diff --git a/class/defaults.yml b/class/defaults.yml index ad48b533..4d990f6b 100644 --- a/class/defaults.yml +++ b/class/defaults.yml @@ -88,6 +88,16 @@ parameters: gitlab-dev.syn.tools ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDybOH3scUSfAJFkskpVn1VcL1mPNSiV05asrCCjDTzSJOeJuCE99KkHf7eTA29as9NaqtMtJcCxhptLfNaRzUR3zf29eUuPhkh2B5PUaqLpsbm6330QxvWsZNJyI8Cf7i78O3qe4dv7p2Fe78ayLKX/q3dRj0PZnl7kMj7YpCfY7VCndqoIKEOlIEqNjzAFhHLgHEMJ8f8cM5s4qorgc3TdCqORGVs5vqkeNm977yz2hMxB7iEET4O2jfBUHzzZ68T5h5AtrL5YVBMP0xTgaLskk7/QnoEsfKAgTXo/AaUuXbzM6N0nIjH00Ll0s6P2fWyRVXz05eauZZhBS85GQTD gitlab-dev.syn.tools ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCz/gtGxqX+WS6E9/NLYTkRLkM7r7JHU5N7vz2kJjRbjhR91JvP7NaHtuN5aPm5Wv9rtPKSackQ9B78VCkr6GLw= gitlab-dev.syn.tools ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKtv4stHQjApa7wkgvgo4dB52qLzI/zN2Us+89cQXXm0 + + resource_exclusions: + cilium: + - apiGroups: + - cilium.io + kinds: + - CiliumIdentity + clusters: + - "*" + operator: migrate: false conversion_webhook: false diff --git a/component/argocd.jsonnet b/component/argocd.jsonnet index a83a789e..33d0265c 100644 --- a/component/argocd.jsonnet +++ b/component/argocd.jsonnet @@ -246,6 +246,13 @@ local argocd(name) = ||| + params.ssh_known_hosts, }, redis: redis, + resourceExclusions: std.manifestYamlDoc( + std.foldl( + function(acc, v) acc + std.flattenArrays([ v ]), + std.filter(function(v) v != null, std.objectValues(params.resource_exclusions)), + [] + ) + ), resourceIgnoreDifferences: { resourceIdentifiers: [ { diff --git a/docs/modules/ROOT/pages/references/parameters.adoc b/docs/modules/ROOT/pages/references/parameters.adoc index 3d0cacfd..a7779d02 100644 --- a/docs/modules/ROOT/pages/references/parameters.adoc +++ b/docs/modules/ROOT/pages/references/parameters.adoc @@ -19,7 +19,7 @@ default:: ${facts:distribution} The Kubernetes distribution of the cluster. -=== `resync_time` +== `resync_time` [horizontal] type:: string @@ -28,13 +28,55 @@ default:: `3m0s` Resync interval. Lower values mean quicker sync but higher CPU usage and more Git traffic. -=== `ssh_known_hosts` +== `ssh_known_hosts` [horizontal] type:: string SSH known hosts for Git servers. + +== `resource_exclusions` + +[horizontal] +type:: dictionary(list|dictionary) +default:: ++ +[source,yaml] +---- +cilium: +- apiGroups: + - cilium.io + kinds: + - CiliumIdentity + clusters: + - "*" +---- +example:: ++ +[source,yaml] +---- +custom: +- apiGroups: + - custom.io + kinds: + - ClusterWrecker + clusters: + - "*" +backup: null +---- + +A dictionary of resource exclusions for the ArgoCD instance. +Those resources will not be managed by ArgoCD. + +The keys are the names of the exclusion groups. +Keys are not used, they are exclusively for hierarchical structuring. + +The values are lists of resource definitions that should be excluded from the ArgoCD instance. +Those lists get concatenated. + +Check https://argo-cd.readthedocs.io/en/stable/user-guide/resource_tracking/#additional-tracking-methods-via-an-annotation[ArgoCD documentation] for more information. + == `network_policies.enabled` [horizontal] type:: boolean diff --git a/tests/golden/defaults/argocd/argocd/30_argocd/10_argocd.yaml b/tests/golden/defaults/argocd/argocd/30_argocd/10_argocd.yaml index cf2aee47..637c8354 100644 --- a/tests/golden/defaults/argocd/argocd/30_argocd/10_argocd.yaml +++ b/tests/golden/defaults/argocd/argocd/30_argocd/10_argocd.yaml @@ -139,6 +139,13 @@ spec: sshPrivateKeySecret: name: argo-ssh-key key: sshPrivateKey + resourceExclusions: |- + - "apiGroups": + - "cilium.io" + "clusters": + - "*" + "kinds": + - "CiliumIdentity" resourceHealthChecks: - check: | hs = {} diff --git a/tests/golden/openshift/argocd/argocd/30_argocd/10_argocd.yaml b/tests/golden/openshift/argocd/argocd/30_argocd/10_argocd.yaml index a463c595..7d3e62ac 100644 --- a/tests/golden/openshift/argocd/argocd/30_argocd/10_argocd.yaml +++ b/tests/golden/openshift/argocd/argocd/30_argocd/10_argocd.yaml @@ -136,6 +136,13 @@ spec: sshPrivateKeySecret: name: argo-ssh-key key: sshPrivateKey + resourceExclusions: |- + - "apiGroups": + - "cilium.io" + "clusters": + - "*" + "kinds": + - "CiliumIdentity" resourceHealthChecks: - check: | hs = {} diff --git a/tests/golden/params/argocd/argocd/30_argocd/10_argocd.yaml b/tests/golden/params/argocd/argocd/30_argocd/10_argocd.yaml index 9ce4692b..19d9f745 100644 --- a/tests/golden/params/argocd/argocd/30_argocd/10_argocd.yaml +++ b/tests/golden/params/argocd/argocd/30_argocd/10_argocd.yaml @@ -118,6 +118,19 @@ spec: sshPrivateKeySecret: name: argo-ssh-key key: sshPrivateKey + resourceExclusions: |- + - "apiGroups": + - "cilium.io" + "clusters": + - "*" + "kinds": + - "CiliumIdentity" + - "apiGroups": + - "custom.io" + "clusters": + - "*" + "kinds": + - "ClusterWrecker" resourceHealthChecks: - check: | hs = {} diff --git a/tests/golden/prometheus/argocd/argocd/30_argocd/10_argocd.yaml b/tests/golden/prometheus/argocd/argocd/30_argocd/10_argocd.yaml index cf2aee47..637c8354 100644 --- a/tests/golden/prometheus/argocd/argocd/30_argocd/10_argocd.yaml +++ b/tests/golden/prometheus/argocd/argocd/30_argocd/10_argocd.yaml @@ -139,6 +139,13 @@ spec: sshPrivateKeySecret: name: argo-ssh-key key: sshPrivateKey + resourceExclusions: |- + - "apiGroups": + - "cilium.io" + "clusters": + - "*" + "kinds": + - "CiliumIdentity" resourceHealthChecks: - check: | hs = {} diff --git a/tests/params.yml b/tests/params.yml index c80deee6..038fe30f 100644 --- a/tests/params.yml +++ b/tests/params.yml @@ -86,3 +86,13 @@ parameters: destinations: - namespace: other-* server: https://kubernetes.default.svc + + resource_exclusions: + custom: + - apiGroups: + - custom.io + kinds: + - ClusterWrecker + clusters: + - "*" + nope: null