chore(bootstrap): First bootstrap for Artimis cluster

clusters/artimis/apps/argocd/app-project.yaml

@@ -0,0 +1,18 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: AppProject
+metadata:
+  name: ArgoCD
+  namespace: argocd
+spec:
+  description: CI/CD Engine
+  sourceRepos:
+    - '*'
+  sourceNamespaces:
+    - '*'
+  destinations:
+    - namespace: '*'
+      server: '*'
+  clusterResourceWhitelist:
+    - group: '*'
+      kind: '*'

clusters/artimis/apps/argocd/application.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: ArgoCD
+  namespace: argocd
+  labels:
+    platform.dgse.cloud/cluster: artimis
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: ArgoCD
+  source:
+    repoURL: 'https://git.dgse.cloud/DGSE/kubernetes.git'
+    path: manifests/artimis/argocd
+    targetRevision: HEAD
+  destination:
+    namespace: argocd
+    name: in-cluster
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+    automated:
+      prune: true
+      selfHeal: true

clusters/artimis/apps/argocd/kustomization.yaml

@@ -0,0 +1,7 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - app-project.yaml
+  - application.yaml

clusters/artimis/apps/kustomization.yaml

@@ -0,0 +1,6 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - argocd

clusters/artimis/cluster.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: artimis-cluster
+  namespace: argocd
+  labels:
+    platform.dgse.cloud/cluster: artimis
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: ArgoCD
+  source:
+    repoURL: 'https://git.dgse.cloud/DGSE/kubernetes.git'
+    path: clusters/artimis
+    targetRevision: HEAD
+  destination:
+    namespace: argocd
+    name: in-cluster
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+    automated:
+      prune: true
+      selfHeal: true

clusters/artimis/kustomization.yaml

@@ -0,0 +1,6 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - apps

manifests/artimis/argocd/certificate.yaml

@@ -0,0 +1,12 @@
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: argocd
+spec:
+  secretName: argocd-cert-secret
+  issuerRef:
+    name: letsencrypt
+    kind: ClusterIssuer
+  dnsNames:
+    - cd.dgse.cloud

manifests/artimis/argocd/ingressRoute.yaml

@@ -0,0 +1,25 @@
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: argocd
+  namespace: argocd
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`cd.dgse.cloud`)
+      priority: 10
+      services:
+        - name: argocd-server
+          port: 80
+    - kind: Rule
+      match: Host(`cd.dgse.cloud`) && Headers(`Content-Type`, `application/grpc`)
+      priority: 11
+      services:
+        - name: argocd-server
+          port: 80
+          scheme: h2c
+  tls:
+    secretName: argocd-cert-secret

manifests/artimis/argocd/kustomization.yaml

@@ -0,0 +1,84 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - github.com/argoproj/argo-cd/manifests/cluster-install?ref=v2.14.15
+  - ingressRoute.yaml
+  - cert.yaml
+
+patches:
+  - target:
+      kind: ConfigMap
+      name: argocd-cmd-params-cm
+    patch: |-
+      apiVersion: v1
+      kind: ConfigMap
+      metadata:
+        name: argocd-cmd-params-cm
+      data:
+        server.insecure: "true"
+        application.namespaces: "*"
+  - target:
+      kind: ConfigMap
+      name: argocd-rbac-cm
+    patch: |-
+      apiVersion: v1
+      kind: ConfigMap
+      metadata:
+        name: argocd-rbac-cm
+      data:
+        policy.csv: |
+          g, argocd_admins, role:admin
+          p, argocd_users, applications, list, *, allow
+          p, argocd_users, applications, sync, *, allow
+          p, argocd_users, applications, refresh, *, allow
+          p, argocd_users, applications, get, *, allow
+  - target:
+      kind: ConfigMap
+      name: argocd-cm
+    patch: |-
+      apiVersion: v1
+      kind: ConfigMap
+      metadata:
+        name: argocd-cm
+      data:
+        admin.enabled: "false"
+        kustomize.buildOptions: --enable-helm
+        url: https://cd.dgse.cloud
+        oidc.config: |
+          name: DGSE
+          issuer: https://auth.dgse.cloud
+          clientID: 7f58ae97-de06-4de2-9be4-3bac6b58e6e7
+          clientSecret: $oidc.keycloak.clientSecret
+          requestedScopes: ["openid", "profile", "email", "groups"]
+          allowedAudiences:
+          - "7f58ae97-de06-4de2-9be4-3bac6b58e6e7"
+  - target:
+      kind: ClusterRole
+      name: argocd-application-controller
+    patch: |-
+      apiVersion: rbac.authorization.k8s.io/v1
+      kind: ClusterRole
+      metadata:
+        name: argocd-application-controller
+      rules:
+        - apiGroups: ["*"]
+          resources: ["*"]
+          verbs: ["*"]
+  - target:
+      kind: ClusterRoleBinding
+      name: argocd-application-controller
+    patch: |-
+      apiVersion: rbac.authorization.k8s.io/v1
+      kind: ClusterRoleBinding
+      metadata:
+        name: argocd-application-controller
+      subjects:
+        - kind: ServiceAccount
+          name: argocd-application-controller
+          namespace: argocd
+      roleRef:
+        apiGroup: rbac.authorization.k8s.io
+        kind: ClusterRole
+        name: argocd-application-controller