CR-21441 -- add event reporter as argocd component (#31)

* almost final statefulset

* final statefulset

* add metrics

* add role

* add rolebinding

* add serviceaccount.yaml

* add servicemonitor.yaml + update values

* add prometheusrule.yaml

* add networkpolicy.yaml

* add pdb

* add cluster roles

* change version + add change

* fix indents

* fix doc

* update docs

* disable event reporter by default

* disable old reporter by value

* add missing docs

* update chart

* update docs

* remove hardcoded defaults + add correct template for argocd-cm

* use production version of argo-cd

* update default amount of reporter replicas

* fix values and docs

* fix metrics service

Author: yaroslav-codefresh

charts/argo-cd/Chart.yaml

@@ -1,9 +1,9 @@
 apiVersion: v2
-appVersion: v2.8.1-cap-CR-20837
+appVersion: v2.8.1-cap-CR-21281-new-reporter
 kubeVersion: ">=1.23.0-0"
 description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
 name: argo-cd
-version: 5.50.1-0-cap-CR-20837
+version: 5.50.1-1-cap-CR-21429
 home: https://github.com/argoproj/argo-helm
 icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
 sources:
@@ -26,5 +26,9 @@ annotations:
     fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
     url: https://argoproj.github.io/argo-helm/pgp_keys.asc
   artifacthub.io/changes: |
+    - kind: added
+      description: Add event reporter as a separate component
     - kind: changed
-      description: Update ArgoCD version to v2.8.1-cap-CR-20837
+      description: Update ArgoCD version to v2.8.1-cap-CR-21281-new-reporter
+    - kind: changed
+      description: Add ability to switch between reporters

charts/argo-cd/README.md

@@ -390,6 +390,79 @@ NAME: my-release
 | crds.keep | bool | `true` | Keep CRDs on chart uninstall |
 | createAggregateRoles | bool | `false` | Create aggregated roles that extend existing cluster roles to interact with argo-cd resources |
 | createClusterRoles | bool | `true` | Create cluster roles for cluster-wide installation. |
+| eventReporter.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules to the deployment |
+| eventReporter.clusterRoleRules.enabled | bool | `false` | Enable custom rules for the event reporter's ClusterRole resource |
+| eventReporter.clusterRoleRules.rules | list | `[]` | List of custom rules for the event reporter's ClusterRole resource |
+| eventReporter.containerPorts.health | int | `8088` |  |
+| eventReporter.containerPorts.metrics | int | `8087` | Metrics container port |
+| eventReporter.containerSecurityContext | object | See [values.yaml] | Event reporter container-level security context |
+| eventReporter.dnsConfig | object | `{}` | [DNS configuration] |
+| eventReporter.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for event reporter pods |
+| eventReporter.enabled | bool | `false` |  |
+| eventReporter.env | list | `[]` | Environment variables to pass to event reporter |
+| eventReporter.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to event reporter |
+| eventReporter.extraArgs | list | `[]` | Additional command line arguments to pass to event reporter |
+| eventReporter.extraContainers | list | `[]` | Additional containers to be added to the event reporter pod |
+| eventReporter.hostNetwork | bool | `false` | Host Network for event reporter pods |
+| eventReporter.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the event reporter |
+| eventReporter.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the event reporter |
+| eventReporter.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the event reporter |
+| eventReporter.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry |
+| eventReporter.initContainers | list | `[]` | Init containers to add to the event reporter pod |
+| eventReporter.metrics.applicationLabels.enabled | bool | `false` | Enables additional labels in argocd_app_labels metric |
+| eventReporter.metrics.applicationLabels.labels | list | `[]` | Additional labels |
+| eventReporter.metrics.enabled | bool | `false` | Deploy metrics service |
+| eventReporter.metrics.rules.additionalLabels | object | `{}` | PrometheusRule labels |
+| eventReporter.metrics.rules.annotations | object | `{}` | PrometheusRule annotations |
+| eventReporter.metrics.rules.enabled | bool | `false` | Deploy a PrometheusRule for the event reporter |
+| eventReporter.metrics.rules.namespace | string | `""` | PrometheusRule namespace |
+| eventReporter.metrics.rules.selector | object | `{}` | PrometheusRule selector |
+| eventReporter.metrics.rules.spec | list | `[]` | PrometheusRule.Spec for the event reporter |
+| eventReporter.metrics.service.annotations | object | `{}` | Metrics service annotations |
+| eventReporter.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) |
+| eventReporter.metrics.service.labels | object | `{}` | Metrics service labels |
+| eventReporter.metrics.service.portName | string | `"http-metrics"` | Metrics service port name |
+| eventReporter.metrics.service.servicePort | int | `8087` | Metrics service port |
+| eventReporter.metrics.service.type | string | `"ClusterIP"` | Metrics service type |
+| eventReporter.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels |
+| eventReporter.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations |
+| eventReporter.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor |
+| eventReporter.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval |
+| eventReporter.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion |
+| eventReporter.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace |
+| eventReporter.metrics.serviceMonitor.relabelings | list | `[]` | Prometheus [RelabelConfigs] to apply to samples before scraping |
+| eventReporter.metrics.serviceMonitor.scheme | string | `""` | Prometheus ServiceMonitor scheme |
+| eventReporter.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector |
+| eventReporter.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig |
+| eventReporter.name | string | `"event-reporter"` |  |
+| eventReporter.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] |
+| eventReporter.pdb.annotations | object | `{}` | Annotations to be added to event reporter pdb |
+| eventReporter.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the event reporter |
+| eventReporter.pdb.labels | object | `{}` | Labels to be added to event reporter pdb |
+| eventReporter.pdb.maxUnavailable | string | `""` | Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). |
+| eventReporter.pdb.minAvailable | string | `""` (defaults to 0 if not specified) | Number of pods that are available after eviction as number or percentage (eg.: 50%) |
+| eventReporter.podAnnotations | object | `{}` | Annotations to be added to event reporter pods |
+| eventReporter.podLabels | object | `{}` | Labels to be added to event reporter pods |
+| eventReporter.priorityClassName | string | `""` (defaults to global.priorityClassName) | Priority class for the event reporter pods |
+| eventReporter.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded |
+| eventReporter.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated |
+| eventReporter.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] |
+| eventReporter.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed |
+| eventReporter.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out |
+| eventReporter.replicas | int | `3` |  |
+| eventReporter.resources | object | `{}` | Resource limits and requests for the event reporter pods |
+| eventReporter.serviceAccount.annotations | object | `{}` | Annotations applied to created service account |
+| eventReporter.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account |
+| eventReporter.serviceAccount.create | bool | `true` | Create a service account for the event reporter |
+| eventReporter.serviceAccount.labels | object | `{}` | Labels applied to created service account |
+| eventReporter.serviceAccount.name | string | `"event-reporter"` | Service account name |
+| eventReporter.statefulsetAnnotations | object | `{}` | Annotations for the event reporter StatefulSet |
+| eventReporter.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for container lifecycle hook |
+| eventReporter.tolerations | list | `[]` (defaults to global.tolerations) | [Tolerations] for use with node taints |
+| eventReporter.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the event reporter |
+| eventReporter.version | string | `"v1"` |  |
+| eventReporter.volumeMounts | list | `[]` | Additional volumeMounts to the event reporter main container |
+| eventReporter.volumes | list | `[]` | Additional volumes to the event reporter pod |
 | extraObjects | list | `[]` | Array of extra K8s manifests to deploy |
 | fullnameOverride | string | `""` | String to fully override `"argo-cd.fullname"` |
 | kubeVersionOverride | string | `""` | Override the Kubernetes version, which is used to evaluate certain manifests |

charts/argo-cd/templates/_helpers.tpl

@@ -216,3 +216,20 @@ Merge Argo Params Configuration with Preset Configuration
 {{ $key }}: {{ toString $value | toYaml }}
 {{- end }}
 {{- end -}}
+
+{{/*
+Create event reporter name and version as used by the chart label.
+*/}}
+{{- define "argo-cd.event-reporter.fullname" -}}
+{{- printf "%s-%s" (include "argo-cd.fullname" .) .Values.eventReporter.name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{/*
+Create the name of the Argo CD server service account to use
+*/}}
+{{- define "argo-cd.eventReporterServiceAccountName" -}}
+{{- if .Values.eventReporter.serviceAccount.create -}}
+    {{ default (include "argo-cd.event-reporter.fullname" .) .Values.eventReporter.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.eventReporter.serviceAccount.name }}
+{{- end -}}
+{{- end -}}

charts/argo-cd/templates/argocd-configs/argocd-cm.yaml

@@ -14,4 +14,8 @@ metadata:
   {{- end }}
 data:
   {{- include "argo-cd.config.cm" . | trim | nindent 2 }}
+
+  {{- if and .Values.eventReporter.enabled .Values.eventReporter.version }}
+  codefresh.reporterVersion: {{ .Values.eventReporter.version | quote }}
+  {{- end }}
 {{- end }}

charts/argo-cd/templates/event-reporter/clusterrole.yaml

@@ -0,0 +1,26 @@
+{{- if .Values.eventReporter.enabled }}
+{{- $config := .Values.eventReporter.clusterAdminAccess | default dict -}}
+{{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "argo-cd.event-reporter.fullname" . }}
+  labels:
+    {{- include "argo-cd.labels" (dict "context" . "component" .Values.eventReporter.name "name" .Values.eventReporter.name) | nindent 4 }}
+rules:
+  {{- if .Values.eventReporter.clusterRoleRules.enabled }}
+    {{- toYaml .Values.eventReporter.clusterRoleRules.rules | nindent 2 }}
+  {{- else }}
+  - apiGroups:
+    - '*'
+    resources:
+    - '*'
+    verbs:
+    - '*'
+  - nonResourceURLs:
+    - '*'
+    verbs:
+    - '*'
+  {{- end }}
+{{- end }}
+{{- end }}

charts/argo-cd/templates/event-reporter/clusterrolebinding.yaml

@@ -0,0 +1,19 @@
+{{- if .Values.eventReporter.enabled }}
+{{- $config := .Values.eventReporter.clusterAdminAccess | default dict -}}
+{{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "argo-cd.event-reporter.fullname" . }}
+  labels:
+    {{- include "argo-cd.labels" (dict "context" . "component" .Values.eventReporter.name "name" .Values.eventReporter.name) | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "argo-cd.event-reporter.fullname" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "argo-cd.eventReporterServiceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}

charts/argo-cd/templates/event-reporter/metrics.yaml

@@ -0,0 +1,34 @@
+{{- if and .Values.eventReporter.enabled .Values.eventReporter.metrics.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "argo-cd.event-reporter.fullname" . }}-metrics
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+    {{- include "argo-cd.labels" (dict "context" . "component" .Values.eventReporter.name "name" (printf "%s-metrics" .Values.eventReporter.name)) | nindent 4 }}
+    {{- with .Values.eventReporter.metrics.service.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- if or .Values.eventReporter.metrics.service.annotations .Values.global.addPrometheusAnnotations }}
+  annotations:
+    {{- if .Values.global.addPrometheusAnnotations }}
+    prometheus.io/port: {{ .Values.eventReporter.metrics.service.servicePort | quote }}
+    prometheus.io/scrape: "true"
+    {{- end }}
+    {{- range $key, $value := .Values.eventReporter.metrics.service.annotations }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+  {{- end }}
+spec:
+  type: {{ .Values.eventReporter.metrics.service.type }}
+  {{- if and .Values.eventReporter.metrics.service.clusterIP (eq .Values.eventReporter.metrics.service.type "ClusterIP") }}
+  clusterIP: {{ .Values.eventReporter.metrics.service.clusterIP }}
+  {{- end }}
+  ports:
+  - name: {{ .Values.eventReporter.metrics.service.portName }}
+    protocol: TCP
+    port: {{ .Values.eventReporter.metrics.service.servicePort }}
+    targetPort: metrics
+  selector:
+    {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.eventReporter.name) | nindent 4 }}
+{{- end }}

charts/argo-cd/templates/event-reporter/networkpolicy.yaml

@@ -0,0 +1,20 @@
+{{- if and .Values.eventReporter.enabled .Values.global.networkPolicy.create }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  labels:
+    {{- include "argo-cd.labels" (dict "context" . "component" .Values.eventReporter.name "name" .Values.eventReporter.name) | nindent 4 }}
+  name: {{ template "argo-cd.event-reporter.fullname" . }}
+  namespace: {{ .Release.Namespace | quote }}
+spec:
+  ingress:
+  - from:
+    - namespaceSelector: {}
+    ports:
+    - port: metrics
+  podSelector:
+    matchLabels:
+      {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.eventReporter.name) | nindent 6 }}
+  policyTypes:
+  - Ingress
+{{- end }}

charts/argo-cd/templates/event-reporter/pdb.yaml

@@ -0,0 +1,27 @@
+{{- if and .Values.eventReporter.enabled .Values.eventReporter.pdb.enabled }}
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: {{ include "argo-cd.event-reporter.fullname" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+    {{- include "argo-cd.labels" (dict "context" . "component" .Values.eventReporter.name "name" .Values.eventReporter.name) | nindent 4 }}
+    {{- with .Values.eventReporter.pdb.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.eventReporter.pdb.annotations }}
+  annotations:
+    {{- range $key, $value := . }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+  {{- end }}
+spec:
+  {{- with .Values.eventReporter.pdb.maxUnavailable }}
+  maxUnavailable: {{ . }}
+  {{- else }}
+  minAvailable: {{ .Values.eventReporter.pdb.minAvailable | default 0 }}
+  {{- end }}
+  selector:
+    matchLabels:
+      {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.eventReporter.name) | nindent 6 }}
+{{- end }}

charts/argo-cd/templates/event-reporter/prometheusrule.yaml

@@ -0,0 +1,24 @@
+{{- if and .Values.eventReporter.enabled .Values.eventReporter.metrics.enabled .Values.eventReporter.metrics.rules.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+  name: {{ template "argo-cd.event-reporter.fullname" . }}
+  namespace: {{ default .Release.Namespace .Values.eventReporter.metrics.rules.namespace | quote }}
+  labels:
+    {{- include "argo-cd.labels" (dict "context" . "component" .Values.eventReporter.name "name" .Values.eventReporter.name) | nindent 4 }}
+    {{- if .Values.eventReporter.metrics.rules.selector }}
+{{- toYaml .Values.eventReporter.metrics.rules.selector | nindent 4 }}
+    {{- end }}
+    {{- if .Values.eventReporter.metrics.rules.additionalLabels }}
+{{- toYaml .Values.eventReporter.metrics.rules.additionalLabels | nindent 4 }}
+    {{- end }}
+  {{- with .Values.eventReporter.metrics.rules.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  groups:
+  - name: argocd
+    rules:
+{{- toYaml .Values.eventReporter.metrics.rules.spec | nindent 4 }}
+{{- end }}