From ef85b41b2798b40240a0b7279f46a7747a5014d6 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 22 Feb 2023 12:52:46 +0000 Subject: [PATCH] Add ArgoCD (#17) Reviewed-on: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/pulls/17 --- badhouseplants/helmfile.yaml | 6 + badhouseplants/values/secrets.argocd.yaml | 27 ++++ badhouseplants/values/secrets.gitea.yaml | 5 +- badhouseplants/values/values.argocd.yaml | 148 ++++++++++++++++++++++ releases.yaml | 9 ++ repositories.yaml | 3 + 6 files changed, 196 insertions(+), 2 deletions(-) create mode 100644 badhouseplants/values/secrets.argocd.yaml create mode 100644 badhouseplants/values/values.argocd.yaml diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index b0cd0f7..11f4e86 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -11,11 +11,17 @@ releases: installed: true namespace: drone-service createNamespace: false + - <<: *longhorn installed: true namespace: longhorn-system createNamespace: false + - <<: *argocd + installed: true + namespace: argo-system + createNamespace: false + - <<: *nrodionov installed: true namespace: nrodionov-application diff --git a/badhouseplants/values/secrets.argocd.yaml b/badhouseplants/values/secrets.argocd.yaml new file mode 100644 index 0000000..9115eae --- /dev/null +++ b/badhouseplants/values/secrets.argocd.yaml @@ -0,0 +1,27 @@ +server: + config: + dex.config: ENC[AES256_GCM,data:w42nfkrcJlqjDduXn+lR0KHFWoL2lY+fwCnSpGZ46uaQFa+iP6Lr5yCdWfCBUrz+/9OKqqnt5GDD7gV2UH9m4eiJZ2fS0SLKsxgxyD+bPMr/F77+mqh+g7fWpo0GRnUt5kygRWwVzBPBJnp32zOX8TSiOD0Pt6HDcBPngkOWn4JlNQqC0e+NzW91BsLt5qmmF1lOyDKIKuTNOSb2tl1GM+nBad1G0CKXGlKmzT5a6j4p8DzZW6WmFA3824lH1ahwb5sb+ttPWx9C0OE0DOIyGPPNW/rDpwO5fU5+eTX+IwEWJK7/ZDt10X4gO/z4voI=,iv:TzXfBuc3N8iQibibwMblAmlLIsRBPAgm/OOs3zCdwiY=,tag:12ZOQBweFbT4gCcnfNo9nw==,type:str] +configs: + credentialTemplates: + ssh-creds: + sshPrivateKey: ENC[AES256_GCM,data:qQZuWVqu3G59OLMTtYW3BDfoo/3+SvLgQYzv0Aa2NQGb/5wVFejPiJR0BAMYZjkDSVgUZl/oVCT55I41QeKcNYfHtGcrWIFvizg5jW+K0U3ZvgtnY56J1GsrKWQIC29U5EHz/7xXTnSJkkiiVEBGOjwQHpfCgsqR5/qhwnFx+idLsdJGasMYjIJZttTtLpPsY1tgUwTzqJGQptJHqG+/EDcmI9ms6383ltgc6xsmezJDyoG3A2cMNp22qctIuqTIM6ltL9iosBmMsPM1MaiZyJ7rG5zNPymTCFDQUXwlUwFoDKJnN3GkY4ApzRv43iAw2aIX8ykifZVGZOuvV/ifzUuDoemsGjD7X3GN+ngVNwdLm1qSkcnb21Q22kVmBxotIQaF9eN/LqDk2ULEMX3Yvml886yo4AnxlIA8zW8XzFfEILrEswv555P5p3Mswl0+KAIDo7cYav495U9cYrttHbU5wvr9br5JekNKVSgTigwFraq2ZUE8Za3Ru7VOuljywRwe0VEvhFv8SJoH9NZJyl8ME0+uH1R6YtIodkHpB6b6wtyCwtPXjkUkR8nzi4VU0L3zq90e/DvmX/a/q4uEHtLPiIEMFbKtUQ8v8mmscYEEvYIsIBO0VcY2CUFbEs7r56uFOiysqB4d4ySGFjdQceRTLhG7/kUjjYtGEByVcFXllhAV+1C0vXHgOXc4G+EowObbcyj+sA4hxFVL8/f0s7znVCQbZhztQsxfFr5+76X+nzkXkkhauUsMChybmVmGTU+hYnZ8XuOK6X+tRixoVNlcitFD+NxTksvDeJDIShaQvH2cjLLbkze9GmUVr3EvifQhXdw29rpgySVE0Tjn+YL23Ft8dToqR6QwTASLi/vcvbjpx5NtchuR5QFxwZYY8ROTljSQS61AMdszr5cR0BwtFY8j59Aj25sEJeasi44xzUlBxAGazHjzBDxDU7XIpGV/IkiMtaEuEXKGRpVqhQrszvuXOf9K4TwxuVvhlrSVvU7M/lQzJUzkSFOSvO9nzfnkVLwqTdTX56ODFs10vRowClKetC6PpuAclw85WlC1OTkkAL8RUCWyoPQUU+EYolUCW5nMp4P8X1XK3qvRpBU6BdjnnuLQAi1bYu8t0f4vTYoLvYTwlMGXizMHEks6me5pPD7mq5HvpR2e7i1ZzJ3oQaKPB9n8AsugFeRStAal7HHrfEA6NVXLlBYdiq9oRgwllZwi5dsw4m6ABhh+angCWkIsjB9+n9NKOdJowvyDDx1JE/Ai4wb+8hbTLtAold6YJgNA5aT7LeSVaxWVB+V8w1ghn3UJzI6SGdayJqUH+VAUDvBg4LeqGH2vrod57SF4FMmqGTQwN7cYxW0fDT9V8xnb2nQu7WaE04Miw5hlsB4uTRUfeMrXXvt3R2N8azqQDF9Himtl48U3by9vv8FPsNhq3XvAPY5/TCzHz93bnWWmdtyZlHTFz2wRAwaTwOfFpN7oMW6YyVo6UUpw10zap0Jfboq8szF////nwEHf8qGw3dxT85WwBR9KBPwFuHZQsoUOuy00PuAB5fVvXXWBiCnzYwWgY3NqTBkLYbV8D/6UnLlfAHhnEok7QXf7P4xqbB/6EmqCmGBw5ZgPqg0bY6mOTnMrfqiKV9+Q0Mhe8eFPNOr2zoR+VYRDnWX+rJu1+OAK8QegH1Jn3RlOg3lXoFDFLelq6GEq1Kdbr83goL59/uRu4VNvAArUJ9tk4Vn2vWEtnbpjRcyjwAHIc1YXphY53cPFdSjYCeoNv5MDEt3oJAKWhSX7Ql6ledftGWB4fhns0OK4+zLN6osqrPNtLyS7iqXhcwmUIx+b6jzblKt/FAssFOw6VVpi+nVrBWHDW4lhHiCu37VYS15Vtjw+JCPbAe30MOquhXn1CnEnoV8mDoDGTeMpvpP4BTTgsLmloXfv8/+TjNYfzSWivvXjY1K0P/KGqoEJfIyYDyuxi7t2qJ/CwdvBTJkF/cTX6yvX6IvijKuUco2aIgpoZfg4JR6VL7Gk3Cvf3YBvnvG8TspBOfO3ZhwTS6vfQeDLs6kf+gBtXduJTqAXuy8X8B4RZxsNGZZD8hsSVH6xP5akN6waGqG+xDQxKTT7FCpmi0igvvANRROF3+KxGigPTrIqa33WDglrD6tUfUKNUW/SuZXXjbrgo0lillsXj6i7esSLfgH9CjUfeVUW/mI7mvW+0xjV/eeZtxRnz3ADGgfObV0XakEFBDhDnXtmdN7RN+Q+UvtN0uYGYWYqnIPNewm5RYwVGtGNWOB42PdaKH0qRUdWvCAbsKflPxW5pJNZlejhoMm+3+j2UlrY59dGqTVPoXkWgIGxFkubrtN06zAhVEV6/PcCZoGJmZsPWIfiY5k/BZljtZLAa1e2cboD/0q8iX0VzyRSmuKzVYMa6/NTU3PQ8l2x5fQRRq5OR33P2N36Wb6cO7GB9mEKAElTnd8oLlJ3T27EBctdNf8gOBIYWtGo+lYtKeh/NJm5o7KGIdjhThi7Lrbyqaxb294yxydmrJBh64dws+f3IhUQBLz+6lk5PM7EtrBCGuN7PqdqQMHqWMcCvDCHxY5X/U4zrWMAClEifJfC0b+3HthLkBHb388nGMo2ymHq683s0PxmmY0lfpncUEGHu+1J5E3w2BEy5Qv83x0RQDoDFab5lxILo6VSmZru+Kj18yeqNiNw/CzHaMvID7Gio1jaq3DsuD4bA9ne5Je5yAK8INrYRDCSzMfQpc2QqE306tonmsu37EKGHTCOaaqfL8/f31nqZcdKAdidM4JBa+osYYVUCp50Nn8h94dczpjvC+M2hEQXbibUSwyPjDv7ptwfZSEPG1mjbrOEpRSbzh3lGbE5q9K7bNyt0aJRi2gOw/shU5rPxmJ5KoL0HUEc74pZRG+Csa3ZKruqYqOEezgZmVwo0E3NQD8u/y/oF/L8hgKj2jcRmJS/pKbr2Tv+Sde1ZYdZjsXW6tFRjPDZGyhjHBriPLikN097kmuPFWS3f4ZFPyHM/Az2uzPPBFGv7VchUbFScIDgBIq+fYnTPtjjST7FgsDxpzTkj8uliU9z7r0dTIawC8qSUYErsFYSvUITySWTam0R04yitaArcH5fLEhEeKKMjGUVkwwxGxfv9Fql6Zs1YSCKka9aynXDUmw6igbRJVIPtmEosrmFUzlX1OEiJrX5xWOVAv3wQ2vrxvwHlmOMtr/cQagvASds2kC4QJ4qSwc8YdpLAwrn4+h7uNP/QChAOVCiGQXpFqd5ab/LBc6Gc/1Zxilil1kecMFBc/XmVssw72XSVoXVJPlIyiSYOAtm1BGQHJXRspP06/M+/5ffaHoEevqB47kf6bE8c3F9SwksgwGtaqXdFBoKSQcret8Tww9C8ZwDji8v/woVu2COXWaF2HLg3r3vrXa+DVVz1ENtOmJEJYTCuLmdqpZsWv4olC2wcCUEA+po9kZbVcEAfKd0xe/0x2fzqQ==,iv:lDEAwKxgoRPH5AtF2kYxPQjHkw3/kbbpoz3jlUsEpTI=,tag:6dbL9WZoTZ2xSrSVE4Dlhg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxTWUxY2hYT0dId2hsR0x1 + MXFtRjlSelgwdUcyVnBUdlJ6Nng1UkNJaHg4Ckc5NXBORjBCZHQyc0lDTiswazNF + cGhKVFFNdlZnRWlxS05OTklOUDJDQjQKLS0tIDNWNDVVWXcxUW8yUHgrOTNkRkQ1 + MGNDV2cvUUF3dWZHSlZNeVFDNXhzalkKubKuiiZuqoZTvRMr2FiUxnFUu+Pvj3Wf + pZTfZg9rnUukmV+kmwqQKcfoPNfeShhoAsszWwPM628cV9pq87I2/A== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-02-22T09:30:43Z" + mac: ENC[AES256_GCM,data:YSSFYlfJT5kCAt7MkuPvR2HMUcodSo410Vn0yZDFcRXb0CoE2KRjbwdkB8BD5DiamdO6viiitlnqRo5gzJv0e0kDu80QEjyCcEImkMSffnufMbFfkQWUylbBGx6iFkDhnsD3iEcYfnaE/W4k5shPYVfOmEjpzMLKX5CcC46oBQY=,iv:CGtXUGTG8Ax8NCkFXXf2eSSvnMW2xEpqUS2Tttzd0RI=,tag:WwIXtMXCUqmiK55f21lUCw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/badhouseplants/values/secrets.gitea.yaml b/badhouseplants/values/secrets.gitea.yaml index 2a1daa2..7d4a1f7 100644 --- a/badhouseplants/values/secrets.gitea.yaml +++ b/badhouseplants/values/secrets.gitea.yaml @@ -4,6 +4,7 @@ postgresql: postgresqlDatabase: ENC[AES256_GCM,data:hJfOcMc=,iv:/M0BkKTSojwNcd0nUETwaQJeNWNuIPugROHsQD+VyvY=,tag:7Ljs3VlZ2BLCMYXuU2XtpA==,type:str] postgresqlUsername: ENC[AES256_GCM,data:3c+n9o4=,iv:i3rgY+NvP6lUqXQHbRYQSWIVxlvmI2LHFsZ1wLMkPsE=,tag:ykMrMgxN0nMjpgsdbkCHDw==,type:str] postgresqlPassword: ENC[AES256_GCM,data:8qmyYj/FcclYfd6h8FqICQ9vRFE=,iv:hhHjXdZY393PnG7KnXuXiRnf/Nooc6fbuG/Vnfm9uPQ=,tag:a5HArQdN2YEQa011pZkw5g==,type:str] + postgresqlPostgresPassword: ENC[AES256_GCM,data:eAOXc+LouMdlfw==,iv:ePyDlj2wUkI7JoaUE38I7a/2mkaIL6iqN5QVp92FDN4=,tag:SE+BaOK5CZHT/Xowjov/CA==,type:str] gitea: admin: username: ENC[AES256_GCM,data:f4o3zs74rjY=,iv:t5Cx0suxiZduwL2bsfNyxOVI8RZH1ytEGUdOF2nONco=,tag:mo/BwFwzw7e8tAX6LyaIQg==,type:str] @@ -24,8 +25,8 @@ sops: Ym5KMWw5ZDBBZzJBcHBXdFZiaDZpU0UKNl/GkGP25D7z5a8mVBmoSTfOM3EzymPN WW62zIoBHlwLxF9nwj1xCCtcL1XKgiB8nnn4IrY3ljqFc0VkxD9dnQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-02-19T20:56:47Z" - mac: ENC[AES256_GCM,data:I4TVIsmcuFAvOCM9rjMHVAokmNzyAZJZ5tSNnWhLRk+WfOUQ8OMuJ0GlzE9EJxeIM2LMLU475EvKyMnrqmsFFsP7VE+t2yxG3kioAr5zDvaqqJ1OVrpKEGRH+EQrc96vc5bv5v94kqU6uQRdxm+q/or+rMm7Gf0P4vifaQPxBIo=,iv:ujv0Vlh71isP/gG3B96M8f1vA13jAjn7pnrezAqTSVY=,tag:N8I29R21DYvby7t03i5nbA==,type:str] + lastmodified: "2023-02-22T09:43:31Z" + mac: ENC[AES256_GCM,data:CsAwzOnU31crz6+rQjwutDUtZK5Qq9EQHWNYAnmVFhy3fWYT4+9eLK2gSjq+kVZD9QC/vH31Kf1QEKMKu9Kol8TuDZN+UEEuuixQNqi2hcPbMV43HVOFdFOR475jLbkUo2S09Bs6b4i5f7NbpxCuy/am4K0p4K4839cRyN8pADI=,iv:w6tpLCM/FbyMgZpjXF5MVB4/UcBUvOUYzMa9hln4poc=,tag:SMpnEtR2l4H6VRqJPT7Frg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/badhouseplants/values/values.argocd.yaml b/badhouseplants/values/values.argocd.yaml new file mode 100644 index 0000000..3634111 --- /dev/null +++ b/badhouseplants/values/values.argocd.yaml @@ -0,0 +1,148 @@ +controller: + resources: + limits: + memory: 512Mi + cpu: 200m + requests: + cpu: 100m + memory: 512Mi + metrics: + enabled: false + applicationLabels: + enabled: false + labels: [] + service: + annotations: {} + labels: {} + servicePort: 8082 + portName: http-metrics + serviceMonitor: + enabled: false + interval: 30s + relabelings: [] + metricRelabelings: [] + selector: {} + scheme: "" + tlsConfig: {} + additionalLabels: {} + rules: + enabled: false + spec: [] +dex: + metrics: + enabled: false + serviceMonitor: + enabled: false +redis: + metrics: + enabled: false + serviceMonitor: + enabled: false +server: + metrics: + enabled: false + serviceMonitor: + enabled: false + rbacConfig: + policy.default: role:readonly + scopes: "[email, group]" + policy.csv: | + g, allanger@zohomail.com, role:admin + g, rodion.n.rodionov@gmail.com, role:admin + config: + exec.enabled: "true" + url: https://argo.badhouseplants.net + kustomize.buildOptions: "--enable-alpha-plugins" + + extraArgs: + - --insecure + +repoServer: + metrics: + enabled: true + serviceMonitor: + enabled: false + + imagePullSecrets: + - name: regcred + volumes: + - emptyDir: {} + name: cmp-tmp + - name: custom-tools + emptyDir: {} + - name: helm-plugins + emptyDir: {} + env: + - name: HELM_PLUGINS + value: /helm-plugins + - name: install-ksops + image: viaductoss/ksops:v3.0.2 + command: ["/bin/sh", "-c"] + args: + - echo "Installing KSOPS..."; + mv ksops /custom-tools/; + mv $GOPATH/bin/kustomize /custom-tools/; + echo "Done."; + volumeMounts: + - mountPath: /custom-tools + name: custom-tools + - name: install-helm-secrets + image: alpine:latest + command: [sh, -ec] + env: + - name: HELM_SECRETS_VERSION + value: "3.12.0" + - name: KUBECTL_VERSION + value: "1.24.3" + - name: VALS_VERSION + value: "0.18.0" + - name: SOPS_VERSION + value: "3.7.3" + args: + - | + mkdir -p /custom-tools/helm-plugins + wget -qO- https://github.com/jkroepke/helm-secrets/releases/download/v${HELM_SECRETS_VERSION}/helm-secrets.tar.gz | tar -C /custom-tools/helm-plugins -xzf-; + + wget -qO /custom-tools/sops https://github.com/mozilla/sops/releases/download/v${SOPS_VERSION}/sops-v${SOPS_VERSION}.linux + wget -qO /custom-tools/kubectl https://dl.k8s.io/release/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl + + wget -qO- https://github.com/variantdev/vals/releases/download/v${VALS_VERSION}/vals_${VALS_VERSION}_linux_amd64.tar.gz | tar -xzf- -C /custom-tools/ vals; + + chmod +x /custom-tools/* + volumeMounts: + - mountPath: /custom-tools + name: custom-tools + + volumeMounts: + - mountPath: /usr/local/bin/kustomize + name: custom-tools + subPath: kustomize + - mountPath: /.config/kustomize/plugin/viaduct.ai/v1/ksops/ksops + name: custom-tools + subPath: ksops + - mountPath: /helm-plugins + name: helm-plugins + + +configs: + credentialTemplates: + ssh-creds: + url: git@github.com + +applicationSet: + metrics: + enabled: false + serviceMonitor: + enabled: false + + repositories: + argo-deployment: + url: git@github.com:allanger/argo-deployment.git + name: argo-deployment + insecure: "true" + type: git + cluster-config: + url: git@github.com:allanger/cluster-config.git + name: cluster-config + insecure: "true" + type: git diff --git a/releases.yaml b/releases.yaml index 21d774a..7c1b678 100644 --- a/releases.yaml +++ b/releases.yaml @@ -51,6 +51,15 @@ templates: version: 1.4.0 inherit: - template: default-env-values + + argocd: &argocd + name: argocd + chart: argo/argo-cd + version: 5.20.2 + inherit: + - template: crd-management-hook + - template: default-env-values + - template: default-env-secrets # ---------------------------- # -- Istio # ---------------------------- diff --git a/repositories.yaml b/repositories.yaml index 450f037..1588688 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -22,3 +22,6 @@ repositories: url: https://dl.gitea.io/charts/ - name: ananace-charts url: https://ananace.gitlab.io/charts + - name: argo + url: https://argoproj.github.io/argo-helm +