set up repo with first app

README.md

@@ -1,2 +1,7 @@
 # k8s-cluster-aegir
 
+
+## Acknowledgement
+
+- inspiration & source: https://github.com/mikevader/k3s-cluster-infra-apps
+- inspiration: https://github.com/argoproj/argocd-example-apps

apps-root-config/applications/Chart.yaml

@@ -0,0 +1,5 @@
+---
+apiVersion: "v2"
+name: "apps"
+version: "0.1.0"
+description: "App of Apps Chart for Argo CD"

apps-root-config/applications/cluster-apps-of-apps.yaml

@@ -0,0 +1,28 @@
+---
+repository: "https://rievo.dev/rievo/k8s-cluster-aegir.git"
+# argocdNamespace: "argocd"
+# server: "https://kubernetes.default.svc"
+subFolder: cluster-apps-of-apps
+namespace:
+  annotations: {}
+  labels:
+    client: cluster-infra
+
+enableDefaultNetworkPolicy: false
+enableDefaultLimitRange: false
+allowAllNamespaces: true
+
+roleBindings:
+#  - groupName: "team1"
+#    clusterRoleName: "admin"
+
+clusterResourceWhitelist:
+  - group: '*'
+    kind: '*'
+
+namespaceResourceBlacklist:
+#  - group: 'apps'
+#    kind: 'DaemonSet'
+
+applications:
+  guestbook: {}

apps-root-config/applications/templates/argo-application.yaml

@@ -0,0 +1,55 @@
+{{- range $key, $value := .Values.applications -}}
+{{- $disabled := default false .disabled }}
+{{- $destinationNamespace := default $key .destinationNamespace }}
+{{- $server := "https://kubernetes.default.svc" }}
+{{- $project := default $.Release.Name .project }}
+{{- $path := default (printf "%s/%s" $.Values.subFolder $key) .path }}
+{{- $source := default false .source }}
+{{- $disableAutoSync := default false .disableAutoSync }}
+{{- $enableHelmKustomize := default false .enableHelmKustomize }}
+{{- $automatedPrune := default true .automatedPrune }}
+{{- $selfHeal := default true .selfHeal }}
+{{- $helmServerSideApply := default false .helmServerSideApply }}
+{{- $ignoreDifferences := default false .ignoreDifferences }}
+{{- if not $disabled }}
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: "10"
+  name: {{ $key }}
+  namespace: {{ default "argocd-system" $.Values.argocdNamespace }}
+spec:
+  destination:
+    namespace: {{ default $key $destinationNamespace }}
+    name: in-cluster
+#    server: {{ default  $server }}
+  project: {{ $project }}
+  source:
+    path: {{ $path }}
+    repoURL: {{ $.Values.repository }}
+{{ if $source -}}
+{{- toYaml $source | indent 4 }}
+{{- end }}
+{{- if $enableHelmKustomize }}
+    plugin:
+      name: kustomized-helm
+{{- end }}
+{{- if $ignoreDifferences }}
+  ignoreDifferences:
+{{ toYaml $ignoreDifferences | indent 4 }}
+{{- end }}
+{{- if not $disableAutoSync }}
+  syncPolicy:
+    syncOptions:
+      - ApplyOutOfSyncOnly=true
+{{- if $helmServerSideApply }}
+      - ServerSideApply=true
+{{- end }}
+    automated:
+      prune: {{ default true $automatedPrune }}
+      selfHeal: {{ default true $selfHeal }}
+{{- end }}
+{{- end }}
+{{ end }}

apps-root-config/applications/templates/argo-approject.yaml

@@ -0,0 +1,31 @@
+apiVersion: argoproj.io/v1alpha1
+kind: AppProject
+metadata:
+  name: {{ .Release.Name }}
+  namespace: {{ default "argocd-system" .Values.argocdNamespace}}
+spec:
+  sourceRepos:
+    - "{{ .Values.repository }}"
+    - "https://charts.truecharts.org/"
+{{- if eq (len .Values.applications ) 0 }}
+  destinations: []
+{{- else }}
+  destinations:
+{{- if .Values.allowAllNamespaces }}
+    - namespace: '*'
+      server: "https://kubernetes.default.svc"
+{{- else }}
+{{- range $key, $value := .Values.applications }}
+    - namespace: {{ $key }}
+      server: "https://kubernetes.default.svc"
+{{- end }}
+{{- end }}
+{{- end }}
+{{- if .Values.clusterResourceWhitelist }}
+  clusterResourceWhitelist:
+  {{- toYaml .Values.clusterResourceWhitelist | nindent 4 }}
+{{- end }}
+{{- if .Values.namespaceResourceBlacklist }}
+  namespaceResourceBlacklist:
+{{- toYaml .Values.namespaceResourceBlacklist | nindent 4 -}}
+{{- end }}

apps-root-config/applications/templates/namespace.yaml

@@ -0,0 +1,99 @@
+{{- range $key, $value := .Values.applications -}}
+{{- $disableNamespaceCreation := false -}}
+{{- if . -}}
+{{- $disableNamespaceCreation = .disableNamespaceCreation -}}
+{{- end }}
+{{- if not $disableNamespaceCreation }}
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: {{ $key }}
+{{ if $.Values.namespace.annotations }}
+  annotations:
+    openshift.io/requester: {{ .Release.Name }}
+{{ toYaml $.Values.namespace.annotations | indent 4 }}
+{{- end }}
+{{ if $.Values.namespace.labels }}
+  labels:
+{{ toYaml $.Values.namespace.labels | indent 4 }}
+{{- end }}
+{{ if $.Values.enableDefaultLimitRange }}
+---
+apiVersion: v1
+kind: LimitRange
+metadata:
+  name: core-resource-limits
+  namespace: "{{ $key }}"
+spec:
+  limits:
+    - type: Pod
+      max:
+        cpu: "4"
+        memory: 8Gi
+      min:
+        cpu: 1m
+        memory: 1
+    - type: Container
+      default:
+        cpu: 2
+        memory: 1Gi
+      defaultRequest:
+        cpu: 25m
+        memory: 512Mi
+{{- end }}
+{{- if $.Values.enableDefaultNetworkPolicy }}
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-from-openshift-ingress
+  namespace: {{ $key }}
+spec:
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              network.openshift.io/policy-group: ingress
+  podSelector: {}
+  policyTypes:
+    - Ingress
+---
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+  name: allow-same-namespace
+  namespace: {{ $key }}
+spec:
+  podSelector: {}
+  ingress:
+    - from:
+        - podSelector: {}
+---
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+  name: deny-by-default
+  namespace: {{ $key }}
+spec:
+  podSelector: {}
+  ingress: []
+{{ end }}
+{{ range $.Values.roleBindings -}}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ printf "%s-%s" .name .clusterRoleName}}
+  namespace: "{{ $key }}"
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .clusterRoleName }}
+subjects:
+  - apiGroup: rbac.authorization.k8s.io
+    kind: {{ .kind }}
+    name: {{ .name }}
+{{ end }}
+{{ end }}
+{{ end }}

apps-root-config/bootstrap/Chart.yaml

@@ -0,0 +1,5 @@
+---
+apiVersion: "v2"
+name: "bootstrap"
+version: "0.1.0"
+description: "Bootstrap Chart for Argo CD App of Apps"

apps-root-config/bootstrap/templates/argo-application.yaml

@@ -0,0 +1,24 @@
+{{- range .Values.bootstrap -}}
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: {{ .name }}-apps
+  namespace: {{ default "argocd-system" $.Values.argocdNamespace }}
+spec:
+  destination:
+    namespace: {{ default "argocd-system" $.Values.argocdNamespace }}
+    server: https://kubernetes.default.svc
+  project: default
+  source:
+    helm:
+      valueFiles:
+      - "{{ .name }}.yaml"
+    path: apps-root-config/applications
+    repoURL: {{ $.Values.repository }}
+    targetRevision: HEAD
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+{{ end }}

apps-root-config/bootstrap/values.yaml

@@ -0,0 +1,4 @@
+---
+repository: "https://rievo.dev/rievo/k8s-cluster-aegir.gi"
+bootstrap:
+ - name: cluster-apps-of-apps

cluster-apps-of-apps/guestbook/guestbook.yaml

@@ -0,0 +1,20 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: guestbook-ui
+spec:
+  replicas: 1
+  revisionHistoryLimit: 3
+  selector:
+    matchLabels:
+      app: guestbook-ui
+  template:
+    metadata:
+      labels:
+        app: guestbook-ui
+    spec:
+      containers:
+      - image: gcr.io/heptio-images/ks-guestbook-demo:0.2
+        name: guestbook-ui
+        ports:
+        - containerPort: 80