Skip to content

Commit 8c31821

Browse files
simusimu
authored
Merge pull request #215 from projectsyn/feat/https-catalog
Add support for https catalog repo
2 parents 25becd8 + e4d3111 commit 8c31821

File tree

43 files changed

+45112
-9
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

43 files changed

+45112
-9
lines changed

.cruft.json

+2-2
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,13 @@
11
{
22
"template": "https://github.com/projectsyn/commodore-component-template.git",
3-
"commit": "8840f87d25d97ce0d4bfed75d40173caaf4100fc",
3+
"commit": "ff9d5a839714344345b76be069ea23e39e580f38",
44
"checkout": "main",
55
"context": {
66
"cookiecutter": {
77
"name": "Argo CD",
88
"slug": "argocd",
99
"parameter_key": "argocd",
10-
"test_cases": "defaults openshift params prometheus",
10+
"test_cases": "defaults openshift params prometheus https-catalog",
1111
"add_lib": "y",
1212
"add_pp": "n",
1313
"add_golden": "y",

.github/workflows/test.yaml

+2
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,7 @@ jobs:
3636
- openshift
3737
- params
3838
- prometheus
39+
- https-catalog
3940
defaults:
4041
run:
4142
working-directory: ${{ env.COMPONENT_NAME }}
@@ -54,6 +55,7 @@ jobs:
5455
- openshift
5556
- params
5657
- prometheus
58+
- https-catalog
5759
defaults:
5860
run:
5961
working-directory: ${{ env.COMPONENT_NAME }}

Makefile.vars.mk

+1-1
Original file line numberDiff line numberDiff line change
@@ -57,4 +57,4 @@ KUBENT_IMAGE ?= ghcr.io/doitintl/kube-no-trouble:latest
5757
KUBENT_DOCKER ?= $(DOCKER_CMD) $(DOCKER_ARGS) $(root_volume) --entrypoint=/app/kubent $(KUBENT_IMAGE)
5858

5959
instance ?= defaults
60-
test_instances = tests/defaults.yml tests/openshift.yml tests/params.yml tests/prometheus.yml
60+
test_instances = tests/defaults.yml tests/openshift.yml tests/params.yml tests/prometheus.yml tests/https-catalog.yml

class/defaults.yml

+2
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,8 @@ parameters:
2626

2727
override: {}
2828

29+
http_credentials_secret_name: catalog-http-credentials
30+
2931
images:
3032
kubectl:
3133
registry: docker.io

component/argocd.jsonnet

+22-6
Original file line numberDiff line numberDiff line change
@@ -215,6 +215,8 @@ local repoServer = {
215215

216216
local argocdOverride = com.makeMergeable({ spec: params.override });
217217

218+
local useHttpsCatalog = std.startsWith(inv.parameters.cluster.catalog_url, 'https://');
219+
218220
local argocd(name) =
219221
kube._Object('argoproj.io/v1beta1', 'ArgoCD', name) {
220222
metadata+: {
@@ -230,12 +232,26 @@ local argocd(name) =
230232
applicationInstanceLabelKey: 'argocd.argoproj.io/instance',
231233
controller: applicationController,
232234
initialRepositories: '- url: ' + inv.parameters.cluster.catalog_url,
233-
repositoryCredentials: |||
234-
- url: ssh://git@
235-
sshPrivateKeySecret:
236-
name: argo-ssh-key
237-
key: sshPrivateKey
238-
|||,
235+
repositoryCredentials: if useHttpsCatalog then
236+
|||
237+
- url: %(catalog_url)s
238+
usernameSecret:
239+
name: %(secret)s
240+
key: username
241+
passwordSecret:
242+
name: %(secret)s
243+
key: password
244+
||| % {
245+
catalog_url: inv.parameters.cluster.catalog_url,
246+
secret: params.http_credentials_secret_name,
247+
}
248+
else
249+
|||
250+
- url: ssh://git@
251+
sshPrivateKeySecret:
252+
name: argo-ssh-key
253+
key: sshPrivateKey
254+
|||,
239255
initialSSHKnownHosts: {
240256
keys: |||
241257
bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw==

docs/modules/ROOT/pages/references/parameters.adoc

+12
Original file line numberDiff line numberDiff line change
@@ -115,6 +115,18 @@ default:: `{}`
115115

116116
Override specs of the ProjectSyn ArgoCD instance.
117117

118+
== `http_credentials_secret_name`
119+
120+
[horizontal]
121+
type:: string
122+
default:: `catalog-https-credentials`
123+
124+
The name of the externally managed secret which holds the username and password for fetching the catalog repo over HTTPS in fields `username` and `password`.
125+
126+
This parameter is only used when the cluster's catalog repo URL starts with `https://`.
127+
128+
IMPORTANT: Users must ensure that this secret is in place before this component is synced.
129+
118130
== `images`
119131

120132
[horizontal]

tests/golden/https-catalog/argocd/apps/00_default-project.yaml

+14
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
apiVersion: argoproj.io/v1alpha1
2+
kind: AppProject
3+
metadata:
4+
name: default
5+
namespace: syn
6+
spec:
7+
clusterResourceWhitelist:
8+
- group: '*'
9+
kind: '*'
10+
destinations:
11+
- namespace: '*'
12+
server: '*'
13+
sourceRepos:
14+
- '*'

tests/golden/https-catalog/argocd/apps/00_syn-project.yaml

+16
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
apiVersion: argoproj.io/v1alpha1
2+
kind: AppProject
3+
metadata:
4+
name: syn
5+
namespace: syn
6+
spec:
7+
clusterResourceWhitelist:
8+
- group: '*'
9+
kind: '*'
10+
destinations:
11+
- namespace: '*'
12+
server: https://kubernetes.default.svc
13+
orphanedResources:
14+
warn: false
15+
sourceRepos:
16+
- https://git.example.com/cluster-catalog.git

tests/golden/https-catalog/argocd/apps/01_rootapp.yaml

+20
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
apiVersion: argoproj.io/v1alpha1
2+
kind: Application
3+
metadata:
4+
name: root
5+
namespace: syn
6+
spec:
7+
destination:
8+
namespace: syn
9+
server: https://kubernetes.default.svc
10+
project: syn
11+
source:
12+
directory:
13+
recurse: true
14+
path: manifests/apps/
15+
repoURL: https://git.example.com/cluster-catalog.git
16+
targetRevision: HEAD
17+
syncPolicy:
18+
automated:
19+
prune: true
20+
selfHeal: true

tests/golden/https-catalog/argocd/apps/10_argocd.yaml

+26
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
apiVersion: argoproj.io/v1alpha1
2+
kind: Application
3+
metadata:
4+
annotations:
5+
argocd.argoproj.io/compare-options: ServerSideDiff=true
6+
finalizers:
7+
- resources-finalizer.argocd.argoproj.io
8+
name: argocd
9+
namespace: syn
10+
spec:
11+
destination:
12+
namespace: syn
13+
server: https://kubernetes.default.svc
14+
project: syn
15+
source:
16+
directory:
17+
recurse: true
18+
path: manifests/argocd
19+
repoURL: https://git.example.com/cluster-catalog.git
20+
targetRevision: HEAD
21+
syncPolicy:
22+
automated:
23+
prune: true
24+
selfHeal: true
25+
syncOptions:
26+
- ServerSideApply=true

tests/golden/https-catalog/argocd/argocd/01_namespace/00_namespace.yaml

+9
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
apiVersion: v1
2+
kind: Namespace
3+
metadata:
4+
annotations: {}
5+
labels:
6+
app.kubernetes.io/part-of: argocd
7+
name: syn
8+
openshift.io/cluster-monitoring: 'true'
9+
name: syn

tests/golden/https-catalog/argocd/argocd/01_namespace/20_monitoring.yaml

+97
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,97 @@
1+
apiVersion: monitoring.coreos.com/v1
2+
kind: ServiceMonitor
3+
metadata:
4+
labels:
5+
app.kubernetes.io/name: syn-argocd-metrics
6+
app.kubernetes.io/part-of: argocd
7+
name: syn-component-argocd-metrics
8+
name: syn-component-argocd-metrics
9+
namespace: syn
10+
spec:
11+
endpoints:
12+
- port: metrics
13+
selector:
14+
matchLabels:
15+
app.kubernetes.io/name: syn-argocd-metrics
16+
app.kubernetes.io/part-of: argocd
17+
---
18+
apiVersion: monitoring.coreos.com/v1
19+
kind: ServiceMonitor
20+
metadata:
21+
labels:
22+
app.kubernetes.io/name: syn-argocd-server-metrics
23+
app.kubernetes.io/part-of: argocd
24+
name: syn-component-argocd-server-metrics
25+
name: syn-component-argocd-server-metrics
26+
namespace: syn
27+
spec:
28+
endpoints:
29+
- port: metrics
30+
selector:
31+
matchLabels:
32+
app.kubernetes.io/name: syn-argocd-server-metrics
33+
app.kubernetes.io/part-of: argocd
34+
---
35+
apiVersion: monitoring.coreos.com/v1
36+
kind: ServiceMonitor
37+
metadata:
38+
labels:
39+
app.kubernetes.io/name: syn-argocd-repo-server
40+
app.kubernetes.io/part-of: argocd
41+
name: syn-component-argocd-repo-server
42+
name: syn-component-argocd-repo-server
43+
namespace: syn
44+
spec:
45+
endpoints:
46+
- port: metrics
47+
selector:
48+
matchLabels:
49+
app.kubernetes.io/name: syn-argocd-repo-server
50+
app.kubernetes.io/part-of: argocd
51+
---
52+
apiVersion: monitoring.coreos.com/v1
53+
kind: PrometheusRule
54+
metadata:
55+
labels:
56+
cluster_id: c-green-test-1234
57+
name: argocd
58+
prometheus: platform
59+
role: alert-rules
60+
tenant_id: t-silent-test-1234
61+
name: argocd
62+
namespace: syn
63+
spec:
64+
groups:
65+
- name: argocd.rules
66+
rules:
67+
- alert: ArgoCDAppUnsynced
68+
annotations:
69+
dashboard: argocd
70+
description: kubectl -n syn describe app {{ $labels.name }}
71+
message: Argo CD app {{ $labels.name }} is not synced
72+
expr: argocd_app_info{exported_namespace="syn", sync_status!="Synced"} >
73+
0
74+
for: 10m
75+
labels:
76+
severity: warning
77+
syn: 'true'
78+
- alert: ArgoCDAppUnhealthy
79+
annotations:
80+
dashboard: argocd
81+
description: kubectl -n syn describe app {{ $labels.name }}
82+
message: Argo CD app {{ $labels.name }} is not healthy
83+
expr: argocd_app_info{exported_namespace="syn", health_status!="Healthy"}
84+
> 0
85+
for: 10m
86+
labels:
87+
severity: critical
88+
syn: 'true'
89+
- alert: ArgoCDDown
90+
annotations:
91+
dashboard: argocd
92+
message: Argo CD job {{ $labels.job }} is down
93+
expr: up{namespace="syn", job=~"^syn-argocd-.+$"} != 1
94+
for: 5m
95+
labels:
96+
severity: critical
97+
syn: 'true'

0 commit comments

Comments
 (0)