Add DR on GKE and release argo-cd 0.0.12

Signed-off-by: Yuan Tang <terrytangyuan@gmail.com>

charts/argo-cd/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v2
-version: 0.0.11
+version: 0.0.12
 appVersion: 2.1.1
 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes.
 name: argo-cd

charts/argo-cd/DOCS.md

@@ -1,6 +1,6 @@
 # argo-cd
 
-![Version: 0.0.11](https://img.shields.io/badge/Version-0.0.11-informational?style=flat-square) ![AppVersion: 2.1.1](https://img.shields.io/badge/AppVersion-2.1.1-informational?style=flat-square)
+![Version: 0.0.12](https://img.shields.io/badge/Version-0.0.12-informational?style=flat-square) ![AppVersion: 2.1.1](https://img.shields.io/badge/AppVersion-2.1.1-informational?style=flat-square)
 
 A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes.
 
@@ -128,6 +128,7 @@ A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kube
 | disasterRecovery.activeDeadlineSeconds | int | `540` | Limits the maxium runtime when performing backup. This must be within the backup schedule. For example, we might want to limit this to 9-minutes if we run backups every 10 minutes |
 | disasterRecovery.backupSchedule | string | `"*/10 * * * *"` | The schedule to perform backup |
 | disasterRecovery.command | string | `"argocd-backup.sh"` | The command to run backup (useful for testing) |
+| disasterRecovery.eks.roleARN | string | `""` | The EKS role ARN that annotates the K8s service account running the backup. |
 | disasterRecovery.env | list | `[]` | Environment variables to pass to the backup job |
 | disasterRecovery.image.pullPolicy | string | `""` | The image pull policy |
 | disasterRecovery.image.repository | string | `""` | The image repository used to run backup |
@@ -136,7 +137,7 @@ A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kube
 | global.hostAliases | list | `[]` | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files |
 | global.image.imagePullPolicy | string | `"IfNotPresent"` | If defined, an image pull policy will be applied to all ArgoCD deployments |
 | global.image.repository | string | `"quay.io/akuity/argocd"` | If defined, a repository applied to all ArgoCD deployments |
-| global.image.tag | string | `"v2.1.1-ak0"` | If defined, a tag applied to all ArgoCD deployments |
+| global.image.tag | string | `"v2.1.1-ak2"` | If defined, a tag applied to all ArgoCD deployments |
 | global.imagePullSecrets | list | `[]` |  |
 | global.networkPolicy.create | bool | `false` | Create NetworkPolicy objects for all components |
 | global.networkPolicy.defaultDenyIngress | bool | `false` | Default deny all ingress traffic |

charts/argo-cd/templates/disaster-recovery/argocd-dr-cron.yaml

@@ -13,15 +13,34 @@ spec:
         spec:
           serviceAccountName: argocd-dr-s3
           restartPolicy: Never
+          {{- if .Values.disasterRecovery.gke }}
+          volumes:
+          - name: google-cloud-key
+            secret:
+              secretName: {{ .Values.disasterRecovery.gke.gcpServiceAccountKeyName }}
+          {{- end }}
           containers:
           - name: argocd-dr
             image: {{ default .Values.global.image.repository .Values.disasterRecovery.image.repository }}:{{ default .Values.global.image.tag .Values.disasterRecovery.image.tag }}
             imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.disasterRecovery.image.pullPolicy }}
             command: [ "/bin/bash", "-c", "--" ]
+            {{- if .Values.disasterRecovery.gke }}
+            args:
+              - "gcloud auth activate-service-account --key-file=/var/secrets/google/{{ .Values.disasterRecovery.gke.gcpServiceAccountKeyFilePath }}; {{ .Values.disasterRecovery.command }}"
+            volumeMounts:
+            - name: google-cloud-key
+              mountPath: /var/secrets/google
+            {{- end -}}
+            {{- if .Values.disasterRecovery.eks }}
             args:
               - {{ .Values.disasterRecovery.command | quote}}
+            {{- end -}}
             {{- if .Values.disasterRecovery.env }}
             env:
 {{- toYaml .Values.disasterRecovery.env | nindent 12 }}
             {{- end }}
+            {{- if .Values.disasterRecovery.gke }}
+            - name: GOOGLE_APPLICATION_CREDENTIALS
+              value: /var/secrets/google/{{ .Values.disasterRecovery.gke.gcpServiceAccountKeyFilePath }}
+            {{- end -}}
 {{- end }}

charts/argo-cd/templates/disaster-recovery/argocd-dr-rbac.yaml

@@ -4,7 +4,14 @@ kind: ServiceAccount
 metadata:
   name: argocd-dr-s3
   annotations:
+    {{- if .Values.disasterRecovery.eks }}
     eks.amazonaws.com/role-arn: {{ .Values.disasterRecovery.eks.roleARN | quote }}
+    {{- end -}}
+    {{- if .Values.disasterRecovery.gke }}
+    iam.gke.io/gcp-service-account: {{ .Values.disasterRecovery.gke.gcpServiceAccount | quote }}
+    {{- end -}}
+{{- end }}
+{{- if .Values.disasterRecovery.enabled }}
 --- 
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole

charts/argo-cd/values.yaml

@@ -13,7 +13,7 @@ global:
     # -- If defined, a repository applied to all ArgoCD deployments
     repository: quay.io/akuity/argocd
     # -- If defined, a tag applied to all ArgoCD deployments
-    tag: v2.1.1-ak0
+    tag: v2.1.1-ak2
     # -- If defined, an image pull policy will be applied to all ArgoCD deployments
     imagePullPolicy: IfNotPresent
   # -- Annotations for the all deployed pods
@@ -1200,4 +1200,13 @@ disasterRecovery:
     #   value: ""
 
   eks:
+    # -- The EKS role ARN that annotates the K8s service account running the backup.
     roleARN: ""
+
+  # gke:
+  #   # -- The GCP service account that annotates the K8s service account running the backup.
+  #   gcpServiceAccount: ""
+  #   # -- The name to the GCP service account key that has access GCP bucket.
+  #   gcpServiceAccountKeyName: ""
+  #   # -- The key file path to the GCP secret to GCP service account that has access GCP bucket.
+  #   gcpServiceAccountKeyFilePath: "privateKey"