diff --git a/bootstrap/rig-system/kustomize/overlays/odcn-production/argocd-application-production-infrastructure.yaml b/bootstrap/rig-system/kustomize/overlays/odcn-production/argocd-application-production-infrastructure.yaml index e7219a6b..755885e5 100644 --- a/bootstrap/rig-system/kustomize/overlays/odcn-production/argocd-application-production-infrastructure.yaml +++ b/bootstrap/rig-system/kustomize/overlays/odcn-production/argocd-application-production-infrastructure.yaml @@ -7,7 +7,7 @@ metadata: # annotations: # argocd.argoproj.io/sync-wave: "1" # Deploy before user applications spec: - project: default + project: rig-platform source: repoURL: https://infrastructure@github.com/RijksICTGilde/RIG-Cluster.git path: infrastructure/bootstrap/clusters/odcn diff --git a/bootstrap/rig-system/kustomize/overlays/odcn-production/argocd-application-user-applications.yaml b/bootstrap/rig-system/kustomize/overlays/odcn-production/argocd-application-user-applications.yaml index ea5eb119..efabe960 100644 --- a/bootstrap/rig-system/kustomize/overlays/odcn-production/argocd-application-user-applications.yaml +++ b/bootstrap/rig-system/kustomize/overlays/odcn-production/argocd-application-user-applications.yaml @@ -6,7 +6,7 @@ metadata: annotations: argocd.argoproj.io/sync-wave: "2" # Deploy after infrastructure spec: - project: default + project: rig-platform sources: - repoURL: https://user-applications@github.com/RijksICTGilde/argo-applications.git path: odcn-production diff --git a/bootstrap/rig-system/kustomize/overlays/odcn-production/argocd-appproject-rig-platform.yaml b/bootstrap/rig-system/kustomize/overlays/odcn-production/argocd-appproject-rig-platform.yaml new file mode 100644 index 00000000..4f0f5c21 --- /dev/null +++ b/bootstrap/rig-system/kustomize/overlays/odcn-production/argocd-appproject-rig-platform.yaml @@ -0,0 +1,33 @@ +# AppProject — vervangt het ingebouwde 'default' project voor de twee +# productie-Applications. Pint sourceRepos + destinations zodat een +# willekeurige push naar een andere repo niet automatisch in productie landt. +apiVersion: argoproj.io/v1alpha1 +kind: AppProject +metadata: + name: rig-platform + namespace: rig-system + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + description: Beperkt project voor de productie-Applications. + + sourceRepos: + - https://infrastructure@github.com/RijksICTGilde/RIG-Cluster.git + - https://user-applications@github.com/RijksICTGilde/argo-applications.git + + # Beide Applications syncen alleen naar rig-prd-operations (live geverifieerd). + destinations: + - server: https://kubernetes.default.svc + namespace: rig-prd-operations + + # Cluster-scoped beheert ODCN; namespaced open want destinations pint de scope. + clusterResourceWhitelist: [] + namespaceResourceWhitelist: + - group: "*" + kind: "*" + + # Warn uit: rig-prd-operations bevat ook bootstrap-resources (Argo, OPI, + # Keycloak, Postgres, etc.) die niet door Argo gemanaged zijn — namespace- + # opsplitsing is follow-up #106. + orphanedResources: + warn: false diff --git a/bootstrap/rig-system/kustomize/overlays/odcn-production/kustomization.yaml b/bootstrap/rig-system/kustomize/overlays/odcn-production/kustomization.yaml index a0af0ddf..6a9c16c2 100644 --- a/bootstrap/rig-system/kustomize/overlays/odcn-production/kustomization.yaml +++ b/bootstrap/rig-system/kustomize/overlays/odcn-production/kustomization.yaml @@ -11,6 +11,7 @@ resources: - argocd-deployment.yaml - network-policies/argocd-network-policy.yaml - ../../operations-manager/overlays/odcn-production +- argocd-appproject-rig-platform.yaml - argocd-application-production-infrastructure.yaml - argocd-application-user-applications.yaml diff --git a/bootstrap/rig-system/kustomize/overlays/sandboxed-local/argocd-application-infrastructure.yaml b/bootstrap/rig-system/kustomize/overlays/sandboxed-local/argocd-application-infrastructure.yaml index b33b1db9..0f909ec4 100644 --- a/bootstrap/rig-system/kustomize/overlays/sandboxed-local/argocd-application-infrastructure.yaml +++ b/bootstrap/rig-system/kustomize/overlays/sandboxed-local/argocd-application-infrastructure.yaml @@ -5,7 +5,7 @@ metadata: name: sandbox-infrastructure namespace: rig-system spec: - project: default + project: rig-platform source: repoURL: http://forgejo.rig-system.svc.cluster.local:3000/rig-admin/zad-argo-infrastructure.git path: bootstrap/clusters/sandboxed-local diff --git a/bootstrap/rig-system/kustomize/overlays/sandboxed-local/argocd-application-user-applications.yaml b/bootstrap/rig-system/kustomize/overlays/sandboxed-local/argocd-application-user-applications.yaml index ba82d887..162f7717 100644 --- a/bootstrap/rig-system/kustomize/overlays/sandboxed-local/argocd-application-user-applications.yaml +++ b/bootstrap/rig-system/kustomize/overlays/sandboxed-local/argocd-application-user-applications.yaml @@ -5,7 +5,7 @@ metadata: name: user-applications namespace: rig-system spec: - project: default + project: rig-platform sources: - repoURL: http://forgejo.rig-system.svc.cluster.local:3000/rig-admin/zad-argo-user-applications.git path: . diff --git a/bootstrap/rig-system/kustomize/overlays/sandboxed-local/argocd-appproject-rig-platform.yaml b/bootstrap/rig-system/kustomize/overlays/sandboxed-local/argocd-appproject-rig-platform.yaml new file mode 100644 index 00000000..5526dbf1 --- /dev/null +++ b/bootstrap/rig-system/kustomize/overlays/sandboxed-local/argocd-appproject-rig-platform.yaml @@ -0,0 +1,29 @@ +# AppProject — sandbox-variant van rig-platform; spiegelt odcn-production +# overlay maar pint op de sandbox repos (Forgejo in-cluster) en rig-system. +apiVersion: argoproj.io/v1alpha1 +kind: AppProject +metadata: + name: rig-platform + namespace: rig-system + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + description: Beperkt project voor de sandbox-Applications. + + sourceRepos: + - http://forgejo.rig-system.svc.cluster.local:3000/rig-admin/zad-argo-infrastructure.git + - http://forgejo.rig-system.svc.cluster.local:3000/rig-admin/zad-argo-user-applications.git + + destinations: + - server: https://kubernetes.default.svc + namespace: rig-system + + clusterResourceWhitelist: [] + namespaceResourceWhitelist: + - group: "*" + kind: "*" + + # Warn uit: rig-system bevat ook bootstrap-resources (Argo, OPI, Keycloak, + # Forgejo) die niet door Argo gemanaged zijn — namespace-opsplitsing is #106. + orphanedResources: + warn: false diff --git a/bootstrap/rig-system/kustomize/overlays/sandboxed-local/kustomization.yaml b/bootstrap/rig-system/kustomize/overlays/sandboxed-local/kustomization.yaml index 196a7d70..aa7ba0b8 100644 --- a/bootstrap/rig-system/kustomize/overlays/sandboxed-local/kustomization.yaml +++ b/bootstrap/rig-system/kustomize/overlays/sandboxed-local/kustomization.yaml @@ -14,6 +14,7 @@ resources: - argocd-deployment.yaml - argocd-admin-secret.yaml - argocd-repo-forgejo-secret.yaml +- argocd-appproject-rig-platform.yaml - argocd-application-infrastructure.yaml - argocd-application-user-applications.yaml - ../../operations-manager/overlays/sandboxed-local