github-mirrors/argo-poc
1
0
Fork 0
mirror of https://github.com/ysoftdevs/argo-poc.git synced 2026-06-12 16:44:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

First apps

Browse Source
This commit is contained in:
Dušan Jakub
2025-04-08 15:43:45 +02:00
parent d94152dc99
commit bc4fcfb6bb
43 changed files with 32948 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
argocd/base/apps/argocd.yaml
+23
View File
@@ -0,0 +1,23 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: argocd
namespace: argocd
spec:
project: default
sources:
- repoURL: https://repo.app.ysoft.com/scm/aws/k8s-apps.git
path: argocd/base/install
targetRevision: argocd
- repoURL: https://repo.app.ysoft.com/scm/aws/k8s-apps.git
path: argocd/base/config
targetRevision: argocd
- repoURL: https://repo.app.ysoft.com/scm/aws/k8s-apps.git
path: argocd/base/apps
targetRevision: argocd
destination:
server: https://kubernetes.default.svc
namespace: argocd
syncPolicy:
syncOptions:
- CreateNamespace=true
argocd/base/apps/k8s-apps-helm-application-set-v1.yaml
+85
View File
@@ -0,0 +1,85 @@
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: k8s-apps-helm-application-set-v1
namespace: argocd
annotations:
argocd.argoproj.io/debug: "true"
spec:
goTemplate: true
goTemplateOptions: [ "missingkey=error" ]
applyNestedSelectors: true
generators:
# Create a matrix generator that will install all chart in all clusters
- matrix:
generators:
- matrix:
generators:
# Get all clusters, that are appropriately labeled
- clusters:
selector:
matchExpressions:
- key: stage-name
operator: Exists
- key: cluster-name
operator: Exists
# In this repo, find all files named argocd.json.
# The files are expected to contain {apiVersion: "ysoft.com/v1"}
- git:
repoURL: https://repo.app.ysoft.com/scm/aws/k8s-apps.git
revision: argocd
files:
- path: "apps/**/argocd.json"
values:
stageName: '{{ index .metadata.labels "stage-name" }}'
clusterName: '{{ index .metadata.labels "cluster-name" }}'
provider: '{{ index .metadata.labels "provider" | default "aws" }}'
selector:
matchLabels:
apiVersion: "ysoft.com/v1"
- list:
# List of one element is a workaround to Argo's inabilility to access '.values.enabled' (which is a result of git generator) in a selector.
# The list generator transforms that into '.enabled', which works
# As a side effect, it also allows access to previously defined values, like '.values.stageName'
elements:
# The selector also had troubles with booleans vs. strings, hence the 'yes' and not 'true'
- enabled: '{{ dig "stages" .values.stageName "enabled" false . | ternary "yes" "" }}'
appName: '{{ .path.basename }}'
selector:
matchLabels:
enabled: "yes"
template:
metadata:
name: "{{ .path.basename }}-{{.values.stageName }}-{{ .values.clusterName }}"
spec:
project: default
destination:
server: "{{.server}}"
namespace: "{{ .destination.namespace }}"
syncPolicy:
automated:
prune: true
syncOptions:
- ServerSideApply={{ dig "syncPolicy" "syncOptions" "ServerSideApply" "true" . }}
- CreateNamespace={{ dig "syncPolicy" "syncOptions" "CreateNamespace" "true" . }}
templatePatch: |
spec:
sources:
# First source is for value files
# Default revision is HEAD but can be overriden with clusters.${name}.valuesRevision
- repoURL: https://repo.app.ysoft.com/scm/aws/k8s-apps.git
targetRevision: '{{ dig "stages" .values.stageName "valuesRevision" (dig "valuesRevision" "" .source) . }}'
ref: values
# Second source is for chart
# Default revision is .source.targetRevision but can be overriden with clusters.${name}.chartRevision
- repoURL: "{{ .source.repoURL }}"
targetRevision: '{{ dig "stages" .values.stageName "chartRevision" (dig "chartRevision" "" .source) . }}'
ref: chart
chart: '{{ default "" .source.chart }}'
path: '{{ default "" .source.path }}'
helm:
releaseName: "{{ .path.basename }}"
valueFiles: {{- $v := .values }}{{- $ := . }}
{{- range $valueFile := ( .valueFiles ) }}
- $values/apps/{{$.appName}}/{{ $valueFile | replace "%provider%" $v.provider | replace "%stage%" $v.stageName | replace "%cluster%" $v.clusterName }}
{{- end }}
argocd/base/apps/kustomization.yaml
+6
View File
@@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: argocd
resources:
- argocd.yaml
- k8s-apps-helm-application-set-v1.yaml
argocd/base/config/cmd-params.yaml
+10
View File
@@ -0,0 +1,10 @@
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/name: argocd-cmd-params-cm
app.kubernetes.io/part-of: argocd
name: argocd-cmd-params-cm
namespace: argocd
data:
server.insecure: "true"
argocd/base/config/config.yaml
+113
View File
@@ -0,0 +1,113 @@
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/name: argocd-cm
app.kubernetes.io/part-of: argocd
name: argocd-cm
namespace: argocd
data:
oidc.config: |
name: Ysoft SSO
issuer: https://sso.ysoft.cloud/auth/realms/SafeQEdgeCore
clientID: argocd
enablePKCEAuthentication: true
requestedScopes: ["openid", "profile", "email", "groups"]
url: "https://web.argo.ysoft-dev.com"
resource.customizations.ignoreResourceUpdates.ConfigMap: |
jqPathExpressions:
# Ignore the cluster-autoscaler status
- '.metadata.annotations."cluster-autoscaler.kubernetes.io/last-updated"'
# Ignore the annotation of the legacy Leases election
- '.metadata.annotations."control-plane.alpha.kubernetes.io/leader"'
resource.customizations.ignoreResourceUpdates.Endpoints: |
jsonPointers:
- /metadata
- /subsets
resource.customizations.ignoreResourceUpdates.all: |
jsonPointers:
- /status
resource.customizations.ignoreResourceUpdates.apps_ReplicaSet: |
jqPathExpressions:
- '.metadata.annotations."deployment.kubernetes.io/desired-replicas"'
- '.metadata.annotations."deployment.kubernetes.io/max-replicas"'
- '.metadata.annotations."rollout.argoproj.io/desired-replicas"'
resource.customizations.ignoreResourceUpdates.argoproj.io_Application: |
jqPathExpressions:
- '.metadata.annotations."notified.notifications.argoproj.io"'
- '.metadata.annotations."argocd.argoproj.io/refresh"'
- '.metadata.annotations."argocd.argoproj.io/hydrate"'
- '.operation'
resource.customizations.ignoreResourceUpdates.argoproj.io_Rollout: |
jqPathExpressions:
- '.metadata.annotations."notified.notifications.argoproj.io"'
resource.customizations.ignoreResourceUpdates.autoscaling_HorizontalPodAutoscaler: |
jqPathExpressions:
- '.metadata.annotations."autoscaling.alpha.kubernetes.io/behavior"'
- '.metadata.annotations."autoscaling.alpha.kubernetes.io/conditions"'
- '.metadata.annotations."autoscaling.alpha.kubernetes.io/metrics"'
- '.metadata.annotations."autoscaling.alpha.kubernetes.io/current-metrics"'
resource.customizations.ignoreResourceUpdates.discovery.k8s.io_EndpointSlice: |
jsonPointers:
- /metadata
- /endpoints
- /ports
resource.exclusions: |
### Network resources created by the Kubernetes control plane and excluded to reduce the number of watched events and UI clutter
- apiGroups:
- ''
- discovery.k8s.io
kinds:
- Endpoints
- EndpointSlice
### Internal Kubernetes resources excluded reduce the number of watched events
- apiGroups:
- apiregistration.k8s.io
kinds:
- APIService
- apiGroups:
- coordination.k8s.io
kinds:
- Lease
### Internal Kubernetes Authz/Authn resources excluded reduce the number of watched events
- apiGroups:
- authentication.k8s.io
- authorization.k8s.io
kinds:
- SelfSubjectReview
- TokenReview
- LocalSubjectAccessReview
- SelfSubjectAccessReview
- SelfSubjectRulesReview
- SubjectAccessReview
### Intermediate Certificate Request excluded reduce the number of watched events
- apiGroups:
- certificates.k8s.io
kinds:
- CertificateSigningRequest
- apiGroups:
- cert-manager.io
kinds:
- CertificateRequest
### Cilium internal resources excluded reduce the number of watched events and UI Clutter
- apiGroups:
- cilium.io
kinds:
- CiliumIdentity
- CiliumEndpoint
- CiliumEndpointSlice
### Kyverno intermediate and reporting resources excluded reduce the number of watched events and improve performance
- apiGroups:
- kyverno.io
- reports.kyverno.io
- wgpolicyk8s.io
kinds:
- PolicyReport
- ClusterPolicyReport
- EphemeralReport
- ClusterEphemeralReport
- AdmissionReport
- ClusterAdmissionReport
- BackgroundScanReport
- ClusterBackgroundScanReport
- UpdateRequest
argocd/base/config/kustomization.yaml
+7
View File
@@ -0,0 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: argocd
resources:
- cmd-params.yaml
- config.yaml
- rbac.yaml
argocd/base/config/rbac.yaml
+12
View File
@@ -0,0 +1,12 @@
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/name: argocd-rbac-cm
app.kubernetes.io/part-of: argocd
name: argocd-rbac-cm
namespace: argocd
data:
policy.csv: |
g, ArgoCDAdmins, role:admin
g, Y Soft Corporation a.s. Users, role:readonly
argocd/base/install/argocd.yaml
+26659
View File
File diff suppressed because it is too large Load Diff
argocd/base/install/kustomization.yaml
+5
View File
@@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: argocd
resources:
- argocd.yaml
argocd/base/install/update.sh
+26
View File
@@ -0,0 +1,26 @@
#!/usr/bin/env sh
set -e
VERSION=$1
if [ -z "$VERSION" ]; then
echo "Usage: $0 <version>"
echo "Example: $0 v3.0.0-rc4"
exit 1
fi
URL="https://raw.githubusercontent.com/argoproj/argo-cd/$VERSION/manifests/install.yaml"
echo "Downloading ArgoCD version $VERSION from $URL"
cat >argocd.yaml <<EOF
# Source:
# $URL
# To update, use ./update.sh <version>
EOF
if ! curl -sS -f -o - $URL >> argocd.yaml; then
echo "Error: Failed to download ArgoCD version $VERSION"
exit 1
fi
argocd/base/kustomization.yaml
+7
View File
@@ -0,0 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: argocd
resources:
- install
- config
- apps