From 180ea26a6c330776ab5c52786a0088a77e179941 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oliver=20B=C3=A4hler?= Date: Mon, 1 May 2023 11:46:28 +0200 Subject: [PATCH] [vcluster]: deprecation remove gitops component (#90) * deprecation: remove gitops component * fix: update helm-docs --- charts/vcluster/Chart.yaml | 2 +- charts/vcluster/README.md | 39 +- charts/vcluster/README.md.gotmpl | 42 +- .../addons/scripts/configure-current.sh | 17 +- .../addons/scripts/configure-vcluster.sh | 3 +- charts/vcluster/ci/kubeconfig-values.yaml | 2 - charts/vcluster/ci/lifecycle-values.yaml | 3 - charts/vcluster/ci/scheduling-values.yaml | 2 - .../components/gitops/_templates.tpl | 394 ---------------- .../components/gitops/argocd-values.yaml | 14 - .../gitops/flux/bootstrap-argo.yaml | 67 --- .../components/gitops/flux/inventory.yaml | 71 --- .../components/gitops/flux/substitution.yaml | 12 - .../components/gitops/manifests.yaml | 21 - .../kubernetes/admin/deployment.yaml | 5 - .../components/kubernetes/admin/scripts.yaml | 17 - .../vcluster/templates/lifecycle/setup.yaml | 13 - charts/vcluster/templates/pkg/_argo.tpl | 430 ------------------ .../templates/pkg/_extra-manifests.tpl | 125 ----- charts/vcluster/templates/pkg/_functions.tpl | 65 +++ charts/vcluster/templates/pkg/_scripts.tpl | 11 - .../vcluster/templates/pkg/_substitution.tpl | 49 ++ charts/vcluster/values.yaml | 179 -------- 23 files changed, 120 insertions(+), 1463 deletions(-) delete mode 100644 charts/vcluster/templates/components/gitops/_templates.tpl delete mode 100644 charts/vcluster/templates/components/gitops/argocd-values.yaml delete mode 100644 charts/vcluster/templates/components/gitops/flux/bootstrap-argo.yaml delete mode 100644 charts/vcluster/templates/components/gitops/flux/inventory.yaml delete mode 100644 charts/vcluster/templates/components/gitops/flux/substitution.yaml delete mode 100644 charts/vcluster/templates/components/gitops/manifests.yaml delete mode 100644 charts/vcluster/templates/components/kubernetes/admin/scripts.yaml delete mode 100644 charts/vcluster/templates/pkg/_argo.tpl delete mode 100644 charts/vcluster/templates/pkg/_extra-manifests.tpl create mode 100644 charts/vcluster/templates/pkg/_functions.tpl delete mode 100644 charts/vcluster/templates/pkg/_scripts.tpl create mode 100644 charts/vcluster/templates/pkg/_substitution.tpl diff --git a/charts/vcluster/Chart.yaml b/charts/vcluster/Chart.yaml index c2cc03c3..18f95f54 100644 --- a/charts/vcluster/Chart.yaml +++ b/charts/vcluster/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: vcluster description: Virtual Kubernetes Cluster type: application -version: 0.3.4 +version: 0.4.0 appVersion: 0.1.0 keywords: - vcluster diff --git a/charts/vcluster/README.md b/charts/vcluster/README.md index ccd8d743..b2238519 100644 --- a/charts/vcluster/README.md +++ b/charts/vcluster/README.md @@ -2,7 +2,7 @@ __This Chart is under active development! We try to improve documentation and values consistency over time__ -![Version: 0.3.4](https://img.shields.io/badge/Version-0.3.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 0.4.0](https://img.shields.io/badge/Version-0.4.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) Virtual Kubernetes Cluster @@ -64,40 +64,12 @@ Based on [Cluster Autoscaler](https://github.com/kubernetes/autoscaler). Allows to scale Kubernetes clusters based on the number of pods and nodes. The component is deployed as a single deployment with a `controller` container. Since it's deployed on a hosting cluster, it's possible to downscale workers to zero and scale up again. -## GitOps - # Guides ## Exposure ### Admission -## ArgoCD Access - -### Forwards the ArgoCD UI to your local machine - -We must forward the ArgoCD within the new cluster in the kubectl client. -You can access the ArgoCD UI by running the following command: - -```bash -# Execute Kubectl Container -kubectl exec -it test-cluster-kubectl sh -n machine-controller2 - -# Extract Admin Password -kubectl get secret -n argocd argocd-initial-admin-secret -o jsonpath='{.data.password}' | base64 -d - -# Forward ArgoCD UI -kubectl port-forward svc/argocd-server 8080:80 -n argocd -``` - -Open second terminal and run the following command: - -```bash -kubectl port-forward pod/test-cluster-kubectl 9191:8080 -n machine-controller2 -``` - -Access the ArgoCD UI by opening [http://localhost:9191]( http://localhost:9191) in your browser. Login with `admin` and previously extract password. - # Values ## Globals @@ -900,11 +872,4 @@ Available Values for the [Autsocaler component](#autoscaler). | autoscaler.metrics.serviceMonitor.labels | object | `{}` | Assign additional labels according to Prometheus' serviceMonitorSelector matching labels | | autoscaler.metrics.serviceMonitor.matchLabels | object | `{}` | Change matching labels | | autoscaler.metrics.serviceMonitor.namespace | string | `""` | Install the ServiceMonitor into a different Namespace, as the monitoring stack one (default: the release one) | -| autoscaler.metrics.serviceMonitor.targetLabels | list | `[]` | Set targetLabels for the serviceMonitor | - -## GitOps Values - ---- - -Available Values for the [Gitops component](#gitops). - +| autoscaler.metrics.serviceMonitor.targetLabels | list | `[]` | Set targetLabels for the serviceMonitor | \ No newline at end of file diff --git a/charts/vcluster/README.md.gotmpl b/charts/vcluster/README.md.gotmpl index 71f142dc..2b24defd 100644 --- a/charts/vcluster/README.md.gotmpl +++ b/charts/vcluster/README.md.gotmpl @@ -75,10 +75,6 @@ Based on [Cluster Autoscaler](https://github.com/kubernetes/autoscaler). Allows to scale Kubernetes clusters based on the number of pods and nodes. The component is deployed as a single deployment with a `controller` container. Since it's deployed on a hosting cluster, it's possible to downscale workers to zero and scale up again. -## GitOps - - - # Guides @@ -89,35 +85,6 @@ The component is deployed as a single deployment with a `controller` container. -## ArgoCD Access - - -### Forwards the ArgoCD UI to your local machine - -We must forward the ArgoCD within the new cluster in the kubectl client. -You can access the ArgoCD UI by running the following command: - -```bash -# Execute Kubectl Container -kubectl exec -it test-cluster-kubectl sh -n machine-controller2 - -# Extract Admin Password -kubectl get secret -n argocd argocd-initial-admin-secret -o jsonpath='{.data.password}' | base64 -d - -# Forward ArgoCD UI -kubectl port-forward svc/argocd-server 8080:80 -n argocd -``` - -Open second terminal and run the following command: - -```bash -kubectl port-forward pod/test-cluster-kubectl 9191:8080 -n machine-controller2 -``` - -Access the ArgoCD UI by opening [http://localhost:9191]( http://localhost:9191) in your browser. Login with `admin` and previously extract password. - - - # Values {{- define "table.heading" }} @@ -434,11 +401,4 @@ Available Values for the [Autsocaler component](#autoscaler). {{- if and (hasPrefix "autoscaler." .Key) (contains "metrics" .Key) }} | {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | {{- end }} -{{- end }} - -## GitOps Values - ---- - -Available Values for the [Gitops component](#gitops). - +{{- end }} \ No newline at end of file diff --git a/charts/vcluster/addons/scripts/configure-current.sh b/charts/vcluster/addons/scripts/configure-current.sh index 29e23822..12197b39 100644 --- a/charts/vcluster/addons/scripts/configure-current.sh +++ b/charts/vcluster/addons/scripts/configure-current.sh @@ -1,16 +1,10 @@ -{{- $manifest := $.Values.gitops -}} -{{- $argocd := $manifest.argocd -}} {{- $lifecycle := $.Values.lifecycle -}} #!/bin/bash # ------------------------------------------------------------------------------ # Functions # ------------------------------------------------------------------------------ -{{- include "gitops.converter.script.functions" $ | nindent 0 }} - -# ------------------------------------------------------------------------------ -# GitOps Setup -# ------------------------------------------------------------------------------ +{{- include "pkg.functions.kubernetes" $ | nindent 0 }} # -- Convert Kubeconfigs @@ -22,15 +16,6 @@ C_CERT=$(base64 /pki/admin-client/tls.crt | tr -d '\n') C_KEY=$(base64 /pki/admin-client/tls.key | tr -d '\n') {{- $kubeconfigs := $.Values.lifecycle.kubeconfigs }} - -{{- if (include "gitops.enabled" $) }}{{"\n"}} - {{/* Add Default Flux Kubeconfig */}} - {{- $kubeconfigs = append $kubeconfigs (dict "name" (include "gitops.converter.flux.secretName" $) "key" (include "gitops.converter.secretKey" $)) }} - - {{/* Add Default Argo Kubeconfig */}} - {{- $kubeconfigs = append $kubeconfigs (dict "name" (include "gitops.converter.argocd.secretName" $) "type" "argo") }} -{{- end -}}{{"\n"}} - # Iterate over all kubeconfigs {{- range $kubeconfigs }}{{"\n"}} {{- $name := (include "pkg.utils.template" (dict "tpl" (required "kubeconfig.name is required" .name) "ctx" $)) -}} diff --git a/charts/vcluster/addons/scripts/configure-vcluster.sh b/charts/vcluster/addons/scripts/configure-vcluster.sh index ae5150df..d58d0783 100644 --- a/charts/vcluster/addons/scripts/configure-vcluster.sh +++ b/charts/vcluster/addons/scripts/configure-vcluster.sh @@ -1,7 +1,6 @@ {{- $kubernetes := $.Values.kubernetes -}} {{- $fullName := include "kubernetes.fullname" . -}} {{- $lifecycle := $.Values.lifecycle -}} -{{- $argocd := $.Values.gitops.argocd -}} #!/bin/bash ENDPOINT=$(awk -F'[ "]+' '$1 == "controlPlaneEndpoint:" {print $2}' /config/kubeadmcfg.yaml) # Decrypt Cert Data to Base64 @@ -12,7 +11,7 @@ C_KEY=$(base64 /pki/admin-client/tls.key | tr -d '\n') # ------------------------------------------------------------------------------ # Functions # ------------------------------------------------------------------------------ -{{- include "gitops.converter.script.functions" $ | nindent 0 }} +{{- include "pkg.functions.kubernetes" $ | nindent 0 }} # ------------------------------------------------------------------------------ # Cluster configuration diff --git a/charts/vcluster/ci/kubeconfig-values.yaml b/charts/vcluster/ci/kubeconfig-values.yaml index 04bf4749..86d7afbc 100644 --- a/charts/vcluster/ci/kubeconfig-values.yaml +++ b/charts/vcluster/ci/kubeconfig-values.yaml @@ -12,8 +12,6 @@ lifecycle: type: argo - endpoint: external name: external-access -gitops: - enabled: false osm: enabled: false kubernetes: diff --git a/charts/vcluster/ci/lifecycle-values.yaml b/charts/vcluster/ci/lifecycle-values.yaml index 9b3098ae..4d396830 100644 --- a/charts/vcluster/ci/lifecycle-values.yaml +++ b/charts/vcluster/ci/lifecycle-values.yaml @@ -44,7 +44,6 @@ global: topologySpreadConstraints: [] lifecycle: - jobs: reconciler: true labels: @@ -57,8 +56,6 @@ lifecycle: type: argo - endpoint: external name: external-access -gitops: - enabled: false osm: enabled: false kubernetes: diff --git a/charts/vcluster/ci/scheduling-values.yaml b/charts/vcluster/ci/scheduling-values.yaml index f0b994d5..839990f8 100644 --- a/charts/vcluster/ci/scheduling-values.yaml +++ b/charts/vcluster/ci/scheduling-values.yaml @@ -64,5 +64,3 @@ autoscaler: maxReplicas: 5 targetCPUUtilizationPercentage: 80 targetMemoryUtilizationPercentage: 75 - - diff --git a/charts/vcluster/templates/components/gitops/_templates.tpl b/charts/vcluster/templates/components/gitops/_templates.tpl deleted file mode 100644 index 149d2ab4..00000000 --- a/charts/vcluster/templates/components/gitops/_templates.tpl +++ /dev/null @@ -1,394 +0,0 @@ -{{/* -Component enabled -*/}} -{{- define "gitops.enabled" -}} -{{- $component := $.Values.gitops -}} - {{- if $component.enabled -}} - {{- true -}} - {{- end -}} -{{- end }} - -{{/* -Component Manifests directory -*/}} -{{- define "gitops.manifests.dir" -}} -{{- printf "manifests/%s/" (include "gitops.component" $) -}} -{{- end }} - -{{/* -Component Manifests -*/}} -{{- define "gitops.manifests" -}} -{{- printf "%s/**.yaml" (include "gitops.manifests.dir" $) -}} -{{- end }} - - -{{/* -Component Manifests Configmap/Secret name -*/}} -{{- define "gitops.manifests.name" -}} -{{- printf "%s-manifests" (include "gitops.fullname" $) -}} -{{- end }} - -{{/* - Component -*/}} -{{- define "gitops.component" -}} -gitops -{{- end }} - -{{/* -Expand the name of the chart. -*/}} -{{- define "gitops.name" -}} -{{- include "gitops.component" $ -}} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "gitops.fullname" -}} -{{- $name := include "gitops.component" $ }} -{{- printf "%s-%s" (include "pkg.cluster.name" $) $name | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* - Base labels (Base) -*/}} -{{- define "gitops.labels" -}} -{{ include "pkg.common.labels" $ }} -{{ include "gitops.selectorLabels" $ }} -{{- end }} - -{{/* - Selector labels (Base) -*/}} -{{- define "gitops.selectorLabels" -}} -{{ include "pkg.common.labels.part-of" $ }}: {{ include "gitops.component" $ }} -{{ include "pkg.common.labels.component" $ }}: {{ include "gitops.component" $ }} -{{ include "pkg.common.selectors" $ }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "gitops.serviceAccountName" -}} -{{- $manifest := $.Values.gitops -}} -{{- if $manifest.serviceAccount.create }} -{{- default (include "gitops.fullname" $) $manifest.serviceAccount.name }} -{{- else }} -{{- default "default" $manifest.serviceAccount.name }} -{{- end }} -{{- end }} - -{{/* - Manifests Checksum -*/}} -{{- define "gitops.manifests.checksum" -}} -checksum/manifests: {{ (.Files.Glob (printf "%s/manifests/**.yaml" (include "components.gitops.dir" $)) | toYaml | sha256sum | quote) }} -{{- end }} - - - -{{/* Volumes for Admission Pod */}} -{{- define "gitops.volumes" -}} -- name: gitops-manifests - secret: - defaultMode: 420 - secretName: {{ include "gitops.manifests.name" $ }} -{{- end -}} - - -{{/* VolumeMounts */}} -{{- define "gitops.volumemounts" -}} -- name: gitops-manifests - mountPath: {{ include "gitops.volumemounts.manifests.path" $ }} - readOnly: true -{{- end -}} - -{{/* MountPath for Manifests */}} -{{- define "gitops.volumemounts.manifests.path" -}} -/tmp/gitops/manifests/ -{{- end -}} - -{{/* - Ensure All -*/}} -{{- define "gitops.ensure-resources" -}} - {{- include "gitops.manifest-create" $ | nindent 0 }} -{{- end -}} - -{{/* - Ensure Manifests -*/}} -{{- define "gitops.manifest-create" -}} - {{- if (include "gitops.manifest-exist" $) -}} -if ! [ `find {{ include "gitops.volumemounts.manifests.path" $ }} -prune -empty 2>/dev/null` ]; then - {{- if (include "gitops.enabled" $) }} - # Apply Machine Controller Manifests - kubectl apply -f {{ include "gitops.volumemounts.manifests.path" $ }} - {{- else }} - {{- if $.Values.gitops.component.removeManifestsOnDisable }} - # Delete Machine Controller Manifests - kubectl delete -f {{ include "gitops.volumemounts.manifests.path" $ }} 2>/dev/null || true - {{- end }} - {{- end }} -fi - {{- end }} -{{- end -}} - - -{{/* - Validate if any Manifests are rendered -*/}} -{{- define "gitops.manifest-exist" -}} - {{- $files := .Files.Glob (include "gitops.manifests" $) -}} - {{- if $files -}} - {{- true -}} - {{- end -}} -{{- end -}} - - -{{/* - Flux Enabled indicator -*/}} -{{- define "gitops.flux.enabled" -}} - {{- $manifest := $.Values.gitops -}} - {{- if $manifest.flux.enabled -}} - {{- true -}} - {{- end -}} -{{- end -}} - - -{{/* - Kubeconfig Secret Name (Flux) -*/}} -{{- define "gitops.converter.flux.secretName" -}} -{{- printf "%s-kubernetes-admin-flux" (include "pkg.cluster.name" $) -}} -{{- end -}} - -{{/* - Kubeconfig Secret Name (Flux) -*/}} -{{- define "gitops.converter.argocd.secretName" -}} -{{- printf "%s-kubernetes-admin-argocd" (include "pkg.cluster.name" $) -}} -{{- end -}} - -{{/* - Kubeconfig Secret Key -*/}} -{{- define "gitops.converter.secretKey" -}} -kubeconfig -{{- end -}} - - -{{/* - Useful Script Functions -*/}} -{{- define "gitops.converter.script.functions" -}} -# Perform Client Dry-Run -k8s::dry-run() { - object=${1} - if kubectl create --dry-run=client -f - <<< "$object" >/dev/null; then - return 0 - else - return 1 - fi -} - -# Always Updates Object -k8s::replace_or_create() { - object=${1} - if k8s::dry-run "${object}"; then - if ! kubectl get -f - <<< "$object" >/dev/null 2>/dev/null; then - if kubectl create -f - <<< "$object" >/dev/null; then - echo "🦄 Created Object" - return 0 - else - return 1 - fi - else - if kubectl replace --force -f - <<< "$object" >/dev/null; then - echo "🦄 Updated Object" - else - return 1 - fi - return 0 - fi - else - return 1 - fi -} - -## Create an Object if it does not exist -k8s::create_if_not_present() { - object=${1} - if k8s::dry-run "${object}"; then - if kubectl create --dry-run=server -f - <<< "$object" >/dev/null 2>/dev/null; then - kubectl create -f - <<< "$object" >/dev/null - echo "🦄 Created Object" - return 0 - else - echo "🦄 Object already present" - return 0 - fi - else - return 1 - fi -} - -## Set Kubeconfig (Use Mounted) -kcfg::toggle() { - export KUBECONFIG="{{ template "pkg.cluster.cp.env.mount" $ }}" -} - -## Unset Kubeconfig (Use Serviceaccount) -kcfg::untoggle() { - unset KUBECONFIG -} -{{- end -}} - -{{/* Template fpr Flux Cluster Secret */}} -{{- define "gitops.converter.script.tpl.flux" -}} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "gitops.converter.flux.secretName" $ }} - labels: {{- include "gitops.labels" . | nindent 4 }} - namespace: {{ .Release.Namespace }} -stringData: - {{- include "gitops.converter.secretKey" $ | nindent 2 }}: | - apiVersion: v1 - clusters: - - cluster: - certificate-authority-data: ${CA} - server: {{ include "pkg.cluster.endpoint.internal" $ }} - name: default-cluster - contexts: - - context: - cluster: default-cluster - namespace: default - user: default-auth - name: default-context - current-context: default-context - kind: Config - preferences: {} - users: - - name: default-auth - user: - client-certificate-data: "${C_CERT}" - client-key-data: "${C_KEY}" -{{- end -}} - - -{{/* Template for ArgoCD Cluster Secret */}} -{{- define "gitops.converter.script.tpl.argo" -}} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "gitops.converter.argocd.secretName" $ }} - namespace: {{ $.Release.Namespace}} - labels: {{- include "gitops.labels" . | nindent 4 }} - argocd.argoproj.io/secret-type: cluster -type: Opaque -stringData: - name: {{ include "pkg.cluster.name" $ }} - server: {{ include "pkg.cluster.endpoint.internal" $ }} - config: | - { - "tlsClientConfig": { - "insecure": false, - "caData": "${CA}", - "keyData": "${C_KEY}", - "certData": "${C_CERT}" - } - } -{{- end -}} - - - -{{/* - Inventory Sync Ref -*/}} -{{- define "gitops.inventory.reference" -}} - {{- $manifest := $.Values.gitops -}} - {{- with $manifest.inventory.repository.ref -}} - {{- (tpl . $) -}} - {{- end -}} -{{- end -}} - -{{/* - Inventory Sync Path -*/}} -{{- define "gitops.inventory.path" -}} - {{- $manifest := $.Values.gitops -}} - {{- $path := printf "./clusters/%s" (include "pkg.cluster.name" $) -}} - {{- with $manifest.inventory.repository.path -}} - {{- $path = (tpl . $) -}} - {{- end -}} - {{- $path -}} -{{- end -}} - -{{/* - Substitution Variables -*/}} -{{- define "gitops.substition.variables" -}} - - {{/* Custom Properties */}} - {{- include "gitops.substition.properties" $ | nindent 0 }} - - {{/* Common Variables */}} -cluster_name: {{ include "pkg.cluster.name" $ }} - {{- with (include "pkg.argo.destination" $) }} -argo_cluster_name: {{ . }} - {{- end }} - {{- with (include "pkg.images.registry.url" $) }} -registry_host: {{ . }} - {{- end }} - {{- with (include "pkg.common.proxy.host" $) }} -proxy: {{ . | quote }} - {{- end }} - {{- with (include "pkg.common.proxy.no_proxy" $) }} -no_proxy: {{ . | quote }} - {{- end }} - {{- with (include "pkg.utils.tz" $) }} -timezone: {{ . }} - {{- end }} - {{- with (include "kubernetes.api.endpointIP" $) }} -kubernetes_api_ip: {{ . | quote }} - {{- end }} - {{- with (include "kubernetes.api.endpointPort" $) }} -kubernetes_api_port: {{ . | quote }} - {{- end }} -{{- end -}} - -{{/* - Substitution Variables (Evnironment Variables) -*/}} -{{- define "gitops.substition.variables.env" -}} - {{- $vars := (fromYaml (include "gitops.substition.variables" $)) -}} - {{- range $key, $value := $vars }} -- name: {{ $key }} - value: {{ $value | quote }} - {{- end -}} -{{- end -}} - - -{{- define "gitops.substition.properties" -}} - {{/* Cluster Properties */}} - {{- range $prop, $value := $.Values.cluster.properties }} - {{- if (kindIs "slice" $value) }} - {{- range $i, $v := $value }} -{{- include "pkg.utils.envvar" (printf "%s_%s" ($prop | toString) ($i | toString)) | nindent 0 }}: {{ $v | quote }} - {{- end }} - {{- else if (kindIs "dict" $value) }} - {{/* Not Supported */}}} - {{- else }} -{{- include "pkg.utils.envvar" ($prop | toString) | nindent 0 }}: {{ $value | quote }} - {{- end }} - {{- end }} -{{- end -}} diff --git a/charts/vcluster/templates/components/gitops/argocd-values.yaml b/charts/vcluster/templates/components/gitops/argocd-values.yaml deleted file mode 100644 index e43a3476..00000000 --- a/charts/vcluster/templates/components/gitops/argocd-values.yaml +++ /dev/null @@ -1,14 +0,0 @@ - -{{- if (include "gitops.enabled" $) -}} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "gitops.fullname" . }}-argocd-values - labels: - {{- include "gitops.labels" . | nindent 4 }} - namespace: {{ .Release.Namespace }} -stringData: - values.yaml: | - {{- include "pkg.argo.values" $ | nindent 4 }} -{{- end -}} diff --git a/charts/vcluster/templates/components/gitops/flux/bootstrap-argo.yaml b/charts/vcluster/templates/components/gitops/flux/bootstrap-argo.yaml deleted file mode 100644 index 585431c4..00000000 --- a/charts/vcluster/templates/components/gitops/flux/bootstrap-argo.yaml +++ /dev/null @@ -1,67 +0,0 @@ -{{/* - Use Flux to deploy Argo to the target cluster -*/}} -{{- $gitops := $.Values.gitops -}} -{{- $manifest := $gitops.argocd -}} -{{- if (include "gitops.flux.enabled" $) -}} - {{- if $manifest.enabled -}} ---- -apiVersion: source.toolkit.fluxcd.io/v1beta2 -kind: HelmRepository -metadata: - name: {{ include "pkg.cluster.name" $ }}-argocd - namespace: {{ .Release.Namespace }} -spec: - {{- with $gitops.flux.interval }} - interval: {{ . }} - {{- end }} - {{- with $manifest.bootstrap }} - url: {{ .repoURL }} - {{- end }} ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: {{ include "pkg.cluster.name" $ }}-argocd - namespace: {{ .Release.Namespace }} -spec: - releaseName: {{ include "pkg.argo.release" $ }} - {{- with $gitops.flux.interval }} - interval: {{ . }} - {{- end }} - targetNamespace: {{ include "pkg.argo.release.namespace" $ }} - {{- with $manifest.bootstrap }} - chart: - spec: - chart: {{ .chart }} - version: {{ .targetRevision }} - sourceRef: - kind: HelmRepository - name: {{ include "pkg.cluster.name" $ }}-argocd - namespace: {{ $.Release.Namespace }} - {{- end }} - test: - enable: true - ignoreFailures: true - install: - remediation: - retries: -1 - remediateLastFailure: false - {{- if $manifest.incluster }} - createNamespace: true - {{- end }} - upgrade: - remediation: - remediateLastFailure: false - {{- if $manifest.incluster }} - kubeConfig: - secretRef: - name: {{ include "gitops.converter.flux.secretName" $ }} - key: {{ include "gitops.converter.secretKey" $ }} - {{- end }} - valuesFrom: - - kind: Secret - name: {{ include "pkg.argo.release.values.secret" $ }} - valuesKey: values.yaml - {{- end -}} -{{- end -}} diff --git a/charts/vcluster/templates/components/gitops/flux/inventory.yaml b/charts/vcluster/templates/components/gitops/flux/inventory.yaml deleted file mode 100644 index 30b313c7..00000000 --- a/charts/vcluster/templates/components/gitops/flux/inventory.yaml +++ /dev/null @@ -1,71 +0,0 @@ - -{{/* Inventory Sync with Flux Resources */}} -{{- $manifest := $.Values.gitops -}} -{{- $inventory := $manifest.inventory -}} -{{- if (include "gitops.flux.enabled" $) -}} - {{- if $inventory.enabled -}} - {{- $name := printf "%s-inventory" (include "gitops.fullname" $) -}} ---- -apiVersion: source.toolkit.fluxcd.io/v1beta2 -kind: GitRepository -metadata: - name: {{ $name }} - labels: {{- include "gitops.labels" . | nindent 4 }} - namespace: {{ .Release.Namespace }} -spec: - interval: {{ default "5m" $manifest.flux.interval }} - ref: - branch: {{ include "gitops.inventory.reference" $ }} - url: {{ required "Repository URL for Inventory is required ($.Values.gitops.inventory.repository.url)" $inventory.repository.url }} - {{- if or ($manifest.token) ($inventory.repository.token) }} - secretRef: - name: {{ $name }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ $name }} - labels: {{- include "gitops.labels" . | nindent 4 }} - namespace: {{ .Release.Namespace }} -stringData: - {{- if $manifest.token }} - password: {{ $manifest.token }} - {{- end }} - {{- if $inventory.repository.token }} - password: {{ $inventory.repository.token }} - {{- end }} - username: "token" - {{- end }} ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: {{ $name }} - labels: {{- include "gitops.labels" . | nindent 4 }} - namespace: {{ .Release.Namespace }} -spec: - interval: {{ default "5m" $manifest.flux.interval }} - prune: {{ $manifest.flux.prune }} - path: {{ include "gitops.inventory.path" $ }} - sourceRef: - kind: GitRepository - name: {{ $name }} - namespace: {{ .Release.Namespace }} - kubeConfig: - secretRef: - name: {{ include "gitops.converter.flux.secretName" $ }} - key: {{ include "gitops.converter.secretKey" $ }} - {{- with $manifest.flux.secretReference }} - {{- if .enabled }} - decryption: - provider: sops - secretRef: - name: {{ .name }} - {{- end }} - {{- end }} - postBuild: - substituteFrom: - - kind: Secret - name: {{ include "gitops.fullname" $ }}-flux-subs - {{- end -}} -{{- end -}} diff --git a/charts/vcluster/templates/components/gitops/flux/substitution.yaml b/charts/vcluster/templates/components/gitops/flux/substitution.yaml deleted file mode 100644 index 691ff059..00000000 --- a/charts/vcluster/templates/components/gitops/flux/substitution.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if (include "gitops.flux.enabled" $) -}} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "gitops.fullname" . }}-flux-subs - labels: {{- include "gitops.labels" $ | nindent 4 }} - namespace: {{ .Release.Namespace }} -type: Opaque -stringData: - {{- include "gitops.substition.variables" $ | nindent 4 }} -{{- end -}} diff --git a/charts/vcluster/templates/components/gitops/manifests.yaml b/charts/vcluster/templates/components/gitops/manifests.yaml deleted file mode 100644 index b090432f..00000000 --- a/charts/vcluster/templates/components/gitops/manifests.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{/* - Always Create Manifests Secret. - This way the in cluster resources can be removed if a component is disabled -*/}} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "gitops.manifests.name" $ }} - labels: - {{- include "gitops.labels" . | nindent 4 }} - namespace: {{ .Release.Namespace }} -stringData: - {{ range $path, $_ := .Files.Glob (include "gitops.manifests" $) }} - {{- with $ -}} - {{- $content := (tpl (.Files.Get $path) .) -}} - {{- if ($content | nospace) }} - {{- base $path | nindent 4 }}: | {{- $content | nindent 6 }} - {{- end }} - {{- end -}} - {{- end }} diff --git a/charts/vcluster/templates/components/kubernetes/admin/deployment.yaml b/charts/vcluster/templates/components/kubernetes/admin/deployment.yaml index ade9e0b1..2513c10d 100644 --- a/charts/vcluster/templates/components/kubernetes/admin/deployment.yaml +++ b/charts/vcluster/templates/components/kubernetes/admin/deployment.yaml @@ -119,8 +119,6 @@ spec: {{- end }} volumeMounts: {{- include "pkg.cluster.cp.vms" $ | nindent 8 }} - - mountPath: /addons - name: addon-scripts - mountPath: /cache name: cache {{- if or $kubernetes.extraManifests $kubernetes.konnectivity.server.enabled $kubernetes.konnectivity.agent.enabled }} @@ -161,9 +159,6 @@ spec: - name: config configMap: name: "{{ $fullName }}-kubeadm-config" - - name: addon-scripts - configMap: - name: "{{ $fullName }}-admin-scripts" {{- with $kubernetes.admin.extraVolumes }} {{- toYaml . | nindent 6 }} {{- end }} diff --git a/charts/vcluster/templates/components/kubernetes/admin/scripts.yaml b/charts/vcluster/templates/components/kubernetes/admin/scripts.yaml deleted file mode 100644 index cf461888..00000000 --- a/charts/vcluster/templates/components/kubernetes/admin/scripts.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if (include "kubernetes.enabled" $) -}} - {{- $kubernetes := $.Values.kubernetes -}} - {{- if $kubernetes.admin.enabled }} - {{- $fullName := include "kubernetes.fullname" . -}} - {{- $component_name := "admin" -}} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ $fullName }}-admin-scripts" - labels: {{- include "kubernetes.labels" $ | nindent 4 }} - {{ include "pkg.common.labels.component" $ }}: {{ $component_name }} -data: - register-argo.sh: |- - {{- include "pkg.scripts.register-cluster" $ | nindent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/vcluster/templates/lifecycle/setup.yaml b/charts/vcluster/templates/lifecycle/setup.yaml index 292971a4..9cb2c6f3 100644 --- a/charts/vcluster/templates/lifecycle/setup.yaml +++ b/charts/vcluster/templates/lifecycle/setup.yaml @@ -1,7 +1,6 @@ {{- $kubernetes := $.Values.kubernetes -}} {{- $jobs := $.Values.lifecycle -}} {{- $manifest := $jobs.jobs -}} -{{- $argocd := $.Values.gitops.argocd.bootstrap -}} --- apiVersion: batch/v1 kind: Job @@ -79,10 +78,6 @@ spec: name: scripts - mountPath: /cache name: cache-current - {{- if (include "gitops.enabled" $) }} - - mountPath: /argocd - name: argocd - {{- end }} - name: vcluster image: {{ include "pkg.images.registry.convert" (dict "image" $manifest.image "ctx" $) }} imagePullPolicy: {{ include "pkg.images.registry.pullpolicy" (dict "policy" $manifest.image.pullPolicy "ctx" $) }} @@ -107,7 +102,6 @@ spec: {{- end }} volumeMounts: {{- include "pkg.cluster.cp.vms" $ | nindent 8 }} - {{- include "gitops.volumemounts" $ | nindent 8 }} {{- include "machine-controller.volumemounts" $ | nindent 8 }} {{- include "operating-system-manager.volumemounts" $ | nindent 8 }} - mountPath: /scripts @@ -123,7 +117,6 @@ spec: {{- end }} volumes: {{- include "pkg.cluster.cp.vs" $ | nindent 6 }} - {{- include "gitops.volumes" $ | nindent 6 }} {{- include "machine-controller.volumes" $ | nindent 6 }} {{- include "operating-system-manager.volumes" $ | nindent 6 }} # Create dedicated caches, otherwise the lock file might block concurrent helm operations @@ -153,12 +146,6 @@ spec: - configMap: name: "{{ include "kubernetes.fullname" $ }}-coredns-manifests" {{- end }} - {{- if (include "gitops.enabled" $) }} - - name: argocd - secret: - defaultMode: 420 - secretName: {{ include "gitops.fullname" . }}-argocd-values - {{- end }} {{- with $manifest.extraVolumes }} {{- toYaml . | nindent 6 }} {{- end }} diff --git a/charts/vcluster/templates/pkg/_argo.tpl b/charts/vcluster/templates/pkg/_argo.tpl deleted file mode 100644 index 3c69fc40..00000000 --- a/charts/vcluster/templates/pkg/_argo.tpl +++ /dev/null @@ -1,430 +0,0 @@ -{{/* - ArgoCD Templates (Current Cluster) -*/}} - -{{/* Release Namespace */}} -{{- define "pkg.argo.release" -}} -{{ include "gitops.fullname" $ }} -{{- end -}} - -{{/* Release Namespace */}} -{{- define "pkg.argo.release.namespace" -}} - {{- if $.Values.gitops.argocd.incluster }} - {{- printf "%s" "argocd" }} - {{- else }} - {{- printf "%s" $.Release.Namespace }} - {{- end }} -{{- end -}} - -{{/* Helm Values Secret Name */}} -{{- define "pkg.argo.release.values.secret" -}} -{{ include "gitops.fullname" $ }}-argocd-values -{{- end -}} - - -{{/* Installation Namespace */}} -{{- define "pkg.argo.ns" -}} -argocd -{{- end -}} - - -{{/* - Argo Application Commons -*/}} -{{- define "pkg.argo.app_commons" -}} -# Sync policy -syncPolicy: - automated: # automated sync by default retries failed attempts 5 times with following delays between attempts ( 5s, 10s, 20s, 40s, 80s ); retry controlled using `retry` field. - prune: true # Specifies if resources should be pruned during auto-syncing ( false by default ). - selfHeal: false # Specifies if partial app sync should be executed when resources are changed only in target Kubernetes cluster and no git change detected ( false by default ). - allowEmpty: false # Allows deleting all application resources during automatic syncing ( false by default ). - syncOptions: # Sync options which modifies sync behavior - - ServerSideApply=true # Enables server-side apply for kubectl apply ( false by default ). - - Validate=false # disables resource validation (equivalent to 'kubectl apply --validate=false') ( true by default ). - - CreateNamespace=true # Namespace Auto-Creation ensures that namespace specified as the application destination exists in the destination cluster. - - PrunePropagationPolicy=foreground # Supported policies are background, foreground and orphan. - - PruneLast=false # Allow the ability for resource pruning to happen as a final, implicit wave of a sync operation - - ApplyOutOfSyncOnly=false # Only apply resources that are out of sync - - FailOnSharedResource=true - # The retry feature is available since v1.7 - retry: - limit: -1 # number of failed sync attempt retries; unlimited number of attempts if less than 0 - backoff: - duration: 30s # the amount to back off. Default unit is seconds, but could also be a duration (e.g. "2m", "1h") - factor: 2 # a factor to multiply the base duration after each failed retry - maxDuration: 3m # the maximum amount of time allowed for the backoff strategy -{{- end -}} - - -{{/* - ArgoCD In-vCluster templates -*/}} - -{{/* Release Namespace */}} -{{- define "pkg.argo.in_cluster.ns" -}} -{{- printf "%s" "argocd" -}} -{{- end -}} - -{{/* Cluster Name */}} -{{- define "pkg.argo.destination" -}} - {{- if (include "pkg.dev.incluster" $) }} -{{- include "pkg.cluster.endpoint.local" $ }} - {{- else }} -{{- include "pkg.cluster.endpoint.internal" $ }} - {{- end }} -{{- end -}} - - -{{/* Merge Default Values with given Values */}} -{{- define "pkg.argo.values" -}} - {{- $values_raw := (include "pkg.argo.values.bootstrap" $) -}} - {{- $values:= fromYaml ($values_raw) -}} - {{- if (include "pkg.utils.unmarshalingError" $values) -}} - {{- fail (printf "Values returned error '%s':\n%s" ($values.Error) ($values_raw | nindent 2)) -}} - {{- end -}} - - {{- $base_values_raw := (include "pkg.argo.values.base" $) -}} - {{- $base_values := fromYaml ($base_values_raw) -}} - {{- if (include "pkg.utils.unmarshalingError" $base_values) -}} - {{- fail (printf "Base Values returned error '%s':\n%s" ($base_values.Error) ($base_values_raw | nindent 2)) -}} - {{- end -}} - - {{/* Merge */}} - {{- toYaml (mergeOverwrite $base_values $values)| nindent 0 -}} - -{{- end -}} - -{{/* Evaluate Given Bootstrap Values */}} -{{- define "pkg.argo.values.bootstrap" -}} - {{- $values := $.Values.gitops.argocd.bootstrap.values -}} - {{- if eq (printf "%T" $values) "string" -}} - {{- (tpl $values $) | nindent 0 -}} - {{- else -}} - {{- printf "%s" (tpl (toYaml $values) $) | nindent 0 -}} - {{- end -}} -{{- end -}} - -{{/* - ArgoCD Application Values - https://artifacthub.io/packages/helm/argo/argo-cd -*/}} -{{- define "pkg.argo.values.base" -}} - {{- $argocd := $.Values.gitops.argocd -}} -{{- with (include "pkg.components.podSecurityContext" (dict "psc" $argocd.bootstrap.config.podSecurityContext "ctx" $)) }} -global: - securityContext: {{ . | nindent 4 }} -{{- end }} - -controller: - {{- with (include "pkg.components.securityContext" (dict "sc" $argocd.bootstrap.config.securityContext "ctx" $)) }} - containerSecurityContext: {{ . | nindent 4 }} - {{- end }} - env: - {{- include "pkg.common.env" $ | nindent 4 }} - serviceAccount: - automountServiceAccountToken: true - clusterAdminAccess: - enabled: false - extraArgs: - {{- include "pkg.argo.connection-args" $ | nindent 4 }} - volumes: - {{- if or $argocd.bootstrap.config.automount_kubeconfig (not (include "pkg.dev.incluster" $)) }} - {{- include "pkg.cluster.cp.vs" $ | nindent 4 }} - {{- end }} - volumeMounts: - {{- if or $argocd.bootstrap.config.automount_kubeconfig (not (include "pkg.dev.incluster" $)) }} - {{- include "pkg.cluster.cp.vms" $ | nindent 4 }} - {{- end }} - -server: - {{- with (include "pkg.components.securityContext" (dict "sc" $argocd.bootstrap.config.securityContext "ctx" $)) }} - containerSecurityContext: {{ . | nindent 4 }} - {{- end }} - env: - {{- include "pkg.common.env" $ | nindent 4 }} - serviceAccount: - # Mount for InitContainer - automountServiceAccountToken: true - clusterAdminAccess: - enabled: false - {{- $ingress := $.Values.global.components.exposure.ingress }} - extraArgs: - {{- with $argocd.bootstrap.config.ingress }} - {{- if.enabled }} - {{- if .server.enabled }} - - --insecure - {{- with .server.contextPath }} - - --rootpath={{ . }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- include "pkg.argo.connection-args" $ | nindent 4 }} - volumes: - {{- if or $argocd.bootstrap.config.automount_kubeconfig (not (include "pkg.dev.incluster" $)) }} - {{- include "pkg.cluster.cp.vs" $ | nindent 4 }} - {{- end }} - volumeMounts: - {{- if or $argocd.bootstrap.config.automount_kubeconfig (not (include "pkg.dev.incluster" $)) }} - {{- include "pkg.cluster.cp.vms" $ | nindent 4 }} - {{- end }} - - {{- with $argocd.bootstrap.config.ingress }} - {{- if .enabled }} - {{- if .server.enabled }} - ingress: - enabled: true - {{- if or .annotations $ingress.annotations }} - annotations: - {{- with $ingress.annotations }} - {{ toYaml . | indent 6 }} - {{- end }} - {{- with .annotations }} - {{ toYaml . | indent 6 }} - {{- end }} - {{- end }} - {{- if .ingressClassName }} - ingressClassName: {{ .ingressClassName }} - {{- else if $ingress.ingressClassName }} - ingressClassName: {{ $ingress.ingressClassName }} - {{- end }} - hosts: - - {{ include "pkg.components.ingress.host" $ }} - paths: - - {{ .server.contextPath }} - tls: - - hosts: - - {{ include "pkg.components.ingress.host" $ }} - secretName: {{ include "pkg.components.certificates.secretTlsName" $ }} - {{- end }} - {{- end }} - {{- end }} - - {{- with $argocd.bootstrap.config.ingress }} - {{- if .enabled }} - {{- if .grpc.enabled }} - ingressGrpc: - enabled: true - {{- if or .annotations $ingress.annotations }} - annotations: - {{- with $ingress.annotations }} - {{ toYaml . | indent 6 }} - {{- end }} - {{- with .annotations }} - {{ toYaml . | indent 6 }} - {{- end }} - {{- end }} - {{- if .ingressClassName }} - ingressClassName: {{ .ingressClassName }} - {{- else if $ingress.ingressClassName }} - ingressClassName: {{ $ingress.ingressClassName }} - {{- end }} - hosts: - - {{ include "pkg.components.ingress.host" $ }} - paths: - - {{ .grpc.contextPath }} - tls: - - hosts: - - {{ include "pkg.components.ingress.host" $ }} - secretName: {{ include "pkg.components.certificates.secretTlsName" $ }} - {{- end }} - {{- end }} - {{- end }} - -applicationSet: - enabled: false - {{- with (include "pkg.components.securityContext" (dict "sc" $argocd.bootstrap.config.securityContext "ctx" $)) }} - containerSecurityContext: {{ . | nindent 4 }} - {{- end }} - env: - {{- include "pkg.common.env" $ | nindent 4 }} - serviceAccount: - automountServiceAccountToken: true - extraArgs: - {{- include "pkg.argo.connection-args" $ | nindent 4 }} - extraVolumes: - {{- if or $argocd.bootstrap.config.automount_kubeconfig (not (include "pkg.dev.incluster" $)) }} - {{- include "pkg.cluster.cp.vs" $ | nindent 4 }} - {{- end }} - extraVolumeMounts: - {{- if or $argocd.bootstrap.config.automount_kubeconfig (not (include "pkg.dev.incluster" $)) }} - {{- include "pkg.cluster.cp.vms" $ | nindent 4 }} - {{- end }} - -dex: - {{- with (include "pkg.components.securityContext" (dict "sc" $argocd.bootstrap.config.securityContext "ctx" $)) }} - containerSecurityContext: {{ . | nindent 4 }} - {{- end }} - env: - {{- include "pkg.common.env" $ | nindent 4 }} - serviceAccount: - automountServiceAccountToken: true - extraArgs: - {{- include "pkg.argo.connection-args" $ | nindent 4 }} - volumes: - {{- if or $argocd.bootstrap.config.automount_kubeconfig (not (include "pkg.dev.incluster" $)) }} - {{- include "pkg.cluster.cp.vs" $ | nindent 4 }} - {{- end }} - volumeMounts: - {{- if or $argocd.bootstrap.config.automount_kubeconfig (not (include "pkg.dev.incluster" $)) }} - {{- include "pkg.cluster.cp.vms" $ | nindent 4 }} - {{- end }} - -repoServer: - {{- with (include "pkg.components.securityContext" (dict "sc" $argocd.bootstrap.config.securityContext "ctx" $)) }} - containerSecurityContext: {{ . | nindent 4 }} - {{- end }} - serviceAccount: - automountServiceAccountToken: true - clusterAdminAccess: - enabled: false - env: - {{- include "pkg.common.env" $ | nindent 2 }} - volumes: - {{- if or $argocd.bootstrap.config.automount_kubeconfig (not (include "pkg.dev.incluster" $)) }} - {{- include "pkg.cluster.cp.vs" $ | nindent 2 }} - {{- end }} - {{- if (include "pkg.argo.plugin.subst.enabled" $) }} - - emptyDir: {} - name: subst-tmp - {{- if (include "pkg.dev.incluster" $) }} - - emptyDir: {} - name: subst-kubeconfig - {{- end }} - {{- end }} - - initContainers: - {{- if and (include "pkg.argo.plugin.subst.enabled" $) (include "pkg.dev.incluster" $) -}} - {{- with $.Values.lifecycle.job }} - {{- $image := dict "registry" "docker.io" "repository" "bash" "tag" "latest" "pullPolicy" "Always" }} - - name: kubeconfig - image: {{ include "pkg.images.registry.convert" (dict "image" $image "ctx" $) }} - imagePullPolicy: {{ $image.pullPolicy }} - command: - - bash - - -c - - | - TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token) - CA=$(cat /var/run/secrets/kubernetes.io/serviceaccount/ca.crt | base64 | tr -d \\n) - - cat < /tmp/admin.conf - {{- include "pkg.kubeconfigs.kubeconfig.token" (dict "endpoint" (include "pkg.cluster.endpoint.local" $) "ctx" $) | nindent 10 }} - EOF - env: {{- include "pkg.common.env.w-proxy" $ | nindent 8 }} - {{- include "pkg.utils.xdg-env" $ | nindent 8 }} - {{- with (include "pkg.components.securityContext" (dict "sc" .securityContext "ctx" $)) }} - securityContext: {{ . | nindent 8 }} - {{- end }} - {{- with .resources }} - resources: {{ . | nindent 8 }} - {{- end }} - volumeMounts: - - mountPath: /tmp/ - name: subst-kubeconfig - {{- end }} - {{- end }} - - extraContainers: - {{- if (include "pkg.argo.plugin.subst.enabled" $) }} - {{- with $argocd.bootstrap.plugins.subst }} - - name: cmp-subst - command: [/var/run/argocd/argocd-cmp-server] - image: {{ include "pkg.images.registry.convert" (dict "image" .image "ctx" $) }} - imagePullPolicy: {{ .image.pullPolicy }} - {{- with (include "pkg.components.securityContext" (dict "sc" $argocd.bootstrap.config.securityContext "ctx" $)) }} - securityContext: {{ . | nindent 10 }} - {{- end }} - {{- with .resources }} - resources: {{ . | nindent 10 }} - {{- end }} - env: - {{- include "pkg.common.env" $ | nindent 6 }} - volumeMounts: - {{- if or $argocd.bootstrap.config.automount_kubeconfig (not (include "pkg.dev.incluster" $)) }} - {{- include "pkg.cluster.cp.vms" $ | nindent 6 }} - {{- end }} - - mountPath: /var/run/argocd - name: var-files - - mountPath: /home/argocd/cmp-server/plugins - name: plugins - # Starting with v2.4, do NOT mount the same tmp volume as the repo-server container. The filesystem separation helps - # mitigate path traversal attacks. - - mountPath: /tmp - name: subst-tmp - {{- if (include "pkg.dev.incluster" $) }} - - mountPath: /etc/kubernetes/ - name: subst-kubeconfig - {{- end }} - {{- end }} - {{- end }} -redis-ha: - enabled: false -redis: - enabled: true - image: - repository: redis - tag: latest - pullPolicy: IfNotPresent -{{- end -}} - - -{{/* Environment Variables for all Argo Components */}} -{{- define "pkg.argo.environment" -}} - {{/* Default Environment Varibales */}} - {{- with (include "pkg.common.env" $) -}} - {{- . | nindent 0 }} - {{- end -}} - {{- if $.Values.gitops.argocd.bootstrap.config.inject_proxy }} - {{- if (include "pkg.common.proxy.enabled" $) -}} - {{- $no_proxy := include "pkg.common.proxy.no_proxy" $ -}} - {{- range $host := (list "argocd-server" "argocd-repo-server" "argocd-redis" "argocd-applicationset-controller" "argocd-dex-server") -}} - {{- $no_proxy = printf "%s,%s-%s" $no_proxy (include "pkg.argo.release" $) $host -}} - {{- end -}} - {{- with (include "pkg.common.proxy.host" $) }} -- name: "HTTP_RROXY" - value: {{ . | quote }} -- name: "http_proxy" - value: {{ . | quote }} -- name: "HTTPS_RROXY" - value: {{ . | quote }} -- name: "https_proxy" - value: {{ . | quote }} - {{- end }} - {{- with $no_proxy }} -- name: "NO_PROXY" - value: {{ . | quote }} -- name: "no_proxy" - value: {{ . | quote }} - {{- end }} - {{- end -}} - {{- end }} -{{- end -}} - - -{{/* Server args for all Argo Components */}} -{{- define "pkg.argo.connection-args" -}} - {{- $argocd := $.Values.gitops.argocd -}} -- --namespace={{ include "pkg.argo.ns" $ }} - {{- if $argocd.bootstrap.config.automount_kubeconfig }} -- --certificate-authority=/pki/admin-client/ca.crt -- --client-certificate=/pki/admin-client/tls.crt -- --client-key=/pki/admin-client/tls.key -- --server={{ include "pkg.cluster.endpoint.internal" $ }} - {{- end }} -{{- end -}} - -{{- define "pkg.argo.template-cmd" -}} - {{- $argocd := $.Values.gitops.argocd -}} - {{- with $argocd.bootstrap -}} -helm template {{ include "pkg.argo.release" $ }} --namespace {{ include "pkg.argo.ns" $ }} argocd/{{ .chart }} {{ with .targetRevision }}--version {{ . }} {{ end }} -f /argocd/values.yaml - {{- end -}} -{{- end -}} - -{{- define "pkg.argo.plugin.subst.enabled" -}} - {{- $manifest := $.Values.gitops.argocd -}} - {{- if $manifest.enabled -}} - {{- if $manifest.bootstrap.plugins.subst.enabled -}} - {{- true -}} - {{- end -}} - {{- end -}} -{{- end -}} diff --git a/charts/vcluster/templates/pkg/_extra-manifests.tpl b/charts/vcluster/templates/pkg/_extra-manifests.tpl deleted file mode 100644 index ef9c2fe5..00000000 --- a/charts/vcluster/templates/pkg/_extra-manifests.tpl +++ /dev/null @@ -1,125 +0,0 @@ -{{/* Generic CRDs -Sometimes it makes sense to install the crds so -that the dependency flow is easer in gitops - - */}} - -{{/* Generic ServiceMonitor */}} -{{- define "pkg.manifests.servicemonitor-crd" -}} -apiVersion: argoproj.io/v1alpha1 -kind: AppProject -metadata: - name: cluster-system - namespace: {{ include "pkg.argo.ns" $ }} - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - description: "Cluster Apps" - destinations: - - name: "{{ $.Values.gitops.argocd.bootstrap.config.register.name }}" - server: {{ include "pkg.argo.destination" $ }} - namespace: '*' - sourceRepos: - - '*' - clusterResourceWhitelist: - - group: '*' - kind: '*' - namespaceResourceWhitelist: - - group: '*' - kind: '*' -{{- end -}} - - -{{/* Argo Manifests -Initial App to start synchronize cluster base-line -Expects following values: - - gitops: - repository: - url: "https://git.company.com/inventory.git" - token: "token" - ref: "init-branch" - -For both Application and Repository Secret -*/}} - -{{- define "pkg.manifests.argo-cluster-project" -}} -apiVersion: argoproj.io/v1alpha1 -kind: AppProject -metadata: - name: cluster-system - namespace: {{ include "pkg.argo.ns" $ }} - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - description: "Cluster Apps" - destinations: - - name: "{{ $.Values.gitops.argocd.bootstrap.config.register.name }}" - server: {{ include "pkg.argo.destination" $ }} - namespace: '*' - sourceRepos: - - '*' - clusterResourceWhitelist: - - group: '*' - kind: '*' - namespaceResourceWhitelist: - - group: '*' - kind: '*' -{{- end -}} - -{{- define "pkg.manifests.argo-bootstrap-app" -}} -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: cluster-system - namespace: {{ include "pkg.argo.ns" $ }} -spec: {{- include "pkg.argo.app_commons" $ | nindent 2 }} - project: "cluster-system" - source: - {{- with $.Values.gitops.repository }} - {{- with .url }} - repoURL: {{ . }} - {{- end }} - targetRevision: {{ default "initialize" .ref }} - path: {{ include "pkg.utils.template" (dict "tpl" (default (printf "./clusters/%s" (include "pkg.cluster.name" $)) .path) "ctx" $) }} - {{- end }} - {{- with (include "gitops.substition.variables.env" $) }} - plugin: - env: - {{- . | nindent 8 }} - {{- end }} - destination: - server: {{ include "pkg.argo.destination" $ }} - namespace: {{ include "pkg.argo.ns" $ }} -{{- end -}} - -{{- define "pkg.manifests.argo-bootstrap-repository" -}} -apiVersion: v1 -kind: Secret -metadata: - name: bootstrap-repository - namespace: {{ include "pkg.argo.ns" $ }} - labels: - argocd.argoproj.io/secret-type: repo-creds -stringData: - type: git - {{- with $.Values.gitops.repository }} - url: {{ .url }} - {{- with .token }} - password: {{ . }} - {{- end }} - username: "token" - {{- end }} -{{- end -}} - -{{- define "pkg.manifests.argo-app-ejson" -}} - {{- if $.Values.gitops.ejson_key -}} -apiVersion: v1 -kind: Secret -metadata: - name: cluster-system - namespace: {{ include "pkg.argo.ns" $ }} -stringData: - private.key: {{ $.Values.gitops.ejson_key }} - {{- end -}} -{{- end -}} \ No newline at end of file diff --git a/charts/vcluster/templates/pkg/_functions.tpl b/charts/vcluster/templates/pkg/_functions.tpl new file mode 100644 index 00000000..ecc5f8ef --- /dev/null +++ b/charts/vcluster/templates/pkg/_functions.tpl @@ -0,0 +1,65 @@ +{{/* + Useful Script Functions +*/}} +{{- define "pkg.functions.kubernetes" -}} +# Perform Client Dry-Run +k8s::dry-run() { + object=${1} + if kubectl create --dry-run=client -f - <<< "$object" >/dev/null; then + return 0 + else + return 1 + fi +} + +# Always Updates Object +k8s::replace_or_create() { + object=${1} + if k8s::dry-run "${object}"; then + if ! kubectl get -f - <<< "$object" >/dev/null 2>/dev/null; then + if kubectl create -f - <<< "$object" >/dev/null; then + echo "🦄 Created Object" + return 0 + else + return 1 + fi + else + if kubectl replace --force -f - <<< "$object" >/dev/null; then + echo "🦄 Updated Object" + else + return 1 + fi + return 0 + fi + else + return 1 + fi +} + +## Create an Object if it does not exist +k8s::create_if_not_present() { + object=${1} + if k8s::dry-run "${object}"; then + if kubectl create --dry-run=server -f - <<< "$object" >/dev/null 2>/dev/null; then + kubectl create -f - <<< "$object" >/dev/null + echo "🦄 Created Object" + return 0 + else + echo "🦄 Object already present" + return 0 + fi + else + return 1 + fi +} + +## Set Kubeconfig (Use Mounted) +kcfg::toggle() { + export KUBECONFIG="{{ template "pkg.cluster.cp.env.mount" $ }}" +} + +## Unset Kubeconfig (Use Serviceaccount) +kcfg::untoggle() { + unset KUBECONFIG +} +{{- end -}} \ No newline at end of file diff --git a/charts/vcluster/templates/pkg/_scripts.tpl b/charts/vcluster/templates/pkg/_scripts.tpl deleted file mode 100644 index 0a64247c..00000000 --- a/charts/vcluster/templates/pkg/_scripts.tpl +++ /dev/null @@ -1,11 +0,0 @@ -{{- define "pkg.scripts.register-cluster" -}} -#!/bin/bash -if kubectl get secret -n {{ include "pkg.argo.ns" $ }} argocd-initial-admin-secret > /dev/null; then - admin=$(kubectl get secret -n {{ include "pkg.argo.ns" $ }} argocd-initial-admin-secret -o jsonpath='{.data.password}' | base64 -d) - if argocd login test-cluster2-gitops-argocd-server --name admin --password "${admin}" > /dev/null; then - argocd cluster add default-context --name vcluster --upsert --kubeconfig {{ include "pkg.cluster.cp.env.mount" $ }} - fi -else - echo "No initial password set" -fi -{{- end -}} diff --git a/charts/vcluster/templates/pkg/_substitution.tpl b/charts/vcluster/templates/pkg/_substitution.tpl new file mode 100644 index 00000000..e751cac2 --- /dev/null +++ b/charts/vcluster/templates/pkg/_substitution.tpl @@ -0,0 +1,49 @@ +{{- define "pkg.substition.variables" -}} + + {{/* Custom Properties */}} + {{- include "pkg.substition.properties" $ | nindent 0 }} + + {{/* Common Variables */}} +cluster_name: {{ include "pkg.cluster.name" $ }} + {{- with (include "pkg.images.registry.url" $) }} +registry_host: {{ . }} + {{- end }} + {{- with (include "pkg.common.proxy.host" $) }} +proxy: {{ . | quote }} + {{- end }} + {{- with (include "pkg.common.proxy.no_proxy" $) }} +no_proxy: {{ . | quote }} + {{- end }} + {{- with (include "pkg.utils.tz" $) }} +timezone: {{ . }} + {{- end }} + {{- with (include "kubernetes.api.endpointIP" $) }} +kubernetes_api_ip: {{ . | quote }} + {{- end }} + {{- with (include "kubernetes.api.endpointPort" $) }} +kubernetes_api_port: {{ . | quote }} + {{- end }} +{{- end -}} + +{{- define "pkg.substition.env" -}} + {{- $vars := (fromYaml (include "pkg.substition.variables" $)) -}} + {{- range $key, $value := $vars }} +- name: {{ $key }} + value: {{ $value | quote }} + {{- end -}} +{{- end -}} + +{{- define "pkg.substition.properties" -}} + {{/* Cluster Properties */}} + {{- range $prop, $value := $.Values.cluster.properties }} + {{- if (kindIs "slice" $value) }} + {{- range $i, $v := $value }} +{{- include "pkg.utils.envvar" (printf "%s_%s" ($prop | toString) ($i | toString)) | nindent 0 }}: {{ $v | quote }} + {{- end }} + {{- else if (kindIs "dict" $value) }} + {{/* Not Supported */}}} + {{- else }} +{{- include "pkg.utils.envvar" ($prop | toString) | nindent 0 }}: {{ $value | quote }} + {{- end }} + {{- end }} +{{- end -}} diff --git a/charts/vcluster/values.yaml b/charts/vcluster/values.yaml index 03583711..f93a15f9 100644 --- a/charts/vcluster/values.yaml +++ b/charts/vcluster/values.yaml @@ -378,185 +378,6 @@ lifecycle: # If not set and create is true, a name is generated using the fullname template name: "" -# ---------------------------- -# Gitops Component -# ---------------------------- -gitops: - # -- Enable/Disable Bootstrap Component - enabled: false - - # Component Settings - component: - - # -- Remove all manifests on disable in the vcluster (**Attention**: When crds are deleted all crs will be deleted as well) - removeManifestsOnDisable: false - - # Flux GitOps Resources - flux: - # -- Create Flux resources. If false, ArgoCD resources will be created - enabled: false - # -- Use Pruning for flux syncs - prune: true - # -- Sync Interval for flux syncs - interval: "5m" - - # ArgoCD GitOps Resources - argocd: - # -- Create ArgoCD resources (Helm Install) - enabled: true - - # -- Install ArgoCD with Helm cli. The lifecycle will periodically ensure that argocd is applied with the values - lifecycle: false - - bootstrap: - # -- ArgoCD Namespace - namespace: "argocd" - # -- ArgoCD Helm-Chart - chart: argo-cd - # -- ArgoCD Helm-Chart Repository - repoURL: https://argoproj.github.io/argo-helm - # -- ArgoCD Helm-Chart Version - targetRevision: 5.24.0 - # -- ArgoCD Helm-Chart Values (allows templating) [Reference](https://artifacthub.io/packages/helm/argo/argo-cd) - values: - - # Don't install ArgoCD CRDs on current cluster - crds: - install: false - - # Use Flamingo Subsystem ArgoCD Image - global: - image: - repository: ghcr.io/flux-subsystem-argo/fsa/argocd - tag: "v2.5.11-fl.3-main-bc5b4abb" - configs: - params: - # https://argo-cd.readthedocs.io/en/stable/operator-manual/app-any-namespace/ - application.namespaces: "*" - cm: - application.resourceTrackingMethod: annotation - # Disable in-cluster - cluster.inClusterEnabled: "false" - # Disable anonymous access - users.anonymous.enabled: "false" - # Specifies token expiration duration - users.session.duration: "24h" - # Enable Local Admin - admin.enabled: true - ## Ref: https://argo-cd.readthedocs.io/en/latest/operator-manual/rbac/#exec-resource - exec.enabled: true - # Add Kustomize Build Options - kustomize.buildOptions: "--enable-alpha-plugins --load-restrictor LoadRestrictionsNone" - - resource.customizations.health.argoproj.io_Application: | - hs = {} - hs.status = "Progressing" - hs.message = "" - if obj.status ~= nil then - if obj.status.health ~= nil then - hs.status = obj.status.health.status - if obj.status.health.message ~= nil then - hs.message = obj.status.health.message - end - end - end - return hs - - rbac: - create: true - #policy.csv: | - - # ArgoCD Lifecycle config - config: - # -- Install ArgoCD CRDs from the given Helm version in the vcluster - install_crds: true - # -- Mounts the vcluster Config to all ArgoCD components - automount_kubeconfig: true - - # -- Security Context (All ArgoCD components) - podSecurityContext: - enabled: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - - # -- Container Security Context (All ArgoCD components) - securityContext: - enabled: true - allowPrivilegeEscalation: false - capabilities: - drop: - - all - readOnlyRootFilesystem: true - runAsUser: 1001 - runAsGroup: 1001 - - # Cluster Registration - register: - # -- Automatically register the vcluster with ArgoCD - enabled: true - # -- ArgoCD cluster name **(don't use __in-cluster__ as name, since argoCD will then attempt to do operations with its local serviceaccount)** - name: "vcluster" - - # Argo Cluster Ingress - ingress: - # -- Enable ArgoCD Ingress - enabled: true - # -- Annotations - annotations: {} - # kubernetes.io/ingress.class: nginx - # -- Ingressclass - ingressClassName: "" - - server: - # -- Enable ArgoCD Server exposure - enabled: true - # -- Context path for argocd server - contextPath: /gitops - grpc: - # -- Enable ArgoCD Server GRPC exposure - enabled: true - # -- Context path for argocd server - contextPath: /grpc - - - # Add Plugins for Argocd - plugins: - subst: - # -- Enable Subst Plugin - enabled: false - image: - registry: ghcr.io - repository: buttahtoast/subst-cmp - tag: v0.2.0-alpha2 - pullPolicy: Always - digest: "" - # -- Resources configuration - resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - - # -- This is used by the extraManifests, as example (Custom structure) - # @default -- See values.yaml - repository: - # Inventory Repository URL - url: "" - # Inventory Repository Token - token: "" - # Inventory Repository Branch - ref: "" - # Inventory Repository Path. You can use templating in this value (eg. `/bootstrap/{ .Values.global.cluster.name }`) - # @default -- `/clusters/${cluster.name}` - path: "" - # ---------------------------- # Machine Controller Component # ----------------------------