NationTech/harmony
6
0
Fork 1
Code Issues 35 Pull Requests 7 Actions Packages Projects Releases 1 Wiki Activity

feat: WIP argocd_score #78

Merged
johnride merged 5 commits from argocd_score into master 2025-07-03 19:30:05 +00:00
Conversation 0 Commits 5 Files Changed 4 +1161 -4
4 changed files with 1161 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

226
harmony/src/modules/application/features/argo_types.rs Normal file
View File

@ -0,0 +1,226 @@
use std::{backtrace, collections::HashMap};
use serde::Serialize;
use serde_yaml::{Mapping, Value};
use url::Url;
use crate::modules::application::features::CDApplicationConfig;
#[derive(Clone, Debug, Serialize)]
#[serde(rename_all = "camelCase")]
pub struct Helm {
pub pass_credentials: Option<bool>,
pub parameters: Vec<Value>,
pub file_parameters: Vec<Value>,
pub release_name: Option<String>,
pub value_files: Vec<String>,
pub ignore_missing_value_files: Option<bool>,
pub values: Option<String>,
pub values_object: Option<Value>,
pub skip_crds: Option<bool>,
pub skip_schema_validation: Option<bool>,
pub version: Option<String>,
pub kube_version: Option<String>,
pub api_versions: Vec<String>,
pub namespace: Option<String>,
}
#[derive(Clone, Debug, Serialize)]
#[serde(rename_all = "camelCase")]
pub struct Source {
pub repo_url: Url,
pub target_revision: Option<String>,
pub chart: String,
pub helm: Helm,
}
#[derive(Clone, Debug, Serialize)]
#[serde(rename_all = "camelCase")]
pub struct Automated {
pub prune: bool,
pub self_heal: bool,
pub allow_empty: bool,
}
#[derive(Clone, Debug, Serialize)]
#[serde(rename_all = "camelCase")]
pub struct Backoff {
pub duration: String,
pub factor: u32,
pub max_duration: String,
}
#[derive(Clone, Debug, Serialize)]
#[serde(rename_all = "camelCase")]
pub struct Retry {
pub limit: u32,
pub backoff: Backoff,
}
#[derive(Clone, Debug, Serialize)]
#[serde(rename_all = "camelCase")]
pub struct SyncPolicy {
pub automated: Automated,
pub sync_options: Vec<String>,
pub retry: Retry,
}
#[derive(Clone, Debug, Serialize)]
#[serde(rename_all = "camelCase")]
pub struct ArgoApplication {
pub name: String,
pub namespace: Option<String>,
pub project: String,
pub source: Source,
pub sync_policy: SyncPolicy,
pub revision_history_limit: u32,
}
impl Default for ArgoApplication {
fn default() -> Self {
Self {
name: Default::default(),
namespace: Default::default(),
project: Default::default(),
source: Source {
repo_url: Url::parse("http://asdf").expect("Couldn't parse to URL"),
target_revision: None,
chart: "".to_string(),
helm: Helm {
pass_credentials: None,
parameters: vec![],
file_parameters: vec![],
release_name: None,
value_files: vec![],
ignore_missing_value_files: None,
values: None,
values_object: None,
skip_crds: None,
skip_schema_validation: None,
version: None,
kube_version: None,
api_versions: vec![],
namespace: None,
},
},
sync_policy: SyncPolicy {
automated: Automated {
prune: false,
self_heal: false,
allow_empty: false,
},
sync_options: vec![],
retry: Retry {
limit: 5,
backoff: Backoff {
duration: "5s".to_string(),
factor: 2,
max_duration: "3m".to_string(),
},
},
},
revision_history_limit: 10,
}
}
}
impl From<CDApplicationConfig> for ArgoApplication {
fn from(value: CDApplicationConfig) -> Self {
Self {
name: value.name,
namespace: Some(value.namespace),
project: "default".to_string(),
source: Source {
repo_url: Url::parse(value.helm_chart_repo_url.to_string().as_str())
.expect("couldn't convert to URL"),
target_revision: None,
chart: value.helm_chart_name,
helm: Helm {
pass_credentials: None,
parameters: vec![],
file_parameters: vec![],
release_name: None,
value_files: vec![],
ignore_missing_value_files: None,
values: None,
values_object: Some(value.values_overrides),
skip_crds: None,
skip_schema_validation: None,
version: None,
kube_version: None,
api_versions: vec![],
namespace: None,
},
},
sync_policy: SyncPolicy {
automated: Automated {
prune: false,
self_heal: false,
allow_empty: true,
},
sync_options: vec![],
retry: Retry {
limit: 5,
backoff: Backoff {
duration: "5s".to_string(),
factor: 2,
max_duration: "3m".to_string(),
},
},
},
..Self::default()
}
}
}
impl ArgoApplication {
fn to_yaml(self) -> serde_yaml::Value {
let name = self.name;
let namespace = if let Some(ns) = self.namespace {
ns
} else {
"argocd".to_string()
};
let project = self.project;
let source = self.source;
let mut yaml_str = format!(
r#"
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: {name}
# You'll usually want to add your resources to the argocd namespace.
namespace: {namespace}
spec:
# The project the application belongs to.
project: {project}
# Destination cluster and namespace to deploy the application
destination:
# cluster API URL
server: https://kubernetes.default.svc
# or cluster name
# name: in-cluster
# The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace
namespace: {namespace}
"#
);
yaml_str.push_str(
&serde_yaml::to_string(&source.clone())
.expect("couldn't serialize source to yaml string"),
);
yaml_str.push_str(
&serde_yaml::to_string(&self.sync_policy)
.expect("couldn't serialize sync policy to yaml string"),
);
yaml_str.push_str(
&serde_yaml::to_string(&self.revision_history_limit)
.expect("couldn't serialize revision history to yaml string"),
);
serde_yaml::from_str(&yaml_str).expect("Couldn't parse YAML")
}
}

11
harmony/src/modules/application/features/continuous_delivery.rs
View File

@ -1,6 +1,6 @@
use async_trait::async_trait; use async_trait::async_trait;
use log::info; use log::info;
use serde_json::Value; use serde_yaml::Value;
use crate::{ use crate::{
data::Version, data::Version,
@ -74,9 +74,12 @@ impl<T: Topology + HelmCommand + 'static> ApplicationFeature<T> for ContinuousDe
/// For now this is entirely bound to K8s / ArgoCD, will have to be revisited when we support /// For now this is entirely bound to K8s / ArgoCD, will have to be revisited when we support
/// more CD systems /// more CD systems
pub struct CDApplicationConfig { pub struct CDApplicationConfig {
version: Version, pub version: Version,
helm_chart_url: Url, pub helm_chart_repo_url: Url,
values_overrides: Value, pub helm_chart_name: String,
pub values_overrides: Value,
pub name: String,
pub namespace: String,
} }
pub trait ContinuousDeliveryApplication { pub trait ContinuousDeliveryApplication {

922
harmony/src/modules/application/features/helm_argocd_score.rs Normal file
View File

@ -0,0 +1,922 @@
use non_blank_string_rs::NonBlankString;
use std::str::FromStr;
use crate::modules::helm::chart::{HelmChartScore, HelmRepository};
pub fn argo_helm_chart_score(namespace: String, openshift: bool, domain: String) -> HelmChartScore {
let values = format!(
r#"
# -- Create aggregated roles that extend existing cluster roles to interact with argo-cd resources
## Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles
createAggregateRoles: false
# -- Create cluster roles for cluster-wide installation.
## Used when you manage applications in the same cluster where Argo CD runs
createClusterRoles: true
openshift:
# -- enables using arbitrary uid for argo repo server
enabled: {openshift}
## Custom resource configuration
crds:
# -- Install and upgrade CRDs
install: true
# -- Keep CRDs on chart uninstall
keep: true
# -- Annotations to be added to all CRDs
annotations: {{}}
# -- Addtional labels to be added to all CRDs
additionalLabels: {{}}
## Globally shared configuration
global:
# -- Default domain used by all components
## Used for ingresses, certificates, SSO, notifications, etc.
domain: {domain}
# -- Runtime class name for all components
runtimeClassName: ""
# -- Common labels for the all resources
additionalLabels: {{}}
# app: argo-cd
# -- Number of old deployment ReplicaSets to retain. The rest will be garbage collected.
revisionHistoryLimit: 3
# Default image used by all components
image:
# -- If defined, a repository applied to all Argo CD deployments
repository: quay.io/argoproj/argocd
# -- Overrides the global Argo CD image tag whose default is the chart appVersion
tag: ""
# -- If defined, a imagePullPolicy applied to all Argo CD deployments
imagePullPolicy: IfNotPresent
# -- Secrets with credentials to pull images from a private registry
imagePullSecrets: []
# Default logging options used by all components
logging:
# -- Set the global logging format. Either: `text` or `json`
format: text
# -- Set the global logging level. One of: `debug`, `info`, `warn` or `error`
level: info
## Argo Configs
configs:
# General Argo CD configuration. Any values you put under `.configs.cm` are passed to argocd-cm ConfigMap.
## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cm.yaml
cm:
# -- Create the argocd-cm configmap for [declarative setup]
create: true
# -- Enable local admin user
## Ref: https://argo-cd.readthedocs.io/en/latest/faq/#how-to-disable-admin-user
admin.enabled: true
# -- Timeout to discover if a new manifests version got published to the repository
timeout.reconciliation: 180s
# -- Timeout to refresh application data as well as target manifests cache
timeout.hard.reconciliation: 0s
# Argo CD configuration parameters
## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cmd-params-cm.yaml
params:
# -- Create the argocd-cmd-params-cm configmap
# If false, it is expected the configmap will be created by something else.
create: true
# -- Enables [Applications in any namespace]
## List of additional namespaces where applications may be created in and reconciled from.
## The namespace where Argo CD is installed to will always be allowed.
## Set comma-separated list. (e.g. app-team-one, app-team-two)
application.namespaces: ""
# Argo CD RBAC policy configuration
## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md
rbac:
# -- Create the argocd-rbac-cm configmap with ([Argo CD RBAC policy]) definitions.
# If false, it is expected the configmap will be created by something else.
# Argo CD will not work if there is no configmap created with the name above.
create: true
# -- Annotations to be added to argocd-rbac-cm configmap
annotations: {{}}
# -- The name of the default role which Argo CD will falls back to, when authorizing API requests (optional).
# If omitted or empty, users may be still be able to login, but will see no apps, projects, etc...
policy.default: ''
# -- File containing user-defined policies and role definitions.
# @default -- `''` (See [values.yaml])
policy.csv: ''
# Policy rules are in the form:
# p, subject, resource, action, object, effect
# Role definitions and bindings are in the form:
# g, subject, inherited-subject
# policy.csv: |
# p, role:org-admin, applications, *, */*, allow
# p, role:org-admin, clusters, get, *, allow
# p, role:org-admin, repositories, *, *, allow
# p, role:org-admin, logs, get, *, allow
# p, role:org-admin, exec, create, */*, allow
# g, your-github-org:your-team, role:org-admin
# -- OIDC scopes to examine during rbac enforcement (in addition to `sub` scope).
# The scope value can be a string, or a list of strings.
scopes: "[groups]"
# -- Matcher function for Casbin, `glob` for glob matcher and `regex` for regex matcher.
policy.matchMode: "glob"
# GnuPG public keys for commit verification
## Ref: https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/
gpg:
# -- Annotations to be added to argocd-gpg-keys-cm configmap
annotations: {{}}
# -- [GnuPG] public keys to add to the keyring
# @default -- `{{}}` (See [values.yaml])
## Note: Public keys should be exported with `gpg --export --armor <KEY>`
keys: {{}}
# 4AEE18F83AFDEB23: |
# -----BEGIN PGP PUBLIC KEY BLOCK-----
# ...
# -----END PGP PUBLIC KEY BLOCK-----
# SSH known hosts for Git repositories
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#ssh-known-host-public-keys
ssh:
# -- Specifies if the argocd-ssh-known-hosts-cm configmap should be created by Helm.
create: true
# -- Annotations to be added to argocd-ssh-known-hosts-cm configmap
annotations: {{}}
# -- Known hosts to be added to the known host list by default.
# @default -- See [values.yaml]
knownHosts: |
[ssh.github.com]:443 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
[ssh.github.com]:443 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
[ssh.github.com]:443 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE=
bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO
bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQeJzhupRu0u0cdegZIa8e86EG2qOCsIsD1Xw0xSeiPDlCr7kq97NLmMbpKTX6Esc30NuoqEEHCuc7yWtwp8dI76EEEB1VqY9QJq6vk+aySyboD5QF61I/1WeTwu+deCbgKMGbUijeXhtfbxSxm6JwGrXrhBdofTsbKRUsrN1WoNgUa8uqN1Vx6WAJw1JHPhglEGGHea6QICwJOAr/6mrui/oB7pkaWKHj3z7d1IC4KWLtY47elvjbaTlkN04Kc/5LFEirorGYVbt15kAUlqGM65pk6ZBxtaO3+30LVlORZkxOh+LKL/BvbZ/iRNhItLqNyieoQj/uh/7Iv4uyH/cV/0b4WDSd3DptigWq84lJubb9t/DnZlrJazxyDCulTmKdOR7vs9gMTo+uoIrPSb8ScTtvw65+odKAlBj59dhnVp9zd7QUojOpXlL62Aw56U4oO+FALuevvMjiWeavKhJqlR7i5n9srYcrNV7ttmDw7kf/97P5zauIhxcjX+xHv4M=
github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=
gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf
gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9
ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H
vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H
# -- Additional known hosts for private repositories
extraHosts: ''
# Repository TLS certificates
# Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#repositories-using-self-signed-tls-certificates-or-are-signed-by-custom-ca
tls:
# -- Annotations to be added to argocd-tls-certs-cm configmap
annotations: {{}}
# -- TLS certificates for Git repositories
# @default -- `{{}}` (See [values.yaml])
certificates: {{}}
# server.example.com: |
# -----BEGIN CERTIFICATE-----
# ...
# -----END CERTIFICATE-----
# -- Specifies if the argocd-tls-certs-cm configmap should be created by Helm.
create: true
# -- Repositories list to be used by applications
## Creates a secret for each key/value specified below to create repositories
## Note: the last example in the list would use a repository credential template, configured under "configs.credentialTemplates".
repositories: {{}}
# istio-helm-repo:
# url: https://storage.googleapis.com/istio-prerelease/daily-build/master-latest-daily/charts
# name: istio.io
# type: helm
# private-helm-repo:
# url: https://my-private-chart-repo.internal
# name: private-repo
# type: helm
# password: my-password
# username: my-username
# private-repo:
# url: https://github.com/argoproj/private-repo
# -- Annotations to be added to `configs.repositories` Secret
repositoriesAnnotations: {{}}
# Argo CD sensitive data
# Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/user-management/#sensitive-data-and-sso-client-secrets
secret:
# -- Create the argocd-secret
createSecret: true
## Application controller
controller:
# -- Application controller name string
name: application-controller
# -- The number of application controller pods to run.
# Additional replicas will cause sharding of managed clusters across number of replicas.
## With dynamic cluster distribution turned on, sharding of the clusters will gracefully
## rebalance if the number of replica's changes or one becomes unhealthy. (alpha)
replicas: 1
# -- Maximum number of controller revisions that will be maintained in StatefulSet history
revisionHistoryLimit: 5
# -- Resource limits and requests for the application controller pods
resources: {{}}
# limits:
# cpu: 500m
# memory: 512Mi
# requests:
# cpu: 250m
# memory: 256Mi
# Application controller container ports
containerPorts:
# -- Metrics container port
metrics: 8082
serviceAccount:
# -- Create a service account for the application controller
create: true
# -- Service account name
name: argocd-application-controller
# -- Annotations applied to created service account
annotations: {{}}
# -- Labels applied to created service account
labels: {{}}
# -- Automount API credentials for the Service Account
automountServiceAccountToken: true
## Application controller metrics configuration
metrics:
# -- Deploy metrics service
enabled: true
# -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used.
scrapeTimeout: ""
applicationLabels:
# -- Enables additional labels in argocd_app_labels metric
enabled: false
# -- Additional labels
labels: []
service:
# -- Metrics service type
type: ClusterIP
# -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP)
clusterIP: ""
# -- Metrics service annotations
annotations: {{}}
# -- Metrics service labels
labels: {{}}
# -- Metrics service port
servicePort: 8082
# -- Metrics service port name
portName: http-metrics
serviceMonitor:
# -- Enable a prometheus ServiceMonitor
enabled: true
# -- Prometheus ServiceMonitor interval
interval: 30s
# -- When true, honorLabels preserves the metrics labels when they collide with the targets labels.
honorLabels: false
# -- Prometheus [RelabelConfigs] to apply to samples before scraping
relabelings: []
# -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
metricRelabelings: []
# -- Prometheus ServiceMonitor selector
selector: {{}}
# prometheus: kube-prometheus
# -- Prometheus ServiceMonitor scheme
scheme: ""
# -- Prometheus ServiceMonitor tlsConfig
tlsConfig: {{}}
# -- Prometheus ServiceMonitor namespace
namespace: "" # "monitoring"
# -- Prometheus ServiceMonitor labels
additionalLabels: {{}}
# -- Prometheus ServiceMonitor annotations
annotations: {{}}
rules:
# -- Deploy a PrometheusRule for the application controller
enabled: false
# -- PrometheusRule namespace
namespace: "" # "monitoring"
# -- PrometheusRule selector
selector: {{}}
# prometheus: kube-prometheus
# -- PrometheusRule labels
additionalLabels: {{}}
# -- PrometheusRule annotations
annotations: {{}}
# -- PrometheusRule.Spec for the application controller
spec: []
## Dex
dex:
# -- Enable dex
enabled: false
## Redis
redis:
# -- Enable redis
enabled: true
# -- Redis name
name: redis
## Redis image
image:
# -- Redis repository
repository: ecr-public.aws.com/docker/library/redis
# -- Redis tag
## Do not upgrade to >= 7.4.0, otherwise you are no longer using an open source version of Redis
tag: 7.2.8-alpine
# -- Redis image pull policy
# @default -- `""` (defaults to global.image.imagePullPolicy)
imagePullPolicy: ""
## Prometheus redis-exporter sidecar
exporter:
# -- Enable Prometheus redis-exporter sidecar
enabled: true
# -- Environment variables to pass to the Redis exporter
env: []
## Prometheus redis-exporter image
image:
# -- Repository to use for the redis-exporter
repository: ghcr.io/oliver006/redis_exporter
# -- Tag to use for the redis-exporter
tag: v1.74.0
# -- Image pull policy for the redis-exporter
# @default -- `""` (defaults to global.image.imagePullPolicy)
imagePullPolicy: ""
## Probes for Redis exporter (optional)
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
readinessProbe:
# -- Enable Kubernetes liveness probe for Redis exporter (optional)
enabled: false
# -- Number of seconds after the container has started before [probe] is initiated
initialDelaySeconds: 30
# -- How often (in seconds) to perform the [probe]
periodSeconds: 15
# -- Number of seconds after which the [probe] times out
timeoutSeconds: 15
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
successThreshold: 1
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
failureThreshold: 5
livenessProbe:
# -- Enable Kubernetes liveness probe for Redis exporter
enabled: false
# -- Number of seconds after the container has started before [probe] is initiated
initialDelaySeconds: 30
# -- How often (in seconds) to perform the [probe]
periodSeconds: 15
# -- Number of seconds after which the [probe] times out
timeoutSeconds: 15
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
successThreshold: 1
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
failureThreshold: 5
# -- Resource limits and requests for redis-exporter sidecar
resources:
limits:
cpu: 50m
memory: 64Mi
requests:
cpu: 10m
memory: 32Mi
## Probes for Redis server (optional)
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
readinessProbe:
# -- Enable Kubernetes liveness probe for Redis server
enabled: false
# -- Number of seconds after the container has started before [probe] is initiated
initialDelaySeconds: 30
# -- How often (in seconds) to perform the [probe]
periodSeconds: 15
# -- Number of seconds after which the [probe] times out
timeoutSeconds: 15
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
successThreshold: 1
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
failureThreshold: 5
livenessProbe:
# -- Enable Kubernetes liveness probe for Redis server
enabled: false
# -- Number of seconds after the container has started before [probe] is initiated
initialDelaySeconds: 30
# -- How often (in seconds) to perform the [probe]
periodSeconds: 15
# -- Number of seconds after which the [probe] times out
timeoutSeconds: 15
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
successThreshold: 1
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
failureThreshold: 5
# -- Resource limits and requests for redis
resources:
limits:
cpu: 200m
memory: 128Mi
requests:
cpu: 100m
memory: 64Mi
metrics:
# -- Deploy metrics service
enabled: true
# Redis metrics service configuration
service:
# -- Metrics service type
type: ClusterIP
# -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP)
clusterIP: None
# -- Metrics service annotations
annotations: {{}}
# -- Metrics service labels
labels: {{}}
# -- Metrics service port
servicePort: 9121
# -- Metrics service port name
portName: http-metrics
serviceMonitor:
# -- Enable a prometheus ServiceMonitor
enabled: true
# -- Interval at which metrics should be scraped
interval: 30s
# -- When true, honorLabels preserves the metrics labels when they collide with the targets labels.
honorLabels: false
# -- Prometheus [RelabelConfigs] to apply to samples before scraping
relabelings: []
# -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
metricRelabelings: []
# -- Prometheus ServiceMonitor selector
selector: {{}}
# prometheus: kube-prometheus
# -- Prometheus ServiceMonitor scheme
scheme: ""
# -- Prometheus ServiceMonitor tlsConfig
tlsConfig: {{}}
# -- Prometheus ServiceMonitor namespace
namespace: "" # "monitoring"
# -- Prometheus ServiceMonitor labels
additionalLabels: {{}}
# -- Prometheus ServiceMonitor annotations
annotations: {{}}
## Server
server:
# -- Argo CD server name
name: server
# -- The number of server pods to run
replicas: 1
# -- Resource limits and requests for the Argo CD server
resources: {{}}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 50m
# memory: 64Mi
## Server metrics service configuration
metrics:
# -- Deploy metrics service
enabled: true
service:
# -- Metrics service type
type: ClusterIP
# -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP)
clusterIP: ""
# -- Metrics service annotations
annotations: {{}}
# -- Metrics service labels
labels: {{}}
# -- Metrics service port
servicePort: 8083
# -- Metrics service port name
portName: http-metrics
serviceMonitor:
# -- Enable a prometheus ServiceMonitor
enabled: true
# -- Prometheus ServiceMonitor interval
interval: 30s
# -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used.
scrapeTimeout: ""
# -- When true, honorLabels preserves the metrics labels when they collide with the targets labels.
honorLabels: false
# -- Prometheus [RelabelConfigs] to apply to samples before scraping
relabelings: []
# -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
metricRelabelings: []
# -- Prometheus ServiceMonitor selector
selector: {{}}
# prometheus: kube-prometheus
# -- Prometheus ServiceMonitor scheme
scheme: ""
# -- Prometheus ServiceMonitor tlsConfig
tlsConfig: {{}}
# -- Prometheus ServiceMonitor namespace
namespace: "" # monitoring
# -- Prometheus ServiceMonitor labels
additionalLabels: {{}}
# -- Prometheus ServiceMonitor annotations
annotations: {{}}
# Argo CD server ingress configuration
ingress:
# -- Enable an ingress resource for the Argo CD server
enabled: false
# -- Specific implementation for ingress controller. One of `generic`, `aws` or `gke`
## Additional configuration might be required in related configuration sections
controller: generic
# -- Additional ingress labels
labels: {{}}
# -- Additional ingress annotations
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-1-ssl-passthrough
annotations: {{}}
# nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
# nginx.ingress.kubernetes.io/ssl-passthrough: "true"
# -- Defines which ingress controller will implement the resource
ingressClassName: ""
# -- Argo CD server hostname
# @default -- `""` (defaults to global.domain)
hostname: ""
# -- The path to Argo CD server
path: /
# -- Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific`
pathType: Prefix
# -- Enable TLS configuration for the hostname defined at `server.ingress.hostname`
## TLS certificate will be retrieved from a TLS secret `argocd-server-tls`
## You can create this secret via `certificate` or `certificateSecret` option
tls: false
# -- The list of additional hostnames to be covered by ingress record
# @default -- `[]` (See [values.yaml])
extraHosts: []
# - name: argocd.example.com
# path: /
# -- Additional ingress paths
# @default -- `[]` (See [values.yaml])
## Note: Supports use of custom Helm templates
extraPaths: []
# - path: /*
# pathType: Prefix
# backend:
# service:
# name: ssl-redirect
# port:
# name: use-annotation
# -- Additional ingress rules
# @default -- `[]` (See [values.yaml])
## Note: Supports use of custom Helm templates
extraRules: []
# - http:
# paths:
# - path: /
# pathType: Prefix
# backend:
# service:
# name: '{{{{ include "argo-cd.server.fullname" . }}}}'
# port:
# name: '{{{{ .Values.server.service.servicePortHttpsName }}}}'
# -- Additional TLS configuration
# @default -- `[]` (See [values.yaml])
extraTls: []
# - hosts:
# - argocd.example.com
# secretName: your-certificate-name
# Create a OpenShift Route with SSL passthrough for UI and CLI
# Consider setting 'hostname' e.g. https://argocd.apps-crc.testing/ using your Default Ingress Controller Domain
# Find your domain with: kubectl describe --namespace=openshift-ingress-operator ingresscontroller/default | grep Domain:
# If 'hostname' is an empty string "" OpenShift will create a hostname for you.
route:
# -- Enable an OpenShift Route for the Argo CD server
enabled: {openshift}
# -- Openshift Route annotations
annotations: {{}}
# -- Hostname of OpenShift Route
hostname: ""
# -- Termination type of Openshift Route
termination_type: passthrough
# -- Termination policy of Openshift Route
termination_policy: None
## Repo Server
repoServer:
# -- Repo server name
name: repo-server
# -- The number of repo server pods to run
replicas: 1
# -- Resource limits and requests for the repo server pods
resources: {{}}
# limits:
# cpu: 50m
# memory: 128Mi
# requests:
# cpu: 10m
# memory: 64Mi
## Repo server metrics service configuration
metrics:
# -- Deploy metrics service
enabled: true
service:
# -- Metrics service type
type: ClusterIP
# -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP)
clusterIP: ""
# -- Metrics service annotations
annotations: {{}}
# -- Metrics service labels
labels: {{}}
# -- Metrics service port
servicePort: 8084
# -- Metrics service port name
portName: http-metrics
serviceMonitor:
# -- Enable a prometheus ServiceMonitor
enabled: true
# -- Prometheus ServiceMonitor interval
interval: 30s
# -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used.
scrapeTimeout: ""
# -- When true, honorLabels preserves the metrics labels when they collide with the targets labels.
honorLabels: false
# -- Prometheus [RelabelConfigs] to apply to samples before scraping
relabelings: []
# -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
metricRelabelings: []
# -- Prometheus ServiceMonitor selector
selector: {{}}
# prometheus: kube-prometheus
# -- Prometheus ServiceMonitor scheme
scheme: ""
# -- Prometheus ServiceMonitor tlsConfig
tlsConfig: {{}}
# -- Prometheus ServiceMonitor namespace
namespace: "" # "monitoring"
# -- Prometheus ServiceMonitor labels
additionalLabels: {{}}
# -- Prometheus ServiceMonitor annotations
annotations: {{}}
## ApplicationSet controller
applicationSet:
# -- ApplicationSet controller name string
name: applicationset-controller
# -- The number of ApplicationSet controller pods to run
replicas: 1
## Metrics service configuration
metrics:
# -- Deploy metrics service
enabled: true
service:
# -- Metrics service type
type: ClusterIP
# -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP)
clusterIP: ""
# -- Metrics service annotations
annotations: {{}}
# -- Metrics service labels
labels: {{}}
# -- Metrics service port
servicePort: 8080
# -- Metrics service port name
portName: http-metrics
serviceMonitor:
# -- Enable a prometheus ServiceMonitor
enabled: true
# -- Prometheus ServiceMonitor interval
interval: 30s
# -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used.
scrapeTimeout: ""
# -- When true, honorLabels preserves the metrics labels when they collide with the targets labels.
honorLabels: false
# -- Prometheus [RelabelConfigs] to apply to samples before scraping
relabelings: []
# -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
metricRelabelings: []
# -- Prometheus ServiceMonitor selector
selector: {{}}
# prometheus: kube-prometheus
# -- Prometheus ServiceMonitor scheme
scheme: ""
# -- Prometheus ServiceMonitor tlsConfig
tlsConfig: {{}}
# -- Prometheus ServiceMonitor namespace
namespace: "" # monitoring
# -- Prometheus ServiceMonitor labels
additionalLabels: {{}}
# -- Prometheus ServiceMonitor annotations
annotations: {{}}
# -- Resource limits and requests for the ApplicationSet controller pods.
resources: {{}}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# -- Enable ApplicationSet in any namespace feature
allowAnyNamespace: false
## Notifications controller
notifications:
# -- Enable notifications controller
enabled: true
# -- Notifications controller name string
name: notifications-controller
# -- Argo CD dashboard url; used in place of {{{{.context.argocdUrl}}}} in templates
# @default -- `""` (defaults to https://`global.domain`)
argocdUrl: ""
secret:
# -- Whether helm chart creates notifications controller secret
## If true, will create a secret with the name below. Otherwise, will assume existence of a secret with that name.
create: true
# -- notifications controller Secret name
name: "argocd-notifications-secret"
# -- Generic key:value pairs to be inserted into the secret
## Can be used for templates, notification services etc. Some examples given below.
## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/overview/
items: {{}}
# slack-token:
# # For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/slack/
# grafana-apiKey:
# # For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/grafana/
# webhooks-github-token:
# email-username:
# email-password:
# For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/email/
metrics:
# -- Enables prometheus metrics server
enabled: true
# -- Metrics port
port: 9001
service:
# -- Metrics service type
type: ClusterIP
# -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP)
clusterIP: ""
# -- Metrics service annotations
annotations: {{}}
# -- Metrics service labels
labels: {{}}
# -- Metrics service port name
portName: http-metrics
serviceMonitor:
# -- Enable a prometheus ServiceMonitor
enabled: true
# -- Prometheus ServiceMonitor selector
selector: {{}}
# prometheus: kube-prometheus
# -- Prometheus ServiceMonitor labels
additionalLabels: {{}}
# -- Prometheus ServiceMonitor annotations
annotations: {{}}
# namespace: monitoring
# interval: 30s
# scrapeTimeout: 10s
# -- Prometheus ServiceMonitor scheme
scheme: ""
# -- Prometheus ServiceMonitor tlsConfig
tlsConfig: {{}}
# -- When true, honorLabels preserves the metrics labels when they collide with the targets labels.
honorLabels: false
# -- Prometheus [RelabelConfigs] to apply to samples before scraping
relabelings: []
# -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
metricRelabelings: []
# -- Configures notification services such as slack, email or custom webhook
# @default -- See [values.yaml]
## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/overview/
notifiers: {{}}
# service.slack: |
# token: $slack-token
# -- Resource limits and requests for the notifications controller
resources: {{}}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
cm:
# -- Whether helm chart creates notifications controller config map
create: true
# -- Contains centrally managed global application subscriptions
## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/subscriptions/
subscriptions: []
# # subscription for on-sync-status-unknown trigger notifications
# - recipients:
# - slack:test2
# - email:test@gmail.com
# triggers:
# - on-sync-status-unknown
# # subscription restricted to applications with matching labels only
# - recipients:
# - slack:test3
# selector: test=true
# triggers:
# - on-sync-status-unknown
# -- The notification template is used to generate the notification content
## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/templates/
templates: {{}}
commitServer:
# -- Enable commit server
enabled: false
"#,
);
HelmChartScore {
namespace: Some(NonBlankString::from_str(&namespace).unwrap()),
release_name: NonBlankString::from_str("argo-cd").unwrap(),
chart_name: NonBlankString::from_str("argo/argo-cd").unwrap(),
chart_version: Some(NonBlankString::from_str("8.1.2").unwrap()),
values_overrides: None,
values_yaml: Some(values.to_string()),
create_namespace: true,
install_only: false,
repository: Some(HelmRepository::new(
"argo".to_string(),
url::Url::parse("https://argoproj.github.io/argo-helm").unwrap(),
true,
)),
}
}

6
harmony/src/modules/application/features/mod.rs
View File

@ -6,3 +6,9 @@ pub use monitoring::*;
mod continuous_delivery; mod continuous_delivery;
pub use continuous_delivery::*; pub use continuous_delivery::*;
mod helm_argocd_score;
pub use helm_argocd_score::*;
mod argo_types;
pub use argo_types::*;