Merge pull request #826 from rackerlabs/argocd

chore(argocd): attempt to get things more inline with the newer layout

Author: cardoe

apps/appsets/appset-understack-infra.yaml

@@ -0,0 +1,114 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: ApplicationSet
+metadata:
+  name: understack-infra
+  finalizers:
+    # ensure applicationset is not deleted until its unreferenced
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  syncPolicy:
+    applicationsSync: create-update
+    # for infrastructure resources we don't want to delete things automatically
+    preserveResourcesOnDeletion: true
+  goTemplate: true
+  goTemplateOptions: ["missingkey=error"]
+  generators:
+    - matrix:
+        generators:
+          - clusters:
+              selector:
+                matchExpressions:
+                  - key: understack.rackspace.com/role
+                    operator: In
+                    values:
+                      - "global"
+                      - "regional"
+                      - "aio"
+              values:
+                uc_skip_components: '{{ default "[]" (index .metadata.annotations "uc_skip_components") }}'
+                uc_repo_git_url: '{{index .metadata.annotations "uc_repo_git_url"}}'
+                uc_repo_ref: '{{index .metadata.annotations "uc_repo_ref"}}'
+                uc_deploy_git_url: '{{index .metadata.annotations "uc_deploy_git_url"}}'
+                uc_deploy_ref: '{{index .metadata.annotations "uc_deploy_ref"}}'
+                uc_role: '{{index .metadata.labels "understack.rackspace.com/role"}}'
+                uc_dns_zone: '{{index .metadata.annotations "dns_zone" }}'
+                uc_cluster_issuer: '{{index .metadata.annotations "uc_cluster_issuer" }}'
+                uc_global_dns_zone: '{{index .metadata.annotations "uc_global_dns_zone" }}'
+          - list:
+              elements:
+                - component: cert-manager
+                  skipComponent: '{{has "cert-manager" (.values.uc_skip_components | fromJson)}}'
+                  sources:
+                    - repoURL: https://charts.jetstack.io
+                      chart: cert-manager
+                      targetRevision: '1.15.2'
+                      helm:
+                        releaseName: cert-manager
+                        valuesObject:
+                          crds:
+                            enabled: true
+                - component: ingress-nginx
+                  skipComponent: '{{has "ingress-nginx" (.values.uc_skip_components | fromJson)}}'
+                  sources:
+                    - repoURL: https://kubernetes.github.io/ingress-nginx
+                      chart: ingress-nginx
+                      targetRevision: 4.12.1
+                      helm:
+                        releaseName: ingress-nginx
+                        valueFiles:
+                          - $deploy/{{.name}}/helm-configs/ingress-nginx.yaml
+                        ignoreMissingValueFiles: true
+                    - repoURL: '{{ .values.uc_deploy_git_url }}'
+                      targetRevision: '{{ .values.uc_deploy_ref }}'
+                      ref: deploy
+                - component: cilium
+                  skipComponent: '{{or (has "cilium" (.values.uc_skip_components | fromJson)) (eq "global" .values.uc_role)}}'
+                  sources:
+                    # Cilium itself is deployed before ArgoCD so we only include project
+                    # and environment specific stuff here
+                    - repoURL: '{{ .values.uc_deploy_git_url }}'
+                      targetRevision: '{{ .values.uc_deploy_ref }}'
+                      path: '{{.name}}/manifests/cilium'
+            selector:
+              # by setting the key in the elements 'skipComponent' to 'true' it will skip installing it
+              # ArgoCD's templating operates with strings so it's the string "true"
+              matchExpressions:
+                - key: skipComponent
+                  operator: NotIn
+                  values:
+                    - "true"
+  template:
+    metadata:
+      name: '{{.name}}-{{.component}}'
+      finalizers:
+        - resources-finalizer.argocd.argoproj.io
+      annotations:
+        argocd.argoproj.io/compare-options: ServerSideDiff=true,IncludeMutationWebhook=true
+    spec:
+      project: understack-infra
+      destination:
+        server: '{{.server}}'
+        namespace: '{{coalesce (get . "componentNamespace") .component}}'
+      syncPolicy:
+        automated:
+          selfHeal: true
+        syncOptions:
+          - CreateNamespace=true
+          - ServerSideApply=true
+          - RespectIgnoreDifferences=true
+        managedNamespaceMetadata:
+          annotations:
+            # ArgoCD can create our namespace but let's not delete it
+            argocd.argoproj.io/sync-options: Delete=false
+  templatePatch: |
+    spec:
+      sources:
+      {{- range $source := .sources }}
+        # indentation matters so collapse to single line with toJson to keep it
+        - {{ $source | toJson }}
+      {{- end }}
+    {{- if hasKey . "ignoreDifferences" }}
+      # indentation matters so collapse to single line with toJson to keep it
+      ignoreDifferences: {{ .ignoreDifferences | toJson }}
+    {{- end }}

apps/appsets/operators.yaml renamed to apps/appsets/appset-understack-operators.yaml

@@ -1,24 +1,45 @@
+---
 apiVersion: argoproj.io/v1alpha1
 kind: ApplicationSet
 metadata:
-  name: operators
+  name: understack-operators
+  finalizers:
+    # ensure applicationset is not deleted until its unreferenced
+    - resources-finalizer.argocd.argoproj.io
 spec:
   syncPolicy:
     applicationsSync: create-update
+    # for infrastructure resources we don't want to delete things automatically
+    preserveResourcesOnDeletion: true
   goTemplate: true
   goTemplateOptions: ["missingkey=error"]
   generators:
     - matrix:
         generators:
           - clusters:
               selector:
-                matchLabels:
-                  argocd.argoproj.io/secret-type: cluster
+                matchExpressions:
+                  - key: understack.rackspace.com/role
+                    operator: In
+                    values:
+                      - "global"
+                      - "regional"
+                      - "aio"
+              values:
+                uc_skip_components: '{{ default "[]" (index .metadata.annotations "uc_skip_components") }}'
+                uc_repo_git_url: '{{index .metadata.annotations "uc_repo_git_url"}}'
+                uc_repo_ref: '{{index .metadata.annotations "uc_repo_ref"}}'
+                uc_deploy_git_url: '{{index .metadata.annotations "uc_deploy_git_url"}}'
+                uc_deploy_ref: '{{index .metadata.annotations "uc_deploy_ref"}}'
+                uc_role: '{{index .metadata.labels "understack.rackspace.com/role"}}'
+                uc_dns_zone: '{{index .metadata.annotations "dns_zone" }}'
+                uc_cluster_issuer: '{{index .metadata.annotations "uc_cluster_issuer" }}'
+                uc_global_dns_zone: '{{index .metadata.annotations "uc_global_dns_zone" }}'
           - list:
               elements:
                 - component: rook
                   componentNamespace: rook-ceph
-                  skipComponent: '{{has "rook" ((default "[]" (index .metadata.annotations "uc_skip_components") | fromJson))}}'
+                  skipComponent: '{{or (has "rook" (.values.uc_skip_components | fromJson)) (eq "global" .values.uc_role)}}'
                   sources:
                     - repoURL: https://charts.rook.io/release
                       chart: rook-ceph
@@ -38,39 +59,39 @@ spec:
                           - $understack/operators/rook/values-cluster.yaml
                           - $deploy/{{.name}}/helm-configs/rook-cluster.yaml
                         ignoreMissingValueFiles: true
-                    - repoURL: '{{index .metadata.annotations "uc_repo_git_url"}}'
-                      targetRevision: '{{index .metadata.annotations "uc_repo_ref"}}'
+                    - repoURL: '{{ .values.uc_repo_git_url }}'
+                      targetRevision: '{{ .values.uc_repo_ref }}'
                       path: 'operators/rook'
                       ref: understack
-                    - repoURL: '{{index .metadata.annotations "uc_deploy_git_url"}}'
-                      targetRevision: '{{index .metadata.annotations "uc_deploy_ref"}}'
+                    - repoURL: '{{ .values.uc_deploy_git_url }}'
+                      targetRevision: '{{ .values.uc_deploy_ref }}'
                       ref: deploy
                 - component: cnpg-system
-                  skipComponent: '{{has "cnpg-system" ((default "[]" (index .metadata.annotations "uc_skip_components") | fromJson))}}'
+                  skipComponent: '{{or (has "cnpg-system" (.values.uc_skip_components | fromJson)) (eq "regional" .values.uc_role)}}'
                   sources:
-                    - repoURL: '{{index .metadata.annotations "uc_repo_git_url"}}'
-                      targetRevision: '{{index .metadata.annotations "uc_repo_ref"}}'
+                    - repoURL: '{{ .values.uc_repo_git_url }}'
+                      targetRevision: '{{ .values.uc_repo_ref }}'
                       path: 'operators/cnpg-system'
                 - component: external-secrets
-                  skipComponent: '{{has "external-secrets" ((default "[]" (index .metadata.annotations "uc_skip_components") | fromJson))}}'
+                  skipComponent: '{{has "external-secrets" (.values.uc_skip_components | fromJson)}}'
                   sources:
-                    - repoURL: '{{index .metadata.annotations "uc_repo_git_url"}}'
-                      targetRevision: '{{index .metadata.annotations "uc_repo_ref"}}'
+                    - repoURL: '{{ .values.uc_repo_git_url }}'
+                      targetRevision: '{{ .values.uc_repo_ref }}'
                       path: 'operators/external-secrets'
                 - component: mariadb-operator
-                  skipComponent: '{{has "mariadb-operator" ((default "[]" (index .metadata.annotations "uc_skip_components") | fromJson))}}'
+                  skipComponent: '{{has "mariadb-operator" (.values.uc_skip_components | fromJson)}}'
                   sources:
-                    - repoURL: '{{index .metadata.annotations "uc_repo_git_url"}}'
-                      targetRevision: '{{index .metadata.annotations "uc_repo_ref"}}'
+                    - repoURL: '{{ .values.uc_repo_git_url }}'
+                      targetRevision: '{{ .values.uc_repo_ref }}'
                       path: 'operators/mariadb-operator'
                 - component: rabbitmq-system
-                  skipComponent: '{{has "rabbitmq-system" ((default "[]" (index .metadata.annotations "uc_skip_components") | fromJson))}}'
+                  skipComponent: '{{has "rabbitmq-system" (.values.uc_skip_components | fromJson)}}'
                   sources:
-                    - repoURL: '{{index .metadata.annotations "uc_repo_git_url"}}'
-                      targetRevision: '{{index .metadata.annotations "uc_repo_ref"}}'
+                    - repoURL: '{{ .values.uc_repo_git_url }}'
+                      targetRevision: '{{ .values.uc_repo_ref }}'
                       path: 'operators/rabbitmq-system'
                 - component: monitoring
-                  skipComponent: '{{has "monitoring" ((default "[]" (index .metadata.annotations "uc_skip_components") | fromJson))}}'
+                  skipComponent: '{{has "monitoring" (.values.uc_skip_components | fromJson)}}'
                   sources:
                     - repoURL: https://prometheus-community.github.io/helm-charts
                       chart: kube-prometheus-stack
@@ -81,15 +102,15 @@ spec:
                           - $understack/operators/monitoring/values.yaml
                           - $deploy/{{.name}}/helm-configs/monitoring.yaml
                         ignoreMissingValueFiles: true
-                    - repoURL: '{{index .metadata.annotations "uc_repo_git_url"}}'
-                      targetRevision: '{{index .metadata.annotations "uc_repo_ref"}}'
+                    - repoURL: '{{ .values.uc_repo_git_url }}'
+                      targetRevision: '{{ .values.uc_repo_ref }}'
                       path: 'operators/monitoring'
                       ref: understack
-                    - repoURL: '{{index .metadata.annotations "uc_deploy_git_url"}}'
-                      targetRevision: '{{index .metadata.annotations "uc_deploy_ref"}}'
+                    - repoURL: '{{ .values.uc_deploy_git_url }}'
+                      targetRevision: '{{ .values.uc_deploy_ref }}'
                       ref: deploy
                 - component: opentelemetry-operator
-                  skipComponent: '{{has "opentelemetry-operator" ((default "[]" (index .metadata.annotations "uc_skip_components") | fromJson))}}'
+                  skipComponent: '{{has "opentelemetry-operator" (.values.uc_skip_components | fromJson)}}'
                   sources:
                     - repoURL: https://open-telemetry.github.io/opentelemetry-helm-charts
                       chart: opentelemetry-operator
@@ -100,12 +121,12 @@ spec:
                           - $understack/operators/opentelemetry-operator/values.yaml
                           - $deploy/{{.name}}/helm-configs/opentelemetry-operator.yaml
                         ignoreMissingValueFiles: true
-                    - repoURL: '{{index .metadata.annotations "uc_repo_git_url"}}'
-                      targetRevision: '{{index .metadata.annotations "uc_repo_ref"}}'
+                    - repoURL: '{{ .values.uc_repo_git_url }}'
+                      targetRevision: '{{ .values.uc_repo_ref }}'
                       ref: understack
                       path: 'operators/opentelemetry-operator'
-                    - repoURL: '{{index .metadata.annotations "uc_deploy_git_url"}}'
-                      targetRevision: '{{index .metadata.annotations "uc_deploy_ref"}}'
+                    - repoURL: '{{ .values.uc_deploy_git_url }}'
+                      targetRevision: '{{ .values.uc_deploy_ref }}'
                       ref: deploy
             selector:
               # by setting the key in the elements 'skipComponent' to 'true' it will skip installing it
@@ -123,7 +144,7 @@ spec:
       annotations:
         argocd.argoproj.io/compare-options: ServerSideDiff=true,IncludeMutationWebhook=true
     spec:
-      project: operators
+      project: understack-operators
       destination:
         server: '{{.server}}'
         namespace: '{{coalesce (get . "componentNamespace") .component}}'
@@ -134,20 +155,18 @@ spec:
           - CreateNamespace=true
           - ServerSideApply=true
           - RespectIgnoreDifferences=true
+        managedNamespaceMetadata:
+          annotations:
+            # ArgoCD can create our namespace but let's not delete it
+            argocd.argoproj.io/sync-options: Delete=false
   templatePatch: |
     spec:
-      {{- if hasKey . "source" }}
-      # indentation matters here. need to collapse to a single line to preserve it
-      source: {{ .source | toJson }}
-      {{- end }}
-      {{- if hasKey . "sources" }}
       sources:
-        {{- range $source := .sources }}
+      {{- range $source := .sources }}
         # indentation matters so collapse to single line with toJson to keep it
         - {{ $source | toJson }}
-        {{- end }}
       {{- end }}
-      {{- if hasKey . "ignoreDifferences" }}
+    {{- if hasKey . "ignoreDifferences" }}
       # indentation matters so collapse to single line with toJson to keep it
       ignoreDifferences: {{ .ignoreDifferences | toJson }}
-      {{- end }}
+    {{- end }}

apps/appsets/components.yaml

@@ -17,6 +17,13 @@ spec:
                   argocd.argoproj.io/secret-type: cluster
           - list:
               elements:
+                - component: understack-cluster-issuer
+                  componentNamespace: cert-manager
+                  skipComponent: '{{has "understack-cluster-issuer" ((default "[]" (index .metadata.annotations "uc_skip_components") | fromJson))}}'
+                  sources:
+                    - repoURL: '{{index .metadata.annotations "uc_deploy_git_url"}}'
+                      targetRevision: '{{index .metadata.annotations "uc_deploy_ref"}}'
+                      path: '{{.name}}/manifests/cert-manager'
                 - component: dex
                   skipComponent: '{{has "dex" ((default "[]" (index .metadata.annotations "uc_skip_components") | fromJson))}}'
                   sources:
@@ -241,6 +248,10 @@ spec:
           - CreateNamespace=true
           - ServerSideApply=true
           - RespectIgnoreDifferences=true
+        managedNamespaceMetadata:
+          annotations:
+            # ArgoCD can create our namespace but let's not delete it
+            argocd.argoproj.io/sync-options: Delete=false
   templatePatch: |
     spec:
       {{- if hasKey . "source" }}