From 30938f11277c469dd41d0870a16a4b2c6b8713c0 Mon Sep 17 00:00:00 2001 From: Igor Rodionov Date: Mon, 4 Sep 2023 19:09:04 +0300 Subject: [PATCH] [eks/argocd] Added ArgoCD notification configuration (https://github.com/cloudposse/terraform-aws-components/pull/851) Co-authored-by: cloudpossebot Co-authored-by: Andriy Knysh --- src/CHANGELOG.md | 36 ++++++++++++++++++++++ src/README.md | 6 ++-- src/applicationset.tf | 13 ++++---- src/providers.tf | 2 +- src/templates/applicationset.yaml.tpl | 44 +++++++-------------------- src/variables.tf | 30 +++--------------- 6 files changed, 61 insertions(+), 70 deletions(-) create mode 100644 src/CHANGELOG.md diff --git a/src/CHANGELOG.md b/src/CHANGELOG.md new file mode 100644 index 0000000..cb57e1d --- /dev/null +++ b/src/CHANGELOG.md @@ -0,0 +1,36 @@ +## Components PR [#851](https://github.com/cloudposse/terraform-aws-components/pull/851) + +This is a bug fix and feature enhancement update. +There are few actions necessary to upgrade. + +## Upgrade actions + +1. Enable `github_default_notifications_enabled` (set `true`) +```yaml +components: + terraform: + argocd-repo-defaults: + metadata: + type: abstract + vars: + enabled: true + github_default_notifications_enabled: true +``` +2. Apply changes with Atmos + + +## Features +* Support predefined GitHub commit status notifications for CD sync mode: + * `on-deploy-started` + * `app-repo-github-commit-status` + * `argocd-repo-github-commit-status` + * `on-deploy-succeded` + * `app-repo-github-commit-status` + * `argocd-repo-github-commit-status` + * `on-deploy-failed` + * `app-repo-github-commit-status` + * `argocd-repo-github-commit-status` + +### Bug Fixes + +* Remove legacy unnecessary helm values used in old ArgoCD versions (ex. `workflow auth` configs) and dropped notifications services diff --git a/src/README.md b/src/README.md index 890177d..51448b5 100644 --- a/src/README.md +++ b/src/README.md @@ -133,9 +133,10 @@ $ terraform import -var "import_profile_name=eg-mgmt-gbl-corp-admin" -var-file=" | [descriptor\_formats](#input\_descriptor\_formats) | Describe additional descriptors to be output in the `descriptors` output map.
Map of maps. Keys are names of descriptors. Values are maps of the form
`{
format = string
labels = list(string)
}`
(Type is `any` so the map values can later be enhanced to provide additional options.)
`format` is a Terraform format string to be passed to the `format()` function.
`labels` is a list of labels, in order, to pass to `format()` function.
Label values will be normalized before being passed to `format()` so they will be
identical to how they appear in `id`.
Default is `{}` (`descriptors` output will be empty). | `any` | `{}` | no | | [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no | | [environment](#input\_environment) | ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no | -| [environments](#input\_environments) | Environments to populate `applicationset.yaml` files and repository deploy keys (for ArgoCD) for.

`auto-sync` determines whether or not the ArgoCD application will be automatically synced.

`ignore-differences` determines whether or not the ArgoCD application will ignore the number of
replicas in the deployment. Read more on ignore differences here:
https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/#respect-ignore-difference-configs

Example:
tenant: plat
environment: use1
stage: sandbox
auto-sync: true
ignore-differences:
  - group: apps
    kind: Deployment
    json-pointers:
      - /spec/replicas
| 
list(object({
    tenant      = string
    environment = string
    stage       = string
    auto-sync   = bool
    ignore-differences = list(object({
      group         = string,
      kind          = string,
      json-pointers = list(string)
    }))
  }))
| `[]` | no | +| [environments](#input\_environments) | Environments to populate `applicationset.yaml` files and repository deploy keys (for ArgoCD) for.

`auto-sync` determines whether or not the ArgoCD application will be automatically synced. | 
list(object({
    tenant      = string
    environment = string
    stage       = string
    auto-sync   = bool
  }))
| `[]` | no | | [github\_base\_url](#input\_github\_base\_url) | This is the target GitHub base API endpoint. Providing a value is a requirement when working with GitHub Enterprise. It is optional to provide this value and it can also be sourced from the `GITHUB_BASE_URL` environment variable. The value must end with a slash, for example: `https://terraformtesting-ghe.westus.cloudapp.azure.com/` | `string` | `null` | no | | [github\_codeowner\_teams](#input\_github\_codeowner\_teams) | List of teams to use when populating the CODEOWNERS file.

For example: `["@ACME/cloud-admins", "@ACME/cloud-developers"]`. | `list(string)` | n/a | yes | +| [github\_default\_notifications\_enabled](#input\_github\_default\_notifications\_enabled) | Enable default GitHub commit statuses notifications (required for CD sync mode) | `bool` | `true` | no | | [github\_organization](#input\_github\_organization) | GitHub Organization | `string` | n/a | yes | | [github\_token\_override](#input\_github\_token\_override) | Use the value of this variable as the GitHub token instead of reading it from SSM | `string` | `null` | no | | [github\_user](#input\_github\_user) | Github user | `string` | n/a | yes | @@ -151,7 +152,6 @@ $ terraform import -var "import_profile_name=eg-mgmt-gbl-corp-admin" -var-file=" | [permissions](#input\_permissions) | A list of Repository Permission objects used to configure the team permissions of the repository

`team_slug` should be the name of the team without the `@{org}` e.g. `@cloudposse/team` => `team`
`permission` is just one of the available values listed below | 
list(object({
    team_slug  = string,
    permission = string
  }))
| `[]` | no | | [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.
Characters matching the regex will be removed from the ID elements.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no | | [region](#input\_region) | AWS Region | `string` | n/a | yes | -| [slack\_channel](#input\_slack\_channel) | The name of the slack channel to configure ArgoCD notifications for | `string` | `null` | no | | [ssm\_github\_api\_key](#input\_ssm\_github\_api\_key) | SSM path to the GitHub API key | `string` | `"/argocd/github/api_key"` | no | | [ssm\_github\_deploy\_key\_format](#input\_ssm\_github\_deploy\_key\_format) | Format string of the SSM parameter path to which the deploy keys will be written to (%s will be replaced with the environment name) | `string` | `"/argocd/deploy_keys/%s"` | no | | [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no | @@ -173,7 +173,7 @@ $ terraform import -var "import_profile_name=eg-mgmt-gbl-corp-admin" -var-file=" ## References - * [cloudposse/terraform-aws-components](https://github.com/cloudposse/terraform-aws-components/tree/master/modules/argocd-repo) - Cloud Posse's upstream component + * [cloudposse/terraform-aws-components](https://github.com/cloudposse/terraform-aws-components/tree/master/modules/TODO) - Cloud Posse's upstream component [](https://cpco.io/component) diff --git a/src/applicationset.tf b/src/applicationset.tf index b664271..5710e3e 100644 --- a/src/applicationset.tf +++ b/src/applicationset.tf @@ -5,13 +5,12 @@ resource "github_repository_file" "application_set" { branch = join("", github_repository.default.*.default_branch) file = "${each.value.tenant != null ? format("%s/", each.value.tenant) : ""}${each.value.environment}-${each.value.stage}/${local.manifest_kubernetes_namespace}/applicationset.yaml" content = templatefile("${path.module}/templates/applicationset.yaml.tpl", { - environment = each.key - auto-sync = each.value.auto-sync - ignore-differences = each.value.ignore-differences - name = module.this.namespace - namespace = local.manifest_kubernetes_namespace - ssh_url = join("", github_repository.default.*.ssh_clone_url) - slack_channel = var.slack_channel + environment = each.key + auto-sync = each.value.auto-sync + name = module.this.namespace + namespace = local.manifest_kubernetes_namespace + ssh_url = join("", github_repository.default.*.ssh_clone_url) + notifications = var.github_default_notifications_enabled }) commit_message = "Initialize environment: `${each.key}`." commit_author = var.github_user diff --git a/src/providers.tf b/src/providers.tf index ef923e1..54257fd 100644 --- a/src/providers.tf +++ b/src/providers.tf @@ -8,7 +8,7 @@ provider "aws" { # module.iam_roles.terraform_role_arn may be null, in which case do not assume a role. for_each = compact([module.iam_roles.terraform_role_arn]) content { - role_arn = assume_role.value + role_arn = module.iam_roles.terraform_role_arn } } } diff --git a/src/templates/applicationset.yaml.tpl b/src/templates/applicationset.yaml.tpl index 292c164..68de50c 100644 --- a/src/templates/applicationset.yaml.tpl +++ b/src/templates/applicationset.yaml.tpl @@ -8,24 +8,6 @@ metadata: argocd-autopilot.argoproj-labs.io/default-dest-server: https://kubernetes.default.svc argocd.argoproj.io/sync-options: PruneLast=true argocd.argoproj.io/sync-wave: "-2" -%{if slack_channel != "" && slack_channel != null ~} - notifications.argoproj.io/subscribe.on-deployed.slack: ${slack_channel} - notifications.argoproj.io/subscribe.on-health-degraded.slack: ${slack_channel} - notifications.argoproj.io/subscribe.on-sync-failed.slack: ${slack_channel} - notifications.argoproj.io/subscribe.on-sync-running.slack: ${slack_channel} - notifications.argoproj.io/subscribe.on-sync-status-unknown.slack: ${slack_channel} - notifications.argoproj.io/subscribe.on-sync-succeeded.slack: ${slack_channel} - notifications.argoproj.io/subscribe.on-deleted.slack: ${slack_channel} -%{ endif ~} - notifications.argoproj.io/subscribe.on-deployed.datadog: "" - notifications.argoproj.io/subscribe.on-health-degraded.datadog: "" - notifications.argoproj.io/subscribe.on-sync-failed.datadog: "" - notifications.argoproj.io/subscribe.on-sync-running.datadog: "" - notifications.argoproj.io/subscribe.on-sync-status-unknown.datadog: "" - notifications.argoproj.io/subscribe.on-sync-succeeded.datadog: "" - notifications.argoproj.io/subscribe.on-deployed.github-deployment: "" - notifications.argoproj.io/subscribe.on-deployed.github-commit-status: "" - notifications.argoproj.io/subscribe.on-deleted.github-deployment: "" name: ${name} namespace: ${namespace} spec: @@ -49,6 +31,7 @@ kind: ApplicationSet metadata: annotations: argocd.argoproj.io/sync-wave: "0" + creationTimestamp: null name: ${name} namespace: ${namespace} spec: @@ -61,11 +44,18 @@ spec: template: metadata: annotations: + deployment_id: '{{deployment_id}}' app_repository: '{{app_repository}}' app_commit: '{{app_commit}}' - app_hostname: '{{app_hostname}}' - notifications.argoproj.io/subscribe.on-deployed.github: "" - notifications.argoproj.io/subscribe.on-deployed.github-commit-status: "" + app_hostname: 'https://{{app_hostname}}' +%{if notifications ~} + notifications.argoproj.io/subscribe.on-deploy-started.app-repo-github-commit-status: "" + notifications.argoproj.io/subscribe.on-deploy-started.argocd-repo-github-commit-status: "" + notifications.argoproj.io/subscribe.on-deploy-succeded.app-repo-github-commit-status: "" + notifications.argoproj.io/subscribe.on-deploy-succeded.argocd-repo-github-commit-status: "" + notifications.argoproj.io/subscribe.on-deploy-failed.app-repo-github-commit-status: "" + notifications.argoproj.io/subscribe.on-deploy-failed.argocd-repo-github-commit-status: "" +%{ endif ~} name: '{{name}}' spec: project: ${name} @@ -84,15 +74,3 @@ spec: %{ endif ~} syncOptions: - CreateNamespace=true -%{if length(ignore-differences) > 0 ~} - - RespectIgnoreDifferences=true - ignoreDifferences: -%{for item in ignore-differences ~} - - group: "${item.group}" - kind: "${item.kind}" - jsonPointers: -%{for pointer in item.json-pointers ~} - - ${pointer} -%{ endfor ~} -%{ endfor ~} -%{ endif ~} diff --git a/src/variables.tf b/src/variables.tf index 9114bcb..2309b7d 100644 --- a/src/variables.tf +++ b/src/variables.tf @@ -15,33 +15,11 @@ variable "environments" { environment = string stage = string auto-sync = bool - ignore-differences = list(object({ - group = string, - kind = string, - json-pointers = list(string) - })) })) description = <<-EOT Environments to populate `applicationset.yaml` files and repository deploy keys (for ArgoCD) for. `auto-sync` determines whether or not the ArgoCD application will be automatically synced. - - `ignore-differences` determines whether or not the ArgoCD application will ignore the number of - replicas in the deployment. Read more on ignore differences here: - https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/#respect-ignore-difference-configs - - Example: - ``` - tenant: plat - environment: use1 - stage: sandbox - auto-sync: true - ignore-differences: - - group: apps - kind: Deployment - json-pointers: - - /spec/replicas - ``` EOT default = [] } @@ -126,8 +104,8 @@ variable "permissions" { } } -variable "slack_channel" { - type = string - description = "The name of the slack channel to configure ArgoCD notifications for" - default = null +variable "github_default_notifications_enabled" { + type = bool + default = true + description = "Enable default GitHub commit statuses notifications (required for CD sync mode)" }