Oke gitops

app-dev/devops-and-containers/oke/oke-gitops/modules/devops/build_pipeline.tf

@@ -25,7 +25,7 @@ resource "oci_devops_build_pipeline_stage" "mirror_argocd_stage" {
   display_name = "Mirror Helm Chart"
   description = "Stage to import a public Helm Chart into the tenancy Oracle Container Registry"
   primary_build_source = "pipelines"
-  image = "OL7_X86_64_STANDARD_10"
+  image = "OL8_X86_64_STANDARD_10"
   stage_execution_timeout_in_seconds = 36000
 }
 

app-dev/devops-and-containers/oke/oke-gitops/modules/devops/repositories.tf

@@ -47,16 +47,16 @@ resource "null_resource" "push_pipelines_repo_content" {
 }
 
 
-resource "oci_devops_repository" "argo_repo" {
-  name       = "oke-cluster-config"
+resource "oci_devops_repository" "system_config_repo" {
+  name       = "system-cluster-config"
   project_id = oci_devops_project.devops_project.id
-  description = "Repository containing Kubernetes cluster configurations"
+  description = "Repository containing Kubernetes cluster configurations, to be used by cluster admins"
   repository_type = "HOSTED"
 }
 
 data "archive_file" "cluster_config_archive" {
-  output_path = "oke-cluster-config.zip"
-  source_dir = "${path.root}/repos/oke-cluster-config"
+  output_path = "system-cluster-config.zip"
+  source_dir = "${path.root}/repos/system-cluster-config"
   type        = "zip"
 }
 
@@ -65,17 +65,50 @@ resource "null_resource" "push_cluster_config_repo_content" {
   provisioner "local-exec" {
     command = "chmod +x ./script/push_repo.sh && ./script/push_repo.sh"
     environment = {
-      REPO_CLONE_URL = oci_devops_repository.argo_repo.http_url
+      REPO_CLONE_URL = oci_devops_repository.system_config_repo.http_url
       GIT_USERNAME = var.git_username
       GIT_PASSWORD = var.git_password
       REGION = var.region
-      SOURCE_REPO = "/repos/oke-cluster-config"
+      SOURCE_REPO = "/repos/system-cluster-config"
     }
     working_dir = path.root
   }
   triggers = {
     src_hash = data.archive_file.cluster_config_archive.output_sha
-    repo_id = oci_devops_repository.argo_repo.id
+    repo_id = oci_devops_repository.system_config_repo.id
+  }
+  depends_on = [local_file.export_variables]
+}
+
+resource "oci_devops_repository" "apps_config_repo" {
+  name       = "apps-cluster-config"
+  project_id = oci_devops_project.devops_project.id
+  description = "Repository containing Kubernetes application configurations, to be used by developers"
+  repository_type = "HOSTED"
+}
+
+data "archive_file" "apps_config_archive" {
+  output_path = "apps-cluster-config.zip"
+  source_dir = "${path.root}/repos/apps-cluster-config"
+  type        = "zip"
+}
+
+resource "null_resource" "push_apps_config_repo_content" {
+
+  provisioner "local-exec" {
+    command = "chmod +x ./script/push_repo.sh && ./script/push_repo.sh"
+    environment = {
+      REPO_CLONE_URL = oci_devops_repository.apps_config_repo.http_url
+      GIT_USERNAME = var.git_username
+      GIT_PASSWORD = var.git_password
+      REGION = var.region
+      SOURCE_REPO = "/repos/apps-cluster-config"
+    }
+    working_dir = path.root
+  }
+  triggers = {
+    src_hash = data.archive_file.apps_config_archive.output_sha
+    repo_id = oci_devops_repository.apps_config_repo.id
   }
   depends_on = [local_file.export_variables]
 }

app-dev/devops-and-containers/oke/oke-gitops/provider.tf

@@ -3,7 +3,7 @@ terraform {
   required_providers {
     oci = {
       source  = "oracle/oci"
-      version = "7.4.0"
+      version = "7.18.0"
     }
     null = {
       source = "hashicorp/null"

app-dev/devops-and-containers/oke/oke-gitops/repos/apps-cluster-config/apps/helm/charts/example-app/Chart.yaml

@@ -0,0 +1,9 @@
+apiVersion: v2
+name: appsets
+description: An example of a Helm application
+
+type: application
+
+version: 1.0.0
+
+appVersion: "1.0.0"

app-dev/devops-and-containers/oke/oke-gitops/repos/apps-cluster-config/apps/kustomize/example-app/base/kustomization.yml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources: []

app-dev/devops-and-containers/oke/oke-gitops/repos/apps-cluster-config/apps/kustomize/example-app/env-type/no-prod/kustomization.yml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ../../base

app-dev/devops-and-containers/oke/oke-gitops/repos/apps-cluster-config/apps/kustomize/example-app/envs/prod/kustomization.yml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ../../base

app-dev/devops-and-containers/oke/oke-gitops/repos/apps-cluster-config/apps/kustomize/example-app/envs/qa/kustomization.yml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ../../base

app-dev/devops-and-containers/oke/oke-gitops/repos/apps-cluster-config/appsets/examples/helm-apps-qa.yml

@@ -0,0 +1,63 @@
+# Deploy all helm application on all qa clusters.
+
+apiVersion: argoproj.io/v1alpha1
+kind: ApplicationSet
+metadata:
+  name: helm-apps-qa
+  namespace: argocd
+spec:
+  goTemplate: true
+  goTemplateOptions: [ "missingkey=error" ]
+  generators:
+    - matrix:
+        generators:
+          - git:
+              repoURL: {{ .Values.repo }}
+              revision: HEAD
+              directories:
+                - path: apps/helm/charts/*
+          - clusters:
+              selector:
+                matchLabels:
+                  type: "workload"
+                matchExpressions:
+                  - key: "qa"
+                    operator: In
+                    values:
+                      - "true"
+
+  syncPolicy:
+    preserveResourcesOnDeletion: false     # If true, application will be kept even if removed from ArgoCD
+  template:
+    metadata:
+      name: '{{ "{{" }}index .path.segments 3{{ "}}" }}-{{ "{{" }}.nameNormalized{{ "}}" }}-qa'
+    spec:
+      project: team-project    # Project dedicated to this development team
+      sources:
+        - repoURL: {{ .Values.repo }}
+          path: '{{ "{{" }}.path.path{{ "}}" }}'
+          targetRevision: HEAD       # Git HEAD will represent the latest state of the applications
+          helm:
+            releaseName: '{{ "{{" }}index .path.segments 3{{ "}}" }}-qa'
+            valueFiles:
+              - $values/apps/helm/values/{{ "{{" }}index .path.segments 3{{ "}}" }}/values-common.yml
+              - $values/apps/helm/values/{{ "{{" }}index .path.segments 3{{ "}}" }}/env-type/values-no-prod.yml
+              # If you have some image tag version that differ between environments
+              - $values/apps/helm/values/{{ "{{" }}index .path.segments 3{{ "}}" }}/version/values-qa.yml
+              # Environment specific configurations
+              - $values/apps/helm/values/{{ "{{" }}index .path.segments 3{{ "}}" }}/envs/values-qa.yml
+
+
+        - repoURL: {{ .Values.repo }}
+          targetRevision: HEAD
+          ref: values
+      destination:
+        server: '{{ "{{" }}.server{{ "}}" }}'
+        namespace: 'namespace-qa'       # This is just the default qa namespace. If an application needs to be deployed on another namespace, it must be set in the helm values
+      syncPolicy:
+        syncOptions:
+          - CreateNamespace=false       # qa namespace should already have been created
+          - ServerSideApply=true
+        automated:
+          prune: true
+          selfHeal: true

app-dev/devops-and-containers/oke/oke-gitops/repos/apps-cluster-config/appsets/examples/kustomize-apps-qa.yml

@@ -0,0 +1,50 @@
+# Deploy all helm application on all qa clusters.
+
+apiVersion: argoproj.io/v1alpha1
+kind: ApplicationSet
+metadata:
+  name: helm-apps-qa
+  namespace: argocd
+spec:
+  goTemplate: true
+  goTemplateOptions: [ "missingkey=error" ]
+  generators:
+    - matrix:
+        generators:
+          - git:
+              repoURL: {{ .Values.repo }}
+              revision: HEAD
+              directories:
+                - path: apps/kustomize/*/envs/qa
+          - clusters:
+              selector:
+                matchLabels:
+                  type: "workload"
+                matchExpressions:
+                  - key: "qa"
+                    operator: In
+                    values:
+                      - "true"
+
+  syncPolicy:
+    preserveResourcesOnDeletion: false     # If true, application will be kept even if removed from ArgoCD
+  template:
+    metadata:
+      name: '{{ "{{" }}index .path.segments 2{{ "}}" }}-{{ "{{" }}.nameNormalized{{ "}}" }}-qa'
+    spec:
+      project: team-project    # Project dedicated to this development team
+      sources:
+        - repoURL: {{ .Values.repo }}
+          path: '{{ "{{" }}.path.path{{ "}}" }}'
+          targetRevision: HEAD       # Git HEAD will represent the latest state of the applications
+
+      destination:
+        server: '{{ "{{" }}.server{{ "}}" }}'
+        namespace: 'namespace-qa'       # This is just the default qa namespace. If an application needs to be deployed on another namespace, it must be set in the helm values
+      syncPolicy:
+        syncOptions:
+          - CreateNamespace=false       # qa namespace should already have been created
+          - ServerSideApply=true
+        automated:
+          prune: true
+          selfHeal: true

app-dev/devops-and-containers/oke/oke-gitops/repos/oke-cluster-config/appsets/values.yaml → app-dev/devops-and-containers/oke/oke-gitops/repos/apps-cluster-config/appsets/values.yaml

@@ -1,3 +1,2 @@
 # Git repository where the cluster configurations are located, with .git postfix
-repo: ""
-project: "default"
+repo: ""

app-dev/devops-and-containers/oke/oke-gitops/repos/oke-cluster-config/in-cluster.yml → app-dev/devops-and-containers/oke/oke-gitops/repos/apps-cluster-config/in-cluster.yml

@@ -3,7 +3,10 @@ kind: Secret
 metadata:
   labels:
     argocd.argoproj.io/secret-type: cluster
-    cluster: in-cluster
+    type: "hub"     # hub cluster is where ArgoCD is deployed, all other cluster will be "workload"
+    #region: "uk"
+    provider: "oci"
+    # prod: "true"    # By "environment" we mean NOT an application environment, rather a common set of clusters where applications are deployed
   name: in-cluster
   namespace: argocd
 stringData:

app-dev/devops-and-containers/oke/oke-gitops/repos/oke-cluster-config/root.yml → app-dev/devops-and-containers/oke/oke-gitops/repos/apps-cluster-config/root.yml

@@ -3,7 +3,7 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
-  name: all-apps-in-cluster
+  name: apps-cluster-config
   namespace: argocd
 spec:
   project: default
@@ -13,8 +13,6 @@ spec:
     path: appsets
     helm:
       parameters:
-        - name: project
-          value: default
         - name: repo
           value: ${REPO}
   destination: