argocd: add signadot

Signed-off-by: Victor Login <batazor@evrone.com>
shortlink-org · Jun 21, 2023 · cff883a · cff883a
1 parent 32bd81a
commit cff883a
Show file tree

Hide file tree

Showing 9 changed files with 147 additions and 0 deletions.
diff --git a/ops/Helm/addons/signadot/.helmignore b/ops/Helm/addons/signadot/.helmignore
@@ -0,0 +1,22 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/ops/Helm/addons/signadot/Chart.lock b/ops/Helm/addons/signadot/Chart.lock
@@ -0,0 +1,6 @@
+dependencies:
+- name: operator
+  repository: https://charts.signadot.com
+  version: 0.12.0
+digest: sha256:950d8b5588a8d9bd9a023c383a61fa44abea72d14399d3bd5d823406224525fe
+generated: "2023-06-21T03:25:41.017887+02:00"
diff --git a/ops/Helm/addons/signadot/Chart.yaml b/ops/Helm/addons/signadot/Chart.yaml
@@ -0,0 +1,22 @@
+apiVersion: v2                                   # The chart API version (required)
+appVersion: "1.0.0"                              # The version of the app that this contains (optional)
+name: signadot                                   # The name of the chart (required)
+description: Sandbox for developer               # A single-sentence description of this project (optional)
+version: 0.1.0                                   # A SemVer 2 version (required)
+kubeVersion: ">= 1.24.0 || >= v1.24.0-0"         # A SemVer range of compatible Kubernetes versions (optional)
+keywords:                                        # A list of keywords about this project (optional)
+  - chaos
+home: https://batazor.github.io/shortlink/       # The URL of this project's home page (optional)
+sources:                                         # A list of URLs to source code for this project (optional)
+  - https://github.com/shortlink-org/shortlink
+maintainers:
+  - email: batazor111@gmail.com
+    name: batazor
+    url: batazor.ru
+engine: gotpl
+type: application                                # It is the type of chart (optional)
+deprecated: false                                # Whether this chart is deprecated (optional, boolean)
+dependencies:
+  - name: operator
+    version: 0.12.0
+    repository: https://charts.signadot.com
diff --git a/ops/Helm/addons/signadot/charts/operator-0.12.0.tgz b/ops/Helm/addons/signadot/charts/operator-0.12.0.tgz
diff --git a/ops/Helm/addons/signadot/templates/NOTES.txt b/ops/Helm/addons/signadot/templates/NOTES.txt
@@ -0,0 +1,5 @@
+CHART NAME: {{ .Chart.Name }}
+CHART VERSION: {{ .Chart.Version }}
+APP VERSION: {{ .Chart.AppVersion }}
+
+** Please be patient while the chart is being deployed **
diff --git a/ops/Helm/addons/signadot/templates/secret.yaml b/ops/Helm/addons/signadot/templates/secret.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: cluster-agent
+type: Opaque
+data:
+  token: {{ .Values.token | b64enc }}
diff --git a/ops/Helm/addons/signadot/values.sops.yaml b/ops/Helm/addons/signadot/values.sops.yaml
@@ -0,0 +1,30 @@
+token: ENC[AES256_GCM,data:0/qQv+JcfrZ7hxIW/Hs/wWKC3x2JYK+Y+bYTTCkGXFPKtGr2OuDYMYk89Q==,iv:tj/+2LLcJuuX0Y4y+reXWH5nZYn1yH6P24qgnWEf15w=,tag:Zr8lfIWyRmO8crh0/QVGgQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2023-06-21T01:30:04Z"
+    mac: ENC[AES256_GCM,data:7OGjXTqKCst+kBgxa8wKFK6aQWsPU/5sldwyTNFSFpB+FLcRoYdQ9SxNKHZnMJ6Km8pwiJke2I5ft3DRSuuOlOYjW08qIn+cWr6T3XFoWWb9rqqlxawvwob78a3dDqi15n2d82jk6IZLXPs7vhDIj0BPtFCXrIxdyzmbnWKW59I=,iv:aZ8bMwOXfa0yC8GGRXqegxldhgFIWEGV2WSMmzedFiw=,tag:FxxxmlcHRqN6VJKEguicLQ==,type:str]
+    pgp:
+        - created_at: "2023-06-21T01:29:48Z"
+          enc: |
+            -----BEGIN PGP MESSAGE-----
+
+            hQGMAxDrDE6S/SFjAQv6Ayo8FQe+o4ddhXHyFV2mOxERDX2AJ08NIxo19v7NCQui
+            QmOHQsyz4IjNDDSvD3fQ9TfsUhMOhWWTpocOIB5SBOwbwut1zGuGsuvZtmMmRRgk
+            JZ2sQxgQeV+hkmu0YOXd74g6mCR+DhbPVqXBqX+AHzSRoEoX7Q1Jj8C3Q1Fs6JuA
+            xrDIn+I7KHd8HEaNCg21z8DTGcZQ4rlvHBkdy1xKMcx3Rj+OAOga1TPUZiOHatut
+            GTYixl9DG+QdM/9bCowW9zcgRA2cHGEhw3j05RgdwmqBFZjKeI+ZGnWu/dr/HK+h
+            OqGWMoQ6R7gxrAuFwTwEcAmJ65DKoaVve1KlkLjhz8Z22fNdyJxnDVBN0Ij+OyIs
+            VQtFxEVWgccWbks1mJzUtPUjSL1Fw5bpwtQdYssPpP0ypEmXUPgb1pEh42uRW7bJ
+            9jqgIAKXglqKp7YGyhSvPoGmT8O2Y7oi7dWqBX/QTOX3Y8oDggJZqLOaRFH8Xztj
+            AhT0HcBNEINt1IC3KlRt1GgBCQIQnv0pXCoDbSgksTScsJDqwPpJHiIv503dVDVJ
+            mvgnjy2NtU/FdAFxXLH3/s5zNYg3ciJwDsvTaEHdJe1AFdLaAhUp+02alPyxlI1M
+            7gbGVXUsJJ/2GQ7qcwZsxfdLvHb5V+dwjw==
+            =LoR7
+            -----END PGP MESSAGE-----
+          fp: C92AE33AF20998F8CA09E819A842078E859DE4F1
+    unencrypted_suffix: _unencrypted
+    version: 3.7.3
diff --git a/ops/Helm/addons/signadot/values.yaml b/ops/Helm/addons/signadot/values.yaml
@@ -0,0 +1,6 @@
+# Common default values for signadot.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+signadot:
+  secretToken: "_mqe5C7eINnisQGG9_B8NYomwZtbtmE5g8EFQB8wZNk"
diff --git a/ops/argocd/infrastructure/signadot/application.yaml b/ops/argocd/infrastructure/signadot/application.yaml
@@ -0,0 +1,49 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: signadot
+  namespace: argocd
+  annotations:
+    notifications.argoproj.io/subscribe.on-sync-succeeded.slack: gitops
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: shortlink
+  destination:
+    name: ''
+    namespace: signadot
+    server: 'https://kubernetes.default.svc'
+  source:
+    path: ops/Helm/addons/signadot
+    repoURL: 'https://github.com/shortlink-org/shortlink'
+    targetRevision: HEAD
+    helm:
+      releaseName: signadot
+      valueFiles:
+        - values.yaml
+
+        # ### Method 2: Fetch the gpg/age key from kubernetes secret
+        # secrets+gpg-import-kubernetes://<namespace>/<secret-name>#<key-name>.asc?<relative/path/to/the/encrypted/secrets.yaml>
+        # secrets+age-import-kubernetes://<namespace>/<secret-name>#<key-name>.txt?<relative/path/to/the/encrypted/secrets.yaml>
+        # Example Method 2: (Assumptions: namespace=argocd, secret-name=sops-gpg, key-name=app, secret.yaml is in the root folder)
+        - secrets+gpg-import-kubernetes://argocd/sops-gpg#sops.asc?values.sops.yaml
+  syncPolicy:
+    automated:
+      prune: true
+      allowEmpty: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+      - ServerSideApply=true
+      - ApplyOutOfSyncOnly=true
+    retry:
+      limit: 2
+      backoff:
+        duration: 10s
+        maxDuration: 3m0s
+        factor: 2
+  ignoreDifferences:
+    - group: kyverno.io
+      kind: ClusterPolicy
+      jqPathExpressions:
+        - .spec.rules[] | select(.name|test("autogen-."))