GitOps Promoter is a Kubernetes controller for automating GitOps-based application promotion across environments.
Source code can be found here:
- https://github.com/argoproj-labs/gitops-promoter-helm
- https://github.com/argoproj-labs/gitops-promoter
This is the official Helm chart for the GitOps Promoter project.
Unfortunately, some technical choices from kubebuilder prevent us from providing installing with helm install.
We approve the choice made, and we might provide a better solution once the feature for creation sequencing is implemented.
We recommend to install the chart using Argo CD:
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: gitops-promoter
namespace: argocd
spec:
project: default
source:
repoURL: https://argoproj-labs.github.io/gitops-promoter-helm/
chart: gitops-promoter
targetRevision: "*" # Or a specific version
destination:
server: "https://kubernetes.default.svc"
namespace: promoter-system
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=trueOr you can install the chart using kubectl:
helm repo add gitops-promoter-helm https://argoproj-labs.github.io/gitops-promoter-helm/
helm repo update
# Initial apply to install CRDs. It's expected to fail, since we install the ControllerConfiguration CRD and a ControllerConfiguration CR in the same apply.
kubectl create namespace promoter-system
helm template gitops-promoter-helm/gitops-promoter --namespace promoter-system | kubectl apply -f - || true
helm template gitops-promoter-helm/gitops-promoter --namespace promoter-system | kubectl apply -f -
The chart can optionally deploy the GitOps Promoter dashboard aggregation API server, an
extension API server that serves the read-only view.promoter.argoproj.io/v1alpha1
PromotionStrategyDetails API through the Kubernetes aggregation layer (it backs the
GitOps Promoter UI). It is disabled by default and requires a GitOps Promoter version
that ships the apiserver subcommand.
Enable it with:
apiserver:
enabled: true
certs:
mode: insecure # insecure | cert-manager | manualThe aggregation layer requires the API server to serve TLS, and the APIService needs the
matching CA (or to skip verification). Pick one of three modes via apiserver.certs.mode:
insecure(default): the API server self-signs its serving certificate in-pod and theAPIServiceis registered withinsecureSkipTLSVerify: true. NoSecretis rendered, so there is nothing for Argo CD to churn on. This is not production-safe — the aggregator does not verify the API server's certificate. Usecert-managerfor production.cert-manager: a self-signed cert-managerIssuer+Certificateissue the serving certificate, and cert-manager's CA injector keeps theAPIServicecaBundlein sync (including on rotation). Requires cert-manager in the cluster. Point at an existing issuer withapiserver.certs.certManager.issuer.{create,name,kind}.manual: you provide the serving-certificateSecret(apiserver.certs.secretName, defaultpromoter-apiserver-serving-cert) out-of-band and setapiserver.certs.caBundle(base64-encoded PEM) so it is written to theAPIService.
Verify the install with:
kubectl get apiservice v1alpha1.view.promoter.argoproj.io # should report Available=True
kubectl get promotionstrategydetails -ASee the upstream Dashboard aggregation API docs for details.
The chart currently deploys a kube-rbac-proxy sidecar container whose image and resource requests/limits cannot be overridden via values.yaml.
This is a limitation inherited from how kubebuilder generates the Helm chart.
Tracking issue for removing kube-rbac-proxy from the upstream project: argoproj-labs/gitops-promoter#1085
This project uses Kubebuilder and the helm plugin to create/update the charts. The helm chart will be automatically updated when new GitOps Promoter versions are released.
Please see:kubebuilder helm plugin documentation for more information on how to update the chart.
# Public key is at https://argoproj-labs.github.io/gitops-promoter-helm/pgp_keys.asc
helm repo add gitops-promoter https://argoproj-labs.github.io/gitops-promoter-helm/
helm repo update
helm verify gitops-promoter/gitops-promoter # verify before install