Update quay.io/argoprojlabs/argocd-operator Docker tag to v0.8.0

Signed-off-by: Renovate Bot <[email protected]>
projectsyn · Feb 20, 2024 · 4c7d92c · 4c7d92c
1 parent 9f451e4
commit 4c7d92c
Show file tree

Hide file tree

Showing 39 changed files with 53,911 additions and 24,238 deletions.
diff --git a/class/argocd.yml b/class/argocd.yml
@@ -22,20 +22,23 @@ parameters:
         input_paths:
           - argocd/component/argocd.jsonnet
       # Operator kustomization
-      - output_path: ${_base_directory}/operator_kustomize
+      - output_path: ${_base_directory}/manifests/argocd-operator
         output_type: yaml
         input_type: jsonnet
         input_paths:
-          - argocd/component/operator.jsonnet
+          - ${_base_directory}/component/operator.jsonnet
       - output_path: .
         input_type: external
         input_paths:
           - ${_kustomize_wrapper}
         env_vars:
-          INPUT_DIR: ${_base_directory}/operator_kustomize
+          INPUT_DIR: ${_base_directory}/manifests/argocd-operator
         args:
           - \${compiled_target_dir}/argocd/10_operator
-      - output_path: .
-        input_type: remove
-        input_paths:
-          - ${_base_directory}/operator_kustomize
+
+  commodore:
+    postprocess:
+      filters:
+        - type: jsonnet
+          path: ${_instance}//10_operator/
+          filter: postprocess/fix_crd.jsonnet
diff --git a/class/defaults.yml b/class/defaults.yml
@@ -10,7 +10,7 @@ parameters:
         prometheus: platform
         cluster_id: ${cluster:name}
         tenant_id: ${cluster:tenant}
-    resync_seconds: 180
+    resync_time: 3m0s
     log_format:
       default: text
     log_level:
@@ -44,7 +44,7 @@ parameters:
       argocd_operator:
         registry: quay.io
         repository: argoprojlabs/argocd-operator
-        tag: v0.7.0
+        tag: v0.8.0
       kube_rbac_proxy:
         registry: gcr.io
         repository: kubebuilder/kube-rbac-proxy
@@ -96,6 +96,8 @@ parameters:
       kustomize_input:
         namePrefix: syn-
         namespace: ${argocd:operator:namespace}
+        patchesStrategicMerge:
+          - https://raw.githubusercontent.com/argoproj-labs/argocd-operator/${argocd:images:argocd_operator:tag}/config/default/manager_auth_proxy_patch.yaml
         patches:
           - patch: |-
               - op: add

diff --git a/component/argocd.jsonnet b/component/argocd.jsonnet
@@ -1,3 +1,4 @@
+local cm = import 'lib/cert-manager.libsonnet';
 local com = import 'lib/commodore.libjsonnet';
 local kap = import 'lib/kapitan.libjsonnet';
 local kube = import 'lib/kube.libjsonnet';
@@ -7,12 +8,14 @@ local params = inv.parameters.argocd;
 local common = import 'common.libsonnet';
 local isOpenshift = std.startsWith(params.distribution, 'openshift');
 
+local resync_string = if std.get(params, 'resync_seconds', 0) > 0 then std.format('%dm0s', std.mod(params.resync, 60)) else params.resync_time;
+
 local applicationController = {
   processors: {
     operation: 10,
     status: 20,
   },
-  appSync: std.format('%ds', params.resync_seconds),
+  appSync: resync_string,
   logLevel: common.evaluate_log_level('application_controller'),
   logFormat: common.evaluate_log_format('application_controller'),
   [if params.resources.application_controller != null then 'resources']:
@@ -204,7 +207,7 @@ local repoServer = {
 };
 
 local argocd(name) =
-  kube._Object('argoproj.io/v1alpha1', 'ArgoCD', name) {
+  kube._Object('argoproj.io/v1beta1', 'ArgoCD', name) {
     metadata+: {
       name: name,
       namespace: params.namespace,
@@ -295,15 +298,12 @@ local argocd(name) =
             return hs
           |||,
         },
-      ],
-      // `ResourceCustomizations` is getting deprecated, however, the new `ResourceHealthChecks` does not currently expose the `health.lua.useOpenLibs` flag
-      resourceCustomizations: |||
-        operators.coreos.com/Subscription:
-          health.lua.useOpenLibs: true
-          health.lua: |
-            -- Base check copied from upstream
-            -- See https://github.com/argoproj/argo-cd/blob/f3730da01ef05c0b7ae97385aca6642faf9e4c52/resource_customizations/operators.coreos.com/Subscription/health.lua
-            health_status = {}
+        {
+          // `ResourceCustomizations` is getting deprecated, however, the new `ResourceHealthChecks` does not currently expose the `health.lua.useOpenLibs` flag
+          group: 'operators.coreos.com',
+          kind: 'Subscription',
+          check: |||
+            hs = {}
             if obj.status ~= nil then
               if obj.status.conditions ~= nil then
                 numDegraded = 0
@@ -324,24 +324,26 @@ local argocd(name) =
                   end
                 end
                 if numDegraded == 0 and numPending == 0 then
-                  health_status.status = "Healthy"
-                  health_status.message = msg
-                  return health_status
+                  hs.status = "Healthy"
+                  hs.message = msg
+                  return hs
                 elseif numPending > 0 and numDegraded == 0 then
-                  health_status.status = "Progressing"
-                  health_status.message = "An install plan for a subscription is pending installation"
-                  return health_status
+                  hs.status = "Progressing"
+                  hs.message = "An install plan for a subscription is pending installation"
+                  return hs
                 else
-                  health_status.status = "Degraded"
-                  health_status.message = msg
-                  return health_status
+                  hs.status = "Degraded"
+                  hs.message = msg
+                  return hs
                 end
               end
             end
-            health_status.status = "Progressing"
-            health_status.message = "An install plan for a subscription is pending installation"
-            return health_status
-      |||,
+            hs.status = "Progressing"
+            hs.message = "An install plan for a subscription is pending installation"
+            return hs
+          |||,
+        },
+      ],
       repo: repoServer,
       server: server,
     },
@@ -351,9 +353,44 @@ local ssh_secret = kube._Object('v1', 'Secret', 'argo-ssh-key') {
   type: 'Opaque',
 };
 
+
+// Manually adding certificate for conversion webhook
+// as the upstream kustomize is broken.
+// 2023/02/19 sfe
+local webhook_certs = [
+  cm.issuer('selfsigned-issuer') {
+    metadata+: {
+      namespace: params.operator.namespace,
+    },
+    spec: {
+      selfSigned: {},
+    },
+  },
+  cm.cert('serving-cert') {
+    metadata+: {
+      namespace: params.operator.namespace,
+    },
+    spec: {
+      dnsNames: [
+        'syn-argocd-operator-webhook-service.%s.svc' % params.operator.namespace,
+        'syn-argocd-operator-webhook-service.%s.svc.cluster.local' % params.operator.namespace,
+      ],
+      issuerRef: {
+        kind: 'Issuer',
+        name: 'selfsigned-issuer',
+      },
+      secretName: 'webhook-server-cert',
+    },
+  },
+];
+
 {
   '00_vault_agent_config': vault_agent_config,
   '00_kapitan_plugin_config': kapitan_plugin_config,
   '00_ssh_secret': ssh_secret,
   '10_argocd': argocd('syn-argocd'),
+  // Manually adding certificate for conversion webhook
+  // as the upstream kustomize is broken.
+  // 2023/02/19 sfe
+  '../10_operator_webhook_certs': webhook_certs,
 }
diff --git a/component/operator.jsonnet b/component/operator.jsonnet
@@ -22,6 +22,19 @@ local kustomize_input = params.kustomize_input {
         name: 'argocd-operator-controller-manager',
       },
     },
+    {
+      patch: |||
+        - op: add
+          path: "/spec/template/spec/containers/1/env/-"
+          value:
+            name: "ENABLE_CONVERSION_WEBHOOK"
+            value: "true"
+      |||,
+      target: {
+        kind: 'Deployment',
+        name: 'argocd-operator-controller-manager',
+      },
+    },
   ],
 };
 

diff --git a/docs/modules/ROOT/pages/references/parameters.adoc b/docs/modules/ROOT/pages/references/parameters.adoc
@@ -19,13 +19,13 @@ default:: ${facts:distribution}
 
 The Kubernetes distribution of the cluster.
 
-=== `resync_seconds`
+=== `resync_time`
 
 [horizontal]
-type:: int
-default:: `180`
+type:: string
+default:: `3m0s`
 
-Resync interval in seconds.
+Resync interval.
 Lower values mean quicker sync but higher CPU usage and more Git traffic.
 
 === `ssh_known_hosts`

diff --git a/postprocess/fix_crd.jsonnet b/postprocess/fix_crd.jsonnet
@@ -0,0 +1,17 @@
+local com = import 'lib/commodore.libjsonnet';
+
+local inv = com.inventory();
+local params = inv.parameters.argocd.operator;
+
+local file_apiext_argocd = com.yaml_load(std.extVar('output_path') + '/apiextensions.k8s.io_v1_customresourcedefinition_argocds.argoproj.io.yaml');
+
+{
+  'apiextensions.k8s.io_v1_customresourcedefinition_argocds.argoproj.io': file_apiext_argocd {
+    metadata+: {
+      creationTimestamp: null,
+      annotations+: {
+        'cert-manager.io/inject-ca-from': params.namespace + '/serving-cert',
+      },
+    },
+  },
+}
diff --git a/tests/defaults.yml b/tests/defaults.yml
@@ -7,6 +7,9 @@ parameters:
       - type: https
         source: https://raw.githubusercontent.com/projectsyn/component-prometheus/master/lib/prometheus.libsonnet
         output_path: vendor/lib/prometheus.libsonnet
+      - type: https
+        source: https://raw.githubusercontent.com/projectsyn/component-cert-manager/master/lib/cert-manager.libsonnet
+        output_path: vendor/lib/cert-manager.libsonnet
 
   secret_management:
     vault_role: test