Add ArgoCD resource tracking method parameter (#61)

.yamllint

@@ -13,3 +13,9 @@ rules:
     level: error
   line-length: disable
   truthy: disable
+  comments-indentation: false
+  comments:
+    min-spaces-from-content: 1
+  octal-values:
+    forbid-implicit-octal: true
+    forbid-explicit-octal: true

defaults/main/argocd.yml

@@ -21,6 +21,10 @@ k8s_argocd_chart_values:
     replicas: 2
   applicationSet:
     replicas: 2
+  configs:
+    params:
+      application.namespaces: "*"
+k8s_argocd_resource_tracking_method: label
 k8s_argocd_apps_namespace: "argocd"
 k8s_argocd_apps_wait_timeout: "{{ k8s_wait_timeout }}"
 k8s_argocd_apps_chart:

molecule/common/create.yml

@@ -24,7 +24,7 @@
           ansible.builtin.get_url:
             url: https://get.k3s.io
             dest: "{{ tempdir.path }}/k3s"
-            mode: 0755
+            mode: "u=rwx,go=rx"
 
         - name: Deploy k3s cluster
           ansible.builtin.command: "{{ tempdir.path }}/k3s --disable=traefik"
@@ -50,7 +50,7 @@
             remote_src: true
             owner: "{{ ansible_user }}"
             group: "{{ ansible_user }}"
-            mode: 0600
+            mode: "u=rw,go-rwx"
           vars:
             ansible_user: "{{ lookup('ansible.builtin.env', 'USER') }}"
           become: true

molecule/common/prepare.yml

@@ -12,7 +12,7 @@
       ansible.builtin.copy:
         src: "{{ helm_bin_query.stdout }}"
         dest: "{{ k8s_helm_bin }}"
-        mode: '0755'
+        mode: "u=rwx,go=rx"
       when: helm_bin_query is succeeded
 
     - name: Download Helm binary
@@ -61,7 +61,7 @@
               ansible.builtin.copy:
                 src: "{{ helm_bin.files[0].path }}"
                 dest: "{{ k8s_helm_bin }}"
-                mode: '0755'
+                mode: "u=rwx,go=rx"
 
           always:
             - name: Cleanup temp files

pyproject.toml

@@ -8,14 +8,14 @@ authors = ["nephelaiio"]
 python = "^3.10"
 
 [tool.poetry.group.dev.dependencies]
-ansible = "^9.3.0"
+ansible-lint = { version = "^24.5.0", markers = "platform_system != 'Windows'" }
+ansible = "^9.6.0"
 molecule = "^24.2.1"
-netaddr = "^1.2.1"
+netaddr = "^1.3.0"
 kubernetes = "^29.0.0"
 openshift = "^0.13.2"
 github3-py = "^4.0.1"
 jmespath = "^1.0.1"
-ansible-lint = { version = "^24.2.0", markers = "platform_system != 'Windows'" }
 yamllint = "^1.35.1"
 
 [build-system]

tasks/deploy.yml

@@ -23,7 +23,7 @@
   ansible.builtin.include_tasks: "deploy/longhorn.yml"
   when: k8s_longhorn_deploy | bool
 
-- name: Include argocd deployment tasks
+- name: Include ArgoCD deployment tasks
   ansible.builtin.include_tasks: "deploy/argocd.yml"
   when: k8s_argocd_deploy | bool
 

tasks/deploy/argocd.yml

@@ -6,7 +6,7 @@
     _config: "{{ k8s_kubeconfig }}"
     _resource: 'argocd-repo-server'
 
-- name: Install argocd chart
+- name: Install ArgoCD chart
   kubernetes.core.helm:
     name: argocd
     chart_ref: "{{ k8s_argocd_chart.name }}"
@@ -50,6 +50,17 @@
     _reposerver_query: "{{ query(_query, kind='Deployment', namespace=_ns, resource_name=_resource, kubeconfig=_config) }}"
   changed_when: false
 
+- name: Configure ArgoCD resource tracking method
+  kubernetes.core.k8s:
+    api_version: v1
+    kind: ConfigMap
+    namespace: "{{ k8s_argocd_namespace }}"
+    name: argocd-cm
+    kubeconfig: "{{ k8s_kubeconfig | default(omit) }}"
+    definition:
+      data:
+        application.resourceTrackingMethod: "{{ k8s_argocd_resource_tracking_method }}"
+
 - name: Deploy argocd ingress
   kubernetes.core.k8s:
     namespace: "{{ k8s_argocd_namespace }}"

tasks/verify.yml

@@ -27,7 +27,7 @@
     - name: Include Helm checks
       ansible.builtin.include_tasks: verify/helm.yml
 
-    - name: Include argocd checks
+    - name: Include ArgoCD checks
       ansible.builtin.include_tasks: verify/argocd.yml
       when: k8s_argocd_verify | bool
 

tasks/verify/argocd.yml

@@ -11,7 +11,7 @@
   vars:
     _reposerver_query: "{{ query(_query, kind='Deployment', namespace=_ns, resource_name='argocd-repo-server', kubeconfig=_config) }}"
 
-- name: Query argocd ingress metadata
+- name: Query ArgoCD ingress metadata
   ansible.builtin.set_fact:
     ingress_argocd_ip: "{{ ingress_query[0][_status][_lb][_ingress][0][_ip] }}"
   vars:
@@ -32,26 +32,26 @@
     - ingress_query[0][_status][_lb][_ingress] | length > 0
     - _ip in ingress_query[0][_status][_lb][_ingress][0]
 
-- name: Record argocd deployment env vars
+- name: Record ArgoCD deployment env vars
   ansible.builtin.set_fact:
     argocd_env: "{{ _argocd_env }}"
     argocd_env_exec_item: "{{ _argocd_env | selectattr('name', 'equalto', 'ARGOCD_EXEC_TIMEOUT') }}"
   vars:
     _argocd_env: "{{ _reposerver_def.spec.template.spec.containers[0].env }}"
 
-- name: Check argocd exec timeout parameter
+- name: Check ArgoCD exec timeout parameter
   ansible.builtin.assert:
     that: argocd_env_exec_item | length > 0
     fail_msg: "env var ARGOCD_EXEC_TIMEOUT is not set"
 
-- name: Check argocd exec timeout value
+- name: Check ArgoCD exec timeout value
   ansible.builtin.assert:
     that: argocd_env_exec_value == k8s_argocd_exec_timeout
     fail_msg: "env var ARGOCD_EXEC_TIMEOUT is not set correctly ({{ argocd_env_exec_value }})"
   vars:
     argocd_env_exec_value: "{{ argocd_env_exec_item[0].value }}"
 
-- name: Query argocd access info
+- name: Query ArgoCD access info
   ansible.builtin.set_fact:
     _argocd_secret_query: "{{ _secrets }}"
   vars:
@@ -61,14 +61,14 @@
   delay: "{{ k8s_retry_delay }}"
   until: _secrets | length > 0
 
-- name: Record argocd auth credentials
+- name: Record ArgoCD auth credentials
   ansible.builtin.set_fact:
     argocd_admin_username: "admin"
     argocd_admin_password: "{{ _argocd_secret_data.data.password | b64decode }}"
   vars:
     _argocd_secret_data: "{{ _argocd_secret_query | first }}"
 
-- name: Auth against argocd api
+- name: Auth against ArgoCD API
   ansible.builtin.uri:
     url: "https://{{ ingress_argocd_ip }}/api/v1/session"
     method: POST
@@ -81,13 +81,13 @@
     validate_certs: false
   register: argocd_auth_data
 
-- name: Record argocd auth token
+- name: Record ArgoCD auth token
   ansible.builtin.set_fact:
     argocd_admin_token: "{{ argocd_auth_data.json.token }}"
 
-- name: Verify argocd application status
+- name: Verify ArgoCD application status
   block:
-    - name: Query argocd application status
+    - name: Query ArgoCD application status
       ansible.builtin.uri:
         url: "https://{{ ingress_argocd_ip }}/api/v1/applications?refresh=true"
         headers:

tasks/verify/install.yml

@@ -41,7 +41,7 @@
   ansible.builtin.copy:
     content: "{{ _cacert }}"
     dest: "{{ k8s_cacert_path }}"
-    mode: '0755'
+    mode: "u=rwx,go=rx"
   vars:
     _cacert: "{{ _cacert_data.data['ca.crt'] | b64decode }}"
     _cacert_data: "{{ _cacert_query | selectattr('metadata.name', 'equalto', 'cluster-issuer-secret') | first }}"
@@ -79,7 +79,7 @@
       set -euo pipefail
       {{ _cmd }}
     dest: "{{ k8s_verifier_path }}/bwrap"
-    mode: 0755
+    mode: "u=rwx,go=rx"
   vars:
     _cmd: "bwrap {{ _bind_dev }} {{ _bind_hosts }} {{ _bind_ca }} {{ _bind_certs }} sh -c \"$CMD\""
     _bind_dev: "--dev-bind / /"