add application of applications example

6 years ago · 3ccd0d1cb7
9 changed files with 245 additions and 0 deletions
--- a/application-of-applications-helm/Chart.yaml
+++ b/application-of-applications-helm/Chart.yaml
@ -0,0 +1,10 @@
+apiVersion: v1
+version: 1
+appVersion: "0.12"
+description: application of applications example
+name: application-of-applications
+keywords:
+  - argocd
+maintainers:
+  - name: Omer Kahani
+    email: omer@riskified.com
--- a/application-of-applications-helm/templates/_helpers.tpl
+++ b/application-of-applications-helm/templates/_helpers.tpl
@ -0,0 +1,32 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "argo-cd.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "argo-cd.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "argo-cd.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
--- a/application-of-applications-helm/templates/applications.yaml
+++ b/application-of-applications-helm/templates/applications.yaml
@ -0,0 +1,30 @@
+{{- $namespace := .Values.argo_namespace -}}
+{{- $chart_name := include "argo-cd.name" . -}}
+{{- $chart := include "argo-cd.chart" . -}}
+
+{{- range .Values.applications }}
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: {{ .name }}
+  namespace: {{ $namespace }}
+labels:
+  app.kubernetes.io/name: {{ $chart_name }}
+  helm.sh/chart: {{ $chart }}
+  app.kubernetes.io/instance: {{ $.Release.Name }}
+  app.kubernetes.io/managed-by: {{ $.Release.Service }}
+  app.kubernetes.io/part-of: {{ $chart_name }}
+spec:
+  project: {{ .project }}
+  source:
+    repoURL: {{ .git.url }}
+    targetRevision: {{ .git.branch }}
+    path: {{ .git.path }}
+    helm:
+      valueFiles:
+{{ toYaml .value_files | indent 6 }}
+  destination:
+    server: {{ .destination.server | default "https://kubernetes.default.svc"}}
+    namespace: {{ .destination.namespace }}
+---
+{{- end }}
--- a/application-of-applications-helm/templates/argocd-cm.yaml
+++ b/application-of-applications-helm/templates/argocd-cm.yaml
@ -0,0 +1,25 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: argocd-cm
+  namespace: {{ .Values.argo_namespace}}
+  labels:
+    app.kubernetes.io/name: {{ include "argo-cd.name" . }}
+    helm.sh/chart: {{ include "argo-cd.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
+data:
+  url: {{ .Values.config.url }}
+{{- if .Values.config.helmRepositories }}
+  helm.repositories: |
+{{ toYaml .Values.config.helmRepositories | indent 4 }}
+{{- end }}
+{{- if .Values.config.repositories }}
+  repositories: |
+{{ toYaml .Values.config.repositories | indent 4 }}
+{{- end }}
+{{- if .Values.config.oidcConfig }}
+  oidc.config: |
+{{ toYaml .Values.config.oidcConfig | indent 4 }}
+{{- end }}
--- a/application-of-applications-helm/templates/argocd-rbac-cm.yaml
+++ b/application-of-applications-helm/templates/argocd-rbac-cm.yaml
@ -0,0 +1,19 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: argocd-rbac-cm
+  namespace: {{ .Values.argo_namespace}}
+  labels:
+    app.kubernetes.io/name: {{ include "argo-cd.name" . }}
+    helm.sh/chart: {{ include "argo-cd.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
+data:
+{{- if .Values.rbac.policyDefault }}
+  policy.default: {{ .Values.rbac.policyDefault }}
+{{- end }}
+{{- if .Values.rbac.policyCsv }}
+  policy.csv:
+{{- toYaml .Values.rbac.policyCsv | indent 4 }}
+{{- end }}
--- a/application-of-applications-helm/templates/project.yaml
+++ b/application-of-applications-helm/templates/project.yaml
@ -0,0 +1,45 @@
+{{- $namespace := .Values.argo_namespace -}}
+{{- $chart_name := include "argo-cd.name" . -}}
+{{- $chart := include "argo-cd.chart" . -}}
+
+{{- range .Values.projects }}
+apiVersion: argoproj.io/v1alpha1
+kind: AppProject
+metadata:
+  name: {{ .name }}
+  namespace: {{ $namespace }}
+labels:
+  app.kubernetes.io/name: {{ $chart_name }}
+  helm.sh/chart: {{ $chart }}
+  app.kubernetes.io/instance: {{ $.Release.Name }}
+  app.kubernetes.io/managed-by: {{ $.Release.Service }}
+  app.kubernetes.io/part-of: {{ $chart_name }}
+spec:
+  description: {{ .description }}
+  sourceRepos:
+  {{ toYaml .sourceRepos | indent 2 -}}
+  destinations:
+  {{- range .destinations }}
+  - namespace: {{ .namespaces }}
+    server: {{.server | default "https://kubernetes.default.svc" }}
+  {{- end }}
+
+  {{-  if .clusterResourceWhitelist  }}
+  clusterResourceWhitelist:
+{{ toYaml .clusterResourceWhitelist| indent 2 }}
+  {{-  end }}
+
+  roles:
+  {{- range .roles }}
+  - name: {{ .name }}
+    description: {{ .description }}
+    policies:
+{{ toYaml .policies| indent 6 }}
+    jwtTokens:
+{{ toYaml .jwtTokens| indent 6 }}
+    groups:
+{{ toYaml .oidcGroups| indent 6 -}}
+  {{-  end }}
+
+---
+{{- end }}
--- a/application-of-applications-helm/values-global.yaml
+++ b/application-of-applications-helm/values-global.yaml
@ -0,0 +1,46 @@
+argo_namespace: argocd
+
+config:
+  helmRepositories:
+    - name: private-helm-repo
+      url: https://private.repo/
+      usernameSecret:
+        name: secret_name
+        key: key_name
+      passwordSecret:
+        name: secret_name
+        key: key_name
+    - name: incubator
+      url: https://kubernetes-charts-incubator.storage.googleapis.com/
+  repositories:
+    - url: repo_url
+      sshPrivateKeySecret: #the chart doesn't install the secert
+        name: secret_name
+        key: key_name
+
+rbac:
+# See https://github.com/argoproj/argo-cd/blob/master/docs/rbac.md on how to write RBAC policies.
+# This will effacte on all argocd instances
+  policyCsv: |
+    g, role_name, role:admin
+  policyDefault: role:readonly
+
+projects:
+    - name: project_name
+      destinations:
+        - namespaces: [namespace]
+          #server: https://kubernetes.default.svc
+      description: description
+      sourceRepos:
+      - 'repo_url'
+      #clusterResourceWhitelist:
+      #- group: '*'
+      #  kind: '*'
+      roles:
+      - name: role_name
+        description: role_description
+        oidcGroups: [' grop_name']
+        policies: |
+
+        jwtTokens:
+        - iat: 123
--- a/application-of-applications-helm/values-production.yaml
+++ b/application-of-applications-helm/values-production.yaml
@ -0,0 +1,19 @@
+config:
+  url: https://argocd_url
+  #idcConfig:
+  #  name: Okta
+  #  clientID:
+  #  clientSecret:
+  #  issuer:
+
+applications:
+  - name: app_name
+    project: project
+    destination:
+      namespace: namespace
+    git:
+      url: url
+      branch: branch
+      path: path #path to the value file
+    value_files:
+    - values-production.yaml
--- a/application-of-applications-helm/values-staging.yaml
+++ b/application-of-applications-helm/values-staging.yaml
@ -0,0 +1,19 @@
+config:
+  url: https://argocd_url
+  #idcConfig:
+  #  name: Okta
+  #  clientID:
+  #  clientSecret:
+  #  issuer:
+
+applications:
+  - name: app_name
+    project: project
+    destination:
+      namespace: namespace
+    git:
+      url: url
+      branch: branch
+      path: path #path to the value file
+    value_files:
+    - values-staging.yaml