Skip to content

Commit ed80f8d

Browse files
committed
Create an ArgoCD instance for infra-deployments
Use GitOps to deploy ArgoCD instances for infra-deployments KFLUXINFRA-4167
1 parent 02bb91a commit ed80f8d

20 files changed

Lines changed: 703 additions & 0 deletions

File tree

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
---
2+
apiVersion: argoproj.io/v1alpha1
3+
kind: ApplicationSet
4+
metadata:
5+
name: argocd-infra-deployments-instance
6+
spec:
7+
generators:
8+
- clusters:
9+
values:
10+
sourceRoot: components/argocd-infra-instance
11+
environment: ""
12+
clusterName: ""
13+
template:
14+
metadata:
15+
name: argocd-infra-deployments-instance-{{nameNormalized}}
16+
spec:
17+
project: default
18+
source:
19+
path: '{{values.sourceRoot}}/{{values.environment}}'
20+
repoURL: https://github.com/redhat-appstudio/infra-common-deployments.git
21+
targetRevision: main
22+
destination:
23+
namespace: argocd-infra-instance
24+
name: in-cluster
25+
syncPolicy:
26+
automated:
27+
prune: true
28+
selfHeal: true
29+
syncOptions:
30+
- CreateNamespace=true
31+
retry:
32+
limit: -1
33+
backoff:
34+
duration: 10s
35+
factor: 2
36+
maxDuration: 3m
Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
---
2+
apiVersion: kustomize.config.k8s.io/v1beta1
3+
kind: Kustomization
4+
resources:
5+
- appset.yaml

argo-cd-apps/base/internal/kustomization.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@
22
apiVersion: kustomize.config.k8s.io/v1beta1
33
kind: Kustomization
44
resources:
5+
- argocd-infra-instance
56
- internal-services
67
- openshift-pipelines
78
- kargo
Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
# See the OWNERS docs: https://go.k8s.io/owners
2+
3+
approvers:
4+
- konflux-infra-team
5+
6+
reviewers:
7+
- konflux-infra-team
Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
# ArgoCD infra-deployments Instance
2+
3+
The ArgoCD infra-deployments instance component deploys an ArgoCD instance to manage the deployment of components in the [infra-deployments](https://github.com/redhat-appstudio/infra-deployments) repository. At the moment, this ArgoCD instance is only used to deploy components migrating to the universal components standard enacted by the ring deployments feature.
Lines changed: 266 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,266 @@
1+
apiVersion: argoproj.io/v1beta1
2+
kind: ArgoCD
3+
metadata:
4+
name: argocd-infra-deployments
5+
namespace: argocd-infra-deployments
6+
spec:
7+
aggregatedClusterRoles: true
8+
applicationSet:
9+
resources:
10+
limits:
11+
cpu: "2"
12+
memory: "1Gi"
13+
requests:
14+
cpu: "250m"
15+
memory: "512Mi"
16+
webhookServer:
17+
ingress:
18+
enabled: false
19+
route:
20+
enabled: false
21+
controller:
22+
resources:
23+
limits:
24+
cpu: "1"
25+
memory: "2Gi"
26+
requests:
27+
cpu: "1"
28+
memory: "2Gi"
29+
extraConfig:
30+
resource.compareoptions: |
31+
# disables status field diffing in specified resource types
32+
ignoreAggregatedRoles: true
33+
resource.customizations:
34+
"*.crossplane.io/*":
35+
health.lua: |
36+
health_status = {
37+
status = "Progressing",
38+
message = "Provisioning ..."
39+
}
40+
41+
local has_no_status = {
42+
"Composition",
43+
"CompositionRevision",
44+
"DeploymentRuntimeConfig",
45+
"ControllerConfig",
46+
"ProviderConfig",
47+
"ProviderConfigUsage"
48+
}
49+
50+
if (obj.status == nil or next(obj.status) == nil) and contains(has_no_status, obj.kind) then
51+
health_status.status = "Healthy"
52+
health_status.message = "Resource is up-to-date."
53+
return health_status
54+
end
55+
56+
if obj.status == nil or next(obj.status) == nil or obj.status.conditions == nil then
57+
if obj.kind == "ProviderConfig" and obj.status.users ~= nil then
58+
health_status.status = "Healthy"
59+
health_status.message = "Resource is in use."
60+
return health_status
61+
end
62+
return health_status
63+
end
64+
65+
for i, condition in ipairs(obj.status.conditions) do
66+
if condition.type == "LastAsyncOperation" then
67+
if condition.status == "False" then
68+
health_status.status = "Degraded"
69+
health_status.message = condition.message
70+
return health_status
71+
end
72+
end
73+
74+
if condition.type == "Synced" then
75+
if condition.status == "False" then
76+
health_status.status = "Degraded"
77+
health_status.message = condition.message
78+
return health_status
79+
end
80+
end
81+
82+
if contains({"Ready", "Healthy", "Offered", "Established"}, condition.type) then
83+
if condition.status == "True" then
84+
health_status.status = "Healthy"
85+
health_status.message = "Resource is up-to-date."
86+
return health_status
87+
end
88+
end
89+
end
90+
91+
return health_status
92+
resource.customizations.ignoreDifferences._ServiceAccount:
93+
jqPathExpressions:
94+
- '.imagePullSecrets[]? | select(.name | test("-dockercfg-|-token-"))'
95+
resource.customizations.ignoreResourceUpdates.all:
96+
jsonPointers:
97+
- /status
98+
resource.ignoreResourceUpdatesEnabled: "true"
99+
ha:
100+
enabled: false
101+
initialSSHKnownHosts: {}
102+
kustomizeBuildOptions: "--enable-helm"
103+
notifications:
104+
enabled: false
105+
prometheus:
106+
enabled: false
107+
ingress:
108+
enabled: false
109+
route:
110+
enabled: false
111+
redis:
112+
resources:
113+
limits:
114+
cpu: "500m"
115+
memory: "256Mi"
116+
requests:
117+
cpu: "250m"
118+
memory: "128Mi"
119+
repo:
120+
resources:
121+
limits:
122+
cpu: "1"
123+
memory: "1Gi"
124+
requests:
125+
cpu: "250m"
126+
memory: "1Gi"
127+
resourceExclusions: |
128+
- apiGroups:
129+
- tekton.dev
130+
clusters:
131+
- '*'
132+
kinds:
133+
- TaskRun
134+
- PipelineRun
135+
resourceHealthChecks:
136+
- check: |
137+
local obj = resource
138+
local hs = {
139+
status = "Progressing",
140+
message = "Waiting for pipeline readiness status"
141+
}
142+
local allPipelines = {}
143+
local notReadyPipelines = {}
144+
145+
local pipelines = (obj and obj.status and type(obj.status) == "table" and obj.status.pipelines) or {}
146+
for _, pipeline in ipairs(pipelines) do
147+
local conditions = pipeline.conditions or { { type = "Ready", status = "False", message = "The conditions field is missing for " .. pipeline.name } }
148+
for _, condition in ipairs(conditions) do
149+
if condition.type == "Ready" then
150+
hs.message = condition.message
151+
hs.status = condition.status == "False" and "Degraded" or "Healthy"
152+
table.insert(allPipelines, pipeline.name)
153+
if hs.status == "Degraded" then
154+
table.insert(notReadyPipelines, pipeline.name)
155+
end
156+
end
157+
end
158+
end
159+
160+
hs.status = #notReadyPipelines == 0 and "Healthy" or "Degraded"
161+
hs.message = #notReadyPipelines == 0 and "All pipelines are ready" or "Not ready pipelines: " .. table.concat(notReadyPipelines, ", ")
162+
163+
return hs
164+
group: "logging.openshift.io"
165+
kind: "ClusterLogForwarder"
166+
- check: |
167+
local obj = resource
168+
local health_status = {}
169+
local numDegraded = 0
170+
local numPending = 0
171+
local msg = ""
172+
173+
if obj.status == nil then
174+
health_status.status = "Progressing"
175+
health_status.message = "Waiting for subscription status"
176+
return health_status
177+
end
178+
179+
if obj.status.conditions ~= nil then
180+
for i, condition in pairs(obj.status.conditions) do
181+
msg = msg .. i .. ": " .. condition.type .. " | " .. condition.status .. "\n"
182+
if condition.type == "InstallPlanPending" and condition.status == "True" then
183+
numPending = numPending + 1
184+
elseif (condition.type == "InstallPlanMissing" and condition.reason ~= "ReferencedInstallPlanNotFound") then
185+
numDegraded = numDegraded + 1
186+
elseif (condition.type == "CatalogSourcesUnhealthy" or condition.type == "InstallPlanFailed" or condition.type == "ResolutionFailed") and condition.status == "True" then
187+
numDegraded = numDegraded + 1
188+
end
189+
end
190+
end
191+
192+
if numDegraded == 0 and numPending == 0 then
193+
health_status.status = "Healthy"
194+
health_status.message = msg
195+
return health_status
196+
elseif numPending > 0 and numDegraded == 0 and obj.spec.installPlanApproval == "Manual" then
197+
health_status.status = "Healthy"
198+
health_status.message = "An install plan for a subscription is pending installation but install plan approval is set to manual so considering this as healthy: " .. msg
199+
return health_status
200+
elseif numPending > 0 and numDegraded == 0 then
201+
health_status.status = "Progressing"
202+
health_status.message = "An install plan for a subscription is pending installation"
203+
return health_status
204+
else
205+
health_status.status = "Degraded"
206+
health_status.message = msg
207+
return health_status
208+
end
209+
group: "operators.coreos.com"
210+
kind: "Subscription"
211+
resourceTrackingMethod: "annotation"
212+
server:
213+
autoscale:
214+
enabled: false
215+
grpc:
216+
ingress:
217+
enabled: false
218+
ingress:
219+
enabled: false
220+
resources:
221+
limits:
222+
cpu: "500m"
223+
memory: "256Mi"
224+
requests:
225+
cpu: "125m"
226+
memory: "128Mi"
227+
route:
228+
enabled: true
229+
tls:
230+
termination: "reencrypt"
231+
service:
232+
type: ""
233+
sso:
234+
dex:
235+
openShiftOAuth: true
236+
resources:
237+
limits:
238+
cpu: "500m"
239+
memory: "256Mi"
240+
requests:
241+
cpu: "250m"
242+
memory: "128Mi"
243+
provider: "dex"
244+
tls:
245+
ca: {}
246+
rbac:
247+
policy: |
248+
p, role:konflux-argocd-devs, applications, get, */*, allow
249+
p, role:konflux-argocd-devs, applications, sync, */*, allow
250+
p, role:konflux-argocd-devs, logs, get, */*, allow
251+
g, konflux-admins, role:konflux-argocd-devs
252+
g, konflux-build, role:konflux-argocd-devs
253+
g, konflux-contributors, role:konflux-argocd-devs
254+
g, konflux-devprod, role:konflux-argocd-devs
255+
g, konflux-ec, role:konflux-argocd-devs
256+
g, konflux-infra, role:konflux-argocd-devs
257+
g, konflux-integration, role:konflux-argocd-devs
258+
g, konflux-kubearchive, role:konflux-argocd-devs
259+
g, konflux-migration, role:konflux-argocd-devs
260+
g, konflux-mintmaker-team, role:konflux-argocd-devs
261+
g, konflux-o11y, role:konflux-argocd-devs
262+
g, konflux-qe, role:konflux-argocd-devs
263+
g, konflux-release-team, role:konflux-argocd-devs
264+
g, konflux-support-ops, role:konflux-argocd-devs
265+
g, konflux-ui, role:konflux-argocd-devs
266+
g, konflux-vanguard, role:konflux-argocd-devs

0 commit comments

Comments
 (0)