From aa008520d391bd2f700e5699ed29f487a480e91c Mon Sep 17 00:00:00 2001
From: Oscar Wieman <oscar@oscarr.nl>
Date: Tue, 8 Aug 2023 22:11:39 +0200
Subject: [PATCH] install applicationset for drinkn pr preview envirionments

---
 .../files/applicationset-drinkn.yaml          | 71 +++++++++++++++++++
 .../templates/applicationset-drinkn.yaml      |  2 +
 .../argocd/templates/ingressroute.yaml        |  5 ++
 .../{default-project.yaml => projects.yaml}   | 20 ++++++
 4 files changed, 98 insertions(+)
 create mode 100644 argocd-managed/argocd-apps/files/applicationset-drinkn.yaml
 create mode 100644 argocd-managed/argocd-apps/templates/applicationset-drinkn.yaml
 rename argocd-managed/argocd/templates/{default-project.yaml => projects.yaml} (53%)

diff --git a/argocd-managed/argocd-apps/files/applicationset-drinkn.yaml b/argocd-managed/argocd-apps/files/applicationset-drinkn.yaml
new file mode 100644
index 0000000..77b8be3
--- /dev/null
+++ b/argocd-managed/argocd-apps/files/applicationset-drinkn.yaml
@@ -0,0 +1,71 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: ApplicationSet
+metadata:
+  name: drinkn
+  namespace: argocd
+spec:
+  goTemplate: true
+  goTemplateOptions: ['missingkey=invalid']
+  generators:
+    - pullRequest:
+        github:
+          owner: bierteam
+          repo: drinkn
+          tokenRef:
+            secretName: github-token
+            key: token # prevent rate limiting
+          labels:
+            - preview
+        requeueAfterSeconds: 1800
+  template: # https://argo-cd.readthedocs.io/en/release-2.7/operator-manual/applicationset/Generators-Pull-Request/#template
+    metadata:
+      name: 'drinkn-pr-{{ .number }}'
+      labels:
+        app.kubernetes.io/instance: drinkn
+      annotations:
+        link.argocd.argoproj.io/external-link: 'https://github.com/bierteam/drinkn/pull/{{ .number }}'
+    spec:
+      destination:
+        namespace: 'drinkn-pr-{{ .number }}'
+        name: 'in-cluster'
+      project: restricted
+      source:
+        repoURL: 'https://github.com/bierteam/drinkn.git'
+        targetRevision: '{{ .branch }}'
+        path: charts/drinkn
+        helm:
+          parameters:
+            - name: image.tag
+              value: 'sha-{{ .head_short_sha_7 }}'
+            - name: fqdn
+              value: 'drinkn-pr-{{ .number }}.lab.oscarr.nl'
+            - name: pr.enabled
+              value: 'true'
+            - name: pr.number
+              value: '{{ .number }}'
+            - name: pr.ref
+              value: '{{ .branch }}'
+            - name: replicas
+              value: '1'
+      syncPolicy:
+        automated:
+          prune: true
+          selfHeal: true
+        managedNamespaceMetadata:
+          labels:
+            pod-security.kubernetes.io/warn: restricted
+            pod-security.kubernetes.io/enforce: baseline
+        syncOptions:
+          - CreateNamespace=true
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  name: github-token
+  namespace: argocd
+  annotations:
+    a8r.io/description: "Expires on Wed, Aug 7 2024. https://github.com/settings/tokens?type=beta"
+spec:
+  encryptedData:
+    token: AgC7pZfL5b+XPpkNGlClayocdOXD5dVkMLhOGJYVTV097b3Om2sFANA82woIWZkPcl90lBBYKA/Ldlkt0MRHfQU0pTQVy6ovsJxs47mHSsZ+Z4IpmrZ4LE5whkrzLNXAqpHd886JvSpjL+uHSX/FJ1qQamQlt4cIHoIfGAK1zN+7jFwV72ECAc5bEtrGytXI0wapED8F93naBaFhaZDde4/LXIq3A5+/X9x6hj4i+a95ydXKLdHiU9DucOcCXWK+TO2f8Lh63/5UtPPPnlV/diwuMsE5CxrW0t6hKuKygi7C9L/zQEuBITOuo0Ee72lKbyP6Px204oPmh0ksslvl8xxUzmMn+QP4aLOteMNTna14Qit2p6hcNll+7aAuF0K11TJAMtV/EgkrmynPLGQl2IWQOyx0/4z3wQij48fRhEU5cUCYc0RmJq5TtB2XjuvMWT+Uuq7fLjo2NwsLbxdtRoBblmhlgNYIB84HwLCQzQyxE8TNJChHCBBd9GUVKMbuf/1hi38bD0CgGgj9gdy1oswaqvvT7ZNqnidUhQX3pDSVMlkXGc2E1aOBQ1x+d2vzqJY5CMDXUi9czNtaYjPqXcdQKiyzRisjnaAGE/x1yEVVjJzg7uiljMOueACDDAMmuHDQbwii6KkEzqEAN8lXjTRSeaqeF6A3wD1EogD1WeAKRnQ9nWywQ12C2EIiRZp3SnVgOIuOcwoBr6edFBwrs8DwOBQl5ezrbgNvlNuUnAGJP1QqG+Lqx6GeL3Wt9HyrnBW3qcTGiribmYRpMxNUy3kAgBWl75TxiCEgiywfROh6mk7EiJVjC0ivC+cibEA=
diff --git a/argocd-managed/argocd-apps/templates/applicationset-drinkn.yaml b/argocd-managed/argocd-apps/templates/applicationset-drinkn.yaml
new file mode 100644
index 0000000..ae1be7c
--- /dev/null
+++ b/argocd-managed/argocd-apps/templates/applicationset-drinkn.yaml
@@ -0,0 +1,2 @@
+# The templating braces are meant for ArgoCD and not helm
+{{ .Files.Get "files/applicationset-drinkn.yaml" }}
diff --git a/argocd-managed/argocd/templates/ingressroute.yaml b/argocd-managed/argocd/templates/ingressroute.yaml
index 8e96eed..61c623c 100644
--- a/argocd-managed/argocd/templates/ingressroute.yaml
+++ b/argocd-managed/argocd/templates/ingressroute.yaml
@@ -13,6 +13,11 @@ spec:
       services:
         - name: argocd-server
           port: 80
+    - kind: Rule
+      match: Host(`argocd-applicationset-controller.lab.oscarr.nl`)
+      services:
+        - name: argocd-applicationset-controller
+          port: 7000
     - kind: Rule
       match: Host(`argocd.lab.oscarr.nl`) && Headers(`Content-Type`, `application/grpc`)
       services:
diff --git a/argocd-managed/argocd/templates/default-project.yaml b/argocd-managed/argocd/templates/projects.yaml
similarity index 53%
rename from argocd-managed/argocd/templates/default-project.yaml
rename to argocd-managed/argocd/templates/projects.yaml
index 09e1722..ed27567 100644
--- a/argocd-managed/argocd/templates/default-project.yaml
+++ b/argocd-managed/argocd/templates/projects.yaml
@@ -18,3 +18,23 @@ spec:
   sourceRepos:
     - https://github.com/bierteam/uber-kubernetes.git
     - https://github.com/bierteam/drinkn.git
+---
+apiVersion: argoproj.io/v1alpha1
+kind: AppProject
+metadata:
+  name: restricted
+  namespace: argocd
+spec:
+  destinations:
+  - name: in-cluster
+    namespace: drinkn-pr-*
+  clusterResourceWhitelist:
+  - group: ""
+    kind: Namespace
+  namespaceResourceWhitelist:
+  - group: '*'
+    kind: '*'
+  orphanedResources:
+    warn: true
+  sourceRepos:
+    - https://github.com/bierteam/drinkn.git