First commit of cluster-level-resources publicly (#233)

helm/cluster-level-resources/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

helm/cluster-level-resources/App.yaml

@@ -0,0 +1,17 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: cluster-level-resources
+  namespace: argocd
+spec:
+  project: default
+  destination:
+    namespace: argocd
+    server: https://kubernetes.default.svc
+  source:
+    repoURL: https://github.com/uc-cdis/gen3-gitops.git
+    targetRevision: master
+    path: cluster-level-resources
+  syncPolicy:
+    automated:
+      selfHeal: true

helm/cluster-level-resources/Chart.yaml

@@ -0,0 +1,9 @@
+apiVersion: v2
+name: cluster-level-resources
+description: An app-of-apps Helm chart that allows for flexible deployment of resources that support Gen3
+
+type: application
+
+version: 0.5.3
+
+appVersion: "1.17.0"

helm/cluster-level-resources/templates/alb-controller.yaml

@@ -0,0 +1,38 @@
+{{ if index .Values "alb-controller" "enabled" }}
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: alb-controller
+  namespace: argocd
+spec:
+  project: default
+  sources:
+    - chart: aws-load-balancer-controller
+      repoURL: https://aws.github.io/eks-charts
+      targetRevision: {{ index .Values "alb-controller" "targetRevision" }}
+      helm:
+        releaseName: alb-controller
+      {{- if index .Values "alb-controller" "configuration" "enabled" }}
+        valueFiles:
+          - $values/{{ .Values.cluster }}/cluster-values/alb-controller.yaml
+    - repoURL: {{ .Values.configuration.configurationRepo }}
+      targetRevision: {{ .Values.configurationRevision }}
+      ref: values
+      {{- else }}
+        values: |
+          clusterName: {{ .Values.eksClusterName | default .Values.cluster }}
+          serviceAccount:
+            create: true
+            annotations:
+              eks.amazonaws.com/role-arn: arn:aws:iam::{{ .Values.accountNumber }}:role/gen3-service/{{ .Values.eksClusterName | default .Values.cluster }}-aws-load-balancer-controller-sa
+            name: aws-load-balancer-controller
+      {{- end }}
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: kube-system
+  syncPolicy:
+    syncOptions:
+    - CreateNamespace=false
+    automated:
+      selfHeal: true
+{{ end }}

helm/cluster-level-resources/templates/alloy-configmap.yaml

@@ -0,0 +1,9 @@
+{{ if index .Values "grafana-alloy" "enabled" }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: alloy-gen3
+  namespace: monitoring
+data:
+  config: {{ tpl (index .Values "alloy-configmap-data") . | toYaml | indent 2}}
+{{ end }}

helm/cluster-level-resources/templates/aws-s3-mountpoint.yaml

@@ -0,0 +1,36 @@
+{{ if index .Values "aws-s3-mountpoint" "enabled" }}
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: aws-s3-mountpoint
+  namespace: argocd
+spec:
+  project: default
+  sources:
+    - chart: aws-mountpoint-s3-csi-driver
+      repoURL: https://awslabs.github.io/mountpoint-s3-csi-driver
+      targetRevision: {{ index .Values "aws-s3-mountpoint" "targetRevision" }}
+      helm:
+        releaseName: aws-s3-mountpoint
+      {{- if index .Values "aws-s3-mountpoint" "configuration" "enabled" }}
+        valueFiles:
+          - $values/{{ .Values.cluster }}/cluster-values/aws-s3-mountpoint.yaml
+    - repoURL: {{ .Values.configuration.configurationRepo }}
+      targetRevision: {{ .Values.configuration.configurationRevision }}
+      ref: values
+      {{- else }}
+        values: |
+          node:
+            serviceAccount:
+              annotations:
+                "eks.amazonaws.com/role-arn": "arn:aws:iam::{{ .Values.accountNumber }}:role/AmazonEKS_S3_CSI_DriverRole-{{ .Values.cluster }}"
+      {{- end }}
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: kube-system
+  syncPolicy:
+    syncOptions:
+    - CreateNamespace=false
+    automated:
+      selfHeal: true
+{{ end }}

helm/cluster-level-resources/templates/calico.yaml

@@ -0,0 +1,37 @@
+{{ if index .Values "calico" "enabled" }}
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: calico
+  namespace: argocd
+spec:
+  project: default
+  sources:
+    - chart: tigera-operator
+      repoURL: https://docs.tigera.io/calico/charts
+      targetRevision: {{ index .Values "calico" "targetRevision" }}
+      helm:
+        releaseName: calico
+      {{- if index .Values "calico" "configuration" "enabled" }}
+        valueFiles:
+          - $values/{{ .Values.cluster }}/cluster-values/calico.yaml
+    - repoURL: {{ .Values.configuration.configurationRepo }}
+      targetRevision: {{ .Values.configuration.configurationRevision }}
+      ref: values
+      {{- else }}
+        values: |
+          installation:
+            kubernetesProvider: EKS
+            registry: quay.io/
+      {{- end }}
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: kube-system
+  syncPolicy:
+    syncOptions:
+    - Force=true
+    - ServerSideApply=true
+    - CreateNamespace=false
+    automated:
+      selfHeal: true
+{{ end }}

helm/cluster-level-resources/templates/coreDNS.yaml

@@ -0,0 +1,57 @@
+{{ if index .Values "coreDNS" "enabled" }}
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: coredns
+  namespace: argocd
+spec:
+  project: default
+  sources:
+    - chart: coredns
+      repoURL: https://coredns.github.io/helm
+      targetRevision: {{ index .Values "coreDNS" "targetRevision" }}
+      helm:
+        releaseName: coredns
+      {{- if index .Values "coreDNS" "configuration" "enabled" }}
+        valueFiles:
+          - $values/{{ .Values.cluster }}/cluster-values/coreDNS.yaml
+    - repoURL: {{ .Values.configuration.configurationRepo }}
+      targetRevision: {{ .Values.configuration.configurationRevision }}
+      ref: values
+      {{- else }}
+        values: |
+          service:
+            clusterIP: "10.100.0.10"
+            name: "kube-dns"
+
+          autoscaler:
+            enabled: true
+            replicas: 2
+
+          k8sAppLabelOverride: "kube-dns"
+
+          deployment:
+            name: "coredns-argo"
+
+          affinity:
+            podAntiAffinity:
+              preferredDuringSchedulingIgnoredDuringExecution:
+              - weight: 100
+                podAffinityTerm:
+                  labelSelector:
+                    matchExpressions:
+                    - key: k8s-app
+                      operator: In
+                      values:
+                      - kube-dns
+                  topologyKey: kubernetes.io/hostname
+      {{- end }}
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: kube-system
+  syncPolicy:
+    syncOptions:
+    - CreateNamespace=false
+    automated:
+      selfHeal: false
+{{ end }}

helm/cluster-level-resources/templates/ebs-csi-driver.yaml

@@ -0,0 +1,30 @@
+{{ if index .Values "ebs-csi-driver" "enabled" }}
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: ebs-csi-driver
+  namespace: argocd
+spec:
+  project: default
+  sources:
+    - chart: aws-ebs-csi-driver
+      repoURL: https://kubernetes-sigs.github.io/aws-ebs-csi-driver
+      targetRevision: {{ index .Values "ebs-csi-driver" "targetRevision" }}
+      helm:
+        releaseName: ebs-csi-driver
+      {{- if index .Values "ebs-csi-driver" "configuration" "enabled" }}
+        valueFiles:
+          - $values/{{ .Values.cluster }}/cluster-values/ebs-csi-driver.yaml
+    - repoURL: {{ .Values.configuration.configurationRepo }}
+      targetRevision: {{ .Values.configuration.configurationRevision }}
+      ref: values
+      {{- end }}
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: kube-system
+  syncPolicy:
+    syncOptions:
+    - CreateNamespace=false
+    automated:
+      selfHeal: true
+{{ end }}

helm/cluster-level-resources/templates/fluentd.yaml

@@ -0,0 +1,43 @@
+{{ if index .Values "fluentd" "enabled" }}
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: fluentd
+  namespace: argocd
+spec:
+  project: default
+  sources:
+    - chart: fluentd
+      repoURL: https://fluent.github.io/helm-charts
+      targetRevision: {{ index .Values "fluentd" "targetRevision" }}
+      helm:
+        releaseName: fluentd
+      {{- if index .Values "fluentd" "configuration" "enabled" }}
+        valueFiles:
+          - $values/{{ .Values.cluster }}/cluster-values/fluentd.yaml
+    - repoURL: {{ .Values.configuration.configurationRepo }}
+      targetRevision: {{ .Values.configurationRevision }}
+      ref: values
+      {{- else }}
+        values: |
+          fileConfigs:
+            gen3.conf: | {{ index .Values "fluentd-configmap-data" | nindent 14 }}
+          env:
+            - name: "FLUENTD_CONF"
+              value: "../../../etc/fluent/config.d/gen3.conf"
+            - name: FLUENT_CONTAINER_TAIL_PARSER_TYPE
+              value: "cri"
+            - name: AWS_REGION
+              value: "us-east-1"
+          image:
+            tag: v1.15.3-debian-cloudwatch-1.0
+      {{- end }}
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: kube-system
+  syncPolicy:
+    syncOptions:
+    - CreateNamespace=false
+    automated:
+      selfHeal: true
+{{ end }}

helm/cluster-level-resources/templates/grafana-alloy.yaml

@@ -0,0 +1,66 @@
+{{ if index .Values "grafana-alloy" "enabled" }}
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: grafana-alloy
+  namespace: argocd
+spec:
+  project: default
+  sources:
+    - repoURL: https://grafana.github.io/helm-charts
+      chart: alloy
+      targetRevision: {{ index .Values "grafana-alloy" "targetRevision" }}
+      helm:
+        releaseName: alloy
+      {{- if index .Values "grafana-alloy" "configuration" "enabled" }}
+        valueFiles:
+          - $values/{{ .Values.cluster }}/cluster-values/grafana-alloy.yaml
+    - repoURL: {{ .Values.configuration.configurationRepo }}
+      targetRevision: {{ .Values.configuration.configurationRevision }}
+      ref: values
+      {{- else }}
+        values: |
+          controller:
+            type: "deployment"
+            affinity:
+              nodeAffinity:
+                requiredDuringSchedulingIgnoredDuringExecution:
+                  nodeSelectorTerms:
+                  - matchExpressions:
+                    - key: topology.kubernetes.io/zone
+                      operator: In
+                      values:
+                      - us-east-1a
+
+          alloy:
+            stabilityLevel: "public-preview"
+            uiPathPrefix: /alloy
+            # -- Extra ports to expose on the Alloy container.
+            extraPorts:
+              - name: "otel-grpc"
+                port: 4317
+                targetPort: 4317
+                protocol: "TCP"
+              - name: "otel-http"
+                port: 4318
+                targetPort: 4318
+                protocol: "TCP"
+            clustering:
+              enabled: true
+            configMap:
+              name: alloy-gen3
+              key: config
+            resources:
+              requests:
+                cpu: 1000m
+                memory: 1Gi
+      {{- end }}
+  syncPolicy:
+    syncOptions:
+    - CreateNamespace=true
+    automated:
+      selfHeal: true
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: monitoring
+{{ end }}