/
values.yaml
275 lines (240 loc) · 9.62 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
---
# General values
#
# Set cluster names ...
# https://issues.redhat.com/browse/GITOPS-1777
# The issue that the in-cluster cannot be renamed has been resolved
mgmt-cluster: &mgmtcluster https://kubernetes.default.svc
mgmt-cluster-name: &mgmtclustername in-cluster
production-cluster: &prodcluster https://api.ocp.aws.ispworld.at:6443
production-cluster-name: &prodclustername prod
repourl: &repourl 'https://github.com/tjungbauer/openshift-clusterconfig-gitops'
repobranch: &branch main
# the anchor *rev must be set to a default value, in case it is not set for the cluster
dummy_rev: &rev 1.0.0
argocd_projects:
- *mgmtclustername
- *prodclustername
applicationsets:
############################
# MATRIX GENERATOR EXAMPLE #
############################
# Matrix Generator: The idea here is to walk over a folder, for example /clusters/management-cluster
# and take all settings from there.
# This way you see what is installed on which cluster and you do not need to configure the application here
# Instead, you just add a new configuretion to clusters/management-cluster and it will automatically takes from there.
#
# The generator config here is bypassed 1:1 to the applicationset. It uses Git and list.
# Git: Walking through the specified path
# List: simply defines the target cluster. This is important so that we know where to deploy :)
#
# To make it flexible create one Matrix Generator per cluster.
# Don't forget that the Matrix Generator supports only 2 generators at the moment.
mgmt-cluster:
# Is the ApplicationSet enabled or not
enabled: true
# Description - always useful
description: "ApplicationSet that Deploys on Management Cluster Configuration (using Matrix Generator)"
# Any labels you would like to add to the Application. Good to filter it in the Argo CD UI.
labels:
category: configuration
env: mgmt-cluster
# Using go text template. See: https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/GoTemplate/
goTemplate: true
argocd_project: *mgmtclustername
# preserve all resources when the application get deleted. This is useful to keep that workload even if Argo CD is removed or severely changed.
preserveResourcesOnDeletion: true
# Definition of Matrix Generator. Only 2 generators are supported at the moment
generatormatrix:
# Git: Walking through the specific folder and take whatever is there.
- git:
directories:
- path: clusters/management-cluster/*
- path: clusters/management-cluster/waves
exclude: true
repoURL: *repourl
revision: *branch
# List: simply define the targetCluster. The name of the cluster must be known by Argo CD
- list:
elements:
# targetCluster is important, this will define on which cluster it will be rolled out.
# The cluster name must be known in Argo CD
- targetCluster: *mgmtclustername
syncPolicy:
autosync_enabled: false
# The retry feature is available since v1.7
retries:
limit: 3 # number of failed sync attempt retries; unlimited number of attempts if less than 0
backoff:
duration: 5s # the amount to back off. Default unit is seconds, but could also be a duration (e.g. "2m", "1h")
factor: 2 # a factor to multiply the base duration after each failed retry
maxDuration: 3m # the maximum amount of time allowed for the backoff strategy
# Ignore specific differences in objects. For example: the randomly generated password string in the secret for Quay.
ignoreDifferences:
- kind: Secret
jsonPointers:
- /data/password
name: init-user
namespace: quay-enterprise
################################
# END MATRIX GENERATOR EXAMPLE #
################################
######################################
# PROJECT ONBOARDING - GIT GENERATOR #
######################################
# Tenant Onboarding (using Git Generator)
onboarding-tenant-workload:
# Is the ApplicationSet enabled or not
enabled: true
# Description - always useful
description: "Onboarding Workload to the cluster"
# Any labels you would like to add to the Application. Good to filter it in the Argo CD UI.
labels:
catagory: tenant-onboarding
# Path to the Git repository. The default URL and revision are defined as anchors at the beginning of the file, but could be overwritten here.
path: clusters/all/project-onboarding
repourl: *repourl
targetrevision: *branch
# Using go text template. See: https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/GoTemplate/
goTemplate: true
# Helm configuration. A list of helm values files
helm:
per_cluster_helm_values: false
value_files:
- '/{{ .path.path }}/values.yaml'
- /tenants/values-global.yaml
# Generator: currently list, git and cluster are possible.
# either "generatorlist", "generatorgit" or "generatorclusters"
# Define the repository that shall be checked for configuration file
generatorgit:
- repourl: *repourl
targetrevision: *branch
files:
- tenants/**/values.yaml
# preserve all resources when the application gets deleted. This is useful to keep that workload even if Argo CD is removed or severely changed.
preserveResourcesOnDeletion: true
##########################################
# END PROJECT ONBOARDING - GIT GENERATOR #
##########################################
##########################
# LIST GENERATOR EXAMPLE #
##########################
# Name of the ApplicationSet. The clustername will be appended to the Application
install_sonarqube:
# Is the ApplicationSet enabled or not
enabled: true
# Description - always useful
description: "Install Sonarqube"
# Any specific namespace to be used
namespace: sonarqube
# Helm settings
# These settings are used for single sources MAINLY.
#
# "per_cluster_helm_values" (bool, optional): Defines if every cluster known in Argo CD is using a spearate values-file. This values-file must be named <cluster-name>-values.yaml
# "releasename" (string, optional): Overwrites the releasename of the chart
# "paramters" (array, optional): Sets custom parameters for this chart. The list looks like:
# - name: Name/key of the parameter
# - value: value of the parameter
helm:
releasename: sonarqube
# Any labels you would like to add to the Application. Good to filter it in the Argo CD UI.
labels:
category: project
chartname: sonarqube
repourl: "https://charts.stderr.at/"
targetrevision: 1.0.1
# List of clusters
# "clustername" (string): Is the name of the cluster a defined in Argo CD
# "clusterurl" (string): Is the URL of the cluster API
# "chart_version" (string, optional): Defines which chart version shall be deployed on each cluster.
generatorlist:
- clustername: *mgmtclustername
clusterurl: *mgmtcluster
syncPolicy:
autosync_enabled: false
##############################
# END LIST GENERATOR EXAMPLE #
##############################
# Install ETCD Encryption
enable-etcd-encryption:
enabled: true
description: "Enable ETCD Encryption on target cluster"
labels:
category: security
path: clusters/all/etcd-encryption
generatorlist: []
syncPolicy:
autosync_enabled: false
targetrevision: "main"
# Install Base Operators
enable-base-operators:
enabled: true
description: "Install BASE Operators for later use. There is no Health Check in Place, be sure that the Operators have been deployed."
labels:
category: operators
path: clusters/all/base-operators
generatorlist: []
syncPolicy:
autosync_enabled: false
targetrevision: "main"
# separated because autosync enabled for sealed secrets
sealed-secrets:
enabled: true
description: "Deploy Sealed-Secrets"
labels:
category: security
generatorlist: []
project: default
chartname: sealed-secrets
helm:
releasename: sealed-secrets
helmvalues:
- name: sealed-secrets.enabled
value: 'true'
syncPolicy:
autosync_enabled: true
syncpolicy_prune: false
syncpolicy_selfheal: true
generatorclusters: []
repourl: "https://charts.stderr.at/"
targetrevision: 1.0.14
# Install RHACS Demo
rhacs-demo-app:
enabled: true
description: "Deploy a vulnerable demo application to show results in RHACS"
labels:
category: security
solution: rhacs
helm:
per_cluster_helm_values: false
generatorlist:
- clustername: *mgmtclustername
clusterurl: *mgmtcluster
syncPolicy:
autosync_enabled: false
path: charts/rhacs-demo-applications/
repourl: "https://github.com/tjungbauer/helm-charts"
targetrevision: "main"
# Install Pipeline Demo
pipeline-demo:
enabled: true
description: "Deploy a demo pipeline about linting to show possibilities"
labels:
category: cicd
helm:
per_cluster_helm_values: false
generatorlist:
- clustername: *mgmtclustername
clusterurl: *mgmtcluster
syncPolicy:
autosync_enabled: false
path: charts/pipeline-example/
repourl: "https://github.com/tjungbauer/helm-charts"
targetrevision: "main"
# These define the default values.
# It is possible to overwrite repourl and targetrevision in the Applications(Sets)
general:
argocd_project: 'default'
source:
repourl: *repourl
branch: *branch