├── .DS_Store ├── .gitignore ├── README.md ├── apps-kustomize.yaml ├── apps-manual.yaml ├── apps.yaml ├── argo-cd ├── base │ ├── ingress.yaml │ ├── ingress_patch.json │ ├── kustomization.yaml │ └── namespace.yaml └── overlays │ └── production │ ├── kustomization.yaml │ └── server.yaml ├── argo-events ├── base │ ├── argo-events-sa.yaml │ ├── event-bus.yaml │ ├── event-source-github.yaml │ ├── kustomization.yaml │ └── namespace.yaml └── overlays │ └── production │ └── kustomization.yaml ├── argo-workflows ├── base │ ├── config.yaml │ ├── ingress.yaml │ ├── ingress_patch.json │ ├── kustomization.yaml │ ├── namespace.yaml │ └── rbac.yaml └── overlays │ ├── production │ ├── ingress_patch.json │ └── kustomization.yaml │ └── workflows │ ├── kustomization.yaml │ ├── namespace.yaml │ └── rbac.yaml ├── argocd ├── apps.yaml └── codefresh.yml ├── codefresh └── create-cluster.yaml ├── helm ├── Chart.yaml └── templates │ ├── devops-paradox.yaml │ └── devops-toolkit.yaml ├── kustomize └── dummy ├── orig ├── apps.yaml ├── argo-cd-kustomize.yaml ├── argo-events-kustomize.yaml ├── argo-eventsource-github.yaml ├── argo-rollouts.yaml ├── argo-workflows-demo-sensor.yaml ├── argo-workflows-kustomize.yaml ├── argo-workflows-templates.yaml ├── argocd-pipeline.yaml ├── create-cluster.yaml ├── devops-toolkit-rollouts.yaml ├── prometheus.yaml └── sealed-secrets.yaml ├── project.yaml └── sealed-secrets └── controller.yaml /.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vfarcic/argocd-production/baabfa91a5808ed7b0feda3fd88b937dc1a55390/.DS_Store -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | /creds 2 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Argo CD Sample Repo 2 | 3 | Used in: 4 | * [The DevOps Toolkit: Catalog, Patterns, And Blueprints](https://www.devopstoolkitseries.com/posts/catalog/) course and book 5 | * [Kustomize - How to Simplify Kubernetes Configuration Management](https://youtu.be/Twtbg6LFnAg) 6 | * [Argo Workflows and Pipelines - CI/CD, Machine Learning, and Other Kubernetes Workflows](https://youtu.be/UMaivwrAyTA) 7 | -------------------------------------------------------------------------------- /apps-kustomize.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: production 5 | namespace: argocd 6 | finalizers: 7 | - resources-finalizer.argocd.argoproj.io 8 | spec: 9 | project: production 10 | source: 11 | repoURL: https://github.com/vfarcic/argocd-production.git 12 | targetRevision: HEAD 13 | path: kustomize 14 | destination: 15 | server: https://kubernetes.default.svc 16 | namespace: argo 17 | syncPolicy: 18 | automated: 19 | selfHeal: true 20 | prune: true 21 | 22 | -------------------------------------------------------------------------------- /apps-manual.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: production 5 | namespace: argocd 6 | finalizers: 7 | - resources-finalizer.argocd.argoproj.io 8 | spec: 9 | project: production 10 | source: 11 | repoURL: https://github.com/vfarcic/argocd-production.git 12 | targetRevision: HEAD 13 | path: helm 14 | destination: 15 | server: https://kubernetes.default.svc 16 | namespace: production 17 | -------------------------------------------------------------------------------- /apps.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: production 5 | namespace: argocd 6 | finalizers: 7 | - resources-finalizer.argocd.argoproj.io 8 | spec: 9 | project: production 10 | source: 11 | repoURL: https://github.com/vfarcic/argocd-production.git 12 | targetRevision: HEAD 13 | path: helm 14 | destination: 15 | server: https://kubernetes.default.svc 16 | namespace: production 17 | syncPolicy: 18 | automated: 19 | selfHeal: true 20 | prune: true 21 | syncOptions: 22 | - CreateNamespace=true 23 | 24 | -------------------------------------------------------------------------------- /argo-cd/base/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: argocd-server 5 | annotations: 6 | ingress.kubernetes.io/ssl-redirect: "false" 7 | nginx.ingress.kubernetes.io/ssl-redirect: "false" 8 | ingress.kubernetes.io/rewrite-target: / 9 | nginx.ingress.kubernetes.io/rewrite-target: / 10 | spec: 11 | rules: 12 | - http: 13 | paths: 14 | - path: / 15 | pathType: ImplementationSpecific 16 | backend: 17 | service: 18 | name: argocd-server 19 | port: 20 | number: 80 21 | host: acme.com 22 | 23 | -------------------------------------------------------------------------------- /argo-cd/base/ingress_patch.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "op": "replace", 4 | "path": "/spec/rules/0/host", 5 | "value": "acme.com" 6 | } 7 | ] 8 | -------------------------------------------------------------------------------- /argo-cd/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - namespace.yaml 5 | - github.com/argoproj/argo-cd/manifests/crds 6 | - github.com/argoproj/argo-cd/manifests/base/application-controller 7 | - github.com/argoproj/argo-cd/manifests/base/dex 8 | - github.com/argoproj/argo-cd/manifests/base/repo-server 9 | - github.com/argoproj/argo-cd/manifests/base/server 10 | - github.com/argoproj/argo-cd/manifests/base/config 11 | - github.com/argoproj/argo-cd/manifests/base/redis 12 | - github.com/argoproj/argo-cd/manifests/cluster-rbac 13 | - ingress.yaml 14 | namespace: argocd 15 | -------------------------------------------------------------------------------- /argo-cd/base/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: argocd 7 | 8 | -------------------------------------------------------------------------------- /argo-cd/overlays/production/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../../base 5 | patches: 6 | - path: ingress_patch.json 7 | target: 8 | group: networking.k8s.io 9 | version: v1 10 | kind: Ingress 11 | name: argocd-server 12 | patchesStrategicMerge: 13 | - server.yaml 14 | -------------------------------------------------------------------------------- /argo-cd/overlays/production/server.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: argocd-server 5 | spec: 6 | template: 7 | spec: 8 | containers: 9 | - name: argocd-server 10 | command: [argocd-server, --staticassets, /shared/app, --insecure] 11 | 12 | -------------------------------------------------------------------------------- /argo-events/base/argo-events-sa.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: argo-events-sa 5 | -------------------------------------------------------------------------------- /argo-events/base/event-bus.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: EventBus 3 | metadata: 4 | name: default 5 | spec: 6 | nats: 7 | native: 8 | replicas: 3 9 | auth: token 10 | 11 | -------------------------------------------------------------------------------- /argo-events/base/event-source-github.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: github-eventsource 5 | annotations: 6 | kubernetes.io/ingress.class: "nginx" 7 | ingress.kubernetes.io/ssl-redirect: "false" 8 | nginx.ingress.kubernetes.io/ssl-redirect: "false" 9 | spec: 10 | rules: 11 | - http: 12 | paths: 13 | - path: /push 14 | pathType: Prefix 15 | backend: 16 | service: 17 | name: webhook-eventsource-svc 18 | port: 19 | number: 12000 20 | host: acme.com 21 | 22 | -------------------------------------------------------------------------------- /argo-events/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - namespace.yaml 5 | - github.com/argoproj/argo-events/manifests/base/crds 6 | - argo-events-sa.yaml 7 | - github.com/argoproj/argo-events/manifests/base/eventsource-controller 8 | - github.com/argoproj/argo-events/manifests/base/sensor-controller 9 | - github.com/argoproj/argo-events/manifests/base/eventbus-controller 10 | - github.com/argoproj/argo-events/manifests/cluster-install/rbac 11 | - event-bus.yaml 12 | namespace: argo-events 13 | 14 | -------------------------------------------------------------------------------- /argo-events/base/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: argo-events 7 | 8 | -------------------------------------------------------------------------------- /argo-events/overlays/production/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../../base 5 | namespace: argo-events -------------------------------------------------------------------------------- /argo-workflows/base/config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: workflow-controller-configmap 5 | data: 6 | config: | 7 | containerRuntimeExecutor: k8sapi 8 | -------------------------------------------------------------------------------- /argo-workflows/base/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: argo-server 5 | annotations: 6 | kubernetes.io/ingress.class: "nginx" 7 | ingress.kubernetes.io/ssl-redirect: "false" 8 | nginx.ingress.kubernetes.io/ssl-redirect: "false" 9 | spec: 10 | rules: 11 | - http: 12 | paths: 13 | - path: / 14 | pathType: Prefix 15 | backend: 16 | service: 17 | name: argo-server 18 | port: 19 | number: 2746 20 | host: acme.com 21 | 22 | -------------------------------------------------------------------------------- /argo-workflows/base/ingress_patch.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "op": "replace", 4 | "path": "/spec/rules/0/host", 5 | "value": "acme.com" 6 | } 7 | ] 8 | -------------------------------------------------------------------------------- /argo-workflows/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - namespace.yaml 5 | - github.com/argoproj/argo-workflows/manifests/base 6 | - github.com/argoproj/argo-workflows/manifests/cluster-install/workflow-controller-rbac 7 | - github.com/argoproj/argo-workflows/manifests/cluster-install/argo-server-rbac 8 | - ingress.yaml 9 | patchesStrategicMerge: 10 | - config.yaml 11 | namespace: argo 12 | -------------------------------------------------------------------------------- /argo-workflows/base/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: argo 7 | 8 | -------------------------------------------------------------------------------- /argo-workflows/base/rbac.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | name: workflow 7 | 8 | --- 9 | 10 | apiVersion: rbac.authorization.k8s.io/v1 11 | kind: RoleBinding 12 | metadata: 13 | name: workflow 14 | roleRef: 15 | apiGroup: rbac.authorization.k8s.io 16 | kind: Role 17 | name: workflow 18 | subjects: 19 | - kind: ServiceAccount 20 | name: workflow 21 | 22 | --- 23 | 24 | apiVersion: rbac.authorization.k8s.io/v1 25 | kind: Role 26 | metadata: 27 | name: workflow 28 | rules: 29 | - apiGroups: 30 | - "" 31 | resources: 32 | - pods 33 | verbs: 34 | - get 35 | - watch 36 | - patch 37 | - apiGroups: 38 | - "" 39 | resources: 40 | - pods/log 41 | verbs: 42 | - get 43 | - watch 44 | - apiGroups: 45 | - argoproj.io 46 | resources: 47 | - workflows 48 | verbs: 49 | - create 50 | - get 51 | 52 | -------------------------------------------------------------------------------- /argo-workflows/overlays/production/ingress_patch.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "op": "replace", 4 | "path": "/spec/rules/0/host", 5 | "value": "argo-workflows.192.168.64.2.nip.io" 6 | } 7 | ] 8 | -------------------------------------------------------------------------------- /argo-workflows/overlays/production/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../../base 5 | - ../workflows 6 | patches: 7 | - path: ingress_patch.json 8 | target: 9 | group: networking.k8s.io 10 | version: v1 11 | kind: Ingress 12 | name: argo-server 13 | -------------------------------------------------------------------------------- /argo-workflows/overlays/workflows/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - namespace.yaml 5 | - rbac.yaml 6 | namespace: workflows 7 | -------------------------------------------------------------------------------- /argo-workflows/overlays/workflows/namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: workflows 5 | 6 | -------------------------------------------------------------------------------- /argo-workflows/overlays/workflows/rbac.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | name: workflow 7 | 8 | --- 9 | 10 | apiVersion: rbac.authorization.k8s.io/v1 11 | kind: RoleBinding 12 | metadata: 13 | name: workflow 14 | roleRef: 15 | apiGroup: rbac.authorization.k8s.io 16 | kind: Role 17 | name: workflow 18 | subjects: 19 | - kind: ServiceAccount 20 | name: workflow 21 | 22 | --- 23 | 24 | apiVersion: rbac.authorization.k8s.io/v1 25 | kind: Role 26 | metadata: 27 | name: workflow 28 | rules: 29 | - apiGroups: 30 | - "" 31 | resources: 32 | - pods 33 | verbs: 34 | - get 35 | - watch 36 | - patch 37 | - apiGroups: 38 | - "" 39 | resources: 40 | - pods/log 41 | verbs: 42 | - get 43 | - watch 44 | - apiGroups: 45 | - argoproj.io 46 | resources: 47 | - workflows 48 | verbs: 49 | - create 50 | - get 51 | 52 | -------------------------------------------------------------------------------- /argocd/apps.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: production 7 | 8 | --- 9 | 10 | apiVersion: argoproj.io/v1alpha1 11 | kind: AppProject 12 | metadata: 13 | name: production 14 | namespace: argocd 15 | finalizers: 16 | - resources-finalizer.argocd.argoproj.io 17 | spec: 18 | description: Production project 19 | sourceRepos: 20 | - '*' 21 | destinations: 22 | - namespace: production 23 | server: https://kubernetes.default.svc 24 | - namespace: argocd 25 | server: https://kubernetes.default.svc 26 | clusterResourceWhitelist: 27 | - group: '' 28 | kind: Namespace 29 | namespaceResourceBlacklist: 30 | - group: '' 31 | kind: ResourceQuota 32 | - group: '' 33 | kind: LimitRange 34 | - group: '' 35 | kind: NetworkPolicy 36 | namespaceResourceWhitelist: 37 | - group: 'apps' 38 | kind: Deployment 39 | - group: 'apps' 40 | kind: StatefulSet 41 | - group: 'extensions/v1beta1' 42 | kind: Ingress 43 | - group: 'v1' 44 | kind: Service 45 | 46 | --- 47 | 48 | apiVersion: argoproj.io/v1alpha1 49 | kind: Application 50 | metadata: 51 | name: production 52 | namespace: argocd 53 | finalizers: 54 | - resources-finalizer.argocd.argoproj.io 55 | spec: 56 | project: production 57 | source: 58 | repoURL: https://github.com/vfarcic/argocd-production.git 59 | targetRevision: HEAD 60 | path: helm 61 | destination: 62 | server: https://kubernetes.default.svc 63 | namespace: production 64 | syncPolicy: 65 | automated: 66 | selfHeal: true 67 | prune: true 68 | 69 | -------------------------------------------------------------------------------- /argocd/codefresh.yml: -------------------------------------------------------------------------------- 1 | version: "1.0" 2 | kind: pipeline 3 | metadata: 4 | name: devops-catalog/argocd-production 5 | description: Argo CD production environment app 6 | project: devops-catalog 7 | spec: 8 | triggers: 9 | - type: git 10 | provider: github 11 | name: main 12 | repo: vfarcic/argocd-production 13 | events: 14 | - push 15 | branchRegex: /master/gi 16 | modifiedFilesGlob: "argocd/**" 17 | verified: true 18 | contexts: [] 19 | steps: 20 | main_clone: 21 | title: Cloning main repository 22 | type: git-clone 23 | repo: '${{CF_REPO_OWNER}}/${{CF_REPO_NAME}}' 24 | revision: '${{CF_REVISION}}' 25 | git: devops-catalog 26 | apply_env: 27 | title: Applying production environment 28 | image: codefresh/kubectl 29 | commands: 30 | - kubectl config use-context my-cluster 31 | - kubectl apply --filename argocd/apps.yaml 32 | stages: [] 33 | 34 | -------------------------------------------------------------------------------- /codefresh/create-cluster.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: codefresh 7 | 8 | --- 9 | 10 | kind: ClusterRole 11 | apiVersion: rbac.authorization.k8s.io/v1 12 | metadata: 13 | name: codefresh 14 | rules: 15 | - apiGroups: [ "*"] 16 | resources: ["*"] 17 | verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] 18 | 19 | --- 20 | 21 | apiVersion: v1 22 | kind: ServiceAccount 23 | metadata: 24 | name: codefresh 25 | namespace: codefresh 26 | 27 | --- 28 | 29 | apiVersion: rbac.authorization.k8s.io/v1 30 | kind: ClusterRoleBinding 31 | metadata: 32 | name: codefresh 33 | roleRef: 34 | apiGroup: rbac.authorization.k8s.io 35 | kind: ClusterRole 36 | name: codefresh 37 | subjects: 38 | - kind: ServiceAccount 39 | name: codefresh 40 | namespace: codefresh 41 | -------------------------------------------------------------------------------- /helm/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: Production environment 3 | name: devops-toolkit 4 | version: "0.1.0" 5 | -------------------------------------------------------------------------------- /helm/templates/devops-paradox.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: devops-paradox 5 | namespace: argocd 6 | finalizers: 7 | - resources-finalizer.argocd.argoproj.io 8 | spec: 9 | project: production 10 | source: 11 | path: helm 12 | repoURL: https://github.com/vfarcic/devops-paradox.git 13 | targetRevision: HEAD 14 | helm: 15 | values: | 16 | image: 17 | tag: latest 18 | ingress: 19 | host: devopsparadox.com 20 | version: v3 21 | destination: 22 | namespace: production 23 | server: https://kubernetes.default.svc 24 | syncPolicy: 25 | automated: 26 | selfHeal: true 27 | prune: true 28 | -------------------------------------------------------------------------------- /helm/templates/devops-toolkit.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: devops-toolkit 5 | namespace: argocd 6 | finalizers: 7 | - resources-finalizer.argocd.argoproj.io 8 | spec: 9 | project: production 10 | source: 11 | path: helm 12 | repoURL: https://github.com/vfarcic/devops-toolkit.git 13 | targetRevision: HEAD 14 | helm: 15 | values: | 16 | image: 17 | tag: latest 18 | ingress: 19 | host: devopstoolkitseries.com 20 | version: v3 21 | destination: 22 | namespace: production 23 | server: https://kubernetes.default.svc 24 | syncPolicy: 25 | automated: 26 | selfHeal: true 27 | prune: true 28 | 29 | -------------------------------------------------------------------------------- /kustomize/dummy: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vfarcic/argocd-production/baabfa91a5808ed7b0feda3fd88b937dc1a55390/kustomize/dummy -------------------------------------------------------------------------------- /orig/apps.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: production 5 | namespace: argocd 6 | finalizers: 7 | - resources-finalizer.argocd.argoproj.io 8 | spec: 9 | project: production 10 | source: 11 | repoURL: https://github.com/vfarcic/argocd-production.git 12 | targetRevision: HEAD 13 | path: helm 14 | destination: 15 | server: https://kubernetes.default.svc 16 | namespace: production 17 | syncPolicy: 18 | automated: 19 | selfHeal: true 20 | prune: true 21 | syncOptions: 22 | - CreateNamespace=true 23 | -------------------------------------------------------------------------------- /orig/argo-cd-kustomize.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: argo-cd 5 | namespace: argocd 6 | finalizers: 7 | - resources-finalizer.argocd.argoproj.io 8 | spec: 9 | project: production 10 | source: 11 | path: argo-cd/overlays/production 12 | repoURL: https://github.com/vfarcic/argocd-production 13 | targetRevision: HEAD 14 | destination: 15 | server: https://kubernetes.default.svc 16 | syncPolicy: 17 | automated: 18 | selfHeal: true 19 | prune: true 20 | 21 | -------------------------------------------------------------------------------- /orig/argo-events-kustomize.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: argo-events 5 | namespace: argocd 6 | finalizers: 7 | - resources-finalizer.argocd.argoproj.io 8 | spec: 9 | project: production 10 | source: 11 | path: argo-events/overlays/production 12 | repoURL: https://github.com/vfarcic/argocd-production 13 | targetRevision: HEAD 14 | destination: 15 | server: https://kubernetes.default.svc 16 | syncPolicy: 17 | automated: 18 | selfHeal: true 19 | prune: true 20 | 21 | -------------------------------------------------------------------------------- /orig/argo-eventsource-github.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | apiVersion: argoproj.io/v1alpha1 4 | kind: EventSource 5 | metadata: 6 | name: github 7 | spec: 8 | service: 9 | ports: 10 | - port: 12000 11 | targetPort: 12000 12 | github: 13 | argo-workflows-demo: 14 | owner: vfarcic 15 | repository: argo-workflows-demo 16 | webhook: 17 | endpoint: /argo-workflows-demo 18 | port: "12000" 19 | method: POST 20 | url: http://acme.com 21 | events: 22 | - "*" 23 | apiToken: 24 | name: github-access 25 | key: token 26 | insecure: true 27 | active: true 28 | contentType: json 29 | 30 | --- 31 | 32 | apiVersion: networking.k8s.io/v1 33 | kind: Ingress 34 | metadata: 35 | name: github 36 | annotations: 37 | kubernetes.io/ingress.class: "nginx" 38 | ingress.kubernetes.io/ssl-redirect: "false" 39 | nginx.ingress.kubernetes.io/ssl-redirect: "false" 40 | spec: 41 | rules: 42 | - http: 43 | paths: 44 | - path: / 45 | pathType: Prefix 46 | backend: 47 | service: 48 | name: github-eventsource-svc 49 | port: 50 | number: 12000 51 | host: acme.com 52 | -------------------------------------------------------------------------------- /orig/argo-rollouts.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: argo-rollouts 5 | namespace: argocd 6 | finalizers: 7 | - resources-finalizer.argocd.argoproj.io 8 | spec: 9 | project: production 10 | source: 11 | path: charts/argo-rollouts 12 | repoURL: https://github.com/argoproj/argo-helm 13 | targetRevision: 40e52f62ac82a3bc3f92584b8594add9d73b8994 14 | destination: 15 | namespace: argo-rollouts 16 | server: https://kubernetes.default.svc 17 | syncPolicy: 18 | automated: 19 | selfHeal: true 20 | prune: true 21 | syncOptions: 22 | - CreateNamespace=true 23 | 24 | -------------------------------------------------------------------------------- /orig/argo-workflows-demo-sensor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | apiVersion: argoproj.io/v1alpha1 4 | kind: Sensor 5 | metadata: 6 | name: webhook 7 | spec: 8 | template: 9 | serviceAccountName: argo-events-sa 10 | dependencies: 11 | - name: github 12 | eventSourceName: github 13 | eventName: argo-workflows-demo 14 | triggers: 15 | - template: 16 | name: trigger 17 | argoWorkflow: 18 | group: argoproj.io 19 | version: v1alpha1 20 | resource: workflows 21 | operation: submit 22 | source: 23 | resource: 24 | apiVersion: argoproj.io/v1alpha1 25 | kind: Workflow 26 | metadata: 27 | generateName: argo-workflows-demo- 28 | namespace: workflows 29 | spec: 30 | entrypoint: build 31 | serviceAccountName: workflow 32 | volumes: 33 | - name: regcred 34 | secret: 35 | secretName: regcred 36 | items: 37 | - key: .dockerconfigjson 38 | path: config.json 39 | templates: 40 | - name: build 41 | dag: 42 | tasks: 43 | - name: build 44 | templateRef: 45 | name: container-image 46 | template: build-kaniko-git 47 | clusterScope: true 48 | arguments: 49 | parameters: 50 | - name: app_repo 51 | value: git://github.com/vfarcic/argo-workflows-demo 52 | - name: container_image 53 | value: vfarcic/devops-toolkit 54 | - name: container_tag 55 | value: "1.0.0" 56 | -------------------------------------------------------------------------------- /orig/argo-workflows-kustomize.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: argo-workflows 5 | namespace: argocd 6 | finalizers: 7 | - resources-finalizer.argocd.argoproj.io 8 | spec: 9 | project: production 10 | source: 11 | path: argo-workflows/overlays/production 12 | repoURL: https://github.com/vfarcic/argocd-production 13 | targetRevision: HEAD 14 | destination: 15 | server: https://kubernetes.default.svc 16 | syncPolicy: 17 | automated: 18 | selfHeal: true 19 | prune: true 20 | 21 | -------------------------------------------------------------------------------- /orig/argo-workflows-templates.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | apiVersion: argoproj.io/v1alpha1 4 | kind: ClusterWorkflowTemplate 5 | metadata: 6 | name: container-image 7 | spec: 8 | serviceAccountName: workflow 9 | templates: 10 | - name: build-kaniko-git 11 | inputs: 12 | parameters: 13 | - name: app_repo 14 | - name: container_image 15 | - name: container_tag 16 | container: 17 | image: gcr.io/kaniko-project/executor:debug 18 | args: 19 | - --context={{inputs.parameters.app_repo}} 20 | - --destination={{inputs.parameters.container_image}}:{{inputs.parameters.container_tag}} 21 | volumeMounts: 22 | - name: regcred 23 | mountPath: /kaniko/.docker/ 24 | -------------------------------------------------------------------------------- /orig/argocd-pipeline.yaml: -------------------------------------------------------------------------------- 1 | version: "1.0" 2 | kind: pipeline 3 | metadata: 4 | name: CF_PROJECT/argocd-production 5 | description: Argo CD production environment app 6 | project: CF_PROJECT 7 | spec: 8 | triggers: 9 | - type: git 10 | provider: github 11 | name: main 12 | repo: GH_ORG/argocd-production 13 | events: 14 | - push 15 | branchRegex: /master/gi 16 | modifiedFilesGlob: "argocd/**" 17 | verified: true 18 | contexts: [] 19 | steps: 20 | main_clone: 21 | title: Cloning main repository 22 | type: git-clone 23 | repo: '${{CF_REPO_OWNER}}/${{CF_REPO_NAME}}' 24 | revision: '${{CF_REVISION}}' 25 | git: CF_GIT_CONTEXT 26 | apply_env: 27 | title: Applying production environment 28 | image: codefresh/kubectl 29 | commands: 30 | - kubectl config use-context CF_CLUSTER 31 | - kubectl apply --filename argocd/apps.yaml 32 | stages: [] 33 | 34 | -------------------------------------------------------------------------------- /orig/create-cluster.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: codefresh 7 | 8 | --- 9 | 10 | kind: ClusterRole 11 | apiVersion: rbac.authorization.k8s.io/v1 12 | metadata: 13 | name: codefresh 14 | rules: 15 | - apiGroups: [ "*"] 16 | resources: ["*"] 17 | verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] 18 | 19 | --- 20 | 21 | apiVersion: v1 22 | kind: ServiceAccount 23 | metadata: 24 | name: codefresh 25 | namespace: codefresh 26 | 27 | --- 28 | 29 | apiVersion: rbac.authorization.k8s.io/v1 30 | kind: ClusterRoleBinding 31 | metadata: 32 | name: codefresh 33 | roleRef: 34 | apiGroup: rbac.authorization.k8s.io 35 | kind: ClusterRole 36 | name: codefresh 37 | subjects: 38 | - kind: ServiceAccount 39 | name: codefresh 40 | namespace: codefresh 41 | -------------------------------------------------------------------------------- /orig/devops-toolkit-rollouts.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: devops-toolkit 5 | namespace: argocd 6 | finalizers: 7 | - resources-finalizer.argocd.argoproj.io 8 | spec: 9 | project: production 10 | source: 11 | path: helm 12 | repoURL: https://github.com/vfarcic/devops-toolkit.git 13 | targetRevision: HEAD 14 | helm: 15 | values: | 16 | image: 17 | tag: latest 18 | ingress: 19 | enabled: false 20 | host: devopstoolkitseries.com 21 | istio: 22 | enabled: true 23 | hpa: true 24 | rollout: 25 | enabled: true 26 | version: v3 27 | destination: 28 | namespace: production 29 | server: https://kubernetes.default.svc 30 | syncPolicy: 31 | automated: 32 | selfHeal: true 33 | prune: true 34 | ignoreDifferences: 35 | - group: networking.istio.io 36 | kind: VirtualService 37 | jsonPointers: 38 | - /spec/http 39 | -------------------------------------------------------------------------------- /orig/prometheus.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: prometheus 5 | namespace: argocd 6 | finalizers: 7 | - resources-finalizer.argocd.argoproj.io 8 | spec: 9 | project: production 10 | source: 11 | path: charts/prometheus 12 | repoURL: https://github.com/prometheus-community/helm-charts 13 | targetRevision: HEAD 14 | destination: 15 | namespace: monitoring 16 | server: https://kubernetes.default.svc 17 | syncPolicy: 18 | automated: 19 | selfHeal: true 20 | prune: true 21 | syncOptions: 22 | - CreateNamespace=true 23 | 24 | -------------------------------------------------------------------------------- /orig/sealed-secrets.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: sealed-secrets 5 | namespace: argocd 6 | finalizers: 7 | - resources-finalizer.argocd.argoproj.io 8 | spec: 9 | project: production 10 | source: 11 | path: sealed-secrets 12 | repoURL: https://github.com/vfarcic/argocd-production 13 | targetRevision: HEAD 14 | destination: 15 | server: https://kubernetes.default.svc 16 | syncPolicy: 17 | automated: 18 | selfHeal: true 19 | prune: true 20 | 21 | -------------------------------------------------------------------------------- /project.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: AppProject 3 | metadata: 4 | name: production 5 | namespace: argocd 6 | finalizers: 7 | - resources-finalizer.argocd.argoproj.io 8 | spec: 9 | description: Production project 10 | sourceRepos: 11 | - '*' 12 | destinations: 13 | - namespace: '*' 14 | server: https://kubernetes.default.svc 15 | clusterResourceWhitelist: 16 | - group: '*' 17 | kind: '*' 18 | namespaceResourceWhitelist: 19 | - group: '*' 20 | kind: '*' 21 | 22 | -------------------------------------------------------------------------------- /sealed-secrets/controller.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | annotations: {} 6 | labels: 7 | name: sealed-secrets-service-proxier 8 | name: sealed-secrets-service-proxier 9 | namespace: kube-system 10 | rules: 11 | - apiGroups: 12 | - "" 13 | resourceNames: 14 | - sealed-secrets-controller 15 | resources: 16 | - services 17 | verbs: 18 | - get 19 | - apiGroups: 20 | - "" 21 | resourceNames: 22 | - 'http:sealed-secrets-controller:' 23 | - sealed-secrets-controller 24 | resources: 25 | - services/proxy 26 | verbs: 27 | - create 28 | - get 29 | --- 30 | apiVersion: rbac.authorization.k8s.io/v1 31 | kind: Role 32 | metadata: 33 | annotations: {} 34 | labels: 35 | name: sealed-secrets-key-admin 36 | name: sealed-secrets-key-admin 37 | namespace: kube-system 38 | rules: 39 | - apiGroups: 40 | - "" 41 | resources: 42 | - secrets 43 | verbs: 44 | - create 45 | - list 46 | --- 47 | apiVersion: rbac.authorization.k8s.io/v1 48 | kind: ClusterRoleBinding 49 | metadata: 50 | annotations: {} 51 | labels: 52 | name: sealed-secrets-controller 53 | name: sealed-secrets-controller 54 | roleRef: 55 | apiGroup: rbac.authorization.k8s.io 56 | kind: ClusterRole 57 | name: secrets-unsealer 58 | subjects: 59 | - kind: ServiceAccount 60 | name: sealed-secrets-controller 61 | namespace: kube-system 62 | --- 63 | apiVersion: rbac.authorization.k8s.io/v1 64 | kind: ClusterRole 65 | metadata: 66 | annotations: {} 67 | labels: 68 | name: secrets-unsealer 69 | name: secrets-unsealer 70 | rules: 71 | - apiGroups: 72 | - bitnami.com 73 | resources: 74 | - sealedsecrets 75 | verbs: 76 | - get 77 | - list 78 | - watch 79 | - apiGroups: 80 | - bitnami.com 81 | resources: 82 | - sealedsecrets/status 83 | verbs: 84 | - update 85 | - apiGroups: 86 | - "" 87 | resources: 88 | - secrets 89 | verbs: 90 | - get 91 | - list 92 | - create 93 | - update 94 | - delete 95 | - apiGroups: 96 | - "" 97 | resources: 98 | - events 99 | verbs: 100 | - create 101 | - patch 102 | --- 103 | apiVersion: v1 104 | kind: ServiceAccount 105 | metadata: 106 | annotations: {} 107 | labels: 108 | name: sealed-secrets-controller 109 | name: sealed-secrets-controller 110 | namespace: kube-system 111 | --- 112 | apiVersion: apps/v1 113 | kind: Deployment 114 | metadata: 115 | annotations: {} 116 | labels: 117 | name: sealed-secrets-controller 118 | name: sealed-secrets-controller 119 | namespace: kube-system 120 | spec: 121 | minReadySeconds: 30 122 | replicas: 1 123 | revisionHistoryLimit: 10 124 | selector: 125 | matchLabels: 126 | name: sealed-secrets-controller 127 | strategy: 128 | rollingUpdate: 129 | maxSurge: 25% 130 | maxUnavailable: 25% 131 | type: RollingUpdate 132 | template: 133 | metadata: 134 | annotations: {} 135 | labels: 136 | name: sealed-secrets-controller 137 | spec: 138 | containers: 139 | - args: [] 140 | command: 141 | - controller 142 | env: [] 143 | image: docker.io/bitnami/sealed-secrets-controller:v0.17.5 144 | imagePullPolicy: Always 145 | livenessProbe: 146 | httpGet: 147 | path: /healthz 148 | port: http 149 | name: sealed-secrets-controller 150 | ports: 151 | - containerPort: 8080 152 | name: http 153 | readinessProbe: 154 | httpGet: 155 | path: /healthz 156 | port: http 157 | securityContext: 158 | readOnlyRootFilesystem: true 159 | runAsNonRoot: true 160 | runAsUser: 1001 161 | stdin: false 162 | tty: false 163 | volumeMounts: 164 | - mountPath: /tmp 165 | name: tmp 166 | imagePullSecrets: [] 167 | initContainers: [] 168 | securityContext: 169 | fsGroup: 65534 170 | serviceAccountName: sealed-secrets-controller 171 | terminationGracePeriodSeconds: 30 172 | volumes: 173 | - emptyDir: {} 174 | name: tmp 175 | --- 176 | apiVersion: apiextensions.k8s.io/v1 177 | kind: CustomResourceDefinition 178 | metadata: 179 | name: sealedsecrets.bitnami.com 180 | spec: 181 | group: bitnami.com 182 | names: 183 | kind: SealedSecret 184 | listKind: SealedSecretList 185 | plural: sealedsecrets 186 | singular: sealedsecret 187 | scope: Namespaced 188 | versions: 189 | - name: v1alpha1 190 | schema: 191 | openAPIV3Schema: 192 | properties: 193 | spec: 194 | type: object 195 | x-kubernetes-preserve-unknown-fields: true 196 | status: 197 | x-kubernetes-preserve-unknown-fields: true 198 | type: object 199 | served: true 200 | storage: true 201 | subresources: 202 | status: {} 203 | --- 204 | apiVersion: v1 205 | kind: Service 206 | metadata: 207 | annotations: {} 208 | labels: 209 | name: sealed-secrets-controller 210 | name: sealed-secrets-controller 211 | namespace: kube-system 212 | spec: 213 | ports: 214 | - port: 8080 215 | targetPort: 8080 216 | selector: 217 | name: sealed-secrets-controller 218 | type: ClusterIP 219 | --- 220 | apiVersion: rbac.authorization.k8s.io/v1 221 | kind: RoleBinding 222 | metadata: 223 | annotations: {} 224 | labels: 225 | name: sealed-secrets-service-proxier 226 | name: sealed-secrets-service-proxier 227 | namespace: kube-system 228 | roleRef: 229 | apiGroup: rbac.authorization.k8s.io 230 | kind: Role 231 | name: sealed-secrets-service-proxier 232 | subjects: 233 | - apiGroup: rbac.authorization.k8s.io 234 | kind: Group 235 | name: system:authenticated 236 | --- 237 | apiVersion: rbac.authorization.k8s.io/v1 238 | kind: RoleBinding 239 | metadata: 240 | annotations: {} 241 | labels: 242 | name: sealed-secrets-controller 243 | name: sealed-secrets-controller 244 | namespace: kube-system 245 | roleRef: 246 | apiGroup: rbac.authorization.k8s.io 247 | kind: Role 248 | name: sealed-secrets-key-admin 249 | subjects: 250 | - kind: ServiceAccount 251 | name: sealed-secrets-controller 252 | namespace: kube-system 253 | --------------------------------------------------------------------------------