From 05cc640d325105aeee3bcb79fabc36b1cc465367 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dani=C3=ABl=20Groothuis?= Date: Thu, 23 Oct 2025 10:35:44 +0200 Subject: [PATCH] chore(bootstrap): First bootstrap for Artimis cluster --- clusters/artimis/apps/argocd/app-project.yaml | 18 ++++ clusters/artimis/apps/argocd/application.yaml | 24 ++++++ .../artimis/apps/argocd/kustomization.yaml | 7 ++ clusters/artimis/apps/kustomization.yaml | 6 ++ clusters/artimis/cluster.yaml | 24 ++++++ clusters/artimis/kustomization.yaml | 6 ++ manifests/artimis/argocd/certificate.yaml | 12 +++ manifests/artimis/argocd/ingressRoute.yaml | 25 ++++++ manifests/artimis/argocd/kustomization.yaml | 84 +++++++++++++++++++ 9 files changed, 206 insertions(+) create mode 100644 clusters/artimis/apps/argocd/app-project.yaml create mode 100644 clusters/artimis/apps/argocd/application.yaml create mode 100644 clusters/artimis/apps/argocd/kustomization.yaml create mode 100644 clusters/artimis/apps/kustomization.yaml create mode 100644 clusters/artimis/cluster.yaml create mode 100644 clusters/artimis/kustomization.yaml create mode 100644 manifests/artimis/argocd/certificate.yaml create mode 100644 manifests/artimis/argocd/ingressRoute.yaml create mode 100644 manifests/artimis/argocd/kustomization.yaml diff --git a/clusters/artimis/apps/argocd/app-project.yaml b/clusters/artimis/apps/argocd/app-project.yaml new file mode 100644 index 0000000..f3e018b --- /dev/null +++ b/clusters/artimis/apps/argocd/app-project.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: AppProject +metadata: + name: ArgoCD + namespace: argocd +spec: + description: CI/CD Engine + sourceRepos: + - '*' + sourceNamespaces: + - '*' + destinations: + - namespace: '*' + server: '*' + clusterResourceWhitelist: + - group: '*' + kind: '*' diff --git a/clusters/artimis/apps/argocd/application.yaml b/clusters/artimis/apps/argocd/application.yaml new file mode 100644 index 0000000..2a978df --- /dev/null +++ b/clusters/artimis/apps/argocd/application.yaml @@ -0,0 +1,24 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: ArgoCD + namespace: argocd + labels: + platform.dgse.cloud/cluster: artimis + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: ArgoCD + source: + repoURL: 'https://git.dgse.cloud/DGSE/kubernetes.git' + path: manifests/artimis/argocd + targetRevision: HEAD + destination: + namespace: argocd + name: in-cluster + syncPolicy: + syncOptions: + - CreateNamespace=true + automated: + prune: true + selfHeal: true diff --git a/clusters/artimis/apps/argocd/kustomization.yaml b/clusters/artimis/apps/argocd/kustomization.yaml new file mode 100644 index 0000000..f9b2a4b --- /dev/null +++ b/clusters/artimis/apps/argocd/kustomization.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - app-project.yaml + - application.yaml diff --git a/clusters/artimis/apps/kustomization.yaml b/clusters/artimis/apps/kustomization.yaml new file mode 100644 index 0000000..e5693f9 --- /dev/null +++ b/clusters/artimis/apps/kustomization.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - argocd diff --git a/clusters/artimis/cluster.yaml b/clusters/artimis/cluster.yaml new file mode 100644 index 0000000..812bb59 --- /dev/null +++ b/clusters/artimis/cluster.yaml @@ -0,0 +1,24 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: artimis-cluster + namespace: argocd + labels: + platform.dgse.cloud/cluster: artimis + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: ArgoCD + source: + repoURL: 'https://git.dgse.cloud/DGSE/kubernetes.git' + path: clusters/artimis + targetRevision: HEAD + destination: + namespace: argocd + name: in-cluster + syncPolicy: + syncOptions: + - CreateNamespace=true + automated: + prune: true + selfHeal: true diff --git a/clusters/artimis/kustomization.yaml b/clusters/artimis/kustomization.yaml new file mode 100644 index 0000000..fd2d548 --- /dev/null +++ b/clusters/artimis/kustomization.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - apps diff --git a/manifests/artimis/argocd/certificate.yaml b/manifests/artimis/argocd/certificate.yaml new file mode 100644 index 0000000..c91e026 --- /dev/null +++ b/manifests/artimis/argocd/certificate.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: argocd +spec: + secretName: argocd-cert-secret + issuerRef: + name: letsencrypt + kind: ClusterIssuer + dnsNames: + - cd.dgse.cloud diff --git a/manifests/artimis/argocd/ingressRoute.yaml b/manifests/artimis/argocd/ingressRoute.yaml new file mode 100644 index 0000000..a03be2a --- /dev/null +++ b/manifests/artimis/argocd/ingressRoute.yaml @@ -0,0 +1,25 @@ +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: argocd + namespace: argocd +spec: + entryPoints: + - websecure + routes: + - kind: Rule + match: Host(`cd.dgse.cloud`) + priority: 10 + services: + - name: argocd-server + port: 80 + - kind: Rule + match: Host(`cd.dgse.cloud`) && Headers(`Content-Type`, `application/grpc`) + priority: 11 + services: + - name: argocd-server + port: 80 + scheme: h2c + tls: + secretName: argocd-cert-secret diff --git a/manifests/artimis/argocd/kustomization.yaml b/manifests/artimis/argocd/kustomization.yaml new file mode 100644 index 0000000..f69f589 --- /dev/null +++ b/manifests/artimis/argocd/kustomization.yaml @@ -0,0 +1,84 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - github.com/argoproj/argo-cd/manifests/cluster-install?ref=v2.14.15 + - ingressRoute.yaml + - cert.yaml + +patches: + - target: + kind: ConfigMap + name: argocd-cmd-params-cm + patch: |- + apiVersion: v1 + kind: ConfigMap + metadata: + name: argocd-cmd-params-cm + data: + server.insecure: "true" + application.namespaces: "*" + - target: + kind: ConfigMap + name: argocd-rbac-cm + patch: |- + apiVersion: v1 + kind: ConfigMap + metadata: + name: argocd-rbac-cm + data: + policy.csv: | + g, argocd_admins, role:admin + p, argocd_users, applications, list, *, allow + p, argocd_users, applications, sync, *, allow + p, argocd_users, applications, refresh, *, allow + p, argocd_users, applications, get, *, allow + - target: + kind: ConfigMap + name: argocd-cm + patch: |- + apiVersion: v1 + kind: ConfigMap + metadata: + name: argocd-cm + data: + admin.enabled: "false" + kustomize.buildOptions: --enable-helm + url: https://cd.dgse.cloud + oidc.config: | + name: DGSE + issuer: https://auth.dgse.cloud + clientID: 7f58ae97-de06-4de2-9be4-3bac6b58e6e7 + clientSecret: $oidc.keycloak.clientSecret + requestedScopes: ["openid", "profile", "email", "groups"] + allowedAudiences: + - "7f58ae97-de06-4de2-9be4-3bac6b58e6e7" + - target: + kind: ClusterRole + name: argocd-application-controller + patch: |- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: argocd-application-controller + rules: + - apiGroups: ["*"] + resources: ["*"] + verbs: ["*"] + - target: + kind: ClusterRoleBinding + name: argocd-application-controller + patch: |- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: argocd-application-controller + subjects: + - kind: ServiceAccount + name: argocd-application-controller + namespace: argocd + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: argocd-application-controller