Add helm charts and templates for deploying events

Added eventbus and event source deployments

Updated README

Added whitespaces and fixed typo

Bumped version of workflows-cluster

removed trailing white spaces

Add docs for triggering workflows with webhook sensor

fixing markdown issues

breaking up lines

remove namespace manifest

README.md

@@ -16,19 +16,29 @@ Secondly, deploy the workflows service in the virtual cluster:
 vcluster connect workflows-cluster -- helm install workflows charts/workflows -n workflows
 ```
 
+Finally, deploy the events service in the virtual cluster:
+```sh
+vcluster connect workflows-cluster -- helm install workflows charts/events -n events
+```
+
 ## Deployment in developer mode
 
 First, deploy the workflows virtual cluster using the developer manifest:
 ```sh
 helm install workflows-cluster charts/workflows-cluster -f charts/workflows-cluster/dev-values.yaml
 ```
 
-Secondly, deploy the workflows service in the virtual cluster using the developer manifest :
+Secondly, deploy the workflows service in the virtual cluster using the developer manifest:
 ```sh
 vcluster connect workflows-cluster -- helm install workflows charts/workflows -n workflows -f charts/workflows/dev-values.yaml
 ```
 Note that for getting the workflows-server to run inside the dev environment it is necessary to extract the argo-server-sso secret, delete the deployed sealed secret and then deploy a new sealed secret using ```kubectl create -f <SEALED-SECRET>``` inside the virtual cluster.
 
+Finally, deploy the events service in the virtual cluster using the developer manifest:
+```sh
+vcluster connect workflows-cluster -- helm install workflows charts/events -n events -f charts/events/dev-values.yaml
+```
+
 ## Serve Docs
 
 Firstly, install `mkdocs` and the requisite dependencies in `docs/requirements.txt`; For this you may wish to use `pipx`, as:
@@ -40,4 +50,3 @@ pipx runpip mkdocs install -r docs/requirements.txt
 Now, serve the docs with `mkdocs`:
 ```sh
 mkdocs serve
-```

charts/events/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: argo-events
+  repository: https://argoproj.github.io/argo-helm
+  version: 2.4.4
+digest: sha256:43642b1972ced846b5c5b19e30969d7ddebfed5a4d53adf2102b9bd5c3e67c9e
+generated: "2024-05-16T16:12:45.406029942+01:00"

charts/events/Chart.yaml

@@ -0,0 +1,12 @@
+apiVersion: v2
+name: events
+description: Data Analysis event triggering
+type: application
+
+version: 0.1.0
+
+dependencies:
+  - name: argo-events
+    repository: https://argoproj.github.io/argo-helm
+    version: 2.4.4
+    condition: argo-events.enabled

charts/events/dev-values.yaml

@@ -0,0 +1,14 @@
+argo-events:
+  controller:
+    resources:
+      limits:
+        cpu: 500m
+        memory: 512Mi
+      requests:
+        cpu: 250m
+        memory: 256Mi
+
+eventBuses:
+  - name: default
+    namespace: events
+    environment: dev

charts/events/templates/_helpers.tpl

@@ -0,0 +1,146 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "argo-events.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "argo-events.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create controller name and version as used by the chart label.
+*/}}
+{{- define "argo-events.controller.fullname" -}}
+{{- printf "%s-%s" (include "argo-events.fullname" .) .Values.controller.name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create the name of the controller service account to use
+*/}}
+{{- define "argo-events.controller.serviceAccountName" -}}
+{{- if .Values.controller.serviceAccount.create -}}
+    {{ default (include "argo-events.controller.fullname" .) .Values.controller.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.controller.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create webhook name and version as used by the chart label.
+*/}}
+{{- define "argo-events.webhook.fullname" }}
+{{- printf "%s-%s" (include "argo-events.fullname" .) .Values.webhook.name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create the name of the webhook service account to use
+*/}}
+{{- define "argo-events.webhook.serviceAccountName" -}}
+{{- if .Values.webhook.serviceAccount.create -}}
+    {{ default (include "argo-events.webhook.fullname" .) .Values.webhook.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.webhook.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "argo-events.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create kubernetes friendly chart version label for the controller.
+
+Examples:
+image.tag = v1.7.3
+output    = v1.7.3
+
+image.tag = v1.7.3@sha256:a40f4f3ea20d354f00ab469a9f73102668fa545c4d632e1a8e11a206ad3093f3
+output    = v1.7.3
+*/}}
+{{- define "argo-events.controller_chart_version_label" -}}
+{{- regexReplaceAll "[^a-zA-Z0-9-_.]+" (regexReplaceAll "@sha256:[a-f0-9]+" (default (include "argo-events.defaultTag" .) .Values.controller.image.tag) "") "" | trunc 63 | quote -}}
+{{- end -}}
+
+{{/*
+Create kubernetes friendly chart version label for the events webhook.
+
+Examples:
+image.tag = v1.7.3
+output    = v1.7.3
+
+image.tag = v1.7.3@sha256:a40f4f3ea20d354f00ab469a9f73102668fa545c4d632e1a8e11a206ad3093f3
+output    = v1.7.3
+*/}}
+{{- define "argo-events.webhook_chart_version_label" -}}
+{{- regexReplaceAll "[^a-zA-Z0-9-_.]+" (regexReplaceAll "@sha256:[a-f0-9]+" (default (include "argo-events.defaultTag" .) .Values.webhook.image.tag) "") "" | trunc 63 | quote -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "argo-events.labels" -}}
+helm.sh/chart: {{ include "argo-events.chart" .context }}
+{{ include "argo-events.selectorLabels" (dict "context" .context "component" .component "name" .name) }}
+app.kubernetes.io/managed-by: {{ .context.Release.Service }}
+app.kubernetes.io/part-of: argo-events
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "argo-events.selectorLabels" -}}
+{{- if .name -}}
+app.kubernetes.io/name: {{ include "argo-events.name" .context }}-{{ .name }}
+{{- end }}
+app.kubernetes.io/instance: {{ .context.Release.Name }}
+{{- if .component }}
+app.kubernetes.io/component: {{ .component }}
+{{- end }}
+{{- end }}
+
+{{/*
+Return the default Argo Events app version
+*/}}
+{{- define "argo-events.defaultTag" -}}
+  {{- default .Chart.AppVersion .Values.global.image.tag }}
+{{- end -}}
+
+{{/*
+Define Pdb apiVersion
+*/}}
+{{- define "argo-events.pdb.apiVersion" -}}
+{{- if .Capabilities.APIVersions.Has "policy/v1" }}
+{{- printf "policy/v1" -}}
+{{- else }}
+{{- printf "policy/v1beta1" -}}
+{{- end }}
+{{- end }}
+
+{{/*
+Expand the namespace of the release.
+Allows overriding it for multi-namespace deployments in combined charts.
+*/}}
+{{- define "argo-events.namespace" -}}
+{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}}
+{{- end }}

charts/events/templates/event-bus.yaml

@@ -0,0 +1,36 @@
+# https://raw.githubusercontent.com/argoproj/argo-events/stable/examples/eventbus/native.yaml
+{{- if index .Values "argo-events" "enabled" }}
+  {{- range $eventBus := $.Values.eventBuses }}
+---
+apiVersion: argoproj.io/v1alpha1
+kind: EventBus
+metadata:
+  namespace: {{ $eventBus.namespace }}
+  name: {{ $eventBus.name }}
+spec:
+  nats:
+    native:
+      # Optional, defaults to 3. If it is < 3, set it to 3, that is the minimal requirement.
+      replicas: 3
+      # Optional, auth strategy, "none" or "token", defaults to "none"
+      auth: token
+      {{- if eq ($eventBus.environment | default "prod") "dev" }} 
+      containerTemplate:
+        resources:
+          requests:
+            cpu: 10m
+            memory: 50Mi
+          limits:
+            cpu: 100m
+            memory: 100Mi    
+      metricsContainerTemplate:
+        resources:
+          requests:
+            cpu: 10m
+            memory: 50Mi
+          limits:
+            cpu: 100m
+            memory: 100Mi
+     {{- end }}
+  {{- end }}
+{{- end }}

charts/events/templates/event-sources.yaml

@@ -0,0 +1,25 @@
+{{- if index .Values "argo-events" "enabled" }}
+  {{- range $eventSource := $.Values.eventSources }}
+    {{- if eq $eventSource.name "webhook" }} 
+---
+apiVersion: argoproj.io/v1alpha1
+kind: EventSource
+metadata:
+  name: webhook
+spec:
+  service:
+    ports:
+      - port: {{$eventSource.port }}
+        targetPort: {{$eventSource.port }}
+  webhook:
+    # event-source can run multiple HTTP servers. Simply define a unique port to start a new HTTP server
+    example:
+      # port to run HTTP server on
+      port: "{{$eventSource.port }}"
+      # endpoint to listen to
+      endpoint: /{{ $eventSource.endpoint }}
+      # HTTP request method to allow. In this case, only POST requests are accepted
+      method: POST
+    {{- end }}
+  {{- end }}
+{{- end }}

charts/events/templates/sensor-service-account.yaml

@@ -0,0 +1,32 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: operate-workflow-sa
+---
+# Similarly you can use a ClusterRole and ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: operate-workflow-role
+rules:
+  - apiGroups:
+      - argoproj.io
+    verbs:
+      - "*"
+    resources:
+      - workflows
+      - workflowtemplates
+      - cronworkflows
+      - clusterworkflowtemplates
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: operate-workflow-role-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: operate-workflow-role
+subjects:
+  - kind: ServiceAccount
+    name: operate-workflow-sa

charts/events/templates/workflow-role-binding.yaml

@@ -0,0 +1,35 @@
+# This file enables a Workflow Pod (running Emissary executor) to be able to read and patch WorkflowTaskResults,
+# which get shared with the Workflow Controller. The Controller uses the results to update Workflow status.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  annotations:
+    workflows.argoproj.io/description: |
+      Recomended minimum permissions for the `emissary` executor.
+  name: executor
+rules:
+- apiGroups:
+  - argoproj.io
+  resources:
+  - workflowtaskresults
+  verbs:
+  - create
+  - patch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: executor-default
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: executor
+subjects:
+- kind: ServiceAccount
+  name: argo-workflow
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+    name: argo-workflow
+    namespace: events

charts/events/values.yaml

@@ -0,0 +1,31 @@
+argo-events:
+  enabled: true
+  controller:
+    replicas: 1
+    pdb:
+      minAvailable: 1
+    serviceAccount:
+      name: argo-events-sa
+    # securityContext:
+    #   runAsNonRoot: true
+    #   runAsUser: 9731
+    volumeMounts:
+      - name: controller-config-volume
+        mountPath: /etc/argo-events
+    volumes:
+      - name: controller-config-volume
+        configMap:
+          name: argo-events-controller-config
+  webhook:
+    enabled: true
+    serviceAccount:
+      name: argo-events-webhook-sa
+
+eventBuses:
+  - name: default
+    namespace: events
+
+eventSources:
+  - name: webhook
+    port: 12000
+    endpoint: example

charts/workflows-cluster/values.yaml

@@ -24,13 +24,6 @@ vcluster:
           to: argo-workflows-server
   experimental:
     deploy:
-      manifests: |-
-        apiVersion: v1
-        kind: Namespace
-        metadata:
-          name: workflows
-          labels:
-            name: workflows
       helm:
         - chart:
             name: sealed-secrets