Skip to content

Commit eda46aa

Browse files
committed
Add infra-deployments production ArgoCD instance
KFLUXINFRA-4167
1 parent a494b81 commit eda46aa

19 files changed

Lines changed: 299 additions & 5 deletions
Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,7 @@
11
# ArgoCD infra-deployments Instance
22

3-
The ArgoCD infra-deployments instance component deploys an ArgoCD instance to manage the deployment of components in the [infra-deployments](https://github.com/redhat-appstudio/infra-deployments) repository. At the moment, this ArgoCD instance is only used to deploy components migrating to the universal components standard enacted by the ring deployments feature.
3+
The ArgoCD infra-deployments instance component deploys an ArgoCD instance to manage the deployment of components in the [infra-deployments](https://github.com/redhat-appstudio/infra-deployments) repository. At the moment, this ArgoCD instance is only used to deploy components migrating to the universal components standard enacted by the ring deployments feature.
4+
5+
## Secrets and Configurations (Vault)
6+
7+
External Secrets sync from Vault (via `appsre-stonesoup-vault`) into Kubernetes `Secret`s. Each cluster that the ArgoCD instance will deploy to must have an ExternalSecret with the label `argocd.argoproj.io/secret-type: cluster`. Additionally, ArgoCD requires a secret to reach the source repository, infra-deployments, since it is under a private organization. See the [Argo CD repos section](https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#repositories) and the [Argo CD clusters section](https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters) for more information on configuring clusters and repositories for ArgoCD.

components/argocd-infra-instance/internal-staging/external-secrets/redhat-appstudio-es.yaml renamed to components/argocd-infra-instance/base/redhat-appstudio-es.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
apiVersion: external-secrets.io/v1beta1
22
kind: ExternalSecret
33
metadata:
4-
name: redhat-appstudio-externalsecret
4+
name: redhat-appstudio-es
55
annotations:
66
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
77
argocd.argoproj.io/sync-wave: "-1"
@@ -12,7 +12,7 @@ spec:
1212
- extract:
1313
conversionStrategy: Default
1414
decodingStrategy: None
15-
key: production/infrastructure/github-argocd/kflux-c-prd-i01/redhat-appstudio
15+
key: staging/infrastructure/github-argocd/kflux-c-stg-i01/redhat-appstudio
1616
refreshInterval: 1h
1717
secretStoreRef:
1818
kind: ClusterSecretStore
Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
apiVersion: external-secrets.io/v1beta1
2+
kind: ExternalSecret
3+
metadata:
4+
name: fedora-01-es
5+
annotations:
6+
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
7+
argocd.argoproj.io/sync-wave: "-1"
8+
labels:
9+
argocd.argoproj.io/secret-type: cluster
10+
spec:
11+
dataFrom:
12+
- extract:
13+
conversionStrategy: Default
14+
decodingStrategy: None
15+
key: production/platform/terraform/generated/kflux-fedora-01/kflux-fedora-01
16+
refreshInterval: 1h
17+
secretStoreRef:
18+
kind: ClusterSecretStore
19+
name: appsre-stonesoup-vault
20+
target:
21+
creationPolicy: Owner
22+
deletionPolicy: Delete
23+
name: fedora-01-secret
Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
apiVersion: kustomize.config.k8s.io/v1beta1
2+
kind: Kustomization
3+
namespace: argocd-infra-deployments-staging
4+
5+
resources:
6+
- ocp-p01-es.yaml
7+
- prd-es01-es.yaml
8+
- prd-rh01-es.yaml
9+
- prd-rh02-es.yaml
10+
- prd-rh03-es.yaml
11+
- osp-p01-es.yaml
12+
- rhel-p01-es.yaml
13+
- fedora-01-es.yaml
Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
apiVersion: external-secrets.io/v1beta1
2+
kind: ExternalSecret
3+
metadata:
4+
name: ocp-p01-es
5+
annotations:
6+
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
7+
argocd.argoproj.io/sync-wave: "-1"
8+
labels:
9+
argocd.argoproj.io/secret-type: cluster
10+
spec:
11+
dataFrom:
12+
- extract:
13+
conversionStrategy: Default
14+
decodingStrategy: None
15+
key: production/platform/kflux-ocp-p01
16+
refreshInterval: 1h
17+
secretStoreRef:
18+
kind: ClusterSecretStore
19+
name: appsre-stonesoup-vault
20+
target:
21+
creationPolicy: Owner
22+
deletionPolicy: Delete
23+
name: ocp-p01-secret
Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
apiVersion: external-secrets.io/v1beta1
2+
kind: ExternalSecret
3+
metadata:
4+
name: osp-p01-es
5+
annotations:
6+
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
7+
argocd.argoproj.io/sync-wave: "-1"
8+
labels:
9+
argocd.argoproj.io/secret-type: cluster
10+
spec:
11+
dataFrom:
12+
- extract:
13+
conversionStrategy: Default
14+
decodingStrategy: None
15+
key: production/platform/terraform/generated/kflux-osp-p01/kflux-osp-p01
16+
refreshInterval: 1h
17+
secretStoreRef:
18+
kind: ClusterSecretStore
19+
name: appsre-stonesoup-vault
20+
target:
21+
creationPolicy: Owner
22+
deletionPolicy: Delete
23+
name: osp-p01-secret
Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
apiVersion: external-secrets.io/v1beta1
2+
kind: ExternalSecret
3+
metadata:
4+
name: prd-es01-es
5+
annotations:
6+
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
7+
argocd.argoproj.io/sync-wave: "-1"
8+
labels:
9+
argocd.argoproj.io/secret-type: cluster
10+
spec:
11+
dataFrom:
12+
- extract:
13+
conversionStrategy: Default
14+
decodingStrategy: None
15+
key: production/platform/kflux-prd-es01
16+
refreshInterval: 1h
17+
secretStoreRef:
18+
kind: ClusterSecretStore
19+
name: appsre-stonesoup-vault
20+
target:
21+
creationPolicy: Owner
22+
deletionPolicy: Delete
23+
name: prd-es01-secret
Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
apiVersion: external-secrets.io/v1beta1
2+
kind: ExternalSecret
3+
metadata:
4+
name: prd-p01-es
5+
annotations:
6+
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
7+
argocd.argoproj.io/sync-wave: "-1"
8+
labels:
9+
argocd.argoproj.io/secret-type: cluster
10+
spec:
11+
dataFrom:
12+
- extract:
13+
conversionStrategy: Default
14+
decodingStrategy: None
15+
key: production/platform/stone-prod-p01
16+
refreshInterval: 1h
17+
secretStoreRef:
18+
kind: ClusterSecretStore
19+
name: appsre-stonesoup-vault
20+
target:
21+
creationPolicy: Owner
22+
deletionPolicy: Delete
23+
name: prd-p01-secret
Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
apiVersion: external-secrets.io/v1beta1
2+
kind: ExternalSecret
3+
metadata:
4+
name: prd-p02-es
5+
annotations:
6+
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
7+
argocd.argoproj.io/sync-wave: "-1"
8+
labels:
9+
argocd.argoproj.io/secret-type: cluster
10+
spec:
11+
dataFrom:
12+
- extract:
13+
conversionStrategy: Default
14+
decodingStrategy: None
15+
key: production/platform/stone-prod-p02
16+
refreshInterval: 1h
17+
secretStoreRef:
18+
kind: ClusterSecretStore
19+
name: appsre-stonesoup-vault
20+
target:
21+
creationPolicy: Owner
22+
deletionPolicy: Delete
23+
name: prd-p02-secret
Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
apiVersion: external-secrets.io/v1beta1
2+
kind: ExternalSecret
3+
metadata:
4+
name: prd-rh01-es
5+
annotations:
6+
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
7+
argocd.argoproj.io/sync-wave: "-1"
8+
labels:
9+
argocd.argoproj.io/secret-type: cluster
10+
spec:
11+
dataFrom:
12+
- extract:
13+
conversionStrategy: Default
14+
decodingStrategy: None
15+
key: production/platform/stone-prd-rh01
16+
refreshInterval: 1h
17+
secretStoreRef:
18+
kind: ClusterSecretStore
19+
name: appsre-stonesoup-vault
20+
target:
21+
creationPolicy: Owner
22+
deletionPolicy: Delete
23+
name: prd-rh01-secret

0 commit comments

Comments
 (0)