wip

Author: roi-codefresh

csdp/appset.yaml

@@ -0,0 +1,80 @@
+apiVersion: argoproj.io/v1alpha1
+kind: AppProject
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-options: PruneLast=true
+    argocd.argoproj.io/sync-wave: "-2"
+  creationTimestamp: null
+  name: csdp
+  namespace: default # replace
+spec:
+  clusterResourceWhitelist:
+    - group: "*"
+      kind: "*"
+  description: csdp project
+  destinations:
+    - namespace: "*"
+      server: "*"
+  namespaceResourceWhitelist:
+    - group: "*"
+      kind: "*"
+  sourceRepos:
+    - "*"
+status: {}
+
+---
+apiVersion: argoproj.io/v1alpha1
+kind: ApplicationSet
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: "0"
+  name: csdp
+  namespace: default # replace
+spec:
+  generators:
+    - git:
+        repoURL: https://github.com/codefresh-io/csdp-official-poc.git
+        revision: ""
+        directories:
+          - path: csdp/components/*
+        requeueAfterSeconds: 15
+    - git:
+        files:
+          - path: csdp/components/**/config_dir.json
+        repoURL: https://github.com/codefresh-io/csdp-official-poc.git
+        requeueAfterSeconds: 15
+        revision: ""
+        template:
+          spec:
+            source:
+              directory:
+                exclude: "{{exclude}}"
+                include: "{{include}}"
+                recurse: true
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: "{{path.basenameNormalized}}"
+        codefresh.io/entity: "component"
+        codefresh.io/internal: "true"
+      name: csdp-{{path.basenameNormalized}}
+      namespace: default # replace
+    spec:
+      destination:
+        namespace: default # replace
+        server: "https://kubernetes.default.svc"
+      ignoreDifferences:
+        - group: argoproj.io
+          jsonPointers:
+            - /status
+          kind: Application
+      project: csdp
+      source:
+        path: csdp/components/{{path.basenameNormalized}}
+        repoURL: https://github.com/codefresh-io/csdp-official-poc.git
+        targetRevision: HEAD # replace with runtime version
+      syncPolicy:
+        automated:
+          allowEmpty: true
+          prune: true
+          selfHeal: true

csdp/components/argo-cd/default-rbac.yaml

@@ -0,0 +1,23 @@
+# allow default service account to read the codefresh-cm configmap
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: codefresh-config-reader
+rules:
+  - apiGroups: [""]
+    resources: ["configmaps", "secrets"]
+    resourceNames: ["codefresh-cm", "codefresh-token"]
+    verbs: ["get"]
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: codefresh-config-reader
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: codefresh-config-reader
+subjects:
+  - kind: ServiceAccount
+    name: default

csdp/components/argo-cd/kustomization.yaml

@@ -0,0 +1,41 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - https://raw.githubusercontent.com/codefresh-io/argo-cd/release-2.1/manifests/install.yaml
+  - https://raw.githubusercontent.com/argoproj-labs/applicationset/master/manifests/install.yaml?ref=2c62537a8e5a # TODO: switch to the next release when available
+  - default-rbac.yaml
+images:
+  - name: quay.io/codefresh/argocd
+    newName: quay.io/codefresh/argocd
+    newTag: v2.1.14-cap-10316
+
+# will be effective on argo-cd 2.1
+configMapGenerator:
+  - name: argocd-cm
+    behavior: merge
+    literals:
+      - "timeout.reconciliation=20s"
+      - "accounts.admin=apiKey,login" # need to be able to generate apikey for generic eventsource
+      - |
+        repository.credentials=- passwordSecret:
+          key: git_token
+          name: autopilot-secret
+        url: https://github.com/
+        usernameSecret:
+          key: git_username
+          name: autopilot-secret"
+  - name: argocd-cmd-params-cm
+    behavior: merge
+    literals:
+      - "server.insecure=true"
+
+patches:
+  # reset the crbs to `subject.namespace: default`, so that argo-cd will later change them to the actual ns
+  - target:
+      group: rbac.authorization.k8s.io
+      version: v1
+      kind: ClusterRoleBinding
+    patch: |-
+      - op: replace
+        path: /subjects/0/namespace
+        value: default

csdp/components/argo-events/eventbus.yaml

@@ -0,0 +1,12 @@
+apiVersion: argoproj.io/v1alpha1
+kind: EventBus
+metadata:
+  name: codefresh-eventbus
+  annotations:
+    argocd.argoproj.io/sync-wave: "2"
+spec:
+  nats:
+    native:
+      replicas: 3
+      auth: token
+      containerTemplate: {}

csdp/components/argo-events/kustomization.yaml

@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - https://raw.githubusercontent.com/codefresh-io/argo-events/v1.5.5-cap-CR-10290/manifests/install.yaml
+  - https://raw.githubusercontent.com/codefresh-io/argo-events/v1.5.5-cap-CR-10290/manifests/install-validating-webhook.yaml
+  - eventbus.yaml

csdp/components/argo-workflows/kustomization.yaml

@@ -0,0 +1,51 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - https://github.com/codefresh-io/argo-workflows/releases/download/v3.2.6-cap-CR-8697/install.yaml
+
+patches:
+  # reset the crbs to `subject.namespace: default`, so that argo-cd will later change them to the actual ns
+  - target:
+      group: rbac.authorization.k8s.io
+      version: v1
+      kind: ClusterRoleBinding
+    patch: |-
+      - op: replace
+        path: /subjects/0/namespace
+        value: default
+
+  - target:
+      group: apps
+      version: v1
+      kind: Deployment
+      name: argo-server
+    patch: |-
+      - op: add
+        path: /spec/template/spec/containers/0/args/-
+        value: --auth-mode=server
+
+patchesStrategicMerge:
+    - |
+        apiVersion: v1
+        kind: ConfigMap
+        metadata:
+          name: workflow-controller-configmap
+        data:
+          # Fields reference can be found here: https://argoproj.github.io/argo-workflows/workflow-controller-configmap.yaml
+          workflowDefaults: |
+            spec:
+              ttlStrategy:
+                secondsAfterCompletion: 86400
+                secondsAfterSuccess: 86400
+                secondsAfterFailure: 86400
+              podGC:
+                strategy: OnWorkflowCompletion
+                labelSelector:
+                  matchLabels:
+                    should-be-deleted: "true"
+
+configMapGenerator:
+  - name: workflow-controller-configmap
+    behavior: merge
+    literals:
+      - containerRuntimeExecutor=emissary

csdp/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - appset.yaml