Gitops for SCMM, Registry, Jenkins

argocd/cluster-resources/apps/argocd/applications/bootstrap.ftl.yaml → argocd/cluster-resources/apps/argocd/applications/applications.ftl.yaml

@@ -2,7 +2,7 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
-  name: bootstrap
+  name: applications
   namespace: ${config.application.namePrefix}argocd
 # finalizer disabled, because otherwise everything under this Application would be deleted as well, if this Application is deleted by accident
 #  finalizers:
@@ -13,7 +13,7 @@ spec:
     namespace: ${config.application.namePrefix}argocd
   project: argocd
   source:
-    path: apps/argocd/applications/
+    path: apps/argocd/applications
     repoURL: ${scm.repoUrl}argocd/cluster-resources.git
     targetRevision: main
     directory:

argocd/cluster-resources/apps/argocd/applications/argocd.ftl.yaml

@@ -1,32 +1,34 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
+---
+apiVersion: "argoproj.io/v1alpha1"
+kind: "Application"
 metadata:
-  name: argocd
+  name: "argocd"
   namespace: ${config.application.namePrefix}argocd
-  annotations:
-    # Only app with the sync-status-unknown alert, so that we only get one alert when SCM is not reachable.
-    # Otherwise, there would be a spam wave by every application everytime the SCM is not reachable.
-<#if config.features.mail.active?? && config.features.mail.active>
-    notifications.argoproj.io/subscribe.on-sync-status-unknown.email: ${config.features.argocd.emailToAdmin}
-</#if>
-# finalizer disabled, because otherwise everything under this Application would be deleted as well, if this Application is deleted by accident
-#  finalizers:
-#    - resources-finalizer.argocd.argoproj.io
 spec:
   destination:
-    server: https://kubernetes.default.svc
+    server: "https://kubernetes.default.svc"
     namespace: ${config.application.namePrefix}argocd
-  project: argocd
-  source:
-    path: apps/argocd/${config.features.argocd.operator?string("operator/", "argocd/")}
-    repoURL: ${scm.repoUrl}argocd/cluster-resources.git
-    targetRevision: main
-    # needed to sync the operator/rbac folder
-    <#if config.features.argocd.operator>
+  project: "argocd"
+  sources:
+  - repoURL: ${config.features.argocd.helm.repoURL}
+    chart: ${config.features.argocd.helm.chart}
+    targetRevision: ${config.features.argocd.helm.version}
+    helm:
+      releaseName: ${config.application.namePrefix}argocd
+      valueFiles:
+      - "$values/apps/argocd/argocd-gop-helm.yaml"
+      - "$values/apps/argocd/argocd-user-values.yaml"
+      ignoreMissingValueFiles: true
+  - repoURL: ${scm.repoUrl}argocd/cluster-resources.git
+    targetRevision: "main"
+    ref: "values"
+    path: "apps/argocd/argocd"
     directory:
       recurse: true
-    </#if>
   syncPolicy:
     automated:
-      prune: false # is set to false to prevent argo from deleting itself
-      selfHeal: true
+      prune: true
+      selfHeal: true
+    syncOptions:
+    - "ServerSideApply=true"
+    - "CreateNamespace=true"

argocd/cluster-resources/apps/argocd/argocd/values.ftl.yaml → argocd/cluster-resources/apps/argocd/argocd/argocd-helm-values.ftl.yaml

@@ -69,7 +69,7 @@ argo-cd:
     #    password: ...
     cm:
       timeout.reconciliation: 15s
-      repository.check.interval: 30s
+      repository.check.interval: 5s
 
   notifications:
     # secrets are created dynamically in groovy, so they are not stored in git
@@ -190,4 +190,4 @@ argo-cd:
           - app-sync-status-longer-10s
           when: app.status.operationState.phase in ['Running'] and time.Now().Sub(time.Parse(app.status.operationState.startedAt)).Seconds() >= 10
 </#noparse>
-</#if>
+</#if>

argocd/cluster-resources/apps/argocd/projects/cluster-resources.ftl.yaml

@@ -28,6 +28,10 @@ spec:
   - https://helm.releases.hashicorp.com
   - https://charts.external-secrets.io
   - https://charts.jetstack.io
+  - https://charts.jenkins.io
+  - https://argoproj.github.io/argo-helm
+  - https://twuni.github.io/docker-registry.helm
+  - https://packages.scm-manager.org/repository/helm-v2-releases/
 </#if>
 <#-- NEW: allow Helm repos from content.helmReleases -->
 <#if config.content.helmReleases?? && (config.content.helmReleases?size > 0)>

scripts/local/install-argocd-operator.sh

@@ -1,6 +1,6 @@
 git clone https://github.com/argoproj-labs/argocd-operator && \
 cd argocd-operator && \
-git checkout release-0.16 && \
+git checkout release-0.17 && \
 make deploy IMG=quay.io/argoprojlabs/argocd-operator:v0.17.0
 rm -Rf ../argocd-operator/
 cd ..

src/main/groovy/com/cloudogu/gitops/Application.groovy

@@ -3,10 +3,12 @@ package com.cloudogu.gitops
 import com.cloudogu.gitops.config.Config
 import com.cloudogu.gitops.kubernetes.api.K8sClient
 import com.cloudogu.gitops.utils.TemplatingEngine
+
+import jakarta.inject.Singleton
+import groovy.util.logging.Slf4j
+
 import freemarker.template.Configuration
 import freemarker.template.DefaultObjectWrapperBuilder
-import groovy.util.logging.Slf4j
-import jakarta.inject.Singleton
 
 @Slf4j
 @Singleton
@@ -25,21 +27,21 @@ class Application {
         this.k8sClient = k8sClient
     }
 
-    def start() {
-        log.debug("Starting Application")
+	def start() {
+		log.debug("Starting Application")
 
         setNamespaceListToConfig(config)
         // if set, stores configuration in a secret.
         storeGopInformationInSecret(config)
 
-        features.forEach(feature -> {
-            feature.validate()
-        })
-        features.forEach(feature -> {
-            feature.install()
-        })
-        log.debug("Application finished")
-    }
+		features.forEach(feature -> {
+			feature.validate()
+		})
+		features.forEach(feature -> {
+			feature.install()
+		})
+		log.debug("Application finished")
+	}
 
     private void storeGopInformationInSecret(Config config) {
         if (!config.application.gopNamespace.isEmpty()) {
@@ -56,29 +58,27 @@ class Application {
         return features
     }
 
-    void setNamespaceListToConfig(Config config) {
-        LinkedHashSet<String> dedicatedNamespaces = new LinkedHashSet<>()
-        LinkedHashSet<String> tenantNamespaces = new LinkedHashSet<>()
-        def engine = new TemplatingEngine()
-
-        config.content.namespaces.each { String ns ->
-            tenantNamespaces.add(engine.template(ns, [
-                    config : config,
-                    // Allow for using static classes inside the templates
-                    statics: new DefaultObjectWrapperBuilder(Configuration.VERSION_2_3_32).build().getStaticModels()
-            ]))
-        }
-        config.content.namespaces = tenantNamespaces.toList()
-
-        //iterates over all FeatureWithImages and gets their namespaces
-        dedicatedNamespaces.addAll(this.features
-                .collect { it.activeNamespaceFromFeature }
-                .findAll { it }
-                .unique()
-                .collect { "${it}".toString() })
-
-        config.application.namespaces.dedicatedNamespaces = dedicatedNamespaces
-        config.application.namespaces.tenantNamespaces = tenantNamespaces
-        log.debug("Active namespaces retrieved: {}", config.application.namespaces.activeNamespaces)
-    }
+	void setNamespaceListToConfig(Config config) {
+		LinkedHashSet<String> dedicatedNamespaces = new LinkedHashSet<>()
+		LinkedHashSet<String> tenantNamespaces = new LinkedHashSet<>()
+		def engine = new TemplatingEngine()
+
+		config.content.namespaces.each { String ns ->
+			tenantNamespaces.add(engine.template(ns, [config : config,
+			                                          // Allow for using static classes inside the templates
+			                                          statics: new DefaultObjectWrapperBuilder(Configuration.VERSION_2_3_32).build().getStaticModels()]))
+		}
+		config.content.namespaces = tenantNamespaces.toList()
+
+		//iterates over all FeatureWithImages and gets their namespaces
+		dedicatedNamespaces.addAll(this.features
+				                           .collect { it.activeNamespaceFromFeature }
+				                           .findAll { it }
+				                           .unique()
+				                           .collect { "${it}".toString() })
+
+		config.application.namespaces.dedicatedNamespaces = dedicatedNamespaces
+		config.application.namespaces.tenantNamespaces = tenantNamespaces
+		log.debug("Active namespaces retrieved: {}", config.application.namespaces.activeNamespaces)
+	}
 }