diff --git a/charts/README.md b/charts/README.md index 13844890..66de6e27 100644 --- a/charts/README.md +++ b/charts/README.md @@ -6,8 +6,7 @@ ## List services that can be installed using helm (to access readme with instruction please choose desired version) ## Table of content - -- [argocd](https://github.com/sourcemation/charts/tree/main/charts/argocd/README.md) +- [agro-cd](https://github.com/sourcemation/charts/tree/main/charts/argo-cd/README.md) - [cert-manager](https://github.com/sourcemation/charts/tree/main/charts/cert-manager/README.md) - [cert-manager-add-ons](https://github.com/sourcemation/charts/tree/main/charts/cert-manager-add-ons/README.md) - [cert-manager-operator](https://github.com/sourcemation/charts/tree/main/charts/cert-manager-operator/README.md) diff --git a/charts/argo-cd/.helmignore b/charts/argo-cd/.helmignore new file mode 100644 index 00000000..f82e96d4 --- /dev/null +++ b/charts/argo-cd/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/argo-cd/Chart.lock b/charts/argo-cd/Chart.lock new file mode 100644 index 00000000..2d1900a1 --- /dev/null +++ b/charts/argo-cd/Chart.lock @@ -0,0 +1,9 @@ +dependencies: +- name: common + repository: https://sourcemation.github.io/charts/ + version: 0.1.1 +- name: argo-cd + repository: https://argoproj.github.io/argo-helm + version: 7.8.20 +digest: sha256:6a8b6f9e3f7a1eade0fab68e1ad7046628c4a40db7a887377fbf2f5b96ed0f67 +generated: "2025-04-02T15:35:52.767698643+02:00" diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml new file mode 100644 index 00000000..e463618c --- /dev/null +++ b/charts/argo-cd/Chart.yaml @@ -0,0 +1,34 @@ +annotations: + catalog.cattle.io/display-name: Argo CD (1/1) - OPERATOR/APP + catalog.cattle.io/os: linux + catalog.cattle.io/permits-os: linux + catalog.cattle.io/release-name: argo-cd + catalog.cattle.io/namespace: argocd +# catalog.cattle.io/kube-version: '>=1.26.0-0 < 1.31.0-0' +# catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.10.0-0' +apiVersion: v2 +appVersion: 7.8.20 +dependencies: + - name: common + repository: https://sourcemation.github.io/charts/ + version: 0.1.1 + - name: argo-cd + repository: https://argoproj.github.io/argo-helm + version: 7.8.20 + alias: argocd +description: "A declarative, GitOps-based continuous delivery tool for Kubernetes. Install once per k8s. CI/CD." +home: https://linuxpolska.com +icon: https://linuxpolska.com/logo/LinuxPolska-icon.png +keywords: + - gitops + - ci/cd + - kubernetes +#kubeVersion: '>=1.26.0-0 <1.31.0-0' +maintainers: + - email: marek.janosz@linuxpolska.com + name: jmmaro +name: argo-cd +sources: + - https://github.com/SourceMation/charts.git +type: application +version: 0.1.0 \ No newline at end of file diff --git a/charts/argo-cd/DEVELOPER.md b/charts/argo-cd/DEVELOPER.md new file mode 100644 index 00000000..95751360 --- /dev/null +++ b/charts/argo-cd/DEVELOPER.md @@ -0,0 +1,55 @@ +## For developers + +## Installing from repo + +```bash +export RELEASE_NAME=argo +export CHART_NAME=argo-cd +export RELEASE_NAMESPACE=argocd + +export CHART_URL=argo-cd.apps.example.com +export CERT_ISSUER_NAME=default-selfsigned-ca +export CERT_ISSUER_KIND=ClusterIssuer + +git clone git@github.com:SourceMation/charts.git +cd charts/charts/${CHART_NAME} + +kubectl create ns ${RELEASE_NAMESPACE} +kubectl config set-context --current --namespace ${RELEASE_NAMESPACE} + +cat << EOF > /tmp/values.yaml +argocd: + global: + domain: "${CHART_URL}$" + server: + ingress: + enabled: true + tls: true + certificate: + enabled: true + issuer: + group: "cert-manager.io" + kind: "${CERT_ISSUER_KIND}" + name: "${CERT_ISSUER_NAME}" +EOF + + +helm -n ${RELEASE_NAMESPACE} upgrade --install ${RELEASE_NAME} . \ +-f /tmp/values.yaml +``` + +# Cleaning + +```bash +helm uninstall -n ${RELEASE_NAMESPACE} ${RELEASE_NAME} +kubectl delete -n ${RELEASE_NAMESPACE} secret/argocd-redis +kubectl get crd -o name | grep -i argoproj | xargs kubectl delete +``` + + +# Testing + +```bash +kubectl -n ${RELEASE_NAMESPACE} get po,svc,sts,secret,cm,pvc,ingress,cert +kubectl get crd | grep argoproj +``` diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md new file mode 100644 index 00000000..f4aa8987 --- /dev/null +++ b/charts/argo-cd/README.md @@ -0,0 +1,90 @@ +## General + +### Are you looking for more information? + +1. Documentation: https://argo-cd.readthedocs.io +2. Chart Source: https://github.com/argoproj/argo-helm + +## Before Installation + +The installation of cert-manager is required according to the instructions +provided in the README file of the latest version: +https://github.com/SourceMation/charts/tree/main/charts/cert-manager + +## After Installation + +> **Note:** +> no action required +## Before Upgrade + +> **Note:** +> no action required +## After Upgrade + +> **Note:** +> no action required +## Tips and Tricks + +> **Note:** +> no tips and tricks +## Known Issues + +> **Note:** +> Notify us: https://github.com/SourceMation/charts/issues +## CLI installation + +### Preparation + +```bash +export RELEASE_NAME=argo +export CHART_NAME=argo-cd +export CHART_VERSION=0.1.0 +export RELEASE_NAMESPACE=argocd + +export CHART_URL=argo-cd.apps.example.com +export CERT_ISSUER_NAME=default-selfsigned-ca +export CERT_ISSUER_KIND=ClusterIssuer + +kubectl create ns ${RELEASE_NAMESPACE} +kubectl config set-context --current --namespace ${RELEASE_NAMESPACE} + +cat << EOF > /tmp/values.yaml +argocd: + global: + domain: "${CHART_URL}$" + server: + ingress: + enabled: true + tls: true + certificate: + enabled: true + issuer: + group: "cert-manager.io" + kind: "${CERT_ISSUER_KIND}" + name: "${CERT_ISSUER_NAME}" +EOF +``` + +### Go go helm + +``` bash +helm -n ${RELEASE_NAMESPACE} upgrade --install ${RELEASE_NAME} \ +${CHART_NAME} --repo https://charts.sourcemation.com/ \ +-f /tmp/values.yaml \ +--version ${CHART_VERSION} +``` + +### Validation and Testing + +```bash +kubectl -n ${RELEASE_NAMESPACE} get po +kubectl get crd | grep argoproj +``` + +## CLI removing + +```bash +helm uninstall -n ${RELEASE_NAMESPACE} ${RELEASE_NAME} +kubectl delete -n ${RELEASE_NAMESPACE} secret/argocd-redis +kubectl get crd -o name | grep -i argoproj | xargs kubectl delete +``` diff --git a/charts/argo-cd/app-readme.md b/charts/argo-cd/app-readme.md new file mode 100644 index 00000000..2527345e --- /dev/null +++ b/charts/argo-cd/app-readme.md @@ -0,0 +1,3 @@ +## Overview + +Argo CD automates the synchronization and monitoring of applications, ensuring they are always in the desired state defined in version control. diff --git a/charts/argo-cd/charts/argo-cd-7.8.20.tgz b/charts/argo-cd/charts/argo-cd-7.8.20.tgz new file mode 100644 index 00000000..16cefd26 Binary files /dev/null and b/charts/argo-cd/charts/argo-cd-7.8.20.tgz differ diff --git a/charts/argo-cd/charts/common-0.1.1.tgz b/charts/argo-cd/charts/common-0.1.1.tgz new file mode 100644 index 00000000..26c0a966 Binary files /dev/null and b/charts/argo-cd/charts/common-0.1.1.tgz differ diff --git a/charts/argo-cd/questions.yaml b/charts/argo-cd/questions.yaml new file mode 100644 index 00000000..d3883729 --- /dev/null +++ b/charts/argo-cd/questions.yaml @@ -0,0 +1,397 @@ +categories: +- cicd +- gitops + +questions: +- variable: argocd.dex.enabled + label: Enable Dex server + group: "Components" + type: boolean +- variable: argocd.redis.enabled + label: Enable Redis server + group: "Components" + type: boolean + + +- variable: argocd.applicationSet.metrics.enabled + label: "Argo CD ApplicationSet metrics" + description: "Argo CD ApplicationSet metrics" + group: "Integrations" + type: boolean +- variable: argocd.controller.metrics.enabled + label: "Argo CD Controller metrics" + description: "Argo CD Controller metrics" + group: "Integrations" + type: boolean +- variable: argocd.notifications.metrics.enabled + label: "Argo CD Notifications metrics" + description: "Argo CD Notifications metrics" + group: "Integrations" + type: boolean +- variable: argocd.repoServer.metrics.enabled + label: "Argo CD Repo Server metrics" + description: "Argo CD Repo Server metrics" + group: "Integrations" + type: boolean +- variable: argocd.server.metrics.enabled + label: "Argo CD Server metrics" + description: "Argo CD Server metrics" + group: "Integrations" + type: boolean +- variable: argocd.dex.metrics.enabled + label: "Dex metrics" + description: "Dex metrics" + group: "Integrations" + type: boolean + show_if: "argocd.dex.enabled=true" +- variable: argocd.redis.metrics.enabled + label: "Redis metrics" + description: "Redis metrics" + group: "Integrations" + type: boolean + show_if: "argocd.redis.enabled=true" + + +- variable: argocd.server.ingress.enabled + label: Enable Argo CD ingress + group: "Service Discovery" + type: boolean + show_subquestion_if: true + subquestions: + - variable: argocd.global.domain + default: "argo.apps.example.com" + label: URL + description: "Argo CD Ingress URL" + group: "Service Discovery" + type: hostname + - variable: argocd.server.certificate.enabled + default: false + label: Generate a certificate with Cert-Manager + group: "Service Discovery" + type: boolean + - variable: argocd.server.certificate.issuer.name + default: "default-selfsigned-ca" + label: Certificate issuer name + tooltip: "Use 'kubectl get Issuer,clusterIssuer' to get the list of issuers." + group: "Service Discovery" + type: string + required: true + show_if: "argocd.server.certificate.enabled=true" + - variable: "argocd.server.certificate.issuer.kind" + default: "ClusterIssuer" + label: Certificate issuer kind + group: "Service Discovery" + type: enum + options: + - "ClusterIssuer" + - "Issuer" + required: true + show_if: "argocd.server.certificate.enabled=true" +#- variable: argocd.server.ingressGrpc.enabled +# default: false +# label: Enable Argo CD GRPC ingress +# group: "Service Discovery" +# type: boolean +# show_subquestion_if: true +# subquestions: +# - variable: argocd.server.ingressGrpc.hostname +# label: "URL. Default: grpc." +# description: "Argo CD GRPC Ingress URL" +# group: "Service Discovery" +# type: hostname + + +- variable: argocd.server.customService + default: false + type: boolean + label: Custom Service for Argo CD + description: "Custom Service for Argo CD" + group: "Service Discovery" + show_subquestion_if: true + subquestions: + - variable: argocd.server.service.type + default: "ClusterIP" + type: enum + label: Service type + description: "Service type" + group: "Service Discovery" + options: + - "ClusterIP" + - "LoadBalancer" + - "NodePort" + - variable: argocd.server.service.servicePortHttp + type: int + label: http port + description: "Server service http port" + group: "Service Discovery" + show_if: "argocd.server.service.type=ClusterIP" + - variable: argocd.server.service.servicePortHttpName + type: string + label: http port name + description: "Server service http port name" + group: "Service Discovery" + show_if: "argocd.server.service.type=ClusterIP" + - variable: argocd.server.service.servicePortHttps + type: int + label: https port + description: "Server service https port" + group: "Service Discovery" + show_if: "argocd.server.service.type=ClusterIP" + - variable: argocd.server.service.servicePortHttpsName + type: string + label: https port name + description: "Server service https port name" + group: "Service Discovery" + show_if: "argocd.server.service.type=ClusterIP" + - variable: argocd.server.service.nodePortHttp + type: int + label: http port for NodePort + description: "Server service http port for NodePort" + group: "Service Discovery" + min_length: 2 + max_length: 5 + show_if: "argocd.server.service.type=NodePort" + - variable: argocd.server.service.nodePortHttps + type: int + label: https port for NodePort + description: "Server service https port for NodePort" + group: "Service Discovery" + min_length: 2 + max_length: 5 + show_if: "argocd.server.service.type=NodePort" + - variable: argocd.server.service.loadBalancerClass + type: string + label: Load Balancer class + description: "Load Balancer class" + group: "Service Discovery" + show_if: "argocd.server.service.type=LoadBalancer" + - variable: argocd.server.service.loadBalancerIP + type: string + valid_chars: "[0-9].+" + label: Load Balancer IP + description: "Load Balancer IP" + group: "Service Discovery" + show_if: "argocd.server.service.type=LoadBalancer" + - variable: argocd.server.service.loadBalancerSourceRanges + type: multiline + label: Load Balancer source ranges + description: "Load Balancer source ranges" + group: "Service Discovery" + show_if: "argocd.server.service.type=LoadBalancer" + - variable: argocd.server.service.externalIPs + type: multiline + label: Server service external IPs + description: "Server service external IPs" + group: "Service Discovery" + - variable: argocd.server.service.externalTrafficPolicy + default: "Cluster" + type: enum + label: policy + description: "External traffic policy for NodePort" + group: "Service Discovery" + options: + - "Cluster" + - "Local" + show_if: "argocd.server.service.type=NodePort||argocd.server.service.type=LoadBalancer" + - variable: argocd.server.service.annotations + type: multiline + label: Service annotations for Argo CD server + description: "Ingress annotations for Argo CD server" + group: "Service Discovery" + + +- variable: argocd.configs.secret.argocdServerAdminPassword + label: Argo CD admin (bcrypt) password - check ./scripts dir + description: "Default password is 'P@ssword1'. Change it!" + group: "Workloads" + type: password + required: true +- variable: argocd.global.deploymentStrategy.type + default: "RollingUpdate" + label: Argo CD deployment strategy + description: "Argo CD deployment strategy" + group: "Workloads" + type: enum + options: + - "RollingUpdate" + - "Recreate" +- variable: argocd.global.customImage + default: false + label: Change Argo CD image + group: "Workloads" + type: boolean + show_subquestion_if: true + subquestions: + - variable: argocd.global.image.repository + default: "quay.io/argoproj/argocd" + label: Argo CD image repository + group: "Workloads" + type: string + - variable: argocd.global.image.tag + default: "" + label: Argo CD image tag + group: "Workloads" + type: string + - variable: argocd.global.image.imagePullPolicy + default: "IfNotPresent" + label: Argo CD image pullPolicy + group: "Workloads" + type: enum + options: + - "Always" + - "IfNotPresent" + - "Never" +- variable: argocd.controller.customResources + default: false + label: Modify Argo CD Controller resource consumption + group: "Workloads" + type: boolean + show_subquestion_if: true + subquestions: + - variable: argocd.controller.resources.limits.cpu + label: Milicore limit for an Argo CD instance + description: "1000m(milicores) = 1vCPU" + group: "Workloads" + type: string + - variable: argocd.controller.resources.requests.cpu + label: Milicore requests for an Argo CD instance + description: "1000m(milicores) = 1vCPU, value must be <= milicore limit" + group: "Workloads" + type: string + - variable: argocd.controller.resources.limits.memory + label: Memory limit for an Argo CD instance + group: "Workloads" + type: string + - variable: argocd.controller.resources.requests.memory + label: Memory requests for an Argo CD instance + description: "Memory request, value must be <= memory limit" + group: "Workloads" + type: string +- variable: argocd.server.customResources + default: false + label: Modify Argo CD Server resource consumption + group: "Workloads" + type: boolean + show_subquestion_if: true + subquestions: + - variable: argocd.server.resources.limits.cpu + label: Milicore limit for an Argo CD instance + description: "1000m(milicores) = 1vCPU" + group: "Workloads" + type: string + - variable: argocd.server.resources.requests.cpu + label: Milicore requests for an Argo CD instance + description: "1000m(milicores) = 1vCPU, value must be <= milicore limit" + group: "Workloads" + type: string + - variable: argocd.server.resources.limits.memory + label: Memory limit for an Argo CD instance + group: "Workloads" + type: string + - variable: argocd.server.resources.requests.memory + label: Memory requests for an Argo CD instance + description: "Memory request, value must be <= memory limit" + group: "Workloads" + type: string + + +- variable: argocd.dex.customImage + default: false + label: Change Dex image + group: "Workloads" + type: boolean + show_if: "argocd.dex.enabled=true" + show_subquestion_if: true + subquestions: + - variable: argocd.dex.image.repository + default: "ghcr.io/dexidp/dex" + label: Dex image repository + description: "Dex image repository" + group: "Workloads" + type: string + - variable: argocd.dex.image.tag + default: "" + label: Dex image tag + description: "Dex image tag" + group: "Workloads" + type: string + - variable: argocd.dex.image.imagePullPolicy + default: "IfNotPresent" + label: Dex image pullPolicy + description: "Dex image pullPolicy" + group: "Workloads" + type: enum + options: + - "Always" + - "IfNotPresent" + - "Never" +- variable: argocd.configs.customConfigMap + default: false + label: Edit Dex config + group: "Workloads" + type: boolean + show_if: "argocd.dex.enabled=true" + show_subquestion_if: true + subquestions: + - variable: argocd.configs.cm."dex.config" + label: Specify Dex connectors + group: "Workloads" + type: multiline + +- variable: argocd.configs.customRbac + default: false + label: Edit RBAC config + group: "Workloads" + type: boolean + show_if: "argocd.dex.enabled=true" + show_subquestion_if: true + subquestions: + - variable: argocd.configs.rbac."policy.default" + label: policy.default + group: "Workloads" + type: multiline + - variable: argocd.configs.rbac."policy.csv" + label: policy.csv + group: "Workloads" + type: multiline + - variable: argocd.configs.rbac."policy.matchMode" + label: policy.matchMode + description: "glob or regex" + group: "Workloads" + type: multiline + - variable: argocd.configs.rbac.scopes + default: "[groups]" + label: scopes + group: "Workloads" + type: string + + +- variable: argocd.redis.customImage + default: false + label: Change Redis image + group: "Workloads" + type: boolean + show_if: "argocd.redis.enabled=true" + show_subquestion_if: true + subquestions: + - variable: argocd.redis.image.repository + label: Redis image repository + description: "Redis image repository" + group: "Workloads" + type: string + - variable: argocd.redis.image.tag + default: "" + label: Redis image tag + description: "Redis image tag" + group: "Workloads" + type: string + - variable: argocd.redis.image.imagePullPolicy + default: "IfNotPresent" + label: Redis image pullPolicy + description: "Redis image pullPolicy" + group: "Workloads" + type: enum + options: + - "Always" + - "IfNotPresent" + - "Never" diff --git a/charts/argo-cd/scripts/passgen.py b/charts/argo-cd/scripts/passgen.py new file mode 100644 index 00000000..0c759ab8 --- /dev/null +++ b/charts/argo-cd/scripts/passgen.py @@ -0,0 +1,15 @@ + +#!/bin/python3 +password = b"P@ssword1" + +import subprocess +import sys +try: + __import__("bcrypt") +except ImportError: + subprocess.check_call([sys.executable, "-m", "pip", "install", "bcrypt"]) +finally: + globals()["bcrypt"] = __import__("bcrypt") +from bcrypt import hashpw, gensalt +hashed = hashpw(password, gensalt()) +print(hashed.decode()) diff --git a/charts/argo-cd/scripts/passgen.sh b/charts/argo-cd/scripts/passgen.sh new file mode 100644 index 00000000..1ac511bc --- /dev/null +++ b/charts/argo-cd/scripts/passgen.sh @@ -0,0 +1,5 @@ +#!/bin/sh + +password='P@ssword1' + +htpasswd -bnBC 10 "" ${password} | tr -d ':\n'| sed 's/$2y/$2a/'; echo diff --git a/charts/argo-cd/templates/NOTES.txt b/charts/argo-cd/templates/NOTES.txt new file mode 100644 index 00000000..8ca0a001 --- /dev/null +++ b/charts/argo-cd/templates/NOTES.txt @@ -0,0 +1,9 @@ +SourceMation + + █████╗ ██████╗ ██████╗ ██████╗ ██████╗██████╗ +██╔══██╗██╔══██╗██╔════╝ ██╔═══██╗ ██╔════╝██╔══██╗ +███████║██████╔╝██║ ███╗██║ ██║█████╗██║ ██║ ██║ +██╔══██║██╔══██╗██║ ██║██║ ██║╚════╝██║ ██║ ██║ +██║ ██║██║ ██║╚██████╔╝╚██████╔╝ ╚██████╗██████╔╝ +╚═╝ ╚═╝╚═╝ ╚═╝ ╚═════╝ ╚═════╝ ╚═════╝╚═════╝ +by Linux Polska \ No newline at end of file diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml new file mode 100644 index 00000000..11157718 --- /dev/null +++ b/charts/argo-cd/values.yaml @@ -0,0 +1,392 @@ +argocd: + nameOverride: "argocd" + fullnameOverride: "" + + + crds: + install: true + keep: false + annotations: {} + + + global: + domain: "argocd.apps.example.com" + #image: + # repository: quay.io/argoproj/argocd + # tag: "" + # imagePullPolicy: IfNotPresent + imagePullSecrets: [] + logging: + format: json + level: info + #nodeSelector: + # kubernetes.io/os: linux + affinity: + podAntiAffinity: soft + nodeAffinity: + type: hard + matchExpressions: [] + deploymentStrategy: {} + + + configs: + secret: + createSecret: true + # password bcrypt examples in the ./scripts directory + argocdServerAdminPassword: "$2a$10$IyeNFvUrdgcFnDPzwbcD3.K3Czed2qJvS37kGz09hKPV082NzyE0y" + argocdServerAdminPasswordMtime: "" + cm: + create: true + accounts.admin: apiKey + admin.enabled: true + annotations: {} + application.instanceLabelKey: argocd.argoproj.io/instance + application.sync.impersonation.enabled: false + server.rbac.log.enforce.enable: false + exec.enabled: false + timeout.reconciliation: 180s + timeout.hard.reconciliation: 0s + statusbadge.enabled: false + dex.config: '' + # connectors: + # - type: ldap + # id: ldap + # name: LDAP + # config: + # host: ldap.example.com:636 + # #insecureNoSSL: true + # insecureSkipVerify: true + # #startTLS: true + # #rootCA: /etc/dex/ldap.ca + # bindDN: uid=serviceaccount,cn=users,dc=example,dc=com + # bindPW: password + # usernamePrompt: SSO Username + # userSearch: + # baseDN: cn=users,dc=example,dc=com + # # optional + # #filter: "(objectClass=person)" + # username: uid + # idAttr: uid + # emailAttr: mail + # nameAttr: name + # preferredUsernameAttr: uid + # groupSearch: + # baseDN: cn=groups,dc=freeipa,dc=example,dc=com + # # optional + # #filter: "(objectClass=group)" + # userMatchers: + # - userAttr: uid + # groupAttr: member + # nameAttr: name + params: + create: true + otlp.address: '' + controller.status.processors: 20 + controller.operation.processors: 10 + controller.self.heal.timeout.seconds: 5 + controller.repo.server.timeout.seconds: 60 + controller.sync.timeout.seconds: 0 + applicationsetcontroller.policy: sync + applicationsetcontroller.enable.progressive.syncs: false + rbac: + create: true + policy.default: + p, role:admin, capabilities, [apiKey] + role:readonly + policy.csv: '' + policy.matchMode: "glob" + scopes: "[groups]" + cmp: + create: false + ssh: + create: true + tls: + create: true + + + controller: + replicas: 1 + containerSecurityContext: + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + resources: + # limits: + # cpu: 500m + # memory: 512Mi + requests: + cpu: 250m + memory: 256Mi + serviceAccount: + create: true + metrics: + enabled: true + serviceMonitor: + enabled: true + + + commitServer: + enabled: false + containerSecurityContext: + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + #image: + # repository: "" + # tag: "" + # imagePullPolicy: "" + metrics: + enabled: false + resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + + dex: + enabled: false + containerSecurityContext: + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + metrics: + enabled: true + serviceMonitor: + enabled: true + #image: + # repository: ghcr.io/dexidp/dex + # tag: v2.38.0 + # imagePullPolicy: "" + imagePullSecrets: [] + resources: {} + # limits: + # cpu: 50m + # memory: 64Mi + # requests: + # cpu: 10m + # memory: 32Mi + serviceAccount: + create: true + + + redis: + enabled: true + #image: + # repository: public.ecr.aws/docker/library/redis + # tag: 7.2.4-alpine + # imagePullPolicy: "" + resources: + limits: + cpu: 200m + memory: 128Mi + requests: + cpu: 100m + memory: 64Mi + containerSecurityContext: + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + metrics: + enabled: true + serviceMonitor: + enabled: true + + + redis-ha: + enabled: false + + + server: + replicas: 1 + resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 50m + # memory: 64Mi + containerSecurityContext: + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + certificate: + enabled: false + duration: "" + renewBefore: "" + issuer: + group: "cert-manager.io" + kind: "" + name: "" + privateKey: + rotationPolicy: Never + encoding: PKCS1 + algorithm: RSA + size: 2048 + additionalHosts: [] + usages: + - server auth + - client auth + - key encipherment + - digital signature + service: + type: ClusterIP + servicePortHttp: 80 + servicePortHttpName: http + servicePortHttps: 443 + servicePortHttpsName: https + metrics: + enabled: true + serviceMonitor: + enabled: true + namespace: "" + serviceAccount: + create: true + ingress: + enabled: true + controller: "generic" + ingressClassName: "nginx" + hostname: "" + annotations: + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + tls: true + ingressGrpc: + enabled: false + ingressClassName: "nginx" + hostname: "" + annotations: + nginx.ingress.kubernetes.io/backend-protocol: "GRPC" + tls: true + route: + enabled: false + termination_type: passthrough + termination_policy: None + + + repoServer: + replicas: 1 + resources: {} + # limits: + # cpu: 50m + # memory: 128Mi + # requests: + # cpu: 10m + # memory: 64Mi + containerSecurityContext: + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + metrics: + enabled: true + serviceMonitor: + enabled: true + serviceAccount: + create: true + + + applicationSet: + replicas: 1 + metrics: + enabled: true + serviceMonitor: + enabled: true + service: + type: ClusterIP + port: 7000 + portName: http-webhook + serviceAccount: + create: true + resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + containerSecurityContext: + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + certificate: + enabled: false + domain: "" + renewBefore: "" + issuer: + group: "cert-manager.io" + kind: "" + name: "" + privateKey: + rotationPolicy: Never + encoding: PKCS1 + algorithm: RSA + size: 2048 + ingress: + enabled: false + ingressClassName: "" + tls: false + + + notifications: + enabled: true + secret: + create: true + metrics: + enabled: true + serviceMonitor: + enabled: true + resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + containerSecurityContext: + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + serviceAccount: + create: true + cm: + create: true + deploymentStrategy: + type: Recreate