argocd: add gitlab

Signed-off-by: Victor Login <batazor111@gmail.com>

ops/Helm/addons/gitlab-runner/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: gitlab-runner
+  repository: https://charts.gitlab.io
+  version: 0.45.0
+digest: sha256:3c250faedb5ada1aa54a77b8299151bb2f074e04f3e5f13bb404e1cc9050a53d
+generated: "2022-10-16T01:00:20.143897+06:00"

ops/Helm/addons/gitlab-runner/Chart.yaml

@@ -0,0 +1,21 @@
+apiVersion: v2                                   # The chart API version (required)
+appVersion: "1.0.0"                              # The version of the app that this contains (optional)
+name: gitlab-runner                              # The name of the chart (required)
+version: 0.1.0                                   # A SemVer 2 version (required)
+kubeVersion: ">= 1.22.0 || >= v1.22.0-0"         # A SemVer range of compatible Kubernetes versions (optional)
+keywords:                                        # A list of keywords about this project (optional)
+  - gitlab-runner
+maintainers:
+  - email: batazor111@gmail.com
+    name: batazor
+    url: batazor.ru
+engine: gotpl
+type: application                                # It is the type of chart (optional)
+deprecated: false                                # Whether this chart is deprecated (optional, boolean)
+dependencies:
+  - name: gitlab-runner
+    version: 0.45.0
+    repository: https://charts.gitlab.io
+    condition: gitlab-runner.enabled
+    tags:
+      - gitlab

ops/Helm/addons/gitlab-runner/README.md

@@ -0,0 +1,58 @@
+# kyverno
+
+![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.0](https://img.shields.io/badge/AppVersion-1.0.0-informational?style=flat-square)
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| batazor | <batazor111@gmail.com> | <batazor.ru> |
+
+## Requirements
+
+Kubernetes: `>= 1.22.0 || >= v1.22.0-0`
+
+| Repository | Name | Version |
+|------------|------|---------|
+| file://../../shortlink-common | shortlink-common | 0.2.0 |
+| https://kyverno.github.io/kyverno | kyverno | 2.6.0 |
+| https://kyverno.github.io/kyverno | kyverno-policies | 2.6.0 |
+| https://kyverno.github.io/policy-reporter | policy-reporter | 2.13.1 |
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| kyverno-policies.enabled | bool | `true` |  |
+| kyverno.enabled | bool | `true` |  |
+| kyverno.serviceMonitor.additionalLabels.release | string | `"prometheus-operator"` |  |
+| kyverno.serviceMonitor.enabled | bool | `true` |  |
+| policy-reporter.enabled | bool | `true` |  |
+| policy-reporter.global.plugins.kyverno | bool | `true` |  |
+| policy-reporter.kyvernoPlugin.enabled | bool | `true` |  |
+| policy-reporter.metrics.enabled | bool | `true` |  |
+| policy-reporter.monitoring.enabled | bool | `true` |  |
+| policy-reporter.networkPolicy.enabled | bool | `false` |  |
+| policy-reporter.rest.enabled | bool | `true` |  |
+| policy-reporter.target.loki.host | string | `"http://grafana-loki.grafana:3100"` |  |
+| policy-reporter.target.loki.minimumPriority | string | `"warning"` |  |
+| policy-reporter.target.loki.skipExistingOnStartup | bool | `true` |  |
+| policy-reporter.target.loki.sources[0] | string | `"kyverno"` |  |
+| policy-reporter.ui.enabled | bool | `true` |  |
+| policy-reporter.ui.ingress.annotations."cert-manager.io/cluster-issuer" | string | `"cert-manager-production"` |  |
+| policy-reporter.ui.ingress.annotations."nginx.ingress.kubernetes.io/enable-modsecurity" | string | `"true"` |  |
+| policy-reporter.ui.ingress.annotations."nginx.ingress.kubernetes.io/enable-opentracing" | string | `"true"` |  |
+| policy-reporter.ui.ingress.annotations."nginx.ingress.kubernetes.io/enable-owasp-core-rules" | string | `"true"` |  |
+| policy-reporter.ui.ingress.annotations."nginx.ingress.kubernetes.io/rewrite-target" | string | `"/$1"` |  |
+| policy-reporter.ui.ingress.annotations."nginx.ingress.kubernetes.io/use-regex" | string | `"true"` |  |
+| policy-reporter.ui.ingress.className | string | `"nginx"` |  |
+| policy-reporter.ui.ingress.enabled | bool | `true` |  |
+| policy-reporter.ui.ingress.hosts[0].host | string | `"shortlink.best"` |  |
+| policy-reporter.ui.ingress.hosts[0].paths[0].path | string | `"/kyverno/?(.*)"` |  |
+| policy-reporter.ui.ingress.hosts[0].paths[0].pathType | string | `"Prefix"` |  |
+| policy-reporter.ui.ingress.tls[0].hosts[0] | string | `"shortlink.best"` |  |
+| policy-reporter.ui.ingress.tls[0].secretName | string | `"shortlink-ingress-tls"` |  |
+| policy-reporter.ui.plugins.kyverno | bool | `true` |  |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)

ops/Helm/addons/gitlab-runner/templates/NOTES.txt

@@ -0,0 +1,5 @@
+CHART NAME: {{ .Chart.Name }}
+CHART VERSION: {{ .Chart.Version }}
+APP VERSION: {{ .Chart.AppVersion }}
+
+** Please be patient while the chart is being deployed **

ops/Helm/addons/gitlab-runner/values.yaml

@@ -0,0 +1,6 @@
+# Common default values for kyverno.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+gitlab-runner:
+  enabled: true

ops/argocd/infrastructure/gitlab-runner/application.yaml

@@ -0,0 +1,46 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: gitlab-runner
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: shortlink
+  destination:
+    name: ''
+    namespace: gitlab-runner
+    server: 'https://kubernetes.default.svc'
+  source:
+    path: ops/Helm/addons/gitlab-runner
+    repoURL: 'https://github.com/batazor/shortlink'
+    targetRevision: HEAD
+    helm:
+      releaseName: gitlab-runner
+      valueFiles:
+        # default values
+        - values.yaml
+
+        # Method 1: Mount the gpg key from a kubernetes secret as volume
+        # secrets+gpg-import://<key-volume-mount>/<key-name>.asc?<relative/path/to/the/encrypted/secrets.yaml>
+        # secrets+age-import://<key-volume-mount>/<key-name>.txt?<relative/path/to/the/encrypted/secrets.yaml>
+        # Example Method 1: (Assumptions: key-volume-mount=/sops-gpg, key-name=app, secret.yaml is in the root folder)
+        - secrets+gpg-import:///sops-gpg/sops.asc?values.secrets.yaml
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+      - ServerSideApply=true
+    retry:
+      limit: 2
+      backoff:
+        duration: 10s
+        maxDuration: 3m0s
+        factor: 2
+  ignoreDifferences:
+    - group: kyverno.io
+      kind: ClusterPolicy
+      jqPathExpressions:
+        - .spec.rules[] | select(.name|test("autogen-."))