diff --git a/Makefile b/Makefile index af598093..1430f9c2 100644 --- a/Makefile +++ b/Makefile @@ -168,6 +168,14 @@ setup-monitoring: dev-setup-fluxcd dev-setup-monitoring: setup-monitoring @$(KUBECTL) kustomize --load-restrictor='LoadRestrictionsNone' hack/distro/host-proxy | envsubst | kubectl apply -f - +dev-setup-argocd: dev-setup-fluxcd + @$(KUBECTL) kustomize --load-restrictor='LoadRestrictionsNone' hack/distro/argocd | envsubst | kubectl apply -f - + @$(MAKE) wait-for-helmreleases + @$(KUBECTL) kustomize --load-restrictor='LoadRestrictionsNone' hack/distro/argocd/application | envsubst | kubectl apply -f - + @printf "\n\033[32mAccess ArgoCD:\033[0m\n\n" + @printf " \033[1mkubectl get secret -n argocd argocd-initial-admin-secret -o jsonpath='{.data.password}' | base64 -d\033[0m\n\n" + @printf " \033[1mkubectl port-forward svc/argocd-server 9091:80 -n argocd\033[0m\n\n" + dev-setup-fluxcd: @$(KUBECTL) kustomize --load-restrictor='LoadRestrictionsNone' hack/distro/fluxcd | envsubst | kubectl apply -f - diff --git a/hack/distro/argocd/application/application.yaml b/hack/distro/argocd/application/application.yaml new file mode 100644 index 00000000..82022478 --- /dev/null +++ b/hack/distro/argocd/application/application.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: tenant-example +spec: + project: default + source: + path: gitops/simple/ + repoURL: 'https://github.com/projectcapsule/examples.git' + targetRevision: HEAD + destination: + namespace: default + server: 'https://kubernetes.default.svc' diff --git a/hack/distro/argocd/application/kustomization.yaml b/hack/distro/argocd/application/kustomization.yaml new file mode 100644 index 00000000..92e66520 --- /dev/null +++ b/hack/distro/argocd/application/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: argocd +resources: + - application.yaml diff --git a/hack/distro/argocd/kustomization.yaml b/hack/distro/argocd/kustomization.yaml new file mode 100644 index 00000000..7fcbf108 --- /dev/null +++ b/hack/distro/argocd/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - release.flux.yaml diff --git a/hack/distro/argocd/release.flux.yaml b/hack/distro/argocd/release.flux.yaml new file mode 100644 index 00000000..d326d99d --- /dev/null +++ b/hack/distro/argocd/release.flux.yaml @@ -0,0 +1,231 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: argocd + namespace: flux-system +spec: + serviceAccountName: kustomize-controller + interval: 30s + timeout: 10m + targetNamespace: argocd + releaseName: "argocd" + chart: + spec: + chart: argo-cd + version: "9.1.6" + sourceRef: + kind: HelmRepository + name: argocd + interval: 24h + install: + createNamespace: true + remediation: + retries: -1 + upgrade: + remediation: + remediateLastFailure: true + retries: -1 + driftDetection: + mode: enabled + values: + configs: + cm: + create: true + + + resource.customizations.health.capsule.clastix.io_Tenant: | + hs = {} + if obj.status ~= nil then + if obj.status.conditions ~= nil then + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Cordoned" and condition.status == "True" then + hs.status = "Suspended" + hs.message = condition.message + return hs + end + end + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" and condition.status == "False" then + hs.status = "Degraded" + hs.message = condition.message + return hs + end + if condition.type == "Ready" and condition.status == "True" then + hs.status = "Healthy" + hs.message = condition.message + return hs + end + end + end + end + + hs.status = "Progressing" + hs.message = "Waiting for Status" + return hs + + resource.customizations.actions.capsule.clastix.io_Tenant: | + mergeBuiltinActions: true + discovery.lua: | + actions = {} + actions["cordon"] = { + ["iconClass"] = "fa fa-solid fa-pause", + ["disabled"] = true, + } + actions["uncordon"] = { + ["iconClass"] = "fa fa-solid fa-play", + ["disabled"] = true, + } + + local suspend = false + if obj.spec ~= nil and obj.spec.cordoned ~= nil then + suspend = obj.spec.cordoned + end + + if suspend then + actions["uncordon"]["disabled"] = false + else + actions["cordon"]["disabled"] = false + end + + return actions + + definitions: + - name: cordon + action.lua: | + if obj.spec == nil then + obj.spec = {} + end + obj.spec.cordoned = true + return obj + + - name: uncordon + action.lua: | + if obj.spec ~= nil and obj.spec.cordoned ~= nil and obj.spec.cordoned then + obj.spec.cordoned = false + end + return obj + + resource.customizations.health.Namespace: | + hs = {} + + local function has_managed_ownerref() + if obj.metadata == nil or obj.metadata.ownerReferences == nil then + return false + end + + for _, ref in ipairs(obj.metadata.ownerReferences) do + if ref.kind == "Tenant" and ref.apiVersion == "capsule.clastix.io/v1beta2" then + return true + end + end + + return false + end + + local labels = {} + if obj.metadata ~= nil and obj.metadata.labels ~= nil then + labels = obj.metadata.labels + end + + local cordoned = labels["projectcapsule.dev/cordoned"] == "true" + + if cordoned and has_managed_ownerref() then + hs.status = "Suspended" + hs.message = "Namespace is cordoned (tenant-managed)" + return hs + end + + if obj.status ~= nil and obj.status.phase ~= nil then + if obj.status.phase == "Active" then + hs.status = "Healthy" + hs.message = "Namespace is Active" + return hs + else + hs.status = "Progressing" + hs.message = "Namespace phase is " .. obj.status.phase + return hs + end + end + + hs.status = "Progressing" + hs.message = "Waiting for Namespace status" + return hs + + resource.customizations.actions.Namespace: | + mergeBuiltinActions: true + discovery.lua: | + actions = { + cordon = { + iconClass = "fa fa-solid fa-pause", + disabled = true, + }, + uncordon = { + iconClass = "fa fa-solid fa-play", + disabled = true, + }, + } + + local function has_managed_ownerref() + if obj.metadata == nil or obj.metadata.ownerReferences == nil then + return false + end + + for _, ref in ipairs(obj.metadata.ownerReferences) do + if ref.kind == "Tenant" and ref.apiVersion == "capsule.clastix.io/v1beta2" then + return true + end + end + + return false + end + + if not has_managed_ownerref() then + return {} + end + + local labels = {} + if obj.metadata ~= nil and obj.metadata.labels ~= nil then + labels = obj.metadata.labels + end + + local cordoned = labels["projectcapsule.dev/cordoned"] == "true" + + if cordoned then + actions["uncordon"].disabled = false + else + actions["cordon"].disabled = false + end + + return actions + + definitions: + - name: cordon + action.lua: | + if obj.metadata == nil then + obj.metadata = {} + end + if obj.metadata.labels == nil then + obj.metadata.labels = {} + end + + obj.metadata.labels["projectcapsule.dev/cordoned"] = "true" + return obj + + - name: uncordon + action.lua: | + if obj.metadata ~= nil and obj.metadata.labels ~= nil then + obj.metadata.labels["projectcapsule.dev/cordoned"] = "false" + end + + return obj + +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: argocd + namespace: flux-system +spec: + interval: 24h0m0s + url: https://argoproj.github.io/argo-helm