-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Chanwit Kaewkasi <chanwit@gmail.com>
- Loading branch information
Showing
24 changed files
with
10,959 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
name: build_v29 | ||
on: | ||
workflow_dispatch: | ||
pull_request: | ||
push: | ||
branches: | ||
- main | ||
paths: | ||
- patches-argo-cd-v2.9/** | ||
- patches-gitops-engine-v2.0.0/** | ||
- VERSION_29 | ||
- .github/workflows/build_v29.yaml | ||
|
||
permissions: | ||
contents: write | ||
id-token: write | ||
packages: write | ||
|
||
jobs: | ||
build: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v2 | ||
- name: install stgit | ||
shell: bash | ||
run: | | ||
sudo apt-get install -y stgit | ||
git config --global user.name "Chanwit Kaewkasi" | ||
git config --global user.email "chanwit@gmail.com" | ||
- name: Get branch names | ||
id: branch-name | ||
uses: tj-actions/branch-names@v5.1 | ||
- name: Prepare | ||
id: prep | ||
run: | | ||
VERSION="${{ steps.branch-name.outputs.current_branch }}-${GITHUB_SHA::8}" | ||
echo ::set-output name=VERSION::${VERSION} | ||
- name: Login to GitHub Container Registry | ||
uses: docker/login-action@v1 | ||
with: | ||
registry: ghcr.io | ||
username: ${{ github.actor }} | ||
password: ${{ secrets.GITHUB_TOKEN }} | ||
- name: Build v2.9 | ||
run: | | ||
ln -s VERSION_29 VERSION | ||
ln -s patches-argo-cd-v2.9 patches-argo-cd | ||
ln -s patches-gitops-engine-v2.0.0 patches-gitops-engine | ||
rm -rf argo-cd || true | ||
bash -x ./init.sh | ||
source ./VERSION | ||
VERSION=${BASE_VERSION}-${SUFFIX_VERSION}-${{ steps.prep.outputs.VERSION }} | ||
( cd argo-cd && IMAGE_NAMESPACE=ghcr.io/flux-subsystem-argo/fsa IMAGE_TAG=$VERSION DOCKER_PUSH=true make image ) | ||
unlink patches-argo-cd | ||
unlink VERSION |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
BASE_VERSION=v2.9.0-rc1 | ||
SUFFIX_VERSION=fl.$(cat patches-argo-cd/series | cut -d- -f1 | tail -1) | ||
GITOPS_ENGINE_VERSION=b0fffe419a0f0a40f9f2c0b6346b752ed6537385 |
63 changes: 63 additions & 0 deletions
63
patches-argo-cd-v2.9/01-build-with-local-gitops-engine.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
build with local gitops engine | ||
|
||
From: Chanwit Kaewkasi <chanwit@gmail.com> | ||
|
||
Signed-off-by: Chanwit Kaewkasi <chanwit@gmail.com> | ||
--- | ||
.gitignore | 2 ++ | ||
Dockerfile | 9 +++++++++ | ||
go.mod | 2 ++ | ||
3 files changed, 13 insertions(+) | ||
|
||
diff --git a/.gitignore b/.gitignore | ||
index ab17deb0d..c28c77a6a 100644 | ||
--- a/.gitignore | ||
+++ b/.gitignore | ||
@@ -25,3 +25,5 @@ cmd/argocd/argocd | ||
cmd/argocd-application-controller/argocd-application-controller | ||
cmd/argocd-repo-server/argocd-repo-server | ||
cmd/argocd-server/argocd-server | ||
+ | ||
+gitops-engine/ | ||
diff --git a/Dockerfile b/Dockerfile | ||
index f69e34cce..07e9df925 100644 | ||
--- a/Dockerfile | ||
+++ b/Dockerfile | ||
@@ -105,7 +105,9 @@ FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.20.6@sha256:8e5a0067e6 | ||
|
||
WORKDIR /go/src/github.com/argoproj/argo-cd | ||
|
||
+COPY ./gitops-engine ./gitops-engine | ||
COPY go.* ./ | ||
+ | ||
RUN go mod download | ||
|
||
# Perform the build | ||
@@ -130,9 +132,16 @@ RUN GIT_COMMIT=$GIT_COMMIT \ | ||
# Final image | ||
#################################################################################################### | ||
FROM argocd-base | ||
+ | ||
+LABEL org.opencontainers.image.source https://github.com/flux-subsystem-argo/fsa | ||
+ | ||
COPY --from=argocd-build /go/src/github.com/argoproj/argo-cd/dist/argocd* /usr/local/bin/ | ||
|
||
USER root | ||
+ | ||
+RUN chmod +x /usr/local/bin/gpg-wrapper.sh && \ | ||
+ chmod +x /usr/local/bin/git-verify-wrapper.sh | ||
+ | ||
RUN ln -s /usr/local/bin/argocd /usr/local/bin/argocd-server && \ | ||
ln -s /usr/local/bin/argocd /usr/local/bin/argocd-repo-server && \ | ||
ln -s /usr/local/bin/argocd /usr/local/bin/argocd-cmp-server && \ | ||
diff --git a/go.mod b/go.mod | ||
index de020933a..00b641f31 100644 | ||
--- a/go.mod | ||
+++ b/go.mod | ||
@@ -306,4 +306,6 @@ replace ( | ||
k8s.io/mount-utils => k8s.io/mount-utils v0.24.2 | ||
k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.24.2 | ||
k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.24.2 | ||
+ | ||
+ github.com/argoproj/gitops-engine v0.7.1-0.20230607163028-b0fffe419a0f => ./gitops-engine | ||
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,185 @@ | ||
implement loopback reconciliation | ||
|
||
From: Chanwit Kaewkasi <chanwit@gmail.com> | ||
|
||
Signed-off-by: Chanwit Kaewkasi <chanwit@gmail.com> | ||
--- | ||
controller/state.go | 18 ++++-- | ||
controller/state_fsa.go | 139 +++++++++++++++++++++++++++++++++++++++++++++++ | ||
2 files changed, 151 insertions(+), 6 deletions(-) | ||
create mode 100644 controller/state_fsa.go | ||
|
||
diff --git a/controller/state.go b/controller/state.go | ||
index a2765f249..126102552 100644 | ||
--- a/controller/state.go | ||
+++ b/controller/state.go | ||
@@ -395,12 +395,18 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1 | ||
} | ||
} | ||
|
||
- targetObjs, manifestInfos, err = m.getRepoObjs(app, sources, appLabelKey, revisions, noCache, noRevisionCache, verifySignature, project) | ||
- if err != nil { | ||
- targetObjs = make([]*unstructured.Unstructured, 0) | ||
- msg := fmt.Sprintf("Failed to load target state: %s", err.Error()) | ||
- conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: msg, LastTransitionTime: &now}) | ||
- failedToLoadObjs = true | ||
+ if isFluxSubsystemEnabled(app) && app.Spec.Source.IsHelm() { | ||
+ targetObjs, conditions, failedToLoadObjs = m.getFluxHelmTargetObjects(app, conditions, now) | ||
+ } else if isFluxSubsystemEnabled(app) && !app.Spec.Source.IsHelm() { | ||
+ targetObjs, conditions, failedToLoadObjs = m.getFluxKustomizeTargetObjects(app, conditions, now) | ||
+ } else { | ||
+ targetObjs, manifestInfos, err = m.getRepoObjs(app, sources, appLabelKey, revisions, noCache, noRevisionCache, verifySignature, project) | ||
+ if err != nil { | ||
+ targetObjs = make([]*unstructured.Unstructured, 0) | ||
+ msg := fmt.Sprintf("Failed to load target state: %s", err.Error()) | ||
+ conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: msg, LastTransitionTime: &now}) | ||
+ failedToLoadObjs = true | ||
+ } | ||
} | ||
} else { | ||
// Prevent applying local manifests for now when signature verification is enabled | ||
diff --git a/controller/state_fsa.go b/controller/state_fsa.go | ||
new file mode 100644 | ||
index 000000000..f795c6a75 | ||
--- /dev/null | ||
+++ b/controller/state_fsa.go | ||
@@ -0,0 +1,139 @@ | ||
+package controller | ||
+ | ||
+import ( | ||
+ "context" | ||
+ "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" | ||
+ "k8s.io/apimachinery/pkg/apis/meta/v1" | ||
+ "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" | ||
+ "k8s.io/apimachinery/pkg/runtime/schema" | ||
+) | ||
+ | ||
+func isFluxSubsystemEnabled(app *v1alpha1.Application) bool { | ||
+ if app == nil { | ||
+ return false | ||
+ } | ||
+ if app.Spec.SyncPolicy == nil { | ||
+ return false | ||
+ } | ||
+ if app.Spec.SyncPolicy.SyncOptions == nil { | ||
+ return false | ||
+ } | ||
+ if app.Spec.SyncPolicy.SyncOptions.HasOption("FluxSubsystem=true") == false { | ||
+ return false | ||
+ } | ||
+ return true | ||
+} | ||
+ | ||
+func (m *appStateManager) getFluxHelmTargetObjects(app *v1alpha1.Application, conditions []v1alpha1.ApplicationCondition, now v1.Time) ([]*unstructured.Unstructured, []v1alpha1.ApplicationCondition, bool) { | ||
+ var ( | ||
+ targetObjs []*unstructured.Unstructured | ||
+ failedToLoadObjs bool | ||
+ ) | ||
+ | ||
+ cluster, err := m.db.GetCluster(context.TODO(), app.Spec.Destination.Server) | ||
+ if err != nil { | ||
+ targetObjs = make([]*unstructured.Unstructured, 0) | ||
+ conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: err.Error(), LastTransitionTime: &now}) | ||
+ failedToLoadObjs = true | ||
+ } | ||
+ config := cluster.RESTConfig() | ||
+ | ||
+ var hl *unstructured.Unstructured | ||
+ hl, err = m.kubectl.GetResource(context.TODO(), config, schema.GroupVersionKind{ | ||
+ Group: "helm.toolkit.fluxcd.io", | ||
+ Version: "v2beta1", | ||
+ Kind: "HelmRelease", | ||
+ }, app.Name, app.Spec.Destination.Namespace) | ||
+ if err != nil { | ||
+ targetObjs = make([]*unstructured.Unstructured, 0) | ||
+ conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: err.Error(), LastTransitionTime: &now}) | ||
+ failedToLoadObjs = true | ||
+ } | ||
+ | ||
+ if hl == nil { | ||
+ targetObjs = make([]*unstructured.Unstructured, 0) | ||
+ conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: err.Error(), LastTransitionTime: &now}) | ||
+ failedToLoadObjs = true | ||
+ } else { | ||
+ var source *unstructured.Unstructured | ||
+ if sourceKind, found, err := unstructured.NestedString(hl.Object, "spec", "chart", "spec", "sourceRef", "kind"); found && err == nil { | ||
+ if sourceName, found, err := unstructured.NestedString(hl.Object, "spec", "chart", "spec", "sourceRef", "name"); found && err == nil { | ||
+ if sourceNS, found, err := unstructured.NestedString(hl.Object, "spec", "chart", "spec", "sourceRef", "namespace"); err == nil { | ||
+ if !found { | ||
+ sourceNS = hl.GetNamespace() | ||
+ } | ||
+ source, err = m.kubectl.GetResource(context.Background(), config, schema.GroupVersionKind{ | ||
+ Group: "source.toolkit.fluxcd.io", | ||
+ Version: "v1beta1", | ||
+ Kind: sourceKind, | ||
+ }, sourceName, sourceNS) | ||
+ } | ||
+ } | ||
+ } | ||
+ if source != nil { | ||
+ targetObjs = []*unstructured.Unstructured{hl, source} | ||
+ } else { | ||
+ targetObjs = make([]*unstructured.Unstructured, 0) | ||
+ conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: err.Error(), LastTransitionTime: &now}) | ||
+ failedToLoadObjs = true | ||
+ } | ||
+ } | ||
+ return targetObjs, conditions, failedToLoadObjs | ||
+} | ||
+ | ||
+func (m *appStateManager) getFluxKustomizeTargetObjects(app *v1alpha1.Application, conditions []v1alpha1.ApplicationCondition, now v1.Time) ([]*unstructured.Unstructured, []v1alpha1.ApplicationCondition, bool) { | ||
+ var ( | ||
+ targetObjs []*unstructured.Unstructured | ||
+ failedToLoadObjs bool | ||
+ ) | ||
+ | ||
+ cluster, err := m.db.GetCluster(context.TODO(), app.Spec.Destination.Server) | ||
+ if err != nil { | ||
+ targetObjs = make([]*unstructured.Unstructured, 0) | ||
+ conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: err.Error(), LastTransitionTime: &now}) | ||
+ failedToLoadObjs = true | ||
+ } | ||
+ config := cluster.RESTConfig() | ||
+ | ||
+ var ks *unstructured.Unstructured | ||
+ ks, err = m.kubectl.GetResource(context.TODO(), config, schema.GroupVersionKind{ | ||
+ Group: "kustomize.toolkit.fluxcd.io", | ||
+ Version: "v1beta2", | ||
+ Kind: "Kustomization", | ||
+ }, app.Name, app.Spec.Destination.Namespace) | ||
+ if err != nil { | ||
+ targetObjs = make([]*unstructured.Unstructured, 0) | ||
+ conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: err.Error(), LastTransitionTime: &now}) | ||
+ failedToLoadObjs = true | ||
+ } | ||
+ | ||
+ if ks == nil { | ||
+ targetObjs = make([]*unstructured.Unstructured, 0) | ||
+ conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: err.Error(), LastTransitionTime: &now}) | ||
+ failedToLoadObjs = true | ||
+ } else { | ||
+ var source *unstructured.Unstructured | ||
+ if sourceKind, found, err := unstructured.NestedString(ks.Object, "spec", "sourceRef", "kind"); found && err == nil { | ||
+ if sourceName, found, err := unstructured.NestedString(ks.Object, "spec", "sourceRef", "name"); found && err == nil { | ||
+ if sourceNS, found, err := unstructured.NestedString(ks.Object, "spec", "sourceRef", "namespace"); err == nil { | ||
+ if !found { | ||
+ sourceNS = ks.GetNamespace() | ||
+ } | ||
+ source, err = m.kubectl.GetResource(context.Background(), config, schema.GroupVersionKind{ | ||
+ Group: "source.toolkit.fluxcd.io", | ||
+ Version: "v1beta1", | ||
+ Kind: sourceKind, | ||
+ }, sourceName, sourceNS) | ||
+ } | ||
+ } | ||
+ } | ||
+ if source != nil { | ||
+ targetObjs = []*unstructured.Unstructured{ks, source} | ||
+ } else { | ||
+ targetObjs = make([]*unstructured.Unstructured, 0) | ||
+ conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: err.Error(), LastTransitionTime: &now}) | ||
+ failedToLoadObjs = true | ||
+ } | ||
+ } | ||
+ return targetObjs, conditions, failedToLoadObjs | ||
+} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
allow flux and oci schemes | ||
|
||
From: Chanwit Kaewkasi <chanwit@gmail.com> | ||
|
||
Signed-off-by: Chanwit Kaewkasi <chanwit@gmail.com> | ||
--- | ||
reposerver/repository/repository.go | 5 +++++ | ||
server/application/application.go | 4 ++++ | ||
util/argo/argo.go | 5 +++++ | ||
3 files changed, 14 insertions(+) | ||
|
||
diff --git a/reposerver/repository/repository.go b/reposerver/repository/repository.go | ||
index 02fb6a20d..aceb2ad6a 100644 | ||
--- a/reposerver/repository/repository.go | ||
+++ b/reposerver/repository/repository.go | ||
@@ -2429,6 +2429,11 @@ func (s *Service) TestRepository(ctx context.Context, q *apiclient.TestRepositor | ||
} | ||
check := checks[repo.Type] | ||
apiResp := &apiclient.TestRepositoryResponse{VerifiedRepository: false} | ||
+ | ||
+ // Flux or OCI scheme are special cases | ||
+ if strings.HasPrefix(repo.Repo, "flux://") || strings.HasPrefix(repo.Repo, "oci://") { | ||
+ return apiResp, nil | ||
+ } | ||
err := check() | ||
if err != nil { | ||
return apiResp, fmt.Errorf("error testing repository connectivity: %w", err) | ||
diff --git a/server/application/application.go b/server/application/application.go | ||
index a0323cde5..534d1aa47 100644 | ||
--- a/server/application/application.go | ||
+++ b/server/application/application.go | ||
@@ -2010,6 +2010,10 @@ func (s *Server) resolveRevision(ctx context.Context, app *appv1.Application, sy | ||
// If it's already a commit SHA, then no need to look it up | ||
return ambiguousRevision, ambiguousRevision, nil | ||
} | ||
+ if strings.HasPrefix(app.Spec.Source.RepoURL, "flux://") || strings.HasPrefix(app.Spec.Source.RepoURL, "oci://") { | ||
+ // Flux or OCI scheme are special cases | ||
+ return ambiguousRevision, ambiguousRevision, nil | ||
+ } | ||
} | ||
|
||
resolveRevisionResponse, err := repoClient.ResolveRevision(ctx, &apiclient.ResolveRevisionRequest{ | ||
diff --git a/util/argo/argo.go b/util/argo/argo.go | ||
index b32369ea7..f9ddd99d5 100644 | ||
--- a/util/argo/argo.go | ||
+++ b/util/argo/argo.go | ||
@@ -287,6 +287,11 @@ func ValidateRepo( | ||
|
||
conditions := make([]argoappv1.ApplicationCondition, 0) | ||
|
||
+ // Flux or OCI scheme are special cases | ||
+ if strings.HasPrefix(spec.Source.RepoURL, "flux://") || strings.HasPrefix(spec.Source.RepoURL, "oci://") { | ||
+ return conditions, nil | ||
+ } | ||
+ | ||
// Test the repo | ||
conn, repoClient, err := repoClientset.NewRepoServerClient() | ||
if err != nil { |
Oops, something went wrong.