Skip to content

Commit

Permalink
Merge pull request #172 from suxess-it/feat/onboarding-team-showcase
Browse files Browse the repository at this point in the history
showcase how new teams could be onboarded for self-service app onboar…
  • Loading branch information
jkleinlercher authored May 23, 2024
2 parents 6cb1f24 + e4185b7 commit bdee4b2
Show file tree
Hide file tree
Showing 6 changed files with 136 additions and 1 deletion.
7 changes: 7 additions & 0 deletions platform-apps/charts/argocd/templates/app-definition-ns.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
{{- range .Values.teams }}
apiVersion: v1
kind: Namespace
metadata:
name: {{ .name }}-app-definitions
---
{{- end }}
22 changes: 22 additions & 0 deletions platform-apps/charts/argocd/templates/app-of-apps.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
{{- range .Values.teams }}
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: {{ .name }}-app-of-apps
namespace: {{ .name }}-app-definitions
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
destination:
namespace: {{ .name }}-app-definitions
server: https://kubernetes.default.svc
project: {{ .name }}-project
sources:
- path: {{ .appOfAppsRepo.path }}
repoURL: {{ .appOfAppsRepo.repoURL }}
targetRevision: {{ .appOfAppsRepo.revision }}
syncPolicy:
automated:
prune: true
selfHeal: true
{{- end }}
21 changes: 21 additions & 0 deletions platform-apps/charts/argocd/templates/app-project.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
{{- range .Values.teams }}
apiVersion: argoproj.io/v1alpha1
kind: AppProject
metadata:
name: {{ .name }}-project
spec:
sourceNamespaces:
- {{ .name }}-app-definitions
clusterResourceWhitelist:
- group: ""
kind: Namespace
destinations:
- name: in-cluster
namespace: {{ .name }}-*
server: https://kubernetes.default.svc
sourceRepos:
{{- range .sourceRepos }}
- {{ quote . }}
{{- end }}
---
{{- end }}
60 changes: 60 additions & 0 deletions platform-apps/charts/argocd/templates/kyverno-add-ns-quota.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
{{ if has "resourcequota" .Values.kyvernoPolicies }}
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: add-ns-quota
annotations:
policies.kyverno.io/title: Add Quota
policies.kyverno.io/category: Multi-Tenancy, EKS Best Practices
policies.kyverno.io/subject: ResourceQuota, LimitRange
policies.kyverno.io/minversion: 1.6.0
policies.kyverno.io/description: >-
To better control the number of resources that can be created in a given
Namespace and provide default resource consumption limits for Pods,
ResourceQuota and LimitRange resources are recommended.
This policy will generate ResourceQuota and LimitRange resources when
a new Namespace is created.
spec:
rules:
- name: generate-resourcequota
match:
any:
- resources:
kinds:
- Namespace
generate:
apiVersion: v1
kind: ResourceQuota
name: default-resourcequota
synchronize: true
namespace: "{{`{{request.object.metadata.name}}`}}"
data:
spec:
hard:
requests.cpu: '4'
requests.memory: '16Gi'
limits.cpu: '4'
limits.memory: '16Gi'
- name: generate-limitrange
match:
any:
- resources:
kinds:
- Namespace
generate:
apiVersion: v1
kind: LimitRange
name: default-limitrange
synchronize: true
namespace: "{{`{{request.object.metadata.name}}`}}"
data:
spec:
limits:
- default:
cpu: 500m
memory: 1Gi
defaultRequest:
cpu: 200m
memory: 256Mi
type: Container
{{- end }}
23 changes: 23 additions & 0 deletions platform-apps/charts/argocd/values-k3d.yaml
Original file line number Diff line number Diff line change
@@ -1,10 +1,33 @@
teams:
- name: team1
sourceRepos:
- '*'
appOfAppsRepo:
repoURL: https://github.com/suxess-it/team1-apps
path: k3d-apps
revision: main
- name: team2
sourceRepos:
- '*'
appOfAppsRepo:
repoURL: https://github.com/suxess-it/team2-apps
path: k3d-apps
revision: main
# in the future maybe also some attributes for an scm / git application-set instead of appOfApps possible
scmAppSet: ~
gitAppSet: ~

kyvernoPolicies:
- resourcequota

argo-cd:
global:
domain: argocd-127-0-0-1.nip.io

configs:
params:
server.insecure: true
application.namespaces: "team1-app-definitions,team2-app-definitions"
secret:
createSecret: false

Expand Down
4 changes: 3 additions & 1 deletion platform-apps/charts/argocd/values.yaml
Original file line number Diff line number Diff line change
@@ -1,2 +1,4 @@
cert:
enabled: false
enabled: false
teams: ~
kyvernoPolicies: ~

0 comments on commit bdee4b2

Please sign in to comment.