Skip to content

Commit 41f5685

Browse files
committed
Create an ArgoCD instance for infra-deployments
Use GitOps to deploy ArgoCD instances for infra-deployments KFLUXINFRA-4167
1 parent 02bb91a commit 41f5685

18 files changed

Lines changed: 747 additions & 0 deletions

File tree

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
---
2+
apiVersion: argoproj.io/v1alpha1
3+
kind: ApplicationSet
4+
metadata:
5+
name: argocd-infra-deployments
6+
spec:
7+
generators:
8+
- clusters:
9+
values:
10+
sourceRoot: components/argocd-infra-deployments
11+
environment: ""
12+
clusterName: ""
13+
template:
14+
metadata:
15+
name: argocd-infra-deployments-{{nameNormalized}}
16+
spec:
17+
project: default
18+
source:
19+
path: '{{values.sourceRoot}}/{{values.environment}}'
20+
repoURL: https://github.com/redhat-appstudio/infra-common-deployments.git
21+
targetRevision: main
22+
destination:
23+
namespace: argocd-infra-deployments-{{values.environment}}
24+
name: in-cluster
25+
syncPolicy:
26+
automated:
27+
prune: true
28+
selfHeal: true
29+
syncOptions:
30+
- CreateNamespace=true
31+
retry:
32+
limit: -1
33+
backoff:
34+
duration: 10s
35+
factor: 2
36+
maxDuration: 3m
Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
---
2+
apiVersion: kustomize.config.k8s.io/v1beta1
3+
kind: Kustomization
4+
resources:
5+
- appset.yaml

argo-cd-apps/base/internal/kustomization.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@
22
apiVersion: kustomize.config.k8s.io/v1beta1
33
kind: Kustomization
44
resources:
5+
- argocd-infra-instance
56
- internal-services
67
- openshift-pipelines
78
- kargo
Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
# See the OWNERS docs: https://go.k8s.io/owners
2+
3+
approvers:
4+
- konflux-infra-team
5+
6+
reviewers:
7+
- konflux-infra-team
Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
# ArgoCD infra-deployments
2+
3+
The ArgoCD infra-deployments component deploys an ArgoCD instance to manage the deployment of components in the [infra-deployments](https://github.com/redhat-appstudio/infra-deployments) repository. At the moment, this ArgoCD instance is only used to deploy components migrating to the universal components standard enacted by the ring deployments feature.
Lines changed: 315 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,315 @@
1+
apiVersion: argoproj.io/v1beta1
2+
kind: ArgoCD
3+
metadata:
4+
name: argocd-infra-deployments-staging
5+
namespace: argocd-infra-deployments-staging
6+
spec:
7+
kustomizeBuildOptions: "--enable-helm"
8+
resourceTrackingMethod: annotation
9+
extraConfig:
10+
resource.compareoptions: |
11+
# disables status field diffing in specified resource types
12+
ignoreAggregatedRoles: true
13+
resource.customizations.ignoreResourceUpdates.all: |-
14+
jsonPointers:
15+
- /status
16+
resource.ignoreResourceUpdatesEnabled: 'true'
17+
# Taken from: https://docs.crossplane.io/latest/guides/crossplane-with-argo-cd/#set-health-status
18+
resource.customizations: |
19+
"*.crossplane.io/*":
20+
health.lua: |
21+
health_status = {
22+
status = "Progressing",
23+
message = "Provisioning ..."
24+
}
25+
26+
local function contains (table, val)
27+
for i, v in ipairs(table) do
28+
if v == val then
29+
return true
30+
end
31+
end
32+
return false
33+
end
34+
35+
local has_no_status = {
36+
"Composition",
37+
"CompositionRevision",
38+
"DeploymentRuntimeConfig",
39+
"ControllerConfig",
40+
"ProviderConfig",
41+
"ProviderConfigUsage"
42+
}
43+
44+
if obj.status == nil or next(obj.status) == nil and contains(has_no_status, obj.kind) then
45+
health_status.status = "Healthy"
46+
health_status.message = "Resource is up-to-date."
47+
return health_status
48+
end
49+
50+
if obj.status == nil or next(obj.status) == nil or obj.status.conditions == nil then
51+
if obj.kind == "ProviderConfig" and obj.status.users ~= nil then
52+
health_status.status = "Healthy"
53+
health_status.message = "Resource is in use."
54+
return health_status
55+
end
56+
return health_status
57+
end
58+
59+
for i, condition in ipairs(obj.status.conditions) do
60+
if condition.type == "LastAsyncOperation" then
61+
if condition.status == "False" then
62+
health_status.status = "Degraded"
63+
health_status.message = condition.message
64+
return health_status
65+
end
66+
end
67+
68+
if condition.type == "Synced" then
69+
if condition.status == "False" then
70+
health_status.status = "Degraded"
71+
health_status.message = condition.message
72+
return health_status
73+
end
74+
end
75+
76+
if contains({"Ready", "Healthy", "Offered", "Established"}, condition.type) then
77+
if condition.status == "True" then
78+
health_status.status = "Healthy"
79+
health_status.message = "Resource is up-to-date."
80+
return health_status
81+
end
82+
end
83+
end
84+
85+
return health_status
86+
resourceHealthChecks:
87+
- group: logging.openshift.io
88+
kind: ClusterLogForwarder
89+
check: |
90+
local obj = resource
91+
local hs = {
92+
status = "Progressing",
93+
message = "Waiting for pipeline readiness status"
94+
}
95+
local allPipelines = {}
96+
local notReadyPipelines = {}
97+
98+
local pipelines = (obj and obj.status and type(obj.status) == "table" and obj.status.pipelines) or {}
99+
for _, pipeline in ipairs(pipelines) do
100+
local conditions = pipeline.conditions or { { type = "Ready", status = "False", message = "The conditions field is missing for " .. pipeline.name } }
101+
for _, condition in ipairs(conditions) do
102+
if condition.type == "Ready" then
103+
hs.message = condition.message
104+
hs.status = condition.status == "False" and "Degraded" or "Healthy"
105+
table.insert(allPipelines, pipeline.name)
106+
if hs.status == "Degraded" then
107+
table.insert(notReadyPipelines, pipeline.name)
108+
end
109+
end
110+
end
111+
end
112+
113+
hs.status = #notReadyPipelines == 0 and "Healthy" or "Degraded"
114+
hs.message = #notReadyPipelines == 0 and "All pipelines are ready" or "Not ready pipelines: " .. table.concat(notReadyPipelines, ", ")
115+
116+
return hs
117+
- group: operators.coreos.com
118+
kind: Subscription
119+
check: |
120+
health_status = {}
121+
if obj.status ~= nil then
122+
if obj.status.conditions ~= nil then
123+
numDegraded = 0
124+
numPending = 0
125+
msg = ""
126+
for i, condition in pairs(obj.status.conditions) do
127+
msg = msg .. i .. ": " .. condition.type .. " | " .. condition.status .. "\n"
128+
if condition.type == "InstallPlanPending" and condition.status == "True" then
129+
numPending = numPending + 1
130+
elseif (condition.type == "InstallPlanMissing" and condition.reason ~= "ReferencedInstallPlanNotFound") then
131+
numDegraded = numDegraded + 1
132+
elseif (condition.type == "CatalogSourcesUnhealthy" or condition.type == "InstallPlanFailed" or condition.type == "ResolutionFailed") and condition.status == "True" then
133+
numDegraded = numDegraded + 1
134+
end
135+
end
136+
end
137+
if numDegraded == 0 and numPending == 0 then
138+
health_status.status = "Healthy"
139+
health_status.message = msg
140+
return health_status
141+
elseif numPending > 0 and numDegraded == 0 and obj.spec.installPlanApproval == "Manual" then
142+
health_status.status = "Healthy"
143+
health_status.message = "An install plan for a subscription is pending installation but install plan approval is set to manual so considering this as healthy: " .. msg
144+
return health_status
145+
elseif numPending > 0 and numDegraded == 0 then
146+
health_status.status = "Progressing"
147+
health_status.message = "An install plan for a subscription is pending installation"
148+
return health_status
149+
else
150+
health_status.status = "Degraded"
151+
health_status.message = msg
152+
return health_status
153+
end
154+
end
155+
return health_status
156+
server:
157+
annotations:
158+
ignore-check.kube-linter.io/unset-cpu-requirements: "no cpu limits"
159+
autoscale:
160+
enabled: false
161+
grpc:
162+
ingress:
163+
enabled: false
164+
ingress:
165+
enabled: false
166+
resources:
167+
limits:
168+
memory: 256Mi
169+
requests:
170+
cpu: 125m
171+
memory: 128Mi
172+
route:
173+
enabled: true
174+
tls:
175+
termination: reencrypt
176+
service:
177+
type: ''
178+
grafana:
179+
enabled: false
180+
ingress:
181+
enabled: false
182+
resources:
183+
limits:
184+
memory: 256Mi
185+
requests:
186+
cpu: 250m
187+
memory: 128Mi
188+
route:
189+
enabled: false
190+
notifications:
191+
enabled: false
192+
prometheus:
193+
enabled: false
194+
ingress:
195+
enabled: false
196+
route:
197+
enabled: false
198+
initialSSHKnownHosts: {}
199+
sso:
200+
dex:
201+
openShiftOAuth: true
202+
resources:
203+
limits:
204+
cpu: 500m
205+
memory: 256Mi
206+
requests:
207+
cpu: 250m
208+
memory: 128Mi
209+
provider: dex
210+
applicationSet:
211+
annotations:
212+
ignore-check.kube-linter.io/unset-cpu-requirements: "no cpu limits"
213+
resources:
214+
limits:
215+
memory: 1Gi
216+
requests:
217+
cpu: 250m
218+
memory: 512Mi
219+
webhookServer:
220+
ingress:
221+
enabled: false
222+
route:
223+
enabled: false
224+
rbac:
225+
policy: |
226+
p, role:developer, applications, sync, default/*, allow
227+
p, role:developer, applications, get, default/*, allow
228+
p, role:developer, logs, get, default/*, allow
229+
230+
g, argocd-developers, role:developer
231+
232+
p, role:tenants-config-sync, applications, sync, tenants-config/*, allow
233+
g, system:authenticated, role:tenants-config-sync
234+
235+
p, role:release-eng, applications, sync, tenants-config/*, allow
236+
p, role:release-eng, applications, get, tenants-config/*, allow
237+
p, role:release-eng, logs, get, tenants-config/*, allow
238+
239+
p, role:release-eng, applications, sync, rh-managed-workspaces-config/*, allow
240+
p, role:release-eng, applications, get, rh-managed-workspaces-config/*, allow
241+
p, role:release-eng, logs, get, rh-managed-workspaces-config/*, allow
242+
243+
g, argocd-release-eng, role:release-eng
244+
245+
scopes: '[groups]'
246+
repo:
247+
annotations:
248+
ignore-check.kube-linter.io/unset-cpu-requirements: "no cpu limits"
249+
resources:
250+
limits:
251+
memory: 2Gi
252+
requests:
253+
cpu: 250m
254+
memory: 2Gi
255+
resourceExclusions: |
256+
- apiGroups:
257+
- tekton.dev
258+
clusters:
259+
- '*'
260+
kinds:
261+
- TaskRun
262+
- PipelineRun
263+
- apiGroups:
264+
- '*'
265+
kinds:
266+
- ProviderConfigUsage
267+
- apiGroups:
268+
- kyverno.io
269+
kinds:
270+
- AdmissionReport
271+
- BackgroundScanReport
272+
- ClusterAdmissionReport
273+
- ClusterBackgroundScanReport
274+
clusters:
275+
- '*'
276+
ha:
277+
enabled: true
278+
resources:
279+
limits:
280+
cpu: 500m
281+
memory: 256Mi
282+
requests:
283+
cpu: 250m
284+
memory: 128Mi
285+
tls:
286+
ca: {}
287+
redis:
288+
autotls: openshift
289+
resources:
290+
limits:
291+
memory: 256Mi
292+
requests:
293+
cpu: 250m
294+
memory: 128Mi
295+
controller:
296+
annotations:
297+
ignore-check.kube-linter.io/unset-cpu-requirements: "no cpu limits"
298+
processors: {}
299+
resources:
300+
limits:
301+
memory: 10Gi
302+
requests:
303+
cpu: 3
304+
memory: 5Gi
305+
sharding:
306+
enabled: true
307+
replicas: 3
308+
env:
309+
- name: ARGOCD_CONTROLLER_SHARDING_ALGORITHM
310+
value: round-robin
311+
- name: ARGOCD_CLUSTER_CACHE_LIST_PAGE_SIZE
312+
value: "2000"
313+
- name: ARGOCD_CLUSTER_CACHE_LIST_PAGE_BUFFER_SIZE
314+
value: "4"
315+
logLevel: debug

0 commit comments

Comments
 (0)