diff --git a/platform-apps/charts/argocd/templates/app-definition-ns.yaml b/platform-apps/charts/argocd/templates/app-definition-ns.yaml new file mode 100644 index 00000000..9fbfba78 --- /dev/null +++ b/platform-apps/charts/argocd/templates/app-definition-ns.yaml @@ -0,0 +1,7 @@ +{{- range .Values.teams }} +apiVersion: v1 +kind: Namespace +metadata: + name: {{ .name }}-app-definitions +--- +{{- end }} \ No newline at end of file diff --git a/platform-apps/charts/argocd/templates/app-of-apps.yaml b/platform-apps/charts/argocd/templates/app-of-apps.yaml new file mode 100644 index 00000000..30d0274e --- /dev/null +++ b/platform-apps/charts/argocd/templates/app-of-apps.yaml @@ -0,0 +1,22 @@ +{{- range .Values.teams }} +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: {{ .name }}-app-of-apps + namespace: {{ .name }}-app-definitions + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + destination: + namespace: {{ .name }}-app-definitions + server: https://kubernetes.default.svc + project: {{ .name }}-project + sources: + - path: {{ .appOfAppsRepo.path }} + repoURL: {{ .appOfAppsRepo.repoURL }} + targetRevision: {{ .appOfAppsRepo.revision }} + syncPolicy: + automated: + prune: true + selfHeal: true +{{- end }} \ No newline at end of file diff --git a/platform-apps/charts/argocd/templates/app-project.yaml b/platform-apps/charts/argocd/templates/app-project.yaml new file mode 100644 index 00000000..3719d86b --- /dev/null +++ b/platform-apps/charts/argocd/templates/app-project.yaml @@ -0,0 +1,21 @@ +{{- range .Values.teams }} +apiVersion: argoproj.io/v1alpha1 +kind: AppProject +metadata: + name: {{ .name }}-project +spec: + sourceNamespaces: + - {{ .name }}-app-definitions + clusterResourceWhitelist: + - group: "" + kind: Namespace + destinations: + - name: in-cluster + namespace: {{ .name }}-* + server: https://kubernetes.default.svc + sourceRepos: +{{- range .sourceRepos }} + - {{ quote . }} +{{- end }} +--- +{{- end }} \ No newline at end of file diff --git a/platform-apps/charts/argocd/templates/kyverno-add-ns-quota.yaml b/platform-apps/charts/argocd/templates/kyverno-add-ns-quota.yaml new file mode 100644 index 00000000..2a4d23ef --- /dev/null +++ b/platform-apps/charts/argocd/templates/kyverno-add-ns-quota.yaml @@ -0,0 +1,60 @@ +{{ if has "resourcequota" .Values.kyvernoPolicies }} +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: add-ns-quota + annotations: + policies.kyverno.io/title: Add Quota + policies.kyverno.io/category: Multi-Tenancy, EKS Best Practices + policies.kyverno.io/subject: ResourceQuota, LimitRange + policies.kyverno.io/minversion: 1.6.0 + policies.kyverno.io/description: >- + To better control the number of resources that can be created in a given + Namespace and provide default resource consumption limits for Pods, + ResourceQuota and LimitRange resources are recommended. + This policy will generate ResourceQuota and LimitRange resources when + a new Namespace is created. +spec: + rules: + - name: generate-resourcequota + match: + any: + - resources: + kinds: + - Namespace + generate: + apiVersion: v1 + kind: ResourceQuota + name: default-resourcequota + synchronize: true + namespace: "{{`{{request.object.metadata.name}}`}}" + data: + spec: + hard: + requests.cpu: '4' + requests.memory: '16Gi' + limits.cpu: '4' + limits.memory: '16Gi' + - name: generate-limitrange + match: + any: + - resources: + kinds: + - Namespace + generate: + apiVersion: v1 + kind: LimitRange + name: default-limitrange + synchronize: true + namespace: "{{`{{request.object.metadata.name}}`}}" + data: + spec: + limits: + - default: + cpu: 500m + memory: 1Gi + defaultRequest: + cpu: 200m + memory: 256Mi + type: Container +{{- end }} \ No newline at end of file diff --git a/platform-apps/charts/argocd/values-k3d.yaml b/platform-apps/charts/argocd/values-k3d.yaml index 04c55b5b..50bbe14b 100644 --- a/platform-apps/charts/argocd/values-k3d.yaml +++ b/platform-apps/charts/argocd/values-k3d.yaml @@ -1,3 +1,25 @@ +teams: + - name: team1 + sourceRepos: + - '*' + appOfAppsRepo: + repoURL: https://github.com/suxess-it/team1-apps + path: k3d-apps + revision: main + - name: team2 + sourceRepos: + - '*' + appOfAppsRepo: + repoURL: https://github.com/suxess-it/team2-apps + path: k3d-apps + revision: main + # in the future maybe also some attributes for an scm / git application-set instead of appOfApps possible + scmAppSet: ~ + gitAppSet: ~ + +kyvernoPolicies: + - resourcequota + argo-cd: global: domain: argocd-127-0-0-1.nip.io @@ -5,6 +27,7 @@ argo-cd: configs: params: server.insecure: true + application.namespaces: "team1-app-definitions,team2-app-definitions" secret: createSecret: false diff --git a/platform-apps/charts/argocd/values.yaml b/platform-apps/charts/argocd/values.yaml index 262f4a42..6ce9f409 100644 --- a/platform-apps/charts/argocd/values.yaml +++ b/platform-apps/charts/argocd/values.yaml @@ -1,2 +1,4 @@ cert: - enabled: false \ No newline at end of file + enabled: false +teams: ~ +kyvernoPolicies: ~ \ No newline at end of file