diff --git a/charts/argocd-understack/README.md b/charts/argocd-understack/README.md new file mode 100644 index 000000000..e23921f23 --- /dev/null +++ b/charts/argocd-understack/README.md @@ -0,0 +1,269 @@ +# argocd-understack + +A Helm chart that generates ArgoCD Applications for deploying UnderStack components. + +## Overview + +This chart creates ArgoCD Application resources that deploy and manage all +UnderStack components. Instead of using ApplicationSets, this chart provides: + +- **Per-cluster version pinning** via `understack_ref` +- **Explicit component enablement** via values.yaml +- **Easy debugging** with `helm template` +- **Standard Helm workflow** for configuration management + +## Prerequisites + +- Kubernetes cluster with ArgoCD installed +- ArgoCD projects configured: `understack`, `understack-infra`, `understack-operators` +- Access to UnderStack and deployment repositories + +## Installation + +### Using ArgoCD (Recommended) + +Create an ArgoCD Application that deploys this chart from the OCI registry: + +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: argocd-understack + namespace: argocd +spec: + project: understack + sources: + - repoURL: ghcr.io/rackerlabs/understack + chart: argocd-understack + targetRevision: 0.1.0 # Chart version + helm: + releaseName: my-cluster-name + valueFiles: + - $deploy/my-cluster-name/argocd-understack-values.yaml + - repoURL: https://github.com/your-org/deploy.git + targetRevision: HEAD + ref: deploy + destination: + server: https://kubernetes.default.svc + namespace: argocd + syncPolicy: + automated: + prune: true + selfHeal: true +``` + +### Using Git Repository (for development) + +For testing unreleased changes, reference the chart directly from git: + +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: argocd-understack + namespace: argocd +spec: + project: understack + sources: + - repoURL: https://github.com/rackerlabs/understack.git + targetRevision: feature-branch + path: charts/argocd-understack + helm: + releaseName: my-cluster-name + valueFiles: + - $deploy/my-cluster-name/argocd-understack-values.yaml + - repoURL: https://github.com/your-org/deploy.git + targetRevision: HEAD + ref: deploy + destination: + server: https://kubernetes.default.svc + namespace: argocd + syncPolicy: + automated: + prune: true + selfHeal: true +``` + +### Using Helm CLI + +```bash +helm install argocd-understack oci://ghcr.io/rackerlabs/understack/argocd-understack \ + --version 0.1.0 \ + -n argocd \ + -f cluster-values.yaml +``` + +## Configuration + +### Required Values + +| Parameter | Description | +|-----------|-------------| +| `deploy_url` | URL to your deployment repository | + +### Common Values + +| Parameter | Description | Default | +|-----------|-------------|---------| +| `cluster_server` | Target Kubernetes API server | `https://kubernetes.default.svc` | +| `understack_url` | UnderStack repository URL | `https://github.com/rackerlabs/understack.git` | +| `understack_ref` | UnderStack git reference | `HEAD` | +| `deploy_ref` | Deployment repo git reference | `HEAD` | +| `global.enabled` | Enable global cluster components | `true` | +| `site.enabled` | Enable site cluster components | `true` | + +### Example Values Files + +**Site Cluster:** +```yaml +cluster_server: https://kubernetes.default.svc +understack_ref: v1.0.0 +deploy_url: https://github.com/your-org/deploy.git + +global: + enabled: false + +site: + enabled: true + octavia: + enabled: false # Disable specific component +``` + +**Global Cluster:** +```yaml +cluster_server: https://kubernetes.default.svc +understack_ref: v1.0.0 +deploy_url: https://github.com/your-org/deploy.git + +global: + enabled: true + +site: + enabled: false +``` + +## Components + +### Global Components + +Components deployed on global clusters: + +| Component | Values Key | Description | +|-----------|-----------|-------------| +| cert-manager | `global.cert_manager` | Certificate management | +| cilium | `global.cilium` | CNI networking | +| cnpg-system | `global.cnpg_system` | PostgreSQL operator | +| dex | `global.dex` | OIDC provider | +| envoy-gateway | `global.envoy_gateway` | API gateway | +| external-dns | `global.external_dns` | DNS management | +| external-secrets | `global.external_secrets` | Secret management | +| ingress-nginx | `global.ingress_nginx` | Ingress controller | +| monitoring | `global.monitoring` | Prometheus stack | +| nautobot | `global.nautobot` | Network source of truth | +| nautobotop | `global.nautobotop` | Nautobot operator | +| openstack-resource-controller | `global.openstack_resource_controller` | ORC operator | +| opentelemetry-operator | `global.opentelemetry_operator` | OTel operator | +| rabbitmq-system | `global.rabbitmq_system` | RabbitMQ operator | +| rook | `global.rook` | Ceph storage | +| sealed-secrets | `global.sealed_secrets` | Sealed secrets | + +### Site Components + +Components deployed on site clusters: + +| Component | Values Key | Description | +|-----------|-----------|-------------| +| argo-events | `site.argo_events` | Event processing | +| argo-workflows | `site.argo_workflows` | Workflow engine | +| chrony | `site.chrony` | NTP service | +| envoy-configs | `site.envoy_configs` | Gateway configs | +| nautobot-site | `site.nautobot_site` | Site Nautobot config | +| openstack-exporter | `site.openstack_exporter` | Metrics exporter | +| openstack-memcached | `site.openstack_memcached` | Caching | +| site-workflows | `site.site_workflows` | Site workflows | +| snmp-exporter | `site.snmp_exporter` | SNMP metrics | +| undersync | `site.undersync` | Sync service | + +### OpenStack Components + +OpenStack services with configurable chart versions: + +| Component | Values Key | +|-----------|-----------| +| keystone | `site.keystone` | +| glance | `site.glance` | +| cinder | `site.cinder` | +| ironic | `site.ironic` | +| neutron | `site.neutron` | +| placement | `site.placement` | +| nova | `site.nova` | +| octavia | `site.octavia` | +| horizon | `site.horizon` | +| skyline | `site.skyline` | +| openvswitch | `site.openvswitch` | +| ovn | `site.ovn` | + +## Debugging + +Preview generated Applications: + +```bash +helm template argocd-understack ./charts/argocd-understack \ + -f cluster-values.yaml +``` + +Compare with deployed Applications: + +```bash +# Generate expected +helm template argocd-understack ./charts/argocd-understack \ + -f cluster-values.yaml > expected.yaml + +# Get current +kubectl get applications -n argocd -o yaml > current.yaml + +# Compare +diff expected.yaml current.yaml +``` + +## Development + +### Adding a New Component + +1. Create template in `templates/application-.yaml.tpl` +2. Add configuration to `values.yaml` under appropriate section +3. Update this README + +### Template Pattern + +```yaml +{{- if eq (include "understack.isEnabled" (list $.Values.site "component_name")) "true" }} +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: {{ printf "%s-%s" $.Release.Name "component-name" }} + annotations: + argocd.argoproj.io/compare-options: ServerSideDiff=true,IncludeMutationWebhook=true +spec: + destination: + namespace: component-namespace + server: {{ $.Values.cluster_server }} + project: understack + sources: + # ... sources configuration + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + - ServerSideApply=true + - RespectIgnoreDifferences=true + - ApplyOutOfSyncOnly=true +{{- end }} +``` + +## License + +Apache 2.0 diff --git a/charts/argocd-understack/ci/example.yaml b/charts/argocd-understack/ci/example.yaml index 4b1367296..22ab83184 100644 --- a/charts/argocd-understack/ci/example.yaml +++ b/charts/argocd-understack/ci/example.yaml @@ -1,2 +1,30 @@ --- -deploy_url: https://github.com/example/example +# Example values file for a site cluster +# This file demonstrates the configuration options available + +# Target cluster server URL +cluster_server: https://kubernetes.default.svc + +# UnderStack repository settings +understack_url: https://github.com/rackerlabs/understack.git +understack_ref: HEAD # Can be a tag like v1.0.0, branch, or commit SHA + +# Deployment repository settings (required) +deploy_url: https://github.com/example/deploy.git +deploy_ref: HEAD + +# Global cluster configuration (disable for site-only clusters) +global: + enabled: false + +# Site cluster configuration +site: + enabled: true + + # Example: Disable components not needed for this site + octavia: + enabled: false + + # Example: Pin specific chart versions + # keystone: + # chartVersion: "2025.2.6+9b270fe35" diff --git a/charts/argocd-understack/templates/_helpers.tpl b/charts/argocd-understack/templates/_helpers.tpl index 5fbd7c254..d5252ca6e 100644 --- a/charts/argocd-understack/templates/_helpers.tpl +++ b/charts/argocd-understack/templates/_helpers.tpl @@ -98,6 +98,29 @@ Get the deployment repository git reference {{- .Values.deploy_ref }} {{- end }} +{{/* +Get the base path within the deploy repository. +Always includes Release.Name, with an optional prefix from deploy_path_prefix. + +Examples: + deploy_path_prefix: "" -> "uc-iad3-prod" + deploy_path_prefix: "sites" -> "sites/uc-iad3-prod" + deploy_path_prefix: "us/east" -> "us/east/uc-iad3-prod" + +Usage in valueFiles: + - $deploy/{{ include "understack.deploy_path" $ }}/helm-configs/dex.yaml + +Usage in source path: + path: {{ include "understack.deploy_path" $ }}/manifests/dex +*/}} +{{- define "understack.deploy_path" -}} +{{- if .Values.deploy_path_prefix -}} +{{- printf "%s/%s" .Values.deploy_path_prefix .Release.Name -}} +{{- else -}} +{{- .Release.Name -}} +{{- end -}} +{{- end }} + {{/* Check if a component is enabled by walking the configuration hierarchy. Supports both "global" and "site" scopes with appropriate kill switches. diff --git a/charts/argocd-understack/templates/application-argo-events-workflows.yaml.tpl b/charts/argocd-understack/templates/application-argo-events-workflows.yaml.tpl index 7646759b9..6cf1a6b6f 100644 --- a/charts/argocd-understack/templates/application-argo-events-workflows.yaml.tpl +++ b/charts/argocd-understack/templates/application-argo-events-workflows.yaml.tpl @@ -16,7 +16,7 @@ spec: ref: understack repoURL: {{ include "understack.understack_url" $ }} targetRevision: {{ include "understack.understack_ref" $ }} - - path: {{ $.Release.Name }}/manifests/argo-events-workflows + - path: {{ include "understack.deploy_path" $ }}/manifests/argo-events-workflows ref: deploy repoURL: {{ include "understack.deploy_url" $ }} targetRevision: {{ include "understack.deploy_ref" $ }} diff --git a/charts/argocd-understack/templates/application-argo-events.yaml.tpl b/charts/argocd-understack/templates/application-argo-events.yaml.tpl index 5a3bf3e2f..9ffeed096 100644 --- a/charts/argocd-understack/templates/application-argo-events.yaml.tpl +++ b/charts/argocd-understack/templates/application-argo-events.yaml.tpl @@ -15,7 +15,7 @@ spec: ref: understack repoURL: {{ include "understack.understack_url" $ }} targetRevision: {{ include "understack.understack_ref" $ }} - - path: {{ $.Release.Name }}/manifests/argo-events + - path: {{ include "understack.deploy_path" $ }}/manifests/argo-events ref: deploy repoURL: {{ include "understack.deploy_url" $ }} targetRevision: {{ include "understack.deploy_ref" $ }} diff --git a/charts/argocd-understack/templates/application-argo-workflows.yaml.tpl b/charts/argocd-understack/templates/application-argo-workflows.yaml.tpl index 582552ee0..34eb99457 100644 --- a/charts/argocd-understack/templates/application-argo-workflows.yaml.tpl +++ b/charts/argocd-understack/templates/application-argo-workflows.yaml.tpl @@ -12,7 +12,7 @@ spec: server: {{ $.Values.cluster_server }} project: understack sources: - - path: {{ $.Release.Name }}/manifests/argo-workflows + - path: {{ include "understack.deploy_path" $ }}/manifests/argo-workflows ref: deploy repoURL: {{ include "understack.deploy_url" $ }} targetRevision: {{ include "understack.deploy_ref" $ }} diff --git a/charts/argocd-understack/templates/application-cert-manager.yaml.tpl b/charts/argocd-understack/templates/application-cert-manager.yaml.tpl index 3906d0e88..cb916438b 100644 --- a/charts/argocd-understack/templates/application-cert-manager.yaml.tpl +++ b/charts/argocd-understack/templates/application-cert-manager.yaml.tpl @@ -16,10 +16,14 @@ spec: helm: releaseName: cert-manager valuesObject: + config: + apiVersion: controller.config.cert-manager.io/v1alpha1 + enableGatewayAPI: true + kind: ControllerConfiguration crds: enabled: true repoURL: https://charts.jetstack.io - targetRevision: 1.18.2 + targetRevision: 1.19.2 syncPolicy: automated: prune: true diff --git a/charts/argocd-understack/templates/application-cilium.yaml.tpl b/charts/argocd-understack/templates/application-cilium.yaml.tpl index 2a8a8029e..a5181cf4d 100644 --- a/charts/argocd-understack/templates/application-cilium.yaml.tpl +++ b/charts/argocd-understack/templates/application-cilium.yaml.tpl @@ -12,7 +12,7 @@ spec: server: {{ $.Values.cluster_server }} project: understack-infra sources: - - path: {{ $.Release.Name }}/manifests/cilium + - path: {{ include "understack.deploy_path" $ }}/manifests/cilium ref: deploy repoURL: {{ include "understack.deploy_url" $ }} targetRevision: {{ include "understack.deploy_ref" $ }} diff --git a/charts/argocd-understack/templates/application-dex.yaml.tpl b/charts/argocd-understack/templates/application-dex.yaml.tpl index 97e0ad14c..65fb96cc4 100644 --- a/charts/argocd-understack/templates/application-dex.yaml.tpl +++ b/charts/argocd-understack/templates/application-dex.yaml.tpl @@ -18,14 +18,14 @@ spec: releaseName: dex valueFiles: - $understack/components/dex/values.yaml - - $deploy/{{ $.Release.Name }}/helm-configs/dex.yaml + - $deploy/{{ include "understack.deploy_path" $ }}/helm-configs/dex.yaml repoURL: https://charts.dexidp.io targetRevision: 0.16.0 - path: components/dex ref: understack repoURL: {{ include "understack.understack_url" $ }} targetRevision: {{ include "understack.understack_ref" $ }} - - path: {{ $.Release.Name }}/manifests/dex + - path: {{ include "understack.deploy_path" $ }}/manifests/dex ref: deploy repoURL: {{ include "understack.deploy_url" $ }} targetRevision: {{ include "understack.deploy_ref" $ }} diff --git a/charts/argocd-understack/templates/application-envoy-configs.yaml.tpl b/charts/argocd-understack/templates/application-envoy-configs.yaml.tpl new file mode 100644 index 000000000..eebb58b2f --- /dev/null +++ b/charts/argocd-understack/templates/application-envoy-configs.yaml.tpl @@ -0,0 +1,40 @@ +{{- if eq (include "understack.isEnabled" (list $.Values.site "envoy_configs")) "true" }} +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: {{ printf "%s-%s" $.Release.Name "envoy-configs" }} + annotations: + argocd.argoproj.io/compare-options: ServerSideDiff=true,IncludeMutationWebhook=true +spec: + destination: + namespace: envoy-gateway + server: {{ $.Values.cluster_server }} + project: understack + sources: + - path: components/envoy-configs + helm: + ignoreMissingValueFiles: true + valueFiles: + - $understack/components/envoy-configs/values.yaml + - $deploy/{{ include "understack.deploy_path" $ }}/helm-configs/envoy-configs.yaml + ref: understack + repoURL: {{ include "understack.understack_url" $ }} + targetRevision: {{ include "understack.understack_ref" $ }} + - path: {{ include "understack.deploy_path" $ }}/manifests/envoy-configs + ref: deploy + repoURL: {{ include "understack.deploy_url" $ }} + targetRevision: {{ include "understack.deploy_ref" $ }} + syncPolicy: + automated: + prune: true + selfHeal: true + managedNamespaceMetadata: + annotations: + argocd.argoproj.io/sync-options: Delete=false + syncOptions: + - CreateNamespace=true + - ServerSideApply=true + - RespectIgnoreDifferences=true + - ApplyOutOfSyncOnly=true +{{- end }} diff --git a/charts/argocd-understack/templates/application-envoy-gateway.yaml.tpl b/charts/argocd-understack/templates/application-envoy-gateway.yaml.tpl new file mode 100644 index 000000000..8a0e60906 --- /dev/null +++ b/charts/argocd-understack/templates/application-envoy-gateway.yaml.tpl @@ -0,0 +1,44 @@ +{{- if or (eq (include "understack.isEnabled" (list $.Values.global "envoy_gateway")) "true") (eq (include "understack.isEnabled" (list $.Values.site "envoy_gateway")) "true") }} +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: {{ printf "%s-%s" $.Release.Name "envoy-gateway" }} + annotations: + argocd.argoproj.io/compare-options: ServerSideDiff=true,IncludeMutationWebhook=true +spec: + destination: + namespace: envoy-gateway + server: {{ $.Values.cluster_server }} + project: understack-infra + sources: + - chart: gateway-helm + helm: + ignoreMissingValueFiles: true + releaseName: gateway-helm + valueFiles: + - $understack/components/envoy-gateway/values.yaml + - $deploy/{{ include "understack.deploy_path" $ }}/helm-configs/envoy-gateway.yaml + repoURL: docker.io/envoyproxy + targetRevision: v1.6.0 + - path: components/envoy-gateway + ref: understack + repoURL: {{ include "understack.understack_url" $ }} + targetRevision: {{ include "understack.understack_ref" $ }} + - path: {{ include "understack.deploy_path" $ }}/manifests/envoy-gateway + ref: deploy + repoURL: {{ include "understack.deploy_url" $ }} + targetRevision: {{ include "understack.deploy_ref" $ }} + syncPolicy: + automated: + prune: true + selfHeal: true + managedNamespaceMetadata: + annotations: + argocd.argoproj.io/sync-options: Delete=false + syncOptions: + - CreateNamespace=true + - ServerSideApply=true + - RespectIgnoreDifferences=true + - ApplyOutOfSyncOnly=true +{{- end }} diff --git a/charts/argocd-understack/templates/application-etcdbackup.yaml.tpl b/charts/argocd-understack/templates/application-etcdbackup.yaml.tpl index c55f7f5dc..497e51b87 100644 --- a/charts/argocd-understack/templates/application-etcdbackup.yaml.tpl +++ b/charts/argocd-understack/templates/application-etcdbackup.yaml.tpl @@ -16,7 +16,7 @@ spec: ignoreMissingValueFiles: true valueFiles: - $understack/components/etcdbackup/values.yaml - - $deploy/{{ $.Release.Name }}/helm-configs/etcdbackup.yaml + - $deploy/{{ include "understack.deploy_path" $ }}/helm-configs/etcdbackup.yaml path: components/etcdbackup ref: understack repoURL: {{ include "understack.understack_url" $ }} diff --git a/charts/argocd-understack/templates/application-external-dns.yaml.tpl b/charts/argocd-understack/templates/application-external-dns.yaml.tpl index 9facd6bdd..f11260ec3 100644 --- a/charts/argocd-understack/templates/application-external-dns.yaml.tpl +++ b/charts/argocd-understack/templates/application-external-dns.yaml.tpl @@ -17,10 +17,10 @@ spec: ignoreMissingValueFiles: true releaseName: external-dns-rackspace valueFiles: - - $deploy/{{ $.Release.Name }}/helm-configs/external-dns.yaml + - $deploy/{{ include "understack.deploy_path" $ }}/helm-configs/external-dns.yaml repoURL: ghcr.io/rackerlabs/charts - targetRevision: 0.1.0 - - path: {{ $.Release.Name }}/manifests/external-dns + targetRevision: 0.2.0 + - path: {{ include "understack.deploy_path" $ }}/manifests/external-dns ref: deploy repoURL: {{ include "understack.deploy_url" $ }} targetRevision: {{ include "understack.deploy_ref" $ }} diff --git a/charts/argocd-understack/templates/application-global-workflows.yaml.tpl b/charts/argocd-understack/templates/application-global-workflows.yaml.tpl index ecdc96732..733eabb54 100644 --- a/charts/argocd-understack/templates/application-global-workflows.yaml.tpl +++ b/charts/argocd-understack/templates/application-global-workflows.yaml.tpl @@ -16,7 +16,7 @@ spec: ref: understack repoURL: {{ include "understack.understack_url" $ }} targetRevision: {{ include "understack.understack_ref" $ }} - - path: {{ $.Release.Name }}/manifests/global-workflows + - path: {{ include "understack.deploy_path" $ }}/manifests/global-workflows ref: deploy repoURL: {{ include "understack.deploy_url" $ }} targetRevision: {{ include "understack.deploy_ref" $ }} diff --git a/charts/argocd-understack/templates/application-ingress-nginx.yaml.tpl b/charts/argocd-understack/templates/application-ingress-nginx.yaml.tpl index cff0b6c64..aabdb7372 100644 --- a/charts/argocd-understack/templates/application-ingress-nginx.yaml.tpl +++ b/charts/argocd-understack/templates/application-ingress-nginx.yaml.tpl @@ -17,7 +17,7 @@ spec: ignoreMissingValueFiles: true releaseName: ingress-nginx valueFiles: - - $deploy/{{ $.Release.Name }}/helm-configs/ingress-nginx.yaml + - $deploy/{{ include "understack.deploy_path" $ }}/helm-configs/ingress-nginx.yaml repoURL: https://kubernetes.github.io/ingress-nginx targetRevision: 4.12.1 - ref: deploy diff --git a/charts/argocd-understack/templates/application-monitoring.tpl b/charts/argocd-understack/templates/application-monitoring.tpl index 542a17142..82691d5ba 100644 --- a/charts/argocd-understack/templates/application-monitoring.tpl +++ b/charts/argocd-understack/templates/application-monitoring.tpl @@ -23,14 +23,14 @@ spec: releaseName: kube-prometheus-stack valueFiles: - $understack/operators/monitoring/values.yaml - - $deploy/{{ $.Release.Name }}/helm-configs/monitoring.yaml + - $deploy/{{ include "understack.deploy_path" $ }}/helm-configs/monitoring.yaml repoURL: https://prometheus-community.github.io/helm-charts targetRevision: 79.5.0 - path: operators/monitoring ref: understack repoURL: {{ include "understack.understack_url" $ }} targetRevision: {{ include "understack.understack_ref" $ }} - - path: {{ $.Release.Name }}/manifests/monitoring + - path: {{ include "understack.deploy_path" $ }}/manifests/monitoring ref: deploy repoURL: {{ include "understack.deploy_url" $ }} targetRevision: {{ include "understack.deploy_ref" $ }} diff --git a/charts/argocd-understack/templates/application-nautobot-site.yaml.tpl b/charts/argocd-understack/templates/application-nautobot-site.yaml.tpl index 70d798533..ec031c81c 100644 --- a/charts/argocd-understack/templates/application-nautobot-site.yaml.tpl +++ b/charts/argocd-understack/templates/application-nautobot-site.yaml.tpl @@ -12,7 +12,7 @@ spec: server: {{ $.Values.cluster_server }} project: understack sources: - - path: {{ $.Release.Name }}/manifests/nautobot-site + - path: {{ include "understack.deploy_path" $ }}/manifests/nautobot-site ref: deploy repoURL: {{ include "understack.deploy_url" $ }} targetRevision: {{ include "understack.deploy_ref" $ }} diff --git a/charts/argocd-understack/templates/application-nautobot.yaml.tpl b/charts/argocd-understack/templates/application-nautobot.yaml.tpl index f20f775aa..540d67615 100644 --- a/charts/argocd-understack/templates/application-nautobot.yaml.tpl +++ b/charts/argocd-understack/templates/application-nautobot.yaml.tpl @@ -21,14 +21,14 @@ spec: releaseName: nautobot valueFiles: - $understack/components/nautobot/values.yaml - - $deploy/{{ $.Release.Name }}/helm-configs/nautobot.yaml + - $deploy/{{ include "understack.deploy_path" $ }}/helm-configs/nautobot.yaml repoURL: https://nautobot.github.io/helm-charts/ targetRevision: 2.5.6 - path: components/nautobot ref: understack repoURL: {{ include "understack.understack_url" $ }} targetRevision: {{ include "understack.understack_ref" $ }} - - path: {{ $.Release.Name }}/manifests/nautobot + - path: {{ include "understack.deploy_path" $ }}/manifests/nautobot ref: deploy repoURL: {{ include "understack.deploy_url" $ }} targetRevision: {{ include "understack.deploy_ref" $ }} diff --git a/charts/argocd-understack/templates/application-nautobotop.yaml.tpl b/charts/argocd-understack/templates/application-nautobotop.yaml.tpl new file mode 100644 index 000000000..0c26c00cd --- /dev/null +++ b/charts/argocd-understack/templates/application-nautobotop.yaml.tpl @@ -0,0 +1,47 @@ +{{- if eq (include "understack.isEnabled" (list $.Values.global "nautobotop")) "true" }} +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: {{ printf "%s-%s" $.Release.Name "nautobotop" }} + annotations: + argocd.argoproj.io/compare-options: ServerSideDiff=true,IncludeMutationWebhook=true +spec: + destination: + namespace: nautobotop + server: {{ $.Values.cluster_server }} + project: understack + sources: + - chart: nautobotop + helm: + ignoreMissingValueFiles: true + releaseName: nautobotop + valueFiles: + - $deploy/{{ include "understack.deploy_path" $ }}/helm-configs/nautobotop.yaml + repoURL: ghcr.io/rackerlabs/charts + targetRevision: 0.0.1 + - path: {{ include "understack.deploy_path" $ }}/manifests/nautobotop + ref: deploy + repoURL: {{ include "understack.deploy_url" $ }} + targetRevision: {{ include "understack.deploy_ref" $ }} + - path: workflows/nautobot-token + helm: + ignoreMissingValueFiles: true + valueFiles: + - $understack/workflows/nautobot-token/values.yaml + ref: understack + repoURL: {{ include "understack.understack_url" $ }} + targetRevision: {{ include "understack.understack_ref" $ }} + syncPolicy: + automated: + prune: true + selfHeal: true + managedNamespaceMetadata: + annotations: + argocd.argoproj.io/sync-options: Delete=false + syncOptions: + - CreateNamespace=true + - ServerSideApply=true + - RespectIgnoreDifferences=true + - ApplyOutOfSyncOnly=true +{{- end }} diff --git a/charts/argocd-understack/templates/application-openstack-exporter.yaml.tpl b/charts/argocd-understack/templates/application-openstack-exporter.yaml.tpl index 68b5c52ed..a11114563 100644 --- a/charts/argocd-understack/templates/application-openstack-exporter.yaml.tpl +++ b/charts/argocd-understack/templates/application-openstack-exporter.yaml.tpl @@ -18,7 +18,7 @@ spec: releaseName: prometheus-openstack-exporter valueFiles: - $understack/components/openstack-exporter/values.yaml - - $deploy/{{ $.Release.Name }}/helm-configs/openstack-exporter.yaml + - $deploy/{{ include "understack.deploy_path" $ }}/helm-configs/openstack-exporter.yaml repoURL: registry.scs.community/openstack-exporter targetRevision: 0.4.5 - ref: understack diff --git a/charts/argocd-understack/templates/application-openstack-helm.yaml.tpl b/charts/argocd-understack/templates/application-openstack-helm.yaml.tpl index 107101221..f74d539ad 100644 --- a/charts/argocd-understack/templates/application-openstack-helm.yaml.tpl +++ b/charts/argocd-understack/templates/application-openstack-helm.yaml.tpl @@ -38,14 +38,14 @@ spec: valueFiles: - $understack/components/images-openstack.yaml - $understack/components/{{ $appName }}/values.yaml - - $deploy/{{ $.Release.Name }}/manifests/secret-openstack.yaml - - $deploy/{{ $.Release.Name }}/manifests/images-openstack.yaml - - $deploy/{{ $.Release.Name }}/helm-configs/{{ $appName }}.yaml + - $deploy/{{ include "understack.deploy_path" $ }}/manifests/secret-openstack.yaml + - $deploy/{{ include "understack.deploy_path" $ }}/manifests/images-openstack.yaml + - $deploy/{{ include "understack.deploy_path" $ }}/helm-configs/{{ $appName }}.yaml - path: components/{{ $appName }}/ ref: understack repoURL: {{ include "understack.understack_url" $ }} targetRevision: {{ include "understack.understack_ref" $ }} - - path: {{ $.Release.Name }}/manifests/{{ $appName }} + - path: {{ include "understack.deploy_path" $ }}/manifests/{{ $appName }} ref: deploy repoURL: {{ include "understack.deploy_url" $ }} targetRevision: {{ include "understack.deploy_ref" $ }} diff --git a/charts/argocd-understack/templates/application-openstack-memcached.yaml.tpl b/charts/argocd-understack/templates/application-openstack-memcached.yaml.tpl index 334ce8ff2..e9fb8dbac 100644 --- a/charts/argocd-understack/templates/application-openstack-memcached.yaml.tpl +++ b/charts/argocd-understack/templates/application-openstack-memcached.yaml.tpl @@ -18,7 +18,7 @@ spec: releaseName: memcached valueFiles: - $understack/components/openstack/memcached-values.yaml - - $deploy/{{ $.Release.Name }}/helm-configs/openstack-memcached.yaml + - $deploy/{{ include "understack.deploy_path" $ }}/helm-configs/openstack-memcached.yaml repoURL: https://charts.bitnami.com/bitnami targetRevision: 7.8.6 - ref: understack diff --git a/charts/argocd-understack/templates/application-openstack-resource-controller.yaml.tpl b/charts/argocd-understack/templates/application-openstack-resource-controller.yaml.tpl new file mode 100644 index 000000000..1a39d144e --- /dev/null +++ b/charts/argocd-understack/templates/application-openstack-resource-controller.yaml.tpl @@ -0,0 +1,31 @@ +{{- if or (eq (include "understack.isEnabled" (list $.Values.global "openstack_resource_controller")) "true") (eq (include "understack.isEnabled" (list $.Values.site "openstack_resource_controller")) "true") }} +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: {{ printf "%s-%s" $.Release.Name "openstack-resource-controller" }} + annotations: + argocd.argoproj.io/compare-options: ServerSideDiff=true,IncludeMutationWebhook=true +spec: + destination: + namespace: orc-system + server: {{ $.Values.cluster_server }} + project: understack-operators + sources: + - path: operators/openstack-resource-controller + ref: understack + repoURL: {{ include "understack.understack_url" $ }} + targetRevision: {{ include "understack.understack_ref" $ }} + syncPolicy: + automated: + prune: true + selfHeal: true + managedNamespaceMetadata: + annotations: + argocd.argoproj.io/sync-options: Delete=false + syncOptions: + - CreateNamespace=true + - ServerSideApply=true + - RespectIgnoreDifferences=true + - ApplyOutOfSyncOnly=true +{{- end }} diff --git a/charts/argocd-understack/templates/application-openstack.yaml.tpl b/charts/argocd-understack/templates/application-openstack.yaml.tpl index 652434ef1..cc26c63d8 100644 --- a/charts/argocd-understack/templates/application-openstack.yaml.tpl +++ b/charts/argocd-understack/templates/application-openstack.yaml.tpl @@ -24,8 +24,8 @@ spec: helm: ignoreMissingValueFiles: true valueFiles: - - $deploy/{{ $.Release.Name }}/helm-configs/openstack.yaml - - path: {{ $.Release.Name }}/manifests/openstack + - $deploy/{{ include "understack.deploy_path" $ }}/helm-configs/openstack.yaml + - path: {{ include "understack.deploy_path" $ }}/manifests/openstack ref: deploy repoURL: {{ include "understack.deploy_url" $ }} targetRevision: {{ include "understack.deploy_ref" $ }} diff --git a/charts/argocd-understack/templates/application-opentelemetry-operator.yaml.tpl b/charts/argocd-understack/templates/application-opentelemetry-operator.yaml.tpl index 213e1b765..563642f2c 100644 --- a/charts/argocd-understack/templates/application-opentelemetry-operator.yaml.tpl +++ b/charts/argocd-understack/templates/application-opentelemetry-operator.yaml.tpl @@ -18,7 +18,7 @@ spec: releaseName: opentelemetry-operator valueFiles: - $understack/operators/opentelemetry-operator/values.yaml - - $deploy/{{ $.Release.Name }}/helm-configs/opentelemetry-operator.yaml + - $deploy/{{ include "understack.deploy_path" $ }}/helm-configs/opentelemetry-operator.yaml repoURL: https://open-telemetry.github.io/opentelemetry-helm-charts targetRevision: 0.95.1 - path: operators/opentelemetry-operator diff --git a/charts/argocd-understack/templates/application-openvswitch.yaml.tpl b/charts/argocd-understack/templates/application-openvswitch.yaml.tpl new file mode 100644 index 000000000..b05db8d54 --- /dev/null +++ b/charts/argocd-understack/templates/application-openvswitch.yaml.tpl @@ -0,0 +1,42 @@ +{{- if eq (include "understack.isEnabled" (list $.Values.site "openvswitch")) "true" }} +{{- $app := $.Values.site.openvswitch }} +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: {{ printf "%s-%s" $.Release.Name "openvswitch" }} +spec: + destination: + namespace: {{ $.Values.site.openstack.namespace }} + server: {{ $.Values.cluster_server }} + project: understack + sources: + - repoURL: https://tarballs.opendev.org/openstack/openstack-helm + targetRevision: {{ $app.chartVersion }} + chart: openvswitch + helm: + ignoreMissingValueFiles: true + releaseName: openvswitch + valueFiles: + - $understack/components/images-openstack.yaml + - $understack/components/openvswitch/values.yaml + - $deploy/{{ include "understack.deploy_path" $ }}/manifests/secret-openstack.yaml + - $deploy/{{ include "understack.deploy_path" $ }}/manifests/images-openstack.yaml + - $deploy/{{ include "understack.deploy_path" $ }}/helm-configs/openvswitch.yaml + - path: components/openvswitch/ + ref: understack + repoURL: {{ include "understack.understack_url" $ }} + targetRevision: {{ include "understack.understack_ref" $ }} + - path: {{ include "understack.deploy_path" $ }}/manifests/openvswitch + ref: deploy + repoURL: {{ include "understack.deploy_url" $ }} + targetRevision: {{ include "understack.deploy_ref" $ }} + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - ServerSideApply=false + - RespectIgnoreDifferences=true + - ApplyOutOfSyncOnly=true +{{- end }} diff --git a/charts/argocd-understack/templates/application-otel-collector.yaml.tpl b/charts/argocd-understack/templates/application-otel-collector.yaml.tpl index 35273c409..a87146fae 100644 --- a/charts/argocd-understack/templates/application-otel-collector.yaml.tpl +++ b/charts/argocd-understack/templates/application-otel-collector.yaml.tpl @@ -12,7 +12,7 @@ spec: server: {{ $.Values.cluster_server }} project: understack sources: - - path: {{ $.Release.Name }}/manifests/otel-collector + - path: {{ include "understack.deploy_path" $ }}/manifests/otel-collector ref: deploy repoURL: {{ include "understack.deploy_url" $ }} targetRevision: {{ include "understack.deploy_ref" $ }} diff --git a/charts/argocd-understack/templates/application-ovn.yaml.tpl b/charts/argocd-understack/templates/application-ovn.yaml.tpl new file mode 100644 index 000000000..d7ba699f3 --- /dev/null +++ b/charts/argocd-understack/templates/application-ovn.yaml.tpl @@ -0,0 +1,42 @@ +{{- if eq (include "understack.isEnabled" (list $.Values.site "ovn")) "true" }} +{{- $app := $.Values.site.ovn }} +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: {{ printf "%s-%s" $.Release.Name "ovn" }} +spec: + destination: + namespace: {{ $.Values.site.openstack.namespace }} + server: {{ $.Values.cluster_server }} + project: understack + sources: + - repoURL: https://tarballs.opendev.org/openstack/openstack-helm-infra + targetRevision: {{ $app.chartVersion }} + chart: ovn + helm: + ignoreMissingValueFiles: true + releaseName: ovn + valueFiles: + - $understack/components/images-openstack.yaml + - $understack/components/ovn/values.yaml + - $deploy/{{ include "understack.deploy_path" $ }}/manifests/secret-openstack.yaml + - $deploy/{{ include "understack.deploy_path" $ }}/manifests/images-openstack.yaml + - $deploy/{{ include "understack.deploy_path" $ }}/helm-configs/ovn.yaml + - path: components/ovn/ + ref: understack + repoURL: {{ include "understack.understack_url" $ }} + targetRevision: {{ include "understack.understack_ref" $ }} + - path: {{ include "understack.deploy_path" $ }}/manifests/ovn + ref: deploy + repoURL: {{ include "understack.deploy_url" $ }} + targetRevision: {{ include "understack.deploy_ref" $ }} + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - ServerSideApply=false + - RespectIgnoreDifferences=true + - ApplyOutOfSyncOnly=true +{{- end }} diff --git a/charts/argocd-understack/templates/application-rabbitmq-system.yaml.tpl b/charts/argocd-understack/templates/application-rabbitmq-system.yaml.tpl new file mode 100644 index 000000000..62a07b4fc --- /dev/null +++ b/charts/argocd-understack/templates/application-rabbitmq-system.yaml.tpl @@ -0,0 +1,31 @@ +{{- if or (eq (include "understack.isEnabled" (list $.Values.global "rabbitmq_system")) "true") (eq (include "understack.isEnabled" (list $.Values.site "rabbitmq_system")) "true") }} +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: {{ printf "%s-%s" $.Release.Name "rabbitmq-system" }} + annotations: + argocd.argoproj.io/compare-options: ServerSideDiff=true,IncludeMutationWebhook=true +spec: + destination: + namespace: rabbitmq-system + server: {{ $.Values.cluster_server }} + project: understack-operators + sources: + - path: operators/rabbitmq-system + ref: understack + repoURL: {{ include "understack.understack_url" $ }} + targetRevision: {{ include "understack.understack_ref" $ }} + syncPolicy: + automated: + prune: true + selfHeal: true + managedNamespaceMetadata: + annotations: + argocd.argoproj.io/sync-options: Delete=false + syncOptions: + - CreateNamespace=true + - ServerSideApply=true + - RespectIgnoreDifferences=true + - ApplyOutOfSyncOnly=true +{{- end }} diff --git a/charts/argocd-understack/templates/application-rook.yaml.tpl b/charts/argocd-understack/templates/application-rook.yaml.tpl index b46f63e73..064c9dff7 100644 --- a/charts/argocd-understack/templates/application-rook.yaml.tpl +++ b/charts/argocd-understack/templates/application-rook.yaml.tpl @@ -18,7 +18,7 @@ spec: releaseName: rook-ceph valueFiles: - $understack/operators/rook/values-operator.yaml - - $deploy/{{ $.Release.Name }}/helm-configs/rook-operator.yaml + - $deploy/{{ include "understack.deploy_path" $ }}/helm-configs/rook-operator.yaml repoURL: https://charts.rook.io/release targetRevision: v1.16.4 - chart: rook-ceph-cluster @@ -27,7 +27,7 @@ spec: releaseName: rook-ceph-cluster valueFiles: - $understack/operators/rook/values-cluster.yaml - - $deploy/{{ $.Release.Name }}/helm-configs/rook-cluster.yaml + - $deploy/{{ include "understack.deploy_path" $ }}/helm-configs/rook-cluster.yaml repoURL: https://charts.rook.io/release targetRevision: v1.16.4 - path: operators/rook diff --git a/charts/argocd-understack/templates/application-site-workflows.yaml.tpl b/charts/argocd-understack/templates/application-site-workflows.yaml.tpl index 3f85c1d0f..667368f25 100644 --- a/charts/argocd-understack/templates/application-site-workflows.yaml.tpl +++ b/charts/argocd-understack/templates/application-site-workflows.yaml.tpl @@ -16,7 +16,7 @@ spec: ref: understack repoURL: {{ include "understack.understack_url" $ }} targetRevision: {{ include "understack.understack_ref" $ }} - - path: {{ $.Release.Name }}/manifests/site-workflows + - path: {{ include "understack.deploy_path" $ }}/manifests/site-workflows ref: deploy repoURL: {{ include "understack.deploy_url" $ }} targetRevision: {{ include "understack.deploy_ref" $ }} diff --git a/charts/argocd-understack/templates/application-snmp-exporter.yaml.tpl b/charts/argocd-understack/templates/application-snmp-exporter.yaml.tpl index 3b76d1c54..36ee9263a 100644 --- a/charts/argocd-understack/templates/application-snmp-exporter.yaml.tpl +++ b/charts/argocd-understack/templates/application-snmp-exporter.yaml.tpl @@ -17,7 +17,7 @@ spec: ignoreMissingValueFiles: true releaseName: prometheus-snmp-exporter valueFiles: - - $deploy/{{ $.Release.Name }}/helm-configs/prometheus-snmp-exporter.yaml + - $deploy/{{ include "understack.deploy_path" $ }}/helm-configs/prometheus-snmp-exporter.yaml repoURL: https://prometheus-community.github.io/helm-charts targetRevision: 5.6.0 - ref: understack diff --git a/charts/argocd-understack/templates/application-understack-cluster-issuer.yaml.tpl b/charts/argocd-understack/templates/application-understack-cluster-issuer.yaml.tpl index 595eef4f7..010da8ea3 100644 --- a/charts/argocd-understack/templates/application-understack-cluster-issuer.yaml.tpl +++ b/charts/argocd-understack/templates/application-understack-cluster-issuer.yaml.tpl @@ -12,7 +12,7 @@ spec: server: {{ $.Values.cluster_server }} project: understack sources: - - path: {{ $.Release.Name }}/manifests/cert-manager + - path: {{ include "understack.deploy_path" $ }}/manifests/cert-manager ref: deploy repoURL: {{ include "understack.deploy_url" $ }} targetRevision: {{ include "understack.deploy_ref" $ }} diff --git a/charts/argocd-understack/templates/application-undersync.yaml.tpl b/charts/argocd-understack/templates/application-undersync.yaml.tpl index d3ef960af..267550d5f 100644 --- a/charts/argocd-understack/templates/application-undersync.yaml.tpl +++ b/charts/argocd-understack/templates/application-undersync.yaml.tpl @@ -16,7 +16,7 @@ spec: ref: understack repoURL: {{ include "understack.understack_url" $ }} targetRevision: {{ include "understack.understack_ref" $ }} - - path: {{ $.Release.Name }}/manifests/undersync + - path: {{ include "understack.deploy_path" $ }}/manifests/undersync ref: deploy repoURL: {{ include "understack.deploy_url" $ }} targetRevision: {{ include "understack.deploy_ref" $ }} diff --git a/charts/argocd-understack/values.yaml b/charts/argocd-understack/values.yaml index 19b896401..3bde8ada6 100644 --- a/charts/argocd-understack/values.yaml +++ b/charts/argocd-understack/values.yaml @@ -21,6 +21,12 @@ deploy_url: # @default -- HEAD deploy_ref: HEAD +# -- Optional prefix for the deployment repository path. When set, the path +# becomes "/" instead of just "". +# Example: "sites" would result in "sites/uc-iad3-prod/helm-configs/..." +# @default -- "" (no prefix, just Release.Name) +deploy_path_prefix: + # -- This block is for setting up the UnderStack global specific ArgoCD Applications global: # -- Enable/disable deploying the global specific applications @@ -51,6 +57,12 @@ global: # @default -- true enabled: true + # -- Envoy Gateway API gateway + envoy_gateway: + # -- Enable/disable deploying Envoy Gateway + # @default -- true + enabled: true + # etcd backup etcdbackup: # Enable/disable deploying etcdbackup @@ -93,6 +105,18 @@ global: # @default -- true enabled: true + # -- Nautobot Operator for Kubernetes + nautobotop: + # -- Enable/disable deploying Nautobot Operator + # @default -- true + enabled: true + + # -- OpenStack Resource Controller operator + openstack_resource_controller: + # -- Enable/disable deploying OpenStack Resource Controller + # @default -- true + enabled: true + # -- OpenTelemetry Operator opentelemetry_operator: # -- Enable/disable deploying opentelemetry-operator @@ -105,6 +129,12 @@ global: # @default -- true enabled: true + # -- RabbitMQ Cluster Operator + rabbitmq_system: + # -- Enable/disable deploying RabbitMQ operator + # @default -- true + enabled: true + # -- Rook rook: # -- Enable/disable deploying Rook @@ -135,6 +165,18 @@ site: # @default -- true enabled: true + # -- Envoy Gateway configurations (site-level routes and policies) + envoy_configs: + # -- Enable/disable deploying Envoy Gateway configs + # @default -- true + enabled: true + + # -- Envoy Gateway API gateway (site deployment) + envoy_gateway: + # -- Enable/disable deploying Envoy Gateway + # @default -- true + enabled: true + # etcd backup etcdbackup: # Enable/disable deploying etcdbackup @@ -147,6 +189,18 @@ site: # @default -- true enabled: true + # -- OpenStack Resource Controller operator (site deployment) + openstack_resource_controller: + # -- Enable/disable deploying OpenStack Resource Controller + # @default -- true + enabled: true + + # -- RabbitMQ Cluster Operator (site deployment) + rabbitmq_system: + # -- Enable/disable deploying RabbitMQ operator + # @default -- true + enabled: true + # Sealed Secrets operator sealed_secrets: # -- Enable/disable deploying sealed secrets @@ -177,7 +231,7 @@ site: wave: 1 # -- Chart version for Keystone # renovate: datasource=helm depName=keystone registryUrl=https://tarballs.opendev.org/openstack/openstack-helm - chartVersion: 2025.2.6+9b270fe35 + chartVersion: 2025.2.7+01c93d867 # -- Glance (Image Service) glance: @@ -189,7 +243,7 @@ site: wave: 2 # -- Chart version for Glance # renovate: datasource=helm depName=glance registryUrl=https://tarballs.opendev.org/openstack/openstack-helm - chartVersion: 2025.2.6+9b270fe35 + chartVersion: 2025.2.7+01c93d867 # -- Cinder (Block Storage Service) cinder: @@ -213,7 +267,7 @@ site: wave: 2 # -- Chart version for Ironic # renovate: datasource=helm depName=ironic registryUrl=https://tarballs.opendev.org/openstack/openstack-helm - chartVersion: 2025.2.5+e61f0342c + chartVersion: 2025.2.8+01c93d867 # -- Neutron (Networking Service) neutron: @@ -225,7 +279,7 @@ site: wave: 2 # -- Chart version for Neutron # renovate: datasource=helm depName=neutron registryUrl=https://tarballs.opendev.org/openstack/openstack-helm - chartVersion: 2025.2.12+9cc7c1ea9 + chartVersion: 2025.2.15+01c93d867 # -- Placement (Placement Service) placement: @@ -237,7 +291,7 @@ site: wave: 2 # -- Chart version for Placement # renovate: datasource=helm depName=placement registryUrl=https://tarballs.opendev.org/openstack/openstack-helm - chartVersion: 2025.2.4+9b270fe35 + chartVersion: 2025.2.5+01c93d867 # -- Nova (Compute Service) nova: @@ -261,7 +315,7 @@ site: wave: 3 # -- Chart version for Octavia # renovate: datasource=helm depName=octavia registryUrl=https://tarballs.opendev.org/openstack/openstack-helm - chartVersion: 2025.2.7+9b270fe35 + chartVersion: 2025.2.8+01c93d867 # -- Horizon (Dashboard) horizon: @@ -273,7 +327,7 @@ site: wave: 4 # -- Chart version for Horizon # renovate: datasource=helm depName=horizon registryUrl=https://tarballs.opendev.org/openstack/openstack-helm - chartVersion: 2025.2.3+9b270fe35 + chartVersion: 2025.2.4+01c93d867 # -- Skyline (Dashboard) skyline: @@ -284,8 +338,26 @@ site: # @default -- 4 wave: 4 # -- Chart version for Skyline - # renovate: datasource=helm depName=horizon registryUrl=https://tarballs.opendev.org/openstack/openstack-helm - chartVersion: 2025.2.3+b6bb28b51 + # renovate: datasource=helm depName=skyline registryUrl=https://tarballs.opendev.org/openstack/openstack-helm + chartVersion: 2025.2.5+01c93d867 + + # -- Open vSwitch (Networking) + openvswitch: + # -- Enable/disable deploying Open vSwitch + # @default -- true + enabled: true + # -- Chart version for Open vSwitch + # renovate: datasource=helm depName=openvswitch registryUrl=https://tarballs.opendev.org/openstack/openstack-helm + chartVersion: "2025.1.0" + + # -- OVN (Open Virtual Network) + ovn: + # -- Enable/disable deploying OVN + # @default -- true + enabled: true + # -- Chart version for OVN + # renovate: datasource=helm depName=ovn registryUrl=https://tarballs.opendev.org/openstack/openstack-helm-infra + chartVersion: "2024.2.0" # -- Argo Events configuration for event-driven workflows argo_events: diff --git a/docs/operator-guide/argocd-helm-chart.md b/docs/operator-guide/argocd-helm-chart.md new file mode 100644 index 000000000..5b4a4dda0 --- /dev/null +++ b/docs/operator-guide/argocd-helm-chart.md @@ -0,0 +1,409 @@ +# ArgoCD Application Management with Helm + +UnderStack provides a Helm chart (`argocd-understack`) that generates ArgoCD +Applications for deploying all UnderStack components. This approach provides +several advantages over ApplicationSets: + +- **Per-cluster version pinning**: Pin UnderStack to specific versions per cluster +- **Explicit component control**: Enable/disable components via values.yaml +- **Easier debugging**: Use `helm template` to preview generated Applications +- **Simpler mental model**: Standard Helm values instead of ApplicationSet generators + +## Chart Overview + +The chart is located at `charts/argocd-understack/` and generates ArgoCD +Application resources for: + +- **Infrastructure**: cert-manager, cilium, envoy-gateway, sealed-secrets, etc. +- **Operators**: CNPG, external-secrets, mariadb-operator, rabbitmq, rook, etc. +- **OpenStack**: keystone, glance, nova, neutron, ironic, etc. +- **Site Services**: argo-workflows, chrony, undersync, monitoring, etc. +- **Global Services**: dex, nautobot, nautobotop, etc. + +## Configuration + +### Basic Structure + +Each cluster requires a values file: + +```yaml +# Required: Cluster server URL +cluster_server: https://kubernetes.default.svc + +# UnderStack repository settings +understack_url: https://github.com/rackerlabs/understack.git +understack_ref: v1.0.0 # Pin to specific version + +# Deployment repository (required) +deploy_url: https://github.com/your-org/deploy.git +deploy_ref: HEAD + +# Optional: prefix for deploy repo path structure +# deploy_path_prefix: sites # Results in "sites//..." + +# Cluster type configuration +global: + enabled: false # Set true for global clusters + +site: + enabled: true # Set true for site clusters +``` + +### Enabling/Disabling Components + +Components can be enabled or disabled individually: + +```yaml +site: + enabled: true + + # Disable a component + octavia: + enabled: false + + # Enable with version override + keystone: + enabled: true + chartVersion: "2025.2.6+9b270fe35" +``` + +### Deploy Repository Path Prefix + +By default, the chart looks for cluster configs at `/helm-configs/` +and `/manifests/`. Use `deploy_path_prefix` to add a prefix: + +```yaml +deploy_path_prefix: sites # Results in "sites/my-cluster/helm-configs/..." +``` + +**Default structure:** + +```text +deploy-repo/ +├── uc-iad3-prod/ +│ ├── helm-configs/ +│ │ ├── keystone.yaml +│ │ └── ... +│ └── manifests/ +│ └── ... +└── uc-ord1-staging/ + └── ... +``` + +**With `deploy_path_prefix: sites`:** + +```text +deploy-repo/ +├── sites/ +│ ├── uc-iad3-prod/ +│ │ ├── helm-configs/ +│ │ └── manifests/ +│ └── uc-ord1-staging/ +│ └── ... +└── other-stuff/ + └── ... +``` + +### OpenStack Chart Versions + +OpenStack services can have their chart versions pinned: + +```yaml +site: + keystone: + chartVersion: "2025.2.6+9b270fe35" + glance: + chartVersion: "2025.2.6+9b270fe35" + nova: + chartVersion: "2025.1.19+12458c92d" +``` + +## Deployment + +### App-of-Apps Pattern + +Deploy the chart as an ArgoCD Application from the OCI registry: + +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: argocd-understack + namespace: argocd +spec: + project: understack + sources: + - repoURL: ghcr.io/rackerlabs/understack + chart: argocd-understack + targetRevision: 0.1.0 # Chart version + helm: + releaseName: my-cluster-name + valueFiles: + - $deploy/my-cluster-name/argocd-understack-values.yaml + - repoURL: https://github.com/your-org/deploy.git + targetRevision: HEAD + ref: deploy + destination: + server: https://kubernetes.default.svc + namespace: argocd + syncPolicy: + automated: + prune: true + selfHeal: true +``` + +For testing unreleased changes, reference the chart directly from git: + +```yaml +sources: + - repoURL: https://github.com/rackerlabs/understack.git + targetRevision: feature-branch + path: charts/argocd-understack + helm: + releaseName: my-cluster-name + valueFiles: + - $deploy/my-cluster-name/argocd-understack-values.yaml + - repoURL: https://github.com/your-org/deploy.git + targetRevision: HEAD + ref: deploy +``` + +### Preview Generated Applications + +Before deploying, preview what Applications will be created: + +```bash +helm template argocd-understack charts/argocd-understack \ + -f path/to/cluster-values.yaml +``` + +## Cluster Types + +### Global Cluster + +A global cluster hosts shared services like Nautobot and Dex: + +```yaml +understack_ref: v1.0.0 +deploy_url: https://github.com/your-org/deploy.git + +global: + enabled: true + nautobot: + enabled: true + dex: + enabled: true + nautobotop: + enabled: true + +site: + enabled: false +``` + +### Site Cluster + +A site cluster runs OpenStack and site-specific services: + +```yaml +understack_ref: v1.0.0 +deploy_url: https://github.com/your-org/deploy.git + +global: + enabled: false + +site: + enabled: true + keystone: + enabled: true + nova: + enabled: true + ironic: + enabled: true +``` + +### All-in-One (AIO) Cluster + +An AIO cluster runs both global and site services: + +```yaml +understack_ref: v1.0.0 +deploy_url: https://github.com/your-org/deploy.git + +global: + enabled: true + +site: + enabled: true +``` + +## ArgoCD Projects + +Applications are organized into three ArgoCD projects: + +| Project | Purpose | Components | +|---------|---------|------------| +| `understack` | Main project | OpenStack services, workflows, dex, nautobot | +| `understack-infra` | Infrastructure | Cilium, cert-manager, ingress-nginx, sealed-secrets | +| `understack-operators` | Operators | CNPG, MariaDB, External Secrets, RabbitMQ, monitoring | + +## Sync Policies + +The chart configures appropriate sync policies for each component type: + +| Component Type | ServerSideApply | ApplyOutOfSyncOnly | +|---------------|-----------------|-------------------| +| Infrastructure | true | true | +| Operators | true | true | +| OpenStack | false | true | +| Site Services | true | true | + +OpenStack uses `ServerSideApply=false` due to compatibility requirements +with Helm hooks that use `force=true`. + +## Troubleshooting + +### View Application Status + +```bash +# List all applications +kubectl get applications -n argocd + +# Watch for changes +kubectl get applications -n argocd -w + +# Use ArgoCD CLI +argocd app list --grpc-web +``` + +### Check Application Details + +```bash +# Kubernetes describe +kubectl describe application -n argocd + +# ArgoCD CLI with sync status +argocd app get --grpc-web +``` + +### Compare Generated vs Deployed + +```bash +# Generate expected Applications +helm template my-cluster charts/argocd-understack \ + -f cluster-values.yaml > expected.yaml + +# Get current Applications +kubectl get applications -n argocd -o yaml > current.yaml + +# Compare +diff expected.yaml current.yaml +``` + +### Application Not Creating + +1. Check the bootstrap Application status: + + ```bash + kubectl describe application argocd-understack -n argocd + ``` + +2. Verify values file is accessible and valid: + + ```bash + helm template test charts/argocd-understack -f your-values.yaml + ``` + +3. Check ArgoCD logs: + + ```bash + kubectl logs -n argocd -l app.kubernetes.io/name=argocd-application-controller + ``` + +### Sync Errors + +1. Check Application sync status: + + ```bash + argocd app get --grpc-web + ``` + +2. Review sync options - ensure correct `ServerSideApply` setting: + - OpenStack services: `ServerSideApply=false` + - Other components: `ServerSideApply=true` + +3. Check for resource conflicts: + + ```bash + kubectl get application -n argocd -o jsonpath='{.status.conditions}' + ``` + +### Component Not Appearing + +1. Verify component is enabled in values: + + ```yaml + site: + your_component: + enabled: true + ``` + +2. Check correct scope (`global` vs `site`) - some components exist in both + +3. Preview what the chart generates: + + ```bash + helm template my-cluster charts/argocd-understack \ + -f values.yaml | grep -A5 "name: my-cluster-your-component" + ``` + +### Resources Not Updating + +1. Check if `ApplyOutOfSyncOnly=true` is preventing updates: + + ```bash + # Force a sync + argocd app sync --grpc-web + ``` + +2. Verify the source revision is correct: + + ```bash + kubectl get application -n argocd \ + -o jsonpath='{.spec.source.targetRevision}' + ``` + +### Debugging Helm Values + +1. Check what values ArgoCD resolved: + + ```bash + argocd app manifests --grpc-web | head -100 + ``` + +2. Verify value file paths are correct (check for typos in `$deploy/` paths) + +3. Test locally: + + ```bash + helm template test charts/argocd-understack \ + -f values.yaml --debug + ``` + +## Values Reference + +See the full values.yaml in the chart for all available options: + +```bash +helm show values charts/argocd-understack +``` + +Key sections: + +- `cluster_server`: Target Kubernetes API server URL +- `understack_url`, `understack_ref`: UnderStack repository and version +- `deploy_url`, `deploy_ref`: Deployment repository and version +- `deploy_path_prefix`: Optional path prefix for deploy repo structure +- `global.*`: Global cluster components (nautobot, dex, etc.) +- `site.*`: Site cluster components (OpenStack, workflows, etc.) +- `site.openstack.*`: OpenStack-specific settings (namespace, repoUrl) +- `site..chartVersion`: Pin specific chart versions diff --git a/mkdocs.yml b/mkdocs.yml index 27f2fe454..62ed7d856 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -170,6 +170,7 @@ nav: - operator-guide/openstack-neutron.md - operator-guide/ovs-ovn.md - 'Infrastructure': + - operator-guide/argocd-helm-chart.md - operator-guide/workflows.md - operator-guide/monitoring.md - operator-guide/gateway-api.md diff --git a/scripts/e2e-test-setup.sh b/scripts/e2e-test-setup.sh new file mode 100755 index 000000000..7dc202260 --- /dev/null +++ b/scripts/e2e-test-setup.sh @@ -0,0 +1,165 @@ +#!/bin/bash +set -euo pipefail + +#SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +#PROJECT_ROOT="$(cd "${SCRIPT_DIR}/.." && pwd)" + +# Cluster names +MGMT_CLUSTER="mgmt" +GLOBAL_CLUSTER="global" +SITE_CLUSTER="site" + +cleanup() { + echo "Cleaning up clusters..." + kind delete cluster --name "${SITE_CLUSTER}" || true + kind delete cluster --name "${GLOBAL_CLUSTER}" || true + kind delete cluster --name "${MGMT_CLUSTER}" || true +} + +create_clusters() { + echo "Creating management cluster..." + kind create cluster --name "${MGMT_CLUSTER}" + + echo "Creating global cluster..." + kind create cluster --name "${GLOBAL_CLUSTER}" + + echo "Creating site cluster..." + kind create cluster --name "${SITE_CLUSTER}" +} + +install_argocd() { + echo "Installing ArgoCD..." + kubectl --context "kind-${MGMT_CLUSTER}" create namespace argocd + kubectl --context "kind-${MGMT_CLUSTER}" apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml + + # Wait for ArgoCD to be ready + kubectl --context "kind-${MGMT_CLUSTER}" wait --for=condition=available --timeout=300s deployment/argocd-server -n argocd +} + +setup_cluster_access() { + echo "Setting up cluster access..." + + # Register global cluster + register_cluster "${GLOBAL_CLUSTER}" "global" + + # Register site cluster + register_cluster "${SITE_CLUSTER}" "site" + + # Verify clusters are registered + verify_clusters +} + +verify_clusters() { + echo "Verifying cluster registration..." + + local max_attempts=30 + local attempt=0 + + while [ $attempt -lt $max_attempts ]; do + local registered_clusters + registered_clusters=$(kubectl --context "kind-${MGMT_CLUSTER}" get secrets -n argocd -l argocd.argoproj.io/secret-type=cluster -o name | wc -l) + + if [ "$registered_clusters" -ge 2 ]; then + echo "✓ All clusters registered successfully" + kubectl --context "kind-${MGMT_CLUSTER}" get secrets -n argocd -l argocd.argoproj.io/secret-type=cluster -o custom-columns=NAME:.metadata.name,CLUSTER:.stringData.name + return 0 + fi + + echo "Waiting for clusters to register... ($((attempt + 1))/$max_attempts)" + sleep 2 + ((attempt++)) + done + + echo "✗ Cluster registration verification failed" + return 1 +} + +register_cluster() { + local cluster_name="$1" + local cluster_role="$2" + echo "Registering ${cluster_name} cluster with ArgoCD..." + + # Get cluster config + TARGET_SERVER=$(kubectl --context "kind-${cluster_name}" config view --minify -o jsonpath='{.clusters[0].cluster.server}') + TARGET_CA=$(kubectl --context "kind-${cluster_name}" config view --raw --minify --flatten -o jsonpath='{.clusters[0].cluster.certificate-authority-data}') + + # Create service account in target cluster + kubectl --context "kind-${cluster_name}" apply -f - <