├── .github └── workflows │ └── lint.yaml ├── .gitignore ├── .helmignore ├── Chart.yaml ├── LICENSE ├── README.md ├── archive ├── README.md ├── argo-app-of-apps.yaml ├── bootstrap-master │ ├── .helmignore │ ├── Chart.yaml │ └── values-bootstrap.yaml ├── bootstrap │ ├── .helmignore │ ├── Chart.yaml │ └── values-bootstrap.yaml └── ubiquitous-journey │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ ├── _helpers.tpl │ └── argoapplicationdeploy.yaml │ ├── values-day2ops.yaml │ ├── values-extratooling.yaml │ └── values-tooling.yaml ├── argo-generate-token.sh ├── argocd-values.yaml ├── code-of-conduct.md ├── docs ├── argocd-install.md ├── argocd-master-child.md ├── bootstrap-argocd.md ├── deploy-custom-namespace.md ├── help.md ├── images │ ├── argocd-uj.png │ ├── bootstrap-uj.png │ ├── child-master.png │ ├── example-app.png │ └── ubiquitous-journey.png ├── sealed-secrets.md └── whats-in-the-box.md ├── force-delete-application-cr.sh ├── patch-gitops-operator.sh ├── pet-battle ├── stage │ └── values.yaml └── test │ └── values.yaml ├── set-namespace.sh ├── templates ├── _helpers.tpl ├── argo-application.yaml └── argo-project.yaml ├── ubiquitous-journey ├── values-day2ops.yaml ├── values-extratooling.yaml └── values-tooling.yaml └── values.yaml /.github/workflows/lint.yaml: -------------------------------------------------------------------------------- 1 | name: Lint Charts 2 | 3 | on: 4 | 5 | pull_request: 6 | branches: 7 | - master 8 | 9 | jobs: 10 | lint-test: 11 | runs-on: ubuntu-latest 12 | steps: 13 | - name: Checkout 14 | uses: actions/checkout@v2 15 | 16 | - name: Fetch history 17 | run: git fetch --prune --unshallow 18 | 19 | - name: Run chart-testing (lint) 20 | id: lint 21 | uses: helm/chart-testing-action@v1.0.0-rc.1 22 | with: 23 | command: lint --chart-dirs . --all 24 | config: ct.yaml 25 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # General files for the project 2 | pkg/* 3 | *.pyc 4 | bin/* 5 | .project 6 | /.bin 7 | /_test/secrets/*.json 8 | 9 | # produced by the kill all 10 | *-delete.json 11 | 12 | # OSX leaves these everywhere on SMB shares 13 | ._* 14 | 15 | # OSX trash 16 | .DS_Store 17 | 18 | # Files generated by JetBrains IDEs, e.g. IntelliJ IDEA 19 | .idea/ 20 | *.iml 21 | 22 | # Vscode files 23 | .vscode 24 | 25 | # Emacs save files 26 | *~ 27 | \#*\# 28 | .\#* 29 | 30 | # Vim-related files 31 | [._]*.s[a-w][a-z] 32 | [._]s[a-w][a-z] 33 | *.un~ 34 | Session.vim 35 | .netrwhist 36 | 37 | # Chart dependencies 38 | **/charts/*.tgz 39 | **/requirements.lock 40 | **/Chart.lock 41 | 42 | .history 43 | secrets.yaml 44 | -------------------------------------------------------------------------------- /.helmignore: -------------------------------------------------------------------------------- 1 | # so we dont include these in our chart secret 2 | docs/ 3 | tekton/ 4 | docs/ 5 | archive/ 6 | quick-starts/ 7 | README.md 8 | .git -------------------------------------------------------------------------------- /Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: uj-scaffold 3 | description: A collection of App of Apps for deploying tools to support CI/CD as well as an example gitops app of apps pattern 4 | type: application 5 | version: 1.0.0 6 | appVersion: 1.0.0 7 | icon: https://avatars1.githubusercontent.com/u/68044996?s=200&v=4 8 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "{}" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright {yyyy} {name of copyright owner} 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # 🦄 Ubiquitous Journey 🔥 2 | 3 | 🧰 This repo embodies a GitOps approach to deploying application code, middleware infrastructure and supporting CI/CD tools. 🧰 4 | 5 | At its simplest, the repo is an [ArgoCD Application](https://argo-cd.readthedocs.io/en/stable/core_concepts/) which references [other helm charts](https://github.com/redhat-cop/helm-charts.git) and [other kustomize definitions](https://github.com/rht-labs/refactored-adventure) to deploy applications. 6 | 7 | The idea is to reference other Charts, Kustomize, YAML snippets from within this framework. This keeps things `pluggable` to suit the needs of your team. 8 | 9 | 🎨 We have evolved the design from the original [Labs CI / CD](https://github.com/rht-labs/labs-ci-cd.git) project. The Ubiquitous Journey (`UJ`) represents a major milestone in moving to a GitOps approach to tooling, application management and configuration drift using [ArgoCD](https://argoproj.github.io/argo-cd/). 10 | 11 | ## Table of Contents 12 | 13 | - [Contributor Covenant Code of Conduct](./code-of-conduct.md#contributor-covenant-code-of-conduct) 14 | * [Our Pledge](./code-of-conduct.md#our-pledge) 15 | * [Our Standards](./code-of-conduct.md#our-standards) 16 | * [Our Responsibilities](./code-of-conduct.md#our-responsibilities) 17 | * [Scope](./code-of-conduct.md#scope) 18 | * [Enforcement](./code-of-conduct.md#enforcement) 19 | * [Attribution](./code-of-conduct.md#attribution) 20 | - [🦄 Ubiquitous Journey 🔥](./README.md#%F0%9F%A6%84-ubiquitous-journey-) 21 | * [Components](./README.md#components) 22 | * [How do I run it? 🏃‍♀️](./README.md#how-do-i-run-it-) 23 | + [Prerequisites](./README.md#prerequisites) 24 | + [Let's go, installing ArgoCD 🏃🏻](./README.md#lets-go-installing-argocd-) 25 | + [🤠 Deploying the Ubiquitous Journey](./README.md#%F0%9F%A4%A0-deploying-the-ubiquitous-journey) 26 | + [Cleanup 🧤](./README.md#cleanup-) 27 | + [Debugging 🤺](./README.md#debugging-) 28 | - [Common Errors when installing ArgoCD](./docs%2Fargocd-install.md#common-errors-when-installing-argocd) 29 | - [ArgoCD Master and Child 👩‍👦](./docs%2Fargocd-master-child.md#argocd-master-and-child-) 30 | - [Restricted Children](./docs%2Fargocd-master-child.md#restricted-children) 31 | - [Bootstrap projects and ArgoCD 🍻](./docs%2Fbootstrap-argocd.md#bootstrap-projects-and-argocd-) 32 | * [Tooling for Application Development 🦅](./docs%2Fbootstrap-argocd.md#tooling-for-application-development-) 33 | - [(A) Deploy using argo app of apps ...](./docs%2Fbootstrap-argocd.md#a-deploy-using-argo-app-of-apps-) 34 | - [(B) Deploy using helm ...](./docs%2Fbootstrap-argocd.md#b-deploy-using-helm-) 35 | - [Example Application Deploy 🌮](./docs%2Fbootstrap-argocd.md#example-application-deploy-) 36 | - [Cleaning up ArgoCD Apps 🧹](./docs%2Fbootstrap-argocd.md#cleaning-up-argocd-apps-) 37 | - [Metrics 📉](./docs%2Fbootstrap-argocd.md#metrics-) 38 | - [Deploy to a custom namespace 🦴](./docs%2Fdeploy-custom-namespace.md#deploy-to-a-custom-namespace-) 39 | - [Help me](./docs%2Fhelp.md#help-me) 40 | * [Not automated yet ...](./docs%2Fhelp.md#not-automated-yet-) 41 | - [Sealed Secrets Help](./docs%2Fsealed-secrets.md#sealed-secrets-help) 42 | * [🕵️‍♀️ Generate Sealed Secrets:](./docs%2Fsealed-secrets.md#%F0%9F%95%B5%EF%B8%8F%E2%80%8D%E2%99%80%EF%B8%8F-generate-sealed-secrets) 43 | * [📝 Bring your own certs](./docs%2Fsealed-secrets.md#%F0%9F%93%9D-bring-your-own-certs) 44 | - [What's in the box? 👨](./docs%2Fwhats-in-the-box.md#whats-in-the-box-) 45 | - [What it's not...🤷🏻‍♀️](./docs%2Fwhats-in-the-box.md#what-its-not) 46 | - [Dashboard 📃](./docs%2Fwhats-in-the-box.md#dashboard-) 47 | 48 | ## Components 49 | 50 | The folder structure of this repo is split as follows: 51 | 52 | ```bash 53 | ├── archive <=== 💀 where the skeletons live. archived material. 54 | ├── docs <=== 📖 supporting documentation for UJ. 55 | ├── pet-battle <=== 📖 the example application `pet-battle` 56 | ├── templates <=== 📖 helm templates to create ArgoCD Applications and Projects for UJ 57 | ├── ubiquitous-journey <=== 📖 helm values files containing applications we wish to deploy 58 | ├── Chart.yaml <=== 📖 we deploy UJ using a helm chart 59 | └── values.yaml <=== 📖 UJ's helm chart values 60 | ``` 61 | 62 | There are two main components to this repository: 63 | 64 | 1. `Ubiquitous Journey` - Contains all the tools, collaboration software and day2ops to be deployed on Red Hat OpenShift. This includes chat applications, task management apps and tools to support CI/CD workflows and testing. For the complete list and details: [What's in the box?👨](docs/whats-in-the-box.md) 65 | 2. An demo application called [`pet-battle`](https://github.com/petbattle) that shows you how to use the UJ structure with a three tiered application stack. 66 | 67 | Each part can be used independently of each other but sequentially they create a full stack. 68 | 69 | ## How do I run it? 🏃‍♀️ 70 | 71 | If you already have an ArgoCD instance running and you want just want to add the tooling to it, [move to part 2](docs/bootstrap-argocd.md#tooling-for-application-development-🦅) in the docs. 72 | 73 | ### Prerequisites 74 | 75 | You will need: 76 | 77 | - OpenShift 4.6+ or greater (cluster admin user required) - [Try OpenShift](https://try.openshift.com) 78 | - Install helm v3+ (cli) or greater - [Helm Quickstart](https://helm.sh/docs/intro/quickstart) 79 | 80 | ### Let's go, installing ArgoCD 🏃🏻 81 | 82 | Install an instance of ArgoCD. There are several methods to install ArgoCD in OpenShift. Pick your favorite flavour 🍦 83 | 84 | Use the Red Hat supported GitOps Operator (configured by default as cluster wide and to deploy the operator and an instance in `labs-ci-cd`) 85 | 86 | ```bash 87 | helm repo add redhat-cop https://redhat-cop.github.io/helm-charts 88 | helm upgrade --install argocd \ 89 | --create-namespace \ 90 | --namespace labs-ci-cd \ 91 | redhat-cop/gitops-operator 92 | ``` 93 | 94 | ⛷️ We **strongly** recommend that you make a copy of the `values.yaml` file and make edits that way. This values file can be checked in to this repo and be kept if further changes are needed such as adding in private `repositoryCredentials` or other handy stuff such as `secrets` and `namespaces` etc. For example, you have `argocd-values.yaml` file with your changes: 95 | 96 | ```bash 97 | helm upgrade --install argocd \ 98 | --create-namespace \ 99 | --namespace labs-ci-cd \ 100 | -f argocd-values.yaml \ 101 | redhat-cop/gitops-operator 102 | ``` 103 | 104 | If you have trouble 😵‍💫 - we have documented some common errors [when installing ArgoCD](docs/argocd-install.md) which may help. 105 | 106 | ### 🤠 Deploying the Ubiquitous Journey 107 | 108 | A handy one liner to deploy all the default software artifacts in this project using their default values. Just make sure the namespace you set below is the same as your ArgoCD namespace from the previous step. 109 | 110 | ```bash 111 | helm upgrade --install uj --namespace labs-ci-cd . 112 | ``` 113 | 114 | If you login to ArgoCD using the UI here: 115 | 116 | ```bash 117 | echo https://$(oc get route argocd-server --template='{{ .spec.host }}' -n labs-ci-cd) 118 | ``` 119 | 120 | you should see lots of things spinning up 121 | 122 | ![argocd-ui](docs/images/argocd-uj.png) 123 | 124 | You can set `enabled: true` on all of the application definitions in the `values-*.yaml` files if you want to deploy everything 🧨 .... 💥 125 | 126 | Fork the repo and make your changes in the fork if you wish to GitOp enable things. Update the `source` in values.yaml to make sure ArgoCD is pulling from the correct source repo (your fork). If you've already forked the repo and want to deploy quickly you can also run: 127 | 128 | ```bash 129 | helm upgrade --install uj \ 130 | --set source=https://github.com//ubiquitous-journey.git \ 131 | --namespace labs-ci-cd . 132 | ``` 133 | 134 | ### Cleanup 🧤 135 | 136 | Uninstall and delete all resources in the various projects 137 | ```bash 138 | # This may take a while: 139 | helm delete uj --namespace labs-ci-cd 140 | 141 | # Then remove your ArgoCD instance 142 | helm delete argocd --namespace labs-ci-cd 143 | ``` 144 | 145 | ### Debugging 🤺 146 | 147 | Run the following command to debug one of the UJ values files to see which values are being passed: 148 | 149 | ```bash 150 | # example debugging the ArgoCD `Application` manifests from the example deployment 151 | helm install debug --dry-run -f pet-battle/test/values.yaml . 152 | ``` 153 | -------------------------------------------------------------------------------- /archive/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rht-labs/ubiquitous-journey/cff6a070656507f5b465130af34f01d2595351a3/archive/README.md -------------------------------------------------------------------------------- /archive/argo-app-of-apps.yaml: -------------------------------------------------------------------------------- 1 | ############## 2 | # 🐙 Argo Sync Policy 3 | ############# 4 | sync_policy_true: &sync_policy_true 5 | syncPolicy: 6 | automated: 7 | prune: true 8 | selfHeal: true 9 | syncOptions: 10 | - Validate=true 11 | 12 | ############## 13 | # 🛎 Argo App of Apps. Points to a repo which contains some helm stuff 14 | ############# 15 | 16 | applications: 17 | - name: ubiquitous-journey 18 | destination: labs-ci-cd 19 | enabled: true 20 | source: https://github.com/rht-labs/ubiquitous-journey.git 21 | source_path: ubiquitous-journey/ 22 | source_ref: master 23 | sync_policy: *sync_policy_true 24 | helm_values: 25 | - values-tooling.yaml 26 | - name: uj-extras 27 | destination: labs-ci-cd 28 | enabled: true 29 | source: https://github.com/rht-labs/ubiquitous-journey.git 30 | source_path: ubiquitous-journey/ 31 | source_ref: master 32 | sync_policy: *sync_policy_true 33 | helm_values: 34 | - values-extratooling.yaml 35 | - name: uj-day2ops 36 | destination: labs-ci-cd 37 | enabled: true 38 | source: https://github.com/rht-labs/ubiquitous-journey.git 39 | source_path: ubiquitous-journey/ 40 | source_ref: master 41 | sync_policy_automated: false 42 | helm_values: 43 | - values-day2ops.yaml 44 | - name: example-deployment 45 | destination: labs-ci-cd 46 | enabled: false 47 | source: https://github.com/rht-labs/ubiquitous-journey.git 48 | source_path: example-deployment 49 | source_ref: "master" 50 | sync_policy: *sync_policy_true 51 | helm_values: 52 | - values-applications.yaml 53 | -------------------------------------------------------------------------------- /archive/bootstrap-master/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /archive/bootstrap-master/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: cluster-bootstrap 3 | description: A Helm chart creating projects for Open Innovation Labs and creating an ArgoCD Instance 4 | type: application 5 | # This is the chart version. This version number should be incremented each time you make changes 6 | version: 0.0.1 7 | # This is the version number of the application being deployed. This version number should be 8 | appVersion: 0.0.1 9 | dependencies: 10 | - name: bootstrap-project 11 | version: "0.0.9" 12 | repository: https://redhat-cop.github.io/helm-charts 13 | - name: argocd-operator 14 | version: "1.1.14" 15 | repository: https://redhat-cop.github.io/helm-charts 16 | -------------------------------------------------------------------------------- /archive/bootstrap-master/values-bootstrap.yaml: -------------------------------------------------------------------------------- 1 | # bootstrap a master argocd instance 2 | bootstrap-project: 3 | enabled: true 4 | argo_master_namespace: &argo_master "master-argocd" 5 | namespaces: 6 | - name: *argo_master 7 | bindings: 8 | # this labs-devs is the GROUP NAME in IDM 9 | - name: labs-devs 10 | kind: Group 11 | role: edit 12 | # this labs-admins is the GROUP NAME in IDM 13 | - name: labs-admins 14 | kind: Group 15 | role: admin 16 | 17 | serviceaccounts: {} 18 | 19 | argocd-operator: 20 | enabled: true 21 | name: argocd 22 | namespace: *argo_master 23 | instancelabel: rht-labs.com/master-argocd 24 | 25 | # operator manages upgrades etc 26 | operator: 27 | version: argocd-operator.v0.0.15 28 | channel: alpha 29 | name: argocd-operator 30 | 31 | metrics: 32 | enabled: true 33 | prometheus: 34 | version: prometheusoperator.0.47.0 35 | 36 | # https://argocd-operator.readthedocs.io/en/latest/reference/argocd/ 37 | argocd_cr: 38 | version: v2.1.5 39 | accounts: 40 | accounts.admin: login, apiKey 41 | applicationInstanceLabelKey: rht-labs.com/uj 42 | grafana: 43 | enabled: true 44 | route: 45 | enabled: true 46 | size: 1 47 | prometheus: 48 | enabled: true 49 | route: 50 | enabled: true 51 | size: 1 52 | ha: 53 | enabled: false 54 | rbac: 55 | defaultPolicy: role:admin 56 | secrets: [] 57 | server: 58 | route: 59 | enabled: true 60 | autoscale: 61 | enabled: false 62 | service: 63 | type: ClusterIP 64 | initialRepositories: | 65 | - name: redhat-cop 66 | type: helm 67 | url: https://redhat-cop.github.io/helm-charts 68 | -------------------------------------------------------------------------------- /archive/bootstrap/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /archive/bootstrap/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: cluster-bootstrap 3 | description: A Helm chart creating projects for Open Innovation Labs and creating an ArgoCD Instance 4 | type: application 5 | # This is the chart version. This version number should be incremented each time you make changes 6 | version: 0.0.1 7 | # This is the version number of the application being deployed. This version number should be 8 | appVersion: 0.0.1 9 | dependencies: 10 | - name: bootstrap-project 11 | version: "0.0.9" 12 | repository: https://redhat-cop.github.io/helm-charts 13 | - name: argocd-operator 14 | version: "1.1.14" 15 | repository: https://redhat-cop.github.io/helm-charts 16 | - name: sealed-secrets 17 | version: "1.16.1" 18 | repository: https://bitnami-labs.github.io/sealed-secrets 19 | condition: sealed-secrets.enabled 20 | -------------------------------------------------------------------------------- /archive/bootstrap/values-bootstrap.yaml: -------------------------------------------------------------------------------- 1 | # override the `blah` or `` or `` to configure your 2 | # desired namespace. eg `my-dev` etc 3 | # removing the anchor tag will also break things 🏌️‍♂️ 4 | # overriding `ci_cd_namespace` directly using helm will not work 🤥 5 | 6 | bootstrap-project: 7 | enabled: true 8 | ci_cd_namespace: &ci_cd "labs-ci-cd" 9 | pm_namespace: &pm "labs-pm" 10 | ops_namespace: &ops "labs-cluster-ops" 11 | dev_namespace: &dev "labs-dev" 12 | test_namespace: &test "labs-test" 13 | staging_namespace: &stage "labs-staging" 14 | bindings: &binds # this labs-devs is the GROUP NAME in IDM 15 | - name: labs-devs 16 | kind: Group 17 | role: edit 18 | # this labs-admins is the GROUP NAME in IDM 19 | - name: labs-admins 20 | kind: Group 21 | role: admin 22 | - name: jenkins 23 | kind: ServiceAccount 24 | role: admin 25 | namespace: *ci_cd 26 | namespaces: 27 | - name: *ci_cd 28 | bindings: *binds 29 | - name: *pm 30 | bindings: *binds 31 | - name: *ops 32 | bindings: *binds 33 | - name: *dev 34 | bindings: *binds 35 | - name: *test 36 | bindings: *binds 37 | - name: *stage 38 | bindings: *binds 39 | 40 | serviceaccounts: 41 | - name: jenkins 42 | namespace: *ci_cd 43 | 44 | argocd-operator: 45 | enabled: true 46 | name: argocd 47 | namespace: *ci_cd 48 | instancelabel: rht-labs.com/uj 49 | 50 | metrics: 51 | enabled: true 52 | prometheus: 53 | version: prometheusoperator.0.47.0 54 | 55 | # argocd rbac only in listed namespaces 56 | namespaceRoleBinding: 57 | enabled: false 58 | namespaces: 59 | - name: *ci_cd 60 | - name: *pm 61 | - name: *ops 62 | - name: *dev 63 | - name: *test 64 | - name: *stage 65 | 66 | # https://argocd-operator.readthedocs.io/en/latest/reference/argocd/ 67 | argocd_cr: 68 | version: v2.1.5 69 | accounts: 70 | accounts.admin: login, apiKey 71 | applicationInstanceLabelKey: rht-labs.com/uj 72 | grafana: 73 | enabled: true 74 | route: 75 | enabled: true 76 | size: 1 77 | prometheus: 78 | enabled: true 79 | route: 80 | enabled: true 81 | size: 1 82 | ha: 83 | enabled: false 84 | rbac: 85 | defaultPolicy: role:admin 86 | secrets: [] 87 | server: 88 | route: 89 | enabled: true 90 | autoscale: 91 | enabled: false 92 | service: 93 | type: ClusterIP 94 | initialRepositories: | 95 | - name: redhat-cop 96 | type: helm 97 | url: https://redhat-cop.github.io/helm-charts 98 | 99 | sealed-secrets: 100 | # Disabled by default 101 | enabled: false 102 | nameOverride: sealed-secrets 103 | fullnameOverride: sealed-secrets 104 | # namespace must exist, so we use labs-ci-cd by default. 105 | namespace: *ci_cd 106 | # Dont touch the security context values, deployment will fail in OpenShift otherwise. 107 | securityContext: 108 | runAsUser: "" 109 | fsGroup: "" 110 | commandArgs: 111 | - "--update-status=true" 112 | -------------------------------------------------------------------------------- /archive/ubiquitous-journey/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /archive/ubiquitous-journey/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: ubiquitous-journey 3 | description: A Helm chart for ubiquitous-journey 4 | type: application 5 | 6 | # This is the chart version. This version number should be incremented each time you make changes 7 | version: 1.0.1 8 | 9 | # This is the version number of the application being deployed. This version number should be incremented each time you make changes 10 | appVersion: 1.0.0 11 | -------------------------------------------------------------------------------- /archive/ubiquitous-journey/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | 3 | {{- define "platform" -}} 4 | {{- end -}} 5 | -------------------------------------------------------------------------------- /archive/ubiquitous-journey/templates/argoapplicationdeploy.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.applications }} 2 | {{- range $app := .Values.applications }} 3 | {{- if $app.enabled }} 4 | --- 5 | apiVersion: argoproj.io/v1alpha1 6 | kind: Application 7 | metadata: 8 | finalizers: 9 | - resources-finalizer.argocd.argoproj.io 10 | name: {{ $app.name }} 11 | spec: 12 | destination: 13 | namespace: {{ $app.destination | default "labs-ci-cd" }} 14 | server: {{ $app.cluster_api | default "https://kubernetes.default.svc" }} 15 | project: {{ $app.project | default "default" }} 16 | source: 17 | {{- if not $app.no_helm }} 18 | helm: 19 | releaseName: {{ $app.name }} 20 | {{- if $app.helm_values }} 21 | valueFiles: 22 | {{- toYaml $app.helm_values | nindent 8 }} 23 | {{- end }} 24 | {{- if $app.values }} 25 | values: | 26 | {{- toYaml $app.values | nindent 8 }} 27 | {{- end }} 28 | {{- end }} 29 | {{- if $app.source_path }} 30 | path: {{ $app.source_path }} 31 | {{- end }} 32 | repoURL: {{ $app.source }} 33 | targetRevision: {{ $app.source_ref | default "master" }} 34 | {{- if $app.chart_name }} 35 | chart: {{ $app.chart_name }} 36 | {{- end}} 37 | {{- if $app.sync_policy }} 38 | {{- toYaml $app.sync_policy | nindent 2 }} 39 | {{- end }} 40 | {{- if $app.ignore_differences}} 41 | ignoreDifferences: 42 | {{ toYaml $app.ignore_differences | indent 2 }} 43 | {{- end }} 44 | {{- end }} 45 | {{- end }} 46 | {{- end }} 47 | -------------------------------------------------------------------------------- /archive/ubiquitous-journey/values-day2ops.yaml: -------------------------------------------------------------------------------- 1 | destination: &ops_ns labs-cluster-ops 2 | 3 | ############## 4 | # 🐙 Argo Sync Policy 5 | ############# 6 | sync_policy_true: &sync_policy_true 7 | syncPolicy: 8 | automated: 9 | prune: true 10 | selfHeal: true 11 | syncOptions: 12 | - Validate=true 13 | 14 | sync_policy_no_selfheal: &sync_policy_no_selfheal 15 | syncPolicy: 16 | automated: 17 | prune: true 18 | selfHeal: false 19 | syncOptions: 20 | - Validate=true 21 | 22 | applications: 23 | # Prune OpenShift Images 24 | - name: prune-images 25 | enabled: true 26 | source: https://github.com/redhat-cop/openshift-management.git 27 | source_path: charts/cronjob-prune-images/ 28 | sync_policy: *sync_policy_true 29 | destination: *ops_ns 30 | source_ref: "v3.11.8" 31 | values: 32 | namespace: *ops_ns 33 | # Prune OpenShift Builds 34 | - name: prune-builds 35 | enabled: true 36 | source: https://github.com/redhat-cop/openshift-management.git 37 | source_path: charts/cronjob-prune-builds-deployments/ 38 | sync_policy: *sync_policy_true 39 | destination: *ops_ns 40 | source_ref: "master" 41 | values: 42 | namespace: *ops_ns 43 | prune_type: builds 44 | # Prune OpenShift Deployments 45 | - name: prune-deployments 46 | enabled: true 47 | source: https://github.com/redhat-cop/openshift-management.git 48 | source_path: charts/cronjob-prune-builds-deployments/ 49 | sync_policy: *sync_policy_true 50 | destination: *ops_ns 51 | source_ref: "master" 52 | values: 53 | namespace: *ops_ns 54 | prune_type: deployments 55 | # Network Policies for Emulating Multitenancy 56 | - name: network-policy 57 | enabled: false 58 | source: https://github.com/redhat-cop/helm-charts.git 59 | source_path: charts/network-policy 60 | sync_policy: *sync_policy_true 61 | destination: *ops_ns 62 | source_ref: "networkpolicy-1.0.0" 63 | 64 | -------------------------------------------------------------------------------- /archive/ubiquitous-journey/values-extratooling.yaml: -------------------------------------------------------------------------------- 1 | destination_pm: &pm_ns labs-pm 2 | destination_ci_cd: &ci_cd_ns labs-ci-cd 3 | 4 | ############## 5 | # 🐙 Argo Sync Policy 6 | ############# 7 | sync_policy_true: &sync_policy_true 8 | syncPolicy: 9 | automated: 10 | prune: true 11 | selfHeal: true 12 | syncOptions: 13 | - Validate=true 14 | 15 | sync_policy_no_selfheal: &sync_policy_no_selfheal 16 | syncPolicy: 17 | automated: 18 | prune: true 19 | selfHeal: false 20 | syncOptions: 21 | - Validate=true 22 | 23 | applications: 24 | # Wekan 25 | - name: wekan 26 | enabled: true 27 | source: https://github.com/wekan/wekan.git 28 | source_path: helm/wekan 29 | sync_policy: *sync_policy_true 30 | destination: *pm_ns 31 | source_ref: "v4.41" 32 | values: 33 | service: 34 | type: ClusterIP 35 | autoscaling: 36 | enabled: false 37 | mongodb-replicaset: 38 | replicas: 1 39 | securityContext: 40 | runAsUser: "" 41 | fsGroup: "" 42 | ingress: 43 | enabled: false 44 | route: 45 | enabled: true 46 | # Mattermost 47 | - name: mattermost 48 | enabled: true 49 | source: https://github.com/mattermost/mattermost-helm.git 50 | source_path: charts/mattermost-team-edition 51 | destination: *pm_ns 52 | source_ref: "mattermost-team-edition-3.16.0" 53 | values: 54 | route: 55 | enabled: true 56 | mysql: 57 | mysqlRootPassword: "mysqlpass" 58 | mysqlUser: "mattermost" 59 | mysqlPassword: "matterpass" 60 | # Etherpad 61 | - name: etherpad 62 | enabled: true 63 | source: https://github.com/redhat-cop/helm-charts.git 64 | source_path: charts/etherpad 65 | destination: *pm_ns 66 | source_ref: "etherpad-0.0.7" 67 | sync_policy: *sync_policy_true 68 | # Dev-Ex Dashboard 69 | - name: dev-ex-dashboard 70 | enabled: true 71 | source: https://github.com/redhat-cop/helm-charts.git 72 | source_path: charts/dev-ex-dashboard 73 | destination: *pm_ns 74 | source_ref: "dev-ex-dashboard-0.0.2" 75 | sync_policy: *sync_policy_no_selfheal 76 | ignore_differences: 77 | - group: apps.openshift.io 78 | kind: DeploymentConfig 79 | jsonPointers: 80 | - /spec/template/spec/containers/0/image 81 | - /spec/triggers/0/imageChangeParams/lastTriggeredImage 82 | - group: "" 83 | kind: ConfigMap 84 | jsonPointers: 85 | - /data 86 | # Owncloud 87 | - name: owncloud 88 | enabled: true 89 | source: https://github.com/redhat-cop/helm-charts.git 90 | source_path: charts/owncloud 91 | destination: *pm_ns 92 | source_ref: "owncloud-0.0.2" 93 | sync_policy: *sync_policy_true 94 | values: 95 | route: 96 | enabled: true 97 | hostname: owncloud.apps.hivec.sandbox1559.opentlc.com 98 | ignore_differences: 99 | - group: apps.openshift.io 100 | kind: DeploymentConfig 101 | jsonPointers: 102 | - /spec/template/spec/containers/0/image 103 | - /spec/triggers/0/imageChangeParams/lastTriggeredImage 104 | # Hashicorp Vault 105 | - name: vault 106 | enabled: true 107 | source: https://github.com/hashicorp/vault-helm.git 108 | source_path: . 109 | source_ref: "v0.7.0" 110 | destination: *ci_cd_ns 111 | sync_policy: *sync_policy_true 112 | values: 113 | global: 114 | tlsDisable: false 115 | openshift: true 116 | injector: 117 | enabled: false 118 | route: 119 | enabled: true 120 | host: '""' 121 | server: 122 | service: 123 | annotations: 124 | service.beta.openshift.io/serving-cert-secret-name: vault-tls 125 | extraVolumes: 126 | - type: secret 127 | name: vault-tls 128 | standalone: 129 | config: | 130 | ui = true 131 | listener "tcp" { 132 | address = "[::]:8200" 133 | cluster_address = "[::]:8201" 134 | tls_cert_file = "/vault/userconfig/vault-tls/tls.crt" 135 | tls_key_file = "/vault/userconfig/vault-tls/tls.key" 136 | } 137 | storage "file" { 138 | path = "/vault/data" 139 | } 140 | ignore_differences: 141 | - group: route.openshift.io 142 | kind: Route 143 | jsonPointers: 144 | - /status/ingress 145 | - /spec/host 146 | -------------------------------------------------------------------------------- /archive/ubiquitous-journey/values-tooling.yaml: -------------------------------------------------------------------------------- 1 | destination: &ci_cd_ns labs-ci-cd 2 | 3 | ############## 4 | # 🐙 Argo Sync Policy 5 | ############# 6 | sync_policy_true: &sync_policy_true 7 | syncPolicy: 8 | automated: 9 | prune: true 10 | selfHeal: true 11 | syncOptions: 12 | - Validate=true 13 | 14 | sync_policy_no_selfheal: &sync_policy_no_selfheal 15 | syncPolicy: 16 | automated: 17 | prune: true 18 | selfHeal: false 19 | syncOptions: 20 | - Validate=true 21 | 22 | ############## 23 | # 🛎 Argo App of Apps declaration 24 | ############# 25 | # enabled true on an app is to tell helm to create an argo app cr for this item 26 | # Custom values override the default values in Helm Charts 27 | applications: 28 | # Nexus 29 | - name: nexus 30 | enabled: false 31 | source: https://redhat-cop.github.io/helm-charts 32 | chart_name: sonatype-nexus 33 | source_path: "" 34 | source_ref: "1.1.1" 35 | sync_policy: *sync_policy_true 36 | destination: *ci_cd_ns 37 | values: 38 | persistence: 39 | storageSize: 16Gi 40 | ignore_differences: 41 | - group: route.openshift.io 42 | kind: Route 43 | jsonPointers: 44 | - /status/ingress 45 | # Jenkins 46 | - name: jenkins 47 | enabled: true 48 | source: https://github.com/redhat-cop/helm-charts.git 49 | source_path: charts/jenkins 50 | source_ref: "jenkins-0.0.21" 51 | sync_policy: *sync_policy_true 52 | destination: *ci_cd_ns 53 | values: 54 | persistence: false 55 | source_secrets: 56 | - name: git-auth 57 | username: idm-sa 58 | password: thisisdefinitelynotmypassword🦆🦆🦆 59 | - name: nexus-password 60 | username: admin 61 | password: admin123 62 | - name: argocd-token 63 | username: token 64 | password: aaa.bbb.ccc 65 | ignore_differences: 66 | - group: apps.openshift.io 67 | kind: DeploymentConfig 68 | jsonPointers: 69 | - /spec/template/spec/containers/0/image 70 | - /spec/triggers/0/imageChangeParams/lastTriggeredImage 71 | - group: build.openshift.io 72 | kind: BuildConfig 73 | jsonPointers: 74 | - /spec/triggers 75 | # Pact-broker 76 | - name: pact-broker 77 | enabled: true 78 | source: https://github.com/redhat-cop/helm-charts.git 79 | source_path: charts/pact-broker 80 | source_ref: "pact-broker-0.0.3" 81 | sync_policy: *sync_policy_true 82 | destination: *ci_cd_ns 83 | values: 84 | # update the passwords :) 85 | 86 | # Sonarqube 87 | - name: sonarqube 88 | enabled: true 89 | source: https://github.com/redhat-cop/helm-charts.git 90 | source_path: charts/sonarqube 91 | source_ref: "sonarqube-0.0.17" 92 | sync_policy: *sync_policy_true 93 | destination: *ci_cd_ns 94 | values: 95 | initContainers: true 96 | plugins: 97 | install: 98 | - https://github.com/checkstyle/sonar-checkstyle/releases/download/8.35/checkstyle-sonar-plugin-8.38.jar 99 | - https://repo1.maven.org/maven2/org/sonarsource/java/sonar-java-plugin/6.9.0.23563/sonar-java-plugin-6.9.0.23563.jar 100 | - https://repo1.maven.org/maven2/org/sonarsource/jacoco/sonar-jacoco-plugin/1.1.0.898/sonar-jacoco-plugin-1.1.0.898.jar 101 | - https://github.com/dependency-check/dependency-check-sonar-plugin/releases/download/2.0.7/sonar-dependency-check-plugin-2.0.7.jar 102 | - https://github.com/SonarSource/SonarJS/releases/download/6.2.2.13315/sonar-javascript-plugin-6.2.2.13315.jar 103 | - https://github.com/SonarSource/SonarTS/releases/download/2.1.0.4359/sonar-typescript-plugin-2.1.0.4362.jar 104 | 105 | # CodeReady Workspaces 106 | - name: crw 107 | enabled: true 108 | destination: crw 109 | source: https://github.com/rht-labs/refactored-adventure 110 | source_path: crw/base 111 | source_ref: master 112 | sync_policy: *sync_policy_no_selfheal 113 | no_helm: true 114 | ignore_differences: 115 | - group: org.eclipse.che 116 | kind: CheCluster 117 | jsonPointers: 118 | - /spec 119 | # Zalenium 120 | - name: zalenium 121 | enabled: true 122 | source: https://github.com/zalando/zalenium.git 123 | source_path: charts/zalenium 124 | source_ref: "master" 125 | sync_policy: *sync_policy_true 126 | destination: *ci_cd_ns 127 | values: 128 | hub: 129 | serviceType: ClusterIP 130 | openshift: 131 | deploymentConfig: 132 | enabled: true 133 | route: 134 | enabled: true 135 | tls: 136 | termination: edge 137 | insecureEdgeTerminationPolicy: Redirect 138 | persistence: 139 | enabled: false 140 | serviceAccount: 141 | create: false 142 | desiredContainers: 0 143 | podAnnotations: 144 | app: zalenium 145 | 146 | # Hoverfly 147 | - name: hoverfly 148 | enabled: true 149 | source: https://github.com/helm/charts.git 150 | source_path: incubator/hoverfly 151 | sync_policy: *sync_policy_true 152 | destination: *ci_cd_ns 153 | source_ref: "master" 154 | values: 155 | replicaCount: "1" 156 | openshift: 157 | route: 158 | admin: 159 | enabled: true 160 | hostname: "" 161 | proxy: 162 | enabled: true 163 | hostname: "" 164 | ignore_differences: 165 | - group: route.openshift.io 166 | kind: Route 167 | jsonPointers: 168 | - /status/ingress 169 | - /spec/host 170 | - group: apps/v1 171 | kind: Deployment 172 | jsonPointers: 173 | - /spec/replicas 174 | # Tekton 175 | - name: tekton 176 | enabled: true 177 | destination: openshift-operators 178 | source: https://github.com/rht-labs/refactored-adventure 179 | source_path: tekton/base 180 | source_ref: master 181 | sync_policy: *sync_policy_true 182 | no_helm: true 183 | # Pelorus-operators 184 | - name: pelorus-operators 185 | enabled: true 186 | source: https://github.com/konveyor/pelorus.git 187 | source_path: charts/operators 188 | source_ref: master 189 | destination: *ci_cd_ns 190 | sync_policy: 191 | *sync_policy_true 192 | ignore_differences: 193 | - group: route.openshift.io 194 | kind: Route 195 | jsonPointers: 196 | - /status/ingress 197 | - /spec/host 198 | # Pelorus 199 | - name: pelorus 200 | enabled: true 201 | source: https://github.com/konveyor/pelorus.git 202 | source_path: charts/pelorus 203 | source_ref: master 204 | destination: *ci_cd_ns 205 | sync_policy: 206 | *sync_policy_true 207 | values: 208 | openshift_prometheus_htpasswd_auth: internal:{SHA}TIYUhgUHdhYp1zfn3WRbwAxr478= 209 | openshift_prometheus_basic_auth_pass: thisisdefinitelynotmypassword 210 | ignore_differences: 211 | - group: route.openshift.io 212 | kind: Route 213 | jsonPointers: 214 | - /status/ingress 215 | - /spec/host 216 | # Microcks 217 | - name: microcks 218 | enabled: false 219 | destination: microcks 220 | source: https://github.com/rht-labs/refactored-adventure 221 | source_path: microcks/base 222 | source_ref: master 223 | sync_policy: *sync_policy_true 224 | no_helm: true -------------------------------------------------------------------------------- /argo-generate-token.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | if [ -z ${1} ]; then 4 | echo "\n🤥 No namespace found, please pass this script one 🤥 eg: \n\n./argo-generate-token.sh labs-ci-cd \n" 5 | exit -1 6 | fi 7 | 8 | OC_NAMESPACE=$1 9 | ARGOCD_PASSWD=$(oc get secret argocd-cluster -o jsonpath='{.data.admin\.password}' -n ${OC_NAMESPACE} | base64 -d) 10 | 11 | argocd login --insecure --grpc-web $(oc get routes argocd-server -o jsonpath='{.spec.host}' -n ${OC_NAMESPACE}) \ 12 | --username admin --password ${ARGOCD_PASSWD} 13 | 14 | ARGOCD_TOKEN=$(argocd account generate-token) 15 | 16 | echo "🎟 Token is:" 17 | echo "${ARGOCD_TOKEN}" -------------------------------------------------------------------------------- /argocd-values.yaml: -------------------------------------------------------------------------------- 1 | ignoreHelmHooks: false 2 | 3 | # if using the rh-gitops operator and you want to change the location for the ArgoCD instance to be deployed to: 4 | # It's defaulted to labs-ci-cd on the chart anyways 5 | namespaces: 6 | - labs-ci-cd 7 | 8 | # example 9 | secrets: 10 | - name: git-auth 11 | username: 'user' 12 | password: 'pass1234' 13 | sshPrivateKey: '' 14 | 15 | argocd_cr: 16 | repositoryCredentials: | 17 | - url: https://gitlab-ce.apps.openshift-498-bd8hw.do500.redhatlabs.dev 18 | type: git 19 | passwordSecret: 20 | key: password 21 | name: git-auth 22 | usernameSecret: 23 | key: username 24 | name: git-auth 25 | -------------------------------------------------------------------------------- /code-of-conduct.md: -------------------------------------------------------------------------------- 1 | # Contributor Covenant Code of Conduct 2 | 3 | ## Our Pledge 4 | 5 | In the interest of fostering an open and welcoming environment, we as 6 | contributors and maintainers pledge to making participation in our 7 | project and our community a harassment-free experience for everyone, 8 | regardless of age, body size, disability, ethnicity, gender identity and 9 | expression, level of experience, nationality, personal appearance, race, 10 | religion, or sexual identity and orientation. 11 | 12 | ## Our Standards 13 | 14 | Examples of behavior that contributes to creating a positive environment 15 | include: 16 | 17 | * Using welcoming and inclusive language 18 | * Being respectful of differing viewpoints and experiences 19 | * Gracefully accepting constructive criticism 20 | * Focusing on what is best for the community 21 | * Showing empathy towards other community members 22 | 23 | Examples of unacceptable behavior by participants include: 24 | 25 | * The use of sexualized language or imagery and unwelcome sexual 26 | attention or advances 27 | * Trolling, insulting/derogatory comments, and personal or political 28 | attacks 29 | * Public or private harassment 30 | * Publishing others’ private information, such as a physical or 31 | electronic address, without explicit permission 32 | * Other conduct which could reasonably be considered inappropriate in a 33 | professional setting 34 | 35 | ## Our Responsibilities 36 | 37 | Project maintainers are responsible for clarifying the standards of 38 | acceptable behavior and are expected to take appropriate and fair 39 | corrective action in response to any instances of unacceptable behavior. 40 | 41 | Project maintainers have the right and responsibility to remove, edit, 42 | or reject comments, commits, code, wiki edits, issues, and other 43 | contributions that are not aligned to this Code of Conduct, or to ban 44 | temporarily or permanently any contributor for other behaviors that they 45 | deem inappropriate, threatening, offensive, or harmful. 46 | 47 | ## Scope 48 | 49 | This Code of Conduct applies both within project spaces and in public 50 | spaces when an individual is representing the project or its community. 51 | Examples of representing a project or community include using an 52 | official project e-mail address, posting via an official social media 53 | account, or acting as an appointed representative at an online or 54 | offline event. Representation of a project may be further defined and 55 | clarified by project maintainers. 56 | 57 | ## Enforcement 58 | 59 | Instances of abusive, harassing, or otherwise unacceptable behavior may 60 | be reported by contacting the project team at hello-labs@redhat.com. 61 | All complaints will be reviewed and investigated and will result in a 62 | response that is deemed necessary and appropriate to the circumstances. 63 | The project team is obligated to maintain confidentiality with regard to 64 | the reporter of an incident. Further details of specific enforcement 65 | policies may be posted separately. 66 | 67 | Project maintainers who do not follow or enforce the Code of Conduct in 68 | good faith may face temporary or permanent repercussions as determined 69 | by other members of the project’s leadership. 70 | 71 | ## Attribution 72 | 73 | This Code of Conduct is adapted from the 74 | https://www.contributor-covenant.org[Contributor Covenant], version 1.4, 75 | available at 76 | https://www.contributor-covenant.org/version/1/4/code-of-conduct.html 77 | -------------------------------------------------------------------------------- /docs/argocd-install.md: -------------------------------------------------------------------------------- 1 | ## Common Errors when installing ArgoCD 2 | 3 | If you get an error such as this: 4 | 5 | ```bash 6 | Error: rendered manifests contain a resource that already exists. Unable to continue with install: Subscription "openshift-gitops-operator" in namespace "openshift-operators" exists and cannot be imported into the current release: invalid ownership metadata;..... 7 | ``` 8 | 9 | when installing argocd; it is because the `openshift-gitops-operator` has already been installed into your cluster. 10 | 11 | This means the APIs provided by it (such as `ArgoCD`, `Application`, `ArgoProject` etc) are already available for us to consume. We can update the Cluster instance of ArgoCD to allow it deploy a new ClusterScoped instance to our namespace. 12 | 13 | ```bash 14 | ./patch-gitops-operator.sh labs-ci-cd 15 | ``` 16 | 17 | Then simply run the install command by passing in the parameter `--set operator=null` to the chart to not install the operator but only create an instance in your provided namespace. 18 | 19 | OR 20 | 21 | If you have installed the GitOps operator manually by using the Operator Hub and OLM in the OpenShift UIand install via UI, you should store the configuration of the ArgoCD Custom Resource instance definition for repeatability. 22 | 23 | You can also edit the subscription manually to enable or disable the default argocd instance and then allow ClusterScoped instances be created in any project. 24 | 25 | ```yaml 26 | # oc edit subscription/openshift-gitops-operator -n openshift-operators 27 | spec: 28 | config: 29 | env: 30 | - name: DISABLE_DEFAULT_ARGOCD_INSTANCE 31 | value: "true" 32 | - name: ARGOCD_CLUSTER_CONFIG_NAMESPACES 33 | value: labs-ci-cd # YOUR COMMA SEPARATED LIST OF NAMESPACES THAT YOU WANT CLUSTER SCOPED ARGOCD's DEPLOYED IN 34 | channel: stable 35 | installPlanApproval: Automatic 36 | name: openshift-gitops-operator 37 | source: redhat-operators 38 | sourceNamespace: openshift-marketplace 39 | ``` 40 | -------------------------------------------------------------------------------- /docs/argocd-master-child.md: -------------------------------------------------------------------------------- 1 | ## ArgoCD Master and Child 👩‍👦 2 | 3 | ![child-master](images/child-master.png) 4 | 5 | 1. Deploy a master instance of argocd if you do not already have one. This is deployed into the `master-argocd` project. 6 | ``` 7 | helm upgrade --install bootstrap -f bootstrap-master/values-bootstrap.yaml bootstrap --create-namespace --namespace labs-bootstrap 8 | ``` 9 | 10 | 2. Login to your ArgoCD master and run to create a new project to manage deployments in the Lab's namespace along with the repositories to be allowed pull from: 11 | ```bash 12 | argocd login $(oc get route argocd-server --template='{{ .spec.host }}' -n master-argocd):443 --sso --insecure 13 | 14 | argocd proj create bootstrap-journey \ 15 | -d https://kubernetes.default.svc,master-argocd \ 16 | -d https://kubernetes.default.svc,labs-ci-cd \ 17 | -d https://kubernetes.default.svc,labs-dev \ 18 | -d https://kubernetes.default.svc,labs-test \ 19 | -d https://kubernetes.default.svc,labs-staging \ 20 | -d https://kubernetes.default.svc,labs-pm \ 21 | -d https://kubernetes.default.svc,labs-cluster-ops \ 22 | -s https://github.com/rht-labs/ubiquitous-journey.git \ 23 | -s https://github.com/rht-labs/refactored-adventure.git \ 24 | -s https://github.com/redhat-cop/helm-charts.git 25 | ``` 26 | 27 | 3. You will require elevated permissions in the master argocd project: 28 | ```bash 29 | argocd proj allow-cluster-resource bootstrap-journey "*" "*" 30 | ``` 31 | 32 | 4. Create your ArgoCD App for `bootrstrap` in your `master-argocd` namespace and sync it! 33 | ```bash 34 | argocd app create bootstrap-journey \ 35 | --project bootstrap-journey \ 36 | --dest-namespace master-argocd \ 37 | --dest-server https://kubernetes.default.svc \ 38 | --repo https://github.com/rht-labs/ubiquitous-journey.git \ 39 | --sync-policy automated \ 40 | --path "bootstrap" \ 41 | --values "values-bootstrap.yaml" 42 | ``` 43 | 44 | 5. Your new ArgoCD instance should spin up. You can now connect your `ubiquitous-journey` or `example-deployment` to it by following the instructions above. 45 | 46 | ## Restricted Children 47 | 48 | There are two main roles in argocd, the `argocd-server` role is used in the ArgoCD UI, and the `argocd-application-controller` role is used by the server pods: 49 | - oc edit clusterrole argocd-server 50 | - oc edit clusterrole argocd-application-controller 51 | 52 | By default we give argocd `cluster-admin` privileges. We usually want this for the `master-argocd` but not for any children argo's such as argocd in the `labs-ci-cd` namespace. 53 | 54 | The chart supports restricting the `argocd-application-controller` cluster role binding to the default `ClusterRole` installed by the operator which is: 55 | ```yaml 56 | kind: ClusterRole 57 | rules: 58 | - apiGroups: 59 | - '*' 60 | resources: 61 | - '*' 62 | verbs: 63 | - get 64 | - list 65 | - watch 66 | - nonResourceURLs: 67 | - '*' 68 | verbs: 69 | - get 70 | - list 71 | ``` 72 | 73 | We can set the `namespaceRoleBinding.enabled` flag in Step 4 above, by doing: 74 | ```bash 75 | # 4. Create your ArgoCD App for `bootrstrap` in your `master-argocd` namespace and sync it! 76 | argocd app create bootstrap-journey \ 77 | --project bootstrap-journey \ 78 | --dest-namespace master-argocd \ 79 | --dest-server https://kubernetes.default.svc \ 80 | --repo https://github.com/rht-labs/ubiquitous-journey.git \ 81 | --sync-policy automated \ 82 | --path "bootstrap" \ 83 | --helm-set argocd-operator.namespaceRoleBinding.enabled=true \ 84 | --values "values-bootstrap.yaml" 85 | ``` 86 | 87 | We can test that we can't do `cluster-admin` type things (like install cluster operators), for example this will fail: 88 | ```bash 89 | oc project labs-ci-cd 90 | argocd login $(oc get route argocd-server --template='{{ .spec.host }}' -n labs-ci-cd):443 --sso --insecure 91 | argocd app create tekton \ 92 | --repo https://github.com/rht-labs/refactored-adventure.git \ 93 | --path tekton/base \ 94 | --dest-server https://kubernetes.default.svc \ 95 | --dest-namespace openshift-operators \ 96 | --revision master \ 97 | --sync-policy automated 98 | ``` 99 | With an error: 100 | ```bash 101 | subscriptions.operators.coreos.com is forbidden: User "system:serviceaccount:labs-ci-cd:argocd-argocd-application-controller" cannot create resource "subscriptions" in API group "operators.coreos.com" in the namespace "openshift-operators" 102 | ``` 103 | 104 | You can install the `tekton` app in the `master-argocd` instance though. 105 | 106 | If you restrict the children, you will also want to control which adult users and groups have admin/edit RBAC onto the `master-argocd` and `labs-bootstrap` projects accordingly! 107 | -------------------------------------------------------------------------------- /docs/bootstrap-argocd.md: -------------------------------------------------------------------------------- 1 | ## Bootstrap projects and ArgoCD 🍻 2 | 3 | ![bootstrap-uj](images/bootstrap-uj.png) 4 | 5 | The `bootstrap` helm chart will create your **Labs's CI/CD**, **Dev**, **Test** and **Staging** namespaces. Fill them with service accounts and normal role bindings as defined in the [bootstrap project helm chart](https://github.com/redhat-cop/helm-charts/blob/master/charts/bootstrap-project/values.yaml). You can override them by updating any of the values in `bootstrap/values-bootstrap.yaml` before running `helm template`. 6 | It will also deploy an ArgoCD Instance into one of these namespaces (default to `labs-ci-cd`) along with an instance of Sealed Secrets by Bitnami if enabled (default disabled). 7 | 8 | If you want to override namespaces see [Deploy to a custom namespace](deploy-custom-namespace.md). 9 | 10 | 1. Bring down the chart dependencies and install `bootstrap` helm chart in a sweet oneliner 🍾: 11 | ```bash 12 | helm upgrade --install bootstrap -f bootstrap/values-bootstrap.yaml bootstrap --create-namespace --namespace labs-bootstrap 13 | ``` 14 | 15 | 2. Because this is GitOps we should manage the config of these roles, projects and ArgoCD itself by adding it to our newly created ArgoCD instance. This means all future changes to these can be tracked and managed in Git! Login to Argo and run the following command. 16 | 17 | To login with argocd from CLI using sso: 18 | ```bash 19 | argocd login $(oc get route argocd-server --template='{{ .spec.host }}' -n labs-ci-cd):443 --sso --insecure 20 | ``` 21 | else if no sso: 22 | ```bash 23 | argocd login --grpc-web $(oc get routes argocd-server -o jsonpath='{.spec.host}' -n labs-ci-cd) --insecure 24 | ``` 25 | 26 | Finally create the Argo app `bootstrap-journey`: 27 | ```bash 28 | argocd app create bootstrap-journey \ 29 | --dest-namespace labs-ci-cd \ 30 | --dest-server https://kubernetes.default.svc \ 31 | --repo https://github.com/rht-labs/ubiquitous-journey.git \ 32 | --path "bootstrap" --values "values-bootstrap.yaml" 33 | ``` 34 | 35 | By default the ArgoCD service account use Cluster wide RoleBindings. Namespace control can be restricted in the bootstrap values. This will prevent certain actions by ArgoCD (e.g. operator CRD deployments) and not all of the listed applications may work (e.g. Tekton, CRW): 36 | ``` 37 | # argocd rbac only in listed namespaces 38 | namespaceRoleBinding: 39 | enabled: true 40 | namespaces: 41 | - name: *ci_cd 42 | - name: *dev 43 | - name: *test 44 | - name: *stage 45 | ``` 46 | 47 | You can cleanup the boostrap by running: 48 | ```bash 49 | helm delete bootstrap --namespace labs-bootstrap --debug 50 | ``` 51 | 52 | ### Tooling for Application Development 🦅 53 | ![ubiquitous-journey](images/ubiquitous-journey.png) 54 | 55 | Our standard approach is to deploy related toolings into same namespaces. There are two ways you can deploy this project - as an Argo App of Apps or a helm3 template. 56 | 57 | ##### (A) Deploy using argo app of apps ... 58 | See: [ArgoCD App of Apps approach](https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#app-of-apps) 59 | * Deploy the base tooling for building out CI/CD pipelines to the `labs-ci-cd` namespace. 60 | ```bash 61 | argocd app create ubiquitous-journey \ 62 | --dest-namespace labs-ci-cd \ 63 | --dest-server https://kubernetes.default.svc \ 64 | --repo https://github.com/rht-labs/ubiquitous-journey.git \ 65 | --path "ubiquitous-journey" --values "values-tooling.yaml" 66 | argocd app sync ubiquitous-journey 67 | ``` 68 | 69 | * There is a separate set of tools which can also be added to your stack. These include some project management and supplimental things such as `Wekan` or `Mattermost`. By default they will be deployed to the `lab-pm` namespace. To create these run the following commmand: 70 | ```bash 71 | argocd app create uj-extras \ 72 | --dest-namespace labs-ci-cd \ 73 | --dest-server https://kubernetes.default.svc \ 74 | --repo https://github.com/rht-labs/ubiquitous-journey.git \ 75 | --path "ubiquitous-journey" --values "values-extratooling.yaml" 76 | argocd app sync uj-extras 77 | ``` 78 | 79 | * Deploy `day2ops` tasks to monitor and audit the cluster to the `labs-cluster-ops` namespace. 80 | ```bash 81 | argocd app create uj-day2ops \ 82 | --dest-namespace labs-ci-cd \ 83 | --dest-server https://kubernetes.default.svc \ 84 | --repo https://github.com/MY_FORK/ubiquitous-journey.git \ 85 | --path "ubiquitous-journey" --values "values-day2ops.yaml" 86 | argocd app sync uj-day2ops 87 | ``` 88 | 89 | 90 | ##### (B) Deploy using helm ... 91 | ```bash 92 | helm template labs -f argo-app-of-apps.yaml ubiquitous-journey/ | oc apply -f - 93 | ``` 94 | 95 | _If you wanted to create custom namespaces like `my-ci-cd` for all the tooling to be deployed to, the steps are simple. Fork this repo and follow [deploy to a custom namespace](deploy-custom-namespace.md)_ 96 | 97 | ## Example Application Deploy 🌮 98 | ![example-app](images/example-app.png) 99 | 100 | Deploy the example app `pet-battle` using GitOps! This example project serves as a reference of how you could deploy an application as an App of Apps. The app is pre-built and hosted on quay. After you deploy the application for the first time update the `app_tag` to `purple` in `example-deployment/values-applications.yaml` and commit the changes to see GitOps in action! 101 | 102 | Create using helm: 103 | ```bash 104 | helm template catz -f example-deployment/values-applications.yaml example-deployment/ | oc apply -n labs-ci-cd -f - 105 | ``` 106 | or using argocd: 107 | ```bash 108 | argocd app create catz \ 109 | --dest-namespace labs-ci-cd \ 110 | --dest-server https://kubernetes.default.svc \ 111 | --repo https://github.com/rht-labs/ubiquitous-journey.git \ 112 | --path "example-deployment" --values "values-applications.yaml" 113 | argocd app sync catz 114 | ``` 115 | 116 | 117 | ## Cleaning up ArgoCD Apps 🧹 118 | Sometimes ArgoCD `Application` CRs can get stuck after they've been deleted and cause funky issues. 119 | This is particularly annoying while testing with multiple ArgoCD instances. 120 | To *force delete* the application CRs run the `force-delete-application-cr.sh` script pointing to the namespace your `Application` CRs are stored. This will remove the `Finalizers`. 121 | ```bash 122 | oc login ... 123 | ./force-delete-application-cr.sh labs-ci-cd 124 | ``` 125 | 126 | ## Metrics 📉 127 | 128 | By setting `argocd.metrics.enabled: true` in `values-bootstrap.yaml`, promethus and grafana are deployed by the operator to capture argocd metrics. 129 | 130 | An example of the latest grafana dashboard for argocd is available here 131 | - https://raw.githubusercontent.com/argoproj/argo-cd/master/examples/dashboard.json 132 | 133 | -------------------------------------------------------------------------------- /docs/deploy-custom-namespace.md: -------------------------------------------------------------------------------- 1 | ## Deploy to a custom namespace 🦴 2 | Because this is GitOps to make changes to the namespaces etc, they should really be committed to git! For example, if you wanted to create a `my-ci-cd` namespace for all the tooling to be deployed to, the steps are simple. Fork this repo and make the following changes there: 3 | 4 | 1. Run `set-namespace.sh $ci_cd $dev $test $staging` where `$ci_cd $dev $test $staging` are the namespaces you would like to bootstrap eg `./set-namespace.sh my-ci-cd my-dev my-test my-staging`. This will update the following files: 5 | * `bootstrap/values-bootstrap.yaml`: the `ci_cd_namespace` and argocd namespace `namespace: "my-ci-cd"`. 6 | * `ubiquitous-journey/values-tooling.yaml`: the `destination: &ci_cd_ns my-ci-cd` 7 | * `example-deployment/values-applications.yaml`: the `destination: &ci_cd_ns my-dev` 8 | * `argo-app-of-apps.yaml`: the `destination: my-ci-cd` 9 | 10 | 2. Manually update `argo-app-of-apps.yaml` to point `source:` to `MY FORK` instead of `rht-labs`. Update the branch from `master` to your `branchname` if you are not on master in your fork. 11 | 12 | 3. 🌈If there is more than one ArgoCD instance in your cluster, update `instancelabel` parameter to a unique value in `bootstrap/values-bootstrap.yaml` file. 13 | e.g: `instancelabel: mycompany.com/myapps` 14 | 15 | 4. Git commit this change to your fork and run the following Helm Command: 16 | ```bash 17 | helm template bootstrap --dependency-update -f bootstrap/values-bootstrap.yaml bootstrap | oc apply -f - 18 | ``` 19 | _FYI if you're feeling lazy, you can override the values on the commandline directly but rememeber - this is GitOps 🐙! So don't do that please 😇_ 20 | 21 | 5. Login to ArgoCD as described in [Tooling](bootstrap-argocd.md) section. 22 | 23 | 6. Run argo create app replacing `MY_FORK` as appropriate 24 | ```bash 25 | argocd app create ubiquitous-journey \ 26 | --dest-namespace my-ci-cd \ 27 | --dest-server https://kubernetes.default.svc \ 28 | --repo https://github.com/MY_FORK/ubiquitous-journey.git \ 29 | --path "ubiquitous-journey" --values "values-tooling.yaml" 30 | argocd app sync ubiquitous-journey 31 | ``` 32 | Or if you're using just helm3 cli to instead of `argocd` cli 33 | ``` 34 | helm template -f argo-app-of-apps.yaml ubiquitous-journey/ | oc apply -f - 35 | ``` 36 | 37 | If you're looking to deploy the extra tooling too, the command is the same as above but pointing to the correct project: 38 | ```bash 39 | argocd app create uj-extras \ 40 | --dest-namespace my-ci-cd \ 41 | --dest-server https://kubernetes.default.svc \ 42 | --repo https://github.com/MY_FORK/ubiquitous-journey.git \ 43 | --path "ubiquitous-journey" --values "values-extratooling.yaml" 44 | argocd app sync uj-extras 45 | ``` 46 | 47 | 7. Deploy `day2ops` tasks to monitor and audit the cluster 48 | ```bash 49 | argocd app create uj-day2ops \ 50 | --dest-namespace my-ci-cd \ 51 | --dest-server https://kubernetes.default.svc \ 52 | --repo https://github.com/MY_FORK/ubiquitous-journey.git \ 53 | --path "ubiquitous-journey" --values "values-day2ops.yaml" 54 | argocd app sync uj-day2ops 55 | ``` -------------------------------------------------------------------------------- /docs/help.md: -------------------------------------------------------------------------------- 1 | ## Help me 2 | 3 | ### Not automated yet ... 4 | 5 | - [ ] Create ArgoCD token in UI or on CMD Line. Update config map to give `apiKey` capability to the admin account. Then generate token (ui or cli). Use `basic-auth` secret type with `username: token` and `password: aaa.bbb.ccc` as Jenkins will give you a JSON object if you just use `opaque`. This way you get the vars `ARGOCD_CREDS_PSW` and you're away. Note ArgoCD Admin passwd is now stored in a secret called 6 | 7 | ```bash 8 | $ oc edit cm argocd-cm 9 | 10 | data: 11 | accounts.admin: apiKey 12 | 13 | $ argocd account generate-token --account admin 14 | ``` 15 | 16 | - [ ] `dummy-sa` should become `jenkins` :wink: 17 | 18 | - [ ] Generate GITHUB personal access token or whatever to be able to push git updates as part of jenkins workflow 19 | -------------------------------------------------------------------------------- /docs/images/argocd-uj.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rht-labs/ubiquitous-journey/cff6a070656507f5b465130af34f01d2595351a3/docs/images/argocd-uj.png -------------------------------------------------------------------------------- /docs/images/bootstrap-uj.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rht-labs/ubiquitous-journey/cff6a070656507f5b465130af34f01d2595351a3/docs/images/bootstrap-uj.png -------------------------------------------------------------------------------- /docs/images/child-master.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rht-labs/ubiquitous-journey/cff6a070656507f5b465130af34f01d2595351a3/docs/images/child-master.png -------------------------------------------------------------------------------- /docs/images/example-app.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rht-labs/ubiquitous-journey/cff6a070656507f5b465130af34f01d2595351a3/docs/images/example-app.png -------------------------------------------------------------------------------- /docs/images/ubiquitous-journey.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rht-labs/ubiquitous-journey/cff6a070656507f5b465130af34f01d2595351a3/docs/images/ubiquitous-journey.png -------------------------------------------------------------------------------- /docs/sealed-secrets.md: -------------------------------------------------------------------------------- 1 | # Sealed Secrets Help 2 | 3 | ## 🕵️‍♀️ Generate Sealed Secrets: 4 | To generate your sealed secret from your secret: 5 | 6 | 1. Install `kubeseal` using the [instructions](https://github.com/bitnami-labs/sealed-secrets/releases) 7 | 2. Log into the cluster where Sealed Secrets is deployed and take note of the namespace (deaults to `labs-ci-cd`) 8 | 3. Process your existing secret eg this nexus secret using the kubeseal command line. Important to set the correct namespace otherwise the secret will not unseal 9 | ```bash 10 | cat << EOF > /tmp/nexus-password.yaml 11 | --- 12 | apiVersion: v1 13 | kind: Secret 14 | metadata: 15 | name: nexus-password 16 | labels: 17 | credential.sync.jenkins.openshift.io: "true" 18 | type: "kubernetes.io/basic-auth" 19 | stringData: 20 | password: "admin123" 21 | username: "admin" 22 | EOF 23 | ``` 24 | ```bash 25 | kubeseal < /tmp/nexus-password.yaml > /tmp/sealed-nexus-password.yaml \ 26 | -n labs-ci-cd \ 27 | --controller-namespace labs-ci-cd \ 28 | --controller-name sealed-secrets \ 29 | -o yaml 30 | ``` 31 | 4. You can now apply that secret straight to the cluster for validation but you _should_ add it in using ArgoCD by committing it to Git :) 32 | ``` bash 33 | cat /tmp/sealed-nexus-password.yaml | oc apply -n labs-ci-cd -f- 34 | ``` 35 | 5. Set your UJ Jenkins secrets as follows using the output of the secret generation step 36 | ```yaml 37 | jenkins_values: &jenkins_values 38 | source_secrets: {} 39 | sealed_secrets: 40 | - name: git-auth 41 | password: AgAD+uOI5aCI9YKU2NYt2p7as..... 42 | username: AgCmeFkNTa0tOvXdI+lEjdJmV5u7FVUcn86SFxiUAF6y..... 43 | ``` 44 | 45 | ## 📝 Bring your own certs 46 | See [the docs written](https://github.com/bitnami-labs/sealed-secrets/blob/master/docs/bring-your-own-certificates.md) by @jtudelag on Sealed Secrets site! 47 | -------------------------------------------------------------------------------- /docs/whats-in-the-box.md: -------------------------------------------------------------------------------- 1 | ## What's in the box? 👨 2 | 3 | - Bootstrap - Create new projects and the rolebinding for groups. See the [bootstrap-project chart](https://github.com/redhat-cop/helm-charts/tree/master/charts/bootstrap-project) for more info. The following are created by default 4 | - `labs-ci-cd` to house CI/CD tools such as `Jenkins` and `Nexus` etc 5 | - `labs-dev`, `labs-test` & `labs-staging` as target namespaces for deploying built artifacts 6 | - `labs-pm` to house additional tools to help with project management such as `OwnCloud`, `Wekan` and `Mattermost` 7 | - `labs-cluster-ops` to house cron tasks and other jobs for pruning images and maintaining a healthy platform. 8 | - ArgoCD - Deploys an OpenShift auth enabled Dex Server along with the Operator version of ArgoCD. 9 | - SealedSecrets - Encrypt your Secret into a [SealedSecret](https://github.com/bitnami-labs/sealed-secrets), which is safe to store - even to a public repository. 10 | - Jenkins - Create new custom Jenkins instance along with all the CoP build agents. See the [Jenkins Chart](https://github.com/redhat-cop/helm-charts/tree/master/charts/jenkins) for more info. 11 | - Nexus - Deploy Nexus along with the OpenShift Plugin. See the [Sonatype Nexus Chart](https://github.com/redhat-cop/helm-charts/tree/master/charts/sonatype-nexus) for more info. 12 | - SonarQube - Deploy SonarQube for static code analysis. See the [Sonarqube Chart](https://github.com/redhat-cop/helm-charts/tree/master/charts/sonarqube) for more info. 13 | - Hoverfly - Deploy Hoverfly for Service Virtualisation. See the [Hoverfly Chart](https://github.com/helm/charts/tree/master/incubator/hoverfly) for more info. 14 | - PactBroker - Deploy PactBroker for Contract Testing. See the [Pact Broker Chart](https://github.com/redhat-cop/helm-charts/tree/master/charts/pact-broker) for more info. 15 | - CodeReadyWorkspaces - Deploy Red Hat CodeReadyWorkspaces for an IDE hosted on OpenShift. See the [CRW Kustomize](https://github.com/rht-labs/refactored-adventure) for more info. 16 | - Zalenium - Deploy Zalenium for Selenium Grid Testing on Kubernetes. See the [Zalenium Chart](https://github.com/zalando/zalenium/tree/master/charts/zalenium) for more info. 17 | - Etherpad - Deploy Etherpad Lite for a real-time collaborative text editor. See [Etherpad Lite](https://github.com/ether/etherpad-lite) for more info. 18 | - Mattermost - Deploy Mattermost Team Edition for team collaboration and messaging See the [Mattermost Chart](https://github.com/mattermost/mattermost-helm) for more info. 19 | - Vault - Deploy Vault to securely store and access your secrets. See the [Vault Chart](https://github.com/hashicorp/vault-helm) for more info. 20 | - Wekan - Deploy Wekan to have collaborative kanban boards. See [Wekan Chart](https://github.com/wekan/wekan) for more info. 21 | - Openshift Pipeline - Deploy Openshift Pipeline for cloud-native CI/CD solution based on the open source Tekton project. See [Tekton Kustomize](https://github.com/rht-labs/refactored-adventure) for more info. 22 | - Owncloud - Deploy Owncloud to document sharing. See [Owncloud Chart](https://github.com/redhat-cop/helm-charts/tree/master/charts/owncloud) for more info. 23 | - Microcks - Deploy Microcks an open source Kubernetes Native tool for API Mocking and Testing. See [Microcks Kustomize](https://github.com/rht-labs/refactored-adventure) for more info. 24 | 25 | ## What it's not...🤷🏻‍♀️ 26 | 27 | A collection of different ways to do the same things ie we have taken one tool for one task approach. 28 | For example - Nexus is being used for artifact management. Some teams may use Artifactory, and it should be easily swapped out but we are not demonstrating more than one way to do binary management in this suite of tools. 29 | 30 | ## Dashboard 📃 31 | 32 | The [Developer Experience Dashboard](https://github.com/rht-labs/dev-ex-dashboard) is deployed but requires a `ConfigMap` to be generated once all of the applications have been deployed. For now run this script to generate the config map in the `labs-ci-cd` project: 33 | ```bash 34 | bash <(curl -s https://raw.githubusercontent.com/rht-labs/dev-ex-dashboard/master/regenerate-config-map.sh) 35 | ``` -------------------------------------------------------------------------------- /force-delete-application-cr.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | if [ -z ${1} ]; then 3 | echo "\n🤥 No namespace found, please pass this script it otherwise ALL ARGO APP CRs will be deleted 🤥 eg: \n\n./force-delete-application-cr.sh labs-ci-cd \n" 4 | exit -1 5 | fi 6 | 7 | OC_TOKEN="${TOKEN:-$(oc whoami -t)}" 8 | OC_REST_API_URL="${REST_API_URL:-$(oc whoami --show-server)}" 9 | OC_NAMESPACE=$1 10 | 11 | if [ -z ${OC_TOKEN} ]; then 12 | echo "\n👻 Please Login to OpenShift ... 👻\n" 13 | exit -1 14 | fi 15 | 16 | echo "👾 Using: ${OC_REST_API_URL} and ${OC_NAMESPACE} namespace 👾" 17 | 18 | APPLICATIONS=$(curl --insecure --silent -H "Content-Type: application/json" -H "Authorization: Bearer ${OC_TOKEN}" ${OC_REST_API_URL}/apis/argoproj.io/v1alpha1/namespaces/${OC_NAMESPACE}/applications | jq -r '.items[].metadata.name') 19 | declare -a APPS_ARRAY=($APPLICATIONS) 20 | 21 | ## now loop through the above array 22 | counter=1 23 | echo "\n🐙🐙 List of Application CRs about to be deleted from ${OC_NAMESPACE}🗡🗡" 24 | 25 | for i in "${APPS_ARRAY[@]}" 26 | do 27 | echo "$counter - $i" 28 | let counter=counter+1 29 | done 30 | 31 | echo "\n💤💤 Sleeping for 3 seconds in case this was a mistake.... 💤💤" 32 | sleep 3 33 | echo "... Guess not ... 🙀😿\n" 34 | 35 | unameOut="$(uname -s)" 36 | case "${unameOut}" in 37 | Linux*) sedargs=-i;; 38 | Darwin*) sedargs='-i "" -e';; 39 | *) echo "not on Linux or Mac ?" && exit -1 40 | esac 41 | 42 | for app in "${APPS_ARRAY[@]}" 43 | do 44 | echo "\n🐙🗡 Kill -9 ${app}" 45 | curl --insecure --silent -H "Content-Type: application/json" -H "Authorization: Bearer ${OC_TOKEN}" \ 46 | ${OC_REST_API_URL}/apis/argoproj.io/v1alpha1/namespaces/${OC_NAMESPACE}/applications/${app} | jq '.' > ${app}-delete.json 47 | echo sed $sedargs "s#\\\"resources-finalizer.argocd.argoproj.io\\\"##g" ${app}-delete.json | sh 48 | deleted=$(curl --insecure --silent -H "Content-Type: application/json" -H "Authorization: Bearer ${OC_TOKEN}" \ 49 | -X PUT --data-binary @${app}-delete.json \ 50 | ${OC_REST_API_URL}/apis/argoproj.io/v1alpha1/namespaces/${OC_NAMESPACE}/applications/${app} | jq -r '.metadata.name') 51 | echo "☠💀 deleted: ${deleted} 💀☠️" 52 | rm ${app}-delete.json 53 | done 54 | -------------------------------------------------------------------------------- /patch-gitops-operator.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # ./patch-gitops-operator.sh $argocd_ns 3 | 4 | if [ -z ${1} ]; then 5 | echo "🤥 No namespace specified - please set one 🤥 " 6 | echo "./patch-gitops-operator.sh \$argocd_ns" 7 | echo "For example:" 8 | echo "./patch-gitops-operator.sh labs-ci-cd" 9 | exit -1 10 | fi 11 | 12 | export ARGOCD_NAMESPACE=${1} 13 | 14 | run() 15 | { 16 | NS=$(oc get subscription/openshift-gitops-operator -n openshift-operators \ 17 | -o jsonpath='{.spec.config.env[?(@.name=="ARGOCD_CLUSTER_CONFIG_NAMESPACES")].value}') 18 | if [ -z $NS ]; then 19 | NS="${ARGOCD_NAMESPACE}" 20 | elif [[ "$NS" =~ .*"${ARGOCD_NAMESPACE}".* ]]; then 21 | echo "${ARGOCD_NAMESPACE} already added." 22 | return 23 | else 24 | NS="${ARGOCD_NAMESPACE},${NS}" 25 | fi 26 | oc -n openshift-operators patch subscription/openshift-gitops-operator --type=json \ 27 | -p '[{"op":"replace","path":"/spec/config/env/1","value":{"name": "ARGOCD_CLUSTER_CONFIG_NAMESPACES", "value":"'${NS}'"}}]' 28 | echo "EnvVar set to: $(oc get subscription/openshift-gitops-operator -n openshift-operators \ 29 | -o jsonpath='{.spec.config.env[?(@.name=="ARGOCD_CLUSTER_CONFIG_NAMESPACES")].value}')" 30 | } 31 | run -------------------------------------------------------------------------------- /pet-battle/stage/values.yaml: -------------------------------------------------------------------------------- 1 | release: "stage" 2 | source: "http://nexus:8081/repository/helm-charts/" 3 | 4 | ############## 5 | # Argo Apps declaration 6 | ############# 7 | applications: 8 | # Keycloak 9 | 10 | # Pet Battle Apps 11 | -------------------------------------------------------------------------------- /pet-battle/test/values.yaml: -------------------------------------------------------------------------------- 1 | release: "test" 2 | source: "http://nexus:8081/repository/helm-charts/" 3 | 4 | ############## 5 | # Argo Apps declaration 6 | ############# 7 | applications: 8 | # Keycloak 9 | keycloak: 10 | name: keycloak 11 | enabled: true 12 | source: https://github.com/petbattle/pet-battle-infra 13 | source_ref: main 14 | source_path: keycloak 15 | values: 16 | app_domain: apps.openshift-498-bd8hw.do500.redhatlabs.dev 17 | 18 | # Pet Battle API 19 | pet-battle-api: 20 | name: pet-battle-api 21 | enabled: true 22 | source: https://petbattle.github.io/helm-charts # http://nexus:8081/repository/helm-charts 23 | chart_name: pet-battle-api 24 | source_ref: 1.1.1 # helm chart version 25 | values: 26 | # hpa: 27 | # enabled: false 28 | image_name: pet-battle-api 29 | image_version: latest # container image version 30 | 31 | # Pet Battle Frontend 32 | pet-battle: 33 | name: pet-battle 34 | enabled: true 35 | source: https://petbattle.github.io/helm-charts # http://nexus:8081/repository/helm-charts 36 | chart_name: pet-battle 37 | source_ref: 1.0.6 # helm chart version 38 | values: 39 | image_version: latest # container image version 40 | config_map: '{ 41 | "catsUrl": "https://pet-battle-api-labs-test.apps.openshift-498-bd8hw.do500.redhatlabs.dev", 42 | "tournamentsUrl": "https://pet-battle-tournament-labs-test.apps.openshift-498-bd8hw.do500.redhatlabs.dev", 43 | "matomoUrl": "https://matomo-labs-ci-cd.apps.openshift-498-bd8hw.do500.redhatlabs.dev/", 44 | "keycloak": { 45 | "url": "https://keycloak-labs-test.apps.openshift-498-bd8hw.do500.redhatlabs.dev/auth/", 46 | "realm": "pbrealm", 47 | "clientId": "pbclient", 48 | "redirectUri": "http://localhost:4200/tournament", 49 | "enableLogging": true 50 | } 51 | }' 52 | -------------------------------------------------------------------------------- /set-namespace.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # ./set-namespace.sh $ci_cd_ns $dev_ns $test_ns $staging_ns 3 | 4 | if [ -z ${1} ] || [ -z ${2} ] || [ -z ${3} ] || [ -z ${4} ]; then 5 | echo "🤥 No namespaces specified - please set them 🤥 " 6 | echo "./set-namespace.sh \$ci_cd_ns \$dev_ns \$test_ns \$staging_ns \$projectmanagement_ns \$cluser_ops_ns" 7 | echo "For example:" 8 | echo "./set-namespace.sh my-ci-cd my-dev my-test my-staging my-pm my-cluster-ops" 9 | exit -1 10 | fi 11 | 12 | unameOut="$(uname -s)" 13 | case "${unameOut}" in 14 | Linux*) sedargs=-i;; 15 | Darwin*) sedargs='-i "" -e';; 16 | *) echo "not on Linux or Mac ?" && exit -1 17 | esac 18 | 19 | # 🤷‍♀️ bash does stupid things with $sedargs and add escape chars no matter how you set the -i ''  🤷‍♀️ 20 | # hence the echo commmand pipe sh to strip it out 21 | 22 | echo sed $sedargs "s#\\\"labs-ci-cd\\\"#\\\"${1}\\\"#g" bootstrap/values-bootstrap.yaml | sh 23 | echo sed $sedargs "s#\\\"labs-dev\\\"#\\\"${2}\\\"#g" bootstrap/values-bootstrap.yaml | sh 24 | echo sed $sedargs "s#\\\"labs-test\\\"#\\\"${3}\\\"#g" bootstrap/values-bootstrap.yaml | sh 25 | echo sed $sedargs "s#\\\"labs-staging\\\"#\\\"${4}\\\"#g" bootstrap/values-bootstrap.yaml | sh 26 | echo sed $sedargs "s#\\\"labs-pm\\\"#\\\"${5}\\\"#g" bootstrap/values-bootstrap.yaml | sh 27 | echo sed $sedargs "s#\\\"labs-cluster-ops\\\"#\\\"${6}\\\"#g" bootstrap/values-bootstrap.yaml | sh 28 | 29 | echo sed $sedargs "s#labs-test#${2}#g" example-deployment/values-applications.yaml | sh 30 | 31 | echo sed $sedargs "s#labs-ci-cd#${1}#g" ubiquitous-journey/values-tooling.yaml | sh 32 | 33 | echo sed $sedargs "s#labs-ci-cd#${1}#g" ubiquitous-journey/values-extratooling.yaml | sh 34 | echo sed $sedargs "s#labs-pmd#${5}#g" ubiquitous-journey/values-extratooling.yaml | sh 35 | 36 | echo sed $sedargs "s#labs-cluster-ops#${6}#g" ubiquitous-journey/values-day2ops.yaml | sh 37 | 38 | echo sed $sedargs "s#labs-ci-cd#${1}#g" argo-app-of-apps.yaml | sh 39 | 40 | echo "🐙 All done - happy helming 🐙" 41 | -------------------------------------------------------------------------------- /templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | 3 | {{- define "platform" -}} 4 | {{- end -}} 5 | -------------------------------------------------------------------------------- /templates/argo-application.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.applications }} 2 | {{- $release := .Values.release }} 3 | {{- $source := .Values.source }} 4 | {{- $team := .Values.team }} 5 | {{- range $app := .Values.applications }} 6 | {{- if $app.source }} 7 | {{- $source = $app.source }} 8 | {{- end }} 9 | {{- if $app.enabled }} 10 | --- 11 | apiVersion: argoproj.io/v1alpha1 12 | kind: Application 13 | metadata: 14 | finalizers: 15 | - resources-finalizer.argocd.argoproj.io 16 | {{- if or (eq $release "ci-cd") (eq $release "cluster-ops") (eq $release "pm") }} 17 | name: {{ .name }} 18 | {{- else }} 19 | name: {{ $release }}-{{ .name }} 20 | {{- end }} 21 | labels: 22 | {{- if .values }} 23 | {{- if .values.fullnameOverride }} 24 | {{- if contains .values.fullnameOverride .name }} 25 | app.kubernetes.io/instance: {{ .values.fullnameOverride }} 26 | {{- end }} 27 | {{- else }} 28 | app.kubernetes.io/instance: {{ .name }} 29 | {{- end }} 30 | {{- end }} 31 | spec: 32 | destination: 33 | namespace: {{ .destination | default (printf "%s-%s" $team $release) }} 34 | server: {{ .cluster_api | default "https://kubernetes.default.svc" }} 35 | project: {{ .project | default "default" }} 36 | source: 37 | {{- if or .helm_values .values }} 38 | helm: 39 | {{- if .helm_values }} 40 | valueFiles: 41 | {{- toYaml .helm_values | nindent 8 }} 42 | {{- end }} 43 | {{- if .values }} 44 | values: | 45 | {{- toYaml .values | nindent 8 }} 46 | {{- end }} 47 | {{- end }} 48 | {{- if .source_path }} 49 | path: {{ .source_path | default "." }} 50 | {{- end }} 51 | repoURL: {{ $source }} 52 | targetRevision: {{ .source_ref | default "main" | quote }} 53 | {{- if not .source_path }} 54 | chart: {{ .chart_name | default .name }} 55 | {{- end }} 56 | syncPolicy: 57 | automated: 58 | prune: true 59 | selfHeal: true 60 | syncOptions: 61 | - Validate=true 62 | ignoreDifferences: 63 | - group: apps.openshift.io 64 | kind: DeploymentConfig 65 | jsonPointers: 66 | - /spec/replicas 67 | - /spec/template/spec/containers/0/image 68 | - /spec/triggers/0/imageChangeParams/lastTriggeredImage 69 | - /spec/triggers/1/imageChangeParams/lastTriggeredImage 70 | - /spec/template/metadata/annotations/rollme 71 | - group: apps 72 | kind: Deployment 73 | jsonPointers: 74 | - /spec/replicas 75 | - /spec/template/spec/containers/0/image 76 | - /spec/template/spec/containers/1/image 77 | - group: build.openshift.io 78 | kind: BuildConfig 79 | jsonPointers: 80 | - /spec/triggers 81 | - group: route.openshift.io 82 | kind: Route 83 | jsonPointers: 84 | - /status/ingress 85 | - /spec/host 86 | - group: integreatly.org 87 | kind: GrafanaDataSource 88 | jsonPointers: 89 | - /spec/datasources/0/secureJsonData/httpHeaderValue1 90 | {{- end }} 91 | {{- end }} 92 | {{- end }} 93 | -------------------------------------------------------------------------------- /templates/argo-project.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.argocd_projects }} 2 | {{- range $project := .Values.argocd_projects }} 3 | {{- if $project.enabled }} 4 | 5 | --- 6 | apiVersion: argoproj.io/v1alpha1 7 | kind: AppProject 8 | metadata: 9 | creationTimestamp: null 10 | labels: 11 | app: {{ $project.name }} 12 | name: {{ $project.name }} 13 | spec: 14 | sourceRepos: 15 | - '*' 16 | {{- if $project.destinations }} 17 | destinations: 18 | {{- toYaml $project.destinations | nindent 2 }} 19 | {{- end }} 20 | 21 | {{- end }} 22 | {{- end }} 23 | {{- end }} -------------------------------------------------------------------------------- /ubiquitous-journey/values-day2ops.yaml: -------------------------------------------------------------------------------- 1 | release: "cluster-ops" 2 | 3 | applications: 4 | # Prune OpenShift Images 5 | - name: prune-images 6 | enabled: true 7 | source: https://github.com/redhat-cop/openshift-management.git 8 | source_path: charts/cronjob-prune-images/ 9 | source_ref: "v3.11.8" 10 | values: 11 | namespace: *ops_ns 12 | # Prune OpenShift Builds 13 | - name: prune-builds 14 | enabled: true 15 | source: https://github.com/redhat-cop/openshift-management.git 16 | source_path: charts/cronjob-prune-builds-deployments/ 17 | source_ref: "master" 18 | values: 19 | namespace: *ops_ns 20 | prune_type: builds 21 | # Prune OpenShift Deployments 22 | - name: prune-deployments 23 | enabled: true 24 | source: https://github.com/redhat-cop/openshift-management.git 25 | source_path: charts/cronjob-prune-builds-deployments/ 26 | source_ref: "master" 27 | values: 28 | namespace: *ops_ns 29 | prune_type: deployments 30 | 31 | # Network Policies for Emulating Multitenancy 32 | - name: network-policy 33 | enabled: false 34 | source: https://github.com/redhat-cop/helm-charts.git 35 | source_ref: "networkpolicy-1.0.0" 36 | 37 | -------------------------------------------------------------------------------- /ubiquitous-journey/values-extratooling.yaml: -------------------------------------------------------------------------------- 1 | release: "pm" 2 | 3 | applications: 4 | # Wekan 5 | - name: wekan 6 | enabled: true 7 | source: https://github.com/wekan/wekan.git 8 | source_path: helm/wekan 9 | source_ref: "v4.41" 10 | values: 11 | service: 12 | type: ClusterIP 13 | autoscaling: 14 | enabled: false 15 | mongodb-replicaset: 16 | replicas: 1 17 | securityContext: 18 | runAsUser: "" 19 | fsGroup: "" 20 | ingress: 21 | enabled: false 22 | route: 23 | enabled: true 24 | # Mattermost 25 | - name: mattermost 26 | enabled: true 27 | source: https://github.com/mattermost/mattermost-helm.git 28 | source_path: charts/mattermost-team-edition 29 | source_ref: "mattermost-team-edition-3.16.0" 30 | values: 31 | route: 32 | enabled: true 33 | mysql: 34 | mysqlRootPassword: "mysqlpass" 35 | mysqlUser: "mattermost" 36 | mysqlPassword: "matterpass" 37 | # Etherpad 38 | - name: etherpad 39 | enabled: true 40 | source: https://github.com/redhat-cop/helm-charts.git 41 | source_path: charts/etherpad 42 | source_ref: "etherpad-0.0.7" 43 | 44 | # Owncloud 45 | - name: owncloud 46 | enabled: true 47 | source: https://github.com/redhat-cop/helm-charts.git 48 | source_path: charts/owncloud 49 | source_ref: "owncloud-0.0.2" 50 | values: 51 | route: 52 | enabled: true 53 | hostname: owncloud.apps.hivec.sandbox1559.opentlc.com 54 | ignore_differences: 55 | - group: apps.openshift.io 56 | kind: DeploymentConfig 57 | jsonPointers: 58 | - /spec/template/spec/containers/0/image 59 | - /spec/triggers/0/imageChangeParams/lastTriggeredImage 60 | 61 | # Hashicorp Vault 62 | - name: vault 63 | enabled: true 64 | source: https://github.com/hashicorp/vault-helm.git 65 | source_path: . 66 | source_ref: "v0.7.0" 67 | values: 68 | global: 69 | tlsDisable: false 70 | openshift: true 71 | injector: 72 | enabled: false 73 | route: 74 | enabled: true 75 | host: '""' 76 | server: 77 | service: 78 | annotations: 79 | service.beta.openshift.io/serving-cert-secret-name: vault-tls 80 | extraVolumes: 81 | - type: secret 82 | name: vault-tls 83 | standalone: 84 | config: | 85 | ui = true 86 | listener "tcp" { 87 | address = "[::]:8200" 88 | cluster_address = "[::]:8201" 89 | tls_cert_file = "/vault/userconfig/vault-tls/tls.crt" 90 | tls_key_file = "/vault/userconfig/vault-tls/tls.key" 91 | } 92 | storage "file" { 93 | path = "/vault/data" 94 | } 95 | -------------------------------------------------------------------------------- /ubiquitous-journey/values-tooling.yaml: -------------------------------------------------------------------------------- 1 | 2 | # gloabl vars 3 | ci_cd_namespace: &ci_cd "labs-ci-cd" 4 | pm_namespace: &pm "labs-pm" 5 | ops_namespace: &ops "labs-cluster-ops" 6 | dev_namespace: &dev "labs-dev" 7 | test_namespace: &test "labs-test" 8 | staging_namespace: &stage "labs-staging" 9 | 10 | # App of applications list 11 | applications: 12 | # Bootstrap Project 13 | - name: bootstrap 14 | enabled: true 15 | source: https://redhat-cop.github.io/helm-charts 16 | chart_name: bootstrap-project 17 | source_ref: "1.0.1" 18 | values: 19 | bindings: &binds # this labs-devs is the GROUP NAME in IDM 20 | - name: labs-devs 21 | kind: Group 22 | role: edit 23 | # this labs-admins is the GROUP NAME in IDM 24 | - name: labs-admins 25 | kind: Group 26 | role: admin 27 | - name: jenkins 28 | kind: ServiceAccount 29 | role: admin 30 | namespace: *ci_cd 31 | namespaces: 32 | - name: *ci_cd 33 | bindings: *binds 34 | operatorgroup: false 35 | - name: *dev 36 | bindings: *binds 37 | operatorgroup: true 38 | - name: *test 39 | bindings: *binds 40 | operatorgroup: true 41 | - name: *stage 42 | bindings: *binds 43 | operatorgroup: true 44 | # optional extra namespaces for cluster ops and PM tools 45 | - name: *pm 46 | bindings: *binds 47 | operatorgroup: false 48 | - name: *ops 49 | bindings: *binds 50 | operatorgroup: false 51 | 52 | # Jenkins 53 | - name: jenkins 54 | enabled: true 55 | source: https://github.com/redhat-cop/helm-charts.git 56 | source_path: charts/jenkins 57 | source_ref: "jenkins-1.0.7" 58 | values: 59 | persistence: false 60 | source_secrets: 61 | - name: nexus-password 62 | username: admin 63 | password: admin123 64 | 65 | # Nexus 66 | - name: nexus 67 | enabled: true 68 | source: https://redhat-cop.github.io/helm-charts 69 | chart_name: sonatype-nexus 70 | source_ref: "1.1.4" 71 | values: 72 | service: 73 | name: nexus 74 | 75 | # Sealed Secrets Controller 76 | # Note you can only have one of these per cluster so be careful 77 | - name: sealed-secrets-controller 78 | enabled: true 79 | chart_name: sealed-secrets 80 | source: https://bitnami-labs.github.io/sealed-secrets 81 | source_ref: "2.1.6" 82 | values: 83 | nameOverride: sealed-secrets 84 | fullnameOverride: sealed-secrets 85 | # namespace must exist, so we use labs-ci-cd by default. 86 | namespace: *ci_cd 87 | # Dont touch the security context values, deployment will fail in OpenShift otherwise. 88 | podSecurityContext: 89 | fsGroup: 90 | containerSecurityContext: 91 | runAsUser: 92 | commandArgs: 93 | - "--update-status=true" 94 | 95 | 96 | # Sealed Secrets 97 | # example of an actual secret ... 98 | - name: sealed-secrets 99 | enabled: false 100 | source: https://redhat-cop.github.io/helm-charts 101 | chart_name: helper-sealed-secrets 102 | source_ref: "1.0.3" 103 | values: 104 | secrets: 105 | # Additional secrets can be appended to this list. See the docs for generating the Sealed Secret 106 | - name: git-auth 107 | type: kubernetes.io/basic-auth 108 | annotations: 109 | tekton.dev/git-0: https:// 110 | labels: 111 | credential.sync.jenkins.openshift.io: "true" 112 | data: 113 | username: 114 | password: 115 | 116 | # Sonarqube 117 | - name: sonarqube 118 | enabled: true 119 | source: https://redhat-cop.github.io/helm-charts 120 | chart_name: sonarqube 121 | source_ref: "0.1.0" 122 | values: 123 | # if integrating into an existing sealed secret or other cluster secret 124 | # account: 125 | # existingSecret: sonarqube-auth 126 | initContainers: true 127 | plugins: 128 | install: 129 | - https://github.com/checkstyle/sonar-checkstyle/releases/download/8.40/checkstyle-sonar-plugin-8.40.jar 130 | - https://github.com/dependency-check/dependency-check-sonar-plugin/releases/download/2.0.8/sonar-dependency-check-plugin-2.0.8.jar 131 | 132 | 133 | # CodeReady Workspaces 134 | - name: crw 135 | enabled: true 136 | destination: crw 137 | source: https://github.com/rht-labs/refactored-adventure 138 | source_path: crw/base 139 | source_ref: master 140 | 141 | # Allure 142 | 143 | # Zalenium 144 | - name: zalenium 145 | enabled: true 146 | source: https://github.com/zalando/zalenium.git 147 | source_path: charts/zalenium 148 | source_ref: "master" 149 | values: 150 | hub: 151 | serviceType: ClusterIP 152 | openshift: 153 | deploymentConfig: 154 | enabled: true 155 | route: 156 | enabled: true 157 | tls: 158 | termination: edge 159 | insecureEdgeTerminationPolicy: Redirect 160 | persistence: 161 | enabled: false 162 | serviceAccount: 163 | create: false 164 | desiredContainers: 0 165 | podAnnotations: 166 | app: zalenium 167 | 168 | # Pact-broker 169 | - name: pact-broker 170 | enabled: true 171 | source: https://redhat-cop.github.io/helm-charts 172 | source_ref: "0.0.8" 173 | values: 174 | # update the passwords :) 175 | 176 | # Hoverfly 177 | - name: hoverfly 178 | enabled: true 179 | source: https://github.com/helm/charts.git 180 | source_path: incubator/hoverfly 181 | source_ref: "master" 182 | values: 183 | image: 184 | tag: v1.3.3 185 | openshift: 186 | route: 187 | admin: 188 | enabled: true 189 | hostname: '' 190 | proxy: 191 | enabled: true 192 | hostname: '' 193 | 194 | ########################################### 195 | # 🐌 Apps here are disabled by default 🐌 # 196 | ########################################### 197 | 198 | # Microcks 199 | - name: microcks 200 | enabled: false 201 | destination: microcks 202 | source: https://github.com/rht-labs/refactored-adventure 203 | source_path: microcks/base 204 | source_ref: master 205 | 206 | # Pelorus-operators 207 | - name: pelorus-operators 208 | enabled: false 209 | source: https://github.com/konveyor/pelorus.git 210 | source_path: charts/operators 211 | source_ref: master 212 | 213 | # Pelorus 214 | - name: pelorus 215 | enabled: false 216 | source: https://github.com/konveyor/pelorus.git 217 | source_path: charts/pelorus 218 | source_ref: master 219 | values: 220 | openshift_prometheus_htpasswd_auth: internal:{SHA}TIYUhgUHdhYp1zfn3WRbwAxr478= 221 | openshift_prometheus_basic_auth_pass: thisisdefinitelynotmypassword 222 | -------------------------------------------------------------------------------- /values.yaml: -------------------------------------------------------------------------------- 1 | # Tell ArgoCD where to find the ubiquitous-journey project 2 | source: https://github.com/rht-labs/ubiquitous-journey.git 3 | team: labs 4 | release: ci-cd 5 | 6 | applications: 7 | # Tooling to support CI/CD 8 | - name: ubiquitous-journey 9 | enabled: true 10 | source_path: "." 11 | helm_values: 12 | - ubiquitous-journey/values-tooling.yaml 13 | 14 | # Test app of app 15 | - name: test-app-of-pb 16 | enabled: true 17 | source_path: "." 18 | helm_values: 19 | - pet-battle/test/values.yaml 20 | 21 | 22 | ########################################### 23 | # 🐌 Apps here are disabled by default 🐌 # 24 | ########################################### 25 | 26 | # Staging App of Apps for Pet Battle 27 | - name: staging-app-of-pb 28 | enabled: false 29 | source_path: "." 30 | helm_values: 31 | - pet-battle/stage/values.yaml 32 | 33 | # Extra tooling such as task management and chat apps 34 | - name: ubiquitous-journey-extra 35 | enabled: false 36 | source_path: "." 37 | helm_values: 38 | - ubiquitous-journey/values-extratooling.yaml 39 | 40 | # Extra tooling such as task management and chat apps 41 | - name: uj-extras 42 | enabled: false 43 | source_path: "." 44 | helm_values: 45 | - ubiquitous-journey/values-day2ops.yaml 46 | 47 | # Extra Ops tasks such as image pruning and network policy 48 | - name: uj-day2ops 49 | enabled: false 50 | source_path: "." 51 | helm_values: 52 | - ubiquitous-journey/values-day2ops.yaml 53 | --------------------------------------------------------------------------------