-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #172 from suxess-it/feat/onboarding-team-showcase
showcase how new teams could be onboarded for self-service app onboar…
- Loading branch information
Showing
6 changed files
with
136 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
{{- range .Values.teams }} | ||
apiVersion: v1 | ||
kind: Namespace | ||
metadata: | ||
name: {{ .name }}-app-definitions | ||
--- | ||
{{- end }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
{{- range .Values.teams }} | ||
apiVersion: argoproj.io/v1alpha1 | ||
kind: Application | ||
metadata: | ||
name: {{ .name }}-app-of-apps | ||
namespace: {{ .name }}-app-definitions | ||
finalizers: | ||
- resources-finalizer.argocd.argoproj.io | ||
spec: | ||
destination: | ||
namespace: {{ .name }}-app-definitions | ||
server: https://kubernetes.default.svc | ||
project: {{ .name }}-project | ||
sources: | ||
- path: {{ .appOfAppsRepo.path }} | ||
repoURL: {{ .appOfAppsRepo.repoURL }} | ||
targetRevision: {{ .appOfAppsRepo.revision }} | ||
syncPolicy: | ||
automated: | ||
prune: true | ||
selfHeal: true | ||
{{- end }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
{{- range .Values.teams }} | ||
apiVersion: argoproj.io/v1alpha1 | ||
kind: AppProject | ||
metadata: | ||
name: {{ .name }}-project | ||
spec: | ||
sourceNamespaces: | ||
- {{ .name }}-app-definitions | ||
clusterResourceWhitelist: | ||
- group: "" | ||
kind: Namespace | ||
destinations: | ||
- name: in-cluster | ||
namespace: {{ .name }}-* | ||
server: https://kubernetes.default.svc | ||
sourceRepos: | ||
{{- range .sourceRepos }} | ||
- {{ quote . }} | ||
{{- end }} | ||
--- | ||
{{- end }} |
60 changes: 60 additions & 0 deletions
60
platform-apps/charts/argocd/templates/kyverno-add-ns-quota.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
{{ if has "resourcequota" .Values.kyvernoPolicies }} | ||
apiVersion: kyverno.io/v1 | ||
kind: ClusterPolicy | ||
metadata: | ||
name: add-ns-quota | ||
annotations: | ||
policies.kyverno.io/title: Add Quota | ||
policies.kyverno.io/category: Multi-Tenancy, EKS Best Practices | ||
policies.kyverno.io/subject: ResourceQuota, LimitRange | ||
policies.kyverno.io/minversion: 1.6.0 | ||
policies.kyverno.io/description: >- | ||
To better control the number of resources that can be created in a given | ||
Namespace and provide default resource consumption limits for Pods, | ||
ResourceQuota and LimitRange resources are recommended. | ||
This policy will generate ResourceQuota and LimitRange resources when | ||
a new Namespace is created. | ||
spec: | ||
rules: | ||
- name: generate-resourcequota | ||
match: | ||
any: | ||
- resources: | ||
kinds: | ||
- Namespace | ||
generate: | ||
apiVersion: v1 | ||
kind: ResourceQuota | ||
name: default-resourcequota | ||
synchronize: true | ||
namespace: "{{`{{request.object.metadata.name}}`}}" | ||
data: | ||
spec: | ||
hard: | ||
requests.cpu: '4' | ||
requests.memory: '16Gi' | ||
limits.cpu: '4' | ||
limits.memory: '16Gi' | ||
- name: generate-limitrange | ||
match: | ||
any: | ||
- resources: | ||
kinds: | ||
- Namespace | ||
generate: | ||
apiVersion: v1 | ||
kind: LimitRange | ||
name: default-limitrange | ||
synchronize: true | ||
namespace: "{{`{{request.object.metadata.name}}`}}" | ||
data: | ||
spec: | ||
limits: | ||
- default: | ||
cpu: 500m | ||
memory: 1Gi | ||
defaultRequest: | ||
cpu: 200m | ||
memory: 256Mi | ||
type: Container | ||
{{- end }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,4 @@ | ||
cert: | ||
enabled: false | ||
enabled: false | ||
teams: ~ | ||
kyvernoPolicies: ~ |