Creating a helm chart for application sets

Signed-off-by: Markos Kandylis <markos_kandylis@hotmail.com>

Author: markoskandylis

charts/application-sets/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/application-sets/Chart.yaml

@@ -0,0 +1,24 @@
+apiVersion: v2
+name: application-sets
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.16.0"

charts/application-sets/README.md

@@ -0,0 +1,231 @@
+argocd:
+  enabled: false
+  chartName: argo-cd
+  namespace: argocd
+  releaseName: argocd
+  defaultVersion: "7.7.8"
+  chartRepository: "https://argoproj.github.io/argo-helm"
+  selector:
+    matchExpressions:
+      - key: enable_argocd
+        operator: In
+        values: ['true']
+iam-chart:
+  enabled: false
+  enableAckPodIdentity: false 
+  namespace: ack-system
+  defaultVersion: "1.3.13"
+  chartNamespace: aws-controllers-k8s
+  chartRepository: public.ecr.aws
+  selector:
+    matchExpressions:
+      - key: enable_ack_iam
+        operator: In
+        values: ['true']
+  environments:
+  - selector:
+      environment: staging
+      tenant: tenant1
+    chartVersion: "7.6.12"
+  valuesObject:
+    aws:
+      region: '{{.metadata.annotations.aws_region}}'
+    serviceAccount:
+      name: '{{.metadata.annotations.ack_iam_service_account}}'
+ack-eks:
+  enabled: false
+  enableAckPodIdentity: false 
+  namespace: ack-system
+  chartName: eks-chart
+  defaultVersion: "1.5.1"
+  chartNamespace: aws-controllers-k8s
+  chartRepository: public.ecr.aws
+  selector:
+    matchExpressions:
+      - key: enable_ack_eks
+        operator: In
+        values: ['true']
+  valuesObject:
+    aws:
+      region: '{{.metadata.annotations.aws_region}}'
+    serviceAccount:
+      name: '{{.metadata.annotations.ack_eks_service_account}}'
+ack-acm:
+  enabled: true
+  enableAckPodIdentity: true
+  namespace: ack-system
+  chartName: acm-chart
+  defaultVersion: "1.0.2"
+  chartNamespace: aws-controllers-k8s
+  chartRepository: public.ecr.aws
+  selector:
+    matchExpressions:
+      - key: enable_ack_acm
+        operator: In
+        values: ['true']
+  valuesObject:
+    aws:
+      region: '{{.metadata.annotations.aws_region}}'
+    serviceAccount:
+      name:  'ack-acm-controller'
+      annotations:
+        eks.amazonaws.com/role-arn: '{{default "" (index .metadata.annotations "ack_acm_role_arn")}}'
+route53-chart:
+  enabled: false
+  enableAckPodIdentity: false
+  namespace: ack-system
+  chartName: route53-chart
+  defaultVersion: "0.0.20"
+  chartNamespace: aws-controllers-k8s
+  chartRepository: public.ecr.aws
+  selector:
+    matchExpressions:
+      - key: enable_route53_controller
+        operator: In
+        values: ['true']
+  valuesObject:
+    aws:
+      region: '{{.metadata.annotations.aws_region}}'
+    serviceAccount:
+      name:  'route53-controller'
+      annotations:
+        eks.amazonaws.com/role-arn: '{{default "" (index .metadata.annotations "ack_route53_controller_role_arn")}}'
+external-secrets:
+  enabled: true
+  enableAckPodIdentity: false
+  namespace: external-secrets
+  chartName: external-secrets
+  defaultVersion: "0.10.3"
+  chartRepository: "https://charts.external-secrets.io"
+  additionalResources:
+    path: "charts/fleet-secret"
+    type: "ecr-token"
+    helm:
+     releaseName: ecr-token
+  selector:
+    matchExpressions:
+      - key: enable_external_secrets
+        operator: In
+        values: ['true']
+  valuesObject:
+    installCRDs:  '{{default toBool(true) toBool((index .metadata.labels "use_external_secrets"))}}'
+    serviceAccount:
+      name: "external-secrets-sa"
+      annotations:
+        eks.amazonaws.com/role-arn: '{{default "" (index .metadata.annotations "external_secrets_iam_role_arn")}}'
+aws-load-balancer-controller:
+  enabled: true
+  enableAckPodIdentity: true
+  namespace: kube-system
+  defaultVersion: "1.8.4"
+  chartRepository: "https://aws.github.io/eks-charts"
+  selector:
+    matchExpressions:
+      - key: enable_aws_load_balancer_controller
+        operator: In
+        values: ['true']
+  valuesObject:
+    serviceAccount:
+      name:  "aws-load-balancer-controller-sa"
+    vpcId: '{{.metadata.annotations.aws_vpc_id}}'
+    clusterName: '{{.name}}'
+  ignoreDifferences:
+    - kind: Secret
+      name: aws-load-balancer-tls
+      jsonPointers: [/data]
+    - group: admissionregistration.k8s.io
+      kind: MutatingWebhookConfiguration
+      jqPathExpressions: ['.webhooks[].clientConfig.caBundle']
+    - group: admissionregistration.k8s.io
+      kind: ValidatingWebhookConfiguration
+      jqPathExpressions: ['.webhooks[].clientConfig.caBundle']
+metrics-server:
+  enabled: false
+  namespace: kube-system
+  defaultVersion: "3.11.0"
+  chartRepository: "https://kubernetes-sigs.github.io/metrics-server"
+  selector:
+    matchExpressions:
+      - key: enable_metrics_server
+        operator: In
+        values: ['true']
+karpenter:
+  enabled: false
+  enableAckPodIdentity: false
+  releaseName: karpenter
+  namespace: 'karpenter'
+  chartName: karpenter/karpenter
+  chartRepository: public.ecr.aws
+  defaultVersion: "1.0.4"
+  selector:
+    matchExpressions:
+      - key: enable_karpenter
+        operator: In
+        values: ['true']
+  valuesObject:
+    settings:
+      clusterName: '{{.metadata.annotations.aws_cluster_name}}'
+      interruptionQueue: '{{.metadata.annotations.karpenter_sqs_queue_name}}'
+    serviceAccount:
+      name: '{{.metadata.annotations.karpenter_service_account}}'
+      annotations:
+        eks.amazonaws.com/role-arn: '{{.metadata.annotations.karpenter_iam_role_arn}}'
+aws_efs_csi_driver:
+  enabled: false
+  enableAckPodIdentity: false
+  releaseName: aws-efs-csi-driver
+  namespace: "kube-sytem"
+  chartName: aws-efs-csi-driver
+  chartRepository: https://kubernetes-sigs.github.io/aws-efs-csi-driver
+  defaultVersion: "3.0.7"
+  selector:
+    matchExpressions:
+      - key: enable_aws_efs_csi_driver
+        operator: In
+        values: ['true']
+  valuesObject:
+    controller:
+      serviceAccount:
+        name: '{{default "" (index  .metadata.annotations aws_efs_csi_driver_controller_service_account)}}'
+        annotations:
+          eks.amazonaws.com/role-arn: '{{default "" (index .metadata.annotations aws_efs_csi_driver_iam_role_arn)}}'
+    node:
+      serviceAccount:
+        name: '{{.metadata.annotations.aws_efs_csi_driver_node_service_account}}'
+        annotations:
+          eks.amazonaws.com/role-arn: '{{.metadata.annotations.aws_efs_csi_driver_iam_role_arn}}'
+kro:
+  enabled: false
+  namespace: kro-system
+  defaultVersion: "0.2.1"
+  chartName: kro
+  chartNamespace: kro
+  chartRepository: ghcr.io/kro-run
+  selector:
+    matchExpressions:
+      - key: enable_kro
+        operator: In
+        values: ['true']
+kro-resource-groups:
+  enabled: false
+  type: manifest
+  namespace: kro-resource-groups
+  defaultVersion: "0.1.0"
+  path: kro/resource-groups
+  selector:
+    matchExpressions:
+      - key: enable_kro_resource_groups
+        operator: In
+        values: ['true']
+external-dns:
+  enabled: false
+  releaseName: external-dns
+  namespace: '{{.metadata.annotations.external_dns_namespace}}'
+  chartName: external-dns
+  chartRepository: https://kubernetes-sigs.github.io/external-dns
+  defaultVersion: "1.14.5"
+  selector:
+    matchExpressions:
+      - key: enable_external_dns
+        operator: In
+        values: ['true']

charts/application-sets/addons.yaml

@@ -0,0 +1,47 @@
+adot_collector:
+  enableACK: true
+  enabled: true
+  namespace: '{{default "adot-collector-kubeprometheus" (index .metadata.annotations "adot_collector_namespace")}}'
+  defaultVersion: "1.0.0"
+  path: charts/adot-collector
+  selector:
+    matchExpressions:
+      - key: enable_adot_collector
+        operator: In
+        values: ['true']
+  valuesObject:
+    ekscluster: '{{.metadata.annotations.aws_cluster_name}}'
+    accountId: '{{.metadata.annotations.aws_account_id}}'
+    region: '{{.metadata.annotations.aws_region}}'
+    ampurl: '{{.metadata.annotations.amp_endpoint_url}}api/v1/remote_write'
+    serviceAccount: '{{.metadata.annotations.adot_collector_serviceaccount}}'
+amp-prometheus:
+  enabled: true
+  enableACK: true
+  ackPodIdentity:
+    repoURL: "testPath"
+    chart: "chartName"
+    chartVersion: "v1"
+  releaseName: amp-prometheus
+  namespace: '{{default "amp-prometheus" (index .metadata.annotations "amp_prometheus_namespace")}}'
+  chartName: prometheus
+  chartRepository: https://prometheus-community.github.io/helm-charts
+  defaultVersion: "27.3.1"
+  valuesObject:
+    serviceAccounts:
+      server:
+          name: '{{default "amp-prometheus-server-sa" (index .metadata.annotations "amp_prometheus_server_sa")}}'
+          annotations:
+            eks.amazonaws.com/role-arn: '{{default "" (index .metadata.annotations "amp_prometheus_iam_role_arn")}}'
+    server:
+      remoteWrite:
+        -
+          url: '{{.metadata.annotations.amp_endpoint_url}}api/v1/remote_write'
+          sigv4:
+              region: '{{.metadata.annotations.aws_region}}'
+              role_arn: '{{default "" (index .metadata.annotations "amp_prometheus_crossaccount_role")}}'
+  selector:
+    matchExpressions:
+      - key: enable_amp_prometheus
+        operator: In
+        values: ['true']

charts/application-sets/monitoring.yaml

@@ -0,0 +1,15 @@
+karpenter-resources:
+  enabled: true
+  chartName: karpenter-resources
+  defaultVersion: "1.0.0"
+  path: 'charts/karpenter-resources'
+  namespace: karpenter-resources
+  selector:
+    matchExpressions:
+      - key: enable_karpenter_resources
+        operator: In
+        values: ['true']
+  valuesObject:
+    nodeClases:
+      role: '{{.metadata.annotations.karpenter_node_iam_role_name}}'
+      clusterName: '{{.metadata.annotations.aws_cluster_name}}'