File tree Expand file tree Collapse file tree
overlays/internal-staging
components/kargo/internal-production/projects/kargo-infra-common/base Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1313 template :
1414 metadata :
1515 name : kargo-{{nameNormalized}}
16- annotations :
17- kargo.akuity.io/authorized-stage : kargo-infra-common:ring-1-staging,kargo-infra-common:ring-2-production
1816 spec :
1917 project : default
2018 source :
Original file line number Diff line number Diff line change 1212 template :
1313 metadata :
1414 name : rover-group-sync
15- annotations :
16- kargo.akuity.io/authorized-stage : kargo-infra-common:ring-1-staging,kargo-infra-common:ring-2-production
1715 spec :
1816 project : default
1917 source :
Original file line number Diff line number Diff line change 1111 template :
1212 metadata :
1313 name : dummy-deployment-{{nameNormalized}}
14- annotations :
15- kargo.akuity.io/authorized-stage : kargo-infra-common:ring-1-staging
1614 spec :
1715 project : default
1816 source :
Original file line number Diff line number Diff line change 1+ ---
2+ apiVersion : v1
3+ kind : ServiceAccount
4+ metadata :
5+ name : argocd-app-reader
6+ ---
7+ apiVersion : v1
8+ kind : Secret
9+ metadata :
10+ name : argocd-app-reader-token
11+ annotations :
12+ kubernetes.io/service-account.name : argocd-app-reader
13+ type : kubernetes.io/service-account-token
14+ ---
15+ apiVersion : rbac.authorization.k8s.io/v1
16+ kind : ClusterRole
17+ metadata :
18+ name : kargo-infra-common-argocd-app-reader
19+ rules :
20+ - apiGroups :
21+ - argoproj.io
22+ resources :
23+ - applications
24+ verbs :
25+ - get
26+ ---
27+ apiVersion : rbac.authorization.k8s.io/v1
28+ kind : ClusterRoleBinding
29+ metadata :
30+ name : kargo-infra-common-argocd-app-reader
31+ roleRef :
32+ apiGroup : rbac.authorization.k8s.io
33+ kind : ClusterRole
34+ name : kargo-infra-common-argocd-app-reader
35+ subjects :
36+ - kind : ServiceAccount
37+ name : argocd-app-reader
38+ namespace : kargo-infra-common
Original file line number Diff line number Diff line change @@ -3,3 +3,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
33kind : Kustomization
44resources :
55 - rbac.yaml
6+ - argocd-app-reader.yaml
Original file line number Diff line number Diff line change @@ -87,12 +87,28 @@ spec:
8787 config :
8888 repoURL : ${{ vars.repoURL }}
8989 prNumber : ${{ outputs['open-pr'].pr.id }}
90- - uses : argocd-update
91- as : argocd-update
90+ - uses : http
91+ as : wait-for-revision
92+ retry :
93+ timeout : 15m
94+ config :
95+ method : GET
96+ url : https://kubernetes.default.svc/apis/argoproj.io/v1alpha1/namespaces/argocd-local/applications/${{ vars.component }}-in-cluster
97+ headers :
98+ - name : Authorization
99+ value : Bearer ${{ secret('argocd-app-reader-token').token }}
100+ insecureSkipTLSVerify : true
101+ successExpression : |
102+ response.status == 200 &&
103+ response.body?.status?.sync?.status == 'Synced' &&
104+ response.body?.status?.sync?.revision == '${{ outputs['wait-for-pr'].commit }}'
105+ failureExpression : |
106+ response.body?.status?.health?.status == 'Degraded' ||
107+ response.body?.status?.operationState?.phase in ['Failed', 'Error']
108+ timeout : 60s
109+ - uses : argocd-wait
110+ as : argocd-wait
92111 config :
93112 apps :
94113 - name : ${{ vars.component }}-in-cluster
95114 namespace : argocd-local
96- sources :
97- - repoURL : ${{ vars.repoURL }}
98- desiredRevision : ${{ outputs['wait-for-pr'].commit }}
Original file line number Diff line number Diff line change @@ -77,12 +77,28 @@ spec:
7777 config :
7878 repoURL : ${{ vars.repoURL }}
7979 prNumber : ${{ outputs['open-pr'].pr.id }}
80- - uses : argocd-update
81- as : argocd-update
80+ - uses : http
81+ as : wait-for-revision
82+ retry :
83+ timeout : 15m
84+ config :
85+ method : GET
86+ url : https://kubernetes.default.svc/apis/argoproj.io/v1alpha1/namespaces/argocd-local/applications/${{ vars.component }}-in-cluster
87+ headers :
88+ - name : Authorization
89+ value : Bearer ${{ secret('argocd-app-reader-token').token }}
90+ insecureSkipTLSVerify : true
91+ successExpression : |
92+ response.status == 200 &&
93+ response.body?.status?.sync?.status == 'Synced' &&
94+ response.body?.status?.sync?.revision == '${{ outputs['wait-for-pr'].commit }}'
95+ failureExpression : |
96+ response.body?.status?.health?.status == 'Degraded' ||
97+ response.body?.status?.operationState?.phase in ['Failed', 'Error']
98+ timeout : 60s
99+ - uses : argocd-wait
100+ as : argocd-wait
82101 config :
83102 apps :
84103 - name : ${{ vars.component }}-in-cluster
85104 namespace : argocd-local
86- sources :
87- - repoURL : ${{ vars.repoURL }}
88- desiredRevision : ${{ outputs['wait-for-pr'].commit }}
You can’t perform that action at this time.
0 commit comments