feat: ArgoCD App Instance

kubernetes/argocd/applications/argocd.yaml

@@ -10,7 +10,6 @@ metadata:
     app.kubernetes.io/instance: argocd
 spec:
   destination:
-    namespace: argocd
     server: https://kubernetes.default.svc
   project: default
   source:

kubernetes/argocd/apps/README.md

@@ -0,0 +1,5 @@
+# ArgoCD Applications in Any Namespace
+
+<https://argocd-operator.readthedocs.io/en/latest/usage/apps-in-any-namespace/>
+<https://argocd-operator.readthedocs.io/en/latest/usage/basics/#cluster-scoped-instance>
+<https://argo-cd.readthedocs.io/en/stable/operator-manual/app-any-namespace/>

kubernetes/argocd/apps/app-projects/analytics-for-spotify.yaml

@@ -0,0 +1,17 @@
+apiVersion: argoproj.io/v1alpha1
+kind: AppProject
+metadata:
+  name: analytics-for-spotify
+  namespace: argocd-apps
+spec:
+  destinations:
+    - name: in-cluster
+      namespace: analytics-for-spotify
+      server: "https://kubernetes.default.svc"
+    - name: in-cluster
+      namespace: knative-serving
+      server: "https://kubernetes.default.svc"
+  sourceNamespaces:
+    - analytics-for-spotify
+  sourceRepos:
+    - "*"

kubernetes/argocd/apps/app-projects/smoke-tests.yaml

@@ -0,0 +1,14 @@
+apiVersion: argoproj.io/v1alpha1
+kind: AppProject
+metadata:
+  name: smoke-tests
+  namespace: argocd-apps
+spec:
+  destinations:
+    - name: in-cluster
+      namespace: smoke-tests
+      server: "https://kubernetes.default.svc"
+  sourceNamespaces:
+    - smoke-tests
+  sourceRepos:
+    - "*"

kubernetes/argocd/apps/argocd-apps.yaml

@@ -0,0 +1,125 @@
+apiVersion: argoproj.io/v1beta1
+kind: ArgoCD
+metadata:
+  name: argocd-apps
+  namespace: argocd-apps
+  annotations:
+    argocd.argoproj.io/sync-wave: "1"
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+  labels:
+    app.kubernetes.io/instance: argocd
+spec:
+  sourceNamespaces:
+    - "smoke-tests"
+    - "analytics-for-spotify"
+    - "knative-serving"
+  monitoring:
+    enabled: true
+  server:
+    replicas: 2
+    host: argocd-apps.apps.okd.arthurvardevanyan.com
+    autoscale:
+      enabled: false
+    grpc:
+      ingress:
+        enabled: false
+    ingress:
+      enabled: false
+    resources:
+      limits:
+        cpu: 100m
+        memory: 200Mi
+      requests:
+        cpu: 50m
+        memory: 100Mi
+    insecure: true
+    route:
+      enabled: true
+      tls:
+        termination: edge
+        insecureEdgeTerminationPolicy: Redirect
+    service:
+      type: ""
+  grafana:
+    enabled: false
+  prometheus:
+    enabled: false
+  initialSSHKnownHosts: {}
+  disableAdmin: true
+  usersAnonymousEnabled: false
+  rbac:
+    policy: |
+      g, system:cluster-admins, role:admin
+      g, cluster-admins, role:admin
+  version: sha256:b0df6dc907f85a54ffb320264c6ab642b778eacea6f92ceae203322ba4cf149e #v2.9.5
+  repo:
+    replicas: 3
+    version: sha256:b0df6dc907f85a54ffb320264c6ab642b778eacea6f92ceae203322ba4cf149e #v2.9.5
+    mountsatoken: true
+    serviceaccount: argocd-repo-server
+    resources:
+      limits:
+        cpu: "1500m"
+        memory: 1Gi
+        ephemeral-storage: 6Gi
+      requests:
+        cpu: 50m
+        memory: 150Mi
+        ephemeral-storage: 256Mi
+  sso:
+    provider: dex
+    dex:
+      openShiftOAuth: true
+      resources:
+        limits:
+          cpu: 50m
+          memory: 100Mi
+        requests:
+          cpu: 10m
+          memory: 50Mi
+  ha:
+    enabled: true
+    redisProxyImage: haproxy # haproxy:2.9.1-bookworm
+    redisProxyVersion: sha256:e1d0edfdee9e39632a1fda3883dafb8c9268894849c1afd8afbd1fc6437bbeaf
+    resources:
+      limits:
+        cpu: 100m
+        memory: 96Mi
+      requests:
+        cpu: 25m
+        memory: 32Mi
+  tls:
+    ca: {}
+  redis:
+    image: redis # redis:7.2.4-bookworm
+    version: sha256:9e32ff5c286464387ff8f3fe72fc150a095c80f67af69d31ce4cb4d80fad0d7a
+    resources:
+      limits:
+        cpu: 100m
+        memory: 100Mi
+      requests:
+        cpu: 25m
+        memory: 25Mi
+  controller:
+    parallelismLimit: 25
+    sharding:
+      enabled: true
+      replicas: 1
+    processors:
+      operation: 25
+      status: 50
+    resources:
+      limits:
+        cpu: "1"
+        memory: 3Gi
+      requests:
+        cpu: 250m
+        memory: 750Mi
+  resourceExclusions: |
+    - apiGroups:
+      - tekton.dev
+      clusters:
+      - '*'
+      kinds:
+      - TaskRun
+      - PipelineRun

kubernetes/argocd/apps/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./argocd-apps.yaml
+  - ./rbac.yaml
+  - ./app-projects/analytics-for-spotify.yaml
+  - ./app-projects/smoke-tests.yaml

kubernetes/argocd/apps/rbac.yaml

@@ -0,0 +1,37 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: argocd-repo-server
+  namespace: argocd-apps
+  annotations:
+    authorization.k8s.io/get: "[]"
+  labels:
+    app.kubernetes.io/instance: argocd
+    app: argocd-apps
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: argocd-apps-argocd-application-controller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin # TODO Scope Down
+subjects:
+  - kind: ServiceAccount
+    name: argocd-apps-argocd-application-controller
+    namespace: argocd-apps
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: argocd-apps-argocd-server
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin # TODO Scope Down
+subjects:
+  - kind: ServiceAccount
+    name: argocd-apps-argocd-server
+    namespace: argocd-apps

kubernetes/argocd/base/subscription.yaml

@@ -18,7 +18,7 @@ spec:
   config:
     env:
       - name: ARGOCD_CLUSTER_CONFIG_NAMESPACES
-        value: argocd
+        value: argocd,argocd-apps
     resources:
       limits:
         cpu: 75m

kubernetes/argocd/overlays/okd/kustomization.yaml

@@ -3,3 +3,4 @@ kind: Kustomization
 resources:
   - ../../base
   - ../../applications
+  - ../../apps

kubernetes/smoke-tests/base/application.yaml

@@ -0,0 +1,17 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: smoke-tests
+  namespace: smoke-tests
+  annotations:
+    argocd.argoproj.io/sync-wave: "1"
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+spec:
+  destination:
+    namespace: smoke-tests
+    server: https://kubernetes.default.svc
+  project: smoke-tests
+  source:
+    path: kubernetes/smoke-tests/overlays/okd
+    repoURL: https://git.arthurvardevanyan.com/ArthurVardevanyan/HomeLab
+    targetRevision: HEAD

kubernetes/smoke-tests/base/kustomization.yaml

@@ -5,6 +5,7 @@ resources:
   - ./configmap.yaml
   - ./toolbox.yml
   - ./limit-range.yaml
-  - ./namespace.yaml
+  #- ./namespace.yaml
   - ./resource-quota.yaml
   - ./service-account.yaml
+  - ./application.yaml

kubernetes/smoke-tests/base/toolbox.yml

@@ -32,7 +32,7 @@ spec:
       containers:
         - name: toolbox
           imagePullPolicy: Always
-          image: registry.<path:secret/data/homelab/domain#url>/homelab/toolbox:not_latest
+          image: registry.arthurvardevanyan.com/homelab/toolbox:not_latest
           args:
             - sleep
             - infinity

kubernetes/smoke-tests/overlays/okd/kustomization.yaml

@@ -3,4 +3,4 @@ kind: Kustomization
 namespace: smoke-tests
 resources:
   - ../../base
-  - ./rbac.yaml
+  #- ./rbac.yaml