add apps, change type to applicationset

Author: soerenschneider

clusters/argo-svc.dd.soeren.cloud/app-apps.yaml

@@ -1,20 +1,29 @@
----
 apiVersion: argoproj.io/v1alpha1
-kind: Application
+kind: ApplicationSet
 metadata:
   name: "apps"
   namespace: "argocd"
-  annotations:
-    argocd.argoproj.io/sync-wave: "3"
 spec:
-  project: "apps"
-  source:
-    repoURL: "https://github.com/soerenschneider/k8s-gitops.git"
-    targetRevision: "HEAD"
-    path: "clusters/argo-svc.dd.soeren.cloud/apps"
-  destination:
-    server: "https://kubernetes.default.svc"
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true
+  generators:
+    - directory:
+        repoURL: "https://github.com/soerenschneider/k8s-gitops.git"
+        revision: "HEAD"
+        path: "clusters/argo-svc.dd.soeren.cloud/apps/*"
+  template:
+    metadata:
+      name: '{{path.basename}}'
+      namespace: "argocd"
+      annotations:
+        argocd.argoproj.io/sync-wave: "3"
+    spec:
+      project: "apps"
+      source:
+        repoURL: "https://github.com/soerenschneider/k8s-gitops.git"
+        targetRevision: "HEAD"
+        path: '{{path}}'
+      destination:
+        server: "https://kubernetes.default.svc"
+      syncPolicy:
+        automated:
+          prune: true
+          selfHeal: true

clusters/argo-svc.dd.soeren.cloud/apps/aether/external-secret-aether-taskwarrior.yaml

@@ -0,0 +1,18 @@
+---
+apiVersion: "external-secrets.io/v1beta1"
+kind: "ExternalSecret"
+metadata:
+  name: "aether-taskwarrior"
+spec:
+  refreshInterval: "1h"
+  secretStoreRef:
+    name: "vault"
+    kind: "ClusterSecretStore"
+  target:
+    name: "aether-taskwarrior"
+    creationPolicy: "Owner"
+  data:
+    - secretKey: "config"
+      remoteRef:
+        key: "secret/soeren.cloud/env/prod/taskwarrior"
+        property: "conf"

clusters/argo-svc.dd.soeren.cloud/apps/aether/external-secret-aether.yaml

@@ -0,0 +1,58 @@
+---
+apiVersion: "external-secrets.io/v1beta1"
+kind: "ExternalSecret"
+metadata:
+  name: "aether"
+spec:
+  refreshInterval: "1h"
+  secretStoreRef:
+    name: "vault"
+    kind: "ClusterSecretStore"
+  target:
+    name: "aether"
+    creationPolicy: "Owner"
+  data:
+    - secretKey: "caldav_password"
+      remoteRef:
+        key: "secret/soeren.cloud/env/prod/aether"
+        property: "caldav_password"
+    - secretKey: "caldav_user"
+      remoteRef:
+        key: "secret/soeren.cloud/env/prod/aether"
+        property: "caldav_user"
+    - secretKey: "carddav_password"
+      remoteRef:
+        key: "secret/soeren.cloud/env/prod/aether"
+        property: "carddav_password"
+    - secretKey: "carddav_user"
+      remoteRef:
+        key: "secret/soeren.cloud/env/prod/aether"
+        property: "carddav_user"
+    - secretKey: "email_from"
+      remoteRef:
+        key: "secret/soeren.cloud/env/prod/aether"
+        property: "email_from"
+    - secretKey: "email_password"
+      remoteRef:
+        key: "secret/soeren.cloud/env/prod/aether"
+        property: "email_password"
+    - secretKey: "email_to"
+      remoteRef:
+        key: "secret/soeren.cloud/env/prod/aether"
+        property: "email_to"
+    - secretKey: "email_username"
+      remoteRef:
+        key: "secret/soeren.cloud/env/prod/aether"
+        property: "email_username"
+    - secretKey: "weather_apikey"
+      remoteRef:
+        key: "secret/soeren.cloud/env/prod/aether"
+        property: "weather_apikey"
+    - secretKey: "AWS_ACCESS_KEY_ID"
+      remoteRef:
+        key: "secret/soeren.cloud/env/prod/aws-s3/credentials/taskwarrior-prod-aether"
+        property: "AWS_ACCESS_KEY_ID"
+    - secretKey: "AWS_SECRET_ACCESS_KEY"
+      remoteRef:
+        key: "secret/soeren.cloud/env/prod/aws-s3/credentials/taskwarrior-prod-aether"
+        property: "AWS_SECRET_ACCESS_KEY"

clusters/argo-svc.dd.soeren.cloud/apps/aether/kustomization.yaml

@@ -0,0 +1,35 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: aether
+resources:
+  - ../../common/aether
+  - namespace.yaml
+  - external-secret-aether.yaml
+  - external-secret-aether-taskwarrior.yaml
+patches:
+  - target:
+      kind: VirtualService
+      name: aether
+    patch: |-
+      - op: replace
+        path: /spec/hosts
+        value:
+          - aether.svc.dd.soeren.cloud
+  - target:
+      kind: Deployment
+      name: aether
+    patch: |
+      - op: add
+        path: /spec/template/spec/containers/1/env
+        value:
+          - name: AWS_ACCESS_KEY_ID
+            valueFrom:
+              secretKeyRef:
+                name: aether
+                key: AWS_ACCESS_KEY_ID
+          - name: AWS_SECRET_ACCESS_KEY
+            valueFrom:
+              secretKeyRef:
+                name: aether
+                key: AWS_SECRET_ACCESS_KEY

clusters/argo-svc.dd.soeren.cloud/apps/aether/namespace.yaml

@@ -0,0 +1,7 @@
+---
+kind: Namespace
+apiVersion: v1
+metadata:
+  name: aether
+  labels:
+    name: aether

clusters/argo-svc.dd.soeren.cloud/apps/dyndns/dyndns-client/external-secret-dyndns-client-aws-credentials.yaml

@@ -0,0 +1,22 @@
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: "dyndns-client-aws-credentials"
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    name: "vault"
+    kind: "ClusterSecretStore"
+  target:
+    name: "dyndns-client-aws-credentials"
+    creationPolicy: "Owner"
+  data:
+    - secretKey: "AWS_ACCESS_KEY_ID"
+      remoteRef:
+        key: "secret/soeren.cloud/k8s/svc.dd.soeren.cloud/dyndns/client/aws-credentials"
+        property: "AWS_ACCESS_KEY_ID"
+    - secretKey: "AWS_SECRET_ACCESS_KEY"
+      remoteRef:
+        key: "secret/soeren.cloud/k8s/svc.dd.soeren.cloud/dyndns/client/aws-credentials"
+        property: "AWS_SECRET_ACCESS_KEY"

clusters/argo-svc.dd.soeren.cloud/apps/dyndns/dyndns-client/external-secret-dyndns-client-aws-endpoints.yaml

@@ -0,0 +1,26 @@
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: "dyndns-client-aws-endpoints"
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    name: "vault"
+    kind: "ClusterSecretStore"
+  target:
+    name: "dyndns-client-aws-endpoints"
+    creationPolicy: "Owner"
+  data:
+    - secretKey: "DYNDNS_HTTP_DISPATCHER_CONF"
+      remoteRef:
+        key: "secret/soeren.cloud/env/prod/dyndns-endpoints"
+        property: "DYNDNS_HTTP_DISPATCHER_CONF"
+    - secretKey: "DYNDNS_HTTP_RESOLVER_PREFERRED_URLS"
+      remoteRef:
+        key: "secret/soeren.cloud/env/prod/dyndns-endpoints"
+        property: "DYNDNS_HTTP_RESOLVER_PREFERRED_URLS"
+    - secretKey: "DYNDNS_SQS_QUEUE"
+      remoteRef:
+        key: "secret/soeren.cloud/env/prod/dyndns-endpoints"
+        property: "DYNDNS_SQS_QUEUE"

clusters/argo-svc.dd.soeren.cloud/apps/dyndns/dyndns-client/external-secret-dyndns-client-keypair.yaml

@@ -0,0 +1,18 @@
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: "dyndns-client-keypair"
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    name: "vault"
+    kind: "ClusterSecretStore"
+  target:
+    name: "dyndns-client-keypair"
+    creationPolicy: "Owner"
+  data:
+    - secretKey: "keypair.json"
+      remoteRef:
+        key: "secret/soeren.cloud/k8s/svc.dd.soeren.cloud/dyndns/client/keypair"
+        property: "keypair.json"

clusters/argo-svc.dd.soeren.cloud/apps/dyndns/dyndns-client/kustomization.yaml

@@ -0,0 +1,31 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../../../../apps/dyndns/client
+  - external-secret-dyndns-client-aws-credentials.yaml
+  - external-secret-dyndns-client-aws-endpoints.yaml
+  - external-secret-dyndns-client-keypair.yaml
+components:
+  - ../../../../apps/dyndns/client/components/aws-credentials
+  - ../../../../apps/dyndns/client/components/aws-endpoints
+  - ../../../../apps/dyndns/client/components/keypair
+patches:
+  - target:
+      kind: Deployment
+      name: dyndns-client
+    patch: |-
+      - op: add
+        path: /spec/template/spec/priorityClassName
+        value: prod-high-prio
+      - op: replace
+        path: /spec/template/spec/volumes
+        value:
+          - name: keypair
+            secret:
+              secretName: dyndns-client-keypair
+configMapGenerator:
+  - name: dyndns-client-config
+    behavior: merge
+    literals:
+      - "DYNDNS_HOST=dd.dc.soeren.cloud"

clusters/argo-svc.dd.soeren.cloud/apps/dyndns/dyndns-server/external-secret-dyndns-client-aws-endpoints.yaml

@@ -0,0 +1,18 @@
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: "dyndns-server-aws-endpoints"
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    name: "vault"
+    kind: "ClusterSecretStore"
+  target:
+    name: "dyndns-server-aws-sqs"
+    creationPolicy: "Owner"
+  data:
+    - secretKey: "DYNDNS_SQS_QUEUE"
+      remoteRef:
+        key: "secret/soeren.cloud/env/prod/dyndns-endpoints"
+        property: "DYNDNS_SQS_QUEUE"