Fresh creation of new preprod branch

Author: LukasCuperDT

kubernetes/helm_charts/local/argo-cd/README.md

@@ -48,6 +48,7 @@ To add a new application to be managed by Argo CD through this Helm chart:
 
 2. **Define Applications in `values.yaml`:**
    Add the new application's details in the `values.yaml` file under the `applications` section:
+
    ```yaml
    applications:
      - name: new-app
@@ -60,6 +61,32 @@ To add a new application to be managed by Argo CD through this Helm chart:
          chart: optional-chart-name
          pluginName: optional-plugin
          pluginEnv: 'optional-path-to-chart-values'
+  ```
+
+3. **Define AppliactionSets in `values.yaml`:**
+   Add the new application's sets details in the `values.yaml` file under the `applicationSets` section:
+
+  ```yaml
+  applicationSets:
+    - name: argocd
+      applications:
+        - name: argocd
+          namespace: argocd
+          repoURL: 'https://github.com/opentelekomcloud-infra/system-config.git'
+          targetRevision: feature-1299-Make_ArgoCD_a_part_of_the_ArgoCD_Apps
+          path: kubernetes/helm_charts/upstream/argo-cd
+          pluginName: argocd-vault-plugin-helm-with-args
+          pluginEnv: '-f values-{{ .cluster.name }}.yaml'
+          server: https://kubernetes.default.svc
+        - name: argocd-additional-manifests
+          namespace: argocd
+          repoURL: 'https://github.com/opentelekomcloud-infra/system-config.git'
+          targetRevision: feature-1299-Make_ArgoCD_a_part_of_the_ArgoCD_Apps
+          path: github/system-config/kubernetes/helm_charts/local/argo-cd
+          pluginName: argocd-vault-plugin-helm-with-args
+          pluginEnv: '-f values-{{ .cluster.name }}.yaml'
+          server: https://kubernetes.default.svc
+  ```
 
 ### Manual Deployment of Applications
 

kubernetes/helm_charts/local/argo-cd/templates/applications.yaml

@@ -0,0 +1,67 @@
+{{- range .Values.applicationSets }}
+{{- $appSet := . }}
+apiVersion: argoproj.io/v1alpha1
+kind: ApplicationSet
+metadata:
+  name: {{ .name }}
+  namespace: {{ default "argocd" $.Values.namespace }}
+spec:
+  generators:
+    - matrix:
+        generators:
+          - list:
+              elements:
+                {{- range .applications }}
+                {{- $app := . }}
+                - name: {{ $app.name | quote }}
+                  namespace: {{ $app.namespace | default "default" | quote }}
+                  repoURL: {{ $app.repoURL | quote }}
+                  targetRevision: {{ $app.targetRevision | default "main" | quote }}
+                  path: {{ $app.path | quote }}
+                  project: {{ $app.project | default $appSet.project | default "infra" | quote }}
+                  pluginName: {{ $app.pluginName | default "argocd-vault-plugin-helm" | quote }}
+                  pluginEnv: {{ $app.pluginEnv | default "" | quote }}
+                  {{- if $app.syncPolicy }}
+                  syncPolicy: {{ $app.syncPolicy | toJson | quote }}
+                  {{- end }}
+                {{- end }}
+          - list:
+              elements:
+                {{- $clusters := list }}
+                {{- range .applications }}
+                  {{- if .clusters }}
+                    {{- $clusters = .clusters }}
+                    {{- break }}
+                  {{- end }}
+                {{- end }}
+                {{- if not $clusters }}
+                  {{- $clusters = list "in-cluster" }}
+                {{- end }}
+                {{- range $clusters }}
+                - cluster: {{ . | quote }}
+                {{- end }}
+  template:
+    metadata:
+      name: '{{ "{{name}}" }}-{{ "{{cluster}}" }}'
+    spec:
+      project: '{{ "{{project}}" }}'
+      source:
+        repoURL: '{{ "{{repoURL}}" }}'
+        targetRevision: '{{ "{{targetRevision}}" }}'
+        path: '{{ "{{path}}" }}'
+        plugin:
+          name: '{{ "{{pluginName}}" }}'
+          env:
+            - name: ARGOCD_ENV_HELM_ARGS
+              value: '{{ "{{pluginEnv}}" }}'
+      destination:
+        name: '{{ "{{cluster}}" }}'
+        namespace: '{{ "{{namespace}}" }}'
+      syncPolicy:
+        automated:
+          prune: true
+          selfHeal: true
+        syncOptions:
+          - CreateNamespace=true
+---
+{{- end }}

kubernetes/helm_charts/local/argo-cd/templates/argocd-applicationSets.yaml

@@ -0,0 +1,45 @@
+{{- range $app := $.Values.applications }}
+  {{- $appName := $app.name }}
+  {{- range $cluster := $app.clusters }}
+  {{- $config := $app.config }}
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: {{ $appName }}-{{ $cluster }}
+  namespace: {{ default "argocd" }}
+spec:
+  project: {{ $config.project | quote }}
+  source:
+    repoURL: {{ $config.repoURL | quote }}
+    targetRevision: {{ $config.targetRevision | quote }}
+    path: {{ $config.path | quote }}
+    {{- if $config.pluginName }}
+    plugin:
+      name: {{ $config.pluginName | quote }}
+      env:
+        - name: HELM_ARGS
+          value: {{ $config.pluginEnv | quote }}
+        {{- if $config.pluginParameters }}
+        {{- range $param := $config.pluginParameters }}
+        - name: HELM_PARAM_{{ $param.name | upper | replace "." "_" }}
+          value: {{ $param.value | quote }}
+        {{- end }}
+        {{- end }}
+    {{- else if $config.helm }}
+    helm:
+{{ toYaml $config.helm | indent 6 }}
+    {{- end }}
+    {{- if $config.kustomize }}
+    kustomize:
+{{ toYaml $config.kustomize | indent 6 }}
+    {{- end }}
+  destination:
+    name: {{ $cluster }}
+    namespace: {{ $config.namespace | quote }}
+  {{- if $config.syncPolicy }}
+  syncPolicy:
+{{ toYaml $config.syncPolicy | indent 4 }}
+  {{- end }}
+{{- end }}
+{{- end }}

kubernetes/helm_charts/local/argo-cd/templates/argocd-applications.yaml

@@ -0,0 +1,27 @@
+{{- if .Values.clusters }}
+{{- range $clusterName, $cluster := .Values.clusters }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ $clusterName }}
+  namespace: {{ $.Release.Namespace }}
+  labels:
+    argocd.argoproj.io/secret-type: cluster
+    app.kubernetes.io/part-of: argocd
+    app.kubernetes.io/component: cluster-secret
+type: Opaque
+stringData:
+  name: {{ $cluster.name }}
+  server: {{ $cluster.server }}
+  config: |
+    {"tlsClientConfig":{"insecure":{{ $cluster.config.tlsClientConfig.insecure | toJson }},
+        {{- $tlsConfig := list -}}
+          {{- $tlsConfig = append $tlsConfig (printf "\"certData\":\"<path:secret/data/argocd/clusters/%s#certData>\"" $cluster.name) -}}
+          {{- $tlsConfig = append $tlsConfig (printf "\"keyData\":\"<path:secret/data/argocd/clusters/%s#keyData>\"" $cluster.name) -}}
+          {{- $tlsConfig = append $tlsConfig (printf "\"caData\":\"<path:secret/data/argocd/clusters/%s#caData>\"" $cluster.name) -}}
+        {{- if $tlsConfig -}}
+          {{ join "," $tlsConfig }}
+        {{- end }}}}
+{{- end }}
+{{- end }}

kubernetes/helm_charts/local/argo-cd/templates/argocd-clusters.yaml

@@ -4,7 +4,7 @@ apiVersion: argoproj.io/v1alpha1
 kind: AppProject
 metadata:
   name: {{ .name }}
-  namespace: {{ $.Values.global.argocdNamespace }}
+  namespace: {{ default "argocd" }}
 spec:
   description: {{ .description | quote }}
   sourceRepos:

kubernetes/helm_charts/local/argo-cd/templates/projects.yaml renamed to kubernetes/helm_charts/local/argo-cd/templates/argocd-projects.yaml

@@ -0,0 +1,18 @@
+{{- if and .Values.repositorySecret (hasKey .Values.repositorySecret "enabled") .Values.repositorySecret.enabled }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  annotations:
+    managed-by: argocd.argoproj.io
+  labels:
+    argocd.argoproj.io/secret-type: repository
+  name: {{ .Values.repositorySecret.name }}
+  namespace: {{ .Values.repositorySecret.namespace | default "argocd" }}
+type: Opaque
+data:
+  name: {{ .Values.repositorySecret.data.name | quote }}
+  project: {{ .Values.repositorySecret.data.project | quote }}
+  type: {{ .Values.repositorySecret.data.type | quote }}
+  url: {{ .Values.repositorySecret.data.url | quote }}
+{{- end }}

kubernetes/helm_charts/local/argo-cd/templates/argocd-repositories.yaml

@@ -0,0 +1,26 @@
+{{- if and .Values.repoServerSecretAccess (hasKey .Values.repoServerSecretAccess "enabled") .Values.repoServerSecretAccess.enabled }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: argocd-repo-server-secrets
+  namespace: {{ .Values.repoServerSecretAccess.namespace | default "argocd" }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get", "list"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: argocd-repo-server-secrets
+  namespace: {{ .Values.repoServerSecretAccess.namespace | default "argocd" }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: argocd-repo-server-secrets
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Values.repoServerSecretAccess.serviceAccount | default "argocd-preprod-repo-server" }}
+    namespace: {{ .Values.repoServerSecretAccess.namespace | default "argocd" }}
+{{- end }}