Skip to content

Commit db49f6d

Browse files
committed
Create an ArgoCD instance for infra-deployments
Use GitOps to deploy ArgoCD instances for infra-deployments KFLUXINFRA-4167
1 parent 02bb91a commit db49f6d

27 files changed

Lines changed: 890 additions & 0 deletions
Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
---
2+
apiVersion: argoproj.io/v1alpha1
3+
kind: ApplicationSet
4+
metadata:
5+
name: argocd-infra-instance
6+
spec:
7+
generators:
8+
- clusters:
9+
values:
10+
sourceRoot: components/argocd-infra-instance
11+
environment: ""
12+
clusterName: ""
13+
template:
14+
metadata:
15+
name: argocd-infra-instance-{{nameNormalized}}
16+
spec:
17+
project: default
18+
source:
19+
path: '{{values.sourceRoot}}/{{values.environment}}'
20+
repoURL: https://github.com/redhat-appstudio/infra-common-deployments.git
21+
targetRevision: main
22+
destination:
23+
namespace: argocd-infra-instance
24+
name: in-cluster
25+
syncPolicy:
26+
automated:
27+
prune: true
28+
selfHeal: true
29+
syncOptions:
30+
- CreateNamespace=true
31+
retry:
32+
limit: -1
33+
backoff:
34+
duration: 10s
35+
factor: 2
36+
maxDuration: 3m
Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
---
2+
apiVersion: kustomize.config.k8s.io/v1beta1
3+
kind: Kustomization
4+
resources:
5+
- appset.yaml
Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
# See the OWNERS docs: https://go.k8s.io/owners
2+
3+
approvers:
4+
- konflux-infra-team
5+
6+
reviewers:
7+
- konflux-infra-team
Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
# ArgoCD infra-deployments Instance
2+
3+
The ArgoCD infra-deployments instance component deploys an ArgoCD instance to manage the deployment of components in the [infra-deployments](https://github.com/redhat-appstudio/infra-deployments) repository. At the moment, this ArgoCD instance is only used to deploy components migrating to the universal components standard enacted by the ring deployments feature.
Lines changed: 261 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,261 @@
1+
apiVersion: argoproj.io/v1beta1
2+
kind: ArgoCD
3+
metadata:
4+
name: argocd-infra-deployments
5+
namespace: argocd-infra-deployments
6+
spec:
7+
aggregatedClusterRoles: true
8+
applicationSet:
9+
resources:
10+
limits:
11+
cpu: "2"
12+
memory: "1Gi"
13+
requests:
14+
cpu: "250m"
15+
memory: "512Mi"
16+
webhookServer:
17+
ingress:
18+
enabled: false
19+
route:
20+
enabled: false
21+
controller:
22+
resources:
23+
limits:
24+
cpu: "1"
25+
memory: "2Gi"
26+
requests:
27+
cpu: "1"
28+
memory: "2Gi"
29+
extraConfig:
30+
resource.compareoptions: |
31+
# disables status field diffing in specified resource types
32+
ignoreAggregatedRoles: true
33+
resource.customizations:
34+
"*.crossplane.io/*":
35+
health.lua: |
36+
health_status = {
37+
status = "Progressing",
38+
message = "Provisioning ..."
39+
}
40+
41+
local has_no_status = {
42+
"Composition",
43+
"CompositionRevision",
44+
"DeploymentRuntimeConfig",
45+
"ControllerConfig",
46+
"ProviderConfig",
47+
"ProviderConfigUsage"
48+
}
49+
50+
if obj.status == nil or next(obj.status) == nil and contains(has_no_status, obj.kind) then
51+
health_status.status = "Healthy"
52+
health_status.message = "Resource is up-to-date."
53+
return health_status
54+
end
55+
56+
if obj.status == nil or next(obj.status) == nil or obj.status.conditions == nil then
57+
if obj.kind == "ProviderConfig" and obj.status.users ~= nil then
58+
health_status.status = "Healthy"
59+
health_status.message = "Resource is in use."
60+
return health_status
61+
end
62+
return health_status
63+
end
64+
65+
for i, condition in ipairs(obj.status.conditions) do
66+
if condition.type == "LastAsyncOperation" then
67+
if condition.status == "False" then
68+
health_status.status = "Degraded"
69+
health_status.message = condition.message
70+
return health_status
71+
end
72+
end
73+
74+
if condition.type == "Synced" then
75+
if condition.status == "False" then
76+
health_status.status = "Degraded"
77+
health_status.message = condition.message
78+
return health_status
79+
end
80+
end
81+
82+
if contains({"Ready", "Healthy", "Offered", "Established"}, condition.type) then
83+
if condition.status == "True" then
84+
health_status.status = "Healthy"
85+
health_status.message = "Resource is up-to-date."
86+
return health_status
87+
end
88+
end
89+
end
90+
91+
return health_status
92+
resource.customizations.ignoreDifferences._ServiceAccount:
93+
jqPathExpressions:
94+
- '.imagePullSecrets[] | select(.name | test("-dockercfg-|-token-"))'
95+
resource.customizations.ignoreResourceUpdates.all:
96+
jsonPointers:
97+
- /status
98+
resource.ignoreResourceUpdatesEnabled: "true"
99+
ha:
100+
enabled: false
101+
initialSSHKnownHosts: {}
102+
kustomizeBuildOptions: "--enable-helm"
103+
notifications:
104+
enabled: false
105+
prometheus:
106+
enabled: false
107+
ingress:
108+
enabled: false
109+
route:
110+
enabled: false
111+
redis:
112+
resources:
113+
limits:
114+
cpu: "500m"
115+
memory: "256Mi"
116+
requests:
117+
cpu: "250m"
118+
memory: "128Mi"
119+
repo:
120+
resources:
121+
limits:
122+
cpu: "1"
123+
memory: "1Gi"
124+
requests:
125+
cpu: "250m"
126+
memory: "1Gi"
127+
resourceExclusions: |
128+
- apiGroups:
129+
- tekton.dev
130+
clusters:
131+
- '*'
132+
kinds:
133+
- TaskRun
134+
- PipelineRun
135+
EOT
136+
resourceHealthChecks:
137+
- check: |
138+
local obj = resource
139+
local hs = {
140+
status = "Progressing",
141+
message = "Waiting for pipeline readiness status"
142+
}
143+
local allPipelines = {}
144+
local notReadyPipelines = {}
145+
146+
local pipelines = (obj and obj.status and type(obj.status) == "table" and obj.status.pipelines) or {}
147+
for _, pipeline in ipairs(pipelines) do
148+
local conditions = pipeline.conditions or { { type = "Ready", status = "False", message = "The conditions field is missing for " .. pipeline.name } }
149+
for _, condition in ipairs(conditions) do
150+
if condition.type == "Ready" then
151+
hs.message = condition.message
152+
hs.status = condition.status == "False" and "Degraded" or "Healthy"
153+
table.insert(allPipelines, pipeline.name)
154+
if hs.status == "Degraded" then
155+
table.insert(notReadyPipelines, pipeline.name)
156+
end
157+
end
158+
end
159+
end
160+
161+
hs.status = #notReadyPipelines == 0 and "Healthy" or "Degraded"
162+
hs.message = #notReadyPipelines == 0 and "All pipelines are ready" or "Not ready pipelines: " .. table.concat(notReadyPipelines, ", ")
163+
164+
return hs
165+
group: "logging.openshift.io"
166+
kind: "ClusterLogForwarder"
167+
- check: |
168+
health_status = {}
169+
if obj.status ~= nil then
170+
if obj.status.conditions ~= nil then
171+
numDegraded = 0
172+
numPending = 0
173+
msg = ""
174+
for i, condition in pairs(obj.status.conditions) do
175+
msg = msg .. i .. ": " .. condition.type .. " | " .. condition.status .. "\n"
176+
if condition.type == "InstallPlanPending" and condition.status == "True" then
177+
numPending = numPending + 1
178+
elseif (condition.type == "InstallPlanMissing" and condition.reason ~= "ReferencedInstallPlanNotFound") then
179+
numDegraded = numDegraded + 1
180+
elseif (condition.type == "CatalogSourcesUnhealthy" or condition.type == "InstallPlanFailed" or condition.type == "ResolutionFailed") and condition.status == "True" then
181+
numDegraded = numDegraded + 1
182+
end
183+
end
184+
end
185+
if numDegraded == 0 and numPending == 0 then
186+
health_status.status = "Healthy"
187+
health_status.message = msg
188+
return health_status
189+
elseif numPending > 0 and numDegraded == 0 and obj.spec.installPlanApproval == "Manual" then
190+
health_status.status = "Healthy"
191+
health_status.message = "An install plan for a subscription is pending installation but install plan approval is set to manual so considering this as healthy: " .. msg
192+
return health_status
193+
elseif numPending > 0 and numDegraded == 0 then
194+
health_status.status = "Progressing"
195+
health_status.message = "An install plan for a subscription is pending installation"
196+
return health_status
197+
else
198+
health_status.status = "Degraded"
199+
health_status.message = msg
200+
return health_status
201+
end
202+
end
203+
return health_status
204+
group: "operators.coreos.com"
205+
kind: "Subscription"
206+
resourceTrackingMethod: "annotation"
207+
server:
208+
autoscale:
209+
enabled: false
210+
grpc:
211+
ingress:
212+
enabled: false
213+
ingress:
214+
enabled: false
215+
resources:
216+
limits:
217+
cpu: "500m"
218+
memory: "256Mi"
219+
requests:
220+
cpu: "125m"
221+
memory: "128Mi"
222+
route:
223+
enabled: true
224+
tls:
225+
termination: "reencrypt"
226+
service:
227+
type: ""
228+
sso:
229+
dex:
230+
openShiftOAuth: true
231+
resources:
232+
limits:
233+
cpu: "500m"
234+
memory: "256Mi"
235+
requests:
236+
cpu: "250m"
237+
memory: "128Mi"
238+
provider: "dex"
239+
tls:
240+
ca: {}
241+
rbac:
242+
policy: |
243+
p, role:konflux-argocd-devs, applications, get, */*, allow
244+
p, role:konflux-argocd-devs, applications, sync, */*, allow
245+
p, role:konflux-argocd-devs, logs, get, */*, allow
246+
g, konflux-admins, role:konflux-argocd-devs
247+
g, konflux-build, role:konflux-argocd-devs
248+
g, konflux-contributors, role:konflux-argocd-devs
249+
g, konflux-devprod, role:konflux-argocd-devs
250+
g, konflux-ec, role:konflux-argocd-devs
251+
g, konflux-infra, role:konflux-argocd-devs
252+
g, konflux-integration, role:konflux-argocd-devs
253+
g, konflux-kubearchive, role:konflux-argocd-devs
254+
g, konflux-migration, role:konflux-argocd-devs
255+
g, konflux-mintmaker-team, role:konflux-argocd-devs
256+
g, konflux-o11y, role:konflux-argocd-devs
257+
g, konflux-qe, role:konflux-argocd-devs
258+
g, konflux-release-team, role:konflux-argocd-devs
259+
g, konflux-support-ops, role:konflux-argocd-devs
260+
g, konflux-ui, role:konflux-argocd-devs
261+
g, konflux-vanguard, role:konflux-argocd-devs

0 commit comments

Comments
 (0)