From 424e34124c819f7d00fb4230e85334c04699466d Mon Sep 17 00:00:00 2001 From: Kent Rancourt Date: Mon, 8 Jan 2024 17:11:05 -0500 Subject: [PATCH] corresponding chart changes Signed-off-by: Kent Rancourt --- charts/kargo/templates/api/cluster-role.yaml | 8 ++++++++ charts/kargo/templates/api/configmap.yaml | 1 + .../kargo/templates/argocd/role-binding.yaml | 2 +- charts/kargo/templates/argocd/role.yaml | 2 +- .../controller/cluster-role-bindings.yaml | 20 ++++++++++++++++++- .../templates/controller/cluster-roles.yaml | 15 ++++++++++++-- .../kargo/templates/controller/configmap.yaml | 10 +++++++--- charts/kargo/values.yaml | 15 +++++++++++++- 8 files changed, 64 insertions(+), 9 deletions(-) diff --git a/charts/kargo/templates/api/cluster-role.yaml b/charts/kargo/templates/api/cluster-role.yaml index 4f6cda1151..16dc65e3e1 100644 --- a/charts/kargo/templates/api/cluster-role.yaml +++ b/charts/kargo/templates/api/cluster-role.yaml @@ -76,4 +76,12 @@ rules: verbs: - patch - update +{{- if .Values.api.rollouts.integrationEnabled }} + - apiGroups: + - argoproj.io + resources: + - analysistemplates + verbs: + - "*" +{{- end }} {{- end }} diff --git a/charts/kargo/templates/api/configmap.yaml b/charts/kargo/templates/api/configmap.yaml index be76848bed..c711bd2f23 100644 --- a/charts/kargo/templates/api/configmap.yaml +++ b/charts/kargo/templates/api/configmap.yaml @@ -55,4 +55,5 @@ data: ARGOCD_NAMESPACE: {{ .Values.controller.argocd.namespace }} ARGOCD_URLS: {{ range $key, $val := .Values.api.argocd.urls }}{{ $key }}={{ $val }},{{- end }} {{- end }} + ROLLOUTS_INTEGRATION_ENABLED: {{ quote .Values.api.rollouts.integrationEnabled }} {{- end }} diff --git a/charts/kargo/templates/argocd/role-binding.yaml b/charts/kargo/templates/argocd/role-binding.yaml index cd217ca477..956b1b8223 100644 --- a/charts/kargo/templates/argocd/role-binding.yaml +++ b/charts/kargo/templates/argocd/role-binding.yaml @@ -1,4 +1,4 @@ -{{- if or .Values.controller.argocd.watchArgocdNamespaceOnly .Values.controller.argocd.enableCredentialBorrowing }} +{{- if and .Values.controller.argocd.integrationEnabled (or .Values.controller.argocd.watchArgocdNamespaceOnly .Values.controller.argocd.enableCredentialBorrowing) }} apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: diff --git a/charts/kargo/templates/argocd/role.yaml b/charts/kargo/templates/argocd/role.yaml index 32ec23644b..1215ac65fc 100644 --- a/charts/kargo/templates/argocd/role.yaml +++ b/charts/kargo/templates/argocd/role.yaml @@ -1,4 +1,4 @@ -{{- if or .Values.controller.argocd.watchArgocdNamespaceOnly .Values.controller.argocd.enableCredentialBorrowing }} +{{- if and .Values.controller.argocd.integrationEnabled (or .Values.controller.argocd.watchArgocdNamespaceOnly .Values.controller.argocd.enableCredentialBorrowing) }} apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: diff --git a/charts/kargo/templates/controller/cluster-role-bindings.yaml b/charts/kargo/templates/controller/cluster-role-bindings.yaml index 6f720d4072..790f77b6ea 100644 --- a/charts/kargo/templates/controller/cluster-role-bindings.yaml +++ b/charts/kargo/templates/controller/cluster-role-bindings.yaml @@ -14,8 +14,8 @@ subjects: - kind: ServiceAccount namespace: {{ .Release.Namespace }} name: kargo-controller +{{- if and .Values.controller.argocd.integrationEnabled (not .Values.controller.argocd.watchArgocdNamespaceOnly) }} --- -{{- if not .Values.controller.argocd.watchArgocdNamespaceOnly }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -32,4 +32,22 @@ subjects: namespace: {{ .Release.Namespace }} name: kargo-controller {{- end }} +{{- if .Values.controller.rollouts.integrationEnabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kargo-controller-rollouts + labels: + {{- include "kargo.labels" . | nindent 4 }} + {{- include "kargo.controller.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kargo-controller-rollouts +subjects: +- kind: ServiceAccount + namespace: {{ .Release.Namespace }} + name: kargo-controller +{{- end }} {{- end }} diff --git a/charts/kargo/templates/controller/cluster-roles.yaml b/charts/kargo/templates/controller/cluster-roles.yaml index 18d50c0115..a676b46fdd 100644 --- a/charts/kargo/templates/controller/cluster-roles.yaml +++ b/charts/kargo/templates/controller/cluster-roles.yaml @@ -72,8 +72,8 @@ rules: - get - list - watch +{{- if and .Values.controller.argocd.integrationEnabled (not .Values.controller.argocd.watchArgocdNamespaceOnly) }} --- -{{- if not .Values.controller.argocd.watchArgocdNamespaceOnly }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -91,6 +91,17 @@ rules: - list - patch - watch +{{- end }} +{{- if .Values.controller.rollouts.integrationEnabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kargo-controller-rollouts + labels: + {{- include "kargo.labels" . | nindent 4 }} + {{- include "kargo.controller.labels" . | nindent 4 }} +rules: - apiGroups: - argoproj.io resources: @@ -100,5 +111,5 @@ rules: - get - list - watch -{{- end }} +{{- end }} {{- end }} diff --git a/charts/kargo/templates/controller/configmap.yaml b/charts/kargo/templates/controller/configmap.yaml index 5ff7e3488c..bec2239b36 100644 --- a/charts/kargo/templates/controller/configmap.yaml +++ b/charts/kargo/templates/controller/configmap.yaml @@ -16,13 +16,17 @@ data: KUBECONFIG: /etc/kargo/kubeconfigs/kubeconfig.yaml {{- end }} GLOBAL_CREDENTIALS_NAMESPACES: {{ join "," .Values.controller.globalCredentials.namespaces }} + ARGOCD_INTEGRATION_ENABLED: {{ quote .Values.controller.argocd.integrationEnabled }} + {{- if .Values.controller.argocd.integrationEnabled }} {{- if .Values.kubeconfigSecrets.argocd }} ARGOCD_KUBECONFIG: /etc/kargo/kubeconfigs/argocd-kubeconfig.yaml {{- end }} - {{- if .Values.kubeconfigSecrets.rollouts }} - ROLLOUTS_KUBECONFIG: /etc/kargo/kubeconfigs/rollouts-kubeconfig.yaml - {{- end }} ARGOCD_NAMESPACE: {{ .Values.controller.argocd.namespace }} ARGOCD_ENABLE_CREDENTIAL_BORROWING: {{ quote .Values.controller.argocd.enableCredentialBorrowing }} ARGOCD_WATCH_ARGOCD_NAMESPACE_ONLY: {{ quote .Values.controller.argocd.watchArgocdNamespaceOnly }} + {{- end }} + ROLLOUTS_INTEGRATION_ENABLED: {{ quote .Values.controller.rollouts.integrationEnabled }} + {{- if and .Values.controller.rollouts.integrationEnabled .Values.kubeconfigSecrets.rollouts }} + ROLLOUTS_KUBECONFIG: /etc/kargo/kubeconfigs/rollouts-kubeconfig.yaml + {{- end }} {{- end }} diff --git a/charts/kargo/values.yaml b/charts/kargo/values.yaml index a354bf7e88..ecc4c6ed9d 100755 --- a/charts/kargo/values.yaml +++ b/charts/kargo/values.yaml @@ -199,6 +199,11 @@ api: # "": https://argocd.example.com # "shard2": https://argocd2.example.com + ## All settings relating to the use of Argo Rollouts by the API Server. + rollouts: + ## @param api.rollouts.integrationEnabled Specifies whether Argo Rollouts integration is enabled. When not enabled, the API server will not be capable of creating/updating/applying AnalysesTemplate resources in the Kargo control plane. + integrationEnabled: true + ## @section Controller ## All settings for the controller component controller: @@ -213,9 +218,11 @@ controller: ## @param controller.shardName [nullable] Set a shard name only if you are running multiple controllers backed by a single underlying control plane. Setting a shard name will cause this controller to operate **only** on resources with a matching shard name. Leaving the shard name undefined will designate this controller as the default controller that is responsible exclusively for resources that are **not** assigned to a specific shard. Leaving this undefined is the correct choice when you are not using sharding at all. It is also the correct setting if you are using sharding and want to designate a controller as the default for handling resources not assigned to a specific shard. In most cases, this setting should simply be left alone. # shardName: - ## All settings relating to the Argo CD control plane this controller will + ## All settings relating to the Argo CD control plane this controller might ## integrate with. argocd: + ## @param controller.argocd.integrationEnabled Specifies whether Argo CD integration is enabled. When not enabled, the controller will not watch Argo CD Application resources or factor Application health and sync state into determinations of Stage health. Argo CD-based promotion mechanisms will also fail. + integrationEnabled: true ## @param controller.argocd.namespace The namespace into which Argo CD is installed. namespace: argocd ## @param controller.argocd.watchArgocdNamespaceOnly Specifies whether the reconciler that watches Argo CD Applications for the sake of forcing related Stages to reconcile should only watch Argo CD Application resources residing in Argo CD's own namespace. Note: Older versions of Argo CD only supported Argo CD Application resources in Argo CD's own namespace, but newer versions support Argo CD Application resources in any namespace. This should usually be left as `false`. @@ -223,6 +230,12 @@ controller: ## @param controller.argocd.enableCredentialBorrowing Specifies whether Kargo may borrow repository credentials (specially formatted and specially annotated Secrets) from Argo CD. enableCredentialBorrowing: true + ## All settings relating to the use of Argo Rollouts AnalysisTemplates and + ## AnalysisRuns as a means of verifying Stages after a Promotion. + rollouts: + ## @param controller.rollouts.integrationEnabled Specifies whether Argo Rollouts integration is enabled. When not enabled, the controller will not reconcile Argo Rollouts AnalysisRun resources and attempts to verify Stages via Analysis will fail. + integrationEnabled: true + ## @param controller.logLevel The log level for the controller. logLevel: INFO