Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for https catalog repo #215

Merged
merged 2 commits into from
Dec 17, 2024
Merged

Add support for https catalog repo #215

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
e67ca8a
Add support for https catalog repo
simu Dec 17, 2024
e4d3111
Add test case for https catalog repo
simu Dec 17, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .cruft.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
{
"template": "https://github.com/projectsyn/commodore-component-template.git",
"commit": "8840f87d25d97ce0d4bfed75d40173caaf4100fc",
"commit": "ff9d5a839714344345b76be069ea23e39e580f38",
"checkout": "main",
"context": {
"cookiecutter": {
"name": "Argo CD",
"slug": "argocd",
"parameter_key": "argocd",
"test_cases": "defaults openshift params prometheus",
"test_cases": "defaults openshift params prometheus https-catalog",
"add_lib": "y",
"add_pp": "n",
"add_golden": "y",
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ jobs:
- openshift
- params
- prometheus
- https-catalog
defaults:
run:
working-directory: ${{ env.COMPONENT_NAME }}
Expand All @@ -54,6 +55,7 @@ jobs:
- openshift
- params
- prometheus
- https-catalog
defaults:
run:
working-directory: ${{ env.COMPONENT_NAME }}
Expand Down
2 changes: 1 addition & 1 deletion Makefile.vars.mk
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,4 +57,4 @@ KUBENT_IMAGE ?= ghcr.io/doitintl/kube-no-trouble:latest
KUBENT_DOCKER ?= $(DOCKER_CMD) $(DOCKER_ARGS) $(root_volume) --entrypoint=/app/kubent $(KUBENT_IMAGE)

instance ?= defaults
test_instances = tests/defaults.yml tests/openshift.yml tests/params.yml tests/prometheus.yml
test_instances = tests/defaults.yml tests/openshift.yml tests/params.yml tests/prometheus.yml tests/https-catalog.yml
2 changes: 2 additions & 0 deletions class/defaults.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,8 @@ parameters:

override: {}

http_credentials_secret_name: catalog-http-credentials

images:
kubectl:
registry: docker.io
Expand Down
28 changes: 22 additions & 6 deletions component/argocd.jsonnet
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -215,6 +215,8 @@ local repoServer = {

local argocdOverride = com.makeMergeable({ spec: params.override });

local useHttpsCatalog = std.startsWith(inv.parameters.cluster.catalog_url, 'https://');

local argocd(name) =
kube._Object('argoproj.io/v1beta1', 'ArgoCD', name) {
metadata+: {
Expand All @@ -230,12 +232,26 @@ local argocd(name) =
applicationInstanceLabelKey: 'argocd.argoproj.io/instance',
controller: applicationController,
initialRepositories: '- url: ' + inv.parameters.cluster.catalog_url,
repositoryCredentials: |||
- url: ssh://git@
sshPrivateKeySecret:
name: argo-ssh-key
key: sshPrivateKey
|||,
repositoryCredentials: if useHttpsCatalog then
|||
- url: %(catalog_url)s
usernameSecret:
name: %(secret)s
key: username
passwordSecret:
name: %(secret)s
key: password
||| % {
catalog_url: inv.parameters.cluster.catalog_url,
secret: params.http_credentials_secret_name,
}
else
|||
- url: ssh://git@
sshPrivateKeySecret:
name: argo-ssh-key
key: sshPrivateKey
|||,
initialSSHKnownHosts: {
keys: |||
bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw==
Expand Down
12 changes: 12 additions & 0 deletions docs/modules/ROOT/pages/references/parameters.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -115,6 +115,18 @@ default:: `{}`

Override specs of the ProjectSyn ArgoCD instance.

== `http_credentials_secret_name`

[horizontal]
type:: string
default:: `catalog-https-credentials`

The name of the externally managed secret which holds the username and password for fetching the catalog repo over HTTPS in fields `username` and `password`.

This parameter is only used when the cluster's catalog repo URL starts with `https://`.

IMPORTANT: Users must ensure that this secret is in place before this component is synced.

== `images`

[horizontal]
Expand Down
14 changes: 14 additions & 0 deletions tests/golden/https-catalog/argocd/apps/00_default-project.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
apiVersion: argoproj.io/v1alpha1
kind: AppProject
metadata:
name: default
namespace: syn
spec:
clusterResourceWhitelist:
- group: '*'
kind: '*'
destinations:
- namespace: '*'
server: '*'
sourceRepos:
- '*'
16 changes: 16 additions & 0 deletions tests/golden/https-catalog/argocd/apps/00_syn-project.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
apiVersion: argoproj.io/v1alpha1
kind: AppProject
metadata:
name: syn
namespace: syn
spec:
clusterResourceWhitelist:
- group: '*'
kind: '*'
destinations:
- namespace: '*'
server: https://kubernetes.default.svc
orphanedResources:
warn: false
sourceRepos:
- https://git.example.com/cluster-catalog.git
20 changes: 20 additions & 0 deletions tests/golden/https-catalog/argocd/apps/01_rootapp.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: root
namespace: syn
spec:
destination:
namespace: syn
server: https://kubernetes.default.svc
project: syn
source:
directory:
recurse: true
path: manifests/apps/
repoURL: https://git.example.com/cluster-catalog.git
targetRevision: HEAD
syncPolicy:
automated:
prune: true
selfHeal: true
26 changes: 26 additions & 0 deletions tests/golden/https-catalog/argocd/apps/10_argocd.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
annotations:
argocd.argoproj.io/compare-options: ServerSideDiff=true
finalizers:
- resources-finalizer.argocd.argoproj.io
name: argocd
namespace: syn
spec:
destination:
namespace: syn
server: https://kubernetes.default.svc
project: syn
source:
directory:
recurse: true
path: manifests/argocd
repoURL: https://git.example.com/cluster-catalog.git
targetRevision: HEAD
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- ServerSideApply=true
9 changes: 9 additions & 0 deletions tests/golden/https-catalog/argocd/argocd/01_namespace/00_namespace.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
apiVersion: v1
kind: Namespace
metadata:
annotations: {}
labels:
app.kubernetes.io/part-of: argocd
name: syn
openshift.io/cluster-monitoring: 'true'
name: syn
97 changes: 97 additions & 0 deletions tests/golden/https-catalog/argocd/argocd/01_namespace/20_monitoring.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,97 @@
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
labels:
app.kubernetes.io/name: syn-argocd-metrics
app.kubernetes.io/part-of: argocd
name: syn-component-argocd-metrics
name: syn-component-argocd-metrics
namespace: syn
spec:
endpoints:
- port: metrics
selector:
matchLabels:
app.kubernetes.io/name: syn-argocd-metrics
app.kubernetes.io/part-of: argocd
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
labels:
app.kubernetes.io/name: syn-argocd-server-metrics
app.kubernetes.io/part-of: argocd
name: syn-component-argocd-server-metrics
name: syn-component-argocd-server-metrics
namespace: syn
spec:
endpoints:
- port: metrics
selector:
matchLabels:
app.kubernetes.io/name: syn-argocd-server-metrics
app.kubernetes.io/part-of: argocd
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
labels:
app.kubernetes.io/name: syn-argocd-repo-server
app.kubernetes.io/part-of: argocd
name: syn-component-argocd-repo-server
name: syn-component-argocd-repo-server
namespace: syn
spec:
endpoints:
- port: metrics
selector:
matchLabels:
app.kubernetes.io/name: syn-argocd-repo-server
app.kubernetes.io/part-of: argocd
---
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
labels:
cluster_id: c-green-test-1234
name: argocd
prometheus: platform
role: alert-rules
tenant_id: t-silent-test-1234
name: argocd
namespace: syn
spec:
groups:
- name: argocd.rules
rules:
- alert: ArgoCDAppUnsynced
annotations:
dashboard: argocd
description: kubectl -n syn describe app {{ $labels.name }}
message: Argo CD app {{ $labels.name }} is not synced
expr: argocd_app_info{exported_namespace="syn", sync_status!="Synced"} >
0
for: 10m
labels:
severity: warning
syn: 'true'
- alert: ArgoCDAppUnhealthy
annotations:
dashboard: argocd
description: kubectl -n syn describe app {{ $labels.name }}
message: Argo CD app {{ $labels.name }} is not healthy
expr: argocd_app_info{exported_namespace="syn", health_status!="Healthy"}
> 0
for: 10m
labels:
severity: critical
syn: 'true'
- alert: ArgoCDDown
annotations:
dashboard: argocd
message: Argo CD job {{ $labels.job }} is down
expr: up{namespace="syn", job=~"^syn-argocd-.+$"} != 1
for: 5m
labels:
severity: critical
syn: 'true'
Loading
Loading