feat: Agent helm chart (#463)

Signed-off-by: Anand Kumar Singh <[email protected]>

Author: anandrkskd

install/helm-repo/argocd-agent-agent/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

install/helm-repo/argocd-agent-agent/Chart.yaml

@@ -0,0 +1,24 @@
+apiVersion: v2
+name: argocd-agent-agent
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.16.0"

install/helm-repo/argocd-agent-agent/templates/NOTES.txt

@@ -0,0 +1,3 @@
+Thank you for installing {{ include "argocd-agent-agent.name" . }}!
+
+Your application has been deployed to the {{ include  "argocd-agent-agent.namespace" . }} namespace.

install/helm-repo/argocd-agent-agent/templates/_helpers.tpl

@@ -0,0 +1,70 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "argocd-agent-agent.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "argocd-agent-agent.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "argocd-agent-agent.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "argocd-agent-agent.labels" -}}
+helm.sh/chart: {{ include "argocd-agent-agent.chart" . }}
+{{ include "argocd-agent-agent.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "argocd-agent-agent.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "argocd-agent-agent.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "argocd-agent-agent.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "argocd-agent-agent.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+
+{{/*
+Expand the namespace of the release.
+*/}}
+{{- define "argocd-agent-agent.namespace" -}}
+{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}}
+{{- end }}

install/helm-repo/argocd-agent-agent/templates/agent-clusterrole.yaml

@@ -0,0 +1,16 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: argocd-agent-agent
+    app.kubernetes.io/part-of: argocd-agent
+    app.kubernetes.io/component: agent
+  name: argocd-agent-agent
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  verbs:
+  - list
+  - watch

install/helm-repo/argocd-agent-agent/templates/agent-clusterrolebinding.yaml

@@ -0,0 +1,16 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/name: argocd-agent-agent
+    app.kubernetes.io/part-of: argocd-agent
+    app.kubernetes.io/component: agent
+  name: argocd-agent-agent
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: argocd-agent-agent
+subjects:
+- kind: ServiceAccount
+  name: argocd-agent-agent
+  namespace: {{ include  "argocd-agent-agent.namespace" . }}

install/helm-repo/argocd-agent-agent/templates/agent-deployment.yaml

@@ -0,0 +1,139 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/name: argocd-agent-agent
+    app.kubernetes.io/part-of: argocd-agent
+    app.kubernetes.io/component: agent
+  name: argocd-agent-agent
+  namespace: {{ include  "argocd-agent-agent.namespace" . }}
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: argocd-agent-agent
+      app.kubernetes.io/part-of: argocd-agent
+      app.kubernetes.io/component: agent
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: argocd-agent-agent
+        app.kubernetes.io/part-of: argocd-agent
+        app.kubernetes.io/component: agent
+    spec:
+      containers:
+        - args:
+            - agent
+          env:
+          - name: ARGOCD_AGENT_REMOTE_SERVER
+            valueFrom:
+              configMapKeyRef:
+                name: argocd-agent-params
+                key: agent.server.address
+                optional: true
+          - name: ARGOCD_AGENT_REMOTE_PORT
+            valueFrom:
+              configMapKeyRef:
+                name: argocd-agent-params
+                key: agent.server.port
+                optional: true
+          - name: ARGOCD_AGENT_LOG_LEVEL
+            valueFrom:
+              configMapKeyRef:
+                name: argocd-agent-params
+                key: agent.log.level
+                optional: true
+          - name: ARGOCD_AGENT_NAMESPACE
+            valueFrom:
+              configMapKeyRef:
+                name: argocd-agent-params
+                key: agent.namespace
+                optional: true
+          - name: ARGOCD_AGENT_TLS_SECRET_NAME
+            valueFrom:
+              configMapKeyRef:
+                name: argocd-agent-params
+                key: agent.tls.secret-name
+                optional: true
+          - name: ARGOCD_AGENT_TLS_CLIENT_CERT_PATH
+            valueFrom:
+              configMapKeyRef:
+                name: argocd-agent-params
+                key: agent.tls.client.cert-path
+                optional: true
+          - name: ARGOCD_AGENT_TLS_CLIENT_KEY_PATH
+            valueFrom:
+              configMapKeyRef:
+                name: argocd-agent-params
+                key: agent.tls.client.key-path
+                optional: true
+          - name: ARGOCD_AGENT_TLS_INSECURE
+            valueFrom:
+              configMapKeyRef:
+                name: argocd-agent-params
+                key: agent.tls.client.insecure
+                optional: true
+          - name: ARGOCD_AGENT_TLS_ROOT_CA_SECRET_NAME
+            valueFrom:
+              configMapKeyRef:
+                name: argocd-agent-params
+                key: agent.tls.root-ca-secret-name
+                optional: true
+          - name: ARGOCD_AGENT_TLS_ROOT_CA_PATH
+            valueFrom:
+              configMapKeyRef:
+                name: argocd-agent-params
+                key: agent.tls.root-ca-path
+                optional: true
+          - name: ARGOCD_AGENT_MODE
+            valueFrom:
+              configMapKeyRef:
+                name: argocd-agent-params
+                key: agent.mode
+                optional: true
+          - name: ARGOCD_AGENT_CREDS
+            valueFrom:
+              configMapKeyRef:
+                name: argocd-agent-params
+                key: agent.creds
+                optional: true
+          - name: ARGOCD_AGENT_METRICS_PORT
+            valueFrom:
+              configMapKeyRef:
+                name: argocd-agent-params
+                key: agent.metrics.port
+                optional: true
+          - name: ARGOCD_AGENT_HEALTH_CHECK_PORT
+            valueFrom:
+              configMapKeyRef:
+                name: argocd-agent-params
+                key: agent.healthz.port
+                optional: true
+          name: argocd-agent-agent
+          imagePullPolicy: Always
+          image: "{{ .Values.image }}:{{ .Values.imageTag }}"
+          ports:
+            - containerPort: 8000
+              name: metrics
+            - containerPort: 8002
+              name: healthz
+          securityContext:
+            capabilities:
+              drop:
+                - ALL
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - name: userpass-passwd
+              mountPath: /app/config/creds
+      serviceAccountName: argocd-agent-agent
+      volumes:
+      - name: userpass-passwd
+        secret:
+          secretName: {{ .Values.userPasswordSecretName }}
+          items:
+          - key: credentials
+            path: userpass.creds
+          optional: true

install/helm-repo/argocd-agent-agent/templates/agent-healthz-service.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+      app.kubernetes.io/name: argocd-agent-agent
+      app.kubernetes.io/part-of: argocd-agent
+      app.kubernetes.io/component: agent
+  name: argocd-agent-agent-healthz
+  namespace: {{ include  "argocd-agent-agent.namespace" . }}
+spec:
+  ports:
+    - name: healthz
+      protocol: TCP
+      port: 8002
+      targetPort: 8002
+  selector:
+    app.kubernetes.io/name: argocd-agent-agent 

install/helm-repo/argocd-agent-agent/templates/agent-metrics-service.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+      app.kubernetes.io/name: argocd-agent-agent
+      app.kubernetes.io/part-of: argocd-agent
+      app.kubernetes.io/component: agent
+  name: argocd-agent-agent-metrics
+  namespace: {{ include  "argocd-agent-agent.namespace" . }}
+spec:
+  ports:
+    - name: metrics
+      protocol: TCP
+      port: 8181
+      targetPort: 8181
+  selector:
+    app.kubernetes.io/name: argocd-agent-agent

install/helm-repo/argocd-agent-agent/templates/agent-params-cm.yaml

@@ -0,0 +1,59 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: argocd-agent-params
+  namespace: {{ include  "argocd-agent-agent.namespace" . }}
+  labels:
+    app.kubernetes.io/name: argocd-agent-agent
+    app.kubernetes.io/part-of: argocd-agent
+    app.kubernetes.io/component: agent 
+data:
+  # agent.mode: The mode this agent should operate in. Valid values are
+  # "autonomous" or "managed".
+  # Default: "autonomous"
+  agent.mode: {{ .Values.agentMode }}
+  # agent.creds: Valid credential identifier for this agent. Must be in the
+  # format <method>:<configuration>. Valid values are:
+  # - "userpass:_path_to_encrypted_creds_" where _path_to_encrypted_creds_ is
+  #   the path to the file containing encrypted credential for authenticatiion.
+  # - "mtls:_agent_id_regex_" where _agent_id_regex_ is the regex pattern for
+  #   extracting the agent ID from client cert subject.
+  # Default: ""
+  agent.creds: {{ .Values.auth }}
+  # agent.tls.client.insecure: Whether to skip the validation of the remote TLS
+  # credentials. Insecure. Do only use for development purposes.
+  # Default: false
+  agent.tls.client.insecure: {{ .Values.tlsClientInSecure  | quote }}
+  # agent.tls.root-ca-path: The path to a file containing the certificates for
+  # the TLS root certificate authority used to validate the remote principal. 
+  # Default: ""
+  agent.tls.root-ca-path: {{ .Values.tlsRootCAPath }}
+  # agent.tls.client.cert-path: Path to a file containing the agent's TLS client
+  # certificate.
+  # Default: ""
+  agent.tls.client.cert-path: {{ .Values.tlsClientCertPath }}
+  # agent.tls.client.cert-path: Path to a file containing the agent's TLS client
+  # private key.
+  # Default: ""
+  agent.tls.client.key-path: {{ .Values.tlsClientKeyPath }}
+  # agent.log.level: The log level the agent should use. Valid values are
+  # trace, debug, info, warn and error.
+  # Default: "info"
+  agent.log.level: {{ .Values.logLevel }}
+  # agent.namespace: The namespace the agent should operate and manage the
+  # Argo CD resources in.
+  # Default: "argocd"
+  agent.namespace: {{ include  "argocd-agent-agent.namespace" . }} 
+  # agent.principal.address: The remote address of the principal to connect
+  # to. Can be a DNS name, an IPv4 address or an IPv6 address.
+  # Default: ""
+  agent.server.address: {{ .Values.server}}
+  # agent.server.port: The remote port of the principal to connect to.
+  # Default: "443"
+  agent.server.port: {{ .Values.serverPort | quote }}
+  # agent.metrics.port: The port the metrics server should listen on.
+  # Default: 8181
+  agent.metrics.port: {{ .Values.metricsPort | quote }}
+  # agent.healthz.port: The port the health check server should listen on.
+  # Default: 8002
+  agent.healthz.port: {{ .Values.healthzPort | quote }}