wip: reworking manifests

archmeister/applicationset.yaml

@@ -19,7 +19,7 @@ spec:
     spec:
       project: atlantis
       destination:
-        namespace: oceanbox
+        namespace: atlantis
         server: '{{ cluster }}'
       source:
         path: archmeister

argo/kustomize-helm-with-rewrite/generate.sh

@@ -2,24 +2,30 @@
 
 export HOME=/tmp
 
-echo $ARGOCD_APP_PARAMETERS | jq '.[] | select(.name == "helm-parameters") | .map' | yq -P -oy > parameters.yaml
+env > /tmp/$ARGOCD_APP_NAME.env
+
+echo "$ARGOCD_APP_PARAMETERS" | jq '.[] | select(.name == "helm-parameters") | .map' | yq -P -oy > parameters.yaml
 cp parameters.yaml /tmp/$ARGOCD_APP_NAME-parameters.yaml
 
-if [ -f chart -a $PARAM_CHART = "." ]; then
+if [ -d chart ]; then
+    CHART=chart
+elif [ -f chart -a "$PARAM_CHART" = "." ]; then
     CHART=$(cat chart)
 else
     CHART=$PARAM_CHART
 fi
 
-helm template $PARAM_FLAGS \
-    -f values.yaml \
-    -f parameters.yaml \
-    -f $PARAM_ENV/values.yaml \
-    $ARGOCD_APP_NAME $CHART > ./base/_manifest.yaml
+[ -f chart/values.yaml ] && VALUES="-f chart/values.yaml"
+[ -f values.yaml ] && VALUES="$VALUES -f values.yaml"
+[ -f $PARAM_ENV-values.yaml ] && VALUES="$VALUES -f $PARAM_ENV-values.yaml"
+VALUES="$VALUES -f parameters.yaml"
+
+mkdir -p base
+helm template $PARAM_FLAGS $VALUES $ARGOCD_APP_NAME $CHART > ./base/_manifest.yaml
 
-cp ./base/_manifest.yaml /tmp/$ARGOCD_APP_NAME-manifest.yaml
 sed -i "$PARAM_REWRITE" ./base/_manifest.yaml
-cp ./base/_manifest.yaml /tmp/$ARGOCD_APP_NAME-manifest-rw.yaml
+cp ./base/_manifest.yaml /tmp/$ARGOCD_APP_NAME-manifest.yaml
+
+[ -d "$PARAM_ENV" ] && kubectl kustomize $PARAM_ENV > /tmp/$ARGOCD_APP_NAME-manifest.yaml
 
-kubectl kustomize $PARAM_ENV > /tmp/$ARGOCD_APP_NAME-manifest.yaml
 cat /tmp/$ARGOCD_APP_NAME-manifest.yaml

argo/kustomize-helm-with-rewrite/get-values.sh

@@ -1,15 +1,22 @@
 #!/bin/sh
 
-# cat << EOF
-# [{
-#       "name": "values",
-#       "title": "Values",
-#       "collectionType": "map",
-#       "map": { "replicaCount": "1" }
-# }]
-# EOF
+if [ -f values.yaml ]; then
+    VALUES="values.yaml"
+elif [ -f chart/values.yaml ]; then
+    VALUES="chart/values.yaml"
+else
+    cat << EOF
+[{
+    "name": "helm-parameters",
+    "title": "Helm Parameters",
+    "collectionType": "map",
+    "map": { "replicaCount": "1" }
+}]
+EOF
+    exit 0
+fi
 
-yq e -o=p values.yaml | jq --slurp --raw-input '
+yq e -o=p $VALUES | jq --slurp --raw-input '
   [{
     name: "helm-parameters",
     title: "Helm Parameters",

cerbos/applicationset.yaml

@@ -13,7 +13,7 @@ spec:
         env: staging
   template:
     metadata:
-      name: '{{ env }}-cerbox'
+      name: '{{ env }}-cerbos'
     spec:
       project: atlantis
       destination:

dex/application.yaml

@@ -1,70 +1,34 @@
 apiVersion: argoproj.io/v1alpha1
-kind: Application
+kind: ApplicationSet
 metadata:
   name: dex
   namespace: argocd
 spec:
-  project: atlantis
-  destination:
-    server: https://kubernetes.default.svc
-    namespace: atlantis
-  source:
-    repoURL: https://charts.dexidp.io
-    targetRevision: 0.16.0
-    chart: dex
-    helm:
-      values: |
-        replicaCount: 1
-        https:
-          enabled: false
-        grpc:
-          enabled: false
-
-        configSecret:
-          create: true
-          name: ""
-        config: {}
-
-        volumes:
-          - name: web
-            persistentVolumeClaim:
-              claimName: oceanbox-dex
-        volumeMounts:
-          - name: web
-            mountPath: /srv/dex/web
-        envVars: []
-
-        service:
-          annotations: {}
-          type: ClusterIP
-          clusterIP: ""
-          ports:
-            http:
-              port: 5556
-              nodePort:
-            https:
-              port: 5554
-              nodePort:
-            grpc:
-              port: 5557
-              nodePort:
-
-        ingress:
-          enabled: true
-          className: nginx
-          annotations:
-            cert-manager.io/cluster-issuer: letsencrypt-staging
-            nginx.ingress.kubernetes.io/ssl-redirect: "true"
-          hosts:
-            - host: idp.beta.oceanbox.io
-              paths:
-                - path: /
-                  pathType: ImplementationSpecific
-          tls:
-           - secretName: dex-tls
-             hosts:
-               - idp.beta.oceanbox.io
-
-        serviceMonitor:
-          enabled: true
-
+  generators:
+  - list:
+      elements:
+      - cluster: https://kubernetes.default.svc
+        env: prod
+        hostanme: idp.srv.oceanbox.io
+      - cluster: https://kubernetes.default.svc
+        env: staging
+        hostanme: idp.beta.oceanbox.io
+  template:
+    metadata:
+      name: '{{ env }}-dex'
+    spec:
+      project: atlantis
+      destination:
+        server: https://kubernetes.default.svc
+        namespace: atlantis
+      source:
+      - repoURL: https://charts.dexidp.io
+        targetRevision: 0.16.0
+        chart: dex
+        helm:
+          valueFiles:
+            - $values/dex/values.yaml
+      - repoURL: https://gitlab.com/oceanbox/manifests.git
+        targetRevision: HEAD
+        path: cerbos/manifests
+        ref: values

dex/values.yaml

@@ -0,0 +1,53 @@
+replicaCount: 1
+https:
+  enabled: false
+grpc:
+  enabled: false
+
+configSecret:
+  create: true
+  name: ""
+config: {}
+
+volumes:
+  - name: web
+    persistentVolumeClaim:
+      claimName: oceanbox-dex
+volumeMounts:
+  - name: web
+    mountPath: /srv/dex/web
+envVars: []
+
+service:
+  annotations: {}
+  type: ClusterIP
+  clusterIP: ""
+  ports:
+    http:
+      port: 5556
+      nodePort:
+    https:
+      port: 5554
+      nodePort:
+    grpc:
+      port: 5557
+      nodePort:
+
+ingress:
+  enabled: true
+  className: nginx
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-staging
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+  hosts:
+    - host: idp.srv.oceanbox.io
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
+  tls:
+   - secretName: dex-tls
+     hosts:
+       - idp.srv.oceanbox.io
+
+serviceMonitor:
+  enabled: true

geoserver/applicationset.yaml

@@ -1,25 +1,42 @@
 apiVersion: argoproj.io/v1alpha1
-kind: Application
+kind: ApplicationSet
 metadata:
   name: geoserver
   namespace: argocd
 spec:
-  project: gis
-  destination:
-    server: https://kubernetes.default.svc
-    namespace: geoserver
-  source:
-    repoURL: https://gitlab.com/oceanbox/charts.git
-    targetRevision: HEAD
-    path: geoserver
-    plugin:
-      name: kustomize-helm-with-rewrite
-      parameters:
-      - name: env
-        string: prod
-      - name: hostname
-        string: geoserver.srv.oceanbox.io
-      - name: flags
-        string: "--skip-tests"
-      - name: chart
-        string: ncsa/geoserver
+  generators:
+  - list:
+      elements:
+      - cluster: https://kubernetes.default.svc
+        env: prod
+        hostname: geoserver.srv.oceanbox.io
+      - cluster: https://kubernetes.default.svc
+        env: staging
+        hostname: geoserver.beta.oceanbox.io
+  template:
+    metadata:
+      name: '{{ env }}-geoserver'
+    spec:
+      project: atlantis
+      destination:
+        server: https://kubernetes.default.svc
+        namespace: geoserver
+      sources:
+      - repoURL: https://gitlab.com/oceanbox/charts.git
+        targetRevision: HEAD
+        path: geoserver
+        plugin:
+          name: kustomize-helm-with-rewrite
+          parameters:
+          - name: env
+            string: prod
+          - name: hostname
+            string: geoserver.srv.oceanbox.io
+          - name: flags
+            string: "--skip-tests"
+          - name: chart
+            string: ncsa/geoserver
+      # - repoURL: https://gitlab.com/oceanbox/manifests.git
+      #   targetRevision: HEAD
+      #   # path: /{{ env }}
+      #   ref: values

rabbitmq/applicationset.yaml

@@ -1,49 +1,34 @@
 apiVersion: argoproj.io/v1alpha1
-kind: Application
+kind: ApplicationSet
 metadata:
   name: rabbitmq
   namespace: argocd
+spec:
+  generators:
+  - list:
+      elements:
+      - cluster: https://kubernetes.default.svc
+        env: prod
+        hostname: rabbitmq.srv.oceanbox.io
+      - cluster: https://kubernetes.default.svc
+        env: staging
+        hostname: rabbitmq.beta.oceanbox.io
+  template:
+    metadata:
+      name: '{{ env }}-rabbitmq'
 spec:
   project: atlantis
   destination:
     server: https://kubernetes.default.svc
-    namespace: atlantis
+    namespace: rabbitmq
   sources:
     - repoURL: https://charts.bitnami.com/bitnami
       targetRevision: 12.9.0
       chart: rabbitmq
       helm:
-        values: |
-          auth:
-            erlangCookie: ""
-            existingErlangSecret: ""
-            existingPasswordSecret: ""
-            password: hunny-bunny
-            username: user
-          clusterDomain: cluster.local
-          ingress:
-            annotations:
-              cert-manager.io/cluster-issuer: letsencrypt-production
-              nginx.ingress.kubernetes.io/ssl-redirect: "true"
-              nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
-            enabled: true
-            extraHosts: []
-            extraPaths: []
-            extraRules: []
-            hostname: rabbitmq.svc.oceanbox.io
-            ingressClassName: ""
-            path: /
-            pathType: ImplementationSpecific
-            secrets: []
-            selfSigned: false
-            tls: true
-          persistence:
-            accessModes:
-            - ReadWriteOnce
-            enabled: true
-            existingClaim: ""
-            size: 8Gi
-            storageClass: ""
-    - repoURL: https://gitlab.com/oceanbox/manifests
+        valuesFiles:
+          - $values/rabbitmq/{{ env }}/-values.yaml
+    - repoURL: https://gitlab.com/oceanbox/manifests.git
       targetRevision: HEAD
-      path: rabbitmq/manifests
+      path: rabbitmq/{{ env }}
+      ref: values

rabbitmq/prod/nodeport.yaml

@@ -1,14 +1,9 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: rabbitmq-nodeport
-  namespace: atlantis
+  name: prod-rabbitmq-nodeport
+  namespace: rabbitmq
 spec:
-  externalTrafficPolicy: Cluster
-  internalTrafficPolicy: Cluster
-  ipFamilies:
-  - IPv4
-  ipFamilyPolicy: SingleStack
   ports:
   - name: amqp
     nodePort: 30672
@@ -21,8 +16,7 @@ spec:
     protocol: TCP
     targetPort: 15672
   selector:
-    app.kubernetes.io/instance: rabbitmq
-    app.kubernetes.io/name: rabbitmq
-  sessionAffinity: None
+    app.kubernetes.io/instance: prod-rabbitmq
+    app.kubernetes.io/name: prod-rabbitmq
   type: NodePort
 

rabbitmq/prod/values.yaml

@@ -0,0 +1,31 @@
+auth:
+  erlangCookie: ""
+  existingErlangSecret: ""
+  existingPasswordSecret: ""
+  password: hunny-bunny
+  username: user
+clusterDomain: cluster.local
+ingress:
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-production
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
+  enabled: true
+  extraHosts: []
+  extraPaths: []
+  extraRules: []
+  hostname: rabbitmq.srv.oceanbox.io
+  ingressClassName: ""
+  path: /
+  pathType: ImplementationSpecific
+  secrets: []
+  selfSigned: false
+  tls: true
+persistence:
+  accessModes:
+  - ReadWriteOnce
+  enabled: true
+  existingClaim: ""
+  size: 8Gi
+  storageClass: ""
+

rabbitmq/staging/nodeport.yaml

@@ -0,0 +1,22 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: staging-rabbitmq-nodeport
+  namespace: rabbitmq
+spec:
+  ports:
+  - name: amqp
+    nodePort: 31672
+    port: 5672
+    protocol: TCP
+    targetPort: 5672
+  - name: amqp-http
+    nodePort: 31673
+    port: 15672
+    protocol: TCP
+    targetPort: 15672
+  selector:
+    app.kubernetes.io/instance: staging-rabbitmq
+    app.kubernetes.io/name: staging-rabbitmq
+  type: NodePort
+

rabbitmq/staging/values.yaml

@@ -0,0 +1,31 @@
+auth:
+  erlangCookie: ""
+  existingErlangSecret: ""
+  existingPasswordSecret: ""
+  password: hunny-bunny
+  username: user
+clusterDomain: cluster.local
+ingress:
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-staging
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
+  enabled: true
+  extraHosts: []
+  extraPaths: []
+  extraRules: []
+  hostname: rabbitmq.beta.oceanbox.io
+  ingressClassName: ""
+  path: /
+  pathType: ImplementationSpecific
+  secrets: []
+  selfSigned: false
+  tls: true
+persistence:
+  accessModes:
+  - ReadWriteOnce
+  enabled: true
+  existingClaim: ""
+  size: 8Gi
+  storageClass: ""
+

seq/application.yaml

@@ -7,13 +7,13 @@ spec:
   project: atlantis
   destination:
     server: https://kubernetes.default.svc
-    namespace: atlantis
+    namespace: seq
   source:
     repoURL: https://helm.datalust.co
     targetRevision: 2024.1.0
     chart: seq
     helm:
-      values: |
+      valuesObject:
         acceptEULA: "Y"
 
         # Set this URL if you enable ingress and/or AAD authentication.