Merge pull request #90 from GiganticMinecraft/do-not-use-custom-chart…

…-after-bootstrapping

Do-not-use-custom-chart-after-bootstrapping

helm-charts/proxy-k8s-argo-cd/Chart.yaml → helm-charts/proxy-k8s-argo-cd-bootstrapping/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
-name: proxy-k8s-argo-cd
-version: 1.0.7
+name: proxy-k8s-argo-cd-bootstrapping
+version: 0.1.0
 dependencies:
   - name: argo-cd
     version: 4.2.0

helm-charts/proxy-k8s-argo-cd/values.yaml → helm-charts/proxy-k8s-argo-cd-bootstrapping/values.yaml

@@ -1,14 +1,14 @@
-# values for argocd. See
+# Values for argocd. See
 # https://github.com/argoproj/argo-helm/blob/3a2858aa98f607b495d34db0da2a7a3ecad3eaa0/charts/argo-cd/values.yaml
 # for default values.
 # argo-cd is aliased to argocd
 argocd:
   # config of server
   # https://github.com/argoproj/argo-helm/blob/3a2858aa98f607b495d34db0da2a7a3ecad3eaa0/charts/argo-cd/values.yaml#L781
   server:
-    ## We will be using the App of Apps pattern (https://argo-cd.readthedocs.io/en/stable/operator-manual/cluster-bootstrapping/)
-    ##   to manage a group of applications in our cluster.
-    ## This is the only application in this deployment.
+    ## We will only configure ArgoCD itself here, and expect definition at
+    ## proxy-kubernetes/argocd-apps of https://github.com/GiganticMinecraft/seichi_infra
+    ## to further configure the ArgoCD application (via App of Apps pattern)
     additionalApplications:
       - name: argocd
         namespace: argocd
@@ -21,8 +21,10 @@ argocd:
         source:
           path: proxy-kubernetes/argocd-apps
           repoURL: https://github.com/GiganticMinecraft/seichi_infra
-          targetRevision: HEAD
-
+          targetRevision: main
+        syncPolicy:
+          automated:
+            prune: true
     additionalProjects:
       - name: argocd
         namespace: argocd

proxy-kubernetes/argocd-apps/argo-cd.yaml

@@ -6,58 +6,87 @@ metadata:
 spec:
   project: default
   source:
-    chart: proxy-k8s-argo-cd
-    repoURL: https://giganticminecraft.github.io/seichi_infra
-    targetRevision: 1.0.7
+    # proxy-k8s-argo-cd-bootstrapping はブートストラッピングにのみ用いるchartなので、
+    # proxy-k8s-argo-cd-bootstrapping は利用せずに直接ArgoCDのチャートを使う
+    # (注：むしろ、proxy-k8s-argo-cd-bootstrapping の特定リビジョンを使うと永遠にreconcilationが走ってしまう)
+    chart: argo-cd
+    repoURL: https://argoproj.github.io/argo-helm
+    targetRevision: 4.2.0
     helm:
-      releaseName: proxy-k8s-argo-cd
+      releaseName: argo-cd
       values: |
-        # argo-cd is a dependency chart so we must override values like this
-        # https://helm.sh/docs/chart_template_guide/subcharts_and_globals/
-        argocd:
-          server:
-            configEnabled: true
-            # -- [General Argo CD configuration]
-            # @default -- See [values.yaml]
-            config:
-              # Argo CD instance label key
-              application.instanceLabelKey: argocd.argoproj.io/instance
-              kustomize.buildOptions: --load-restrictor LoadRestrictionsNone
-              kustomize.buildOptions.v4.4.0: --output /tmp
-              ## Following settings are required when configuring SSO
-              # Argo CD's externally facing base URL (optional).
-              url: https://argocd.bungee-proxy-public.seichi.click
-              dex.config: |
-                connectors:
-                  - type: github
-                    id: github
-                    name: GitHub
-                    config:
-                      clientID: 6d77699f96a51159ce39
-                      clientSecret: $argocd-github-client-secret:dex.github.clientSecret
-                      orgs:
-                      - name: GiganticMinecraft
+        # config of server
+        # https://github.com/argoproj/argo-helm/blob/3a2858aa98f607b495d34db0da2a7a3ecad3eaa0/charts/argo-cd/values.yaml#L781
+        server:
+          configEnabled: true
+          # -- [General Argo CD configuration]
+          # @default -- See [values.yaml]
+          config:
+            # Argo CD instance label key
+            application.instanceLabelKey: argocd.argoproj.io/instance
+            kustomize.buildOptions: --load-restrictor LoadRestrictionsNone
+            kustomize.buildOptions.v4.4.0: --output /tmp
+            ## Following settings are required when configuring SSO
+            # Argo CD's externally facing base URL (optional).
+            url: https://argocd.bungee-proxy-public.seichi.click
+            dex.config: |
+              connectors:
+                - type: github
+                  id: github
+                  name: GitHub
+                  config:
+                    clientID: 6d77699f96a51159ce39
+                    clientSecret: $argocd-github-client-secret:dex.github.clientSecret
+                    orgs:
+                    - name: GiganticMinecraft
+
+          rbacConfig:
+            # policy.csv is an file containing user-defined RBAC policies and role definitions (optional).
+            # Policy rules are in the form:
+            #   p, subject, resource, action, object, effect
+            # Role definitions and bindings are in the form:
+            #   g, subject, inherited-subject
+            # See https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md for additional information.
+            policy.csv: |
+              g, GiganticMinecraft:admin-team, role:admin
+              g, GiganticMinecraft:infra-collaborator, role:admin
+            # policy.default is the name of the default role which Argo CD will falls back to, when
+            # authorizing API requests (optional). If omitted or empty, users may be still be able to login,
+            # but will see no apps, projects, etc...
+            policy.default: role:readonly
+          
+          additionalApplications:
+            - name: argocd
+              namespace: argocd
+              finalizers:
+                - resources-finalizer.argocd.argoproj.io
+              destination:
+                namespace: argocd
+                server: https://kubernetes.default.svc
+              project: argocd
+              source:
+                path: proxy-kubernetes/argocd-apps
+                repoURL: https://github.com/GiganticMinecraft/seichi_infra
+                targetRevision: main
+
+          additionalProjects:
+            - name: argocd
+              namespace: argocd
+              description: The Top-Level Project
+              sourceRepos:
+                - '*'
+              destinations:
+                - namespace: argocd
+                  server: https://kubernetes.default.svc
+              clusterResourceWhitelist:
+                - group: '*'
+                  kind: '*'
+              orphanedResources:
+                warn: true
 
-            rbacConfig:
-              # policy.csv is an file containing user-defined RBAC policies and role definitions (optional).
-              # Policy rules are in the form:
-              #   p, subject, resource, action, object, effect
-              # Role definitions and bindings are in the form:
-              #   g, subject, inherited-subject
-              # See https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md for additional information.
-              policy.csv: |
-                g, GiganticMinecraft:admin-team, role:admin
-                g, GiganticMinecraft:infra-collaborator, role:admin
-              # policy.default is the name of the default role which Argo CD will falls back to, when
-              # authorizing API requests (optional). If omitted or empty, users may be still be able to login,
-              # but will see no apps, projects, etc...
-              policy.default: role:readonly
   destination:
     server: https://kubernetes.default.svc
     namespace: argocd
-  syncPolicy:
-    automated:
-      prune: true
 ---
 apiVersion: bitnami.com/v1alpha1
 kind: SealedSecret