move to charts dir for github actions

Signed-off-by: Mirko Teodorovic <[email protected]>

charts/Chart.yaml

@@ -0,0 +1,9 @@
+apiVersion: v2
+name: gitops-helm
+description: A Helm chart for Harness GitOps Agent - for more information, please visit https://developer.harness.io/docs/category/gitops.
+version: 1.1.10
+dependencies:
+  - name: argo-cd
+    version: 6.7.18
+    repository: https://argoproj.github.io/argo-helm
+    condition: argo-cd.enabled

charts/templates/_common.tpl

@@ -0,0 +1,113 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "harness.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "harness.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Return valid version label
+*/}}
+{{- define "harness.versionLabelValue" -}}
+{{ regexReplaceAll "[^-A-Za-z0-9_.]" .Values.agent.image.tag "-" | trunc 63 | trimAll "-" | trimAll "_" | trimAll "." | quote }}
+{{- end -}}
+
+{{/*
+Argo CD Common labels
+*/}}
+{{- define "harness.labels" -}}
+helm.sh/chart: {{ include "harness.chart" .context }}
+{{ include "harness.selectorLabels" (dict "context" .context "component" .component "name" .name) }}
+app.kubernetes.io/managed-by: {{ .context.Release.Service }}
+app.kubernetes.io/part-of: harness-gitops
+app.kubernetes.io/version: {{ include "harness.versionLabelValue" .context }}
+{{- with .context.Values.global.additionalLabels }}
+{{ toYaml . }}
+{{- end }}
+{{- end }}
+
+{{/*
+Harness Common labels
+*/}}
+{{- define "harness.agentLabels" -}}
+helm.sh/chart: {{ include "harness.chart" .context }}
+{{ include "harness.agentSelectorLabels" (dict "context" .context "component" .component "name" .name) }}
+app.kubernetes.io/managed-by: {{ .context.Release.Service }}
+app.kubernetes.io/part-of: harness-gitops
+app.kubernetes.io/version: {{ include "harness.versionLabelValue" .context }}
+{{- with .context.Values.global.additionalLabels }}
+{{ toYaml . }}
+{{- end }}
+{{- end }}
+
+{{/*
+Argo CD Selector labels
+*/}}
+{{- define "harness.selectorLabels" -}}
+{{- if .name -}}
+app.kubernetes.io/name: {{ include "harness.name" .context }}-{{ .name }}
+{{ end -}}
+app.kubernetes.io/instance: {{ .context.Release.Name }}
+{{- if .component }}
+app.kubernetes.io/component: {{ .component }}
+{{- end }}
+{{- end }}
+
+{{/*
+Harness Selector labels
+*/}}
+{{- define "harness.agentSelectorLabels" -}}
+{{- if .name -}}
+app.kubernetes.io/name: {{ .context.Values.harness.nameOverride }}-{{ .name }}
+{{ end -}}
+app.kubernetes.io/instance: {{ .context.Release.Name }}
+{{- if .component }}
+app.kubernetes.io/component: {{ .component }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create the name of the GitOps Agent service account to use
+*/}}
+{{- define "harness.agent.serviceAccountName" -}}
+{{- if .Values.agent.serviceAccount.create -}}
+    {{ default .Values.agent.name .Values.agent.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.agent.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Disaster Recovery cluster name
+*/}}
+{{- define "harness.agentClusterName" -}}
+{{- if .Values.harness.disasterRecovery.enabled -}}
+    {{ .Values.agent.harnessName }}-agent-{{ .Values.harness.disasterRecovery.identifier }}
+{{- else -}}
+    {{ .Values.agent.harnessName }}-agent
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set value for redis server, this can be used in case of external redis server also
+just set the value of .Values.harness.configMap.argocd.redisSvc
+*/}}
+{{- define "redisServer" -}}
+    {{- if .Values.harness.configMap.argocd.redisSvc -}}
+      {{- .Values.harness.configMap.argocd.redisSvc -}}
+    {{- else -}}
+      {{- if .Values.agent.highAvailability -}}
+        {{- .Values.harness.configMap.argocd.redisHaProxySvc -}}
+      {{- else -}}
+        {{- .Values.harness.configMap.argocd.redis -}}
+      {{- end -}}
+    {{- end -}}
+{{- end -}}

charts/templates/argocd-application-controller/clusterrole.yaml

@@ -0,0 +1,20 @@
+{{- $argo := (index .Values "argo-cd") -}}
+{{- if and .Values.harness.createClusterRoles $argo.enabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "argo-cd.controller.fullname" . }}-{{ .Release.Namespace }}
+  labels:
+    {{- include "harness.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
+rules:
+  - apiGroups:
+    - '*'
+    resources:
+    - '*'
+    verbs:
+    - '*'
+  - nonResourceURLs:
+    - '*'
+    verbs:
+    - '*'
+{{- end }}

charts/templates/argocd-application-controller/clusterrolebinding.yaml

@@ -0,0 +1,17 @@
+{{- $argo := (index .Values "argo-cd") -}}
+{{- if and .Values.harness.createClusterRoles $argo.enabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "argo-cd.controller.fullname" . }}-{{ .Release.Namespace }}
+  labels:
+    {{- include "harness.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "argo-cd.controller.fullname" . }}-{{ .Release.Namespace }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "argo-cd.controller.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+{{- end }}

charts/templates/argocd-application-controller/networkpolicy.yaml

@@ -0,0 +1,20 @@
+{{- if .Values.harness.networkPolicy.create }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  labels:
+    {{- include "harness.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
+  name: {{ template "argo-cd.controller.fullname" . }}
+  namespace: {{ .Release.Namespace | quote }}
+spec:
+  ingress:
+  - from:
+    - namespaceSelector: {}
+    ports:
+    - port: metrics
+  podSelector:
+    matchLabels:
+      {{- include "harness.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }}
+  policyTypes:
+  - Ingress
+{{- end }}

charts/templates/argocd-applicationset/networkpolicy.yaml

@@ -0,0 +1,27 @@
+{{- $argo := (index .Values "argo-cd") -}}
+{{- if and $argo.applicationSet.enabled .Values.harness.networkPolicy.create (or $argo.applicationSet.metrics.enabled $argo.applicationSet.webhook.ingress.enabled) }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "argo-cd.applicationSet.fullname" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+    {{- include "harness.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }}
+spec:
+  ingress:
+  {{- if $argo.applicationSet.webhook.ingress.enabled }}
+  - ports:
+    - port: webhook
+  {{- end }}
+  {{- if $argo.applicationSet.metrics.enabled }}
+  - from:
+    - namespaceSelector: {}
+    ports:
+    - port: metrics
+  {{- end }}
+  podSelector:
+    matchLabels:
+      {{- include "harness.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 6 }}
+  policyTypes:
+  - Ingress
+{{- end }}

charts/templates/argocd-repo-server/clusterrole.yaml

@@ -0,0 +1,20 @@
+{{- $argo := (index .Values "argo-cd") -}}
+{{- if and .Values.harness.createClusterRoles $argo.enabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "argo-cd.repoServer.fullname" . }}-{{ .Release.Namespace }}
+  labels:
+    {{- include "harness.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
+rules:
+  - apiGroups:
+    - '*'
+    resources:
+    - '*'
+    verbs:
+    - '*'
+  - nonResourceURLs:
+    - '*'
+    verbs:
+    - '*'
+{{- end }}

charts/templates/argocd-repo-server/clusterrolebinding.yaml

@@ -0,0 +1,17 @@
+{{- $argo := (index .Values "argo-cd") -}}
+{{- if and .Values.harness.createClusterRoles $argo.enabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "argo-cd.repoServer.fullname" . }}-{{ .Release.Namespace }}
+  labels:
+    {{- include "harness.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "argo-cd.repoServer.fullname" . }}-{{ .Release.Namespace }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "argo-cd.repoServer.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+{{- end }}

charts/templates/argocd-repo-server/networkpolicy.yaml

@@ -0,0 +1,38 @@
+{{- if .Values.harness.networkPolicy.create }}
+{{- $argo := (index .Values "argo-cd") -}}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  labels:
+    {{- include "harness.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
+  name: {{ template "argo-cd.repoServer.fullname" . }}
+  namespace: {{ .Release.Namespace | quote }}
+spec:
+  ingress:
+  - from:
+    - podSelector:
+        matchLabels:
+          {{- include "harness.agentSelectorLabels" (dict "context" . "name" .Values.agent.name) | nindent 10 }}
+    - podSelector:
+        matchLabels:
+          {{- include "harness.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 10 }}
+    {{- if $argo.applicationSet.enabled }}
+    - podSelector:
+        matchLabels:
+          {{- include "harness.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 10 }}
+    {{- end }}
+    ports:
+    - port: repo-server
+      protocol: TCP
+  {{- if $argo.repoServer.metrics.enabled }}
+  - from:
+    - namespaceSelector: {}
+    ports:
+    - port: metrics
+  {{- end }}
+  podSelector:
+    matchLabels:
+      {{- include "harness.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 6 }}
+  policyTypes:
+  - Ingress
+{{- end }}

charts/templates/gitops-agent/clusterrole.yaml

@@ -0,0 +1,60 @@
+{{- if .Values.harness.createClusterRoles }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "harness.agentClusterName" . }}
+  labels:
+    {{- include "harness.agentLabels" (dict "context" . "component" .Values.agent.name "name" .Values.agent.name) | nindent 4 }}
+rules:
+  - apiGroups:
+      - '*'
+    resources:
+      - '*'
+    verbs:
+      - delete
+      - get
+      - patch
+      - watch
+      - list
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - list
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+      - pods/log
+    verbs:
+      - get
+  - apiGroups:
+      - argoproj.io
+    resources:
+      - applications
+      - applicationsets
+      - appprojects
+    verbs:
+      - get
+      - list
+      - update
+      - watch
+      - create
+      - patch
+      - delete
+  - apiGroups:
+      - batch
+    resources:
+      {{/* supports triggering jobs from UI */}}
+      - jobs
+    verbs:
+      - create
+  - apiGroups:
+      - argoproj.io
+    resources:
+      - workflows
+    verbs:
+      {{/* supports triggering workflows from UI */}}
+      - create
+{{- end }}

charts/templates/gitops-agent/clusterrolebinding.yaml

@@ -0,0 +1,16 @@
+{{- if .Values.harness.createClusterRoles }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "harness.agentClusterName" . }}
+  labels:
+    {{- include "harness.agentLabels" (dict "context" . "component" .Values.agent.name "name" .Values.agent.name) | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "harness.agentClusterName" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "harness.agent.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+{{- end }}