Updating the addons and values to create argocd ingress if selected

Signed-off-by: Markos Kandylis <markos_kandylis@hotmail.com>

Author: markoskandylis

charts/application-sets/values/addons.yaml

@@ -6,48 +6,44 @@ argocd:
   releaseName: argocd
   defaultVersion: "7.7.8"
   chartRepository: "https://argoproj.github.io/argo-helm"
+  additionalResources:
+    path: "charts/argocd-ingress"
+    type: "ingress"
+    helm:
+      releaseName: ingress
+      valuesObject:
+        ingressClass:
+          useAutomode: '{{default "false" (index .metadata.annotations "enable_automode")}}'
+        ingress:
+          domain: '{{default "" (index .metadata.annotations "argocd_dns")}}'
+          privateCertificate: '{{default "" (index .metadata.annotations "argocd_ingress_certificate")}}'
+          rules:
+            - host: '{{default "argocd.example.com" (index .metadata.annotations "argocd_dns")}}'
   selector:
     matchExpressions:
       - key: enable_argocd
         operator: In
-        values: ['true']
-route53-chart:
-  enabled: true
-  enableAckPodIdentity: false
-  namespace: ack-system
-  chartName: route53-chart
-  defaultVersion: "0.0.20"
-  chartNamespace: aws-controllers-k8s
-  chartRepository: public.ecr.aws
-  selector:
-    matchExpressions:
-      - key: enable_route53_controller
-        operator: In
-        values: ['true']
+        values: ["true"]
   valuesObject:
-    aws:
-      region: '{{.metadata.annotations.aws_region}}'
-    serviceAccount:
-      name:  'route53-controller'
-      annotations:
-        eks.amazonaws.com/role-arn: '{{default "" (index .metadata.annotations "ack_route53_controller_role_arn")}}'
+    global:
+      domain: '{{default "" (index .metadata.annotations "argocd_dns")}}'
 external-secrets:
   enabled: true
   enableAckPodIdentity: false
   namespace: external-secrets
   chartName: external-secrets
-  defaultVersion: "0.10.3"
+  defaultVersion: "0.17.0"
   chartRepository: "https://charts.external-secrets.io"
   additionalResources:
     path: "charts/fleet-secret"
     type: "ecr-token"
     helm:
-     releaseName: ecr-token
+      releaseName: ecr-token
   selector:
     matchExpressions:
       - key: enable_external_secrets
         operator: In
-        values: ['true']
+        values: ["true"]
   valuesObject:
     serviceAccount:
       name: "external-secrets-sa"
@@ -63,22 +59,22 @@ aws-load-balancer-controller:
     matchExpressions:
       - key: enable_aws_load_balancer_controller
         operator: In
-        values: ['true']
+        values: ["true"]
   valuesObject:
     serviceAccount:
-      name:  "aws-load-balancer-controller-sa"
-    vpcId: '{{.metadata.annotations.aws_vpc_id}}'
-    clusterName: '{{.name}}'
+      name: "aws-load-balancer-controller-sa"
+    vpcId: "{{.metadata.annotations.aws_vpc_id}}"
+    clusterName: "{{.name}}"
   ignoreDifferences:
     - kind: Secret
       name: aws-load-balancer-tls
       jsonPointers: [/data]
     - group: admissionregistration.k8s.io
       kind: MutatingWebhookConfiguration
-      jqPathExpressions: ['.webhooks[].clientConfig.caBundle']
+      jqPathExpressions: [".webhooks[].clientConfig.caBundle"]
     - group: admissionregistration.k8s.io
       kind: ValidatingWebhookConfiguration
-      jqPathExpressions: ['.webhooks[].clientConfig.caBundle']
+      jqPathExpressions: [".webhooks[].clientConfig.caBundle"]
 metrics-server:
   enabled: true
   enableAckPodIdentity: false
@@ -89,12 +85,12 @@ metrics-server:
     matchExpressions:
       - key: enable_metrics_server
         operator: In
-        values: ['true']
+        values: ["true"]
 karpenter:
   enabled: false
   enableAckPodIdentity: false
   releaseName: karpenter
-  namespace: 'kube-system'
+  namespace: "kube-system"
   chartNamespace: karpenter
   chartName: karpenter
   chartRepository: public.ecr.aws
@@ -103,10 +99,10 @@ karpenter:
     matchExpressions:
       - key: enable_karpenter
         operator: In
-        values: ['true']
+        values: ["true"]
   valuesObject:
     settings:
-      clusterName: '{{.metadata.annotations.aws_cluster_name}}'
+      clusterName: "{{.metadata.annotations.aws_cluster_name}}"
       interruptionQueue: '{{default "" (index .metadata.annotations "karpenter_sqs_queue_name")}}'
     serviceAccount:
       name: '{{default "karpenter" (index .metadata.annotations "karpenter_service_account")}}'
@@ -124,7 +120,7 @@ aws_efs_csi_driver:
     matchExpressions:
       - key: enable_aws_efs_csi_driver
         operator: In
-        values: ['true']
+        values: ["true"]
   valuesObject:
     controller:
       serviceAccount:
@@ -148,7 +144,7 @@ cert_manager:
     matchExpressions:
       - key: enable_cert_manager
         operator: In
-        values: ['true']
+        values: ["true"]
   valuesObject:
     installCRDs: true
     serviceAccount:
@@ -162,19 +158,18 @@ external-dns:
   namespace: '{{default "external-dns" (index .metadata.annotations "external_dns_namespace") }}'
   chartName: external-dns
   chartRepository: https://kubernetes-sigs.github.io/external-dns
-  defaultVersion: "1.14.3"
+  defaultVersion: "1.16.1"
   selector:
     matchExpressions:
       - key: enable_external_dns
         operator: In
-        values: ['true']
+        values: ["true"]
   valuesObject:
     provider: aws
     serviceAccount:
       name: '{{default "" (index .metadata.annotations "external_dns_service_account") }}'
       annotations:
-        eks.amazonaws.com/role-arn: '{{default "" (index .metadata.annotations "external_dns_iam_role_arn") }}'
-    domainFilters: '{{.metadata.annotations.external_dns_domain_filters}}'
-    txtOwnerId: '{{.metadata.annotations.aws_cluster_name}}'
-    policy: '{{default "upsert-only" .metadata.annotations.external_dns_policy}}'
-    extraArgs: '{{default "[]" .metadata.annotations.external_dns_extra_args}}'
+        eks.amazonaws.com/role-arn: '{{default "" (index .metadata.annotations "external_dns_iam_role_arn")}}'
+    domainFilters: ["{{.metadata.annotations.external_dns_domain_filters}}"]
+    txtOwnerId: "{{.metadata.annotations.aws_cluster_name}}"
+    policy: '{{default "upsert-only" (index .metadata.annotations "external_dns_policy")}}'

charts/application-sets/values/fleetBootstrap.yaml

@@ -4,20 +4,20 @@ fleet-external-secrets:
   namespace: platform-system
   releaseName: fleet-external-secrets
   chartName: external-secrets
-  defaultVersion: "0.10.3"
+  defaultVersion: "0.18.0"
   chartRepository: "https://charts.external-secrets.io"
   additionalResources:
     path: "charts/fleet-secret"
     type: "ecr-token"
     helm:
-     releaseName: ecr-token
+      releaseName: ecr-token
   valuesObject:
     serviceAccount:
       name: "external-secrets-sa"
     scopedNamespace: "platform-system"
     scopedRBAC: true
 fleet-argocd:
-  enabled:  true
+  enabled: true
   enableAckPodIdentity: false
   chartName: argo-cd
   namespace: platform-system
@@ -33,9 +33,9 @@ fleet-iam-chart:
   chartRepository: public.ecr.aws
   valuesObject:
     aws:
-      region: '{{.metadata.annotations.aws_region}}'
+      region: "{{.metadata.annotations.aws_region}}"
     serviceAccount:
-      name: '{{.metadata.annotations.ack_iam_service_account}}'
+      name: "{{.metadata.annotations.ack_iam_service_account}}"
 fleet-ack-eks:
   chartName: eks-chart
   namespace: ack-system
@@ -45,7 +45,6 @@ fleet-ack-eks:
   chartRepository: public.ecr.aws
   valuesObject:
     aws:
-      region: '{{.metadata.annotations.aws_region}}'
+      region: "{{.metadata.annotations.aws_region}}"
     serviceAccount:
-      name: '{{.metadata.annotations.ack_eks_service_account}}'
-    
+      name: "{{.metadata.annotations.ack_eks_service_account}}"

charts/application-sets/values/monitoring.yaml

@@ -5,12 +5,12 @@ cw-prometheus:
   namespace: '{{default "amazon-cloudwatch" (index .metadata.annotations "cw_prometheus_namespace")}}'
   chartName: cw-prometheus
   defaultVersion: "0.1.0"
-  path: 'charts/cw-prometheus'
+  path: "charts/cw-prometheus"
   selector:
     matchExpressions:
       - key: enable_cw_prometheus
         operator: In
-        values: ['true']
+        values: ["true"]
 kube-prometheus-stack:
   enabled: true
   enableAckPodIdentity: false
@@ -22,7 +22,7 @@ kube-prometheus-stack:
     matchExpressions:
       - key: enable_kube_prometheus_stack
         operator: In
-        values: ['true']
+        values: ["true"]
 cni-metrics-helper:
   enabled: true
   enableAckPodIdentity: false
@@ -32,14 +32,14 @@ cni-metrics-helper:
   defaultVersion: "1.18.5"
   valuesObject:
     env:
-      AWS_CLUSTER_ID: '{{.metadata.annotations.aws_cluster_name}}'
+      AWS_CLUSTER_ID: "{{.metadata.annotations.aws_cluster_name}}"
   selector:
     matchExpressions:
       - key: enable_cni_metrics_helper
         operator: In
-        values: ['true']
+        values: ["true"]
 amp-prometheus:
-  enabled: true
+  enabled: false
   enableAckPodIdentity: false
   releaseName: amp-prometheus
   namespace: '{{default "amp-prometheus" (index .metadata.annotations "amp_prometheus_namespace")}}'
@@ -50,17 +50,16 @@ amp-prometheus:
     matchExpressions:
       - key: enable_amp_prometheus
         operator: In
-        values: ['true']
+        values: ["true"]
   valuesObject:
     serviceAccounts:
       server:
-          name: '{{default "amp-prometheus-server-sa" (index .metadata.annotations "amp_prometheus_server_sa")}}'
-          annotations:
-            eks.amazonaws.com/role-arn: '{{default "" (index .metadata.annotations "amp_prometheus_iam_role_arn")}}'
+        name: '{{default "amp-prometheus-server-sa" (index .metadata.annotations "amp_prometheus_server_sa")}}'
+        annotations:
+          eks.amazonaws.com/role-arn: '{{default "" (index .metadata.annotations "amp_prometheus_iam_role_arn")}}'
     server:
       remoteWrite:
-        -
-          url: '{{(index .metadata.annotations "amp_endpoint_url")}}.api/v1/remote_write'
+        - url: '{{(index .metadata.annotations "amp_endpoint_url")}}.api/v1/remote_write'
           sigv4:
-              region: '{{.metadata.annotations.aws_region}}'
-              role_arn: '{{default "" (index .metadata.annotations "amp_prometheus_crossaccount_role")}}'
+            region: "{{.metadata.annotations.aws_region}}"
+            role_arn: '{{default "" (index .metadata.annotations "amp_prometheus_crossaccount_role")}}'

charts/argocd-ingress/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/argocd-ingress/Chart.yaml

@@ -0,0 +1,24 @@
+apiVersion: v2
+name: argo-ingress
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.16.0"

charts/argocd-ingress/templates/_helpers.tpl

@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "argo-ingress.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "argo-ingress.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "argo-ingress.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "argo-ingress.labels" -}}
+helm.sh/chart: {{ include "argo-ingress.chart" . }}
+{{ include "argo-ingress.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "argo-ingress.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "argo-ingress.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "argo-ingress.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "argo-ingress.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}