├── cluster-agent ├── config │ ├── default │ │ ├── .gitignore │ │ ├── manager_config_patch.yaml │ │ └── manager_auth_proxy_patch.yaml │ ├── default-no-prometheus │ │ └── .gitignore │ ├── prometheus │ │ ├── kustomization.yaml │ │ ├── monitor.yaml │ │ └── service.yaml │ ├── rbac │ │ ├── service_account.yaml │ │ ├── auth_proxy_client_clusterrole.yaml │ │ ├── role_binding.yaml │ │ ├── auth_proxy_role_binding.yaml │ │ ├── leader_election_role_binding.yaml │ │ ├── auth_proxy_role.yaml │ │ ├── auth_proxy_service.yaml │ │ ├── leader_election_role.yaml │ │ └── kustomization.yaml │ ├── manager │ │ ├── kustomization.yaml │ │ └── controller_manager_config.yaml │ └── manifests │ │ └── kustomization.yaml ├── .dockerignore ├── metrics │ ├── metrics_suite_test.go │ ├── argocd │ │ └── argocd_metrics_suite_test.go │ ├── operation_metrics.go │ └── operation_metrics_test.go ├── controllers │ ├── managed-gitops │ │ └── eventloop │ │ │ └── eventloop_suite_test.go │ ├── argoproj.io │ │ ├── application_controller_suite_test.go │ │ └── application_info_cache │ │ │ └── application_info_cache_suite_test.go │ └── utils_suite_test.go ├── .gitignore ├── utils │ └── utils_suite_test.go ├── PROJECT └── hack │ └── boilerplate.go.txt ├── utilities ├── gitopsctl │ ├── .gitignore │ ├── main.go │ ├── gitopsctl │ ├── hack │ │ └── init.sh │ ├── Makefile │ ├── go.mod │ ├── README.md │ ├── cmd │ │ ├── parse.go │ │ └── download.go │ └── implementations │ │ └── download-job │ │ └── download-urls-multithreaded.go ├── load-test │ ├── .gitignore │ ├── README.md │ ├── gitops-service │ │ └── suite_test.go │ ├── Makefile │ └── main.go ├── init-container │ ├── .gitignore │ ├── README.md │ ├── Makefile │ └── hotfix │ │ └── hotfix_suite_test.go ├── db-migration │ ├── migrations │ │ ├── 000003_v3.down.sql │ │ ├── 000005_v5.down.sql │ │ ├── 000005_v5.up.sql │ │ ├── 000013_v13.down.sql │ │ ├── 000008_v8.down.sql │ │ ├── 000015_v15.down.sql │ │ ├── 000015_v15.up.sql │ │ ├── 000007_v7.down.sql │ │ ├── 000013_v13.up.sql │ │ ├── 000008_v8.up.sql │ │ ├── 000016_v16.down.sql │ │ ├── 000009_v9.down.sql │ │ ├── 000019_v19.up.sql │ │ ├── 000007_v7.up.sql │ │ ├── 000019_v19.down.sql │ │ ├── 000009_v9.up.sql │ │ ├── 000018_v18.up.sql │ │ ├── 000012_v12.down.sql │ │ ├── 000014_v14.down.sql │ │ ├── 000018_v18.down.sql │ │ ├── 000012_v12.up.sql │ │ ├── 000011_v11.down.sql │ │ ├── 000004_v4.down.sql │ │ ├── 000004_v4.up.sql │ │ ├── 000010_v10.down.sql │ │ ├── 000011_v11.up.sql │ │ ├── 000020_v20.up.sql │ │ ├── 000002_v2.up.sql │ │ ├── 000002_v2.down.sql │ │ ├── 000010_v10.up.sql │ │ ├── 000017_v17.down.sql │ │ ├── 000001_init_db.down.sql │ │ ├── 000006_v6.down.sql │ │ ├── 000020_v20.down.sql │ │ ├── 000006_v6.up.sql │ │ ├── 000016_v16.up.sql │ │ └── 000017_v17.up.sql │ ├── .gitignore │ ├── README.md │ ├── migration_test │ │ ├── add_test_values │ │ │ └── suite_test.go │ │ └── verify_test_values │ │ │ └── suite_test.go │ ├── main.go │ └── Makefile └── yamllint.yaml ├── .gitignore ├── .golangci.yml ├── backend ├── config │ ├── prometheus │ │ ├── kustomization.yaml │ │ ├── monitor.yaml │ │ └── service.yaml │ ├── webhook │ │ ├── kustomization.yaml │ │ ├── service.yaml │ │ └── kustomizeconfig.yaml │ ├── rbac │ │ ├── service_account.yaml │ │ ├── auth_proxy_client_clusterrole.yaml │ │ ├── role_binding.yaml │ │ ├── auth_proxy_role_binding.yaml │ │ ├── leader_election_role_binding.yaml │ │ ├── auth_proxy_role.yaml │ │ ├── auth_proxy_service.yaml │ │ ├── gitopsdeployment_viewer_role.yaml │ │ ├── gitopsdeploymentsyncrun_viewer_role.yaml │ │ ├── gitopsdeployment_editor_role.yaml │ │ ├── gitopsdeploymentrepositorycredential_viewer_role.yaml │ │ ├── gitopsdeploymentsyncrun_editor_role.yaml │ │ ├── managed-gitops.redhat.com_gitopsdeploymentmanagedenvironment_viewer_role.yaml │ │ ├── gitopsdeploymentrepositorycredential_editor_role.yaml │ │ ├── leader_election_role.yaml │ │ ├── managed-gitops.redhat.com_gitopsdeploymentmanagedenvironment_editor_role.yaml │ │ └── kustomization.yaml │ ├── scorecard │ │ ├── bases │ │ │ └── config.yaml │ │ ├── patches │ │ │ └── basic.config.yaml │ │ └── kustomization.yaml │ ├── samples │ │ ├── managed-gitops_v1alpha1_gitopsdeployment.yaml │ │ ├── managed-gitops_v1alpha1_gitopsdeploymentsyncrun.yaml │ │ ├── managed-gitops.redhat.com_v1alpha1_gitopsdeploymentmanagedenvironment.yaml │ │ ├── managed-gitops_v1alpha1_gitopsdeploymentrepositorycredential.yaml │ │ └── kustomization.yaml │ ├── manager │ │ ├── kustomization.yaml │ │ └── controller_manager_config.yaml │ ├── default │ │ ├── manager_config_patch.yaml │ │ └── manager_auth_proxy_patch.yaml │ └── manifests │ │ └── kustomization.yaml ├── .gitignore ├── .dockerignore ├── util │ ├── util_suite_test.go │ └── server.go ├── metrics │ └── metrics_suite_test.go ├── condition │ └── conditions_suite_test.go ├── PROJECT ├── eventloop │ ├── application_event_loop │ │ └── application_eventloop_suite_test.go │ ├── event_loop_suite_test.go │ ├── eventlooptypes │ │ └── types_suite_test.go │ └── shared_resource_loop │ │ └── shared_resource_loop_suite_test.go ├── hack │ ├── boilerplate.go.txt │ └── example-kube-config-file.yaml └── controllers │ └── managed-gitops │ └── suite_test.go ├── backend-shared ├── .gitignore ├── main.go ├── config │ ├── certmanager │ │ ├── kustomization.yaml │ │ └── kustomizeconfig.yaml │ ├── webhook │ │ ├── kustomization.yaml │ │ ├── service.yaml │ │ └── kustomizeconfig.yaml │ ├── crd │ │ ├── patches │ │ │ ├── cainjection_in_gitopsdeployments.yaml │ │ │ ├── cainjection_in_gitopsdeploymentsyncruns.yaml │ │ │ ├── cainjection_in_gitopsdeploymentrepositorycredentials.yaml │ │ │ ├── cainjection_in_managed-gitops.redhat.com_gitopsdeploymentmanagedenvironments.yaml │ │ │ ├── webhook_in_gitopsdeployments.yaml │ │ │ ├── webhook_in_gitopsdeploymentsyncruns.yaml │ │ │ ├── webhook_in_gitopsdeploymentrepositorycredentials.yaml │ │ │ └── webhook_in_managed-gitops.redhat.com_gitopsdeploymentmanagedenvironments.yaml │ │ └── kustomizeconfig.yaml │ └── default │ │ ├── manager_webhook_patch.yaml │ │ └── webhookcainjection_patch.yaml ├── db │ ├── db_suite_test.go │ ├── util │ │ └── util_suite_test.go │ └── postgres-integration_test.go ├── hack │ ├── hack_suite_test.go │ ├── run-db-schema-sync-check.sh │ └── boilerplate.go.txt ├── util │ ├── log │ │ └── log_suite_test.go │ ├── argocd │ │ └── util_suite_test.go │ ├── operations │ │ └── eventlooptypes_suite_test.go │ ├── time.go │ ├── profiling.go │ └── util_suite_test.go └── apis │ └── managed-gitops │ └── v1alpha1 │ └── mocks │ ├── generate.go │ └── structs │ └── builders.go ├── tests-e2e ├── .gitignore ├── argocd │ └── argocd_suite_test.go ├── appstudio │ └── appstudio_suite_test.go └── core │ └── core_suite_test.go ├── appstudio-controller ├── config │ ├── prometheus │ │ ├── kustomization.yaml │ │ ├── monitor.yaml │ │ └── service.yaml │ ├── webhook │ │ ├── kustomization.yaml │ │ ├── service.yaml │ │ └── kustomizeconfig.yaml │ ├── rbac │ │ ├── service_account.yaml │ │ ├── auth_proxy_client_clusterrole.yaml │ │ ├── role_binding.yaml │ │ ├── auth_proxy_role_binding.yaml │ │ ├── leader_election_role_binding.yaml │ │ ├── auth_proxy_role.yaml │ │ ├── deploymenttargetclass_view_role_binding.yaml │ │ ├── auth_proxy_service.yaml │ │ ├── deploymenttargetclass_view_role.yaml │ │ ├── leader_election_role.yaml │ │ └── kustomization.yaml │ ├── scorecard │ │ ├── bases │ │ │ └── config.yaml │ │ ├── patches │ │ │ └── basic.config.yaml │ │ └── kustomization.yaml │ ├── manager │ │ ├── kustomization.yaml │ │ └── controller_manager_config.yaml │ ├── samples │ │ └── kustomization.yaml │ ├── default │ │ ├── manager_config_patch.yaml │ │ ├── webhookcainjection_patch.yaml │ │ ├── manager_webhook_patch.yaml │ │ └── manager_auth_proxy_patch.yaml │ ├── default-no-prometheus │ │ └── webhookcainjection_patch.yaml │ ├── default-no-webhook │ │ └── manager_auth_proxy_patch.yaml │ └── manifests │ │ └── kustomization.yaml ├── .dockerignore ├── examples │ ├── promotionrun.yaml │ ├── environment.yaml │ ├── snapshot.yaml │ ├── binding.yaml │ ├── README.md │ └── application.yaml ├── .gitignore ├── hack │ └── boilerplate.go.txt ├── controllers │ └── appstudio.redhat.com │ │ └── suite_test.go └── PROJECT ├── stop-dev-env.sh ├── manifests ├── base │ ├── gitops-namespace │ │ ├── gitops-namespace.yaml │ │ └── kustomization.yaml │ ├── gitops-service-argocd │ │ ├── base │ │ │ ├── argo-cd-namespace.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── argo-cd-server-clusterrolebinding.yaml │ │ │ ├── argo-cd-application-controller-clusterrolebinding.yaml │ │ │ └── argo-cd-server-clusterrole.yaml │ │ └── overlays │ │ │ ├── test-e2e │ │ │ └── kustomization.yaml │ │ │ └── appstudio-staging-and-prod │ │ │ ├── kustomization.yaml │ │ │ └── argo-cd-patch.yaml │ ├── crd │ │ ├── overlays │ │ │ ├── stonesoup │ │ │ │ └── kustomization.yaml │ │ │ └── local-dev │ │ │ │ └── kustomization.yaml │ │ └── base │ │ │ └── kustomization.yaml │ ├── cluster-scoped │ │ ├── kustomization.yaml │ │ └── deployment-target-class.yaml │ ├── postgresql-staging │ │ ├── kustomization.yaml │ │ ├── postgresql-staging-secret.yaml │ │ ├── addProtocol.sh │ │ └── README.md │ └── monitoring │ │ ├── grafana-dashboards-new │ │ └── kustomization.yaml │ │ └── grafana-dashboards │ │ ├── stonesoup │ │ └── kustomization.yaml │ │ ├── managed-gitops │ │ └── kustomization.yaml │ │ └── regenerate-stonesoup-dashboard.sh ├── overlays │ ├── appstudio-staging-cluster │ │ ├── prometheus │ │ │ ├── backend │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── service-monitor.yaml │ │ │ │ └── service.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── cluster-agent │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── service-monitor.yaml │ │ │ │ └── service.yaml │ │ │ └── appstudio-controller │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── service.yaml │ │ │ │ └── service-monitor.yaml │ │ └── kustomization.yaml │ ├── k8s-env │ │ ├── backend-deployment-patch.yaml │ │ ├── cluster-agent-deployment-patch.yaml │ │ └── kustomization.yaml │ ├── k8s-env-e2e │ │ ├── kustomization.yaml │ │ ├── backend-deployment-patch.yaml │ │ └── cluster-agent-deployment-patch.yaml │ ├── local-dev-env │ │ └── kustomization.yaml │ ├── local-dev-env-with-k8s-db │ │ └── kustomization.yaml │ └── stonesoup-member-cluster │ │ └── kustomization.yaml └── scripts │ ├── metrics-dashboard │ ├── dashboards │ │ └── argo-cd │ │ │ └── grafana-argo-dashboard.yaml │ ├── grafana │ │ ├── grafana-cluster-role-binding.yaml │ │ ├── grafana-operator-group.yaml │ │ ├── grafana-subscription.yaml │ │ ├── grafana-data-source.yaml │ │ └── grafana-cr.yaml │ ├── postgresql │ │ ├── grafana-postgresql-dashboard.yaml │ │ ├── grafana-postgresql-exporter-dashboard.yaml │ │ └── postgresql-data-source.yaml │ ├── prometheus │ │ ├── openshift-operators-service-monitor.yaml │ │ ├── enable-user-workload-monitoring.yaml │ │ ├── prometheus-roles-for-openshift-operators.yaml │ │ └── prometheus-roles-for-gitops-ns.yaml │ └── README.md │ ├── generate-postgresql-secret.sh │ ├── k8s-argo-deploy │ └── deploy.sh │ └── openshift-argo-deploy │ ├── openshift-gitops-subscription.yaml │ └── deploy.sh ├── docs ├── environment-api │ ├── Stages.png │ ├── Relationships.png │ ├── Resource-Customization.png │ └── Environment-To-Argo-CD-Application.png └── designs │ ├── gitops-repo-uniqueness │ └── GitOps-Uniqueness-Diagram1.jpg │ ├── introduction-to-gitops-service-code-and-architecture │ ├── image1.jpg │ ├── image2.png │ └── image3.jpg │ ├── presentations │ └── gitops-service-GitOpsDeployment-creatio-steps.odp │ ├── gitops-service-internal-architecture-appstudio │ ├── end-to-end-flow-1.png │ ├── event-processing-5.jpg │ ├── resource-tracking-2.jpg │ ├── high-level-overview-6.jpg │ ├── event-loop-hierarchy-3.jpg │ └── flow-of-authoritative-data-4.jpg │ ├── historical │ └── initial-rest-api-gitops-service-late-2021 │ │ ├── resource-updates.png │ │ └── high-level-overview.png │ ├── argo-cd-support-for-multiple-service-accounts-on-a-single-cluster │ ├── SA-Diagram-1.jpg │ └── SA-Diagram-2.jpg │ ├── advanced-use-cases-not-covered-by-application-in-any-namespace-gitops-service-model │ ├── image1.jpg │ ├── image2.jpg │ └── image3.jpg │ ├── proposal-gitops-service-pull-model-using-cluster-agent-component │ └── pull-model-using-cluster-agent.jpg │ └── exploring-generic-gitops-service-architecture │ ├── Option1-GitOps-Service-multiple-instance-multiple-controller-replicas-model.jpg │ └── Option2-GitOps-Service-single-instance-multiple-controller-replicas-model.jpg ├── examples ├── m2-demo │ ├── k8s │ │ ├── README.md │ │ ├── jane-deployment.yaml │ │ └── jgw-deployment.yaml │ ├── jane-deployment.yaml │ └── jgw-deployment.yaml └── m6-demo │ ├── resources │ ├── jane-namespace.yaml │ └── jgw-namespace.yaml │ ├── jane-deployment.yaml │ ├── jgw-deployment.yaml │ ├── my-managed-environment.yaml │ ├── gitops-deployment-managed-environment.yaml │ └── setup-on-openshift.sh ├── Procfile ├── Procfile.chaos ├── Procfile.runexecs ├── Procfile.no-self-heal ├── delete-dev-env.sh ├── OWNERS ├── resources └── test-data │ ├── sample-gitops-repository │ ├── environments │ │ ├── base │ │ │ ├── cm-env-config-map.yaml │ │ │ └── kustomization.yaml │ │ └── overlays │ │ │ ├── dev │ │ │ └── kustomization.yaml │ │ │ └── staging │ │ │ └── kustomization.yaml │ └── components │ │ ├── componentA │ │ ├── base │ │ │ ├── kustomization.yaml │ │ │ ├── service-sample-workload.yaml │ │ │ ├── route-sample-workload.yaml │ │ │ └── deployment-sample-workload.yaml │ │ └── overlays │ │ │ ├── dev │ │ │ └── kustomization.yaml │ │ │ └── staging │ │ │ └── kustomization.yaml │ │ └── componentB │ │ ├── base │ │ ├── kustomization.yaml │ │ ├── service-sample-workload.yaml │ │ ├── route-sample-workload.yaml │ │ └── deployment-sample-workload.yaml │ │ └── overlays │ │ ├── dev │ │ └── kustomization.yaml │ │ └── staging │ │ └── kustomization.yaml │ ├── component-based-gitops-repository-no-route │ └── components │ │ ├── componentA │ │ └── base │ │ │ ├── kustomization.yaml │ │ │ ├── service-sample-workload.yaml │ │ │ └── deployment-sample-workload.yaml │ │ └── componentB │ │ └── base │ │ ├── kustomization.yaml │ │ ├── service-sample-workload.yaml │ │ └── deployment-sample-workload.yaml │ ├── component-based-gitops-repository │ └── components │ │ ├── componentA │ │ └── base │ │ │ ├── kustomization.yaml │ │ │ ├── service-sample-workload.yaml │ │ │ ├── route-sample-workload.yaml │ │ │ └── deployment-sample-workload.yaml │ │ └── componentB │ │ └── base │ │ ├── kustomization.yaml │ │ ├── service-sample-workload.yaml │ │ ├── route-sample-workload.yaml │ │ └── deployment-sample-workload.yaml │ └── README.md ├── .sonarcloud.properties ├── .github ├── pull_request_template.md ├── workflows │ ├── docker-image.yml │ └── schema-sync.yml └── dependabot.yml ├── psql.sh ├── .dockerignore ├── .ci └── base-image │ └── Dockerfile ├── .tekton └── pull-request.yaml └── .gitleaks.toml /cluster-agent/config/default/.gitignore: -------------------------------------------------------------------------------- 1 | raw 2 | -------------------------------------------------------------------------------- /utilities/gitopsctl/.gitignore: -------------------------------------------------------------------------------- 1 | downloaded/ 2 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .stfolder 2 | .idea/ 3 | .vscode/ 4 | bin/ 5 | 6 | -------------------------------------------------------------------------------- /cluster-agent/config/default-no-prometheus/.gitignore: -------------------------------------------------------------------------------- 1 | raw 2 | -------------------------------------------------------------------------------- /utilities/load-test/.gitignore: -------------------------------------------------------------------------------- 1 | vendor 2 | coverage.out 3 | 4 | -------------------------------------------------------------------------------- /.golangci.yml: -------------------------------------------------------------------------------- 1 | linters: 2 | enable: 3 | - ginkgolinter 4 | -------------------------------------------------------------------------------- /utilities/init-container/.gitignore: -------------------------------------------------------------------------------- 1 | bin/ 2 | vendor/ 3 | cover.out 4 | -------------------------------------------------------------------------------- /backend/config/prometheus/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - monitor.yaml 3 | - service.yaml -------------------------------------------------------------------------------- /utilities/db-migration/migrations/000003_v3.down.sql: -------------------------------------------------------------------------------- 1 | DROP TABLE repositorycredentials; 2 | -------------------------------------------------------------------------------- /backend-shared/.gitignore: -------------------------------------------------------------------------------- 1 | bin/ 2 | dist/ 3 | cover.out 4 | coverage.out 5 | vendor/ 6 | .idea/ 7 | -------------------------------------------------------------------------------- /backend-shared/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | // Dummy main.go file to keep kubebuilder happy 4 | -------------------------------------------------------------------------------- /tests-e2e/.gitignore: -------------------------------------------------------------------------------- 1 | tests-e2e 2 | cover.out 3 | vendor 4 | bin 5 | coverage.out 6 | 7 | 8 | -------------------------------------------------------------------------------- /cluster-agent/config/prometheus/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - monitor.yaml 3 | - service.yaml 4 | -------------------------------------------------------------------------------- /appstudio-controller/config/prometheus/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - monitor.yaml 3 | - service.yaml -------------------------------------------------------------------------------- /utilities/db-migration/.gitignore: -------------------------------------------------------------------------------- 1 | bin/ 2 | dist/ 3 | coverage.out 4 | vendor/ 5 | cover.out 6 | .idea/ 7 | -------------------------------------------------------------------------------- /utilities/db-migration/migrations/000005_v5.down.sql: -------------------------------------------------------------------------------- 1 | ALTER TABLE OPERATION DROP COLUMN gc_expiration_time; -------------------------------------------------------------------------------- /utilities/db-migration/migrations/000005_v5.up.sql: -------------------------------------------------------------------------------- 1 | ALTER TABLE OPERATION ADD COLUMN gc_expiration_time INT; -------------------------------------------------------------------------------- /utilities/db-migration/migrations/000013_v13.down.sql: -------------------------------------------------------------------------------- 1 | ALTER TABLE ClusterUser DROP COLUMN display_name; 2 | -------------------------------------------------------------------------------- /utilities/db-migration/migrations/000008_v8.down.sql: -------------------------------------------------------------------------------- 1 | ALTER TABLE ApplicationState DROP COLUMN sync_error; 2 | -------------------------------------------------------------------------------- /utilities/db-migration/migrations/000015_v15.down.sql: -------------------------------------------------------------------------------- 1 | ALTER TABLE ApplicationState DROP COLUMN operation_state; -------------------------------------------------------------------------------- /utilities/db-migration/migrations/000015_v15.up.sql: -------------------------------------------------------------------------------- 1 | ALTER TABLE ApplicationState ADD COLUMN operation_state bytea; -------------------------------------------------------------------------------- /backend/.gitignore: -------------------------------------------------------------------------------- 1 | ginkgo.report 2 | bin/ 3 | dist/ 4 | coverage.out 5 | vendor/ 6 | cover.out 7 | .idea/ 8 | main 9 | -------------------------------------------------------------------------------- /utilities/db-migration/migrations/000007_v7.down.sql: -------------------------------------------------------------------------------- 1 | ALTER TABLE ApplicationState DROP COLUMN reconciled_state; 2 | -------------------------------------------------------------------------------- /utilities/db-migration/migrations/000013_v13.up.sql: -------------------------------------------------------------------------------- 1 | ALTER TABLE ClusterUser ADD COLUMN display_name VARCHAR (128); 2 | -------------------------------------------------------------------------------- /stop-dev-env.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | docker stop managed-gitops-postgres 4 | docker stop managed-gitops-pgadmin 5 | 6 | -------------------------------------------------------------------------------- /utilities/db-migration/migrations/000008_v8.up.sql: -------------------------------------------------------------------------------- 1 | ALTER TABLE ApplicationState ADD COLUMN sync_error VARCHAR ( 4096 ); 2 | -------------------------------------------------------------------------------- /utilities/db-migration/migrations/000016_v16.down.sql: -------------------------------------------------------------------------------- 1 | BEGIN; 2 | DROP TABLE IF EXISTS ApplicationOwner; 3 | COMMIT; 4 | -------------------------------------------------------------------------------- /manifests/base/gitops-namespace/gitops-namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: gitops 5 | -------------------------------------------------------------------------------- /utilities/db-migration/migrations/000009_v9.down.sql: -------------------------------------------------------------------------------- 1 | ALTER TABLE ClusterCredentials DROP COLUMN allowinsecure_skiptlsverify; 2 | -------------------------------------------------------------------------------- /utilities/db-migration/migrations/000019_v19.up.sql: -------------------------------------------------------------------------------- 1 | ALTER TABLE AppProjectRepository DROP COLUMN repositorycredentials_id; 2 | -------------------------------------------------------------------------------- /docs/environment-api/Stages.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-appstudio/managed-gitops/HEAD/docs/environment-api/Stages.png -------------------------------------------------------------------------------- /utilities/db-migration/migrations/000007_v7.up.sql: -------------------------------------------------------------------------------- 1 | ALTER TABLE ApplicationState ADD COLUMN reconciled_state VARCHAR ( 4096 ); 2 | -------------------------------------------------------------------------------- /utilities/db-migration/migrations/000019_v19.down.sql: -------------------------------------------------------------------------------- 1 | ALTER TABLE AppProjectRepository ADD COLUMN repositorycredentials_id VARCHAR ( 48 ); -------------------------------------------------------------------------------- /backend-shared/config/certmanager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - certificate.yaml 3 | 4 | configurations: 5 | - kustomizeconfig.yaml 6 | -------------------------------------------------------------------------------- /docs/environment-api/Relationships.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-appstudio/managed-gitops/HEAD/docs/environment-api/Relationships.png -------------------------------------------------------------------------------- /backend/config/webhook/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manifests.yaml 3 | - service.yaml 4 | 5 | configurations: 6 | - kustomizeconfig.yaml 7 | -------------------------------------------------------------------------------- /manifests/base/gitops-service-argocd/base/argo-cd-namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: gitops-service-argocd -------------------------------------------------------------------------------- /utilities/db-migration/migrations/000009_v9.up.sql: -------------------------------------------------------------------------------- 1 | ALTER TABLE ClusterCredentials ADD COLUMN allowinsecure_skiptlsverify BOOLEAN DEFAULT FALSE; 2 | -------------------------------------------------------------------------------- /backend/config/rbac/service_account.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | -------------------------------------------------------------------------------- /examples/m2-demo/k8s/README.md: -------------------------------------------------------------------------------- 1 | 2 | K8s versions of the YAML files: the only difference is that these do not use Route CR from OpenShift. 3 | 4 | 5 | -------------------------------------------------------------------------------- /utilities/load-test/README.md: -------------------------------------------------------------------------------- 1 | 2 | # Argo CD Load Test Utility 3 | 4 | Run `make test` to run the test. At the moment, this is just a barebones project. -------------------------------------------------------------------------------- /Procfile: -------------------------------------------------------------------------------- 1 | backend: cd backend && make run 2 | cluster-agent: cd cluster-agent && make run 3 | appstudio-controller: cd appstudio-controller && make run 4 | -------------------------------------------------------------------------------- /backend-shared/config/webhook/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manifests.yaml 3 | - service.yaml 4 | 5 | configurations: 6 | - kustomizeconfig.yaml 7 | -------------------------------------------------------------------------------- /appstudio-controller/config/webhook/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manifests.yaml 3 | - service.yaml 4 | 5 | configurations: 6 | - kustomizeconfig.yaml 7 | -------------------------------------------------------------------------------- /cluster-agent/config/rbac/service_account.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | -------------------------------------------------------------------------------- /docs/environment-api/Resource-Customization.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-appstudio/managed-gitops/HEAD/docs/environment-api/Resource-Customization.png -------------------------------------------------------------------------------- /appstudio-controller/config/rbac/service_account.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | -------------------------------------------------------------------------------- /backend/.dockerignore: -------------------------------------------------------------------------------- 1 | # More info: https://docs.docker.com/engine/reference/builder/#dockerignore-file 2 | # Ignore build and test binaries. 3 | bin/ 4 | testbin/ 5 | -------------------------------------------------------------------------------- /manifests/base/crd/overlays/stonesoup/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - ../../base 6 | -------------------------------------------------------------------------------- /manifests/base/gitops-namespace/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - gitops-namespace.yaml 5 | -------------------------------------------------------------------------------- /utilities/db-migration/migrations/000018_v18.up.sql: -------------------------------------------------------------------------------- 1 | ALTER TABLE ApplicationState DROP COLUMN sync_error; 2 | ALTER TABLE ApplicationState ADD COLUMN conditions bytea; -------------------------------------------------------------------------------- /cluster-agent/.dockerignore: -------------------------------------------------------------------------------- 1 | # More info: https://docs.docker.com/engine/reference/builder/#dockerignore-file 2 | # Ignore build and test binaries. 3 | bin/ 4 | testbin/ 5 | -------------------------------------------------------------------------------- /manifests/base/cluster-scoped/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - deployment-target-class.yaml 5 | -------------------------------------------------------------------------------- /utilities/db-migration/migrations/000012_v12.down.sql: -------------------------------------------------------------------------------- 1 | ALTER TABLE ClusterCredentials DROP COLUMN namespaces; 2 | ALTER TABLE ClusterCredentials DROP COLUMN cluster_resources; -------------------------------------------------------------------------------- /Procfile.chaos: -------------------------------------------------------------------------------- 1 | backend: cd backend && make chaos-run 2 | cluster-agent: cd cluster-agent && make chaos-run 3 | appstudio-controller: cd appstudio-controller && make chaos-run 4 | -------------------------------------------------------------------------------- /Procfile.runexecs: -------------------------------------------------------------------------------- 1 | backend: cd backend && make runexec 2 | cluster-agent: cd cluster-agent && make runexec 3 | appstudio-controller: cd appstudio-controller && make runexec 4 | -------------------------------------------------------------------------------- /manifests/base/crd/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - ../../../../backend-shared/config/crd 6 | -------------------------------------------------------------------------------- /utilities/db-migration/README.md: -------------------------------------------------------------------------------- 1 | ## Getting started 2 | 3 | ### Refer: [migration guide](https://github.com/redhat-appstudio/managed-gitops/blob/main/docs/db-migration.md). 4 | -------------------------------------------------------------------------------- /utilities/db-migration/migrations/000014_v14.down.sql: -------------------------------------------------------------------------------- 1 | BEGIN; 2 | DROP TABLE IF EXISTS AppProjectRepository; 3 | DROP TABLE IF EXISTS AppProjectManagedEnvironment; 4 | COMMIT; 5 | -------------------------------------------------------------------------------- /utilities/db-migration/migrations/000018_v18.down.sql: -------------------------------------------------------------------------------- 1 | ALTER TABLE ApplicationState ADD COLUMN sync_error VARCHAR ( 4096 ); 2 | ALTER TABLE ApplicationState DROP COLUMN conditions; -------------------------------------------------------------------------------- /utilities/gitopsctl/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import "github.com/redhat-appstudio/managed-gitops/utilities/gitopsctl/cmd" 4 | 5 | func main() { 6 | cmd.Execute() 7 | } 8 | -------------------------------------------------------------------------------- /appstudio-controller/.dockerignore: -------------------------------------------------------------------------------- 1 | # More info: https://docs.docker.com/engine/reference/builder/#dockerignore-file 2 | # Ignore build and test binaries. 3 | bin/ 4 | testbin/ 5 | -------------------------------------------------------------------------------- /docs/environment-api/Environment-To-Argo-CD-Application.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-appstudio/managed-gitops/HEAD/docs/environment-api/Environment-To-Argo-CD-Application.png -------------------------------------------------------------------------------- /Procfile.no-self-heal: -------------------------------------------------------------------------------- 1 | backend: cd backend && make run-no-self-heal 2 | cluster-agent: cd cluster-agent && make run-no-self-heal 3 | appstudio-controller: cd appstudio-controller && make run 4 | -------------------------------------------------------------------------------- /examples/m6-demo/resources/jane-namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: jane 5 | labels: 6 | argocd.argoproj.io/managed-by: gitops-service-argocd 7 | -------------------------------------------------------------------------------- /examples/m6-demo/resources/jgw-namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: jgw 5 | labels: 6 | argocd.argoproj.io/managed-by: gitops-service-argocd 7 | -------------------------------------------------------------------------------- /docs/designs/gitops-repo-uniqueness/GitOps-Uniqueness-Diagram1.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-appstudio/managed-gitops/HEAD/docs/designs/gitops-repo-uniqueness/GitOps-Uniqueness-Diagram1.jpg -------------------------------------------------------------------------------- /backend/config/scorecard/bases/config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: scorecard.operatorframework.io/v1alpha3 2 | kind: Configuration 3 | metadata: 4 | name: config 5 | stages: 6 | - parallel: true 7 | tests: [] 8 | -------------------------------------------------------------------------------- /delete-dev-env.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | docker rm -f managed-gitops-postgres 4 | docker rm -f managed-gitops-pgadmin 5 | 6 | #echo "* Deleting /tmp/datadir, may require sudo" 7 | #sudo rm -rf /tmp/datadir 8 | -------------------------------------------------------------------------------- /manifests/base/postgresql-staging/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | #- postgresql-staging-secret.yaml 5 | - postgresql-staging.yaml 6 | -------------------------------------------------------------------------------- /utilities/db-migration/migrations/000012_v12.up.sql: -------------------------------------------------------------------------------- 1 | ALTER TABLE ClusterCredentials ADD COLUMN namespaces VARCHAR (4096); 2 | ALTER TABLE ClusterCredentials ADD COLUMN cluster_resources BOOLEAN DEFAULT FALSE; -------------------------------------------------------------------------------- /appstudio-controller/config/scorecard/bases/config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: scorecard.operatorframework.io/v1alpha3 2 | kind: Configuration 3 | metadata: 4 | name: config 5 | stages: 6 | - parallel: true 7 | tests: [] 8 | -------------------------------------------------------------------------------- /utilities/db-migration/migrations/000011_v11.down.sql: -------------------------------------------------------------------------------- 1 | ALTER TABLE ClusterCredentials DROP COLUMN created_on; 2 | ALTER TABLE ClusterUser DROP COLUMN created_on; 3 | ALTER TABLE ClusterAccess DROP COLUMN created_on; 4 | -------------------------------------------------------------------------------- /utilities/gitopsctl/gitopsctl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | SCRIPTPATH="$( 4 | cd -- "$(dirname "$0")" >/dev/null 2>&1 || exit 5 | pwd -P 6 | )" 7 | 8 | cd $SCRIPTPATH 9 | 10 | go run $SCRIPTPATH/main.go $* 11 | -------------------------------------------------------------------------------- /docs/designs/introduction-to-gitops-service-code-and-architecture/image1.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-appstudio/managed-gitops/HEAD/docs/designs/introduction-to-gitops-service-code-and-architecture/image1.jpg -------------------------------------------------------------------------------- /docs/designs/introduction-to-gitops-service-code-and-architecture/image2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-appstudio/managed-gitops/HEAD/docs/designs/introduction-to-gitops-service-code-and-architecture/image2.png -------------------------------------------------------------------------------- /docs/designs/introduction-to-gitops-service-code-and-architecture/image3.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-appstudio/managed-gitops/HEAD/docs/designs/introduction-to-gitops-service-code-and-architecture/image3.jpg -------------------------------------------------------------------------------- /docs/designs/presentations/gitops-service-GitOpsDeployment-creatio-steps.odp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-appstudio/managed-gitops/HEAD/docs/designs/presentations/gitops-service-GitOpsDeployment-creatio-steps.odp -------------------------------------------------------------------------------- /manifests/overlays/appstudio-staging-cluster/prometheus/backend/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | #- service-monitor.yaml 6 | - service.yaml 7 | -------------------------------------------------------------------------------- /manifests/overlays/appstudio-staging-cluster/prometheus/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - backend 6 | - cluster-agent 7 | - appstudio-controller -------------------------------------------------------------------------------- /manifests/overlays/appstudio-staging-cluster/prometheus/cluster-agent/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | #- service-monitor.yaml 6 | - service.yaml 7 | -------------------------------------------------------------------------------- /docs/designs/gitops-service-internal-architecture-appstudio/end-to-end-flow-1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-appstudio/managed-gitops/HEAD/docs/designs/gitops-service-internal-architecture-appstudio/end-to-end-flow-1.png -------------------------------------------------------------------------------- /docs/designs/gitops-service-internal-architecture-appstudio/event-processing-5.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-appstudio/managed-gitops/HEAD/docs/designs/gitops-service-internal-architecture-appstudio/event-processing-5.jpg -------------------------------------------------------------------------------- /docs/designs/gitops-service-internal-architecture-appstudio/resource-tracking-2.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-appstudio/managed-gitops/HEAD/docs/designs/gitops-service-internal-architecture-appstudio/resource-tracking-2.jpg -------------------------------------------------------------------------------- /docs/designs/gitops-service-internal-architecture-appstudio/high-level-overview-6.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-appstudio/managed-gitops/HEAD/docs/designs/gitops-service-internal-architecture-appstudio/high-level-overview-6.jpg -------------------------------------------------------------------------------- /manifests/base/gitops-service-argocd/overlays/test-e2e/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../../base 5 | 6 | patchesStrategicMerge: 7 | - argo-cd-patch.yaml 8 | -------------------------------------------------------------------------------- /manifests/overlays/appstudio-staging-cluster/prometheus/appstudio-controller/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | #- service-monitor.yaml 6 | - service.yaml 7 | -------------------------------------------------------------------------------- /utilities/db-migration/migrations/000004_v4.down.sql: -------------------------------------------------------------------------------- 1 | 2 | ALTER TABLE Application ALTER COLUMN managed_environment_id SET NOT NULL; 3 | 4 | ALTER TABLE ClusterCredentials ALTER COLUMN serviceaccount_bearer_token type VARCHAR (128); 5 | -------------------------------------------------------------------------------- /utilities/db-migration/migrations/000004_v4.up.sql: -------------------------------------------------------------------------------- 1 | 2 | ALTER TABLE Application ALTER COLUMN managed_environment_id DROP NOT NULL; 3 | 4 | ALTER TABLE ClusterCredentials ALTER COLUMN serviceaccount_bearer_token type VARCHAR (2048); 5 | -------------------------------------------------------------------------------- /docs/designs/gitops-service-internal-architecture-appstudio/event-loop-hierarchy-3.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-appstudio/managed-gitops/HEAD/docs/designs/gitops-service-internal-architecture-appstudio/event-loop-hierarchy-3.jpg -------------------------------------------------------------------------------- /docs/designs/historical/initial-rest-api-gitops-service-late-2021/resource-updates.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-appstudio/managed-gitops/HEAD/docs/designs/historical/initial-rest-api-gitops-service-late-2021/resource-updates.png -------------------------------------------------------------------------------- /backend/config/samples/managed-gitops_v1alpha1_gitopsdeployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: managed-gitops.redhat.com/v1alpha1 2 | kind: GitOpsDeployment 3 | metadata: 4 | name: gitopsdeployment-sample 5 | spec: 6 | # Add fields here 7 | foo: bar 8 | -------------------------------------------------------------------------------- /docs/designs/historical/initial-rest-api-gitops-service-late-2021/high-level-overview.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-appstudio/managed-gitops/HEAD/docs/designs/historical/initial-rest-api-gitops-service-late-2021/high-level-overview.png -------------------------------------------------------------------------------- /backend/config/rbac/auth_proxy_client_clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: metrics-reader 5 | rules: 6 | - nonResourceURLs: 7 | - "/metrics" 8 | verbs: 9 | - get 10 | -------------------------------------------------------------------------------- /docs/designs/gitops-service-internal-architecture-appstudio/flow-of-authoritative-data-4.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-appstudio/managed-gitops/HEAD/docs/designs/gitops-service-internal-architecture-appstudio/flow-of-authoritative-data-4.jpg -------------------------------------------------------------------------------- /manifests/base/gitops-service-argocd/overlays/appstudio-staging-and-prod/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../../base 5 | 6 | patchesStrategicMerge: 7 | - argo-cd-patch.yaml 8 | -------------------------------------------------------------------------------- /backend/config/manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manager.yaml 3 | 4 | generatorOptions: 5 | disableNameSuffixHash: true 6 | 7 | configMapGenerator: 8 | - name: manager-config 9 | files: 10 | - controller_manager_config.yaml 11 | -------------------------------------------------------------------------------- /cluster-agent/config/rbac/auth_proxy_client_clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: metrics-reader 5 | rules: 6 | - nonResourceURLs: 7 | - "/metrics" 8 | verbs: 9 | - get 10 | -------------------------------------------------------------------------------- /docs/designs/argo-cd-support-for-multiple-service-accounts-on-a-single-cluster/SA-Diagram-1.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-appstudio/managed-gitops/HEAD/docs/designs/argo-cd-support-for-multiple-service-accounts-on-a-single-cluster/SA-Diagram-1.jpg -------------------------------------------------------------------------------- /docs/designs/argo-cd-support-for-multiple-service-accounts-on-a-single-cluster/SA-Diagram-2.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-appstudio/managed-gitops/HEAD/docs/designs/argo-cd-support-for-multiple-service-accounts-on-a-single-cluster/SA-Diagram-2.jpg -------------------------------------------------------------------------------- /appstudio-controller/config/rbac/auth_proxy_client_clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: metrics-reader 5 | rules: 6 | - nonResourceURLs: 7 | - "/metrics" 8 | verbs: 9 | - get 10 | -------------------------------------------------------------------------------- /cluster-agent/config/manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manager.yaml 3 | 4 | generatorOptions: 5 | disableNameSuffixHash: true 6 | 7 | configMapGenerator: 8 | - name: manager-config 9 | files: 10 | - controller_manager_config.yaml 11 | -------------------------------------------------------------------------------- /appstudio-controller/config/manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manager.yaml 3 | 4 | generatorOptions: 5 | disableNameSuffixHash: true 6 | 7 | configMapGenerator: 8 | - name: manager-config 9 | files: 10 | - controller_manager_config.yaml 11 | -------------------------------------------------------------------------------- /backend/config/samples/managed-gitops_v1alpha1_gitopsdeploymentsyncrun.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: managed-gitops.redhat.com/v1alpha1 2 | kind: GitOpsDeploymentSyncRun 3 | metadata: 4 | name: gitopsdeploymentsyncrun-sample 5 | spec: 6 | # Add fields here 7 | foo: bar 8 | -------------------------------------------------------------------------------- /OWNERS: -------------------------------------------------------------------------------- 1 | # See the OWNERS docs: https://git.k8s.io/community/contributors/guide/owners.md 2 | 3 | approvers: 4 | - jgwest 5 | - wtam2018 6 | - jannfis 7 | 8 | reviewers: 9 | - jgwest 10 | - jparsai 11 | - jopit 12 | - chetan-rns 13 | - rizwana777 14 | - keithchong -------------------------------------------------------------------------------- /backend-shared/db/db_suite_test.go: -------------------------------------------------------------------------------- 1 | package db_test 2 | 3 | import ( 4 | "testing" 5 | 6 | . "github.com/onsi/ginkgo/v2" 7 | . "github.com/onsi/gomega" 8 | ) 9 | 10 | func TestDb(t *testing.T) { 11 | RegisterFailHandler(Fail) 12 | RunSpecs(t, "Db Suite") 13 | } 14 | -------------------------------------------------------------------------------- /docs/designs/advanced-use-cases-not-covered-by-application-in-any-namespace-gitops-service-model/image1.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-appstudio/managed-gitops/HEAD/docs/designs/advanced-use-cases-not-covered-by-application-in-any-namespace-gitops-service-model/image1.jpg -------------------------------------------------------------------------------- /docs/designs/advanced-use-cases-not-covered-by-application-in-any-namespace-gitops-service-model/image2.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-appstudio/managed-gitops/HEAD/docs/designs/advanced-use-cases-not-covered-by-application-in-any-namespace-gitops-service-model/image2.jpg -------------------------------------------------------------------------------- /docs/designs/advanced-use-cases-not-covered-by-application-in-any-namespace-gitops-service-model/image3.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-appstudio/managed-gitops/HEAD/docs/designs/advanced-use-cases-not-covered-by-application-in-any-namespace-gitops-service-model/image3.jpg -------------------------------------------------------------------------------- /utilities/db-migration/migrations/000010_v10.down.sql: -------------------------------------------------------------------------------- 1 | ALTER TABLE Application DROP COLUMN created_on; 2 | ALTER TABLE ManagedEnvironment DROP COLUMN created_on; 3 | ALTER TABLE SyncOperation DROP COLUMN created_on; 4 | ALTER TABLE RepositoryCredentials DROP COLUMN created_on; 5 | -------------------------------------------------------------------------------- /backend-shared/hack/hack_suite_test.go: -------------------------------------------------------------------------------- 1 | package hack 2 | 3 | import ( 4 | "testing" 5 | 6 | . "github.com/onsi/ginkgo/v2" 7 | . "github.com/onsi/gomega" 8 | ) 9 | 10 | func TestHack(t *testing.T) { 11 | RegisterFailHandler(Fail) 12 | RunSpecs(t, "Hack Suite") 13 | } 14 | -------------------------------------------------------------------------------- /backend-shared/util/log/log_suite_test.go: -------------------------------------------------------------------------------- 1 | package util 2 | 3 | import ( 4 | "testing" 5 | 6 | . "github.com/onsi/ginkgo/v2" 7 | . "github.com/onsi/gomega" 8 | ) 9 | 10 | func TestLog(t *testing.T) { 11 | RegisterFailHandler(Fail) 12 | RunSpecs(t, "Log Suite") 13 | } 14 | -------------------------------------------------------------------------------- /backend/util/util_suite_test.go: -------------------------------------------------------------------------------- 1 | package util_test 2 | 3 | import ( 4 | "testing" 5 | 6 | . "github.com/onsi/ginkgo/v2" 7 | . "github.com/onsi/gomega" 8 | ) 9 | 10 | func TestMetrics(t *testing.T) { 11 | RegisterFailHandler(Fail) 12 | RunSpecs(t, "Util Suite") 13 | } 14 | -------------------------------------------------------------------------------- /docs/designs/proposal-gitops-service-pull-model-using-cluster-agent-component/pull-model-using-cluster-agent.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-appstudio/managed-gitops/HEAD/docs/designs/proposal-gitops-service-pull-model-using-cluster-agent-component/pull-model-using-cluster-agent.jpg -------------------------------------------------------------------------------- /manifests/base/cluster-scoped/deployment-target-class.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: appstudio.redhat.com/v1alpha1 2 | kind: DeploymentTargetClass 3 | metadata: 4 | name: isolation-level-namespace 5 | spec: 6 | parameters: {} 7 | provisioner: appstudio.redhat.com/devsandbox 8 | reclaimPolicy: Delete -------------------------------------------------------------------------------- /backend/metrics/metrics_suite_test.go: -------------------------------------------------------------------------------- 1 | package metrics_test 2 | 3 | import ( 4 | "testing" 5 | 6 | . "github.com/onsi/ginkgo/v2" 7 | . "github.com/onsi/gomega" 8 | ) 9 | 10 | func TestMetrics(t *testing.T) { 11 | RegisterFailHandler(Fail) 12 | RunSpecs(t, "Metrics Suite") 13 | } 14 | -------------------------------------------------------------------------------- /resources/test-data/sample-gitops-repository/environments/base/cm-env-config-map.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: environment-config-map 5 | data: 6 | first-env-var: "number one" 7 | environment-env-var: base 8 | third-env-var: "number three" 9 | 10 | -------------------------------------------------------------------------------- /appstudio-controller/examples/promotionrun.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: appstudio.redhat.com/v1alpha1 2 | kind: PromotionRun 3 | metadata: 4 | name: new-demo-app-manual-promotion 5 | spec: 6 | snapshot: my-snapshot 7 | application: new-demo-app 8 | manualPromotion: 9 | targetEnvironment: prod 10 | -------------------------------------------------------------------------------- /backend/condition/conditions_suite_test.go: -------------------------------------------------------------------------------- 1 | package condition 2 | 3 | import ( 4 | "testing" 5 | 6 | . "github.com/onsi/ginkgo/v2" 7 | . "github.com/onsi/gomega" 8 | ) 9 | 10 | func TestCondition(t *testing.T) { 11 | RegisterFailHandler(Fail) 12 | RunSpecs(t, "Condition Suite") 13 | } 14 | -------------------------------------------------------------------------------- /backend/config/samples/managed-gitops.redhat.com_v1alpha1_gitopsdeploymentmanagedenvironment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: managed-gitops.redhat.com/v1alpha1 2 | kind: GitOpsDeploymentManagedEnvironment 3 | metadata: 4 | name: gitopsdeploymentmanagedenvironment-sample 5 | spec: 6 | # TODO(user): Add fields here 7 | -------------------------------------------------------------------------------- /backend/config/samples/managed-gitops_v1alpha1_gitopsdeploymentrepositorycredential.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: managed-gitops.redhat.com/v1alpha1 2 | kind: GitOpsDeploymentRepositoryCredential 3 | metadata: 4 | name: gitopsdeploymentrepositorycredential-sample 5 | spec: 6 | # Add fields here 7 | foo: bar 8 | -------------------------------------------------------------------------------- /backend-shared/util/argocd/util_suite_test.go: -------------------------------------------------------------------------------- 1 | package argocd 2 | 3 | import ( 4 | "testing" 5 | 6 | . "github.com/onsi/ginkgo/v2" 7 | . "github.com/onsi/gomega" 8 | ) 9 | 10 | func TestApplicationController(t *testing.T) { 11 | RegisterFailHandler(Fail) 12 | RunSpecs(t, "Util Suite") 13 | } 14 | -------------------------------------------------------------------------------- /resources/test-data/sample-gitops-repository/environments/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | 2 | resources: 3 | - cm-env-config-map.yaml 4 | # - (resources will be applied in all environments, though environments may modify these via patches) 5 | 6 | apiVersion: kustomize.config.k8s.io/v1beta1 7 | kind: Kustomization 8 | -------------------------------------------------------------------------------- /.sonarcloud.properties: -------------------------------------------------------------------------------- 1 | # Path to sources 2 | sonar.sources=. 3 | sonar.exclusions=**/*test*, **/vendor/**, **/zz_generated.*, **/*.yaml, **/test/** 4 | 5 | # Source encoding 6 | sonar.sourceEncoding=UTF-8 7 | 8 | # Exclusions for copy-paste detection 9 | sonar.cpd.exclusions=**/*test*, **/test/** 10 | -------------------------------------------------------------------------------- /cluster-agent/metrics/metrics_suite_test.go: -------------------------------------------------------------------------------- 1 | package metrics 2 | 3 | import ( 4 | "testing" 5 | 6 | . "github.com/onsi/ginkgo/v2" 7 | . "github.com/onsi/gomega" 8 | ) 9 | 10 | func TestDBMetrics(t *testing.T) { 11 | RegisterFailHandler(Fail) 12 | RunSpecs(t, "cluster-agent metrics Suite") 13 | } 14 | -------------------------------------------------------------------------------- /backend/PROJECT: -------------------------------------------------------------------------------- 1 | domain: redhat.com 2 | layout: 3 | - go.kubebuilder.io/v3 4 | multigroup: true 5 | plugins: 6 | manifests.sdk.operatorframework.io/v2: {} 7 | scorecard.sdk.operatorframework.io/v2: {} 8 | projectName: managed-gitops 9 | repo: github.com/redhat-appstudio/managed-gitops/backend 10 | version: "3" 11 | -------------------------------------------------------------------------------- /backend/config/scorecard/patches/basic.config.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /stages/0/tests/- 3 | value: 4 | entrypoint: 5 | - scorecard-test 6 | - basic-check-spec 7 | image: quay.io/operator-framework/scorecard-test:v1.11.0 8 | labels: 9 | suite: basic 10 | test: basic-check-spec-test 11 | -------------------------------------------------------------------------------- /backend-shared/util/operations/eventlooptypes_suite_test.go: -------------------------------------------------------------------------------- 1 | package operations 2 | 3 | import ( 4 | "testing" 5 | 6 | . "github.com/onsi/ginkgo/v2" 7 | . "github.com/onsi/gomega" 8 | ) 9 | 10 | func TestEventlooptypes(t *testing.T) { 11 | RegisterFailHandler(Fail) 12 | RunSpecs(t, "Eventlooptypes Suite") 13 | } 14 | -------------------------------------------------------------------------------- /cluster-agent/controllers/managed-gitops/eventloop/eventloop_suite_test.go: -------------------------------------------------------------------------------- 1 | package eventloop 2 | 3 | import ( 4 | "testing" 5 | 6 | . "github.com/onsi/ginkgo/v2" 7 | . "github.com/onsi/gomega" 8 | ) 9 | 10 | func TestEventloop(t *testing.T) { 11 | RegisterFailHandler(Fail) 12 | RunSpecs(t, "Eventloop Suite") 13 | } 14 | -------------------------------------------------------------------------------- /cluster-agent/metrics/argocd/argocd_metrics_suite_test.go: -------------------------------------------------------------------------------- 1 | package argocd 2 | 3 | import ( 4 | "testing" 5 | 6 | . "github.com/onsi/ginkgo/v2" 7 | . "github.com/onsi/gomega" 8 | ) 9 | 10 | func TestArgoCDMetrics(t *testing.T) { 11 | RegisterFailHandler(Fail) 12 | RunSpecs(t, "cluster-agent argocd metrics Suite") 13 | } 14 | -------------------------------------------------------------------------------- /docs/designs/exploring-generic-gitops-service-architecture/Option1-GitOps-Service-multiple-instance-multiple-controller-replicas-model.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-appstudio/managed-gitops/HEAD/docs/designs/exploring-generic-gitops-service-architecture/Option1-GitOps-Service-multiple-instance-multiple-controller-replicas-model.jpg -------------------------------------------------------------------------------- /docs/designs/exploring-generic-gitops-service-architecture/Option2-GitOps-Service-single-instance-multiple-controller-replicas-model.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/redhat-appstudio/managed-gitops/HEAD/docs/designs/exploring-generic-gitops-service-architecture/Option2-GitOps-Service-single-instance-multiple-controller-replicas-model.jpg -------------------------------------------------------------------------------- /appstudio-controller/config/scorecard/patches/basic.config.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /stages/0/tests/- 3 | value: 4 | entrypoint: 5 | - scorecard-test 6 | - basic-check-spec 7 | image: quay.io/operator-framework/scorecard-test:v1.17.0 8 | labels: 9 | suite: basic 10 | test: basic-check-spec-test 11 | -------------------------------------------------------------------------------- /manifests/base/postgresql-staging/postgresql-staging-secret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: postgresql/templates/secrets.yaml 3 | apiVersion: v1 4 | kind: Secret 5 | metadata: 6 | name: gitops-postgresql-staging 7 | namespace: gitops 8 | type: Opaque 9 | data: 10 | # postgresql-password: "replace this with your own password" 11 | 12 | 13 | -------------------------------------------------------------------------------- /utilities/db-migration/migrations/000011_v11.up.sql: -------------------------------------------------------------------------------- 1 | ALTER TABLE ClusterCredentials ADD COLUMN created_on TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP; 2 | ALTER TABLE ClusterUser ADD COLUMN created_on TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP; 3 | ALTER TABLE ClusterAccess ADD COLUMN created_on TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP; 4 | -------------------------------------------------------------------------------- /utilities/db-migration/migrations/000020_v20.up.sql: -------------------------------------------------------------------------------- 1 | ALTER TABLE ApplicationState DROP COLUMN health, DROP COLUMN sync_status, DROP COLUMN message, DROP COLUMN revision,DROP COLUMN resources,DROP COLUMN operation_state,DROP COLUMN reconciled_state, DROP COLUMN conditions; 2 | 3 | ALTER TABLE ApplicationState ADD COLUMN argocd_application_status bytea; -------------------------------------------------------------------------------- /utilities/gitopsctl/hack/init.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | 4 | # These were the commands that were used to initially init this module, and scaffold the CLI commands 5 | 6 | go mod init github.com/redhat-appstudio/managed-gitops/utilities/gitopsctl 7 | cobra-cli init 8 | cobra-cli add download 9 | cobra-cli add job -p 'downloadCmd' 10 | 11 | -------------------------------------------------------------------------------- /manifests/base/monitoring/grafana-dashboards-new/kustomization.yaml: -------------------------------------------------------------------------------- 1 | kind: Kustomization 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | 4 | namespace: grafana-operator-system 5 | 6 | configMapGenerator: 7 | - name: grafana-dashboard-gitops-service 8 | files: 9 | - gitops-dashboard.json 10 | - gitops-argocd-dashboard.json 11 | -------------------------------------------------------------------------------- /backend/config/manager/controller_manager_config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 2 | kind: ControllerManagerConfig 3 | health: 4 | healthProbeBindAddress: :8081 5 | metrics: 6 | bindAddress: 127.0.0.1:8080 7 | webhook: 8 | port: 9443 9 | leaderElection: 10 | leaderElect: true 11 | resourceName: 5a3f596c.redhat.com 12 | -------------------------------------------------------------------------------- /utilities/db-migration/migration_test/add_test_values/suite_test.go: -------------------------------------------------------------------------------- 1 | package addtestvalues 2 | 3 | import ( 4 | "testing" 5 | 6 | . "github.com/onsi/ginkgo/v2" 7 | . "github.com/onsi/gomega" 8 | ) 9 | 10 | func TestInitializeValues(t *testing.T) { 11 | RegisterFailHandler(Fail) 12 | RunSpecs(t, "Test for initializing db values Suite") 13 | } 14 | -------------------------------------------------------------------------------- /utilities/db-migration/migration_test/verify_test_values/suite_test.go: -------------------------------------------------------------------------------- 1 | package verifytestvalues 2 | 3 | import ( 4 | "testing" 5 | 6 | . "github.com/onsi/ginkgo/v2" 7 | . "github.com/onsi/gomega" 8 | ) 9 | 10 | func TestVerifyDBValues(t *testing.T) { 11 | RegisterFailHandler(Fail) 12 | RunSpecs(t, "Test for verifying db values Suite") 13 | } 14 | -------------------------------------------------------------------------------- /backend/config/rbac/role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: manager-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: manager-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: controller-manager 12 | namespace: system 13 | -------------------------------------------------------------------------------- /cluster-agent/config/manager/controller_manager_config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 2 | kind: ControllerManagerConfig 3 | health: 4 | healthProbeBindAddress: :8081 5 | metrics: 6 | bindAddress: 127.0.0.1:8080 7 | webhook: 8 | port: 9443 9 | leaderElection: 10 | leaderElect: true 11 | resourceName: 5a3f596c.redhat.com 12 | -------------------------------------------------------------------------------- /cluster-agent/controllers/argoproj.io/application_controller_suite_test.go: -------------------------------------------------------------------------------- 1 | package argoprojio_test 2 | 3 | import ( 4 | "testing" 5 | 6 | . "github.com/onsi/ginkgo/v2" 7 | . "github.com/onsi/gomega" 8 | ) 9 | 10 | func TestApplicationController(t *testing.T) { 11 | RegisterFailHandler(Fail) 12 | RunSpecs(t, "Application Controller Suite") 13 | } 14 | -------------------------------------------------------------------------------- /utilities/init-container/README.md: -------------------------------------------------------------------------------- 1 | # init-container 2 | 3 | This folder contains an optional Go module that can be run as an init-container for one of the controllers of the GitOps Service. 4 | 5 | This can be used to perform maintenance tasks (such as database updates) before the controller is started, by using the initContainer functionality of Kubernetes Deployments. -------------------------------------------------------------------------------- /utilities/load-test/gitops-service/suite_test.go: -------------------------------------------------------------------------------- 1 | package gitopsservice 2 | 3 | import ( 4 | "testing" 5 | 6 | . "github.com/onsi/ginkgo/v2" 7 | . "github.com/onsi/gomega" 8 | ) 9 | 10 | func TestInitializeValues(t *testing.T) { 11 | RegisterFailHandler(Fail) 12 | RunSpecs(t, "Test for investigating memory and CPU usage of GitOps Service") 13 | } 14 | -------------------------------------------------------------------------------- /appstudio-controller/config/manager/controller_manager_config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 2 | kind: ControllerManagerConfig 3 | health: 4 | healthProbeBindAddress: :8081 5 | metrics: 6 | bindAddress: 127.0.0.1:8080 7 | webhook: 8 | port: 9443 9 | leaderElection: 10 | leaderElect: true 11 | resourceName: 53746cb8.redhat.com 12 | -------------------------------------------------------------------------------- /backend/config/rbac/auth_proxy_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: proxy-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: proxy-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: controller-manager 12 | namespace: system 13 | -------------------------------------------------------------------------------- /cluster-agent/config/rbac/role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: manager-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: manager-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: controller-manager 12 | namespace: system 13 | -------------------------------------------------------------------------------- /appstudio-controller/config/rbac/role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: manager-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: manager-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: controller-manager 12 | namespace: system 13 | -------------------------------------------------------------------------------- /cluster-agent/config/rbac/auth_proxy_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: proxy-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: proxy-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: controller-manager 12 | namespace: system 13 | -------------------------------------------------------------------------------- /backend/config/rbac/leader_election_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: leader-election-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: Role 8 | name: leader-election-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: controller-manager 12 | namespace: system 13 | -------------------------------------------------------------------------------- /manifests/base/gitops-service-argocd/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - argo-cd-namespace.yaml 5 | - argo-cd.yaml 6 | - argo-cd-application-controller-clusterrole.yaml 7 | - argo-cd-application-controller-clusterrolebinding.yaml 8 | - argo-cd-server-clusterrole.yaml 9 | - argo-cd-server-clusterrolebinding.yaml -------------------------------------------------------------------------------- /manifests/base/monitoring/grafana-dashboards/stonesoup/kustomization.yaml: -------------------------------------------------------------------------------- 1 | kind: Kustomization 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | 4 | namespace: grafana-operator-system 5 | 6 | generatorOptions: 7 | disableNameSuffixHash: true 8 | 9 | configMapGenerator: 10 | - name: grafana-dashboard-gitops-service 11 | files: 12 | - gitops-dashboard.json 13 | -------------------------------------------------------------------------------- /resources/test-data/component-based-gitops-repository-no-route/components/componentA/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | 2 | resources: 3 | - deployment-sample-workload.yaml 4 | - service-sample-workload.yaml 5 | # - (resources will be applied in all environments, though overlays may modify these via patches) 6 | 7 | apiVersion: kustomize.config.k8s.io/v1beta1 8 | kind: Kustomization 9 | -------------------------------------------------------------------------------- /resources/test-data/component-based-gitops-repository-no-route/components/componentB/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | 2 | resources: 3 | - deployment-sample-workload.yaml 4 | - service-sample-workload.yaml 5 | # - (resources will be applied in all environments, though overlays may modify these via patches) 6 | 7 | apiVersion: kustomize.config.k8s.io/v1beta1 8 | kind: Kustomization 9 | -------------------------------------------------------------------------------- /appstudio-controller/config/rbac/auth_proxy_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: proxy-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: proxy-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: controller-manager 12 | namespace: system 13 | -------------------------------------------------------------------------------- /manifests/base/monitoring/grafana-dashboards/managed-gitops/kustomization.yaml: -------------------------------------------------------------------------------- 1 | kind: Kustomization 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | 4 | namespace: grafana-operator-system 5 | 6 | generatorOptions: 7 | disableNameSuffixHash: true 8 | 9 | configMapGenerator: 10 | - name: grafana-dashboard-gitops-service 11 | files: 12 | - gitops-dashboard.json 13 | -------------------------------------------------------------------------------- /utilities/db-migration/migrations/000002_v2.up.sql: -------------------------------------------------------------------------------- 1 | 2 | ALTER TABLE SyncOperation DROP COLUMN operation_id; 3 | 4 | ALTER TABLE ApplicationState ADD COLUMN resources bytea; 5 | 6 | ALTER TABLE APICRToDatabaseMapping RENAME COLUMN api_resource_workspace_uid TO api_resource_namespace_uid; 7 | 8 | ALTER TABLE DeploymentToApplicationMapping RENAME COLUMN workspace_uid TO namespace_uid; 9 | -------------------------------------------------------------------------------- /backend/eventloop/application_event_loop/application_eventloop_suite_test.go: -------------------------------------------------------------------------------- 1 | package application_event_loop_test 2 | 3 | import ( 4 | "testing" 5 | 6 | . "github.com/onsi/ginkgo/v2" 7 | . "github.com/onsi/gomega" 8 | ) 9 | 10 | func TestEventloop_application_event_runner(t *testing.T) { 11 | RegisterFailHandler(Fail) 12 | RunSpecs(t, "Application Event Loop Suite") 13 | } 14 | -------------------------------------------------------------------------------- /cluster-agent/config/rbac/leader_election_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: leader-election-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: Role 8 | name: leader-election-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: controller-manager 12 | namespace: system 13 | -------------------------------------------------------------------------------- /cluster-agent/controllers/argoproj.io/application_info_cache/application_info_cache_suite_test.go: -------------------------------------------------------------------------------- 1 | package application_info_cache 2 | 3 | import ( 4 | "testing" 5 | 6 | . "github.com/onsi/ginkgo/v2" 7 | . "github.com/onsi/gomega" 8 | ) 9 | 10 | func TestApplicationInfoCache(t *testing.T) { 11 | RegisterFailHandler(Fail) 12 | RunSpecs(t, "Application Info Cache Suite") 13 | } 14 | -------------------------------------------------------------------------------- /manifests/base/crd/overlays/local-dev/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - https://github.com/redhat-appstudio/application-api/config/crd?ref=18f545e48a03cbc6df71fb0468dac9aa66209c4c 6 | - https://github.com/codeready-toolchain/host-operator/config/crd?ref=6c9e07da3665f542448ff46fc91d7fa1bfd83853 7 | - ../../base 8 | -------------------------------------------------------------------------------- /appstudio-controller/config/rbac/leader_election_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: leader-election-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: Role 8 | name: leader-election-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: controller-manager 12 | namespace: system 13 | -------------------------------------------------------------------------------- /backend-shared/config/crd/patches/cainjection_in_gitopsdeployments.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | annotations: 6 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 7 | name: gitopsdeployments.managed-gitops.redhat.com 8 | -------------------------------------------------------------------------------- /backend/config/rbac/auth_proxy_role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: proxy-role 5 | rules: 6 | - apiGroups: 7 | - authentication.k8s.io 8 | resources: 9 | - tokenreviews 10 | verbs: 11 | - create 12 | - apiGroups: 13 | - authorization.k8s.io 14 | resources: 15 | - subjectaccessreviews 16 | verbs: 17 | - create 18 | -------------------------------------------------------------------------------- /manifests/overlays/k8s-env/backend-deployment-patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: gitops-core-service-controller-manager 5 | namespace: gitops 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - env: 11 | - name: DEV_ONLY_ALLOW_NON_TLS_CONNECTION_TO_POSTGRESQL 12 | value: "true" 13 | name: manager 14 | -------------------------------------------------------------------------------- /cluster-agent/config/rbac/auth_proxy_role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: proxy-role 5 | rules: 6 | - apiGroups: 7 | - authentication.k8s.io 8 | resources: 9 | - tokenreviews 10 | verbs: 11 | - create 12 | - apiGroups: 13 | - authorization.k8s.io 14 | resources: 15 | - subjectaccessreviews 16 | verbs: 17 | - create 18 | -------------------------------------------------------------------------------- /manifests/overlays/k8s-env/cluster-agent-deployment-patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: gitops-service-agent-controller-manager 5 | namespace: gitops 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - env: 11 | - name: DEV_ONLY_ALLOW_NON_TLS_CONNECTION_TO_POSTGRESQL 12 | value: "true" 13 | name: manager 14 | -------------------------------------------------------------------------------- /resources/test-data/sample-gitops-repository/components/componentA/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | 2 | resources: 3 | - deployment-sample-workload.yaml 4 | - service-sample-workload.yaml 5 | # - route-sample-workload.yaml 6 | # - (resources will be applied in all environments, though overlays may modify these via patches) 7 | 8 | apiVersion: kustomize.config.k8s.io/v1beta1 9 | kind: Kustomization 10 | -------------------------------------------------------------------------------- /resources/test-data/sample-gitops-repository/components/componentB/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | 2 | resources: 3 | - deployment-sample-workload.yaml 4 | - service-sample-workload.yaml 5 | # - route-sample-workload.yaml 6 | # - (resources will be applied in all environments, though overlays may modify these via patches) 7 | 8 | apiVersion: kustomize.config.k8s.io/v1beta1 9 | kind: Kustomization 10 | -------------------------------------------------------------------------------- /utilities/db-migration/migrations/000002_v2.down.sql: -------------------------------------------------------------------------------- 1 | ALTER TABLE SyncOperation ADD COLUMN operation_id VARCHAR(48) NOT NULL DEFAULT 0; 2 | 3 | ALTER TABLE ApplicationState DROP COLUMN resources; 4 | 5 | ALTER TABLE APICRToDatabaseMapping RENAME COLUMN api_resource_namespace_uid TO api_resource_workspace_uid; 6 | 7 | ALTER TABLE DeploymentToApplicationMapping RENAME COLUMN namespace_uid TO workspace_uid; 8 | -------------------------------------------------------------------------------- /.github/pull_request_template.md: -------------------------------------------------------------------------------- 1 | 2 | #### Description: 3 | - (Provide a brief list of the changes you have made, and why you made those changes, if it is not obvious why) 4 | - (You don't need to mention any changes/reasons which are already documented in the JIRA story) 5 | 6 | #### Link to JIRA Story (if applicable): 7 | 8 | 9 | -------------------------------------------------------------------------------- /backend/util/server.go: -------------------------------------------------------------------------------- 1 | package util 2 | 3 | import ( 4 | "errors" 5 | "net/http" 6 | "time" 7 | ) 8 | 9 | func WaitForServerUp(serverURL string) error { 10 | for start := time.Now(); time.Since(start) < time.Minute; time.Sleep(1 * time.Second) { 11 | _, err := http.Get(serverURL + "/") 12 | if err == nil { 13 | return nil 14 | } 15 | } 16 | return errors.New("server timed out") 17 | } 18 | -------------------------------------------------------------------------------- /manifests/scripts/metrics-dashboard/dashboards/argo-cd/grafana-argo-dashboard.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: integreatly.org/v1alpha1 2 | kind: GrafanaDashboard 3 | metadata: 4 | name: grafana-dashboard-from-config-map 5 | namespace: grafana 6 | labels: 7 | app: grafana 8 | spec: 9 | json: 10 | "" 11 | configMapRef: 12 | name: grafana-dashboard-argocd 13 | key: argo-cd-dashboard.json 14 | 15 | -------------------------------------------------------------------------------- /.github/workflows/docker-image.yml: -------------------------------------------------------------------------------- 1 | name: Docker Image CI 2 | 3 | on: 4 | push: 5 | branches: [ main ] 6 | pull_request: 7 | branches: [ main ] 8 | 9 | jobs: 10 | 11 | build: 12 | 13 | runs-on: ubuntu-latest 14 | 15 | steps: 16 | - uses: actions/checkout@v4 17 | - name: Build the Docker image 18 | run: docker build . --file Dockerfile --tag my-image-name:$(date +%s) 19 | -------------------------------------------------------------------------------- /appstudio-controller/config/rbac/auth_proxy_role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: proxy-role 5 | rules: 6 | - apiGroups: 7 | - authentication.k8s.io 8 | resources: 9 | - tokenreviews 10 | verbs: 11 | - create 12 | - apiGroups: 13 | - authorization.k8s.io 14 | resources: 15 | - subjectaccessreviews 16 | verbs: 17 | - create 18 | -------------------------------------------------------------------------------- /backend-shared/config/crd/patches/cainjection_in_gitopsdeploymentsyncruns.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | annotations: 6 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 7 | name: gitopsdeploymentsyncruns.managed-gitops.redhat.com 8 | -------------------------------------------------------------------------------- /backend/config/rbac/auth_proxy_service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | control-plane: backend-controller-manager 6 | name: controller-manager-metrics-service 7 | namespace: system 8 | spec: 9 | ports: 10 | - name: https 11 | port: 8443 12 | protocol: TCP 13 | targetPort: https 14 | selector: 15 | control-plane: backend-controller-manager 16 | -------------------------------------------------------------------------------- /backend/config/webhook/service.yaml: -------------------------------------------------------------------------------- 1 | 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: webhook-service 6 | namespace: system 7 | annotations: 8 | service.beta.openshift.io/serving-cert-secret-name: core-webhook-server-cert 9 | spec: 10 | ports: 11 | - port: 443 12 | protocol: TCP 13 | targetPort: 9443 14 | selector: 15 | control-plane: backend-controller-manager 16 | -------------------------------------------------------------------------------- /manifests/scripts/generate-postgresql-secret.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | kubectl create namespace gitops 2> /dev/null || true 4 | 5 | # Auto-generate DB Secret 6 | if ! kubectl get secret -n gitops gitops-postgresql-staging &>/dev/null; then 7 | kubectl create secret generic gitops-postgresql-staging \ 8 | --namespace=gitops \ 9 | --from-literal=postgresql-password=$(openssl rand -base64 20) 10 | fi 11 | 12 | -------------------------------------------------------------------------------- /resources/test-data/component-based-gitops-repository/components/componentA/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | 2 | resources: 3 | - deployment-sample-workload.yaml 4 | - service-sample-workload.yaml 5 | - route-sample-workload.yaml 6 | # - (resources will be applied in all environments, though overlays may modify these via patches) 7 | 8 | apiVersion: kustomize.config.k8s.io/v1beta1 9 | kind: Kustomization 10 | -------------------------------------------------------------------------------- /resources/test-data/component-based-gitops-repository/components/componentB/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | 2 | resources: 3 | - deployment-sample-workload.yaml 4 | - service-sample-workload.yaml 5 | - route-sample-workload.yaml 6 | # - (resources will be applied in all environments, though overlays may modify these via patches) 7 | 8 | apiVersion: kustomize.config.k8s.io/v1beta1 9 | kind: Kustomization 10 | -------------------------------------------------------------------------------- /appstudio-controller/config/rbac/deploymenttargetclass_view_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: deploymenttargetclass-viewer-role-binding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: deploymenttargetclass-viewer-role 9 | subjects: 10 | - kind: Group 11 | name: system:authenticated 12 | -------------------------------------------------------------------------------- /backend-shared/hack/run-db-schema-sync-check.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -x 4 | set -o errexit 5 | set -o nounset 6 | set -o pipefail 7 | 8 | SCRIPTPATH="$( 9 | cd -- "$(dirname "$0")" >/dev/null 2>&1 || exit 10 | pwd -P 11 | )" 12 | 13 | export ROOTPATH=$SCRIPTPATH/../../ 14 | BACKEND_SHARED_DIR=$ROOTPATH/backend-shared 15 | cd ${BACKEND_SHARED_DIR} 16 | 17 | go run ./hack/db-schema-sync-check 18 | -------------------------------------------------------------------------------- /examples/m2-demo/jane-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: managed-gitops.redhat.com/v1alpha1 2 | kind: GitOpsDeployment 3 | metadata: 4 | name: gitops-depl 5 | namespace: jane 6 | spec: 7 | source: 8 | repoURL: https://github.com/redhat-appstudio/managed-gitops 9 | path: resources/test-data/sample-gitops-repository/environments/overlays/dev 10 | 11 | # destination: {} 12 | 13 | type: automated 14 | 15 | -------------------------------------------------------------------------------- /examples/m2-demo/jgw-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: managed-gitops.redhat.com/v1alpha1 2 | kind: GitOpsDeployment 3 | metadata: 4 | name: gitops-depl 5 | namespace: jgw 6 | spec: 7 | source: 8 | repoURL: https://github.com/redhat-appstudio/managed-gitops 9 | path: resources/test-data/sample-gitops-repository/environments/overlays/dev 10 | 11 | # destination: {} 12 | 13 | type: automated 14 | 15 | -------------------------------------------------------------------------------- /examples/m6-demo/jane-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: managed-gitops.redhat.com/v1alpha1 2 | kind: GitOpsDeployment 3 | metadata: 4 | name: gitops-depl 5 | namespace: jane 6 | spec: 7 | source: 8 | repoURL: https://github.com/redhat-appstudio/managed-gitops 9 | path: resources/test-data/sample-gitops-repository/environments/overlays/dev 10 | 11 | # destination: {} 12 | 13 | type: automated 14 | 15 | -------------------------------------------------------------------------------- /examples/m6-demo/jgw-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: managed-gitops.redhat.com/v1alpha1 2 | kind: GitOpsDeployment 3 | metadata: 4 | name: gitops-depl 5 | namespace: jgw 6 | spec: 7 | source: 8 | repoURL: https://github.com/redhat-appstudio/managed-gitops 9 | path: resources/test-data/sample-gitops-repository/environments/overlays/dev 10 | 11 | # destination: {} 12 | 13 | type: automated 14 | 15 | -------------------------------------------------------------------------------- /resources/test-data/sample-gitops-repository/components/componentA/base/service-sample-workload.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: component-a 6 | name: component-a 7 | spec: 8 | ports: 9 | - name: server 10 | protocol: TCP 11 | port: 8080 12 | targetPort: 8080 13 | selector: 14 | app.kubernetes.io/name: component-a 15 | 16 | -------------------------------------------------------------------------------- /resources/test-data/sample-gitops-repository/components/componentB/base/service-sample-workload.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: component-b 6 | name: component-b 7 | spec: 8 | ports: 9 | - name: server 10 | protocol: TCP 11 | port: 8080 12 | targetPort: 8080 13 | selector: 14 | app.kubernetes.io/name: component-b 15 | 16 | -------------------------------------------------------------------------------- /utilities/gitopsctl/Makefile: -------------------------------------------------------------------------------- 1 | .PHONY: lint 2 | lint: 3 | golangci-lint --version 4 | GOMAXPROCS=2 golangci-lint run --fix --verbose --timeout 300s 5 | 6 | # Run go fmt against code 7 | .PHONY: fmt 8 | fmt: 9 | go fmt ./... 10 | 11 | # Run go vet against code 12 | .PHONY: vet 13 | vet: 14 | go vet ./... 15 | 16 | # Remove the vendor and bin folders 17 | .PHONY: clean 18 | clean: 19 | rm -rf vendor/ bin/ 20 | -------------------------------------------------------------------------------- /appstudio-controller/config/webhook/service.yaml: -------------------------------------------------------------------------------- 1 | 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: webhook-service 6 | namespace: system 7 | annotations: 8 | service.beta.openshift.io/serving-cert-secret-name: webhook-server-cert 9 | spec: 10 | ports: 11 | - port: 443 12 | protocol: TCP 13 | targetPort: 9443 14 | selector: 15 | control-plane: appstudio-controller-manager 16 | -------------------------------------------------------------------------------- /manifests/scripts/metrics-dashboard/grafana/grafana-cluster-role-binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: cluster-monitoring-view 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: cluster-monitoring-view 9 | subjects: 10 | - kind: ServiceAccount 11 | name: grafana-serviceaccount 12 | namespace: grafana 13 | -------------------------------------------------------------------------------- /appstudio-controller/config/rbac/auth_proxy_service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | control-plane: appstudio-controller-manager 6 | name: controller-manager-metrics-service 7 | namespace: system 8 | spec: 9 | ports: 10 | - name: https 11 | port: 8443 12 | protocol: TCP 13 | targetPort: https 14 | selector: 15 | control-plane: appstudio-controller-manager 16 | -------------------------------------------------------------------------------- /appstudio-controller/examples/environment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: appstudio.redhat.com/v1alpha1 2 | kind: Environment 3 | metadata: 4 | name: staging 5 | spec: 6 | type: poc 7 | displayName: “Production for Team A” 8 | deploymentStrategy: AppStudioAutomated 9 | parentEnvironment: staging 10 | tags: 11 | - staging 12 | configuration: 13 | env: 14 | - name: My_STG_ENV 15 | value: "100" 16 | -------------------------------------------------------------------------------- /cluster-agent/config/rbac/auth_proxy_service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | control-plane: cluster-agent-controller-manager 6 | name: controller-manager-metrics-service 7 | namespace: system 8 | spec: 9 | ports: 10 | - name: https 11 | port: 8443 12 | protocol: TCP 13 | targetPort: https 14 | selector: 15 | control-plane: cluster-agent-controller-manager 16 | -------------------------------------------------------------------------------- /manifests/scripts/metrics-dashboard/grafana/grafana-operator-group.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1 2 | kind: OperatorGroup 3 | metadata: 4 | annotations: 5 | olm.providedAPIs: Grafana.v1alpha1.integreatly.org,GrafanaDashboard.v1alpha1.integreatly.org,GrafanaDataSource.v1alpha1.integreatly.org 6 | name: grafana-operator-group 7 | namespace: grafana 8 | spec: 9 | targetNamespaces: 10 | - grafana 11 | 12 | -------------------------------------------------------------------------------- /psql.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Tip: More info on psql - https://tomcam.github.io/postgres/ 4 | 5 | 6 | # Run psql in its own disposable container 7 | 8 | PGPASSWORD="${POSTGRES_PASSWORD:-gitops}" 9 | POSTGRESQL_DATABASE="${POSTGRESQL_DATABASE:=postgres}" 10 | 11 | docker run -e PGPASSWORD=$PGPASSWORD --network=host --rm -it postgres:13 \ 12 | psql -h localhost -d $POSTGRESQL_DATABASE -U postgres -p 5432 "$*" 13 | -------------------------------------------------------------------------------- /utilities/load-test/Makefile: -------------------------------------------------------------------------------- 1 | 2 | .PHONY: test 3 | test: fmt vet 4 | go test -v -count=1 -coverprofile=coverage.out `go list ./...` 5 | 6 | .PHONY: lint 7 | lint: 8 | golangci-lint --version 9 | GOMAXPROCS=2 golangci-lint run --fix --verbose --timeout 300s 10 | 11 | # Run go fmt against code 12 | .PHONY: fmt 13 | fmt: 14 | go fmt ./... 15 | 16 | # Run go vet against code 17 | .PHONY: vet 18 | vet: 19 | go vet ./... 20 | -------------------------------------------------------------------------------- /backend-shared/config/crd/patches/cainjection_in_gitopsdeploymentrepositorycredentials.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | annotations: 6 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 7 | name: gitopsdeploymentrepositorycredentials.managed-gitops.redhat.com 8 | -------------------------------------------------------------------------------- /backend/config/samples/kustomization.yaml: -------------------------------------------------------------------------------- 1 | ## Append samples you want in your CSV to this file as resources ## 2 | resources: 3 | - managed-gitops_v1alpha1_gitopsdeployment.yaml 4 | - managed-gitops_v1alpha1_gitopsdeploymentsyncrun.yaml 5 | - managed-gitops_v1alpha1_gitopsdeploymentrepositorycredential.yaml 6 | - managed-gitops.redhat.com_v1alpha1_gitopsdeploymentmanagedenvironment.yaml 7 | #+kubebuilder:scaffold:manifestskustomizesamples 8 | -------------------------------------------------------------------------------- /manifests/scripts/metrics-dashboard/postgresql/grafana-postgresql-dashboard.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: integreatly.org/v1alpha1 2 | kind: GrafanaDashboard 3 | metadata: 4 | name: grafana-postgresql-table-dashboard-from-config-map 5 | namespace: grafana 6 | labels: 7 | app: grafana 8 | spec: 9 | json: 10 | "" 11 | configMapRef: 12 | name: grafana-postgresql-table-dashboard 13 | key: postgresql-table-dashboard.json 14 | -------------------------------------------------------------------------------- /resources/test-data/component-based-gitops-repository/components/componentA/base/service-sample-workload.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: component-a 6 | name: component-a 7 | spec: 8 | 9 | # Service intentionally does not contain 'ports' field, here. This should be defined within the overlay. 10 | 11 | selector: 12 | app.kubernetes.io/name: component-a 13 | 14 | -------------------------------------------------------------------------------- /resources/test-data/component-based-gitops-repository/components/componentB/base/service-sample-workload.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: component-b 6 | name: component-b 7 | spec: 8 | 9 | # Service intentionally does not contain 'ports' field, here. This should be defined within the overlay. 10 | 11 | selector: 12 | app.kubernetes.io/name: component-b 13 | 14 | -------------------------------------------------------------------------------- /utilities/db-migration/migrations/000010_v10.up.sql: -------------------------------------------------------------------------------- 1 | ALTER TABLE Application ADD COLUMN created_on TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP; 2 | ALTER TABLE ManagedEnvironment ADD COLUMN created_on TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP; 3 | ALTER TABLE SyncOperation ADD COLUMN created_on TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP; 4 | ALTER TABLE RepositoryCredentials ADD COLUMN created_on TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP; 5 | -------------------------------------------------------------------------------- /examples/m6-demo/my-managed-environment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: managed-gitops.redhat.com/v1alpha1 2 | kind: GitOpsDeploymentManagedEnvironment 3 | metadata: 4 | name: my-managed-environment 5 | spec: 6 | apiURL: "https://(API url of a valid k8s cluster defined within your kube config)" 7 | # example: 8 | # apiURL: "https://api.ci-ln-vtdzzjb-72292.origin-ci-int-gce.dev.rhcloud.com:6443" 9 | credentialsSecret: "my-managed-environment-secret" 10 | -------------------------------------------------------------------------------- /resources/test-data/component-based-gitops-repository-no-route/components/componentA/base/service-sample-workload.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: component-a 6 | name: component-a 7 | spec: 8 | 9 | # Service intentionally does not contain 'ports' field, here. This should be defined within the overlay. 10 | 11 | selector: 12 | app.kubernetes.io/name: component-a 13 | 14 | -------------------------------------------------------------------------------- /resources/test-data/component-based-gitops-repository-no-route/components/componentB/base/service-sample-workload.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: component-b 6 | name: component-b 7 | spec: 8 | 9 | # Service intentionally does not contain 'ports' field, here. This should be defined within the overlay. 10 | 11 | selector: 12 | app.kubernetes.io/name: component-b 13 | 14 | -------------------------------------------------------------------------------- /backend-shared/config/crd/patches/cainjection_in_managed-gitops.redhat.com_gitopsdeploymentmanagedenvironments.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | annotations: 6 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 7 | name: gitopsdeploymentmanagedenvironments.managed-gitops.redhat.com 8 | -------------------------------------------------------------------------------- /examples/m2-demo/k8s/jane-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: managed-gitops.redhat.com/v1alpha1 2 | kind: GitOpsDeployment 3 | metadata: 4 | name: gitops-depl 5 | namespace: jane 6 | spec: 7 | source: 8 | repoURL: https://github.com/jgwest/gitops-repository-template 9 | path: resources/test-data/sample-gitops-repository/environments/overlays/dev 10 | targetRevision: k8s-only 11 | 12 | # destination: {} 13 | 14 | type: automated 15 | 16 | -------------------------------------------------------------------------------- /manifests/overlays/k8s-env-e2e/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - ../k8s-env 6 | 7 | patchesStrategicMerge: 8 | - backend-deployment-patch.yaml 9 | - cluster-agent-deployment-patch.yaml 10 | 11 | # Uncomment to use a custom image: 12 | 13 | # images: 14 | # - name: \${COMMON_IMAGE} 15 | # newName: quay.io/(your user name)/gitops-service 16 | # newTag: latest 17 | -------------------------------------------------------------------------------- /manifests/overlays/k8s-env-e2e/backend-deployment-patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: gitops-core-service-controller-manager 5 | namespace: gitops 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - env: 11 | - name: DEV_ONLY_ALLOW_NON_TLS_CONNECTION_TO_POSTGRESQL 12 | value: "true" 13 | - name: SELF_HEAL_INTERVAL 14 | value: "0" 15 | name: manager 16 | -------------------------------------------------------------------------------- /examples/m2-demo/k8s/jgw-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: managed-gitops.redhat.com/v1alpha1 2 | kind: GitOpsDeployment 3 | metadata: 4 | name: gitops-depl 5 | namespace: jgw 6 | spec: 7 | source: 8 | repoURL: https://github.com/jgwest/gitops-repository-template 9 | path: resources/test-data/sample-gitops-repository/environments/overlays/dev 10 | targetRevision: k8s-only 11 | 12 | # destination: 13 | 14 | # type: manual 15 | type: automated 16 | 17 | -------------------------------------------------------------------------------- /manifests/overlays/k8s-env-e2e/cluster-agent-deployment-patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: gitops-service-agent-controller-manager 5 | namespace: gitops 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - env: 11 | - name: DEV_ONLY_ALLOW_NON_TLS_CONNECTION_TO_POSTGRESQL 12 | value: "true" 13 | - name: SELF_HEAL_INTERVAL 14 | value: "0" 15 | name: manager 16 | -------------------------------------------------------------------------------- /manifests/scripts/metrics-dashboard/postgresql/grafana-postgresql-exporter-dashboard.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: integreatly.org/v1alpha1 2 | kind: GrafanaDashboard 3 | metadata: 4 | name: grafana-postgresql-exporter-table-dashboard-from-config-map 5 | namespace: grafana 6 | labels: 7 | app: grafana 8 | spec: 9 | json: 10 | "" 11 | configMapRef: 12 | name: grafana-postgresql-exporter-table-dashboard 13 | key: postgresql-exporter-table-dashboard.json 14 | -------------------------------------------------------------------------------- /resources/test-data/sample-gitops-repository/components/componentA/base/route-sample-workload.yaml: -------------------------------------------------------------------------------- 1 | kind: Route 2 | apiVersion: route.openshift.io/v1 3 | metadata: 4 | name: component-a 5 | spec: 6 | subdomain: component-a 7 | to: 8 | kind: Service 9 | name: component-a 10 | weight: 100 11 | port: 12 | targetPort: 8080 13 | tls: 14 | termination: edge 15 | insecureEdgeTerminationPolicy: Redirect 16 | wildcardPolicy: None 17 | 18 | -------------------------------------------------------------------------------- /resources/test-data/sample-gitops-repository/components/componentB/base/route-sample-workload.yaml: -------------------------------------------------------------------------------- 1 | kind: Route 2 | apiVersion: route.openshift.io/v1 3 | metadata: 4 | name: component-b 5 | spec: 6 | subdomain: component-b 7 | to: 8 | kind: Service 9 | name: component-b 10 | weight: 100 11 | port: 12 | targetPort: 8080 13 | tls: 14 | termination: edge 15 | insecureEdgeTerminationPolicy: Redirect 16 | wildcardPolicy: None 17 | 18 | -------------------------------------------------------------------------------- /utilities/db-migration/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "fmt" 5 | "os" 6 | 7 | migrate "github.com/redhat-appstudio/managed-gitops/utilities/db-migration/migrate" 8 | ) 9 | 10 | func main() { 11 | opType := "" 12 | if len(os.Args) >= 2 { 13 | opType = os.Args[1] 14 | } 15 | if err := migrate.Migrate(opType, "file://migrations/"); err != nil { 16 | fmt.Println("Unable to migrate database:", err) 17 | os.Exit(1) 18 | return 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /backend/config/prometheus/monitor.yaml: -------------------------------------------------------------------------------- 1 | 2 | # Prometheus Monitor Service (Metrics) 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: ServiceMonitor 5 | metadata: 6 | labels: 7 | control-plane: backend-controller-manager 8 | name: controller-manager-metrics-monitor 9 | namespace: system 10 | spec: 11 | endpoints: 12 | - path: /metrics 13 | port: http-metrics 14 | selector: 15 | matchLabels: 16 | control-plane: backend-controller-manager 17 | -------------------------------------------------------------------------------- /manifests/overlays/local-dev-env/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - ../../base/crd/overlays/local-dev 6 | - ../../base/gitops-namespace 7 | - ../../base/cluster-scoped 8 | # - ../../base/gitops-service-argocd 9 | 10 | # Uncomment to use a custom image: 11 | 12 | # images: 13 | # - name: \${COMMON_IMAGE} 14 | # newName: quay.io/(your user name)/gitops-service 15 | # newTag: latest 16 | -------------------------------------------------------------------------------- /manifests/base/postgresql-staging/addProtocol.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # KCP till release-0.7 has no knowledge of protocol by default, and hence we need to 4 | # add these protocols in our yamls explicitly. Here, we are defining explicitly TCP. 5 | 6 | yq e -i 'select(.kind == "Service").spec.ports[] += {"protocol": "TCP"}' postgresql-staging.yaml 7 | yq e -i 'select(.kind == "StatefulSet").spec.template.spec.containers[].ports[] += {"protocol": "TCP"}' postgresql-staging.yaml 8 | -------------------------------------------------------------------------------- /appstudio-controller/config/prometheus/monitor.yaml: -------------------------------------------------------------------------------- 1 | 2 | # Prometheus Monitor Service (Metrics) 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: ServiceMonitor 5 | metadata: 6 | labels: 7 | control-plane: appstudio-controller-manager 8 | name: controller-manager-metrics-monitor 9 | namespace: system 10 | spec: 11 | endpoints: 12 | - path: /metrics 13 | port: http-metrics 14 | selector: 15 | matchLabels: 16 | control-plane: appstudio-controller-manager 17 | -------------------------------------------------------------------------------- /backend/config/scorecard/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - bases/config.yaml 3 | patchesJson6902: 4 | - path: patches/basic.config.yaml 5 | target: 6 | group: scorecard.operatorframework.io 7 | version: v1alpha3 8 | kind: Configuration 9 | name: config 10 | - path: patches/olm.config.yaml 11 | target: 12 | group: scorecard.operatorframework.io 13 | version: v1alpha3 14 | kind: Configuration 15 | name: config 16 | #+kubebuilder:scaffold:patchesJson6902 17 | -------------------------------------------------------------------------------- /cluster-agent/config/prometheus/monitor.yaml: -------------------------------------------------------------------------------- 1 | 2 | # Prometheus Monitor Service (Metrics) 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: ServiceMonitor 5 | metadata: 6 | labels: 7 | control-plane: cluster-agent-controller-manager 8 | name: controller-manager-metrics-monitor 9 | namespace: system 10 | spec: 11 | endpoints: 12 | - path: /metrics 13 | port: http-metrics 14 | selector: 15 | matchLabels: 16 | control-plane: cluster-agent-controller-manager 17 | -------------------------------------------------------------------------------- /appstudio-controller/config/scorecard/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - bases/config.yaml 3 | patchesJson6902: 4 | - path: patches/basic.config.yaml 5 | target: 6 | group: scorecard.operatorframework.io 7 | version: v1alpha3 8 | kind: Configuration 9 | name: config 10 | - path: patches/olm.config.yaml 11 | target: 12 | group: scorecard.operatorframework.io 13 | version: v1alpha3 14 | kind: Configuration 15 | name: config 16 | #+kubebuilder:scaffold:patchesJson6902 17 | -------------------------------------------------------------------------------- /manifests/scripts/metrics-dashboard/grafana/grafana-subscription.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1alpha1 2 | kind: Subscription 3 | metadata: 4 | labels: 5 | operators.coreos.com/grafana-operator.grafana: "" 6 | name: grafana-operator 7 | namespace: grafana 8 | 9 | spec: 10 | channel: v4 11 | installPlanApproval: Automatic 12 | name: grafana-operator 13 | source: community-operators 14 | sourceNamespace: openshift-marketplace 15 | startingCSV: grafana-operator.v4.8.0 16 | 17 | -------------------------------------------------------------------------------- /utilities/db-migration/Makefile: -------------------------------------------------------------------------------- 1 | migration-script: 2 | cd migrations && migrate create -ext sql -seq $(filename) 3 | 4 | .PHONY: lint 5 | lint: 6 | golangci-lint --version 7 | GOMAXPROCS=2 golangci-lint run --fix --verbose --timeout 300s 8 | 9 | # Run go fmt against code 10 | .PHONY: fmt 11 | fmt: 12 | go fmt ./... 13 | 14 | # Run go vet against code 15 | .PHONY: vet 16 | vet: 17 | go vet ./... 18 | 19 | # Remove the vendor and bin folders 20 | .PHONY: clean 21 | clean: 22 | rm -rf vendor/ bin/ 23 | -------------------------------------------------------------------------------- /backend-shared/config/certmanager/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This configuration is for teaching kustomize how to update name ref and var substitution 2 | nameReference: 3 | - kind: Issuer 4 | group: cert-manager.io 5 | fieldSpecs: 6 | - kind: Certificate 7 | group: cert-manager.io 8 | path: spec/issuerRef/name 9 | 10 | varReference: 11 | - kind: Certificate 12 | group: cert-manager.io 13 | path: spec/commonName 14 | - kind: Certificate 15 | group: cert-manager.io 16 | path: spec/dnsNames 17 | -------------------------------------------------------------------------------- /utilities/db-migration/migrations/000017_v17.down.sql: -------------------------------------------------------------------------------- 1 | DROP INDEX idx_APICRToDatabaseMapping1; 2 | DROP INDEX idx_APICRToDatabaseMapping2; 3 | DROP INDEX idx_APICRToDatabaseMapping3; 4 | DROP INDEX idx_gitopsenginecluster_clustercredentials; 5 | DROP INDEX idx_clusteruser_user_name; 6 | DROP INDEX idx_managed_environment_id; 7 | DROP INDEX idx_operation_1; 8 | DROP INDEX idx_deploymenttoapplicationmapping_1; 9 | DROP INDEX idx_deploymenttoapplicationmapping_2; 10 | DROP INDEX idx_deploymenttoapplicationmapping_3; -------------------------------------------------------------------------------- /utilities/load-test/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "fmt" 5 | 6 | utils "github.com/redhat-appstudio/managed-gitops/utilities/load-test/loadtest" 7 | ) 8 | 9 | const ARGO_CD_VERSION = "v2.8.3" 10 | 11 | func main() { 12 | 13 | manifest := fmt.Sprintf("https://raw.githubusercontent.com/argoproj/argo-cd/%s/manifests/install.yaml", ARGO_CD_VERSION) 14 | // Running a kubectl apply command by passing namespace and URL for the manifests yaml(s) 15 | utils.KubectlApply("argocd", manifest) 16 | } 17 | -------------------------------------------------------------------------------- /backend/config/rbac/gitopsdeployment_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view gitopsdeployments. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: gitopsdeployment-viewer-role 6 | rules: 7 | - apiGroups: 8 | - managed-gitops.redhat.com 9 | resources: 10 | - gitopsdeployments 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - managed-gitops.redhat.com 17 | resources: 18 | - gitopsdeployments/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /manifests/base/gitops-service-argocd/overlays/appstudio-staging-and-prod/argo-cd-patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: ArgoCD 3 | metadata: 4 | name: gitops-service-argocd 5 | namespace: gitops-service-argocd 6 | spec: 7 | 8 | controller: 9 | logLevel: "info" 10 | resources: 11 | limits: 12 | cpu: "2" 13 | memory: 6Gi 14 | requests: 15 | cpu: "1" 16 | memory: 3Gi 17 | repo: 18 | logLevel: "info" 19 | server: 20 | logLevel: "info" 21 | -------------------------------------------------------------------------------- /manifests/overlays/local-dev-env-with-k8s-db/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - ../../base/crd/overlays/local-dev 6 | - ../../base/gitops-namespace 7 | - ../../base/postgresql-staging 8 | - ../../base/cluster-scoped 9 | # - ../../base/gitops-service-argocd 10 | 11 | # Uncomment to use a custom image: 12 | 13 | # images: 14 | # - name: \${COMMON_IMAGE} 15 | # newName: quay.io/(your user name)/gitops-service 16 | # newTag: latest 17 | -------------------------------------------------------------------------------- /utilities/gitopsctl/go.mod: -------------------------------------------------------------------------------- 1 | module github.com/redhat-appstudio/managed-gitops/utilities/gitopsctl 2 | 3 | go 1.20 4 | 5 | require ( 6 | github.com/fatih/color v1.15.0 7 | github.com/spf13/cobra v1.7.0 8 | golang.org/x/net v0.23.0 9 | ) 10 | 11 | require ( 12 | github.com/inconshreveable/mousetrap v1.1.0 // indirect 13 | github.com/mattn/go-colorable v0.1.13 // indirect 14 | github.com/mattn/go-isatty v0.0.17 // indirect 15 | github.com/spf13/pflag v1.0.5 // indirect 16 | golang.org/x/sys v0.18.0 // indirect 17 | ) 18 | -------------------------------------------------------------------------------- /appstudio-controller/config/samples/kustomization.yaml: -------------------------------------------------------------------------------- 1 | ## Append samples you want in your CSV to this file as resources ## 2 | resources: 3 | - appstudio.redhat.com_v1alpha1_application.yaml 4 | - appstudio.redhat.com_v1alpha1_snapshot.yaml 5 | - appstudio.redhat.com_v1alpha1_promotionrun.yaml 6 | - appstudio.redhat.com_v1alpha1_snapshotenvironmentbinding.yaml 7 | - appstudio.redhat.com_v1alpha1_environment.yaml 8 | - appstudio.redhat.com_v1alpha1_deploymenttargetclaim.yaml 9 | #+kubebuilder:scaffold:manifestskustomizesamples 10 | -------------------------------------------------------------------------------- /manifests/base/monitoring/grafana-dashboards/regenerate-stonesoup-dashboard.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # See README.md for the purpose of this script 4 | 5 | cp managed-gitops/gitops-dashboard.json stonesoup/gitops-dashboard.json 6 | cp managed-gitops/gitops-argocd-dashboard.json stonesoup/gitops-argocd-dashboard.json 7 | 8 | sed -i.bak -e 's/PBFA97CFB590B2093/PF224BEF3374A25F8/g' stonesoup/gitops-dashboard.json 9 | sed -i.bak -e 's/PBFA97CFB590B2093/PF224BEF3374A25F8/g' stonesoup/gitops-argocd-dashboard.json 10 | 11 | rm stonesoup/*.bak 12 | -------------------------------------------------------------------------------- /backend-shared/config/crd/patches/webhook_in_gitopsdeployments.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables a conversion webhook for the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: gitopsdeployments.managed-gitops.redhat.com 6 | spec: 7 | conversion: 8 | strategy: Webhook 9 | webhook: 10 | clientConfig: 11 | service: 12 | namespace: system 13 | name: webhook-service 14 | path: /convert 15 | conversionReviewVersions: 16 | - v1 17 | -------------------------------------------------------------------------------- /cluster-agent/.gitignore: -------------------------------------------------------------------------------- 1 | 2 | .vscode/ 3 | vendor/ 4 | 5 | # Binaries for programs and plugins 6 | *.exe 7 | *.exe~ 8 | *.dll 9 | *.so 10 | *.dylib 11 | bin 12 | testbin/* 13 | main 14 | 15 | # Test binary, build with `go test -c` 16 | *.test 17 | 18 | # Output of the go coverage tool, specifically when used with LiteIDE 19 | *.out 20 | 21 | # Kubernetes Generated files - skip generated files, except for vendored files 22 | 23 | !vendor/**/zz_generated.* 24 | 25 | # editor and IDE paraphernalia 26 | .idea 27 | *.swp 28 | *.swo 29 | *~ 30 | -------------------------------------------------------------------------------- /resources/test-data/component-based-gitops-repository/components/componentA/base/route-sample-workload.yaml: -------------------------------------------------------------------------------- 1 | kind: Route 2 | apiVersion: route.openshift.io/v1 3 | metadata: 4 | name: component-a 5 | spec: 6 | subdomain: component-a 7 | to: 8 | kind: Service 9 | name: component-a 10 | weight: 100 11 | 12 | # Route intentionally does not contain port field, here. This should be defined in overlay. 13 | 14 | tls: 15 | termination: edge 16 | insecureEdgeTerminationPolicy: Redirect 17 | wildcardPolicy: None 18 | 19 | -------------------------------------------------------------------------------- /resources/test-data/component-based-gitops-repository/components/componentB/base/route-sample-workload.yaml: -------------------------------------------------------------------------------- 1 | kind: Route 2 | apiVersion: route.openshift.io/v1 3 | metadata: 4 | name: component-b 5 | spec: 6 | subdomain: component-b 7 | to: 8 | kind: Service 9 | name: component-b 10 | weight: 100 11 | 12 | # Route intentionally does not contain port field, here. This should be defined in overlay. 13 | 14 | tls: 15 | termination: edge 16 | insecureEdgeTerminationPolicy: Redirect 17 | wildcardPolicy: None 18 | 19 | -------------------------------------------------------------------------------- /appstudio-controller/config/rbac/deploymenttargetclass_view_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view deploymenttargetclasses. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: deploymenttargetclass-viewer-role 6 | rules: 7 | - apiGroups: 8 | - appstudio.redhat.com 9 | resources: 10 | - deploymenttargetclasses 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - appstudio.redhat.com 17 | resources: 18 | - deploymenttargetclasses/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /appstudio-controller/.gitignore: -------------------------------------------------------------------------------- 1 | vendor 2 | appstudio-controller 3 | 4 | # Binaries for programs and plugins 5 | *.exe 6 | *.exe~ 7 | *.dll 8 | *.so 9 | *.dylib 10 | bin 11 | testbin/* 12 | main 13 | 14 | # Test binary, build with `go test -c` 15 | *.test 16 | 17 | # Output of the go coverage tool, specifically when used with LiteIDE 18 | *.out 19 | 20 | # Kubernetes Generated files - skip generated files, except for vendored files 21 | 22 | !vendor/**/zz_generated.* 23 | 24 | # editor and IDE paraphernalia 25 | .idea 26 | *.swp 27 | *.swo 28 | *~ 29 | -------------------------------------------------------------------------------- /backend/config/rbac/gitopsdeploymentsyncrun_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view gitopsdeploymentsyncruns. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: gitopsdeploymentsyncrun-viewer-role 6 | rules: 7 | - apiGroups: 8 | - managed-gitops.redhat.com 9 | resources: 10 | - gitopsdeploymentsyncruns 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - managed-gitops.redhat.com 17 | resources: 18 | - gitopsdeploymentsyncruns/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /backend-shared/config/crd/patches/webhook_in_gitopsdeploymentsyncruns.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables a conversion webhook for the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: gitopsdeploymentsyncruns.managed-gitops.redhat.com 6 | spec: 7 | conversion: 8 | strategy: Webhook 9 | webhook: 10 | clientConfig: 11 | service: 12 | namespace: system 13 | name: webhook-service 14 | path: /convert 15 | conversionReviewVersions: 16 | - v1 17 | -------------------------------------------------------------------------------- /backend-shared/db/util/util_suite_test.go: -------------------------------------------------------------------------------- 1 | package util_test 2 | 3 | import ( 4 | "testing" 5 | 6 | . "github.com/onsi/ginkgo/v2" 7 | . "github.com/onsi/gomega" 8 | "go.uber.org/zap/zapcore" 9 | logf "sigs.k8s.io/controller-runtime/pkg/log" 10 | "sigs.k8s.io/controller-runtime/pkg/log/zap" 11 | ) 12 | 13 | var _ = BeforeSuite(func() { 14 | logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true), zap.Level(zapcore.DebugLevel))) 15 | }) 16 | 17 | func TestUtil(t *testing.T) { 18 | RegisterFailHandler(Fail) 19 | RunSpecs(t, "Util Suite") 20 | } 21 | -------------------------------------------------------------------------------- /backend/config/prometheus/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | control-plane: backend-controller-manager 6 | name: controller-manager-metrics-service 7 | namespace: gitops 8 | spec: 9 | internalTrafficPolicy: Cluster 10 | ipFamilies: 11 | - IPv4 12 | ipFamilyPolicy: SingleStack 13 | ports: 14 | - name: http-metrics 15 | port: 8080 16 | protocol: TCP 17 | targetPort: 8080 18 | selector: 19 | control-plane: backend-controller-manager 20 | sessionAffinity: None 21 | type: ClusterIP -------------------------------------------------------------------------------- /cluster-agent/utils/utils_suite_test.go: -------------------------------------------------------------------------------- 1 | package utils_test 2 | 3 | import ( 4 | "testing" 5 | 6 | . "github.com/onsi/ginkgo/v2" 7 | . "github.com/onsi/gomega" 8 | "go.uber.org/zap/zapcore" 9 | logf "sigs.k8s.io/controller-runtime/pkg/log" 10 | "sigs.k8s.io/controller-runtime/pkg/log/zap" 11 | ) 12 | 13 | var _ = BeforeSuite(func() { 14 | logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true), zap.Level(zapcore.DebugLevel))) 15 | }) 16 | 17 | func TestUtils(t *testing.T) { 18 | RegisterFailHandler(Fail) 19 | RunSpecs(t, "Utils Suite") 20 | } 21 | -------------------------------------------------------------------------------- /backend-shared/config/crd/patches/webhook_in_gitopsdeploymentrepositorycredentials.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables a conversion webhook for the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: gitopsdeploymentrepositorycredentials.managed-gitops.redhat.com 6 | spec: 7 | conversion: 8 | strategy: Webhook 9 | webhook: 10 | clientConfig: 11 | service: 12 | namespace: system 13 | name: webhook-service 14 | path: /convert 15 | conversionReviewVersions: 16 | - v1 17 | -------------------------------------------------------------------------------- /backend/config/rbac/gitopsdeployment_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit gitopsdeployments. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: gitopsdeployment-editor-role 6 | rules: 7 | - apiGroups: 8 | - managed-gitops.redhat.com 9 | resources: 10 | - gitopsdeployments 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - managed-gitops.redhat.com 21 | resources: 22 | - gitopsdeployments/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /resources/test-data/sample-gitops-repository/components/componentA/overlays/dev/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../../base 3 | # - (additional resources that will only be applied in this environment) 4 | 5 | # patches to resources in this environment 6 | patches: 7 | - patch: |- 8 | - op: add 9 | path: /spec/template/spec/containers/0/env/0 10 | value: 11 | name: RESOURCE_ENVIRONMENT 12 | value: dev 13 | target: 14 | kind: Deployment 15 | name: component-a 16 | 17 | apiVersion: kustomize.config.k8s.io/v1beta1 18 | kind: Kustomization 19 | -------------------------------------------------------------------------------- /resources/test-data/sample-gitops-repository/components/componentB/overlays/dev/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../../base 3 | # - (additional resources that will only be applied in this environment) 4 | 5 | # patches to resources in this environment 6 | patches: 7 | - patch: |- 8 | - op: add 9 | path: /spec/template/spec/containers/0/env/0 10 | value: 11 | name: RESOURCE_ENVIRONMENT 12 | value: dev 13 | target: 14 | kind: Deployment 15 | name: component-b 16 | 17 | apiVersion: kustomize.config.k8s.io/v1beta1 18 | kind: Kustomization 19 | -------------------------------------------------------------------------------- /appstudio-controller/config/prometheus/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | control-plane: appstudio-controller-manager 6 | name: controller-manager-metrics-service 7 | namespace: gitops 8 | spec: 9 | internalTrafficPolicy: Cluster 10 | ipFamilies: 11 | - IPv4 12 | ipFamilyPolicy: SingleStack 13 | ports: 14 | - name: http-metrics 15 | port: 8080 16 | protocol: TCP 17 | targetPort: 8080 18 | selector: 19 | control-plane: appstudio-controller-manager 20 | sessionAffinity: None 21 | type: ClusterIP 22 | -------------------------------------------------------------------------------- /cluster-agent/config/prometheus/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | control-plane: cluster-agent-controller-manager 6 | name: controller-manager-metrics-service 7 | namespace: gitops 8 | spec: 9 | internalTrafficPolicy: Cluster 10 | ipFamilies: 11 | - IPv4 12 | ipFamilyPolicy: SingleStack 13 | ports: 14 | - name: http-metrics 15 | port: 8080 16 | protocol: TCP 17 | targetPort: 8080 18 | selector: 19 | control-plane: cluster-agent-controller-manager 20 | sessionAffinity: None 21 | type: ClusterIP 22 | -------------------------------------------------------------------------------- /resources/test-data/sample-gitops-repository/components/componentA/overlays/staging/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../../base 3 | # - (additional resources that will only be applied in this environment) 4 | 5 | # patches to resources in this environment 6 | patches: 7 | - patch: |- 8 | - op: add 9 | path: /spec/template/spec/containers/0/env/0 10 | value: 11 | name: RESOURCE_ENVIRONMENT 12 | value: staging 13 | target: 14 | kind: Deployment 15 | name: component-a 16 | 17 | apiVersion: kustomize.config.k8s.io/v1beta1 18 | kind: Kustomization 19 | -------------------------------------------------------------------------------- /resources/test-data/sample-gitops-repository/components/componentB/overlays/staging/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../../base 3 | # - (additional resources that will only be applied in this environment) 4 | 5 | # patches to resources in this environment 6 | patches: 7 | - patch: |- 8 | - op: add 9 | path: /spec/template/spec/containers/0/env/0 10 | value: 11 | name: RESOURCE_ENVIRONMENT 12 | value: staging 13 | target: 14 | kind: Deployment 15 | name: component-b 16 | 17 | apiVersion: kustomize.config.k8s.io/v1beta1 18 | kind: Kustomization 19 | -------------------------------------------------------------------------------- /cluster-agent/controllers/utils_suite_test.go: -------------------------------------------------------------------------------- 1 | package controllers 2 | 3 | import ( 4 | "testing" 5 | 6 | . "github.com/onsi/ginkgo/v2" 7 | . "github.com/onsi/gomega" 8 | "go.uber.org/zap/zapcore" 9 | logf "sigs.k8s.io/controller-runtime/pkg/log" 10 | "sigs.k8s.io/controller-runtime/pkg/log/zap" 11 | ) 12 | 13 | var _ = BeforeSuite(func() { 14 | logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true), zap.Level(zapcore.DebugLevel))) 15 | }) 16 | 17 | func TestUtils(t *testing.T) { 18 | RegisterFailHandler(Fail) 19 | RunSpecs(t, "cluster-agent controllers Suite") 20 | } 21 | -------------------------------------------------------------------------------- /backend-shared/config/crd/patches/webhook_in_managed-gitops.redhat.com_gitopsdeploymentmanagedenvironments.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables a conversion webhook for the CRD 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: gitopsdeploymentmanagedenvironments.managed-gitops.redhat.com 6 | spec: 7 | conversion: 8 | strategy: Webhook 9 | webhook: 10 | clientConfig: 11 | service: 12 | namespace: system 13 | name: webhook-service 14 | path: /convert 15 | conversionReviewVersions: 16 | - v1 17 | -------------------------------------------------------------------------------- /backend-shared/config/webhook/service.yaml: -------------------------------------------------------------------------------- 1 | 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | labels: 6 | app.kubernetes.io/name: service 7 | app.kubernetes.io/instance: webhook-service 8 | app.kubernetes.io/component: webhook 9 | app.kubernetes.io/created-by: managed-gitops 10 | app.kubernetes.io/part-of: managed-gitops 11 | app.kubernetes.io/managed-by: kustomize 12 | name: webhook-service 13 | namespace: system 14 | spec: 15 | ports: 16 | - port: 443 17 | protocol: TCP 18 | targetPort: 9443 19 | selector: 20 | control-plane: controller-manager 21 | -------------------------------------------------------------------------------- /backend/config/default/manager_config_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - name: manager 11 | args: 12 | - "--config=controller_manager_config.yaml" 13 | volumeMounts: 14 | - name: manager-config 15 | mountPath: /controller_manager_config.yaml 16 | subPath: controller_manager_config.yaml 17 | volumes: 18 | - name: manager-config 19 | configMap: 20 | name: manager-config 21 | -------------------------------------------------------------------------------- /manifests/scripts/metrics-dashboard/prometheus/openshift-operators-service-monitor.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: ServiceMonitor 3 | metadata: 4 | labels: 5 | name: gitops-operator 6 | name: gitops-operator-metrics-in-gitops 7 | namespace: openshift-gitops 8 | spec: 9 | endpoints: 10 | - bearerTokenSecret: 11 | key: "" 12 | port: http-metrics 13 | - bearerTokenSecret: 14 | key: "" 15 | port: cr-metrics 16 | namespaceSelector: 17 | matchNames: 18 | - openshift-operators 19 | selector: 20 | matchLabels: 21 | name: gitops-operator 22 | -------------------------------------------------------------------------------- /cluster-agent/config/default/manager_config_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - name: manager 11 | args: 12 | - "--config=controller_manager_config.yaml" 13 | volumeMounts: 14 | - name: manager-config 15 | mountPath: /controller_manager_config.yaml 16 | subPath: controller_manager_config.yaml 17 | volumes: 18 | - name: manager-config 19 | configMap: 20 | name: manager-config 21 | -------------------------------------------------------------------------------- /backend/config/rbac/gitopsdeploymentrepositorycredential_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view gitopsdeploymentrepositorycredentials. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: gitopsdeploymentrepositorycredential-viewer-role 6 | rules: 7 | - apiGroups: 8 | - managed-gitops.redhat.com 9 | resources: 10 | - gitopsdeploymentrepositorycredentials 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - managed-gitops.redhat.com 17 | resources: 18 | - gitopsdeploymentrepositorycredentials/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /backend/config/rbac/gitopsdeploymentsyncrun_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit gitopsdeploymentsyncruns. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: gitopsdeploymentsyncrun-editor-role 6 | rules: 7 | - apiGroups: 8 | - managed-gitops.redhat.com 9 | resources: 10 | - gitopsdeploymentsyncruns 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - managed-gitops.redhat.com 21 | resources: 22 | - gitopsdeploymentsyncruns/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /manifests/scripts/k8s-argo-deploy/deploy.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # A simple script for setting up Argo CD on non-OpenShift cluster. See Panos' 'argocd.sh' script for a full-featured version of this script. 4 | 5 | kubectl create namespace gitops-service-argocd 2> /dev/null || true 6 | kubectl apply -f https://raw.githubusercontent.com/argoproj/argo-cd/$ARGO_CD_VERSION/manifests/install.yaml -n gitops-service-argocd 7 | 8 | echo "Waiting for Argo CD to start in gitops-service-argocd" 9 | while ! kubectl get appproject/default -n gitops-service-argocd &> /dev/null ; do 10 | echo -n . 11 | sleep 1 12 | done 13 | 14 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | # To get started with Dependabot version updates, you'll need to specify which 2 | # package ecosystems to update and where the package manifests are located. 3 | # Please see the documentation for all configuration options: 4 | # https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates 5 | 6 | version: 2 7 | updates: 8 | 9 | - package-ecosystem: "github-actions" 10 | directory: "/" 11 | schedule: 12 | interval: "daily" 13 | 14 | - package-ecosystem: "docker" 15 | directory: "/" 16 | schedule: 17 | interval: "daily" 18 | -------------------------------------------------------------------------------- /appstudio-controller/config/default/manager_config_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - name: manager 11 | args: 12 | - "--config=controller_manager_config.yaml" 13 | volumeMounts: 14 | - name: manager-config 15 | mountPath: /controller_manager_config.yaml 16 | subPath: controller_manager_config.yaml 17 | volumes: 18 | - name: manager-config 19 | configMap: 20 | name: manager-config 21 | -------------------------------------------------------------------------------- /backend-shared/config/crd/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This file is for teaching kustomize how to substitute name and namespace reference in CRD 2 | nameReference: 3 | - kind: Service 4 | version: v1 5 | fieldSpecs: 6 | - kind: CustomResourceDefinition 7 | version: v1 8 | group: apiextensions.k8s.io 9 | path: spec/conversion/webhook/clientConfig/service/name 10 | 11 | namespace: 12 | - kind: CustomResourceDefinition 13 | version: v1 14 | group: apiextensions.k8s.io 15 | path: spec/conversion/webhook/clientConfig/service/namespace 16 | create: false 17 | 18 | varReference: 19 | - path: metadata/annotations 20 | -------------------------------------------------------------------------------- /backend/hack/boilerplate.go.txt: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2022. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ -------------------------------------------------------------------------------- /cluster-agent/PROJECT: -------------------------------------------------------------------------------- 1 | domain: redhat.com 2 | layout: 3 | - go.kubebuilder.io/v3 4 | multigroup: true 5 | plugins: 6 | manifests.sdk.operatorframework.io/v2: {} 7 | scorecard.sdk.operatorframework.io/v2: {} 8 | projectName: cluster-agent 9 | repo: github.com/redhat-appstudio/managed-gitops/cluster-agent 10 | resources: 11 | - api: 12 | crdVersion: v1 13 | namespaced: true 14 | controller: true 15 | domain: redhat.com 16 | group: managed-gitops 17 | kind: Operation 18 | path: github.com/redhat-appstudio/managed-gitops/backend-shared/apis/managed-gitops/v1alpha1 19 | version: v1alpha1 20 | version: "3" 21 | -------------------------------------------------------------------------------- /manifests/base/gitops-service-argocd/base/argo-cd-server-clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | 2 | # To enable 'gitops-service-argocd' instance as cluster-scoped Argo CD, uncomment the lines below. 3 | 4 | # apiVersion: rbac.authorization.k8s.io/v1 5 | # kind: ClusterRoleBinding 6 | # metadata: 7 | # name: appstudio-gitops-service-argocd-argocd-server 8 | # roleRef: 9 | # apiGroup: rbac.authorization.k8s.io 10 | # kind: ClusterRole 11 | # name: appstudio-gitops-service-argocd-argocd-server 12 | # subjects: 13 | # - kind: ServiceAccount 14 | # name: gitops-service-argocd-argocd-server 15 | # namespace: gitops-service-argocd -------------------------------------------------------------------------------- /resources/test-data/sample-gitops-repository/environments/overlays/dev/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../../base 3 | - ../../../components/componentA/overlays/dev 4 | - ../../../components/componentB/overlays/dev 5 | # - (additional resources that will only be applied in this environment) 6 | 7 | # patches to resources in this environment 8 | patches: 9 | - patch: |- 10 | - op: replace 11 | path: /data/environment-env-var 12 | value: dev 13 | target: 14 | kind: ConfigMap 15 | name: environment-config-map 16 | 17 | 18 | apiVersion: kustomize.config.k8s.io/v1beta1 19 | kind: Kustomization 20 | 21 | -------------------------------------------------------------------------------- /backend-shared/hack/boilerplate.go.txt: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ -------------------------------------------------------------------------------- /backend/config/rbac/managed-gitops.redhat.com_gitopsdeploymentmanagedenvironment_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view gitopsdeploymentmanagedenvironments. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: gitopsdeploymentmanagedenvironment-viewer-role 6 | rules: 7 | - apiGroups: 8 | - managed-gitops.redhat.com 9 | resources: 10 | - gitopsdeploymentmanagedenvironments 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - managed-gitops.redhat.com 17 | resources: 18 | - gitopsdeploymentmanagedenvironments/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /cluster-agent/hack/boilerplate.go.txt: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ -------------------------------------------------------------------------------- /appstudio-controller/hack/boilerplate.go.txt: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2022. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ -------------------------------------------------------------------------------- /resources/test-data/sample-gitops-repository/environments/overlays/staging/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../../base 3 | - ../../../components/componentA/overlays/staging 4 | - ../../../components/componentB/overlays/staging 5 | # - (additional resources that will only be applied in this environment) 6 | 7 | # patches to resources in this environment 8 | patches: 9 | - patch: |- 10 | - op: replace 11 | path: /data/environment-env-var 12 | value: staging 13 | target: 14 | kind: ConfigMap 15 | name: environment-config-map 16 | 17 | 18 | apiVersion: kustomize.config.k8s.io/v1beta1 19 | kind: Kustomization 20 | 21 | -------------------------------------------------------------------------------- /utilities/db-migration/migrations/000001_init_db.down.sql: -------------------------------------------------------------------------------- 1 | BEGIN; 2 | DROP TABLE IF EXISTS ApplicationState; 3 | DROP TABLE IF EXISTS DeploymentToApplicationMapping; 4 | DROP TABLE IF EXISTS KubernetesToDBResourceMapping; 5 | DROP TABLE IF EXISTS APICRToDatabaseMapping; 6 | DROP TABLE IF EXISTS SyncOperation; 7 | DROP TABLE IF EXISTS Application; 8 | DROP TABLE IF EXISTS Operation; 9 | DROP TABLE IF EXISTS ClusterAccess; 10 | DROP TABLE IF EXISTS GitopsEngineInstance; 11 | DROP TABLE IF EXISTS GitopsEngineCluster; 12 | DROP TABLE IF EXISTS ManagedEnvironment; 13 | DROP TABLE IF EXISTS ClusterCredentials; 14 | DROP TABLE IF EXISTS ClusterUser; 15 | COMMIT; -------------------------------------------------------------------------------- /backend-shared/config/default/manager_webhook_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - name: manager 11 | ports: 12 | - containerPort: 9443 13 | name: webhook-server 14 | protocol: TCP 15 | volumeMounts: 16 | - mountPath: /tmp/k8s-webhook-server/serving-certs 17 | name: cert 18 | readOnly: true 19 | volumes: 20 | - name: cert 21 | secret: 22 | defaultMode: 420 23 | secretName: webhook-server-cert 24 | -------------------------------------------------------------------------------- /manifests/scripts/openshift-argo-deploy/openshift-gitops-subscription.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1alpha1 2 | kind: Subscription 3 | metadata: 4 | name: openshift-gitops-operator 5 | namespace: openshift-operators 6 | spec: 7 | channel: gitops-1.10 8 | installPlanApproval: Automatic 9 | name: openshift-gitops-operator 10 | source: redhat-operators 11 | sourceNamespace: openshift-marketplace 12 | config: 13 | env: 14 | - name: DISABLE_DEFAULT_ARGOCD_INSTANCE 15 | value: "true" 16 | # re-enable this to enable cluster-scoped Argo CD: 17 | # - name: ARGOCD_CLUSTER_CONFIG_NAMESPACES 18 | # value: "gitops-service-argocd" -------------------------------------------------------------------------------- /backend/config/rbac/gitopsdeploymentrepositorycredential_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit gitopsdeploymentrepositorycredentials. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: gitopsdeploymentrepositorycredential-editor-role 6 | rules: 7 | - apiGroups: 8 | - managed-gitops.redhat.com 9 | resources: 10 | - gitopsdeploymentrepositorycredentials 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - managed-gitops.redhat.com 21 | resources: 22 | - gitopsdeploymentrepositorycredentials/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /resources/test-data/component-based-gitops-repository/components/componentB/base/deployment-sample-workload.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: component-b 5 | spec: 6 | selector: 7 | matchLabels: 8 | app.kubernetes.io/name: component-b 9 | template: 10 | metadata: 11 | labels: 12 | app.kubernetes.io/name: component-b 13 | spec: 14 | containers: 15 | - name: component-b 16 | imagePullPolicy: Always 17 | 18 | # The spec for the container INTENTIONALLY does not contain image/env vars/replicas/ports, here. 19 | # These values should be provided by overlays on a per environment basis. 20 | -------------------------------------------------------------------------------- /utilities/db-migration/migrations/000006_v6.down.sql: -------------------------------------------------------------------------------- 1 | 2 | ALTER TABLE apicrtodatabasemapping DROP CONSTRAINT apicrtodatabasemapping_api_resource_type_api_resource_uid_d_key; 3 | 4 | ALTER TABLE apicrtodatabasemapping DROP CONSTRAINT apicrtodatabasemapping_db_relation_type_db_relation_key_api_key; 5 | 6 | ALTER TABLE gitopsengineinstance DROP CONSTRAINT gitopsengineinstance_namespace_name_namespace_uid_engineclu_key; 7 | 8 | ALTER TABLE kubernetestodbresourcemapping DROP CONSTRAINT kubernetestodbresourcemapping_db_relation_type_db_relation__key; 9 | 10 | ALTER TABLE kubernetestodbresourcemapping DROP CONSTRAINT kubernetestodbresourcemapping_kubernetes_resource_type_kube_key; 11 | -------------------------------------------------------------------------------- /appstudio-controller/config/default/webhookcainjection_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch add annotation to admission webhook config and 2 | # the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize. 3 | #apiVersion: admissionregistration.k8s.io/v1 4 | #kind: MutatingWebhookConfiguration 5 | #metadata: 6 | # name: mutating-webhook-configuration 7 | # annotations: 8 | # service.beta.openshift.io/inject-cabundle: "true" 9 | --- 10 | apiVersion: admissionregistration.k8s.io/v1 11 | kind: ValidatingWebhookConfiguration 12 | metadata: 13 | name: validating-webhook-configuration 14 | annotations: 15 | service.beta.openshift.io/inject-cabundle: "true" 16 | -------------------------------------------------------------------------------- /backend/config/rbac/leader_election_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions to do leader election. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: leader-election-role 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - configmaps 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - create 16 | - update 17 | - patch 18 | - delete 19 | - apiGroups: 20 | - coordination.k8s.io 21 | resources: 22 | - leases 23 | verbs: 24 | - get 25 | - list 26 | - watch 27 | - create 28 | - update 29 | - patch 30 | - delete 31 | - apiGroups: 32 | - "" 33 | resources: 34 | - events 35 | verbs: 36 | - create 37 | - patch 38 | -------------------------------------------------------------------------------- /manifests/base/gitops-service-argocd/base/argo-cd-application-controller-clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | 2 | # To enable 'gitops-service-argocd' instance as cluster-scoped Argo CD, uncomment the lines below. 3 | 4 | # apiVersion: rbac.authorization.k8s.io/v1 5 | # kind: ClusterRoleBinding 6 | # metadata: 7 | # name: appstudio-gitops-service-argocd-argocd-application-controller 8 | # roleRef: 9 | # apiGroup: rbac.authorization.k8s.io 10 | # kind: ClusterRole 11 | # name: appstudio-gitops-service-argocd-argocd-application-controller 12 | # subjects: 13 | # - kind: ServiceAccount 14 | # name: gitops-service-argocd-argocd-application-controller 15 | # namespace: gitops-service-argocd -------------------------------------------------------------------------------- /appstudio-controller/controllers/appstudio.redhat.com/suite_test.go: -------------------------------------------------------------------------------- 1 | package appstudioredhatcom_test 2 | 3 | import ( 4 | "testing" 5 | 6 | . "github.com/onsi/ginkgo/v2" 7 | . "github.com/onsi/gomega" 8 | logf "sigs.k8s.io/controller-runtime/pkg/log" 9 | "sigs.k8s.io/controller-runtime/pkg/log/zap" 10 | //+kubebuilder:scaffold:imports 11 | ) 12 | 13 | func TestSuite(t *testing.T) { 14 | RegisterFailHandler(Fail) 15 | RunSpecs(t, "appstudio.redhat.com Suite") 16 | } 17 | 18 | var _ = BeforeSuite(func() { 19 | logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true))) 20 | }) 21 | 22 | var _ = AfterSuite(func() { 23 | By("tearing down the test environment") 24 | }) 25 | -------------------------------------------------------------------------------- /cluster-agent/config/rbac/leader_election_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions to do leader election. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: leader-election-role 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - configmaps 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - create 16 | - update 17 | - patch 18 | - delete 19 | - apiGroups: 20 | - coordination.k8s.io 21 | resources: 22 | - leases 23 | verbs: 24 | - get 25 | - list 26 | - watch 27 | - create 28 | - update 29 | - patch 30 | - delete 31 | - apiGroups: 32 | - "" 33 | resources: 34 | - events 35 | verbs: 36 | - create 37 | - patch 38 | -------------------------------------------------------------------------------- /resources/test-data/component-based-gitops-repository-no-route/components/componentB/base/deployment-sample-workload.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: component-b 5 | spec: 6 | selector: 7 | matchLabels: 8 | app.kubernetes.io/name: component-b 9 | template: 10 | metadata: 11 | labels: 12 | app.kubernetes.io/name: component-b 13 | spec: 14 | containers: 15 | - name: component-b 16 | imagePullPolicy: Always 17 | 18 | # The spec for the container INTENTIONALLY does not contain image/env vars/replicas/ports, here. 19 | # These values should be provided by overlays on a per environment basis. 20 | -------------------------------------------------------------------------------- /backend-shared/util/time.go: -------------------------------------------------------------------------------- 1 | package util 2 | 3 | import "time" 4 | 5 | // Clock interface is used to mock the functions provided by the time package. 6 | type Clock interface { 7 | Now() time.Time 8 | } 9 | 10 | type clock struct{} 11 | 12 | func (d *clock) Now() time.Time { 13 | return time.Now() 14 | } 15 | 16 | func NewClock() Clock { 17 | return &clock{} 18 | } 19 | 20 | // MockClock implements the Clock interface with a custom current time. 21 | type MockClock struct { 22 | now time.Time 23 | } 24 | 25 | func NewMockClock(cur time.Time) *MockClock { 26 | return &MockClock{ 27 | now: cur, 28 | } 29 | } 30 | 31 | func (m *MockClock) Now() time.Time { 32 | return m.now 33 | } 34 | -------------------------------------------------------------------------------- /backend/config/rbac/managed-gitops.redhat.com_gitopsdeploymentmanagedenvironment_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit gitopsdeploymentmanagedenvironments. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: gitopsdeploymentmanagedenvironment-editor-role 6 | rules: 7 | - apiGroups: 8 | - managed-gitops.redhat.com 9 | resources: 10 | - gitopsdeploymentmanagedenvironments 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - managed-gitops.redhat.com 21 | resources: 22 | - gitopsdeploymentmanagedenvironments/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /resources/test-data/component-based-gitops-repository/components/componentA/base/deployment-sample-workload.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: component-a 5 | spec: 6 | replicas: 0 7 | selector: 8 | matchLabels: 9 | app.kubernetes.io/name: component-a 10 | template: 11 | metadata: 12 | labels: 13 | app.kubernetes.io/name: component-a 14 | spec: 15 | containers: 16 | - name: component-a 17 | imagePullPolicy: Always 18 | 19 | # The spec for the container INTENTIONALLY does not contain image/env vars/replicas/ports, here. 20 | # These values should be provided by overlays on a per environment basis. -------------------------------------------------------------------------------- /appstudio-controller/config/default-no-prometheus/webhookcainjection_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch add annotation to admission webhook config and 2 | # the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize. 3 | #apiVersion: admissionregistration.k8s.io/v1 4 | #kind: MutatingWebhookConfiguration 5 | #metadata: 6 | # name: mutating-webhook-configuration 7 | # annotations: 8 | # service.beta.openshift.io/inject-cabundle: "true" 9 | --- 10 | apiVersion: admissionregistration.k8s.io/v1 11 | kind: ValidatingWebhookConfiguration 12 | metadata: 13 | name: validating-webhook-configuration 14 | annotations: 15 | service.beta.openshift.io/inject-cabundle: "true" 16 | -------------------------------------------------------------------------------- /appstudio-controller/config/rbac/leader_election_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions to do leader election. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: leader-election-role 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - configmaps 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - create 16 | - update 17 | - patch 18 | - delete 19 | - apiGroups: 20 | - coordination.k8s.io 21 | resources: 22 | - leases 23 | verbs: 24 | - get 25 | - list 26 | - watch 27 | - create 28 | - update 29 | - patch 30 | - delete 31 | - apiGroups: 32 | - "" 33 | resources: 34 | - events 35 | verbs: 36 | - create 37 | - patch 38 | -------------------------------------------------------------------------------- /resources/test-data/component-based-gitops-repository-no-route/components/componentA/base/deployment-sample-workload.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: component-a 5 | spec: 6 | replicas: 0 7 | selector: 8 | matchLabels: 9 | app.kubernetes.io/name: component-a 10 | template: 11 | metadata: 12 | labels: 13 | app.kubernetes.io/name: component-a 14 | spec: 15 | containers: 16 | - name: component-a 17 | imagePullPolicy: Always 18 | 19 | # The spec for the container INTENTIONALLY does not contain image/env vars/replicas/ports, here. 20 | # These values should be provided by overlays on a per environment basis. -------------------------------------------------------------------------------- /utilities/db-migration/migrations/000020_v20.down.sql: -------------------------------------------------------------------------------- 1 | ALTER TABLE ApplicationState DROP COLUMN argocd_application_status; 2 | 3 | ALTER TABLE ApplicationState ADD COLUMN health VARCHAR (30) NOT NULL DEFAULT 'Unknown'; 4 | ALTER TABLE ApplicationState ADD COLUMN message VARCHAR (1024); 5 | ALTER TABLE ApplicationState ADD COLUMN revision VARCHAR (1024); 6 | ALTER TABLE ApplicationState ADD COLUMN sync_status VARCHAR (30) NOT NULL DEFAULT 'Unknown'; 7 | ALTER TABLE ApplicationState ADD COLUMN resources bytea; 8 | ALTER TABLE ApplicationState ADD COLUMN reconciled_state VARCHAR ( 4096 ); 9 | ALTER TABLE ApplicationState ADD COLUMN operation_state bytea; 10 | ALTER TABLE ApplicationState ADD COLUMN conditions bytea; -------------------------------------------------------------------------------- /utilities/init-container/Makefile: -------------------------------------------------------------------------------- 1 | 2 | .PHONY: build 3 | build: fmt vet ## Build manager binary. 4 | go build -o bin/init-container main.go 5 | 6 | 7 | .PHONY: lint 8 | lint: 9 | golangci-lint --version 10 | GOMAXPROCS=2 golangci-lint run --fix --verbose --timeout 300s 11 | 12 | # Run go fmt against code 13 | .PHONY: fmt 14 | fmt: 15 | go fmt ./... 16 | 17 | # Run go vet against code 18 | .PHONY: vet 19 | vet: 20 | go vet ./... 21 | 22 | test: fmt vet ## Run tests. 23 | DEV_ONLY_ALLOW_NON_TLS_CONNECTION_TO_POSTGRESQL=true go test -timeout=2m -p=1 ./... -coverprofile cover.out -coverpkg=./... 24 | 25 | 26 | # Remove the vendor and bin folders 27 | .PHONY: clean 28 | clean: 29 | rm -rf vendor/ bin/ 30 | -------------------------------------------------------------------------------- /.dockerignore: -------------------------------------------------------------------------------- 1 | backend/bin/ 2 | backend/dist/ 3 | backend/coverage.out 4 | backend/vendor/ 5 | backend/cover.out 6 | backend/.vscode/ 7 | backend/.idea/ 8 | 9 | cluster-agent/bin/ 10 | cluster-agent/dist/ 11 | cluster-agent/coverage.out 12 | cluster-agent/vendor/ 13 | cluster-agent/.vscode/ 14 | cluster-agent/.idea/ 15 | 16 | backend-shared/bin/ 17 | backend-shared/dist/ 18 | backend-shared/coverage.out 19 | backend-shared/vendor/ 20 | backend-shared/.vscode/ 21 | backend-shared/.idea/ 22 | 23 | appstudio-controller/bin/ 24 | appstudio-controller/dist/ 25 | appstudio-controller/coverage.out 26 | appstudio-controller/vendor/ 27 | appstudio-controller/.vscode/ 28 | appstudio-controller/.idea/ 29 | 30 | goreman.log 31 | -------------------------------------------------------------------------------- /.github/workflows/schema-sync.yml: -------------------------------------------------------------------------------- 1 | name: database schema sync check 2 | on: 3 | workflow_dispatch: 4 | push: 5 | branches: 6 | - "main" 7 | pull_request: 8 | branches: 9 | - "*" 10 | jobs: 11 | schema-sync-test: 12 | name: Run tests to check if database schema is in check with go schema constants 13 | runs-on: ubuntu-latest 14 | steps: 15 | - name: Checkout 16 | uses: actions/checkout@v4 17 | - name: Setup Go 18 | uses: actions/setup-go@v5.3.0 19 | with: 20 | go-version-file: './backend/go.mod' 21 | - name: Run script file 22 | run: | 23 | $GITHUB_WORKSPACE/backend-shared/hack/run-db-schema-sync-check.sh 24 | shell: bash -------------------------------------------------------------------------------- /manifests/scripts/metrics-dashboard/grafana/grafana-data-source.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: integreatly.org/v1alpha1 2 | kind: GrafanaDataSource 3 | metadata: 4 | name: prometheus-grafanadatasource 5 | namespace: grafana 6 | spec: 7 | datasources: 8 | - access: proxy 9 | editable: true 10 | isDefault: true 11 | jsonData: 12 | httpHeaderName1: 'Authorization' 13 | timeInterval: 5s 14 | tlsSkipVerify: true 15 | name: Prometheus 16 | secureJsonData: 17 | httpHeaderValue1: 'Bearer GRAFANA_SA_TOKEN' 18 | type: prometheus 19 | url: 'https://thanos-querier.openshift-monitoring.svc.cluster.local:9091' 20 | name: prometheus-grafanadatasource.yaml 21 | -------------------------------------------------------------------------------- /utilities/gitopsctl/README.md: -------------------------------------------------------------------------------- 1 | 2 | # gitopsctl: a CLI for GitOps Service team members 3 | 4 | `gitopsctl` is an experimental, lightweight CLI for use by the developers of the 5 | GitOps Service team. It is not for use by customers/end users, nor would it be useful to them for any purpose. 6 | 7 | The goal of this tool is to provide reusable commands which can be used to 8 | reduce the toil of supporting/debugging the GitOps Service. 9 | - Downloading the logs from OpenShift CI jobs 10 | - Parsing JSON-formatted controller logs 11 | 12 | Run `gitopsctl --help` for list of commands. 13 | 14 | 15 | ## Development 16 | 17 | `gitopsctl` uses `spf13/cobra` for command parsing, and `fatih/color` for ANSI color output. -------------------------------------------------------------------------------- /appstudio-controller/examples/snapshot.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: appstudio.redhat.com/v1alpha1 2 | kind: Snapshot 3 | metadata: 4 | name: my-snapshot 5 | spec: 6 | application: "new-demo-app" 7 | displayName: "My known good staging snapshot" 8 | displayDescription: "The best we've had so far!" 9 | components: 10 | - name: component-a 11 | containerImage: quay.io/jgwest-redhat/sample-workload:latest 12 | artifacts: 13 | unstableFields: 14 | build: 15 | - containerImage: quay.io/jgwest-redhat/sample-workload:latest 16 | sourceRepository: 17 | url: https://github.com/redhat-appstudio/managed-gitops 18 | commitID: a594265 19 | attributes: 20 | - qeApproved -------------------------------------------------------------------------------- /appstudio-controller/config/default/manager_webhook_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - name: manager 11 | ports: 12 | - containerPort: 8080 13 | name: http-metrics 14 | - containerPort: 9443 15 | name: webhook-server 16 | protocol: TCP 17 | volumeMounts: 18 | - mountPath: /tmp/k8s-webhook-server/serving-certs 19 | name: cert 20 | readOnly: true 21 | volumes: 22 | - name: cert 23 | secret: 24 | defaultMode: 420 25 | secretName: webhook-server-cert 26 | -------------------------------------------------------------------------------- /manifests/overlays/appstudio-staging-cluster/prometheus/backend/service-monitor.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: ServiceMonitor 3 | metadata: 4 | name: gitops-backend-controller 5 | namespace: appstudio-workload-monitoring 6 | labels: 7 | control-plane: backend-controller-manager 8 | 9 | spec: 10 | endpoints: 11 | - bearerTokenSecret: 12 | key: token 13 | name: prometheus-k8s-token-xhrjb 14 | interval: 15s 15 | path: /metrics 16 | port: metrics 17 | scheme: https 18 | tlsConfig: 19 | insecureSkipVerify: true 20 | namespaceSelector: 21 | matchNames: 22 | - gitops 23 | selector: 24 | matchLabels: 25 | control-plane: backend-controller-manager 26 | -------------------------------------------------------------------------------- /manifests/overlays/appstudio-staging-cluster/prometheus/appstudio-controller/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | control-plane: appstudio-controller-manager 6 | name: gitops-appstudio-service-controller-manager-metrics-service 7 | namespace: gitops 8 | spec: 9 | internalTrafficPolicy: Cluster 10 | ipFamilies: 11 | - IPv4 12 | ipFamilyPolicy: SingleStack 13 | ports: 14 | # - name: http-metrics 15 | # port: 8080 16 | # protocol: TCP 17 | # targetPort: 8080 18 | - name: metrics 19 | protocol: TCP 20 | port: 8443 21 | targetPort: https 22 | selector: 23 | control-plane: appstudio-controller-manager 24 | sessionAffinity: None 25 | type: ClusterIP 26 | -------------------------------------------------------------------------------- /manifests/overlays/appstudio-staging-cluster/prometheus/backend/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | control-plane: backend-controller-manager 6 | name: gitops-core-service-controller-manager-metrics-service 7 | namespace: gitops 8 | spec: 9 | internalTrafficPolicy: Cluster 10 | ipFamilies: 11 | - IPv4 12 | ipFamilyPolicy: SingleStack 13 | # ports: 14 | # - name: http-metrics 15 | # port: 8080 16 | # protocol: TCP 17 | # targetPort: 8080 18 | ports: 19 | - name: metrics 20 | protocol: TCP 21 | port: 8443 22 | targetPort: https 23 | 24 | selector: 25 | control-plane: backend-controller-manager 26 | sessionAffinity: None 27 | type: ClusterIP -------------------------------------------------------------------------------- /manifests/overlays/k8s-env/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - ../../base/crd/overlays/local-dev 6 | - ../../base/gitops-namespace 7 | - ../../base/cluster-scoped 8 | - ../../../appstudio-controller/config/default 9 | - ../../../backend/config/default 10 | - ../../../cluster-agent/config/default 11 | - ../../base/postgresql-staging 12 | # - ../../base/gitops-service-argocd 13 | 14 | patchesStrategicMerge: 15 | - backend-deployment-patch.yaml 16 | - cluster-agent-deployment-patch.yaml 17 | 18 | # Uncomment to use a custom image: 19 | 20 | # images: 21 | # - name: \${COMMON_IMAGE} 22 | # newName: quay.io/(your user name)/gitops-service 23 | # newTag: latest 24 | -------------------------------------------------------------------------------- /backend-shared/apis/managed-gitops/v1alpha1/mocks/generate.go: -------------------------------------------------------------------------------- 1 | package mocks 2 | 3 | // This is a dummy source file whose job is to contain the directives to (re)produce the generated 4 | // mock fixtures in this package that come from source files outside of this project (otherwise the 5 | // directives should go in the source files themselves). 6 | // Run `make generate` from the project root. 7 | // Dependency: mockgen, qua: 8 | // GO111MODULE=on go install github.com/golang/mock/mockgen@latest 9 | 10 | //go:generate mockgen -destination ./cr-client.go -package mocks sigs.k8s.io/controller-runtime/pkg/client Client 11 | //go:generate mockgen -destination ./status-writer.go -package mocks sigs.k8s.io/controller-runtime/pkg/client StatusWriter 12 | -------------------------------------------------------------------------------- /cluster-agent/metrics/operation_metrics.go: -------------------------------------------------------------------------------- 1 | package metrics 2 | 3 | import ( 4 | "github.com/prometheus/client_golang/prometheus" 5 | "github.com/prometheus/client_golang/prometheus/promauto" 6 | ) 7 | 8 | var ( 9 | OperationCR = promauto.NewGauge( 10 | prometheus.GaugeOpts{ 11 | Name: "number_of_operationsCR", 12 | Help: "number of operations CR on the cluster", 13 | ConstLabels: map[string]string{"name": "total_operations_CR_on_cluster"}, 14 | }, 15 | ) 16 | ) 17 | 18 | // SetNumberOfOperationsCR sets total number of operation CRs on cluster 19 | func SetNumberOfOperationsCR(count int) { 20 | OperationCR.Set(float64(count)) 21 | } 22 | 23 | func ClearOperationMetrics() { 24 | SetNumberOfOperationsCR(0) 25 | } 26 | -------------------------------------------------------------------------------- /manifests/overlays/appstudio-staging-cluster/prometheus/cluster-agent/service-monitor.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: ServiceMonitor 3 | metadata: 4 | name: gitops-cluster-agent-controller 5 | namespace: appstudio-workload-monitoring 6 | labels: 7 | control-plane: cluster-agent-controller-manager 8 | spec: 9 | endpoints: 10 | - bearerTokenSecret: 11 | key: token 12 | name: prometheus-k8s-token-xhrjb 13 | interval: 15s 14 | path: /metrics 15 | port: metrics 16 | scheme: https 17 | tlsConfig: 18 | insecureSkipVerify: true 19 | namespaceSelector: 20 | matchNames: 21 | - gitops 22 | selector: 23 | matchLabels: 24 | control-plane: cluster-agent-controller-manager 25 | -------------------------------------------------------------------------------- /manifests/scripts/metrics-dashboard/prometheus/enable-user-workload-monitoring.yaml: -------------------------------------------------------------------------------- 1 | 2 | # This is a hack, which is likely to break based on changes to this ConfigMap :P 3 | # This was working as of OpenShift 4.11 - @jonwest, Jan 11, 2023 4 | 5 | apiVersion: v1 6 | data: 7 | config.yaml: |- 8 | enableUserWorkload: true 9 | prometheusK8s: 10 | 11 | volumeClaimTemplate: 12 | metadata: 13 | name: prometheus-data 14 | annotations: 15 | openshift.io/cluster-monitoring-drop-pvc: "yes" 16 | spec: 17 | resources: 18 | requests: 19 | storage: 20Gi 20 | kind: ConfigMap 21 | metadata: 22 | name: cluster-monitoring-config 23 | namespace: openshift-monitoring 24 | -------------------------------------------------------------------------------- /manifests/scripts/metrics-dashboard/grafana/grafana-cr.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: integreatly.org/v1alpha1 2 | kind: Grafana 3 | metadata: 4 | name: example-grafana 5 | namespace: grafana 6 | spec: 7 | baseImage: docker.io/grafana/grafana:9.1.6 8 | config: 9 | auth: 10 | disable_signout_menu: true 11 | auth.anonymous: 12 | enabled: false 13 | log: 14 | level: warn 15 | mode: console 16 | security: 17 | admin_password: ADMIN_SECRET_VALUE 18 | admin_user: user 19 | dashboardLabelSelector: 20 | - matchExpressions: 21 | - key: app 22 | operator: In 23 | values: 24 | - grafana 25 | ingress: 26 | enabled: true 27 | hostname: HOSTNAME # hostname.apps.cvogt-22.devcluster.openshift.com 28 | -------------------------------------------------------------------------------- /manifests/overlays/appstudio-staging-cluster/prometheus/appstudio-controller/service-monitor.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: ServiceMonitor 3 | metadata: 4 | name: gitops-appstudio-service-controller-manager-metrics-monitor 5 | namespace: appstudio-workload-monitoring 6 | labels: 7 | control-plane: appstudio-controller-manager 8 | spec: 9 | endpoints: 10 | - bearerTokenSecret: 11 | key: token 12 | name: prometheus-k8s-token-xhrjb 13 | interval: 15s 14 | path: /metrics 15 | port: metrics 16 | scheme: https 17 | tlsConfig: 18 | insecureSkipVerify: true 19 | namespaceSelector: 20 | matchNames: 21 | - gitops 22 | selector: 23 | matchLabels: 24 | control-plane: appstudio-controller-manager -------------------------------------------------------------------------------- /utilities/yamllint.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | yaml-files: 3 | - '*.yaml' 4 | - '*.yml' 5 | rules: 6 | braces: enable 7 | brackets: enable 8 | colons: enable 9 | commas: enable 10 | comments: 11 | require-starting-space: true 12 | ignore-shebangs: true 13 | min-spaces-from-content: 1 14 | comments-indentation: enable 15 | document-end: disable 16 | document-start: enable 17 | empty-lines: enable 18 | empty-values: disable 19 | float-values: disable 20 | hyphens: enable 21 | indentation: disable 22 | key-duplicates: enable 23 | key-ordering: disable 24 | line-length: disable 25 | new-line-at-end-of-file: enable 26 | new-lines: enable 27 | octal-values: disable 28 | quoted-strings: disable 29 | trailing-spaces: enable 30 | truthy: 31 | check-keys: false -------------------------------------------------------------------------------- /backend/config/rbac/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | # All RBAC will be applied under this service account in 3 | # the deployment namespace. You may comment out this resource 4 | # if your manager will use a service account that exists at 5 | # runtime. Be sure to update RoleBinding and ClusterRoleBinding 6 | # subjects if changing service account names. 7 | - service_account.yaml 8 | - role.yaml 9 | - role_binding.yaml 10 | - leader_election_role.yaml 11 | - leader_election_role_binding.yaml 12 | # Comment the following 4 lines if you want to disable 13 | # the auth proxy (https://github.com/brancz/kube-rbac-proxy) 14 | # which protects your /metrics endpoint. 15 | #- auth_proxy_service.yaml 16 | - auth_proxy_role.yaml 17 | - auth_proxy_role_binding.yaml 18 | - auth_proxy_client_clusterrole.yaml 19 | -------------------------------------------------------------------------------- /manifests/overlays/appstudio-staging-cluster/prometheus/cluster-agent/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | control-plane: cluster-agent-controller-manager 6 | name: gitops-service-agent-controller-manager-metrics-service 7 | namespace: gitops 8 | spec: 9 | internalTrafficPolicy: Cluster 10 | ipFamilies: 11 | - IPv4 12 | ipFamilyPolicy: SingleStack 13 | ports: 14 | - name: metrics 15 | protocol: TCP 16 | port: 8443 17 | targetPort: https 18 | # - name: http-metrics 19 | # port: 8080 20 | # protocol: TCP 21 | # targetPort: 8080 22 | selector: 23 | control-plane: cluster-agent-controller-manager 24 | sessionAffinity: None 25 | type: ClusterIP -------------------------------------------------------------------------------- /examples/m6-demo/gitops-deployment-managed-environment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: managed-gitops.redhat.com/v1alpha1 2 | kind: GitOpsDeployment 3 | 4 | metadata: 5 | name: managed-environment-gitops-depl 6 | namespace: jane 7 | 8 | spec: 9 | 10 | # Application/component to deploy 11 | source: 12 | repoURL: https://github.com/redhat-appstudio/managed-gitops 13 | path: resources/test-data/sample-gitops-repository/environments/overlays/dev 14 | 15 | destination: # destination is user workspace if empty 16 | environment: my-managed-environment 17 | namespace: jane # NOTE: namespace must exist on remote cluster 18 | 19 | # Only 'automated' type is currently supported: changes to the GitOps repo immediately take effect (as soon as Argo CD detects them). 20 | type: automated 21 | 22 | -------------------------------------------------------------------------------- /cluster-agent/config/rbac/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | # All RBAC will be applied under this service account in 3 | # the deployment namespace. You may comment out this resource 4 | # if your manager will use a service account that exists at 5 | # runtime. Be sure to update RoleBinding and ClusterRoleBinding 6 | # subjects if changing service account names. 7 | - service_account.yaml 8 | - role.yaml 9 | - role_binding.yaml 10 | - leader_election_role.yaml 11 | - leader_election_role_binding.yaml 12 | # Comment the following 4 lines if you want to disable 13 | # the auth proxy (https://github.com/brancz/kube-rbac-proxy) 14 | # which protects your /metrics endpoint. 15 | # - auth_proxy_service.yaml 16 | - auth_proxy_role.yaml 17 | - auth_proxy_role_binding.yaml 18 | - auth_proxy_client_clusterrole.yaml 19 | -------------------------------------------------------------------------------- /cluster-agent/metrics/operation_metrics_test.go: -------------------------------------------------------------------------------- 1 | package metrics 2 | 3 | import ( 4 | . "github.com/onsi/ginkgo/v2" 5 | . "github.com/onsi/gomega" 6 | "github.com/prometheus/client_golang/prometheus/testutil" 7 | ) 8 | 9 | var _ = Describe("Test for Operation CR metrics counter", func() { 10 | 11 | Context("Prometheus metrics responds to count of operation CRs on a cluster", func() { 12 | 13 | It("Test SetNumberOfOperationsCR function", func() { 14 | 15 | ClearOperationMetrics() 16 | 17 | numberOfOperationsCRMetrics := testutil.ToFloat64(OperationCR) 18 | 19 | SetNumberOfOperationsCR(2) 20 | 21 | newNumberOfOperationsCRMetrics := testutil.ToFloat64(OperationCR) 22 | 23 | Expect(newNumberOfOperationsCRMetrics).To(Equal(numberOfOperationsCRMetrics + 2)) 24 | 25 | }) 26 | }) 27 | }) 28 | -------------------------------------------------------------------------------- /backend-shared/apis/managed-gitops/v1alpha1/mocks/structs/builders.go: -------------------------------------------------------------------------------- 1 | package structs 2 | 3 | import ( 4 | "github.com/golang/mock/gomock" 5 | "k8s.io/apimachinery/pkg/runtime" 6 | "sigs.k8s.io/controller-runtime/pkg/client" 7 | fakekubeclient "sigs.k8s.io/controller-runtime/pkg/client/fake" 8 | "testing" 9 | ) 10 | 11 | type mocks struct { 12 | FakeKubeClient client.Client 13 | MockCtrl *gomock.Controller 14 | } 15 | 16 | // SetupDefaultMocks is an easy way to set up all the default mocks 17 | func SetupDefaultMocks(t *testing.T, localObjects []runtime.Object) *mocks { 18 | mockKubeClient := fakekubeclient.NewFakeClient(localObjects...) // nolint: staticcheck 19 | mockCtrl := gomock.NewController(t) 20 | 21 | return &mocks{ 22 | FakeKubeClient: mockKubeClient, 23 | MockCtrl: mockCtrl, 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /utilities/gitopsctl/cmd/parse.go: -------------------------------------------------------------------------------- 1 | package cmd 2 | 3 | import ( 4 | "github.com/spf13/cobra" 5 | ) 6 | 7 | // parseCmd represents the download command 8 | var parseCmd = &cobra.Command{ 9 | Use: "parse", 10 | Short: "", 11 | Long: ``, 12 | // Run: func(cmd *cobra.Command, args []string) { 13 | // }, 14 | } 15 | 16 | func init() { 17 | rootCmd.AddCommand(parseCmd) 18 | 19 | // Here you will define your flags and configuration settings. 20 | 21 | // Cobra supports Persistent Flags which will work for this command 22 | // and all subcommands, e.g.: 23 | // downloadCmd.PersistentFlags().String("foo", "", "A help for foo") 24 | 25 | // Cobra supports local flags which will only run when this command 26 | // is called directly, e.g.: 27 | // downloadCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle") 28 | } 29 | -------------------------------------------------------------------------------- /manifests/scripts/metrics-dashboard/postgresql/postgresql-data-source.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: integreatly.org/v1alpha1 2 | kind: GrafanaDataSource 3 | metadata: 4 | name: prometheus-postgresql-datasource 5 | namespace: grafana 6 | spec: 7 | datasources: 8 | - name: PostgreSQL 9 | type: postgres 10 | url: POSTGRESQL_CLUSTERIP:5432 11 | user: postgres 12 | secureJsonData: 13 | password: POSTGRESQL_TOKEN 14 | jsonData: 15 | sslmode: "disable" # disable/require/verify-ca/verify-full 16 | maxOpenConns: 0 # Grafana v5.4+ 17 | maxIdleConns: 2 # Grafana v5.4+ 18 | connMaxLifetime: 14400 # Grafana v5.4+ 19 | postgresVersion: 903 # 903=9.3, 904=9.4, 905=9.5, 906=9.6, 1000=10 20 | timescaledb: false 21 | name: prometheus-postgresql-datasource.yaml 22 | -------------------------------------------------------------------------------- /backend-shared/db/postgres-integration_test.go: -------------------------------------------------------------------------------- 1 | package db 2 | 3 | import ( 4 | "os" 5 | "testing" 6 | 7 | "github.com/stretchr/testify/assert" 8 | ) 9 | 10 | func Test_isEnvExist(t *testing.T) { 11 | type args struct { 12 | envVar string 13 | err error 14 | } 15 | tests := []struct { 16 | name string 17 | args args 18 | want bool 19 | }{ 20 | {name: "Env variable exists", args: args{envVar: "FOO", err: os.Setenv("FOO", "bar")}, want: true}, 21 | {name: "Env variable is case sensitive", args: args{envVar: "foo", err: os.Setenv("FOO", "bar")}, want: false}, 22 | {name: "Env variable does not exist", args: args{envVar: "doesNotExist", err: nil}, want: false}, 23 | } 24 | for _, tt := range tests { 25 | t.Run(tt.name, func(t *testing.T) { 26 | assert.Equalf(t, tt.want, isEnvExist(tt.args.envVar), "isEnvExist(%v)", tt.args.envVar) 27 | }) 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /manifests/overlays/stonesoup-member-cluster/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - ../../base/crd/overlays/stonesoup 6 | - ../../base/gitops-namespace 7 | - ../../base/cluster-scoped 8 | - ../../../appstudio-controller/config/default-no-prometheus 9 | - ../../../backend/config/default-no-prometheus 10 | - ../../../cluster-agent/config/default-no-prometheus 11 | - ../../base/gitops-service-argocd/overlays/appstudio-staging-and-prod 12 | - ../appstudio-staging-cluster/prometheus 13 | 14 | patchesStrategicMerge: 15 | - backend-deployment-patch.yaml 16 | - cluster-agent-deployment-patch.yaml 17 | - appstudio-controller-deployment-patch.yaml 18 | 19 | # Uncomment to use a custom image: 20 | # images: 21 | # - name: \${COMMON_IMAGE} 22 | # newName: quay.io/(your user name)/gitops-service 23 | # newTag: latest 24 | -------------------------------------------------------------------------------- /.ci/base-image/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM registry.ci.openshift.org/openshift/release:golang-1.19 2 | 3 | # make sure Go doesn't use the vendors folder, unless we want to 4 | ENV GOFLAGS="" 5 | 6 | SHELL ["/bin/bash", "-c"] 7 | 8 | # Install yq, kubectl, postgresql-server, argocd cli 9 | RUN curl -sSL -o /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 && \ 10 | chmod +x /usr/local/bin/yq && yq --version && \ 11 | curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl && \ 12 | chmod +x ./kubectl && \ 13 | mv ./kubectl /usr/local/bin && \ 14 | yum -y install postgresql-server && \ 15 | curl -sSL -o /usr/local/bin/argocd https://github.com/argoproj/argo-cd/releases/latest/download/argocd-linux-amd64 && chmod +x /usr/local/bin/argocd 16 | -------------------------------------------------------------------------------- /appstudio-controller/config/rbac/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | # All RBAC will be applied under this service account in 3 | # the deployment namespace. You may comment out this resource 4 | # if your manager will use a service account that exists at 5 | # runtime. Be sure to update RoleBinding and ClusterRoleBinding 6 | # subjects if changing service account names. 7 | - service_account.yaml 8 | - role.yaml 9 | - role_binding.yaml 10 | - leader_election_role.yaml 11 | - leader_election_role_binding.yaml 12 | # Comment the following 4 lines if you want to disable 13 | # the auth proxy (https://github.com/brancz/kube-rbac-proxy) 14 | # which protects your /metrics endpoint. 15 | #- auth_proxy_service.yaml 16 | - auth_proxy_role.yaml 17 | - auth_proxy_role_binding.yaml 18 | - auth_proxy_client_clusterrole.yaml 19 | - deploymenttargetclass_view_role.yaml 20 | - deploymenttargetclass_view_role_binding.yaml 21 | -------------------------------------------------------------------------------- /appstudio-controller/examples/binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: appstudio.redhat.com/v1alpha1 2 | kind: SnapshotEnvironmentBinding 3 | metadata: 4 | name: appa-staging-binding 5 | labels: 6 | appstudio.application: new-demo-app 7 | appstudio.environment: staging 8 | spec: 9 | application: new-demo-app 10 | environment: staging 11 | snapshot: my-snapshot 12 | components: 13 | - name: component-a 14 | configuration: 15 | env: 16 | - name: My_STG_ENV 17 | value: "200" 18 | replicas: 3 19 | status: 20 | components: 21 | - name: component-a 22 | gitopsRepository: 23 | url: "https://github.com/redhat-appstudio/managed-gitops" 24 | branch: main 25 | path: resources/test-data/sample-gitops-repository/components/componentA/overlays/staging 26 | generatedResources: 27 | - abc.yaml 28 | commitID: fdhyqtw 29 | -------------------------------------------------------------------------------- /backend/config/webhook/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # the following config is for teaching kustomize where to look at when substituting vars. 2 | # It requires kustomize v2.1.0 or newer to work properly. 3 | nameReference: 4 | - kind: Service 5 | version: v1 6 | fieldSpecs: 7 | - kind: MutatingWebhookConfiguration 8 | group: admissionregistration.k8s.io 9 | path: webhooks/clientConfig/service/name 10 | - kind: ValidatingWebhookConfiguration 11 | group: admissionregistration.k8s.io 12 | path: webhooks/clientConfig/service/name 13 | 14 | namespace: 15 | - kind: MutatingWebhookConfiguration 16 | group: admissionregistration.k8s.io 17 | path: webhooks/clientConfig/service/namespace 18 | create: true 19 | - kind: ValidatingWebhookConfiguration 20 | group: admissionregistration.k8s.io 21 | path: webhooks/clientConfig/service/namespace 22 | create: true 23 | 24 | varReference: 25 | - path: metadata/annotations 26 | -------------------------------------------------------------------------------- /backend-shared/config/webhook/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # the following config is for teaching kustomize where to look at when substituting vars. 2 | # It requires kustomize v2.1.0 or newer to work properly. 3 | nameReference: 4 | - kind: Service 5 | version: v1 6 | fieldSpecs: 7 | - kind: MutatingWebhookConfiguration 8 | group: admissionregistration.k8s.io 9 | path: webhooks/clientConfig/service/name 10 | - kind: ValidatingWebhookConfiguration 11 | group: admissionregistration.k8s.io 12 | path: webhooks/clientConfig/service/name 13 | 14 | namespace: 15 | - kind: MutatingWebhookConfiguration 16 | group: admissionregistration.k8s.io 17 | path: webhooks/clientConfig/service/namespace 18 | create: true 19 | - kind: ValidatingWebhookConfiguration 20 | group: admissionregistration.k8s.io 21 | path: webhooks/clientConfig/service/namespace 22 | create: true 23 | 24 | varReference: 25 | - path: metadata/annotations 26 | -------------------------------------------------------------------------------- /manifests/scripts/metrics-dashboard/prometheus/prometheus-roles-for-openshift-operators.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | name: gitops-metrics-read 5 | namespace: openshift-operators 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - endpoints 11 | - services 12 | - pods 13 | verbs: 14 | - get 15 | - list 16 | - watch 17 | - apiGroups: 18 | - monitoring.coreos.com 19 | resources: 20 | - servicemonitors 21 | verbs: 22 | - get 23 | - watch 24 | - list 25 | --- 26 | apiVersion: rbac.authorization.k8s.io/v1 27 | kind: RoleBinding 28 | metadata: 29 | name: gitops-metrics-prometheus-k8s-read-binding 30 | namespace: openshift-operators 31 | roleRef: 32 | apiGroup: rbac.authorization.k8s.io 33 | kind: Role 34 | name: gitops-metrics-read 35 | subjects: 36 | - kind: ServiceAccount 37 | name: prometheus-k8s 38 | namespace: openshift-monitoring 39 | 40 | -------------------------------------------------------------------------------- /appstudio-controller/config/webhook/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # the following config is for teaching kustomize where to look at when substituting vars. 2 | # It requires kustomize v2.1.0 or newer to work properly. 3 | nameReference: 4 | - kind: Service 5 | version: v1 6 | fieldSpecs: 7 | - kind: MutatingWebhookConfiguration 8 | group: admissionregistration.k8s.io 9 | path: webhooks/clientConfig/service/name 10 | - kind: ValidatingWebhookConfiguration 11 | group: admissionregistration.k8s.io 12 | path: webhooks/clientConfig/service/name 13 | 14 | namespace: 15 | - kind: MutatingWebhookConfiguration 16 | group: admissionregistration.k8s.io 17 | path: webhooks/clientConfig/service/namespace 18 | create: true 19 | - kind: ValidatingWebhookConfiguration 20 | group: admissionregistration.k8s.io 21 | path: webhooks/clientConfig/service/namespace 22 | create: true 23 | 24 | varReference: 25 | - path: metadata/annotations 26 | -------------------------------------------------------------------------------- /manifests/base/postgresql-staging/README.md: -------------------------------------------------------------------------------- 1 | # PostgreSQL Database for GitOps 2 | 3 | ## Support 4 | 5 | The Red Hat suported image `registry.redhat.io/rhel8/postgresql-13` is used in this setup via the `ImageStreamTag` made 6 | available for all OpenShift Container Platform users. 7 | 8 | 9 | ## Installation 10 | 11 | Then, to install PostgreSQL onto the cluster, all someone needs to do is: 12 | ``` 13 | kubectl apply -f postgresql-staging.yaml 14 | 15 | # Edit the staging-secret to include a new base-64 encoded password 16 | 17 | kubectl apply -f postgresql-staging-secret.yaml 18 | ``` 19 | 20 | The installation yaml could also be checked into a GitOps respository, subject to careful handling of credentials. 21 | 22 | 23 | Note: kcp (till release-0.7) has no knowledge of default protocols, and hence we need to explicitly define them. In this case, make sure to run `.addProtocol.sh` if any changes are made to the postgres-staging.yaml. -------------------------------------------------------------------------------- /resources/test-data/sample-gitops-repository/components/componentA/base/deployment-sample-workload.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: component-a 5 | spec: 6 | selector: 7 | matchLabels: 8 | app.kubernetes.io/name: component-a 9 | template: 10 | metadata: 11 | labels: 12 | app.kubernetes.io/name: component-a 13 | spec: 14 | containers: 15 | - name: component-a 16 | image: quay.io/jgwest-redhat/sample-workload:latest 17 | imagePullPolicy: Always 18 | # command: 19 | # - entrypoint.sh 20 | env: 21 | - name: ENV_VAR_FROM_CONFIG_MAP 22 | valueFrom: 23 | configMapKeyRef: 24 | name: environment-config-map 25 | key: environment-env-var 26 | - name: ANOTHER_ENV_VAR 27 | value: another-value 28 | 29 | ports: 30 | - containerPort: 8080 31 | protocol: TCP 32 | -------------------------------------------------------------------------------- /resources/test-data/sample-gitops-repository/components/componentB/base/deployment-sample-workload.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: component-b 5 | spec: 6 | selector: 7 | matchLabels: 8 | app.kubernetes.io/name: component-b 9 | template: 10 | metadata: 11 | labels: 12 | app.kubernetes.io/name: component-b 13 | spec: 14 | containers: 15 | - name: component-b 16 | image: quay.io/jgwest-redhat/sample-workload:latest 17 | imagePullPolicy: Always 18 | # command: 19 | # - entrypoint.sh 20 | env: 21 | - name: ENV_VAR_FROM_CONFIG_MAP 22 | valueFrom: 23 | configMapKeyRef: 24 | name: environment-config-map 25 | key: environment-env-var 26 | - name: ANOTHER_ENV_VAR 27 | value: another-value 28 | 29 | ports: 30 | - containerPort: 8080 31 | protocol: TCP 32 | -------------------------------------------------------------------------------- /utilities/db-migration/migrations/000006_v6.up.sql: -------------------------------------------------------------------------------- 1 | 2 | ALTER TABLE apicrtodatabasemapping ADD CONSTRAINT apicrtodatabasemapping_api_resource_type_api_resource_uid_d_key UNIQUE (api_resource_type, api_resource_uid, db_relation_type); 3 | 4 | ALTER TABLE apicrtodatabasemapping ADD CONSTRAINT apicrtodatabasemapping_db_relation_type_db_relation_key_api_key UNIQUE (db_relation_type, db_relation_key, api_resource_type); 5 | 6 | ALTER TABLE gitopsengineinstance ADD CONSTRAINT gitopsengineinstance_namespace_name_namespace_uid_engineclu_key UNIQUE (namespace_name, namespace_uid, enginecluster_id); 7 | 8 | ALTER TABLE kubernetestodbresourcemapping ADD CONSTRAINT kubernetestodbresourcemapping_db_relation_type_db_relation__key UNIQUE (db_relation_type, db_relation_key, kubernetes_resource_type); 9 | 10 | ALTER TABLE kubernetestodbresourcemapping ADD CONSTRAINT kubernetestodbresourcemapping_kubernetes_resource_type_kube_key UNIQUE (kubernetes_resource_type, kubernetes_resource_uid, db_relation_type); 11 | -------------------------------------------------------------------------------- /utilities/gitopsctl/cmd/download.go: -------------------------------------------------------------------------------- 1 | package cmd 2 | 3 | import ( 4 | "github.com/spf13/cobra" 5 | ) 6 | 7 | // downloadCmd represents the download command 8 | var downloadCmd = &cobra.Command{ 9 | Use: "download", 10 | Short: "Download various artifacts, including OpenShift CI test logs", 11 | Long: `A subcommand that allows downloading various artifacts, including OpenShift-CI test logs.`, 12 | // Run: func(cmd *cobra.Command, args []string) { 13 | // }, 14 | } 15 | 16 | func init() { 17 | rootCmd.AddCommand(downloadCmd) 18 | 19 | // Here you will define your flags and configuration settings. 20 | 21 | // Cobra supports Persistent Flags which will work for this command 22 | // and all subcommands, e.g.: 23 | // downloadCmd.PersistentFlags().String("foo", "", "A help for foo") 24 | 25 | // Cobra supports local flags which will only run when this command 26 | // is called directly, e.g.: 27 | // downloadCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle") 28 | } 29 | -------------------------------------------------------------------------------- /examples/m6-demo/setup-on-openshift.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | echo "* Cloning GitOps Service source repository ------------------------------" 4 | echo 5 | M6_DEMO_ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" 6 | 7 | 8 | GITOPS_TEMP_DIR=$(mktemp -d) 9 | 10 | cd "$GITOPS_TEMP_DIR" || exit 11 | 12 | # NOTE: Update this to redhat-appstudio once the PR merges 13 | 14 | git clone https://github.com/redhat-appstudio/managed-gitops 15 | cd managed-gitops || exit 16 | 17 | echo "* Installing Argo CD to OpenShift cluster, and setting up dev environment-" 18 | echo 19 | make install-argocd-openshift devenv-docker reset-db 20 | 21 | echo "* Creating demo user namespaces ------------------------------------------" 22 | echo 23 | kubectl apply -f "$M6_DEMO_ROOT/resources/jane-namespace.yaml" 24 | kubectl apply -f "$M6_DEMO_ROOT/resources/jgw-namespace.yaml" 25 | 26 | echo "* Building and starting GitOps Service ----------------------------------" 27 | echo 28 | make start 29 | 30 | 31 | -------------------------------------------------------------------------------- /backend-shared/util/profiling.go: -------------------------------------------------------------------------------- 1 | package util 2 | 3 | import ( 4 | "log" 5 | "net/http" 6 | "net/http/pprof" 7 | "os" 8 | "strings" 9 | ) 10 | 11 | const ( 12 | // ENABLE_PROFILING is set to True to start profilers. 13 | enableProfilingEnv string = "ENABLE_PROFILING" 14 | ) 15 | 16 | // IsProfilingEnabled checks if profiling is enabled. 17 | func IsProfilingEnabled() bool { 18 | val, found := os.LookupEnv(enableProfilingEnv) 19 | if !found { 20 | return false 21 | } 22 | 23 | return strings.ToLower(val) == "true" 24 | } 25 | 26 | // StartProfilers starts a pprof profiling server at the given address. 27 | func StartProfilers(addr string) { 28 | mux := http.NewServeMux() 29 | mux.HandleFunc("/debug/pprof/", pprof.Index) 30 | mux.HandleFunc("/debug/pprof/cmdline", pprof.Cmdline) 31 | mux.HandleFunc("/debug/pprof/profile", pprof.Profile) 32 | mux.HandleFunc("/debug/pprof/symbol", pprof.Symbol) 33 | mux.HandleFunc("/debug/pprof/trace", pprof.Trace) 34 | 35 | log.Fatal(http.ListenAndServe(addr, mux)) // #nosec G114 36 | } 37 | -------------------------------------------------------------------------------- /manifests/overlays/appstudio-staging-cluster/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - ../../base/crd/overlays/stonesoup 6 | - ../../base/gitops-namespace 7 | # This is not needed: these kustomize overlay is used to run appstudio-e2e tests in infra-deployments, 8 | # and these tests assume that there is no DeploymentTargetClass defined. 9 | # - ../../base/cluster-scoped 10 | - ../../../appstudio-controller/config/default-no-prometheus 11 | - ../../../backend/config/default-no-prometheus 12 | - ../../../cluster-agent/config/default-no-prometheus 13 | - ../../base/postgresql-staging 14 | - ../../base/gitops-service-argocd/base 15 | - prometheus/ 16 | 17 | patchesStrategicMerge: 18 | - backend-deployment-patch.yaml 19 | - cluster-agent-deployment-patch.yaml 20 | - appstudio-controller-deployment-patch.yaml 21 | 22 | # Uncomment to use a custom image: 23 | # images: 24 | # - name: \${COMMON_IMAGE} 25 | # newName: quay.io/(your user name)/gitops-service 26 | # newTag: latest 27 | -------------------------------------------------------------------------------- /utilities/db-migration/migrations/000016_v16.up.sql: -------------------------------------------------------------------------------- 1 | -- ApplicationOwner indicates which Applications are owned by which user(s) 2 | CREATE TABLE ApplicationOwner ( 3 | 4 | -- Foreign key to Application.application_id 5 | application_owner_application_id VARCHAR(48) NOT NULL, 6 | CONSTRAINT fk_app_id FOREIGN KEY (application_owner_application_id) REFERENCES Application(application_id) ON DELETE NO ACTION ON UPDATE NO ACTION, 7 | 8 | -- Describes whose cluster this is (UID) 9 | -- Foreign key to: ClusterUser.clusteruser_id 10 | application_owner_user_id VARCHAR(48) NOT NULL, 11 | CONSTRAINT fk_clusteruser_id FOREIGN KEY (application_owner_user_id) REFERENCES ClusterUser(clusteruser_id) ON DELETE NO ACTION ON UPDATE NO ACTION, 12 | 13 | seq_id SERIAL, 14 | 15 | -- When ClusterUser was created, which allows us to tell how old the resources are 16 | created_on TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, 17 | 18 | PRIMARY KEY (application_owner_application_id, application_owner_user_id) 19 | ); 20 | -------------------------------------------------------------------------------- /backend/config/default/manager_auth_proxy_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch inject a sidecar container which is a HTTP proxy for the 2 | # controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. 3 | apiVersion: apps/v1 4 | kind: Deployment 5 | metadata: 6 | name: controller-manager 7 | namespace: system 8 | spec: 9 | template: 10 | spec: 11 | containers: 12 | - name: kube-rbac-proxy 13 | image: gcr.io/kubebuilder/kube-rbac-proxy:v0.15.0 14 | args: 15 | - "--secure-listen-address=0.0.0.0:8443" 16 | - "--upstream=http://127.0.0.1:8080/" 17 | - "--logtostderr=true" 18 | - "--v=10" 19 | - "--http2-disable=true" 20 | ports: 21 | - containerPort: 8443 22 | protocol: TCP 23 | name: https 24 | - name: manager 25 | args: 26 | - "--health-probe-bind-address=:18081" 27 | - "--metrics-bind-address=127.0.0.1:8080" 28 | - "--leader-elect" 29 | - --zap-time-encoding=rfc3339nano 30 | -------------------------------------------------------------------------------- /tests-e2e/argocd/argocd_suite_test.go: -------------------------------------------------------------------------------- 1 | package argocd 2 | 3 | import ( 4 | "flag" 5 | "testing" 6 | "time" 7 | 8 | . "github.com/onsi/ginkgo/v2" 9 | . "github.com/onsi/gomega" 10 | "go.uber.org/zap/zapcore" 11 | logf "sigs.k8s.io/controller-runtime/pkg/log" 12 | "sigs.k8s.io/controller-runtime/pkg/log/zap" 13 | ) 14 | 15 | var _ = BeforeSuite(func() { 16 | logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true), zap.Level(zapcore.DebugLevel))) 17 | }) 18 | 19 | func TestArgoCD(t *testing.T) { 20 | suiteConfig, _ := GinkgoConfiguration() 21 | 22 | // Define a flag for the poll progress after interval 23 | var pollProgressAfter time.Duration 24 | flag.DurationVar(&pollProgressAfter, "poll-progress-after", 6*time.Minute, "Interval for polling progress after") 25 | 26 | // Parse the flags 27 | flag.Parse() 28 | 29 | // Set the poll progress after interval in the suite configuration 30 | suiteConfig.PollProgressAfter = pollProgressAfter 31 | 32 | RegisterFailHandler(Fail) 33 | RunSpecs(t, "Argo CD Suite", suiteConfig) 34 | } 35 | -------------------------------------------------------------------------------- /cluster-agent/config/default/manager_auth_proxy_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch inject a sidecar container which is a HTTP proxy for the 2 | # controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. 3 | apiVersion: apps/v1 4 | kind: Deployment 5 | metadata: 6 | name: controller-manager 7 | namespace: system 8 | spec: 9 | template: 10 | spec: 11 | containers: 12 | - name: kube-rbac-proxy 13 | image: gcr.io/kubebuilder/kube-rbac-proxy:v0.15.0 14 | args: 15 | - "--secure-listen-address=0.0.0.0:8443" 16 | - "--upstream=http://127.0.0.1:8080/" 17 | - "--logtostderr=true" 18 | - "--v=10" 19 | - "--http2-disable=true" 20 | ports: 21 | - containerPort: 8443 22 | protocol: TCP 23 | name: https 24 | - name: manager 25 | args: 26 | - "--health-probe-bind-address=:8083" 27 | - "--metrics-bind-address=127.0.0.1:8080" 28 | - "--leader-elect" 29 | - "--zap-time-encoding=rfc3339nano" 30 | -------------------------------------------------------------------------------- /manifests/scripts/metrics-dashboard/README.md: -------------------------------------------------------------------------------- 1 | # Enable Prometheus logging of GitOps Service in 'gitops' namespace, and install Grafana 2 | 3 | This shell script will: 4 | - Enable (Prometheus) user monitoring of projects on the cluster. This allows us to use the OpenShift cluster's prometheus, rather than installing our own 5 | - Install a new Grafana instance into 'grafana' namespace. OpenShift doesn't have a built-in Grafana instance (it has its own metrics graphing mechanism via OpenShift Console) 6 | - Enables Prometheus to scrape resources from OpenShift GitOps 7 | - Creates the [Argo CD default Grafana Dashboard](https://argo-cd.readthedocs.io/en/stable/operator-manual/metrics/#dashboards) 8 | 9 | 10 | ### How to Use 11 | 1) Acquire an OpenShift Cluster (for example, cluster bot) and log into it. 12 | 2) Install OpenShift GitOps operator to it. (This is required because the install script will attempt to enable Prometheus integration on GitOps Operator) 13 | - For example, by running `make install-argocd-openshift` 14 | 3) Run the `run.sh` install script in this directory. -------------------------------------------------------------------------------- /tests-e2e/appstudio/appstudio_suite_test.go: -------------------------------------------------------------------------------- 1 | package appstudio 2 | 3 | import ( 4 | "flag" 5 | "testing" 6 | "time" 7 | 8 | . "github.com/onsi/ginkgo/v2" 9 | . "github.com/onsi/gomega" 10 | "go.uber.org/zap/zapcore" 11 | logf "sigs.k8s.io/controller-runtime/pkg/log" 12 | "sigs.k8s.io/controller-runtime/pkg/log/zap" 13 | ) 14 | 15 | var _ = BeforeSuite(func() { 16 | logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true), zap.Level(zapcore.DebugLevel))) 17 | }) 18 | 19 | func TestAppStudio(t *testing.T) { 20 | suiteConfig, _ := GinkgoConfiguration() 21 | 22 | // Define a flag for the poll progress after interval 23 | var pollProgressAfter time.Duration 24 | flag.DurationVar(&pollProgressAfter, "poll-progress-after", 12*time.Minute, "Interval for polling progress after") 25 | 26 | // Parse the flags 27 | flag.Parse() 28 | 29 | // Set the poll progress after interval in the suite configuration 30 | suiteConfig.PollProgressAfter = pollProgressAfter 31 | 32 | RegisterFailHandler(Fail) 33 | 34 | RunSpecs(t, "App Studio Suite", suiteConfig) 35 | } 36 | -------------------------------------------------------------------------------- /utilities/init-container/hotfix/hotfix_suite_test.go: -------------------------------------------------------------------------------- 1 | package hotfix 2 | 3 | import ( 4 | "flag" 5 | "testing" 6 | "time" 7 | 8 | . "github.com/onsi/ginkgo/v2" 9 | . "github.com/onsi/gomega" 10 | "go.uber.org/zap/zapcore" 11 | logf "sigs.k8s.io/controller-runtime/pkg/log" 12 | "sigs.k8s.io/controller-runtime/pkg/log/zap" 13 | ) 14 | 15 | var _ = BeforeSuite(func() { 16 | logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true), zap.Level(zapcore.DebugLevel))) 17 | }) 18 | 19 | func TestHotfix(t *testing.T) { 20 | 21 | suiteConfig, _ := GinkgoConfiguration() 22 | 23 | // Define a flag for the poll progress after interval 24 | var pollProgressAfter time.Duration 25 | flag.DurationVar(&pollProgressAfter, "poll-progress-after", 1*time.Minute, "Interval for polling progress after") 26 | 27 | // Parse the flags 28 | flag.Parse() 29 | 30 | // Set the poll progress after interval in the suite configuration 31 | suiteConfig.PollProgressAfter = pollProgressAfter 32 | 33 | RegisterFailHandler(Fail) 34 | RunSpecs(t, "Hotfix Suite", suiteConfig) 35 | } 36 | -------------------------------------------------------------------------------- /backend/hack/example-kube-config-file.yaml: -------------------------------------------------------------------------------- 1 | 2 | # This file is an example .kube/config file, for a cluster. 3 | # All values in this file have been sanitized to ensure they are not a leaked secret. 4 | 5 | apiVersion: v1 6 | clusters: 7 | - cluster: 8 | insecure-skip-tls-verify: true 9 | server: https://api.ci-ln-ab6cd1e-76543.origin-ci-int-gce.dev.rhcloud.com:6443 10 | name: api-ci-ln-ab6cd1e-76543-origin-ci-int-gce-dev-rhcloud-com:6443 11 | contexts: 12 | - context: 13 | cluster: api-ci-ln-ab6cd1e-76543-origin-ci-int-gce-dev-rhcloud-com:6443 14 | namespace: default 15 | user: kube:admin/api-ci-ln-ab6cd1e-76543-origin-ci-int-gce-dev-rhcloud-com:6443 16 | name: default/api-ci-ln-ab6cd1e-76543-origin-ci-int-gce-dev-rhcloud-com:6443/kube:admin 17 | current-context: default/api-ci-ln-ab6cd1e-76543-origin-ci-int-gce-dev-rhcloud-com:6443/kube:admin 18 | kind: Config 19 | preferences: {} 20 | users: 21 | - name: kube:admin/api-ci-ln-ab6cd1e-76543-origin-ci-int-gce-dev-rhcloud-com:6443 22 | user: 23 | token: sha256~ABCdEF1gHiJKlMnoP-Q19qrTuv1_W9X2YZABCDefGH4 24 | 25 | -------------------------------------------------------------------------------- /.tekton/pull-request.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: PipelineRun 3 | metadata: 4 | name: gitops-pull-request 5 | annotations: 6 | pipelinesascode.tekton.dev/on-event: "[pull_request]" 7 | pipelinesascode.tekton.dev/on-target-branch: "[main]" 8 | pipelinesascode.tekton.dev/max-keep-runs: "5" 9 | spec: 10 | params: 11 | - name: git-url 12 | value: "{{repo_url}}" 13 | - name: revision 14 | value: "{{revision}}" 15 | - name: output-image 16 | value: 'quay.io/redhat-appstudio/pull-request-builds:mgiops-{{revision}}' 17 | pipelineRef: 18 | params: 19 | - name: bundle 20 | value: >- 21 | quay.io/redhat-appstudio-tekton-catalog/pipeline-core-services-docker-build:latest 22 | - name: name 23 | value: docker-build 24 | - name: kind 25 | value: Pipeline 26 | resolver: bundles 27 | workspaces: 28 | - name: workspace 29 | volumeClaimTemplate: 30 | spec: 31 | accessModes: 32 | - ReadWriteOnce 33 | resources: 34 | requests: 35 | storage: 1Gi 36 | -------------------------------------------------------------------------------- /tests-e2e/core/core_suite_test.go: -------------------------------------------------------------------------------- 1 | package core 2 | 3 | import ( 4 | "flag" 5 | "testing" 6 | "time" 7 | 8 | . "github.com/onsi/ginkgo/v2" 9 | . "github.com/onsi/gomega" 10 | 11 | "go.uber.org/zap/zapcore" 12 | logf "sigs.k8s.io/controller-runtime/pkg/log" 13 | "sigs.k8s.io/controller-runtime/pkg/log/zap" 14 | ) 15 | 16 | var _ = BeforeSuite(func() { 17 | logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true), zap.Level(zapcore.DebugLevel))) 18 | }) 19 | 20 | func TestCore(t *testing.T) { 21 | suiteConfig, _ := GinkgoConfiguration() 22 | 23 | // Define a flag for the poll progress after interval 24 | var pollProgressAfter time.Duration 25 | flag.DurationVar(&pollProgressAfter, "poll-progress-after", 6*time.Minute, "Interval for polling progress after") 26 | 27 | // Parse the flags 28 | flag.Parse() 29 | 30 | // Set the poll progress after interval in the suite configuration 31 | suiteConfig.PollProgressAfter = pollProgressAfter 32 | 33 | suiteConfig.Timeout = time.Duration(90 * time.Minute) 34 | 35 | RegisterFailHandler(Fail) 36 | 37 | RunSpecs(t, "Core Suite", suiteConfig) 38 | } 39 | -------------------------------------------------------------------------------- /backend/eventloop/event_loop_suite_test.go: -------------------------------------------------------------------------------- 1 | package eventloop 2 | 3 | import ( 4 | "flag" 5 | "testing" 6 | "time" 7 | 8 | . "github.com/onsi/ginkgo/v2" 9 | . "github.com/onsi/gomega" 10 | "go.uber.org/zap/zapcore" 11 | logf "sigs.k8s.io/controller-runtime/pkg/log" 12 | "sigs.k8s.io/controller-runtime/pkg/log/zap" 13 | ) 14 | 15 | var _ = BeforeSuite(func() { 16 | logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true), zap.Level(zapcore.DebugLevel))) 17 | }) 18 | 19 | func TestEventLoop(t *testing.T) { 20 | RegisterFailHandler(Fail) 21 | 22 | suiteConfig, _ := GinkgoConfiguration() 23 | 24 | // Define a flag for the poll progress after interval 25 | var pollProgressAfter time.Duration 26 | // A test is "slow" if it takes longer than a few minutes 27 | flag.DurationVar(&pollProgressAfter, "poll-progress-after", 6*time.Second, "Interval for polling progress after") 28 | 29 | // Parse the flags 30 | flag.Parse() 31 | 32 | // Set the poll progress after interval in the suite configuration 33 | suiteConfig.PollProgressAfter = pollProgressAfter 34 | 35 | RunSpecs(t, "Event Loop Tests") 36 | } 37 | -------------------------------------------------------------------------------- /utilities/db-migration/migrations/000017_v17.up.sql: -------------------------------------------------------------------------------- 1 | CREATE INDEX idx_APICRToDatabaseMapping1 ON APICRToDatabaseMapping(api_resource_type, api_resource_uid, db_relation_type); 2 | CREATE INDEX idx_APICRToDatabaseMapping2 ON APICRToDatabaseMapping(api_resource_type, db_relation_type, db_relation_key, api_resource_namespace_uid, db_relation_type); 3 | CREATE INDEX idx_APICRToDatabaseMapping3 ON APICRToDatabaseMapping(api_resource_type, db_relation_type, db_relation_key); 4 | CREATE INDEX idx_gitopsenginecluster_clustercredentials ON GitopsEngineCluster(clustercredentials_id); 5 | CREATE INDEX idx_clusteruser_user_name ON ClusterUser(user_name); 6 | CREATE INDEX idx_managed_environment_id ON ClusterAccess(clusteraccess_managed_environment_id); 7 | CREATE INDEX idx_operation_1 ON Operation(resource_id, resource_type, operation_owner_user_id); 8 | CREATE INDEX idx_deploymenttoapplicationmapping_1 ON DeploymentToApplicationMapping(namespace_uid); 9 | CREATE INDEX idx_deploymenttoapplicationmapping_2 ON DeploymentToApplicationMapping(name, namespace, namespace_uid); 10 | CREATE INDEX idx_deploymenttoapplicationmapping_3 ON DeploymentToApplicationMapping(application_id); -------------------------------------------------------------------------------- /backend/eventloop/eventlooptypes/types_suite_test.go: -------------------------------------------------------------------------------- 1 | package eventlooptypes 2 | 3 | import ( 4 | "flag" 5 | "testing" 6 | "time" 7 | 8 | . "github.com/onsi/ginkgo/v2" 9 | . "github.com/onsi/gomega" 10 | "go.uber.org/zap/zapcore" 11 | logf "sigs.k8s.io/controller-runtime/pkg/log" 12 | "sigs.k8s.io/controller-runtime/pkg/log/zap" 13 | ) 14 | 15 | var _ = BeforeSuite(func() { 16 | logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true), zap.Level(zapcore.DebugLevel))) 17 | }) 18 | 19 | func TestSharedResourceLoop(t *testing.T) { 20 | 21 | suiteConfig, _ := GinkgoConfiguration() 22 | 23 | // Define a flag for the poll progress after interval 24 | var pollProgressAfter time.Duration 25 | // A test is "slow" if it takes longer than a few minutes 26 | flag.DurationVar(&pollProgressAfter, "poll-progress-after", 3*time.Minute, "Interval for polling progress after") 27 | 28 | // Parse the flags 29 | flag.Parse() 30 | 31 | // Set the poll progress after interval in the suite configuration 32 | suiteConfig.PollProgressAfter = pollProgressAfter 33 | 34 | RegisterFailHandler(Fail) 35 | RunSpecs(t, "EventloopTypes Suite") 36 | } 37 | -------------------------------------------------------------------------------- /backend-shared/util/util_suite_test.go: -------------------------------------------------------------------------------- 1 | package util 2 | 3 | import ( 4 | "flag" 5 | "testing" 6 | "time" 7 | 8 | . "github.com/onsi/ginkgo/v2" 9 | . "github.com/onsi/gomega" 10 | "go.uber.org/zap/zapcore" 11 | ctrl "sigs.k8s.io/controller-runtime" 12 | "sigs.k8s.io/controller-runtime/pkg/log/zap" 13 | ) 14 | 15 | func TestUtil(t *testing.T) { 16 | 17 | suiteConfig, _ := GinkgoConfiguration() 18 | 19 | // Define a flag for the poll progress after interval 20 | var pollProgressAfter time.Duration 21 | // A test is "slow" if it takes longer than a few minutes 22 | flag.DurationVar(&pollProgressAfter, "poll-progress-after", 30*time.Second, "Interval for polling progress after") 23 | 24 | // Parse the flags 25 | flag.Parse() 26 | 27 | // Set the poll progress after interval in the suite configuration 28 | suiteConfig.PollProgressAfter = pollProgressAfter 29 | 30 | // Enable controller-runtime log output 31 | opts := zap.Options{ 32 | Development: true, 33 | Level: zapcore.DebugLevel, 34 | } 35 | ctrl.SetLogger(zap.New(zap.UseFlagOptions(&opts))) 36 | 37 | RegisterFailHandler(Fail) 38 | RunSpecs(t, "TaskRetryLoop Suite") 39 | } 40 | -------------------------------------------------------------------------------- /appstudio-controller/PROJECT: -------------------------------------------------------------------------------- 1 | domain: redhat.com 2 | layout: 3 | - go.kubebuilder.io/v3 4 | multigroup: true 5 | plugins: 6 | manifests.sdk.operatorframework.io/v2: {} 7 | scorecard.sdk.operatorframework.io/v2: {} 8 | projectName: appstudio-controller 9 | repo: github.com/redhat-appstudio/managed-gitops/appstudio-controller 10 | resources: 11 | - controller: true 12 | domain: redhat.com 13 | group: appstudio.redhat.com 14 | kind: Application 15 | version: v1alpha1 16 | - controller: true 17 | domain: redhat.com 18 | group: appstudio.redhat.com 19 | kind: Snapshot 20 | version: v1alpha1 21 | - controller: true 22 | domain: redhat.com 23 | group: appstudio.redhat.com 24 | kind: PromotionRun 25 | version: v1alpha1 26 | - controller: true 27 | domain: redhat.com 28 | group: appstudio.redhat.com 29 | kind: SnapshotEnvironmentBinding 30 | version: v1alpha1 31 | - controller: true 32 | domain: redhat.com 33 | group: appstudio.redhat.com 34 | kind: Environment 35 | version: v1alpha1 36 | - controller: true 37 | domain: redhat.com 38 | group: appstudio.redhat.com 39 | kind: DeploymentTargetClaim 40 | version: v1alpha1 41 | version: "3" 42 | -------------------------------------------------------------------------------- /manifests/base/gitops-service-argocd/base/argo-cd-server-clusterrole.yaml: -------------------------------------------------------------------------------- 1 | # To enable 'gitops-service-argocd' instance as cluster-scoped Argo CD, uncomment the lines below. 2 | 3 | # apiVersion: rbac.authorization.k8s.io/v1 4 | # kind: ClusterRole 5 | # metadata: 6 | # name: appstudio-gitops-service-argocd-argocd-server 7 | # rules: 8 | # - apiGroups: 9 | # - '*' 10 | # resources: 11 | # - '*' 12 | # verbs: 13 | # - get 14 | # - patch 15 | # - delete 16 | # - apiGroups: 17 | # - '' 18 | # resources: 19 | # - secrets 20 | # - configmaps 21 | # verbs: 22 | # - create 23 | # - get 24 | # - list 25 | # - watch 26 | # - update 27 | # - patch 28 | # - delete 29 | # - apiGroups: 30 | # - argoproj.io 31 | # resources: 32 | # - applications 33 | # - appprojects 34 | # verbs: 35 | # - create 36 | # - get 37 | # - list 38 | # - watch 39 | # - update 40 | # - delete 41 | # - patch 42 | # - apiGroups: 43 | # - '' 44 | # resources: 45 | # - events 46 | # verbs: 47 | # - create 48 | # - list -------------------------------------------------------------------------------- /backend/eventloop/shared_resource_loop/shared_resource_loop_suite_test.go: -------------------------------------------------------------------------------- 1 | package shared_resource_loop_test 2 | 3 | import ( 4 | "flag" 5 | "testing" 6 | "time" 7 | 8 | . "github.com/onsi/ginkgo/v2" 9 | . "github.com/onsi/gomega" 10 | "go.uber.org/zap/zapcore" 11 | logf "sigs.k8s.io/controller-runtime/pkg/log" 12 | "sigs.k8s.io/controller-runtime/pkg/log/zap" 13 | ) 14 | 15 | var _ = BeforeSuite(func() { 16 | logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true), zap.Level(zapcore.DebugLevel))) 17 | }) 18 | 19 | func TestSharedResourceLoop(t *testing.T) { 20 | 21 | suiteConfig, _ := GinkgoConfiguration() 22 | 23 | // Define a flag for the poll progress after interval 24 | var pollProgressAfter time.Duration 25 | // A test is "slow" if it takes longer than a few minutes 26 | flag.DurationVar(&pollProgressAfter, "poll-progress-after", 3*time.Minute, "Interval for polling progress after") 27 | 28 | // Parse the flags 29 | flag.Parse() 30 | 31 | // Set the poll progress after interval in the suite configuration 32 | suiteConfig.PollProgressAfter = pollProgressAfter 33 | 34 | RegisterFailHandler(Fail) 35 | RunSpecs(t, "SharedResourceLoop Suite") 36 | } 37 | -------------------------------------------------------------------------------- /.gitleaks.toml: -------------------------------------------------------------------------------- 1 | [allowlist] 2 | description = "global allow list" 3 | 4 | regexes = [ 5 | '''cnhOZmg3cm1NVQ==''', 6 | '''N29DMGRxdHF6cw==''', 7 | '''3CqCKcXLyN''', 8 | '''a1Y4c0RvdkgxcHFPUTNJYWxSaDRubXlaZ3c3QUJGcmQ=''', 9 | '''M0NxQ0tjWEx5Tg==''', 10 | ] 11 | 12 | paths = [ 13 | '''docs/api.md''', 14 | ] 15 | 16 | # How to test this: 17 | # 18 | # git clone https://gitlab.corp.redhat.com/infosec-public/apps/config/leak-patterns.git 19 | # cd leak-patterns 20 | # make setup 21 | # make all.toml 22 | # PATH_TO_SCAN=(...) 23 | # bin/gitleaks --config-path all.toml --path $PATH_TO_SCAN --additional-config $PATH_TO_SCAN/.gitleaks.toml -v 24 | # 25 | # (Based on: https://gitlab.corp.redhat.com/infosec-public/apps/config/leak-patterns/#trying-these-out-against-your-own-repo) 26 | 27 | 28 | # It's also possible to ignore specific paths, like below, but it's better to add the actual password value to ignore, like above 29 | # paths = [ 30 | # '''manifests/postgresql-staging/postgresql-staging.yaml''', 31 | # '''argocd_(.*)_test.go''', 32 | # '''manifests/postgresql-staging/postgresql-staging-secret.yaml''', 33 | # '''docs/development.md''', 34 | # ] 35 | 36 | 37 | -------------------------------------------------------------------------------- /appstudio-controller/examples/README.md: -------------------------------------------------------------------------------- 1 | # AppStudio Resource Examples 2 | 3 | The folder contains sample AppStudio resources, such as `Application` and `Component`, which you can use for testing the appstudio-controller. 4 | 5 | ## How do I create appstudio resources, such as Application/Component, for testing the appstudio-controller components? 6 | 7 | First, you can create then using `kubectl apply -f`. 8 | 9 | HOWEVER, this will not set the `status` field of these resources. 10 | - The status field contains valuable information that is required by the GitOps Service, such as where the GitOps repository can be found. 11 | 12 | To set the status field, I recommend using the [`kubectl-edit-status` kubectl plugin](https://github.com/ulucinar/kubectl-edit-status), which can be installed using krew. `kubectl` itself doesn't support updating the `.status` field of a resource from the command line, so we need to use this plugin. 13 | 14 | For example: 15 | ``` 16 | kubectl apply -f application.yaml -n (your namespace) 17 | kubectl edit-status application.appstudio.redhat.com/new-demo-app -n (your namespace) 18 | # Next, paste the `status` field from application.yaml into the editor, and save. 19 | ``` 20 | -------------------------------------------------------------------------------- /resources/test-data/README.md: -------------------------------------------------------------------------------- 1 | 2 | # Managed GitOps Test Data 3 | 4 | The child folders contain test data used by unit or E2E tests of the GitOps Service. 5 | 6 | As of this writing, they are sample GitOps repositories: 7 | * *sample-gitops-repository*: A sample GitOps respository based on version 1 of the [AppStudio GitOps Repository template](https://github.com/redhat-appstudio/gitops-repository-template). 8 | * This version of the template made the assumption that all Components of an Application would be deployed together, as a single Argo CD Application (GitOpsDeployment) 9 | * *component-based-gitops-repository*: A sample GitOps repositories based on version 2 of the [Stonesoup/AppStudio GitOps Repository template](https://github.com/jgwest/gitops-repository-template) 10 | * This version of the template makes the assumption that each Component of an Application will be deployed independently, with one Argo CD Application (GitOpsDeployment) per component of an Application. 11 | * *component-based-gitops-repository-no-route*: A copy of *component-based-gitops-repository* with the OpenShift routes removed. This is required for some E2E tests. See https://issues.redhat.com/browse/GITOPSRVCE-544 for details. 12 | -------------------------------------------------------------------------------- /appstudio-controller/examples/application.yaml: -------------------------------------------------------------------------------- 1 | # Current as of June 9th, 2022 2 | 3 | apiVersion: appstudio.redhat.com/v1alpha1 4 | kind: Application 5 | metadata: 6 | # finalizers: 7 | # - application.appstudio.redhat.com/finalizer 8 | name: new-demo-app 9 | # namespace: (your namespace) 10 | spec: 11 | appModelRepository: 12 | url: "" 13 | displayName: New Demo App 14 | gitOpsRepository: 15 | url: "" 16 | status: 17 | conditions: 18 | - lastTransitionTime: "2022-06-09T09:23:15Z" 19 | message: Application has been successfully created 20 | reason: OK 21 | status: "True" 22 | type: Created 23 | devfile: | 24 | attributes: 25 | containerImage/demo: quay.io/jgwest-redhat/sample-workload:latest 26 | metadata: 27 | attributes: 28 | appModelRepository.context: resources/test-data/sample-gitops-repository/environments/overlays/staging 29 | appModelRepository.url: https://github.com/redhat-appstudio/managed-gitops 30 | 31 | gitOpsRepository.context: resources/test-data/sample-gitops-repository/environments/overlays/staging 32 | gitOpsRepository.url: https://github.com/redhat-appstudio/managed-gitops 33 | name: New Demo App 34 | schemaVersion: 2.1.0 35 | -------------------------------------------------------------------------------- /manifests/scripts/openshift-argo-deploy/deploy.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | SCRIPTPATH="$( 4 | cd -- "$(dirname "$0")" >/dev/null 2>&1 || exit 5 | pwd -P 6 | )" 7 | 8 | # A simple script for setting up Argo CD via OpenShift GitOps, on Argo CD 9 | 10 | kubectl apply -f $SCRIPTPATH/openshift-gitops-subscription.yaml 11 | 12 | kubectl create namespace gitops-service-argocd 2> /dev/null || true 13 | echo -n "Waiting for namespace to exist: " 14 | while ! kubectl get namespace gitops-service-argocd &> /dev/null ; do 15 | echo -n . 16 | sleep 1 17 | done 18 | echo "OK" 19 | 20 | echo -n "Checking for gitops operator controller pod to be created and running before proceeding with the next step:" 21 | while ! kubectl get pods -n openshift-operators | grep gitops-operator-controller-manager | grep Running &> /dev/null ; do 22 | echo -n . 23 | sleep 1 24 | done 25 | echo "OK" 26 | 27 | echo "Installing Argo CD into gitops-service-argocd" 28 | kustomize build $SCRIPTPATH/../../base/gitops-service-argocd/overlays/test-e2e | kubectl apply -f - 29 | echo -n "Waiting for default project (and namespace) to exist: " 30 | while ! kubectl get appproject/default -n gitops-service-argocd &> /dev/null ; do 31 | echo -n . 32 | sleep 1 33 | done 34 | echo "OK" 35 | -------------------------------------------------------------------------------- /manifests/scripts/metrics-dashboard/prometheus/prometheus-roles-for-gitops-ns.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | name: gitops-metrics-read 5 | namespace: gitops 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - endpoints 11 | - services 12 | - pods 13 | verbs: 14 | - get 15 | - list 16 | - watch 17 | - apiGroups: 18 | - monitoring.coreos.com 19 | resources: 20 | - servicemonitors 21 | verbs: 22 | - get 23 | - watch 24 | - list 25 | --- 26 | apiVersion: rbac.authorization.k8s.io/v1 27 | kind: RoleBinding 28 | metadata: 29 | name: gitops-metrics-prometheus-k8s-read-binding 30 | namespace: gitops 31 | roleRef: 32 | apiGroup: rbac.authorization.k8s.io 33 | kind: Role 34 | name: gitops-metrics-read 35 | subjects: 36 | - kind: ServiceAccount 37 | name: prometheus-k8s 38 | namespace: openshift-monitoring 39 | --- 40 | apiVersion: rbac.authorization.k8s.io/v1 41 | kind: RoleBinding 42 | metadata: 43 | name: gitops-metrics-prometheus-k8s-read-binding-2 44 | namespace: gitops 45 | roleRef: 46 | apiGroup: rbac.authorization.k8s.io 47 | kind: Role 48 | name: gitops-metrics-read 49 | subjects: 50 | - kind: ServiceAccount 51 | name: prometheus-user-workload 52 | namespace: openshift-user-workload-monitoring -------------------------------------------------------------------------------- /appstudio-controller/config/default/manager_auth_proxy_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch inject a sidecar container which is a HTTP proxy for the 2 | # controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. 3 | apiVersion: apps/v1 4 | kind: Deployment 5 | metadata: 6 | name: controller-manager 7 | namespace: system 8 | spec: 9 | template: 10 | spec: 11 | containers: 12 | - name: kube-rbac-proxy 13 | image: gcr.io/kubebuilder/kube-rbac-proxy:v0.15.0 14 | args: 15 | - "--secure-listen-address=0.0.0.0:8443" 16 | - "--upstream=http://127.0.0.1:8080/" 17 | - "--logtostderr=true" 18 | - "--v=0" 19 | - "--http2-disable=true" 20 | ports: 21 | - containerPort: 8443 22 | protocol: TCP 23 | name: https 24 | resources: 25 | limits: 26 | cpu: 500m 27 | memory: 128Mi 28 | requests: 29 | cpu: 5m 30 | memory: 64Mi 31 | - name: manager 32 | args: 33 | - "--health-probe-bind-address=:8085" 34 | - "--metrics-bind-address=127.0.0.1:8080" 35 | - "--leader-elect" 36 | - "--zap-time-encoding=rfc3339nano" 37 | # - "--api-export-name=gitopsrvc-appstudio-shared" 38 | -------------------------------------------------------------------------------- /appstudio-controller/config/default-no-webhook/manager_auth_proxy_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch inject a sidecar container which is a HTTP proxy for the 2 | # controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. 3 | apiVersion: apps/v1 4 | kind: Deployment 5 | metadata: 6 | name: controller-manager 7 | namespace: system 8 | spec: 9 | template: 10 | spec: 11 | containers: 12 | - name: kube-rbac-proxy 13 | image: gcr.io/kubebuilder/kube-rbac-proxy:v0.15.0 14 | args: 15 | - "--secure-listen-address=0.0.0.0:8443" 16 | - "--upstream=http://127.0.0.1:8080/" 17 | - "--logtostderr=true" 18 | - "--v=0" 19 | - "--http2-disable=true" 20 | ports: 21 | - containerPort: 8443 22 | protocol: TCP 23 | name: https 24 | resources: 25 | limits: 26 | cpu: 500m 27 | memory: 128Mi 28 | requests: 29 | cpu: 5m 30 | memory: 64Mi 31 | - name: manager 32 | args: 33 | - "--health-probe-bind-address=:8085" 34 | - "--metrics-bind-address=127.0.0.1:8080" 35 | - "--leader-elect" 36 | - "--zap-time-encoding=rfc3339nano" 37 | # - "--api-export-name=gitopsrvc-appstudio-shared" 38 | -------------------------------------------------------------------------------- /backend/config/manifests/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # These resources constitute the fully configured set of manifests 2 | # used to generate the 'manifests/' directory in a bundle. 3 | resources: 4 | - bases/managed-gitops.clusterserviceversion.yaml 5 | - ../default 6 | - ../samples 7 | - ../scorecard 8 | 9 | # [WEBHOOK] To enable webhooks, uncomment all the sections with [WEBHOOK] prefix. 10 | # Do NOT uncomment sections with prefix [CERTMANAGER], as OLM does not support cert-manager. 11 | # These patches remove the unnecessary "cert" volume and its manager container volumeMount. 12 | #patchesJson6902: 13 | #- target: 14 | # group: apps 15 | # version: v1 16 | # kind: Deployment 17 | # name: controller-manager 18 | # namespace: system 19 | # patch: |- 20 | # # Remove the manager container's "cert" volumeMount, since OLM will create and mount a set of certs. 21 | # # Update the indices in this path if adding or removing containers/volumeMounts in the manager's Deployment. 22 | # - op: remove 23 | # path: /spec/template/spec/containers/1/volumeMounts/0 24 | # # Remove the "cert" volume, since OLM will create and mount a set of certs. 25 | # # Update the indices in this path if adding or removing volumes in the manager's Deployment. 26 | # - op: remove 27 | # path: /spec/template/spec/volumes/0 28 | -------------------------------------------------------------------------------- /cluster-agent/config/manifests/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # These resources constitute the fully configured set of manifests 2 | # used to generate the 'manifests/' directory in a bundle. 3 | resources: 4 | - bases/managed-gitops.clusterserviceversion.yaml 5 | - ../default 6 | - ../samples 7 | - ../scorecard 8 | 9 | # [WEBHOOK] To enable webhooks, uncomment all the sections with [WEBHOOK] prefix. 10 | # Do NOT uncomment sections with prefix [CERTMANAGER], as OLM does not support cert-manager. 11 | # These patches remove the unnecessary "cert" volume and its manager container volumeMount. 12 | #patchesJson6902: 13 | #- target: 14 | # group: apps 15 | # version: v1 16 | # kind: Deployment 17 | # name: controller-manager 18 | # namespace: system 19 | # patch: |- 20 | # # Remove the manager container's "cert" volumeMount, since OLM will create and mount a set of certs. 21 | # # Update the indices in this path if adding or removing containers/volumeMounts in the manager's Deployment. 22 | # - op: remove 23 | # path: /spec/template/spec/containers/1/volumeMounts/0 24 | # # Remove the "cert" volume, since OLM will create and mount a set of certs. 25 | # # Update the indices in this path if adding or removing volumes in the manager's Deployment. 26 | # - op: remove 27 | # path: /spec/template/spec/volumes/0 28 | -------------------------------------------------------------------------------- /appstudio-controller/config/manifests/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # These resources constitute the fully configured set of manifests 2 | # used to generate the 'manifests/' directory in a bundle. 3 | resources: 4 | - bases/appstudio-controller.clusterserviceversion.yaml 5 | - ../default 6 | - ../samples 7 | - ../scorecard 8 | 9 | # [WEBHOOK] To enable webhooks, uncomment all the sections with [WEBHOOK] prefix. 10 | # Do NOT uncomment sections with prefix [CERTMANAGER], as OLM does not support cert-manager. 11 | # These patches remove the unnecessary "cert" volume and its manager container volumeMount. 12 | #patchesJson6902: 13 | #- target: 14 | # group: apps 15 | # version: v1 16 | # kind: Deployment 17 | # name: controller-manager 18 | # namespace: system 19 | # patch: |- 20 | # # Remove the manager container's "cert" volumeMount, since OLM will create and mount a set of certs. 21 | # # Update the indices in this path if adding or removing containers/volumeMounts in the manager's Deployment. 22 | # - op: remove 23 | # path: /spec/template/spec/containers/1/volumeMounts/0 24 | # # Remove the "cert" volume, since OLM will create and mount a set of certs. 25 | # # Update the indices in this path if adding or removing volumes in the manager's Deployment. 26 | # - op: remove 27 | # path: /spec/template/spec/volumes/0 28 | -------------------------------------------------------------------------------- /backend/controllers/managed-gitops/suite_test.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package managedgitops 18 | 19 | import ( 20 | "testing" 21 | 22 | . "github.com/onsi/ginkgo/v2" 23 | . "github.com/onsi/gomega" 24 | logf "sigs.k8s.io/controller-runtime/pkg/log" 25 | "sigs.k8s.io/controller-runtime/pkg/log/zap" 26 | //+kubebuilder:scaffold:imports 27 | ) 28 | 29 | // These tests use Ginkgo (BDD-style Go testing framework). Refer to 30 | // http://onsi.github.io/ginkgo/ to learn more about Ginkgo. 31 | 32 | //var testEnv *envtest.Environment 33 | 34 | func TestAPIs(t *testing.T) { 35 | RegisterFailHandler(Fail) 36 | RunSpecs(t, "Controller Suite") 37 | } 38 | 39 | var _ = BeforeSuite(func() { 40 | logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true))) 41 | 42 | }) 43 | -------------------------------------------------------------------------------- /utilities/gitopsctl/implementations/download-job/download-urls-multithreaded.go: -------------------------------------------------------------------------------- 1 | package downloadjob 2 | 3 | import "fmt" 4 | 5 | const ( 6 | // set 'workerDebug' to true if debugging the worker logic 7 | workerDebug = false 8 | ) 9 | 10 | type downloadURLWorkerEntry struct { 11 | url string 12 | path string 13 | } 14 | 15 | func worker(id int, jobs <-chan downloadURLWorkerEntry, results chan<- string) { 16 | for jobEntry := range jobs { 17 | 18 | if workerDebug { 19 | fmt.Println("worker", id, "started job", jobEntry) 20 | } 21 | 22 | err := downloadAsFile(jobEntry.url, jobEntry.path) 23 | 24 | var errStr string 25 | if err != nil { 26 | errStr = err.Error() 27 | } 28 | 29 | if workerDebug { 30 | fmt.Println("worker", id, "finished job", jobEntry) 31 | } 32 | 33 | results <- errStr 34 | } 35 | } 36 | 37 | func downloadURLsMultithreaded(urls []downloadURLWorkerEntry) { 38 | 39 | numJobs := len(urls) 40 | jobs := make(chan downloadURLWorkerEntry, numJobs) 41 | results := make(chan string, numJobs) 42 | 43 | for w := 1; w <= 5; w++ { 44 | go worker(w, jobs, results) 45 | } 46 | 47 | for j := 0; j < numJobs; j++ { 48 | jobs <- urls[j] 49 | } 50 | close(jobs) 51 | 52 | for a := 1; a <= numJobs; a++ { 53 | errStr := <-results 54 | if errStr != "" { 55 | fmt.Println("ERROR: ", errStr) 56 | } 57 | } 58 | } 59 | -------------------------------------------------------------------------------- /backend-shared/config/default/webhookcainjection_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch add annotation to admission webhook config and 2 | # the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize. 3 | apiVersion: admissionregistration.k8s.io/v1 4 | kind: MutatingWebhookConfiguration 5 | metadata: 6 | labels: 7 | app.kubernetes.io/name: mutatingwebhookconfiguration 8 | app.kubernetes.io/instance: mutating-webhook-configuration 9 | app.kubernetes.io/component: webhook 10 | app.kubernetes.io/created-by: managed-gitops 11 | app.kubernetes.io/part-of: managed-gitops 12 | app.kubernetes.io/managed-by: kustomize 13 | name: mutating-webhook-configuration 14 | annotations: 15 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 16 | --- 17 | apiVersion: admissionregistration.k8s.io/v1 18 | kind: ValidatingWebhookConfiguration 19 | metadata: 20 | labels: 21 | app.kubernetes.io/name: validatingwebhookconfiguration 22 | app.kubernetes.io/instance: validating-webhook-configuration 23 | app.kubernetes.io/component: webhook 24 | app.kubernetes.io/created-by: managed-gitops 25 | app.kubernetes.io/part-of: managed-gitops 26 | app.kubernetes.io/managed-by: kustomize 27 | name: validating-webhook-configuration 28 | annotations: 29 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 30 | --------------------------------------------------------------------------------