From 214871020c5b5caee32418eeb7711d5353e776a3 Mon Sep 17 00:00:00 2001 From: Arthur Date: Fri, 16 Feb 2024 16:10:23 -0500 Subject: [PATCH 1/2] feat: ArgoCD Notifications --- kubernetes/argocd/applications/argocd.yaml | 4 + kubernetes/argocd/applications/bitwarden.yaml | 4 + .../applications/certificate-manager.yaml | 4 + .../argocd/applications/cockroachdb.yaml | 4 + .../container-security-operator.yaml | 4 + .../applications/dragonfly-operator.yaml | 4 + .../applications/eclipse-che-operator.yaml | 4 + .../external-secrets-operator.yaml | 4 + kubernetes/argocd/applications/gitea.yaml | 4 + kubernetes/argocd/applications/grafana.yaml | 4 + kubernetes/argocd/applications/heimdall.yaml | 4 + .../argocd/applications/homeassistant.yaml | 4 + kubernetes/argocd/applications/homelab.yaml | 4 + .../argocd/applications/imagepuller.yaml | 4 + kubernetes/argocd/applications/influxdb.yaml | 4 + .../argocd/applications/k3s/heimdall.yaml | 4 + .../k3s/kubernetes-dashboard.yaml | 4 + .../argocd/applications/k3s/longhorn.yaml | 4 + .../applications/k3s/stackrox-secure.yaml | 4 + .../argocd/applications/k3s/traefik.yaml | 4 + kubernetes/argocd/applications/k3s/vault.yaml | 4 + .../argocd/applications/keep-alive.yaml | 4 + kubernetes/argocd/applications/knative.yaml | 4 + .../argocd/applications/kube-eagle.yaml | 4 + kubernetes/argocd/applications/kube-vip.yaml | 4 + kubernetes/argocd/applications/kyverno.yaml | 4 + kubernetes/argocd/applications/loki.yaml | 4 + .../argocd/applications/longhorn-system.yaml | 4 + .../argocd/applications/mariadb-galera.yaml | 4 + .../argocd/applications/minio-operator.yaml | 4 + .../argocd/applications/mongodb-operator.yaml | 4 + .../applications/network-observability.yaml | 4 + kubernetes/argocd/applications/nextcloud.yaml | 4 + .../applications/okd-configuration.yaml | 4 + .../applications/openshift-monitoring.yaml | 4 + .../argocd/applications/photoprism.yaml | 4 + .../argocd/applications/phpmyadmin.yaml | 4 + kubernetes/argocd/applications/postgres.yaml | 4 + .../argocd/applications/prometheus.yaml | 4 + kubernetes/argocd/applications/quay.yaml | 4 + .../argocd/applications/stackrox-central.yaml | 4 + .../argocd/applications/stackrox-secure.yaml | 4 + kubernetes/argocd/applications/tekton.yaml | 4 + kubernetes/argocd/applications/traefik.yaml | 4 + .../unifi-network-application.yaml | 4 + .../argocd/applications/uptime-kuma.yaml | 4 + kubernetes/argocd/applications/vault.yaml | 4 + .../argocd/applications/version-checker.yaml | 4 + kubernetes/argocd/applications/zitadel.yaml | 4 + kubernetes/argocd/base/argocd.yaml | 10 ++ kubernetes/argocd/base/kustomization.yaml | 2 + .../argocd/base/notifications/configmap.yaml | 137 ++++++++++++++++++ .../argocd/base/notifications/secret.yaml | 18 +++ .../tekton/overlays/operator/github-app.yaml | 2 + 54 files changed, 365 insertions(+) create mode 100644 kubernetes/argocd/base/notifications/configmap.yaml create mode 100644 kubernetes/argocd/base/notifications/secret.yaml diff --git a/kubernetes/argocd/applications/argocd.yaml b/kubernetes/argocd/applications/argocd.yaml index 97a4fe79a..6ae0c5275 100644 --- a/kubernetes/argocd/applications/argocd.yaml +++ b/kubernetes/argocd/applications/argocd.yaml @@ -6,6 +6,10 @@ metadata: annotations: argocd.argoproj.io/sync-wave: "1" argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + notifications.argoproj.io/subscribe.on-sync-succeeded.github: "" + notifications.argoproj.io/subscribe.on-sync-failed.github: "" + notifications.argoproj.io/subscribe.on-sync-status-unknown: "" + notifications.argoproj.io/subscribe.on-health-degraded.github: "" labels: app.kubernetes.io/instance: argocd spec: diff --git a/kubernetes/argocd/applications/bitwarden.yaml b/kubernetes/argocd/applications/bitwarden.yaml index 32f5318dd..e7efb5d2a 100644 --- a/kubernetes/argocd/applications/bitwarden.yaml +++ b/kubernetes/argocd/applications/bitwarden.yaml @@ -6,6 +6,10 @@ metadata: annotations: argocd.argoproj.io/sync-wave: "1" argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + notifications.argoproj.io/subscribe.on-sync-succeeded.github: "" + notifications.argoproj.io/subscribe.on-sync-failed.github: "" + notifications.argoproj.io/subscribe.on-sync-status-unknown: "" + notifications.argoproj.io/subscribe.on-health-degraded.github: "" labels: app.kubernetes.io/instance: argocd spec: diff --git a/kubernetes/argocd/applications/certificate-manager.yaml b/kubernetes/argocd/applications/certificate-manager.yaml index 89671815d..db422ea00 100644 --- a/kubernetes/argocd/applications/certificate-manager.yaml +++ b/kubernetes/argocd/applications/certificate-manager.yaml @@ -6,6 +6,10 @@ metadata: annotations: argocd.argoproj.io/sync-wave: "1" argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + notifications.argoproj.io/subscribe.on-sync-succeeded.github: "" + notifications.argoproj.io/subscribe.on-sync-failed.github: "" + notifications.argoproj.io/subscribe.on-sync-status-unknown: "" + notifications.argoproj.io/subscribe.on-health-degraded.github: "" labels: app.kubernetes.io/instance: argocd spec: diff --git a/kubernetes/argocd/applications/cockroachdb.yaml b/kubernetes/argocd/applications/cockroachdb.yaml index f532ccb68..c110a6cf9 100644 --- a/kubernetes/argocd/applications/cockroachdb.yaml +++ b/kubernetes/argocd/applications/cockroachdb.yaml @@ -6,6 +6,10 @@ metadata: annotations: argocd.argoproj.io/sync-wave: "1" argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + notifications.argoproj.io/subscribe.on-sync-succeeded.github: "" + notifications.argoproj.io/subscribe.on-sync-failed.github: "" + notifications.argoproj.io/subscribe.on-sync-status-unknown: "" + notifications.argoproj.io/subscribe.on-health-degraded.github: "" labels: app.kubernetes.io/instance: argocd spec: diff --git a/kubernetes/argocd/applications/container-security-operator.yaml b/kubernetes/argocd/applications/container-security-operator.yaml index 920d7335e..b9080acab 100644 --- a/kubernetes/argocd/applications/container-security-operator.yaml +++ b/kubernetes/argocd/applications/container-security-operator.yaml @@ -6,6 +6,10 @@ metadata: annotations: argocd.argoproj.io/sync-wave: "1" argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + notifications.argoproj.io/subscribe.on-sync-succeeded.github: "" + notifications.argoproj.io/subscribe.on-sync-failed.github: "" + notifications.argoproj.io/subscribe.on-sync-status-unknown: "" + notifications.argoproj.io/subscribe.on-health-degraded.github: "" labels: app.kubernetes.io/instance: argocd spec: diff --git a/kubernetes/argocd/applications/dragonfly-operator.yaml b/kubernetes/argocd/applications/dragonfly-operator.yaml index 2edf4b270..639690993 100644 --- a/kubernetes/argocd/applications/dragonfly-operator.yaml +++ b/kubernetes/argocd/applications/dragonfly-operator.yaml @@ -6,6 +6,10 @@ metadata: annotations: argocd.argoproj.io/sync-wave: "1" argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + notifications.argoproj.io/subscribe.on-sync-succeeded.github: "" + notifications.argoproj.io/subscribe.on-sync-failed.github: "" + notifications.argoproj.io/subscribe.on-sync-status-unknown: "" + notifications.argoproj.io/subscribe.on-health-degraded.github: "" labels: app.kubernetes.io/instance: argocd spec: diff --git a/kubernetes/argocd/applications/eclipse-che-operator.yaml b/kubernetes/argocd/applications/eclipse-che-operator.yaml index c67acfb12..6f2f3e49a 100644 --- a/kubernetes/argocd/applications/eclipse-che-operator.yaml +++ b/kubernetes/argocd/applications/eclipse-che-operator.yaml @@ -6,6 +6,10 @@ metadata: annotations: argocd.argoproj.io/sync-wave: "1" argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + notifications.argoproj.io/subscribe.on-sync-succeeded.github: "" + notifications.argoproj.io/subscribe.on-sync-failed.github: "" + notifications.argoproj.io/subscribe.on-sync-status-unknown: "" + notifications.argoproj.io/subscribe.on-health-degraded.github: "" labels: app.kubernetes.io/instance: argocd spec: diff --git a/kubernetes/argocd/applications/external-secrets-operator.yaml b/kubernetes/argocd/applications/external-secrets-operator.yaml index ed2bd15e8..8ddc8467a 100644 --- a/kubernetes/argocd/applications/external-secrets-operator.yaml +++ b/kubernetes/argocd/applications/external-secrets-operator.yaml @@ -6,6 +6,10 @@ metadata: annotations: argocd.argoproj.io/sync-wave: "1" argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + notifications.argoproj.io/subscribe.on-sync-succeeded.github: "" + notifications.argoproj.io/subscribe.on-sync-failed.github: "" + notifications.argoproj.io/subscribe.on-sync-status-unknown: "" + notifications.argoproj.io/subscribe.on-health-degraded.github: "" labels: app.kubernetes.io/instance: argocd spec: diff --git a/kubernetes/argocd/applications/gitea.yaml b/kubernetes/argocd/applications/gitea.yaml index 1a084e7a5..33d77fff3 100644 --- a/kubernetes/argocd/applications/gitea.yaml +++ b/kubernetes/argocd/applications/gitea.yaml @@ -6,6 +6,10 @@ metadata: annotations: argocd.argoproj.io/sync-wave: "1" argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + notifications.argoproj.io/subscribe.on-sync-succeeded.github: "" + notifications.argoproj.io/subscribe.on-sync-failed.github: "" + notifications.argoproj.io/subscribe.on-sync-status-unknown: "" + notifications.argoproj.io/subscribe.on-health-degraded.github: "" labels: app.kubernetes.io/instance: argocd spec: diff --git a/kubernetes/argocd/applications/grafana.yaml b/kubernetes/argocd/applications/grafana.yaml index 5dfa6a552..260277a80 100644 --- a/kubernetes/argocd/applications/grafana.yaml +++ b/kubernetes/argocd/applications/grafana.yaml @@ -6,6 +6,10 @@ metadata: annotations: argocd.argoproj.io/sync-wave: "1" argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + notifications.argoproj.io/subscribe.on-sync-succeeded.github: "" + notifications.argoproj.io/subscribe.on-sync-failed.github: "" + notifications.argoproj.io/subscribe.on-sync-status-unknown: "" + notifications.argoproj.io/subscribe.on-health-degraded.github: "" labels: app.kubernetes.io/instance: argocd spec: diff --git a/kubernetes/argocd/applications/heimdall.yaml b/kubernetes/argocd/applications/heimdall.yaml index 025b9a794..25a53cf45 100644 --- a/kubernetes/argocd/applications/heimdall.yaml +++ b/kubernetes/argocd/applications/heimdall.yaml @@ -6,6 +6,10 @@ metadata: annotations: argocd.argoproj.io/sync-wave: "1" argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + notifications.argoproj.io/subscribe.on-sync-succeeded.github: "" + notifications.argoproj.io/subscribe.on-sync-failed.github: "" + notifications.argoproj.io/subscribe.on-sync-status-unknown: "" + notifications.argoproj.io/subscribe.on-health-degraded.github: "" labels: app.kubernetes.io/instance: argocd spec: diff --git a/kubernetes/argocd/applications/homeassistant.yaml b/kubernetes/argocd/applications/homeassistant.yaml index beb3a8081..481f922dd 100644 --- a/kubernetes/argocd/applications/homeassistant.yaml +++ b/kubernetes/argocd/applications/homeassistant.yaml @@ -6,6 +6,10 @@ metadata: annotations: argocd.argoproj.io/sync-wave: "1" argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + notifications.argoproj.io/subscribe.on-sync-succeeded.github: "" + notifications.argoproj.io/subscribe.on-sync-failed.github: "" + notifications.argoproj.io/subscribe.on-sync-status-unknown: "" + notifications.argoproj.io/subscribe.on-health-degraded.github: "" labels: app.kubernetes.io/instance: argocd spec: diff --git a/kubernetes/argocd/applications/homelab.yaml b/kubernetes/argocd/applications/homelab.yaml index f7fa7f64b..479e87ca4 100644 --- a/kubernetes/argocd/applications/homelab.yaml +++ b/kubernetes/argocd/applications/homelab.yaml @@ -6,6 +6,10 @@ metadata: annotations: argocd.argoproj.io/sync-wave: "1" argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + notifications.argoproj.io/subscribe.on-sync-succeeded.github: "" + notifications.argoproj.io/subscribe.on-sync-failed.github: "" + notifications.argoproj.io/subscribe.on-sync-status-unknown: "" + notifications.argoproj.io/subscribe.on-health-degraded.github: "" labels: app.kubernetes.io/instance: argocd spec: diff --git a/kubernetes/argocd/applications/imagepuller.yaml b/kubernetes/argocd/applications/imagepuller.yaml index 2fa8f4ece..451be320f 100644 --- a/kubernetes/argocd/applications/imagepuller.yaml +++ b/kubernetes/argocd/applications/imagepuller.yaml @@ -6,6 +6,10 @@ metadata: annotations: argocd.argoproj.io/sync-wave: "1" argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + notifications.argoproj.io/subscribe.on-sync-succeeded.github: "" + notifications.argoproj.io/subscribe.on-sync-failed.github: "" + notifications.argoproj.io/subscribe.on-sync-status-unknown: "" + notifications.argoproj.io/subscribe.on-health-degraded.github: "" labels: app.kubernetes.io/instance: argocd spec: diff --git a/kubernetes/argocd/applications/influxdb.yaml b/kubernetes/argocd/applications/influxdb.yaml index d73eb6b6a..fe72778f4 100644 --- a/kubernetes/argocd/applications/influxdb.yaml +++ b/kubernetes/argocd/applications/influxdb.yaml @@ -6,6 +6,10 @@ metadata: annotations: argocd.argoproj.io/sync-wave: "1" argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + notifications.argoproj.io/subscribe.on-sync-succeeded.github: "" + notifications.argoproj.io/subscribe.on-sync-failed.github: "" + notifications.argoproj.io/subscribe.on-sync-status-unknown: "" + notifications.argoproj.io/subscribe.on-health-degraded.github: "" labels: app.kubernetes.io/instance: argocd spec: diff --git a/kubernetes/argocd/applications/k3s/heimdall.yaml b/kubernetes/argocd/applications/k3s/heimdall.yaml index a918b6b47..864cc894a 100644 --- a/kubernetes/argocd/applications/k3s/heimdall.yaml +++ b/kubernetes/argocd/applications/k3s/heimdall.yaml @@ -6,6 +6,10 @@ metadata: annotations: argocd.argoproj.io/sync-wave: "1" argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + notifications.argoproj.io/subscribe.on-sync-succeeded.github: "" + notifications.argoproj.io/subscribe.on-sync-failed.github: "" + notifications.argoproj.io/subscribe.on-sync-status-unknown: "" + notifications.argoproj.io/subscribe.on-health-degraded.github: "" labels: app.kubernetes.io/instance: argocd spec: diff --git a/kubernetes/argocd/applications/k3s/kubernetes-dashboard.yaml b/kubernetes/argocd/applications/k3s/kubernetes-dashboard.yaml index 4bb1bc306..7e2b1b640 100644 --- a/kubernetes/argocd/applications/k3s/kubernetes-dashboard.yaml +++ b/kubernetes/argocd/applications/k3s/kubernetes-dashboard.yaml @@ -6,6 +6,10 @@ metadata: annotations: argocd.argoproj.io/sync-wave: "1" argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + notifications.argoproj.io/subscribe.on-sync-succeeded.github: "" + notifications.argoproj.io/subscribe.on-sync-failed.github: "" + notifications.argoproj.io/subscribe.on-sync-status-unknown: "" + notifications.argoproj.io/subscribe.on-health-degraded.github: "" labels: app.kubernetes.io/instance: argocd spec: diff --git a/kubernetes/argocd/applications/k3s/longhorn.yaml b/kubernetes/argocd/applications/k3s/longhorn.yaml index 7213435bf..187121cbd 100644 --- a/kubernetes/argocd/applications/k3s/longhorn.yaml +++ b/kubernetes/argocd/applications/k3s/longhorn.yaml @@ -6,6 +6,10 @@ metadata: annotations: argocd.argoproj.io/sync-wave: "1" argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + notifications.argoproj.io/subscribe.on-sync-succeeded.github: "" + notifications.argoproj.io/subscribe.on-sync-failed.github: "" + notifications.argoproj.io/subscribe.on-sync-status-unknown: "" + notifications.argoproj.io/subscribe.on-health-degraded.github: "" labels: app.kubernetes.io/instance: argocd spec: diff --git a/kubernetes/argocd/applications/k3s/stackrox-secure.yaml b/kubernetes/argocd/applications/k3s/stackrox-secure.yaml index d7af3ad09..b8400786f 100644 --- a/kubernetes/argocd/applications/k3s/stackrox-secure.yaml +++ b/kubernetes/argocd/applications/k3s/stackrox-secure.yaml @@ -6,6 +6,10 @@ metadata: annotations: argocd.argoproj.io/sync-wave: "1" argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + notifications.argoproj.io/subscribe.on-sync-succeeded.github: "" + notifications.argoproj.io/subscribe.on-sync-failed.github: "" + notifications.argoproj.io/subscribe.on-sync-status-unknown: "" + notifications.argoproj.io/subscribe.on-health-degraded.github: "" labels: app.kubernetes.io/instance: argocd spec: diff --git a/kubernetes/argocd/applications/k3s/traefik.yaml b/kubernetes/argocd/applications/k3s/traefik.yaml index d3a1c1589..83771afe5 100644 --- a/kubernetes/argocd/applications/k3s/traefik.yaml +++ b/kubernetes/argocd/applications/k3s/traefik.yaml @@ -6,6 +6,10 @@ metadata: annotations: argocd.argoproj.io/sync-wave: "1" argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + notifications.argoproj.io/subscribe.on-sync-succeeded.github: "" + notifications.argoproj.io/subscribe.on-sync-failed.github: "" + notifications.argoproj.io/subscribe.on-sync-status-unknown: "" + notifications.argoproj.io/subscribe.on-health-degraded.github: "" labels: app.kubernetes.io/instance: argocd spec: diff --git a/kubernetes/argocd/applications/k3s/vault.yaml b/kubernetes/argocd/applications/k3s/vault.yaml index a1bd481dc..9a1f75c33 100644 --- a/kubernetes/argocd/applications/k3s/vault.yaml +++ b/kubernetes/argocd/applications/k3s/vault.yaml @@ -6,6 +6,10 @@ metadata: annotations: argocd.argoproj.io/sync-wave: "1" argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + notifications.argoproj.io/subscribe.on-sync-succeeded.github: "" + notifications.argoproj.io/subscribe.on-sync-failed.github: "" + notifications.argoproj.io/subscribe.on-sync-status-unknown: "" + notifications.argoproj.io/subscribe.on-health-degraded.github: "" labels: app.kubernetes.io/instance: argocd spec: diff --git a/kubernetes/argocd/applications/keep-alive.yaml b/kubernetes/argocd/applications/keep-alive.yaml index d2155305b..e7206128d 100644 --- a/kubernetes/argocd/applications/keep-alive.yaml +++ b/kubernetes/argocd/applications/keep-alive.yaml @@ -6,6 +6,10 @@ metadata: annotations: argocd.argoproj.io/sync-wave: "1" argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + notifications.argoproj.io/subscribe.on-sync-succeeded.github: "" + notifications.argoproj.io/subscribe.on-sync-failed.github: "" + notifications.argoproj.io/subscribe.on-sync-status-unknown: "" + notifications.argoproj.io/subscribe.on-health-degraded.github: "" labels: app.kubernetes.io/instance: argocd spec: diff --git a/kubernetes/argocd/applications/knative.yaml b/kubernetes/argocd/applications/knative.yaml index 42244e230..4e8cd85da 100644 --- a/kubernetes/argocd/applications/knative.yaml +++ b/kubernetes/argocd/applications/knative.yaml @@ -6,6 +6,10 @@ metadata: annotations: argocd.argoproj.io/sync-wave: "1" argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + notifications.argoproj.io/subscribe.on-sync-succeeded.github: "" + notifications.argoproj.io/subscribe.on-sync-failed.github: "" + notifications.argoproj.io/subscribe.on-sync-status-unknown: "" + notifications.argoproj.io/subscribe.on-health-degraded.github: "" labels: app.kubernetes.io/instance: argocd spec: diff --git a/kubernetes/argocd/applications/kube-eagle.yaml b/kubernetes/argocd/applications/kube-eagle.yaml index d8a4d199f..79cbafe7f 100644 --- a/kubernetes/argocd/applications/kube-eagle.yaml +++ b/kubernetes/argocd/applications/kube-eagle.yaml @@ -6,6 +6,10 @@ metadata: annotations: argocd.argoproj.io/sync-wave: "1" argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + notifications.argoproj.io/subscribe.on-sync-succeeded.github: "" + notifications.argoproj.io/subscribe.on-sync-failed.github: "" + notifications.argoproj.io/subscribe.on-sync-status-unknown: "" + notifications.argoproj.io/subscribe.on-health-degraded.github: "" labels: app.kubernetes.io/instance: argocd spec: diff --git a/kubernetes/argocd/applications/kube-vip.yaml b/kubernetes/argocd/applications/kube-vip.yaml index 944838024..b4f8c7f00 100644 --- a/kubernetes/argocd/applications/kube-vip.yaml +++ b/kubernetes/argocd/applications/kube-vip.yaml @@ -6,6 +6,10 @@ metadata: annotations: argocd.argoproj.io/sync-wave: "1" argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + notifications.argoproj.io/subscribe.on-sync-succeeded.github: "" + notifications.argoproj.io/subscribe.on-sync-failed.github: "" + notifications.argoproj.io/subscribe.on-sync-status-unknown: "" + notifications.argoproj.io/subscribe.on-health-degraded.github: "" labels: app.kubernetes.io/instance: argocd spec: diff --git a/kubernetes/argocd/applications/kyverno.yaml b/kubernetes/argocd/applications/kyverno.yaml index a56302e83..210753cac 100644 --- a/kubernetes/argocd/applications/kyverno.yaml +++ b/kubernetes/argocd/applications/kyverno.yaml @@ -6,6 +6,10 @@ metadata: annotations: argocd.argoproj.io/sync-wave: "1" argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + notifications.argoproj.io/subscribe.on-sync-succeeded.github: "" + notifications.argoproj.io/subscribe.on-sync-failed.github: "" + notifications.argoproj.io/subscribe.on-sync-status-unknown: "" + notifications.argoproj.io/subscribe.on-health-degraded.github: "" labels: app.kubernetes.io/instance: argocd spec: diff --git a/kubernetes/argocd/applications/loki.yaml b/kubernetes/argocd/applications/loki.yaml index dc2c41a2e..ddef5e98a 100644 --- a/kubernetes/argocd/applications/loki.yaml +++ b/kubernetes/argocd/applications/loki.yaml @@ -6,6 +6,10 @@ metadata: annotations: argocd.argoproj.io/sync-wave: "1" argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + notifications.argoproj.io/subscribe.on-sync-succeeded.github: "" + notifications.argoproj.io/subscribe.on-sync-failed.github: "" + notifications.argoproj.io/subscribe.on-sync-status-unknown: "" + notifications.argoproj.io/subscribe.on-health-degraded.github: "" labels: app.kubernetes.io/instance: argocd spec: diff --git a/kubernetes/argocd/applications/longhorn-system.yaml b/kubernetes/argocd/applications/longhorn-system.yaml index c9e81e466..0efabe94b 100644 --- a/kubernetes/argocd/applications/longhorn-system.yaml +++ b/kubernetes/argocd/applications/longhorn-system.yaml @@ -6,6 +6,10 @@ metadata: annotations: argocd.argoproj.io/sync-wave: "1" argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + notifications.argoproj.io/subscribe.on-sync-succeeded.github: "" + notifications.argoproj.io/subscribe.on-sync-failed.github: "" + notifications.argoproj.io/subscribe.on-sync-status-unknown: "" + notifications.argoproj.io/subscribe.on-health-degraded.github: "" labels: app.kubernetes.io/instance: argocd spec: diff --git a/kubernetes/argocd/applications/mariadb-galera.yaml b/kubernetes/argocd/applications/mariadb-galera.yaml index f126ed494..506d66c66 100644 --- a/kubernetes/argocd/applications/mariadb-galera.yaml +++ b/kubernetes/argocd/applications/mariadb-galera.yaml @@ -6,6 +6,10 @@ metadata: annotations: argocd.argoproj.io/sync-wave: "1" argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + notifications.argoproj.io/subscribe.on-sync-succeeded.github: "" + notifications.argoproj.io/subscribe.on-sync-failed.github: "" + notifications.argoproj.io/subscribe.on-sync-status-unknown: "" + notifications.argoproj.io/subscribe.on-health-degraded.github: "" labels: app.kubernetes.io/instance: argocd spec: diff --git a/kubernetes/argocd/applications/minio-operator.yaml b/kubernetes/argocd/applications/minio-operator.yaml index c1083a559..cc16284f7 100644 --- a/kubernetes/argocd/applications/minio-operator.yaml +++ b/kubernetes/argocd/applications/minio-operator.yaml @@ -6,6 +6,10 @@ metadata: annotations: argocd.argoproj.io/sync-wave: "1" argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + notifications.argoproj.io/subscribe.on-sync-succeeded.github: "" + notifications.argoproj.io/subscribe.on-sync-failed.github: "" + notifications.argoproj.io/subscribe.on-sync-status-unknown: "" + notifications.argoproj.io/subscribe.on-health-degraded.github: "" labels: app.kubernetes.io/instance: argocd spec: diff --git a/kubernetes/argocd/applications/mongodb-operator.yaml b/kubernetes/argocd/applications/mongodb-operator.yaml index ce62cab8b..45eee75b6 100644 --- a/kubernetes/argocd/applications/mongodb-operator.yaml +++ b/kubernetes/argocd/applications/mongodb-operator.yaml @@ -6,6 +6,10 @@ metadata: annotations: argocd.argoproj.io/sync-wave: "1" argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + notifications.argoproj.io/subscribe.on-sync-succeeded.github: "" + notifications.argoproj.io/subscribe.on-sync-failed.github: "" + notifications.argoproj.io/subscribe.on-sync-status-unknown: "" + notifications.argoproj.io/subscribe.on-health-degraded.github: "" labels: app.kubernetes.io/instance: argocd spec: diff --git a/kubernetes/argocd/applications/network-observability.yaml b/kubernetes/argocd/applications/network-observability.yaml index 340ebc2bf..b803813ea 100644 --- a/kubernetes/argocd/applications/network-observability.yaml +++ b/kubernetes/argocd/applications/network-observability.yaml @@ -6,6 +6,10 @@ metadata: annotations: argocd.argoproj.io/sync-wave: "1" argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + notifications.argoproj.io/subscribe.on-sync-succeeded.github: "" + notifications.argoproj.io/subscribe.on-sync-failed.github: "" + notifications.argoproj.io/subscribe.on-sync-status-unknown: "" + notifications.argoproj.io/subscribe.on-health-degraded.github: "" labels: app.kubernetes.io/instance: argocd spec: diff --git a/kubernetes/argocd/applications/nextcloud.yaml b/kubernetes/argocd/applications/nextcloud.yaml index 54d14bae8..4a0b2264f 100644 --- a/kubernetes/argocd/applications/nextcloud.yaml +++ b/kubernetes/argocd/applications/nextcloud.yaml @@ -6,6 +6,10 @@ metadata: annotations: argocd.argoproj.io/sync-wave: "1" argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + notifications.argoproj.io/subscribe.on-sync-succeeded.github: "" + notifications.argoproj.io/subscribe.on-sync-failed.github: "" + notifications.argoproj.io/subscribe.on-sync-status-unknown: "" + notifications.argoproj.io/subscribe.on-health-degraded.github: "" labels: app.kubernetes.io/instance: argocd spec: diff --git a/kubernetes/argocd/applications/okd-configuration.yaml b/kubernetes/argocd/applications/okd-configuration.yaml index b2470cf4e..5494b2fb4 100644 --- a/kubernetes/argocd/applications/okd-configuration.yaml +++ b/kubernetes/argocd/applications/okd-configuration.yaml @@ -6,6 +6,10 @@ metadata: annotations: argocd.argoproj.io/sync-wave: "1" argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + notifications.argoproj.io/subscribe.on-sync-succeeded.github: "" + notifications.argoproj.io/subscribe.on-sync-failed.github: "" + notifications.argoproj.io/subscribe.on-sync-status-unknown: "" + notifications.argoproj.io/subscribe.on-health-degraded.github: "" labels: app.kubernetes.io/instance: argocd spec: diff --git a/kubernetes/argocd/applications/openshift-monitoring.yaml b/kubernetes/argocd/applications/openshift-monitoring.yaml index 98b6fcc9c..993a1ef6e 100644 --- a/kubernetes/argocd/applications/openshift-monitoring.yaml +++ b/kubernetes/argocd/applications/openshift-monitoring.yaml @@ -6,6 +6,10 @@ metadata: annotations: argocd.argoproj.io/sync-wave: "1" argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + notifications.argoproj.io/subscribe.on-sync-succeeded.github: "" + notifications.argoproj.io/subscribe.on-sync-failed.github: "" + notifications.argoproj.io/subscribe.on-sync-status-unknown: "" + notifications.argoproj.io/subscribe.on-health-degraded.github: "" labels: app.kubernetes.io/instance: argocd spec: diff --git a/kubernetes/argocd/applications/photoprism.yaml b/kubernetes/argocd/applications/photoprism.yaml index b93747899..2cec1b7d4 100644 --- a/kubernetes/argocd/applications/photoprism.yaml +++ b/kubernetes/argocd/applications/photoprism.yaml @@ -6,6 +6,10 @@ metadata: annotations: argocd.argoproj.io/sync-wave: "1" argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + notifications.argoproj.io/subscribe.on-sync-succeeded.github: "" + notifications.argoproj.io/subscribe.on-sync-failed.github: "" + notifications.argoproj.io/subscribe.on-sync-status-unknown: "" + notifications.argoproj.io/subscribe.on-health-degraded.github: "" labels: app.kubernetes.io/instance: argocd spec: diff --git a/kubernetes/argocd/applications/phpmyadmin.yaml b/kubernetes/argocd/applications/phpmyadmin.yaml index 11284ab2d..1e15ceb9e 100644 --- a/kubernetes/argocd/applications/phpmyadmin.yaml +++ b/kubernetes/argocd/applications/phpmyadmin.yaml @@ -6,6 +6,10 @@ metadata: annotations: argocd.argoproj.io/sync-wave: "1" argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + notifications.argoproj.io/subscribe.on-sync-succeeded.github: "" + notifications.argoproj.io/subscribe.on-sync-failed.github: "" + notifications.argoproj.io/subscribe.on-sync-status-unknown: "" + notifications.argoproj.io/subscribe.on-health-degraded.github: "" labels: app.kubernetes.io/instance: argocd spec: diff --git a/kubernetes/argocd/applications/postgres.yaml b/kubernetes/argocd/applications/postgres.yaml index a02eb6212..74715b70e 100644 --- a/kubernetes/argocd/applications/postgres.yaml +++ b/kubernetes/argocd/applications/postgres.yaml @@ -6,6 +6,10 @@ metadata: annotations: argocd.argoproj.io/sync-wave: "1" argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + notifications.argoproj.io/subscribe.on-sync-succeeded.github: "" + notifications.argoproj.io/subscribe.on-sync-failed.github: "" + notifications.argoproj.io/subscribe.on-sync-status-unknown: "" + notifications.argoproj.io/subscribe.on-health-degraded.github: "" labels: app.kubernetes.io/instance: argocd spec: diff --git a/kubernetes/argocd/applications/prometheus.yaml b/kubernetes/argocd/applications/prometheus.yaml index 003003082..23cf5a61f 100644 --- a/kubernetes/argocd/applications/prometheus.yaml +++ b/kubernetes/argocd/applications/prometheus.yaml @@ -6,6 +6,10 @@ metadata: annotations: argocd.argoproj.io/sync-wave: "1" argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + notifications.argoproj.io/subscribe.on-sync-succeeded.github: "" + notifications.argoproj.io/subscribe.on-sync-failed.github: "" + notifications.argoproj.io/subscribe.on-sync-status-unknown: "" + notifications.argoproj.io/subscribe.on-health-degraded.github: "" labels: app.kubernetes.io/instance: argocd spec: diff --git a/kubernetes/argocd/applications/quay.yaml b/kubernetes/argocd/applications/quay.yaml index 88c8970ec..fcf715ff1 100644 --- a/kubernetes/argocd/applications/quay.yaml +++ b/kubernetes/argocd/applications/quay.yaml @@ -6,6 +6,10 @@ metadata: annotations: argocd.argoproj.io/sync-wave: "1" argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + notifications.argoproj.io/subscribe.on-sync-succeeded.github: "" + notifications.argoproj.io/subscribe.on-sync-failed.github: "" + notifications.argoproj.io/subscribe.on-sync-status-unknown: "" + notifications.argoproj.io/subscribe.on-health-degraded.github: "" labels: app.kubernetes.io/instance: argocd spec: diff --git a/kubernetes/argocd/applications/stackrox-central.yaml b/kubernetes/argocd/applications/stackrox-central.yaml index 0a00490b6..e645e978f 100644 --- a/kubernetes/argocd/applications/stackrox-central.yaml +++ b/kubernetes/argocd/applications/stackrox-central.yaml @@ -6,6 +6,10 @@ metadata: annotations: argocd.argoproj.io/sync-wave: "1" argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + notifications.argoproj.io/subscribe.on-sync-succeeded.github: "" + notifications.argoproj.io/subscribe.on-sync-failed.github: "" + notifications.argoproj.io/subscribe.on-sync-status-unknown: "" + notifications.argoproj.io/subscribe.on-health-degraded.github: "" labels: app.kubernetes.io/instance: argocd spec: diff --git a/kubernetes/argocd/applications/stackrox-secure.yaml b/kubernetes/argocd/applications/stackrox-secure.yaml index b64fabdb6..2a4b7b4ef 100644 --- a/kubernetes/argocd/applications/stackrox-secure.yaml +++ b/kubernetes/argocd/applications/stackrox-secure.yaml @@ -6,6 +6,10 @@ metadata: annotations: argocd.argoproj.io/sync-wave: "1" argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + notifications.argoproj.io/subscribe.on-sync-succeeded.github: "" + notifications.argoproj.io/subscribe.on-sync-failed.github: "" + notifications.argoproj.io/subscribe.on-sync-status-unknown: "" + notifications.argoproj.io/subscribe.on-health-degraded.github: "" labels: app.kubernetes.io/instance: argocd spec: diff --git a/kubernetes/argocd/applications/tekton.yaml b/kubernetes/argocd/applications/tekton.yaml index afa1f8e63..f1c77cdd2 100644 --- a/kubernetes/argocd/applications/tekton.yaml +++ b/kubernetes/argocd/applications/tekton.yaml @@ -6,6 +6,10 @@ metadata: annotations: argocd.argoproj.io/sync-wave: "1" argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + notifications.argoproj.io/subscribe.on-sync-succeeded.github: "" + notifications.argoproj.io/subscribe.on-sync-failed.github: "" + notifications.argoproj.io/subscribe.on-sync-status-unknown: "" + notifications.argoproj.io/subscribe.on-health-degraded.github: "" labels: app.kubernetes.io/instance: argocd spec: diff --git a/kubernetes/argocd/applications/traefik.yaml b/kubernetes/argocd/applications/traefik.yaml index fa97c85e4..fb50efa15 100644 --- a/kubernetes/argocd/applications/traefik.yaml +++ b/kubernetes/argocd/applications/traefik.yaml @@ -6,6 +6,10 @@ metadata: annotations: argocd.argoproj.io/sync-wave: "1" argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + notifications.argoproj.io/subscribe.on-sync-succeeded.github: "" + notifications.argoproj.io/subscribe.on-sync-failed.github: "" + notifications.argoproj.io/subscribe.on-sync-status-unknown: "" + notifications.argoproj.io/subscribe.on-health-degraded.github: "" labels: app.kubernetes.io/instance: argocd spec: diff --git a/kubernetes/argocd/applications/unifi-network-application.yaml b/kubernetes/argocd/applications/unifi-network-application.yaml index 2ca7fd619..5acffd949 100644 --- a/kubernetes/argocd/applications/unifi-network-application.yaml +++ b/kubernetes/argocd/applications/unifi-network-application.yaml @@ -6,6 +6,10 @@ metadata: annotations: argocd.argoproj.io/sync-wave: "1" argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + notifications.argoproj.io/subscribe.on-sync-succeeded.github: "" + notifications.argoproj.io/subscribe.on-sync-failed.github: "" + notifications.argoproj.io/subscribe.on-sync-status-unknown: "" + notifications.argoproj.io/subscribe.on-health-degraded.github: "" labels: app.kubernetes.io/instance: argocd spec: diff --git a/kubernetes/argocd/applications/uptime-kuma.yaml b/kubernetes/argocd/applications/uptime-kuma.yaml index d87dd8a04..bd9d81a91 100644 --- a/kubernetes/argocd/applications/uptime-kuma.yaml +++ b/kubernetes/argocd/applications/uptime-kuma.yaml @@ -6,6 +6,10 @@ metadata: annotations: argocd.argoproj.io/sync-wave: "1" argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + notifications.argoproj.io/subscribe.on-sync-succeeded.github: "" + notifications.argoproj.io/subscribe.on-sync-failed.github: "" + notifications.argoproj.io/subscribe.on-sync-status-unknown: "" + notifications.argoproj.io/subscribe.on-health-degraded.github: "" labels: app.kubernetes.io/instance: argocd spec: diff --git a/kubernetes/argocd/applications/vault.yaml b/kubernetes/argocd/applications/vault.yaml index c4d151416..021361218 100644 --- a/kubernetes/argocd/applications/vault.yaml +++ b/kubernetes/argocd/applications/vault.yaml @@ -6,6 +6,10 @@ metadata: annotations: argocd.argoproj.io/sync-wave: "1" argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + notifications.argoproj.io/subscribe.on-sync-succeeded.github: "" + notifications.argoproj.io/subscribe.on-sync-failed.github: "" + notifications.argoproj.io/subscribe.on-sync-status-unknown: "" + notifications.argoproj.io/subscribe.on-health-degraded.github: "" labels: app.kubernetes.io/instance: argocd spec: diff --git a/kubernetes/argocd/applications/version-checker.yaml b/kubernetes/argocd/applications/version-checker.yaml index af85ee2d3..360a7279a 100644 --- a/kubernetes/argocd/applications/version-checker.yaml +++ b/kubernetes/argocd/applications/version-checker.yaml @@ -6,6 +6,10 @@ metadata: annotations: argocd.argoproj.io/sync-wave: "1" argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + notifications.argoproj.io/subscribe.on-sync-succeeded.github: "" + notifications.argoproj.io/subscribe.on-sync-failed.github: "" + notifications.argoproj.io/subscribe.on-sync-status-unknown: "" + notifications.argoproj.io/subscribe.on-health-degraded.github: "" labels: app.kubernetes.io/instance: argocd spec: diff --git a/kubernetes/argocd/applications/zitadel.yaml b/kubernetes/argocd/applications/zitadel.yaml index 367ee8f63..558d2c7dc 100644 --- a/kubernetes/argocd/applications/zitadel.yaml +++ b/kubernetes/argocd/applications/zitadel.yaml @@ -6,6 +6,10 @@ metadata: annotations: argocd.argoproj.io/sync-wave: "1" argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + notifications.argoproj.io/subscribe.on-sync-succeeded.github: "" + notifications.argoproj.io/subscribe.on-sync-failed.github: "" + notifications.argoproj.io/subscribe.on-sync-status-unknown: "" + notifications.argoproj.io/subscribe.on-health-degraded.github: "" labels: app.kubernetes.io/instance: argocd spec: diff --git a/kubernetes/argocd/base/argocd.yaml b/kubernetes/argocd/base/argocd.yaml index e9a89e2c2..0f9bc4f4a 100644 --- a/kubernetes/argocd/base/argocd.yaml +++ b/kubernetes/argocd/base/argocd.yaml @@ -9,6 +9,16 @@ metadata: labels: app.kubernetes.io/instance: argocd spec: + notifications: + enabled: true + replicas: 2 + resources: + limits: + cpu: 20m + memory: 96Mi + requests: + cpu: 10m + memory: 48Mi monitoring: enabled: true server: diff --git a/kubernetes/argocd/base/kustomization.yaml b/kubernetes/argocd/base/kustomization.yaml index f75806aa8..c4f7ddf22 100644 --- a/kubernetes/argocd/base/kustomization.yaml +++ b/kubernetes/argocd/base/kustomization.yaml @@ -13,4 +13,6 @@ resources: - cmp-plugin.yaml - argocd.yaml - installplan-approver.yaml + - notifications/configmap.yaml + - notifications/secret.yaml - k3s-cluster.yaml diff --git a/kubernetes/argocd/base/notifications/configmap.yaml b/kubernetes/argocd/base/notifications/configmap.yaml new file mode 100644 index 000000000..d50a16a77 --- /dev/null +++ b/kubernetes/argocd/base/notifications/configmap.yaml @@ -0,0 +1,137 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: argocd-notifications-cm + namespace: argocd + labels: + app.kubernetes.io/managed-by: argocd + app.kubernetes.io/name: argocd-notifications-cm + app.kubernetes.io/part-of: argocd +data: + context: |- + environmentName: homelab + service.github: |- + appID: + installationID: + privateKey: $github-privateKey + # trigger.on-deleted: |- + # - description: Application is deleted. + # oncePer: app.metadata.name + # send: + # - app-deleted + # when: app.metadata.deletionTimestamp != nil + template.app-sync-status-unknown: |- + message: | + Application {{.app.metadata.name}} is now running new version of deployments manifests. + status: + state: queued + label: "{{ .context.environmentName }}-{{.app.metadata.name}}" + targetURL: "https://{{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true" + github: + repoURLPath: "{{.app.spec.source.repoURL}}" + revisionPath: "{{.app.status.operationState.syncResult.revision}}" + deployment: + state: queued + logURL: "https://{{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true" + environment: "{{ .context.environmentName }}" + description: "{{.app.metadata.name}}" + requiredContexts: [] + autoMerge: false + transientEnvironment: false + # trigger.on-sync-running: |- + # - description: Application is being synced + # send: + # - app-sync-running + # when: app.status.operationState.phase in ['Running'] + # template.app-deployed: |- + # "" + trigger.on-sync-succeeded: |- + - description: Application syncing has succeeded + send: + - app-sync-succeeded + when: app.status.operationState.phase in ['Succeeded'] + trigger.on-health-degraded: |- + - description: Application has degraded + send: + - app-health-degraded + when: app.status.health.status == 'Degraded' + # template.app-created: |- + # "" + trigger.on-sync-status-unknown: |- + - description: Application status is 'Unknown' + send: + - app-sync-status-unknown + when: app.status.sync.status == 'Unknown' + # template.app-sync-running: |- + # "" + template.app-sync-failed: |- + message: | + Application {{.app.metadata.name}} is now running new version of deployments manifests. + github: + repoURLPath: "{{.app.spec.source.repoURL}}" + revisionPath: "{{.app.status.operationState.operation.sync.revision}}" + status: + state: failure + label: "{{ .context.environmentName }}-{{.app.metadata.name}}" + deployment: + state: failure + logURL: "https://{{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true" + environment: "{{ .context.environmentName }}" + description: "{{.app.metadata.name}}" + requiredContexts: [] + autoMerge: false + transientEnvironment: false + template.app-sync-succeeded: |- + message: | + Application {{.app.metadata.name}} is now running new version of deployments manifests. + github: + repoURLPath: "{{.app.spec.source.repoURL}}" + revisionPath: "{{.app.status.operationState.syncResult.revision}}" + status: + state: success + label: "{{ .context.environmentName }}-{{.app.metadata.name}}" + deployment: + state: success + logURL: "https://{{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true" + environment: "{{ .context.environmentName }}" + description: "{{.app.metadata.name}}" + requiredContexts: [] + autoMerge: false + transientEnvironment: false + # trigger.on-created: |- + # - description: Application is created. + # oncePer: app.metadata.name + # send: + # - app-created + # when: "true" + trigger.on-sync-failed: |- + - description: Application syncing has failed + send: + - app-sync-failed + when: app.status.operationState.phase in ['Error', 'Failed'] + # template.app-deleted: |- + # "" + # trigger.on-deployed: |- + # - description: Application is synced and healthy. Triggered once per commit. + # oncePer: app.status.operationState.syncResult.revision + # send: + # - app-deployed + # when: app.status.operationState.phase in ['Succeeded'] and app.status.health.status + # == 'Healthy' + template.app-health-degraded: |- + message: | + Application {{.app.metadata.name}} is now running new version of deployments manifests. + github: + repoURLPath: "{{.app.spec.source.repoURL}}" + revisionPath: "{{.app.status.operationState.syncResult.revision}}" + status: + state: error + label: "{{ .context.environmentName }}-{{.app.metadata.name}}" + deployment: + state: error + logURL: "https://{{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true" + environment: "{{ .context.environmentName }}" + description: "{{.app.metadata.name}}" + requiredContexts: [] + autoMerge: false + transientEnvironment: false diff --git a/kubernetes/argocd/base/notifications/secret.yaml b/kubernetes/argocd/base/notifications/secret.yaml new file mode 100644 index 000000000..31b1c1f4e --- /dev/null +++ b/kubernetes/argocd/base/notifications/secret.yaml @@ -0,0 +1,18 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: argocd-notifications-secret + namespace: argocd +spec: + refreshInterval: "1h" + secretStoreRef: + name: vault + kind: ClusterSecretStore + target: + name: argocd-notifications-secret + #creationPolicy: "Merge" + data: + - secretKey: github-privateKey + remoteRef: + key: homelab/tekton + property: github_pk diff --git a/kubernetes/tekton/overlays/operator/github-app.yaml b/kubernetes/tekton/overlays/operator/github-app.yaml index 98d89e313..a3642798a 100644 --- a/kubernetes/tekton/overlays/operator/github-app.yaml +++ b/kubernetes/tekton/overlays/operator/github-app.yaml @@ -10,3 +10,5 @@ stringData: github-private-key: webhook.secret: type: Opaque +--- + From d34a4b1c21972b0981b160124294767bbfaf8555 Mon Sep 17 00:00:00 2001 From: Arthur Date: Fri, 16 Feb 2024 16:45:05 -0500 Subject: [PATCH 2/2] feat: Fix Secrets --- .vscode/settings.json | 1 + kubernetes/argocd/applications/grafana.yaml | 5 +++ kubernetes/argocd/applications/homelab.yaml | 2 + .../argocd/applications/keep-alive.yaml | 2 + .../argocd/applications/longhorn-system.yaml | 5 +++ .../applications/openshift-monitoring.yaml | 2 + kubernetes/argocd/applications/quay.yaml | 2 + kubernetes/argocd/applications/vault.yaml | 2 + kubernetes/argocd/base/kustomization.yaml | 1 + .../argocd/base/notifications/configmap.yaml | 2 +- .../base/notifications/network-policy.yaml | 23 ++++++++++ kubernetes/eclipse-che/base/github.yaml | 45 ++++++++++++++----- kubernetes/influxdb/base/secret.yaml | 41 +++++++++++++---- .../base/secret.yaml | 35 ++++++++++++--- kubernetes/zitadel/base/secret.yaml | 32 ++++++------- 15 files changed, 157 insertions(+), 43 deletions(-) create mode 100644 kubernetes/argocd/base/notifications/network-policy.yaml diff --git a/.vscode/settings.json b/.vscode/settings.json index 6bac67d9f..24b0d8ef2 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -176,6 +176,7 @@ "errexit", "etab", "eventlisteners", + "externalsecrets", "ezservermonitor", "ezweb", "fdisk", diff --git a/kubernetes/argocd/applications/grafana.yaml b/kubernetes/argocd/applications/grafana.yaml index 260277a80..763aa12c4 100644 --- a/kubernetes/argocd/applications/grafana.yaml +++ b/kubernetes/argocd/applications/grafana.yaml @@ -24,3 +24,8 @@ spec: syncPolicy: syncOptions: - CreateNamespace=true + ignoreDifferences: + - group: "" + kind: "Secret" + managedFieldsManagers: + - externalsecrets.external-secrets.io/database diff --git a/kubernetes/argocd/applications/homelab.yaml b/kubernetes/argocd/applications/homelab.yaml index 479e87ca4..ddaf5f52e 100644 --- a/kubernetes/argocd/applications/homelab.yaml +++ b/kubernetes/argocd/applications/homelab.yaml @@ -21,6 +21,8 @@ spec: path: tekton/overlays/okd repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab targetRevision: HEAD + plugin: + name: argocd-vault-plugin-kustomize syncPolicy: syncOptions: - CreateNamespace=true diff --git a/kubernetes/argocd/applications/keep-alive.yaml b/kubernetes/argocd/applications/keep-alive.yaml index e7206128d..a24d8ba41 100644 --- a/kubernetes/argocd/applications/keep-alive.yaml +++ b/kubernetes/argocd/applications/keep-alive.yaml @@ -21,6 +21,8 @@ spec: path: kubernetes/keep-alive/overlays/okd repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab targetRevision: HEAD + plugin: + name: argocd-vault-plugin-kustomize syncPolicy: syncOptions: - CreateNamespace=true diff --git a/kubernetes/argocd/applications/longhorn-system.yaml b/kubernetes/argocd/applications/longhorn-system.yaml index 0efabe94b..57d157b97 100644 --- a/kubernetes/argocd/applications/longhorn-system.yaml +++ b/kubernetes/argocd/applications/longhorn-system.yaml @@ -24,3 +24,8 @@ spec: syncPolicy: syncOptions: - CreateNamespace=true + ignoreDifferences: + - group: "" + kind: "Secret" + managedFieldsManagers: + - externalsecrets.external-secrets.io/truenas-secret diff --git a/kubernetes/argocd/applications/openshift-monitoring.yaml b/kubernetes/argocd/applications/openshift-monitoring.yaml index 993a1ef6e..b91ec7c75 100644 --- a/kubernetes/argocd/applications/openshift-monitoring.yaml +++ b/kubernetes/argocd/applications/openshift-monitoring.yaml @@ -21,3 +21,5 @@ spec: path: okd/openshift-monitoring/base repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab targetRevision: HEAD + plugin: + name: argocd-vault-plugin-kustomize diff --git a/kubernetes/argocd/applications/quay.yaml b/kubernetes/argocd/applications/quay.yaml index fcf715ff1..2d63834de 100644 --- a/kubernetes/argocd/applications/quay.yaml +++ b/kubernetes/argocd/applications/quay.yaml @@ -21,6 +21,8 @@ spec: path: kubernetes/quay/overlays/okd repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab targetRevision: HEAD + plugin: + name: argocd-vault-plugin-kustomize syncPolicy: syncOptions: - CreateNamespace=true diff --git a/kubernetes/argocd/applications/vault.yaml b/kubernetes/argocd/applications/vault.yaml index 021361218..c0437459a 100644 --- a/kubernetes/argocd/applications/vault.yaml +++ b/kubernetes/argocd/applications/vault.yaml @@ -21,6 +21,8 @@ spec: path: kubernetes/vault/overlays/okd repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab targetRevision: HEAD + plugin: + name: argocd-vault-plugin-kustomize syncPolicy: syncOptions: - CreateNamespace=true diff --git a/kubernetes/argocd/base/kustomization.yaml b/kubernetes/argocd/base/kustomization.yaml index c4f7ddf22..5e76415c5 100644 --- a/kubernetes/argocd/base/kustomization.yaml +++ b/kubernetes/argocd/base/kustomization.yaml @@ -15,4 +15,5 @@ resources: - installplan-approver.yaml - notifications/configmap.yaml - notifications/secret.yaml + - notifications/network-policy.yaml - k3s-cluster.yaml diff --git a/kubernetes/argocd/base/notifications/configmap.yaml b/kubernetes/argocd/base/notifications/configmap.yaml index d50a16a77..66071f89e 100644 --- a/kubernetes/argocd/base/notifications/configmap.yaml +++ b/kubernetes/argocd/base/notifications/configmap.yaml @@ -9,7 +9,7 @@ metadata: app.kubernetes.io/part-of: argocd data: context: |- - environmentName: homelab + environmentName: HomeLab service.github: |- appID: installationID: diff --git a/kubernetes/argocd/base/notifications/network-policy.yaml b/kubernetes/argocd/base/notifications/network-policy.yaml new file mode 100644 index 000000000..7a87f8e59 --- /dev/null +++ b/kubernetes/argocd/base/notifications/network-policy.yaml @@ -0,0 +1,23 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-internet-egress-notifications + namespace: argocd + annotations: + argocd.argoproj.io/sync-wave: "0" + labels: + app.kubernetes.io/instance: argocd +spec: + policyTypes: + - Egress + podSelector: + matchLabels: + app.kubernetes.io/name: argocd-notifications-controller + egress: + - to: + - ipBlock: + cidr: 0.0.0.0/0 + except: + - 10.0.0.0/8 + - 172.16.0.0/12 + - 192.168.0.0/16 diff --git a/kubernetes/eclipse-che/base/github.yaml b/kubernetes/eclipse-che/base/github.yaml index 875da4360..39f971140 100644 --- a/kubernetes/eclipse-che/base/github.yaml +++ b/kubernetes/eclipse-che/base/github.yaml @@ -1,14 +1,37 @@ -kind: Secret -apiVersion: v1 +# kind: Secret +# apiVersion: v1 +# metadata: +# name: github-oauth-config +# namespace: eclipse-che-operator +# labels: +# app.kubernetes.io/part-of: che.eclipse.org +# app.kubernetes.io/component: oauth-scm-configuration +# annotations: +# che.eclipse.org/oauth-scm-server: github +# type: Opaque +# data: +# id: +# secret: +# --- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret metadata: name: github-oauth-config namespace: eclipse-che-operator - labels: - app.kubernetes.io/part-of: che.eclipse.org - app.kubernetes.io/component: oauth-scm-configuration - annotations: - che.eclipse.org/oauth-scm-server: github -type: Opaque -data: - id: - secret: +spec: + refreshInterval: "1h" + secretStoreRef: + name: vault + kind: ClusterSecretStore + target: + name: github-oauth-config + #creationPolicy: "Merge" + data: + - secretKey: id + remoteRef: + key: homelab/che/github + property: id + - secretKey: secret + remoteRef: + key: homelab/che/github + property: secret diff --git a/kubernetes/influxdb/base/secret.yaml b/kubernetes/influxdb/base/secret.yaml index 5ec3edec1..1c1ee9d36 100644 --- a/kubernetes/influxdb/base/secret.yaml +++ b/kubernetes/influxdb/base/secret.yaml @@ -1,12 +1,35 @@ -apiVersion: v1 -kind: Secret +# apiVersion: v1 +# kind: Secret +# metadata: +# name: influxdb-creds +# namespace: influxdb +# labels: +# app: influxdb +# app.kubernetes.io/instance: influxdb +# type: Opaque +# stringData: +# INFLUXDB_ADMIN_USER: +# INFLUXDB_ADMIN_PASSWORD: +# --- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret metadata: name: influxdb-creds namespace: influxdb - labels: - app: influxdb - app.kubernetes.io/instance: influxdb -type: Opaque -stringData: - INFLUXDB_ADMIN_USER: - INFLUXDB_ADMIN_PASSWORD: +spec: + refreshInterval: "1h" + secretStoreRef: + name: vault + kind: ClusterSecretStore + target: + name: influxdb-creds + #creationPolicy: "Merge" + data: + - secretKey: INFLUXDB_ADMIN_USER + remoteRef: + key: homelab/influxdb + property: INFLUXDB_ADMIN_PASSWORD + - secretKey: INFLUXDB_ADMIN_USER + remoteRef: + key: homelab/influxdb + property: INFLUXDB_ADMIN_PASSWORD diff --git a/kubernetes/unifi-network-application/base/secret.yaml b/kubernetes/unifi-network-application/base/secret.yaml index 643ea0333..71abb941e 100644 --- a/kubernetes/unifi-network-application/base/secret.yaml +++ b/kubernetes/unifi-network-application/base/secret.yaml @@ -1,9 +1,32 @@ -apiVersion: v1 -kind: Secret +# apiVersion: v1 +# kind: Secret +# metadata: +# name: internal-cert +# namespace: unifi-network-application +# data: +# tls.crt: +# tls.key: +# type: Opaque +# --- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret metadata: name: internal-cert namespace: unifi-network-application -data: - tls.crt: - tls.key: -type: Opaque +spec: + refreshInterval: "1h" + secretStoreRef: + name: vault + kind: ClusterSecretStore + target: + name: internal-cert + #creationPolicy: "Merge" + data: + - secretKey: tls.crt + remoteRef: + key: homelab/unifi + property: tls.crt + - secretKey: tls.key + remoteRef: + key: homelab/unifi + property: tls.key diff --git a/kubernetes/zitadel/base/secret.yaml b/kubernetes/zitadel/base/secret.yaml index fe89fedc0..a0a2c714b 100644 --- a/kubernetes/zitadel/base/secret.yaml +++ b/kubernetes/zitadel/base/secret.yaml @@ -1,19 +1,19 @@ -# Source: zitadel/templates/secret_zitadel-masterkey.yaml -apiVersion: v1 -kind: Secret -type: Opaque -metadata: - name: zitadel-masterkey - namespace: zitadel - labels: - helm.sh/chart: zitadel-6.2.0 - app.kubernetes.io/name: zitadel - app.kubernetes.io/instance: zitadel - app.kubernetes.io/version: "v2.43.5" - app.kubernetes.io/managed-by: Helm -stringData: - masterkey: ---- +# # Source: zitadel/templates/secret_zitadel-masterkey.yaml +# apiVersion: v1 +# kind: Secret +# type: Opaque +# metadata: +# name: zitadel-masterkey +# namespace: zitadel +# labels: +# helm.sh/chart: zitadel-6.2.0 +# app.kubernetes.io/name: zitadel +# app.kubernetes.io/instance: zitadel +# app.kubernetes.io/version: "v2.43.5" +# app.kubernetes.io/managed-by: Helm +# stringData: +# masterkey: +# --- apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: