Merge pull request validatedpatterns#238 from claudiol/common-automat…

…ic-update Automatic common/ update
claudiol · Nov 17, 2023 · 86c7eb2 · 86c7eb2
2 parents 340bbc7 + 914393f
commit 86c7eb2
Show file tree

Hide file tree

Showing 20 changed files with 553 additions and 441 deletions.
diff --git a/common/ansible/roles/iib_ci/tasks/mirror-related-images.yml b/common/ansible/roles/iib_ci/tasks/mirror-related-images.yml
@@ -89,7 +89,7 @@
     image_urls: "{{ image_urls | default({}) | combine({item:
       {'mirrordest': mirror_dest + item | basename,
        'mirrordest_nosha': (mirror_dest + item | basename) | regex_replace('@.*$', ''),
-       'mirrordest_tag': iib}}, recursive=true) }}"
+       'mirrordest_tag': 'tag-' + item | basename | regex_replace('^.*@sha256:', '')}}, recursive=true) }}"
   loop: "{{ all_images }}"
   when: use_internal_registry
 

diff --git a/common/clustergroup/templates/plumbing/argocd-cmp-plugin-cms.yaml b/common/clustergroup/templates/plumbing/argocd-cmp-plugin-cms.yaml
@@ -0,0 +1,12 @@
+{{- range $cmp := $.Values.clusterGroup.argoCD.configManagementPlugins }}
+{{- if $cmp.pluginConfig }}
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: "argocd-cmp-{{ $cmp.name }}"
+  namespace: {{ $.Values.global.pattern }}-{{ $.Values.clusterGroup.name }}
+data:
+  "plugin.yaml": | {{ tpl $cmp.pluginConfig $ | nindent 4 }}
+{{- end }}
+{{- end }}
diff --git a/common/clustergroup/templates/plumbing/argocd.yaml b/common/clustergroup/templates/plumbing/argocd.yaml
@@ -36,36 +36,6 @@ spec:
       return hs
 
   applicationInstanceLabelKey: argocd.argoproj.io/instance
-  # Not the greatest way to pass git/quay info to sub-applications, but it will do until
-  # we can support helmChart with kustomize
-  # The other option is to pass them in as environment variables eg. BLUEPRINT_VERSION
-  configManagementPlugins: |
-    - name: kustomize-version
-      generate:
-        command: ["sh", "-c"]
-        args: ["kustomize version 1>&2 && exit 1"]
-    - name: kustomize-with-helm
-      generate:
-        command: ["kustomize"]
-        args: ["build", "--enable-helm"]
-    - name: helm-with-kustomize
-      init:
-        command: ["/bin/sh", "-c"]
-        args: ["helm dependency build"]
-      generate:
-        command: ["/bin/bash", "-c"]
-        args: ["helm template . --name-template ${ARGOCD_APP_NAME:0:52}
-            -f $(git rev-parse --show-toplevel)/values-global.yaml
-            -f $(git rev-parse --show-toplevel)/values-{{ .Values.clusterGroup.name }}.yaml
-            --set global.repoURL=$ARGOCD_APP_SOURCE_REPO_URL
-            --set global.targetRevision=$ARGOCD_APP_SOURCE_TARGET_REVISION
-            --set global.namespace=$ARGOCD_APP_NAMESPACE
-            --set global.pattern={{ .Values.global.pattern }}
-            --set global.clusterDomain={{ .Values.global.clusterDomain }}
-            --set global.hubClusterDomain={{ .Values.global.hubClusterDomain }}
-            --set global.localClusterDomain={{ coalesce .Values.global.localClusterDomain .Values.global.hubClusterDomain }}
-            --set clusterGroup.name={{ .Values.clusterGroup.name }}
-            --post-renderer ./kustomize"]
   applicationSet:
     resources:
       limits:
@@ -98,6 +68,45 @@ spec:
   rbac:
     defaultPolicy: role:admin
   repo:
+{{- if len $.Values.clusterGroup.argoCD.initContainers }}
+    initContainers: {{ $.Values.clusterGroup.argoCD.initContainers | toPrettyJson }}
+{{- end }}
+{{- if len $.Values.clusterGroup.argoCD.configManagementPlugins }}
+    sidecarContainers:
+{{- range $cmp := $.Values.clusterGroup.argoCD.configManagementPlugins }}
+      - name: {{ $cmp.name }}
+        command: [/var/run/argocd/argocd-cmp-server]
+{{- if $cmp.pluginArgs }}
+        args: {{ $cmp.pluginArgs | toPrettyJson }}
+{{- end }}
+        image: {{ $cmp.image }}
+        imagePullPolicy: {{ coalesce $cmp.imagePullPolicy "Always" }}
+        securityContext:
+          runAsNonRoot: true
+        volumeMounts:
+          - mountPath: /var/run/argocd
+            name: var-files
+          - mountPath: /home/argocd/cmp-server/plugins
+            name: plugins
+          - mountPath: /tmp
+            name: cmp-tmp
+{{- if $cmp.pluginConfig }}
+          - mountPath: /home/argocd/cmp-server/config/plugin.yaml
+            subPath: plugin.yaml
+            name: {{ $cmp.name }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- if len $.Values.clusterGroup.argoCD.configManagementPlugins }}
+    volumes:
+      - emptyDir: {}
+        name: cmp-tmp
+{{- range $cmp := $.Values.clusterGroup.argoCD.configManagementPlugins }}
+      - configMap:
+          name: "argocd-cmp-{{ $cmp.name }}"
+        name: {{ $cmp.name }}
+{{- end }}
+{{- end }}
     resources:
       limits:
         cpu: "1"

diff --git a/common/clustergroup/test.yaml b/common/clustergroup/test.yaml
diff --git a/common/clustergroup/values.schema.json b/common/clustergroup/values.schema.json
@@ -317,6 +317,9 @@
             "$ref": "#/definitions/Applications"
           }
         },
+        "argoCD": {
+          "$ref": "#/definitions/ArgoCD"
+        },
         "imperative": {
           "$ref": "#/definitions/Imperative"
         },
@@ -488,6 +491,54 @@
       ],
       "title": "Applications"
     },
+    "ArgoCD": {
+      "type": "object",
+      "description": "Details for configuring ArgoCD instances in particular",
+      "additionalProperties": false,
+      "properties": {
+        "configManagementPlugins": {
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/ArgoCDConfigManagementPlugin"
+          },
+          "description": "The new configManagementPlugins array, will also generate configMaps to inject into the plugins"
+        },
+        "initContainers": {
+          "type": "array",
+          "description": "A list of initContainers to add to the repo-server if needed"
+        }
+      }
+    },
+    "ArgoCDConfigManagementPlugin": {
+      "type": "object",
+      "additionalProperties": true,
+      "properties": {
+        "name": {
+          "type": "string",
+          "description": "Name for the config management plugin"
+        },
+        "image": {
+          "type": "string",
+          "description": "Image for a sidecar container"
+        },
+        "imagePullPolicy": {
+          "type": "string",
+          "description": "Image pull policy for the sidecar. Defaults to 'Always'"
+        },
+        "pluginConfig": {
+          "type": "string",
+          "description": "Configuration file to project into sidecar container. This will create a configMap if specified"
+        },
+        "pluginArgs": {
+          "type": "array",
+          "description": "Additional args to pass to the cmpserver command, usually loglevel"
+        }
+      },
+      "required": [
+        "name",
+        "image"
+      ]
+    },
     "IndexImages": {
       "type": "object",
       "description": "Details for overriding default catalog sources",

diff --git a/common/clustergroup/values.yaml b/common/clustergroup/values.yaml
@@ -18,6 +18,10 @@ clusterGroup:
   targetCluster: in-cluster
   sharedValueFiles: []
 
+  argoCD:
+    initContainers: []
+    configManagementPlugins: []
+
   imperative:
     jobs: []
     # This image contains ansible + kubernetes.core by default and is used to run the jobs

diff --git a/common/examples/industrial-edge-factory.yaml b/common/examples/industrial-edge-factory.yaml
@@ -36,6 +36,37 @@ clusterGroup:
   projects:
   - factory
 
+  argoCD:
+    configManagementPlugins:
+      - name: helm-with-kustomize
+        image: quay.io/hybridcloudpatterns/utility-container:latest
+        pluginArgs:
+          - '--loglevel=debug'
+        pluginConfig: |
+          apiVersion: argoproj.io/v1alpha1
+          kind: ConfigManagementPlugin
+          metadata:
+            name: helm-with-kustomize
+          spec:
+            preserveFileMode: true
+            init:
+              command: ["/bin/sh", "-c"]
+              args: ["helm dependency build"]
+            generate:
+              command: ["/bin/bash", "-c"]
+              args: ["helm template . --name-template ${ARGOCD_APP_NAME:0:52}
+                -f $(git rev-parse --show-toplevel)/values-global.yaml
+                -f $(git rev-parse --show-toplevel)/values-{{ .Values.clusterGroup.name }}.yaml
+                --set global.repoURL=$ARGOCD_APP_SOURCE_REPO_URL
+                --set global.targetRevision=$ARGOCD_APP_SOURCE_TARGET_REVISION
+                --set global.namespace=$ARGOCD_APP_NAMESPACE
+                --set global.pattern={{ .Values.global.pattern }}
+                --set global.clusterDomain={{ .Values.global.clusterDomain }}
+                --set global.hubClusterDomain={{ .Values.global.hubClusterDomain }}
+                --set global.localClusterDomain={{ coalesce .Values.global.localClusterDomain .Values.global.hubClusterDomain }}
+                --set clusterGroup.name={{ .Values.clusterGroup.name }}
+                --post-renderer ./kustomize"]
+
   applications:
   - name: stormshift
     project: factory

diff --git a/common/examples/industrial-edge-hub.yaml b/common/examples/industrial-edge-hub.yaml
@@ -65,6 +65,37 @@ clusterGroup:
   - golang-external-secrets
   - vault
 
+  argoCD:
+    configManagementPlugins:
+      - name: helm-with-kustomize
+        image: quay.io/hybridcloudpatterns/utility-container:latest
+        pluginArgs:
+          - '--loglevel=debug'
+        pluginConfig: |
+          apiVersion: argoproj.io/v1alpha1
+          kind: ConfigManagementPlugin
+          metadata:
+            name: helm-with-kustomize
+          spec:
+            preserveFileMode: true
+            init:
+              command: ["/bin/sh", "-c"]
+              args: ["helm dependency build"]
+            generate:
+              command: ["/bin/bash", "-c"]
+              args: ["helm template . --name-template ${ARGOCD_APP_NAME:0:52}
+                -f $(git rev-parse --show-toplevel)/values-global.yaml
+                -f $(git rev-parse --show-toplevel)/values-{{ .Values.clusterGroup.name }}.yaml
+                --set global.repoURL=$ARGOCD_APP_SOURCE_REPO_URL
+                --set global.targetRevision=$ARGOCD_APP_SOURCE_TARGET_REVISION
+                --set global.namespace=$ARGOCD_APP_NAMESPACE
+                --set global.pattern={{ .Values.global.pattern }}
+                --set global.clusterDomain={{ .Values.global.clusterDomain }}
+                --set global.hubClusterDomain={{ .Values.global.hubClusterDomain }}
+                --set global.localClusterDomain={{ coalesce .Values.global.localClusterDomain .Values.global.hubClusterDomain }}
+                --set clusterGroup.name={{ .Values.clusterGroup.name }}
+                --post-renderer ./kustomize"]
+
   applications:
     acm:
       name: acm

diff --git a/common/golang-external-secrets/templates/golang-external-secrets-hub-secretstore.yaml b/common/golang-external-secrets/templates/golang-external-secrets-hub-secretstore.yaml
@@ -13,16 +13,16 @@ spec:
 {{- if .Values.golangExternalSecrets.caProvider.enabled }}
 {{ if .Values.clusterGroup.isHubCluster }}
       caProvider:
-        type: {{ .Values.golangExternalSecrets.caProvider.hubCluster.type }}
-        name: {{ .Values.golangExternalSecrets.caProvider.hubCluster.name }}
-        key: {{ .Values.golangExternalSecrets.caProvider.hubCluster.key }}
-        namespace: {{ .Values.golangExternalSecrets.caProvider.hubCluster.namespace }}
+        type: {{ .Values.golangExternalSecrets.caProvider.vaultHostCluster.type }}
+        name: {{ .Values.golangExternalSecrets.caProvider.vaultHostCluster.name }}
+        key: {{ .Values.golangExternalSecrets.caProvider.vaultHostCluster.key }}
+        namespace: {{ .Values.golangExternalSecrets.caProvider.vaultHostCluster.namespace }}
 {{ else }}
       caProvider:
-        type: {{ .Values.golangExternalSecrets.caProvider.nonhubCluster.type }}
-        name: {{ .Values.golangExternalSecrets.caProvider.nonhubCluster.name }}
-        key: {{ .Values.golangExternalSecrets.caProvider.nonhubCluster.key }}
-        namespace: {{ .Values.golangExternalSecrets.caProvider.nonhubCluster.namespace }}
+        type: {{ .Values.golangExternalSecrets.caProvider.vaultClientCluster.type }}
+        name: {{ .Values.golangExternalSecrets.caProvider.vaultClientCluster.name }}
+        key: {{ .Values.golangExternalSecrets.caProvider.vaultClientCluster.key }}
+        namespace: {{ .Values.golangExternalSecrets.caProvider.vaultClientCluster.namespace }}
 {{ end }}
 {{- end }}
       auth:

diff --git a/common/golang-external-secrets/values.yaml b/common/golang-external-secrets/values.yaml
@@ -7,12 +7,12 @@ golangExternalSecrets:
   # This controls how ESO connects to vault
   caProvider:
     enabled: true # If vault is exposed via a route that is signed by a non internal CA you might want to disable this
-    hubCluster:
+    vaultHostCluster:
       type: ConfigMap
       name: kube-root-ca.crt
       key: ca.crt
       namespace: golang-external-secrets
-    nonhubCluster:
+    vaultClientCluster:
       type: Secret
       name: hub-ca
       key: hub-kube-root-ca.crt