version 16.0.0
```
#### To 15.0
Version 15.0.0 changes the relabeling config, aligning it with the [Prometheus community conventions](https://github.com/prometheus/prometheus/pull/9832). If you've made manual changes to the relabeling config, you have to adapt your changes.
Before you update please execute the following command, to be able to update kube-state-metrics:
```bash
kubectl delete deployments.apps -l app.kubernetes.io/instance=prometheus,app.kubernetes.io/name=kube-state-metrics --cascade=orphan
```
#### To 9.0
Version 9.0 adds a new option to enable or disable the Prometheus Server. This supports the use case of running a Prometheus server in one k8s cluster and scraping exporters in another cluster while using the same chart for each deployment. To install the server `server.enabled` must be set to `true`.
#### To 5.0
As of version 5.0, this chart uses Prometheus 2.x. This version of prometheus introduces a new data format and is not compatible with prometheus 1.x. It is recommended to install this as a new release, as updating existing releases will not work. See the [prometheus docs](https://prometheus.io/docs/prometheus/latest/migration/#storage) for instructions on retaining your old data.
Prometheus version 2.x has made changes to alertmanager, storage and recording rules. Check out [the 2.x migration guide](https://prometheus.io/docs/prometheus/2.55/migration/).
Users of this chart will need to update their alerting rules to the new format before they can upgrade.
#### Example Migration
Assuming you have an existing release of the prometheus chart, named `prometheus-old`. In order to update to prometheus 2.x while keeping your old data do the following:
1. Update the `prometheus-old` release. Disable scraping on every component besides the prometheus server, similar to the configuration below:
```yaml
alertmanager:
enabled: false
alertmanagerFiles:
alertmanager.yml: ""
kubeStateMetrics:
enabled: false
nodeExporter:
enabled: false
pushgateway:
enabled: false
server:
extraArgs:
storage.local.retention: 720h
serverFiles:
alerts: ""
prometheus.yml: ""
rules: ""
```
1. Deploy a new release of the chart with version 5.0+ using prometheus 2.x. In the values.yaml set the scrape config as usual, and also add the `prometheus-old` instance as a remote-read target.
```yaml
prometheus.yml:
...
remote_read:
- url: http://prometheus-old/api/v1/read
...
```
Old data will be available when you query the new prometheus instance.
## Configuration
See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments, visit the chart's [values.yaml](./values.yaml), or run these configuration commands:
```console
helm show values oci://ghcr.io/prometheus-community/charts/prometheus
```
You may similarly use the above configuration commands on each chart [dependency](#dependencies) to see its configurations.
### Scraping Pod Metrics via Annotations
This chart uses a default configuration that causes prometheus to scrape a variety of kubernetes resource types, provided they have the correct annotations. In this section we describe how to configure pods to be scraped; for information on how other resource types can be scraped you can do a `helm template` to get the kubernetes resource definitions, and then reference the prometheus configuration in the ConfigMap against the prometheus documentation for [relabel_config](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config) and [kubernetes_sd_config](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kubernetes_sd_config).
In order to get prometheus to scrape pods, you must add annotations to the pods as below:
```yaml
metadata:
annotations:
prometheus.io/scrape: "true"
prometheus.io/path: /metrics
prometheus.io/port: "8080"
```
You should adjust `prometheus.io/path` based on the URL that your pod serves metrics from. `prometheus.io/port` should be set to the port that your pod serves metrics from. Note that the values for `prometheus.io/scrape` and `prometheus.io/port` must be enclosed in double quotes.
### Sharing Alerts Between Services
Note that when [installing](#install-chart) or [upgrading](#upgrading-chart) you may use multiple values override files. This is particularly useful when you have alerts belonging to multiple services in the cluster. For example,
```yaml
# values.yaml
# ...
# service1-alert.yaml
serverFiles:
alerts:
service1:
- alert: anAlert
# ...
# service2-alert.yaml
serverFiles:
alerts:
service2:
- alert: anAlert
# ...
```
```console
helm install [RELEASE_NAME] oci://ghcr.io/prometheus-community/charts/prom-label-proxy -f values.yaml -f service1-alert.yaml -f service2-alert.yaml
```
### RBAC Configuration
Roles and RoleBindings resources will be created automatically for `server` service.
To manually setup RBAC you need to set the parameter `rbac.create=false` and specify the service account to be used for each service by setting the parameters: `serviceAccounts.{{ component }}.create` to `false` and `serviceAccounts.{{ component }}.name` to the name of a pre-existing service account.
> **Tip**: You can refer to the default `*-clusterrole.yaml` and `*-clusterrolebinding.yaml` files in [templates](templates/) to customize your own.
### ConfigMap Files
AlertManager is configured through [alertmanager.yml](https://prometheus.io/docs/alerting/configuration/). This file (and any others listed in `alertmanagerFiles`) will be mounted into the `alertmanager` pod.
Prometheus is configured through [prometheus.yml](https://prometheus.io/docs/operating/configuration/). This file (and any others listed in `serverFiles`) will be mounted into the `server` pod.
### Ingress TLS
If your cluster allows automatic creation/retrieval of TLS certificates (e.g. [cert-manager](https://github.com/jetstack/cert-manager)), please refer to the documentation for that mechanism.
To manually configure TLS, first create/retrieve a key & certificate pair for the address(es) you wish to protect. Then create a TLS secret in the namespace:
```console
kubectl create secret tls prometheus-server-tls --cert=path/to/tls.cert --key=path/to/tls.key
```
Include the secret's name, along with the desired hostnames, in the alertmanager/server Ingress TLS section of your custom `values.yaml` file:
```yaml
server:
ingress:
## If true, Prometheus server Ingress will be created
##
enabled: true
## Prometheus server Ingress hostnames
## Must be provided if Ingress is enabled
##
hosts:
- prometheus.domain.com
## Prometheus server Ingress TLS configuration
## Secrets must be manually created in the namespace
##
tls:
- secretName: prometheus-server-tls
hosts:
- prometheus.domain.com
```
### NetworkPolicy
Enabling Network Policy for Prometheus will secure connections to Alert Manager and Kube State Metrics by only accepting connections from Prometheus Server. All inbound connections to Prometheus Server are still allowed.
To enable network policy for Prometheus, install a networking plugin that implements the Kubernetes NetworkPolicy spec, and set `networkPolicy.enabled` to true.
If NetworkPolicy is enabled for Prometheus' scrape targets, you may also need to manually create a networkpolicy which allows it.

26
opencloud/charts/prometheus/charts/alertmanager/.helmignore Normal file
View File

@@ -0,0 +1,26 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
unittests/
ci/

26
opencloud/charts/prometheus/charts/alertmanager/Chart.yaml Normal file
View File

@@ -0,0 +1,26 @@
annotations:
artifacthub.io/license: Apache-2.0
artifacthub.io/links: |
- name: Chart Source
url: https://github.com/prometheus-community/helm-charts
apiVersion: v2
appVersion: v0.29.0
description: The Alertmanager handles alerts sent by client applications such as the
Prometheus server.
home: https://prometheus.io/
icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png
keywords:
- monitoring
kubeVersion: '>=1.25.0-0'
maintainers:
- email: monotek23@gmail.com
name: monotek
url: https://github.com/monotek
- email: naseem@transit.app
name: naseemkullah
url: https://github.com/naseemkullah
name: alertmanager
sources:
- https://github.com/prometheus/alertmanager
type: application
version: 1.28.0

62
opencloud/charts/prometheus/charts/alertmanager/README.md Normal file
View File

@@ -0,0 +1,62 @@
# Alertmanager
As per [prometheus.io documentation](https://prometheus.io/docs/alerting/latest/alertmanager/):
> The Alertmanager handles alerts sent by client applications such as the
> Prometheus server. It takes care of deduplicating, grouping, and routing them
> to the correct receiver integration such as email, PagerDuty, or OpsGenie. It
> also takes care of silencing and inhibition of alerts.
## Prerequisites
Kubernetes 1.14+
## Usage
The chart is distributed as an [OCI Artifact](https://helm.sh/docs/topics/registries/) as well as via a traditional [Helm Repository](https://helm.sh/docs/topics/chart_repository/).
- OCI Artifact: `oci://ghcr.io/prometheus-community/charts/alertmanager`
- Helm Repository: `https://prometheus-community.github.io/helm-charts` with chart `alertmanager`
The installation instructions use the OCI registry. Refer to the [`helm repo`]([`helm repo`](https://helm.sh/docs/helm/helm_repo/)) command documentation for information on installing charts via the traditional repository.
### Install Chart
```console
helm install [RELEASE_NAME] oci://ghcr.io/prometheus-community/charts/alertmanager
```
_See [configuration](#configuration) below._
_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._
### Uninstall Chart
```console
helm uninstall [RELEASE_NAME]
```
This removes all the Kubernetes components associated with the chart and deletes the release.
_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._
### Upgrading Chart
```console
helm upgrade [RELEASE_NAME] [CHART] --install
```
_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._
### To 1.0
The [configmap-reload](https://github.com/jimmidyson/configmap-reload) container was replaced by the [prometheus-config-reloader](https://github.com/prometheus-operator/prometheus-operator/tree/main/cmd/prometheus-config-reloader).
Extra command-line arguments specified via configmapReload.prometheus.extraArgs are not compatible and will break with the new prometheus-config-reloader, refer to the [sources](https://github.com/prometheus-operator/prometheus-operator/blob/main/cmd/prometheus-config-reloader/main.go) in order to make the appropriate adjustment to the extea command-line arguments.
The `networking.k8s.io/v1beta1` is no longer supported. use [`networking.k8s.io/v1`](https://kubernetes.io/docs/reference/using-api/deprecation-guide/#ingressclass-v122).
## Configuration
See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments, visit the chart's [values.yaml](./values.yaml), or run these configuration commands:
```console
helm show values oci://ghcr.io/prometheus-community/charts/alertmanager
```

21
opencloud/charts/prometheus/charts/alertmanager/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,21 @@
1. Get the application URL by running these commands:
{{- if .Values.ingress.enabled }}
{{- range $host := .Values.ingress.hosts }}
{{- range .paths }}
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
{{- end }}
{{- end }}
{{- else if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ include "alertmanager.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "alertmanager.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ include "alertmanager.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get --namespace {{ include "alertmanager.namespace" . }} svc -w {{ include "alertmanager.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ include "alertmanager.namespace" . }} {{ include "alertmanager.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
echo http://$SERVICE_IP:{{ .Values.service.port }}
{{- else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ include "alertmanager.namespace" . }} -l "app.kubernetes.io/name={{ include "alertmanager.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
echo "Visit http://127.0.0.1:{{ .Values.service.port }} to use your application"
kubectl --namespace {{ include "alertmanager.namespace" . }} port-forward $POD_NAME {{ .Values.service.port }}:80
{{- end }}

81
opencloud/charts/prometheus/charts/alertmanager/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,81 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "alertmanager.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "alertmanager.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "alertmanager.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "alertmanager.labels" -}}
helm.sh/chart: {{ include "alertmanager.chart" . }}
{{ include "alertmanager.selectorLabels" . }}
{{- with .Chart.AppVersion }}
app.kubernetes.io/version: {{ . | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "alertmanager.selectorLabels" -}}
app.kubernetes.io/name: {{ include "alertmanager.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "alertmanager.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "alertmanager.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
{{/*
Define Ingress apiVersion
*/}}
{{- define "alertmanager.ingress.apiVersion" -}}
{{- printf "networking.k8s.io/v1" }}
{{- end }}
{{/*
Allow overriding alertmanager namespace
*/}}
{{- define "alertmanager.namespace" -}}
{{- if .Values.namespaceOverride -}}
{{- .Values.namespaceOverride -}}
{{- else -}}
{{- .Release.Namespace -}}
{{- end -}}
{{- end -}}

21
opencloud/charts/prometheus/charts/alertmanager/templates/configmap.yaml Normal file
View File

@@ -0,0 +1,21 @@
{{- if .Values.config.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "alertmanager.fullname" . }}
labels:
{{- include "alertmanager.labels" . | nindent 4 }}
{{- with .Values.configAnnotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
namespace: {{ include "alertmanager.namespace" . }}
data:
alertmanager.yml: |
{{- $config := omit .Values.config "enabled" }}
{{- toYaml $config | default "{}" | nindent 4 }}
{{- range $key, $value := .Values.templates }}
{{ $key }}: |-
{{- $value | nindent 4 }}
{{- end }}
{{- end }}

47
opencloud/charts/prometheus/charts/alertmanager/templates/ingress.yaml Normal file
View File

@@ -0,0 +1,47 @@
{{- if .Values.ingress.enabled }}
{{- $fullName := include "alertmanager.fullname" . }}
{{- $svcPort := .Values.service.port }}
apiVersion: {{ include "alertmanager.ingress.apiVersion" . }}
kind: Ingress
metadata:
name: {{ $fullName }}
labels:
{{- include "alertmanager.labels" . | nindent 4 }}
{{- if .Values.ingress.labels }}
{{- toYaml .Values.ingress.labels | nindent 4 }}
{{- end }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
namespace: {{ include "alertmanager.namespace" . }}
spec:
{{- if .Values.ingress.className }}
ingressClassName: {{ .Values.ingress.className }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
pathType: {{ .pathType }}
backend:
service:
name: {{ $fullName }}
port:
number: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}

56
opencloud/charts/prometheus/charts/alertmanager/templates/ingressperreplica.yaml Normal file
View File

@@ -0,0 +1,56 @@
{{- if and .Values.servicePerReplica.enabled .Values.ingressPerReplica.enabled }}
{{- $pathType := .Values.ingressPerReplica.pathType }}
{{- $count := .Values.replicaCount | int -}}
{{- $servicePort := .Values.service.port -}}
{{- $ingressValues := .Values.ingressPerReplica -}}
{{- $fullName := include "alertmanager.fullname" . }}
apiVersion: v1
kind: List
metadata:
name: {{ $fullName }}-ingressperreplica
namespace: {{ include "alertmanager.namespace" . }}
items:
{{- range $i, $e := until $count }}
- kind: Ingress
apiVersion: {{ include "alertmanager.ingress.apiVersion" $ }}
metadata:
name: {{ $fullName }}-{{ $i }}
namespace: {{ include "alertmanager.namespace" $ }}
labels:
{{- include "alertmanager.labels" $ | nindent 8 }}
{{- if $ingressValues.labels }}
{{ toYaml $ingressValues.labels | indent 8 }}
{{- end }}
{{- if $ingressValues.annotations }}
annotations:
{{ toYaml $ingressValues.annotations | indent 8 }}
{{- end }}
spec:
{{- if $ingressValues.className }}
ingressClassName: {{ $ingressValues.className }}
{{- end }}
rules:
- host: {{ $ingressValues.hostPrefix }}-{{ $i }}.{{ $ingressValues.hostDomain }}
http:
paths:
{{- range $p := $ingressValues.paths }}
- path: {{ tpl $p $ }}
pathType: {{ $pathType }}
backend:
service:
name: {{ $fullName }}-{{ $i }}
port:
name: http
{{- end -}}
{{- if or $ingressValues.tlsSecretName $ingressValues.tlsSecretPerReplica.enabled }}
tls:
- hosts:
- {{ $ingressValues.hostPrefix }}-{{ $i }}.{{ $ingressValues.hostDomain }}
{{- if $ingressValues.tlsSecretPerReplica.enabled }}
secretName: {{ $ingressValues.tlsSecretPerReplica.prefix }}-{{ $i }}
{{- else }}
secretName: {{ $ingressValues.tlsSecretName }}
{{- end }}
{{- end }}
{{- end -}}
{{- end -}}

14
opencloud/charts/prometheus/charts/alertmanager/templates/pdb.yaml Normal file
View File

@@ -0,0 +1,14 @@
{{- if .Values.podDisruptionBudget }}
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: {{ include "alertmanager.fullname" . }}
labels:
{{- include "alertmanager.labels" . | nindent 4 }}
namespace: {{ include "alertmanager.namespace" . }}
spec:
selector:
matchLabels:
{{- include "alertmanager.selectorLabels" . | nindent 6 }}
{{- toYaml .Values.podDisruptionBudget | nindent 2 }}
{{- end }}

14
opencloud/charts/prometheus/charts/alertmanager/templates/serviceaccount.yaml Normal file
View File

@@ -0,0 +1,14 @@
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "alertmanager.serviceAccountName" . }}
labels:
{{- include "alertmanager.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
namespace: {{ include "alertmanager.namespace" . }}
automountServiceAccountToken: {{ .Values.automountServiceAccountToken }}
{{- end }}

44
opencloud/charts/prometheus/charts/alertmanager/templates/serviceperreplica.yaml Normal file
View File

@@ -0,0 +1,44 @@
{{- if and .Values.servicePerReplica.enabled }}
{{- $count := .Values.replicaCount | int -}}
{{- $serviceValues := .Values.servicePerReplica -}}
apiVersion: v1
kind: List
metadata:
name: {{ include "alertmanager.fullname" . }}-serviceperreplica
namespace: {{ include "alertmanager.namespace" . }}
items:
{{- range $i, $e := until $count }}
- apiVersion: v1
kind: Service
metadata:
name: {{ include "alertmanager.fullname" $ }}-{{ $i }}
namespace: {{ include "alertmanager.namespace" $ }}
labels:
{{- include "alertmanager.labels" $ | nindent 8 }}
{{- if $serviceValues.annotations }}
annotations:
{{ toYaml $serviceValues.annotations | indent 8 }}
{{- end }}
spec:
{{- if $serviceValues.clusterIP }}
clusterIP: {{ $serviceValues.clusterIP }}
{{- end }}
{{- if $serviceValues.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{- range $cidr := $serviceValues.loadBalancerSourceRanges }}
- {{ $cidr }}
{{- end }}
{{- end }}
{{- if ne $serviceValues.type "ClusterIP" }}
externalTrafficPolicy: {{ $serviceValues.externalTrafficPolicy }}
{{- end }}
ports:
- name: http
port: {{ $.Values.service.port }}
targetPort: {{ $.Values.containerPortName }}
selector:
{{- include "alertmanager.selectorLabels" $ | nindent 8 }}
statefulset.kubernetes.io/pod-name: {{ include "alertmanager.fullname" $ }}-{{ $i }}
type: "{{ $serviceValues.type }}"
{{- end }}
{{- end }}

75
opencloud/charts/prometheus/charts/alertmanager/templates/services.yaml Normal file
View File

@@ -0,0 +1,75 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "alertmanager.fullname" . }}
labels:
{{- include "alertmanager.labels" . | nindent 4 }}
{{- with .Values.service.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
namespace: {{ include "alertmanager.namespace" . }}
spec:
{{- if .Values.service.ipDualStack.enabled }}
ipFamilies: {{ toYaml .Values.service.ipDualStack.ipFamilies | nindent 4 }}
ipFamilyPolicy: {{ .Values.service.ipDualStack.ipFamilyPolicy }}
{{- end }}
type: {{ .Values.service.type }}
{{- with .Values.service.loadBalancerIP }}
loadBalancerIP: {{ . }}
{{- end }}
{{- with .Values.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{- range $cidr := . }}
- {{ $cidr }}
{{- end }}
{{- end }}
ports:
- port: {{ .Values.service.port }}
targetPort: {{ .Values.containerPortName }}
protocol: TCP
name: http
{{- if (and (eq .Values.service.type "NodePort") .Values.service.nodePort) }}
nodePort: {{ .Values.service.nodePort }}
{{- end }}
{{- with .Values.service.extraPorts }}
{{- toYaml . | nindent 4 }}
{{- end }}
selector:
{{- include "alertmanager.selectorLabels" . | nindent 4 }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ include "alertmanager.fullname" . }}-headless
labels:
{{- include "alertmanager.labels" . | nindent 4 }}
{{- with .Values.service.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
namespace: {{ include "alertmanager.namespace" . }}
spec:
clusterIP: None
ports:
- port: {{ .Values.service.port }}
targetPort: {{ .Values.containerPortName }}
protocol: TCP
name: http
{{- if or (gt (int .Values.replicaCount) 1) (.Values.additionalPeers) }}
- port: {{ .Values.service.clusterPort }}
targetPort: clusterpeer-tcp
protocol: TCP
name: cluster-tcp
- port: {{ .Values.service.clusterPort }}
targetPort: clusterpeer-udp
protocol: UDP
name: cluster-udp
{{- end }}
{{- with .Values.service.extraPorts }}
{{- toYaml . | nindent 4 }}
{{- end }}
selector:
{{- include "alertmanager.selectorLabels" . | nindent 4 }}

280
opencloud/charts/prometheus/charts/alertmanager/templates/statefulset.yaml Normal file
View File

@@ -0,0 +1,280 @@
{{- $svcClusterPort := .Values.service.clusterPort }}
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "alertmanager.fullname" . }}
labels:
{{- include "alertmanager.labels" . | nindent 4 }}
{{- with .Values.statefulSet.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
namespace: {{ include "alertmanager.namespace" . }}
spec:
replicas: {{ .Values.replicaCount }}
minReadySeconds: {{ .Values.minReadySeconds }}
revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
selector:
matchLabels:
{{- include "alertmanager.selectorLabels" . | nindent 6 }}
serviceName: {{ include "alertmanager.fullname" . }}-headless
template:
metadata:
labels:
{{- include "alertmanager.selectorLabels" . | nindent 8 }}
{{- with .Values.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
annotations:
{{- if not .Values.configmapReload.enabled }}
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
{{- end }}
{{- with .Values.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- if .Values.hostUsers }}
hostUsers: true
{{- end }}
automountServiceAccountToken: {{ .Values.automountServiceAccountToken }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "alertmanager.serviceAccountName" . }}
{{- with .Values.dnsConfig }}
dnsConfig:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.hostAliases }}
hostAliases:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.schedulerName }}
schedulerName: {{ . }}
{{- end }}
{{- if or .Values.podAntiAffinity .Values.affinity }}
affinity:
{{- end }}
{{- with .Values.affinity }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if eq .Values.podAntiAffinity "hard" }}
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- topologyKey: {{ .Values.podAntiAffinityTopologyKey }}
labelSelector:
matchExpressions:
- {key: app.kubernetes.io/name, operator: In, values: [{{ include "alertmanager.name" . }}]}
{{- else if eq .Values.podAntiAffinity "soft" }}
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
topologyKey: {{ .Values.podAntiAffinityTopologyKey }}
labelSelector:
matchExpressions:
- {key: app.kubernetes.io/name, operator: In, values: [{{ include "alertmanager.name" . }}]}
{{- end }}
{{- with .Values.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}
{{- with .Values.topologySpreadConstraints }}
topologySpreadConstraints:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
{{- with .Values.extraInitContainers }}
initContainers:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
{{- if .Values.configmapReload.enabled }}
- name: {{ .Chart.Name }}-{{ .Values.configmapReload.name }}
image: "{{ .Values.configmapReload.image.repository }}:{{ .Values.configmapReload.image.tag }}"
imagePullPolicy: "{{ .Values.configmapReload.image.pullPolicy }}"
{{- with .Values.configmapReload.extraEnv }}
env:
{{- toYaml . | nindent 12 }}
{{- end }}
args:
{{- if and (hasKey .Values.configmapReload.extraArgs "config-file" | not) (hasKey .Values.configmapReload.extraArgs "watched-dir" | not) }}
- --watched-dir=/etc/alertmanager
{{- end }}
{{- if not (hasKey .Values.configmapReload.extraArgs "reload-url") }}
- --reload-url=http://127.0.0.1:9093/-/reload
{{- end }}
{{- range $key, $value := .Values.configmapReload.extraArgs }}
- --{{ $key }}={{ $value }}
{{- end }}
resources:
{{- toYaml .Values.configmapReload.resources | nindent 12 }}
{{- with .Values.configmapReload.containerPort }}
ports:
- containerPort: {{ . }}
{{- end }}
{{- with .Values.configmapReload.livenessProbe }}
livenessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.configmapReload.readinessProbe }}
readinessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.configmapReload.securityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
volumeMounts:
{{- if .Values.config.enabled }}
- name: config
mountPath: /etc/alertmanager
{{- end }}
{{- if .Values.configmapReload.extraVolumeMounts }}
{{- toYaml .Values.configmapReload.extraVolumeMounts | nindent 12 }}
{{- end }}
{{- end }}
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
env:
- name: POD_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
{{- if .Values.extraEnv }}
{{- toYaml .Values.extraEnv | nindent 12 }}
{{- end }}
{{- with .Values.command }}
command:
{{- toYaml . | nindent 12 }}
{{- end }}
args:
- --storage.path=/alertmanager
{{- if not (hasKey .Values.extraArgs "config.file") }}
- --config.file=/etc/alertmanager/alertmanager.yml
{{- end }}
{{- if or (gt (int .Values.replicaCount) 1) (.Values.additionalPeers) }}
- --cluster.advertise-address=[$(POD_IP)]:{{ $svcClusterPort }}
- --cluster.listen-address=0.0.0.0:{{ $svcClusterPort }}
{{- end }}
{{- if gt (int .Values.replicaCount) 1}}
{{- $fullName := include "alertmanager.fullname" . }}
{{- range $i := until (int .Values.replicaCount) }}
- --cluster.peer={{ $fullName }}-{{ $i }}.{{ $fullName }}-headless:{{ $svcClusterPort }}
{{- end }}
{{- end }}
{{- if .Values.additionalPeers }}
{{- range $item := .Values.additionalPeers }}
- --cluster.peer={{ $item }}
{{- end }}
{{- end }}
{{- range $key, $value := .Values.extraArgs }}
- --{{ $key }}={{ $value }}
{{- end }}
{{- if .Values.baseURL }}
- --web.external-url={{ .Values.baseURL }}
{{- end }}
ports:
- name: {{ .Values.containerPortName }}
containerPort: 9093
protocol: TCP
{{- if or (gt (int .Values.replicaCount) 1) (.Values.additionalPeers) }}
- name: clusterpeer-tcp
containerPort: {{ $svcClusterPort }}
protocol: TCP
- name: clusterpeer-udp
containerPort: {{ $svcClusterPort }}
protocol: UDP
{{- end }}
livenessProbe:
{{- toYaml .Values.livenessProbe | nindent 12 }}
readinessProbe:
{{- toYaml .Values.readinessProbe | nindent 12 }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
{{- if .Values.config.enabled }}
- name: config
mountPath: /etc/alertmanager
{{- end }}
{{- range .Values.extraSecretMounts }}
- name: {{ .name }}
mountPath: {{ .mountPath }}
subPath: {{ .subPath }}
readOnly: {{ .readOnly }}
{{- end }}
- name: storage
mountPath: /alertmanager
{{- if .Values.extraVolumeMounts }}
{{- toYaml .Values.extraVolumeMounts | nindent 12 }}
{{- end }}
{{- with .Values.extraContainers }}
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
{{- if .Values.config.enabled }}
- name: config
configMap:
name: {{ include "alertmanager.fullname" . }}
{{- end }}
{{- range .Values.extraSecretMounts }}
- name: {{ .name }}
secret:
secretName: {{ .secretName }}
{{- with .optional }}
optional: {{ . }}
{{- end }}
{{- end }}
{{- if .Values.extraVolumes }}
{{- toYaml .Values.extraVolumes | nindent 8 }}
{{- end }}
{{- if .Values.extraPodConfigs }}
{{- toYaml .Values.extraPodConfigs | nindent 6 }}
{{- end }}
{{- if .Values.persistence.enabled }}
volumeClaimTemplates:
- metadata:
name: storage
{{- with .Values.persistence.annotations }}
annotations:
{{ toYaml . | nindent 14 }}
{{- end }}
{{- with .Values.persistence.labels }}
labels:
{{ toYaml . | nindent 14 }}
{{- end }}
spec:
accessModes:
{{- toYaml .Values.persistence.accessModes | nindent 10 }}
resources:
requests:
storage: {{ .Values.persistence.size }}
{{- if .Values.persistence.storageClass }}
{{- if (eq "-" .Values.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: {{ .Values.persistence.storageClass }}
{{- end }}
{{- end }}
{{- else }}
- name: storage
{{- with .Values.persistence.emptyDir }}
emptyDir:
{{- toYaml . | nindent 12 }}
{{- else }}
emptyDir: {}
{{- end -}}
{{- end }}

20
opencloud/charts/prometheus/charts/alertmanager/templates/tests/test-connection.yaml Normal file
View File

@@ -0,0 +1,20 @@
{{- if .Values.testFramework.enabled }}
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "alertmanager.fullname" . }}-test-connection"
labels:
{{- include "alertmanager.labels" . | nindent 4 }}
{{- with .Values.testFramework.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
namespace: {{ include "alertmanager.namespace" . }}
spec:
containers:
- name: wget
image: busybox
command: ['wget']
args: ['{{ include "alertmanager.fullname" . }}:{{ .Values.service.port }}']
restartPolicy: Never
{{- end }}

26
opencloud/charts/prometheus/charts/alertmanager/templates/vpa.yaml Normal file
View File

@@ -0,0 +1,26 @@
{{- if .Values.verticalPodAutoscaler.enabled }}
apiVersion: autoscaling.k8s.io/v1
kind: VerticalPodAutoscaler
metadata:
name: {{ include "alertmanager.fullname" . }}
namespace: {{ .Release.Namespace }}
spec:
{{- if .Values.verticalPodAutoscaler.recommenders }}
recommenders:
{{- range .Values.verticalPodAutoscaler.recommenders }}
- name: {{ .name }}
{{- end }}
{{- end }}
targetRef:
apiVersion: apps/v1
kind: StatefulSet
name: {{ include "alertmanager.fullname" . }}
{{- if .Values.verticalPodAutoscaler.updatePolicy }}
updatePolicy:
{{- toYaml .Values.verticalPodAutoscaler.updatePolicy | nindent 4 }}
{{- end }}
{{- if .Values.verticalPodAutoscaler.resourcePolicy }}
resourcePolicy:
{{- toYaml .Values.verticalPodAutoscaler.resourcePolicy | nindent 4 }}
{{- end }}
{{- end }}

972
opencloud/charts/prometheus/charts/alertmanager/values.schema.json Normal file
View File

@@ -0,0 +1,972 @@
{
"$schema": "http://json-schema.org/draft-07/schema",
"title": "alertmanager",
"description": "The Alertmanager handles alerts sent by client applications such as the Prometheus server.",
"type": "object",
"required": [
"replicaCount",
"image",
"serviceAccount",
"service",
"persistence",
"config"
],
"definitions": {
"image": {
"description": "Container image parameters.",
"type": "object",
"required": ["repository"],
"additionalProperties": false,
"properties": {
"repository": {
"description": "Image repository. Path to the image with registry(quay.io) or without(prometheus/alertmanager) for docker.io.",
"type": "string"
},
"pullPolicy": {
"description": "Image pull policy. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated.",
"type": "string",
"enum": [
"Never",
"IfNotPresent",
"Always"
],
"default": "IfNotPresent"
},
"tag": {
"description": "Use chart appVersion by default.",
"type": "string",
"default": ""
}
}
},
"resources": {
"description": "Resource limits and requests for the Container.",
"type": "object",
"properties": {
"limits": {
"description": "Resource limits for the Container.",
"type": "object",
"properties": {
"cpu": {
"description": "CPU request for the Container.",
"type": "string"
},
"memory": {
"description": "Memory request for the Container.",
"type": "string"
}
}
},
"requests": {
"description": "Resource requests for the Container.",
"type": "object",
"properties": {
"cpu": {
"description": "CPU request for the Container.",
"type": "string"
},
"memory": {
"description": "Memory request for the Container.",
"type": "string"
}
}
}
}
},
"securityContext": {
"description": "Security context for the container.",
"type": "object",
"properties": {
"capabilities": {
"description": "Specifies the capabilities to be dropped by the container.",
"type": "object",
"properties": {
"drop": {
"description": "List of capabilities to be dropped.",
"type": "array",
"items": {
"type": "string"
}
}
}
},
"readOnlyRootFilesystem": {
"description": "Specifies whether the root file system should be mounted as read-only.",
"type": "boolean"
},
"runAsUser": {
"description": "Specifies the UID (User ID) to run the container as.",
"type": "integer"
},
"runAsNonRoot": {
"description": "Specifies whether to run the container as a non-root user.",
"type": "boolean"
},
"runAsGroup": {
"description": "Specifies the GID (Group ID) to run the container as.",
"type": "integer"
}
}
},
"volumeMounts": {
"description": "List of volume mounts for the Container.",
"type": "array",
"items": {
"description": "Volume mounts for the Container.",
"type": "object",
"required": ["name", "mountPath"],
"properties": {
"name": {
"description": "The name of the volume to mount.",
"type": "string"
},
"mountPath": {
"description": "The mount path for the volume.",
"type": "string"
},
"readOnly": {
"description": "Specifies if the volume should be mounted in read-only mode.",
"type": "boolean"
}
}
}
},
"env": {
"description": "List of environment variables for the Container.",
"type": "array",
"items": {
"description": "Environment variables for the Container.",
"type": "object",
"required": ["name"],
"properties": {
"name": {
"description": "The name of the environment variable.",
"type": "string"
},
"value": {
"description": "The value of the environment variable.",
"type": "string"
}
}
}
},
"config": {
"description": "https://prometheus.io/docs/alerting/latest/configuration/",
"duration": {
"type": "string",
"pattern": "^((([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?|0)$"
},
"labelname": {
"type": "string",
"pattern": "^[a-zA-Z_][a-zA-Z0-9_]*$|^...$"
},
"route": {
"description": "Alert routing configuration.",
"type": "object",
"properties": {
"receiver": {
"description": "The default receiver to send alerts to.",
"type": "string"
},
"group_by": {
"description": "The labels by which incoming alerts are grouped together.",
"type": "array",
"items": {
"type": "string",
"$ref": "#/definitions/config/labelname"
}
},
"continue": {
"description": "Whether an alert should continue matching subsequent sibling nodes.",
"type": "boolean",
"default": false
},
"matchers": {
"description": "A list of matchers that an alert has to fulfill to match the node.",
"type": "array",
"items": {
"type": "string"
}
},
"group_wait": {
"description": "How long to initially wait to send a notification for a group of alerts.",
"$ref": "#/definitions/config/duration"
},
"group_interval": {
"description": "How long to wait before sending a notification about new alerts that are added to a group of alerts for which an initial notification has already been sent.",
"$ref": "#/definitions/config/duration"
},
"repeat_interval": {
"description": "How long to wait before sending a notification again if it has already been sent successfully for an alert.",
"$ref": "#/definitions/config/duration"
},
"mute_time_intervals": {
"description": "Times when the route should be muted.",
"type": "array",
"items": {
"type": "string"
}
},
"active_time_intervals": {
"description": "Times when the route should be active.",
"type": "array",
"items": {
"type": "string"
}
},
"routes": {
"description": "Zero or more child routes.",
"type": "array",
"items": {
"type": "object",
"$ref": "#/definitions/config/route"
}
}
}
}
}
},
"properties": {
"replicaCount": {
"description": "Number of desired pods.",
"type": "integer",
"default": 1,
"minimum": 0
},
"image": {
"description": "Container image parameters.",
"$ref": "#/definitions/image"
},
"baseURL": {
"description": "External URL where alertmanager is reachable.",
"type": "string",
"default": "",
"examples": [
"https://alertmanager.example.com"
]
},
"extraArgs": {
"description": "Additional alertmanager container arguments. Use args without '--', only 'key: value' syntax.",
"type": "object",
"default": {}
},
"extraSecretMounts": {
"description": "Additional Alertmanager Secret mounts.",
"type": "array",
"default": [],
"items": {
"type": "object",
"required": ["name", "mountPath", "secretName"],
"properties": {
"name": {
"type": "string"
},
"mountPath": {
"type": "string"
},
"subPath": {
"type": "string",
"default": ""
},
"secretName": {
"type": "string"
},
"readOnly": {
"type": "boolean",
"default": false
}
}
}
},
"imagePullSecrets": {
"description": "The property allows you to configure multiple image pull secrets.",
"type": "array",
"default": [],
"items": {
"type": "object",
"required": ["name"],
"properties": {
"name": {
"description": "Specifies the Secret name of the image pull secret.",
"type": "string"
}
}
}
},
"nameOverride": {
"description": "Override value for the name of the Helm chart.",
"type": "string",
"default": ""
},
"fullnameOverride": {
"description": "Override value for the fully qualified app name.",
"type": "string",
"default": ""
},
"namespaceOverride": {
"description": "Override deployment namespace.",
"type": "string",
"default": ""
},
"automountServiceAccountToken": {
"description": "Specifies whether to automatically mount the ServiceAccount token into the Pod's filesystem.",
"type": "boolean",
"default": true
},
"hostUsers": {
"description": "Running within a user namespace, where the user IDs inside the container are mapped to different, usually unprivileged, user IDs on the host system.",
"type": "boolean",
"default": false
},
"serviceAccount": {
"description": "Contains properties related to the service account configuration.",
"type": "object",
"required": ["create"],
"properties": {
"create": {
"description": "Specifies whether a service account should be created.",
"type": "boolean",
"default": true
},
"annotations": {
"description": "Annotations to add to the service account.",
"type": "object",
"default": {}
},
"name": {
"description": "The name of the service account to use. If not set and create is true, a name is generated using the fullname template.",
"type": "string",
"default": ""
}
}
},
"schedulerName": {
"description": "Sets the schedulerName in the alertmanager pod.",
"type": "string",
"default": ""
},
"priorityClassName": {
"description": "Sets the priorityClassName in the alertmanager pod.",
"type": "string",
"default": ""
},
"podSecurityContext": {
"description": "Pod security context configuration.",
"type": "object",
"properties": {
"fsGroup": {
"description": "The fsGroup value for the pod's security context.",
"type": "integer",
"default": 65534
},
"runAsUser": {
"description": "The UID to run the pod's containers as.",
"type": "integer"
},
"runAsGroup": {
"description": "The GID to run the pod's containers as.",
"type": "integer"
}
}
},
"dnsConfig": {
"description": "DNS configuration for the pod.",
"type": "object",
"properties": {
"nameservers": {
"description": "List of DNS server IP addresses.",
"type": "array",
"items": {
"type": "string"
}
},
"searches": {
"description": "List of DNS search domains.",
"type": "array",
"items": {
"type": "string"
}
},
"options": {
"description": "List of DNS options.",
"type": "array",
"items": {
"description": "DNS options.",
"type": "object",
"required": ["name"],
"properties": {
"name": {
"description": "The name of the DNS option.",
"type": "string"
},
"value": {
"description": "The value of the DNS option.",
"type": "string"
}
}
}
}
}
},
"hostAliases": {
"description": "List of host aliases.",
"type": "array",
"items": {
"description": "Host aliases configuration.",
"type": "object",
"required": ["ip", "hostnames"],
"properties": {
"ip": {
"description": "IP address associated with the host alias.",
"type": "string"
},
"hostnames": {
"description": "List of hostnames associated with the IP address.",
"type": "array",
"items": {
"type": "string"
}
}
}
}
},
"securityContext": {
"description": "Security context for the container.",
"$ref": "#/definitions/securityContext"
},
"additionalPeers": {
"description": "Additional peers for a alertmanager.",
"type": "array",
"items": {
"type": "string"
}
},
"extraInitContainers": {
"description": "Additional InitContainers to initialize the pod.",
"type": "array",
"default": [],
"items": {
"required": ["name", "image"],
"properties": {
"name": {
"description": "The name of the InitContainer.",
"type": "string"
},
"image": {
"description": "The container image to use for the InitContainer.",
"type": "string"
},
"pullPolicy": {
"description": "Image pull policy. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated.",
"type": "string",
"enum": [
"Never",
"IfNotPresent",
"Always"
],
"default": "IfNotPresent"
},
"command": {
"description": "The command to run in the InitContainer.",
"type": "array",
"items": {
"type": "string"
}
},
"args": {
"description": "Additional command arguments for the InitContainer.",
"type": "array",
"items": {
"type": "string"
}
},
"ports": {
"description": "List of ports to expose from the container.",
"type": "array",
"items": {
"type": "object"
}
},
"env": {
"description": "List of environment variables for the InitContainer.",
"$ref": "#/definitions/env"
},
"envFrom": {
"description": "List of sources to populate environment variables in the container.",
"type": "array",
"items": {
"type": "object"
}
},
"volumeMounts": {
"description": "List of volume mounts for the InitContainer.",
"$ref": "#/definitions/volumeMounts"
},
"resources": {
"description": "Resource requirements for the InitContainer.",
"$ref": "#/definitions/resources"
},
"securityContext": {
"$ref": "#/definitions/securityContext",
"description": "The security context for the InitContainer."
}
}
}
},
"extraContainers": {
"description": "Additional containers to add to the stateful set.",
"type": "array",
"default": [],
"items": {
"required": ["name", "image"],
"properties": {
"name": {
"description": "The name of the InitContainer.",
"type": "string"
},
"image": {
"description": "The container image to use for the InitContainer.",
"type": "string"
},
"pullPolicy": {
"description": "Image pull policy. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated.",
"type": "string",
"enum": [
"Never",
"IfNotPresent",
"Always"
],
"default": "IfNotPresent"
},
"command": {
"description": "The command to run in the InitContainer.",
"type": "array",
"items": {
"type": "string"
}
},
"args": {
"description": "Additional command arguments for the InitContainer.",
"type": "array",
"items": {
"type": "string"
}
},
"ports": {
"description": "List of ports to expose from the container.",
"type": "array",
"items": {
"type": "object"
}
},
"env": {
"description": "List of environment variables for the InitContainer.",
"$ref": "#/definitions/env"
},
"envFrom": {
"description": "List of sources to populate environment variables in the container.",
"type": "array",
"items": {
"type": "object"
}
},
"volumeMounts": {
"description": "List of volume mounts for the InitContainer.",
"$ref": "#/definitions/volumeMounts"
},
"resources": {
"description": "Resource requirements for the InitContainer.",
"$ref": "#/definitions/resources"
},
"securityContext": {
"$ref": "#/definitions/securityContext",
"description": "The security context for the InitContainer."
}
}
}
},
"resources": {
"description": "Resource limits and requests for the pod.",
"$ref": "#/definitions/resources"
},
"containerPortName": {
"description": "Name of the port for the main container.",
"type": "string",
"default": "http"
},
"livenessProbe": {
"description": "Liveness probe configuration.",
"type": "object"
},
"readinessProbe": {
"description": "Readiness probe configuration.",
"type": "object"
},
"service": {
"description": "Service configuration.",
"type": "object",
"required": ["type", "port"],
"properties": {
"annotations": {
"description": "Annotations to add to the service.",
"type": "object"
},
"type": {
"description": "Service type.",
"type": "string"
},
"port": {
"description": "Port number for the service.",
"type": "integer"
},
"clusterPort": {
"description": "Port number for the cluster.",
"type": "integer"
},
"loadBalancerIP": {
"description": "External IP to assign when the service type is LoadBalancer.",
"type": "string"
},
"loadBalancerSourceRanges": {
"description": "IP ranges to allow access to the loadBalancerIP.",
"type": "array",
"items": {
"type": "string"
}
},
"nodePort": {
"description": "Specific nodePort to force when service type is NodePort.",
"type": "integer"
}
}
},
"ingress": {
"description": "Ingress configuration.",
"type": "object",
"properties": {
"enabled": {
"description": "Indicates if Ingress is enabled.",
"type": "boolean"
},
"className": {
"description": "Ingress class name.",
"type": "string"
},
"annotations": {
"description": "Annotations to add to the Ingress.",
"type": "object"
},
"hosts": {
"description": "Host and path configuration for the Ingress.",
"type": "array",
"items": {
"type": "object",
"properties": {
"host": {
"description": "Host name for the Ingress.",
"type": "string"
},
"paths": {
"description": "Path configuration for the Ingress.",
"type": "array",
"items": {
"type": "object",
"properties": {
"path": {
"description": "Path for the Ingress.",
"type": "string"
},
"pathType": {
"description": "Path type for the Ingress.",
"type": "string"
}
}
}
}
}
}
},
"tls": {
"description": "TLS configuration for the Ingress.",
"type": "array",
"items": {
"type": "object",
"properties": {
"secretName": {
"description": "Name of the secret for TLS.",
"type": "string"
},
"hosts": {
"description": "Host names for the TLS configuration.",
"type": "array",
"items": {
"type": "string"
}
}
}
}
}
}
},
"nodeSelector": {
"description": "Node selector for pod assignment.",
"type": "object"
},
"tolerations": {
"description": "Tolerations for pod assignment.",
"type": "array"
},
"affinity": {
"description": "Affinity rules for pod assignment.",
"type": "object"
},
"podAntiAffinity": {
"description": "Pod anti-affinity configuration.",
"type": "string",
"enum": ["", "soft", "hard"],
"default": ""
},
"podAntiAffinityTopologyKey": {
"description": "Topology key to use for pod anti-affinity.",
"type": "string"
},
"topologySpreadConstraints": {
"description": "Topology spread constraints for pod assignment.",
"type": "array",
"items": {
"type": "object",
"required": ["maxSkew", "topologyKey", "whenUnsatisfiable", "labelSelector"],
"properties": {
"maxSkew": {
"type": "integer"
},
"topologyKey": {
"type": "string"
},
"whenUnsatisfiable": {
"type": "string",
"enum": ["DoNotSchedule", "ScheduleAnyway"]
},
"labelSelector": {
"type": "object",
"required": ["matchLabels"],
"properties": {
"matchLabels": {
"type": "object"
}
}
}
}
}
},
"statefulSet": {
"description": "StatefulSet configuration for managing pods.",
"type": "object",
"properties": {
"annotations": {
"type": "object"
}
}
},
"podAnnotations": {
"description": "Annotations to add to the pods.",
"type": "object"
},
"podLabels": {
"description": "Labels to add to the pods.",
"type": "object"
},
"podDisruptionBudget": {
"description": "Pod disruption budget configuration.",
"type": "object",
"properties": {
"maxUnavailable": {
"type": "integer"
},
"minAvailable": {
"type": "integer"
}
}
},
"command": {
"description": "The command to be executed in the container.",
"type": "array",
"items": {
"type": "string"
}
},
"persistence": {
"description": "Persistence configuration for storing data.",
"type": "object",
"required": ["enabled", "size"],
"properties": {
"enabled": {
"type": "boolean"
},
"storageClass": {
"type": "string"
},
"accessModes": {
"type": "array",
"items": {
"type": "string"
}
},
"size": {
"type": "string"
},
"annotations": {
"type": "object",
"description": "Custom annotations to apply to the PersistentVolumeClaim created by the Alertmanager StatefulSet.",
"additionalProperties": {
"type": "string"
},
"default": {}
},
"labels": {
"type": "object",
"description": "Custom labels to apply to the PersistentVolumeClaim created by the Alertmanager StatefulSet.",
"additionalProperties": {
"type": "string"
},
"default": {}
}
}
},
"configAnnotations": {
"description": "Annotations to be added to the Alertmanager configuration.",
"type": "object"
},
"config": {
"description": "Alertmanager configuration.",
"type": "object",
"properties": {
"enabled": {
"description": "Whether to create alermanager configmap or not.",
"type": "boolean"
},
"global": {
"description": "Global configuration options.",
"type": "object"
},
"templates": {
"description": "Alertmanager template files.",
"type": "array",
"items": {
"type": "string"
}
},
"receivers": {
"description": "Alert receivers configuration.",
"type": "array",
"items": {
"type": "object",
"required": ["name"],
"properties": {
"name": {
"description": "The unique name of the receiver.",
"type": "string"
}
}
}
},
"route": {
"description": "Alert routing configuration.",
"type": "object",
"$ref": "#/definitions/config/route"
}
}
},
"configmapReload": {
"description": "Monitors ConfigMap changes and POSTs to a URL.",
"type": "object",
"properties": {
"enabled": {
"description": "Specifies whether the configmap-reload container should be deployed.",
"type": "boolean",
"default": false
},
"name": {
"description": "The name of the configmap-reload container.",
"type": "string"
},
"image": {
"description": "The container image for the configmap-reload container.",
"$ref": "#/definitions/image"
},
"containerPort": {
"description": "Port number for the configmap-reload container.",
"type": "integer"
},
"resources": {
"description": "Resource requests and limits for the configmap-reload container.",
"$ref": "#/definitions/resources"
}
}
},
"templates": {
"description": "Custom templates used by Alertmanager.",
"type": "object"
},
"extraVolumeMounts": {
"description": "List of volume mounts for the Container.",
"$ref": "#/definitions/volumeMounts"
},
"extraVolumes": {
"description": "Additional volumes to be mounted in the Alertmanager pod.",
"type": "array",
"default": [],
"items": {
"type": "object",
"required": ["name"],
"properties": {
"name": {
"type": "string"
}
}
}
},
"extraEnv": {
"description": "List of environment variables for the Container.",
"$ref": "#/definitions/env"
},
"testFramework": {
"description": "Configuration for the test Pod.",
"type": "object",
"properties": {
"enabled": {
"description": "Specifies whether the test Pod is enabled.",
"type": "boolean",
"default": false
},
"annotations": {
"description": "Annotations to be added to the test Pod.",
"type": "object"
}
}
},
"verticalPodAutoscaler": {
"description": "Vertical Pod Autoscaling configuration.",
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"default": false
},
"recommenders": {
"type": "array"
},
"updatePolicy": {
"type": "object"
},
"resourcePolicy": {
"type": "object"
}
}
},
"extraPodConfigs": {
"description": "Object to allow users to add additional Pod configuration like dnsPolicy or hostNetwork",
"type": "object"
}
}
}

440
opencloud/charts/prometheus/charts/alertmanager/values.yaml Normal file
View File

@@ -0,0 +1,440 @@
# yaml-language-server: $schema=values.schema.json
# Default values for alertmanager.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
# Number of old history to retain to allow rollback
# Default Kubernetes value is set to 10
revisionHistoryLimit: 10
image:
repository: quay.io/prometheus/alertmanager
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: ""
# Full external URL where alertmanager is reachable, used for backlinks.
baseURL: ""
extraArgs: {}
## Additional Alertmanager Secret mounts
# Defines additional mounts with secrets. Secrets must be manually created in the namespace.
extraSecretMounts: []
# - name: secret-files
# mountPath: /etc/secrets
# subPath: ""
# secretName: alertmanager-secret-files
# readOnly: true
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
## namespaceOverride overrides the namespace which the resources will be deployed in
namespaceOverride: ""
automountServiceAccountToken: true
## Running within a user namespace.
# Kubernetes server must be at or later than version v1.25.
# Kubernetes v1.25 through to v1.27 recognise UserNamespacesStatelessPodsSupport.
# Kubernetes v1.28 through to v1.32 need to enable the UserNamespacesSupport feature gate.
hostUsers: false
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
# Sets priorityClassName in alertmanager pod
priorityClassName: ""
# Sets schedulerName in alertmanager pod
schedulerName: ""
podSecurityContext:
fsGroup: 65534
dnsConfig: {}
# nameservers:
# - 1.2.3.4
# searches:
# - ns1.svc.cluster-domain.example
# - my.dns.search.suffix
# options:
# - name: ndots
# value: "2"
# - name: edns0
hostAliases: []
# - ip: "127.0.0.1"
# hostnames:
# - "foo.local"
# - "bar.local"
# - ip: "10.1.2.3"
# hostnames:
# - "foo.remote"
# - "bar.remote"
securityContext:
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
runAsUser: 65534
runAsNonRoot: true
runAsGroup: 65534
additionalPeers: []
## Additional InitContainers to initialize the pod
##
extraInitContainers: []
## Additional containers to add to the stateful set. This will allow to setup sidecarContainers like a proxy to integrate
## alertmanager with an external tool like teams that has not direct integration.
##
extraContainers: []
containerPortName: &containerPortName http
livenessProbe:
httpGet:
path: /
port: *containerPortName
readinessProbe:
httpGet:
path: /
port: *containerPortName
service:
annotations: {}
labels: {}
type: ClusterIP
port: 9093
clusterPort: 9094
loadBalancerIP: "" # Assign ext IP when Service type is LoadBalancer
loadBalancerSourceRanges: [] # Only allow access to loadBalancerIP from these IPs
# if you want to force a specific nodePort. Must be use with service.type=NodePort
# nodePort:
# Optionally specify extra list of additional ports exposed on both services
extraPorts: []
# ip dual stack
ipDualStack:
enabled: false
ipFamilies: ["IPv6", "IPv4"]
ipFamilyPolicy: "PreferDualStack"
# Configuration for creating a separate Service for each statefulset Alertmanager replica
#
servicePerReplica:
enabled: false
annotations: {}
# Loadbalancer source IP ranges
# Only used if servicePerReplica.type is "LoadBalancer"
loadBalancerSourceRanges: []
# Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
#
externalTrafficPolicy: Cluster
# Service type
#
type: ClusterIP
ingress:
enabled: false
className: ""
labels: {}
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: alertmanager.domain.com
paths:
- path: /
pathType: ImplementationSpecific
tls: []
# - secretName: chart-example-tls
# hosts:
# - alertmanager.domain.com
# Configuration for creating an Ingress that will map to each Alertmanager replica service
# alertmanager.servicePerReplica must be enabled
#
ingressPerReplica:
enabled: false
# className for the ingresses
#
className: ""
annotations: {}
labels: {}
# Final form of the hostname for each per replica ingress is
# {{ ingressPerReplica.hostPrefix }}-{{ $replicaNumber }}.{{ ingressPerReplica.hostDomain }}
#
# Prefix for the per replica ingress that will have `-$replicaNumber`
# appended to the end
hostPrefix: "alertmanager"
# Domain that will be used for the per replica ingress
hostDomain: "domain.com"
# Paths to use for ingress rules
#
paths:
- /
# PathType for ingress rules
#
pathType: ImplementationSpecific
# Secret name containing the TLS certificate for alertmanager per replica ingress
# Secret must be manually created in the namespace
tlsSecretName: ""
# Separated secret for each per replica Ingress. Can be used together with cert-manager
#
tlsSecretPerReplica:
enabled: false
# Final form of the secret for each per replica ingress is
# {{ tlsSecretPerReplica.prefix }}-{{ $replicaNumber }}
#
prefix: "alertmanager"
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 10m
# memory: 32Mi
nodeSelector: {}
tolerations: []
affinity: {}
## Pod anti-affinity can prevent the scheduler from placing Alertmanager replicas on the same node.
## The default value "soft" means that the scheduler should *prefer* to not schedule two replica pods onto the same node but no guarantee is provided.
## The value "hard" means that the scheduler is *required* to not schedule two replica pods onto the same node.
## The value "" will disable pod anti-affinity so that no anti-affinity rules will be configured.
##
podAntiAffinity: ""
## If anti-affinity is enabled sets the topologyKey to use for anti-affinity.
## This can be changed to, for example, failure-domain.beta.kubernetes.io/zone
##
podAntiAffinityTopologyKey: kubernetes.io/hostname
## Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in.
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
topologySpreadConstraints: []
# - maxSkew: 1
# topologyKey: failure-domain.beta.kubernetes.io/zone
# whenUnsatisfiable: DoNotSchedule
# labelSelector:
# matchLabels:
# app.kubernetes.io/instance: alertmanager
statefulSet:
annotations: {}
## Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to
## be considered available. Defaults to 0 (pod will be considered available as soon as it is ready).
## This is an alpha field from kubernetes 1.22 until 1.24 which requires enabling the StatefulSetMinReadySeconds
## feature gate.
## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#minimum-ready-seconds
minReadySeconds: 0
podAnnotations: {}
podLabels: {}
# Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
podDisruptionBudget: {}
# maxUnavailable: 1
# minAvailable: 1
command: []
persistence:
## If true, storage will create or use Persistence Volume
## If false, storage will use emptyDir
##
enabled: true
## Custom annotations for the PVC created by the alertmanager StatefulSet.
## Useful for configuring storage provider options such as disk type, KMS encryption keys, or custom volume name prefixes.
annotations: {}
## Custom labels for the PVC created by the alertmanager StatefulSet.
## Useful for selecting, grouping, and organizing so that they can be queried or targeted in deployments, policies, etc.
labels: {}
## Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner.
##
# storageClass: "-"
accessModes:
- ReadWriteOnce
size: 50Mi
## Configure emptyDir volume
##
emptyDir: {}
configAnnotations: {}
## For example if you want to provide private data from a secret vault
## https://github.com/banzaicloud/bank-vaults/tree/main/charts/vault-secrets-webhook
## P.s.: Add option `configMapMutation: true` for vault-secrets-webhook
# vault.security.banzaicloud.io/vault-role: "admin"
# vault.security.banzaicloud.io/vault-addr: "https://vault.vault.svc.cluster.local:8200"
# vault.security.banzaicloud.io/vault-skip-verify: "true"
# vault.security.banzaicloud.io/vault-path: "kubernetes"
## Example for inject secret
# slack_api_url: '${vault:secret/data/slack-hook-alerts#URL}'
config:
enabled: true
global: {}
# slack_api_url: ''
templates:
- '/etc/alertmanager/*.tmpl'
receivers:
- name: default-receiver
# slack_configs:
# - channel: '@you'
# send_resolved: true
route:
group_wait: 10s
group_interval: 5m
receiver: default-receiver
repeat_interval: 3h
## Monitors ConfigMap changes and POSTs to a URL
## Ref: https://github.com/prometheus-operator/prometheus-operator/tree/main/cmd/prometheus-config-reloader
##
configmapReload:
## If false, the configmap-reload container will not be deployed
##
enabled: false
## configmap-reload container name
##
name: configmap-reload
## configmap-reload container image
##
image:
repository: quay.io/prometheus-operator/prometheus-config-reloader
tag: v0.86.1
pullPolicy: IfNotPresent
# containerPort: 9533
## configmap-reload resource requests and limits
## Ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources: {}
livenessProbe: {}
# httpGet:
# path: /healthz
# port: 8080
# scheme: HTTP
readinessProbe: {}
# httpGet:
# path: /healthz
# port: 8080
# scheme: HTTP
extraArgs: {}
## Optionally specify extra list of additional volumeMounts
extraVolumeMounts: []
# - name: extras
# mountPath: /usr/share/extras
# readOnly: true
## Optionally specify extra environment variables to add to alertmanager container
extraEnv: []
# - name: FOO
# value: BAR
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsUser: 65534
# runAsNonRoot: true
# runAsGroup: 65534
templates: {}
# alertmanager.tmpl: |-
## Optionally specify extra list of additional volumeMounts
extraVolumeMounts: []
# - name: extras
# mountPath: /usr/share/extras
# readOnly: true
## Optionally specify extra list of additional volumes
extraVolumes: []
# - name: extras
# emptyDir: {}
## Optionally specify extra environment variables to add to alertmanager container
extraEnv: []
# - name: FOO
# value: BAR
testFramework:
enabled: false
annotations:
"helm.sh/hook": test-success
# "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
# --- Vertical Pod Autoscaler
verticalPodAutoscaler:
# -- Use VPA for alertmanager
enabled: false
# recommenders:
# - name: 'alternative'
# updatePolicy:
# updateMode: "Auto"
# minReplicas: 1
# resourcePolicy:
# containerPolicies:
# - containerName: '*'
# minAllowed:
# cpu: 100m
# memory: 128Mi
# maxAllowed:
# cpu: 1
# memory: 500Mi
# controlledResources: ["cpu", "memory"]
# --- Extra Pod Configs
extraPodConfigs: {}
# dnsPolicy: ClusterFirstWithHostNet
# hostNetwork: true

21
opencloud/charts/prometheus/charts/kube-state-metrics/.helmignore Normal file
View File

@@ -0,0 +1,21 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj

29
opencloud/charts/prometheus/charts/kube-state-metrics/Chart.yaml Normal file
View File

@@ -0,0 +1,29 @@
annotations:
artifacthub.io/license: Apache-2.0
artifacthub.io/links: |
- name: Chart Source
url: https://github.com/prometheus-community/helm-charts
apiVersion: v2
appVersion: 2.17.0
description: Install kube-state-metrics to generate and expose cluster-level metrics
home: https://github.com/kubernetes/kube-state-metrics/
keywords:
- metric
- monitoring
- prometheus
- kubernetes
maintainers:
- email: tariq.ibrahim@mulesoft.com
name: tariq1890
url: https://github.com/tariq1890
- email: manuel@rueg.eu
name: mrueg
url: https://github.com/mrueg
- email: david@0xdc.me
name: dotdc
url: https://github.com/dotdc
name: kube-state-metrics
sources:
- https://github.com/kubernetes/kube-state-metrics/
type: application
version: 6.4.1

87
opencloud/charts/prometheus/charts/kube-state-metrics/README.md Normal file
View File

@@ -0,0 +1,87 @@
# kube-state-metrics Helm Chart
Installs the [kube-state-metrics agent](https://github.com/kubernetes/kube-state-metrics).
## Usage
The chart is distributed as an [OCI Artifact](https://helm.sh/docs/topics/registries/) as well as via a traditional [Helm Repository](https://helm.sh/docs/topics/chart_repository/).
- OCI Artifact: `oci://ghcr.io/prometheus-community/charts/kube-state-metrics`
- Helm Repository: `https://prometheus-community.github.io/helm-charts` with chart `kube-state-metrics`
The installation instructions use the OCI registry. Refer to the [`helm repo`]([`helm repo`](https://helm.sh/docs/helm/helm_repo/)) command documentation for information on installing charts via the traditional repository.
### Install Chart
```console
helm install [RELEASE_NAME] oci://ghcr.io/prometheus-community/charts/kube-state-metrics [flags]
```
_See [configuration](#configuration) below._
_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._
### Uninstall Chart
```console
helm uninstall [RELEASE_NAME]
```
This removes all the Kubernetes components associated with the chart and deletes the release.
_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._
### Upgrading Chart
```console
helm upgrade [RELEASE_NAME] oci://ghcr.io/prometheus-community/charts/kube-state-metrics [flags]
```
_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._
#### Migrating from stable/kube-state-metrics and kubernetes/kube-state-metrics
You can upgrade in-place:
1. [upgrade](#upgrading-chart) your existing release name using the new chart repository
## Upgrading to v6.0.0
This version drops support for deprecated Pod Security Policy resources.
## Upgrading to v3.0.0
v3.0.0 includes kube-state-metrics v2.0, see the [changelog](https://github.com/kubernetes/kube-state-metrics/blob/release-2.0/CHANGELOG.md) for major changes on the application-side.
The upgraded chart now the following changes:
- Dropped support for helm v2 (helm v3 or later is required)
- collectors key was renamed to resources
- namespace key was renamed to namespaces
## Configuration
See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments:
```console
helm show values oci://ghcr.io/prometheus-community/charts/kube-state-metrics
```
### kube-rbac-proxy
You can enable `kube-state-metrics` endpoint protection using `kube-rbac-proxy`. By setting `kubeRBACProxy.enabled: true`, this chart will deploy one RBAC proxy container per endpoint (metrics & telemetry).
To authorize access, authenticate your requests (via a `ServiceAccount` for example) with a `ClusterRole` attached such as:
```yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: kube-state-metrics-read
rules:
- apiGroups: [ "" ]
resources: ["services/kube-state-metrics"]
verbs:
- get
```
See [kube-rbac-proxy examples](https://github.com/brancz/kube-rbac-proxy/tree/master/examples/resource-attributes) for more details.

23
opencloud/charts/prometheus/charts/kube-state-metrics/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,23 @@
kube-state-metrics is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects.
The exposed metrics can be found here:
https://github.com/kubernetes/kube-state-metrics/blob/master/docs/README.md#exposed-metrics
The metrics are exported on the HTTP endpoint /metrics on the listening port.
In your case, {{ template "kube-state-metrics.fullname" . }}.{{ template "kube-state-metrics.namespace" . }}.svc.cluster.local:{{ .Values.service.port }}/metrics
They are served either as plaintext or protobuf depending on the Accept header.
They are designed to be consumed either by Prometheus itself or by a scraper that is compatible with scraping a Prometheus client endpoint.
{{- if .Values.kubeRBACProxy.enabled}}
kube-rbac-proxy endpoint protections is enabled:
- Metrics endpoints are now HTTPS
- Ensure that the client authenticates the requests (e.g. via service account) with the following role permissions:
```
rules:
- apiGroups: [ "" ]
resources: ["services/{{ template "kube-state-metrics.fullname" . }}"]
verbs:
- get
```
{{- end }}

Some files were not shown because too many files have changed in this diff Show More