From 3d5c52f4e3c61668df11b0674fb5f97c9dd71ef3 Mon Sep 17 00:00:00 2001 From: Sebastian Widmer Date: Wed, 8 Jun 2022 15:48:20 +0200 Subject: [PATCH] Make argocd renovatable by using image tag as version source --- class/argocd.yml | 94 +++++++++---------- class/defaults.yml | 3 +- component/application-controller.jsonnet | 11 ++- component/common.libsonnet | 10 ++ component/monitoring.libsonnet | 2 +- component/rbac.jsonnet | 9 +- component/redis.jsonnet | 9 +- component/repo-server.jsonnet | 5 +- component/server.jsonnet | 13 +-- .../ROOT/pages/references/parameters.adoc | 10 +- 10 files changed, 87 insertions(+), 79 deletions(-) create mode 100644 component/common.libsonnet diff --git a/class/argocd.yml b/class/argocd.yml index bccae64d..d3fda2c6 100644 --- a/class/argocd.yml +++ b/class/argocd.yml @@ -3,79 +3,79 @@ parameters: dependencies: # CRDs - type: https - source: https://raw.githubusercontent.com/argoproj/argo-cd/${argocd:git_tag}/manifests/crds/application-crd.yaml - output_path: dependencies/argocd/manifests/${argocd:git_tag}/crds/application-crd.yaml + source: https://raw.githubusercontent.com/argoproj/argo-cd/${argocd:images:argocd:tag}/manifests/crds/application-crd.yaml + output_path: dependencies/argocd/manifests/${argocd:images:argocd:tag}/crds/application-crd.yaml - type: https - source: https://raw.githubusercontent.com/argoproj/argo-cd/${argocd:git_tag}/manifests/crds/appproject-crd.yaml - output_path: dependencies/argocd/manifests/${argocd:git_tag}/crds/appproject-crd.yaml + source: https://raw.githubusercontent.com/argoproj/argo-cd/${argocd:images:argocd:tag}/manifests/crds/appproject-crd.yaml + output_path: dependencies/argocd/manifests/${argocd:images:argocd:tag}/crds/appproject-crd.yaml # application-controller - type: https - source: https://raw.githubusercontent.com/argoproj/argo-cd/${argocd:git_tag}/manifests/base/application-controller/argocd-application-controller-statefulset.yaml - output_path: dependencies/argocd/manifests/${argocd:git_tag}/application-controller/argocd-application-controller-statefulset.yaml + source: https://raw.githubusercontent.com/argoproj/argo-cd/${argocd:images:argocd:tag}/manifests/base/application-controller/argocd-application-controller-statefulset.yaml + output_path: dependencies/argocd/manifests/${argocd:images:argocd:tag}/application-controller/argocd-application-controller-statefulset.yaml - type: https - source: https://raw.githubusercontent.com/argoproj/argo-cd/${argocd:git_tag}/manifests/base/application-controller/argocd-application-controller-role.yaml - output_path: dependencies/argocd/manifests/${argocd:git_tag}/application-controller/argocd-application-controller-role.yaml + source: https://raw.githubusercontent.com/argoproj/argo-cd/${argocd:images:argocd:tag}/manifests/base/application-controller/argocd-application-controller-role.yaml + output_path: dependencies/argocd/manifests/${argocd:images:argocd:tag}/application-controller/argocd-application-controller-role.yaml - type: https - source: https://raw.githubusercontent.com/argoproj/argo-cd/${argocd:git_tag}/manifests/base/application-controller/argocd-application-controller-rolebinding.yaml - output_path: dependencies/argocd/manifests/${argocd:git_tag}/application-controller/argocd-application-controller-rolebinding.yaml + source: https://raw.githubusercontent.com/argoproj/argo-cd/${argocd:images:argocd:tag}/manifests/base/application-controller/argocd-application-controller-rolebinding.yaml + output_path: dependencies/argocd/manifests/${argocd:images:argocd:tag}/application-controller/argocd-application-controller-rolebinding.yaml - type: https - source: https://raw.githubusercontent.com/argoproj/argo-cd/${argocd:git_tag}/manifests/base/application-controller/argocd-application-controller-sa.yaml - output_path: dependencies/argocd/manifests/${argocd:git_tag}/application-controller/argocd-application-controller-sa.yaml + source: https://raw.githubusercontent.com/argoproj/argo-cd/${argocd:images:argocd:tag}/manifests/base/application-controller/argocd-application-controller-sa.yaml + output_path: dependencies/argocd/manifests/${argocd:images:argocd:tag}/application-controller/argocd-application-controller-sa.yaml - type: https - source: https://raw.githubusercontent.com/argoproj/argo-cd/${argocd:git_tag}/manifests/base/application-controller/argocd-metrics.yaml - output_path: dependencies/argocd/manifests/${argocd:git_tag}/application-controller/argocd-metrics.yaml + source: https://raw.githubusercontent.com/argoproj/argo-cd/${argocd:images:argocd:tag}/manifests/base/application-controller/argocd-metrics.yaml + output_path: dependencies/argocd/manifests/${argocd:images:argocd:tag}/application-controller/argocd-metrics.yaml # repo-server - type: https - source: https://raw.githubusercontent.com/argoproj/argo-cd/${argocd:git_tag}/manifests/base/repo-server/argocd-repo-server-deployment.yaml - output_path: dependencies/argocd/manifests/${argocd:git_tag}/repo-server/argocd-repo-server-deployment.yaml + source: https://raw.githubusercontent.com/argoproj/argo-cd/${argocd:images:argocd:tag}/manifests/base/repo-server/argocd-repo-server-deployment.yaml + output_path: dependencies/argocd/manifests/${argocd:images:argocd:tag}/repo-server/argocd-repo-server-deployment.yaml - type: https - source: https://raw.githubusercontent.com/argoproj/argo-cd/${argocd:git_tag}/manifests/base/repo-server/argocd-repo-server-service.yaml - output_path: dependencies/argocd/manifests/${argocd:git_tag}/repo-server/argocd-repo-server-service.yaml + source: https://raw.githubusercontent.com/argoproj/argo-cd/${argocd:images:argocd:tag}/manifests/base/repo-server/argocd-repo-server-service.yaml + output_path: dependencies/argocd/manifests/${argocd:images:argocd:tag}/repo-server/argocd-repo-server-service.yaml # server - type: https - source: https://raw.githubusercontent.com/argoproj/argo-cd/${argocd:git_tag}/manifests/base/server/argocd-server-deployment.yaml - output_path: dependencies/argocd/manifests/${argocd:git_tag}/server/argocd-server-deployment.yaml + source: https://raw.githubusercontent.com/argoproj/argo-cd/${argocd:images:argocd:tag}/manifests/base/server/argocd-server-deployment.yaml + output_path: dependencies/argocd/manifests/${argocd:images:argocd:tag}/server/argocd-server-deployment.yaml - type: https - source: https://raw.githubusercontent.com/argoproj/argo-cd/${argocd:git_tag}/manifests/base/server/argocd-server-role.yaml - output_path: dependencies/argocd/manifests/${argocd:git_tag}/server/argocd-server-role.yaml + source: https://raw.githubusercontent.com/argoproj/argo-cd/${argocd:images:argocd:tag}/manifests/base/server/argocd-server-role.yaml + output_path: dependencies/argocd/manifests/${argocd:images:argocd:tag}/server/argocd-server-role.yaml - type: https - source: https://raw.githubusercontent.com/argoproj/argo-cd/${argocd:git_tag}/manifests/base/server/argocd-server-rolebinding.yaml - output_path: dependencies/argocd/manifests/${argocd:git_tag}/server/argocd-server-rolebinding.yaml + source: https://raw.githubusercontent.com/argoproj/argo-cd/${argocd:images:argocd:tag}/manifests/base/server/argocd-server-rolebinding.yaml + output_path: dependencies/argocd/manifests/${argocd:images:argocd:tag}/server/argocd-server-rolebinding.yaml - type: https - source: https://raw.githubusercontent.com/argoproj/argo-cd/${argocd:git_tag}/manifests/base/server/argocd-server-sa.yaml - output_path: dependencies/argocd/manifests/${argocd:git_tag}/server/argocd-server-sa.yaml + source: https://raw.githubusercontent.com/argoproj/argo-cd/${argocd:images:argocd:tag}/manifests/base/server/argocd-server-sa.yaml + output_path: dependencies/argocd/manifests/${argocd:images:argocd:tag}/server/argocd-server-sa.yaml - type: https - source: https://raw.githubusercontent.com/argoproj/argo-cd/${argocd:git_tag}/manifests/base/server/argocd-server-service.yaml - output_path: dependencies/argocd/manifests/${argocd:git_tag}/server/argocd-server-service.yaml + source: https://raw.githubusercontent.com/argoproj/argo-cd/${argocd:images:argocd:tag}/manifests/base/server/argocd-server-service.yaml + output_path: dependencies/argocd/manifests/${argocd:images:argocd:tag}/server/argocd-server-service.yaml - type: https - source: https://raw.githubusercontent.com/argoproj/argo-cd/${argocd:git_tag}/manifests/base/server/argocd-server-metrics.yaml - output_path: dependencies/argocd/manifests/${argocd:git_tag}/server/argocd-server-metrics.yaml + source: https://raw.githubusercontent.com/argoproj/argo-cd/${argocd:images:argocd:tag}/manifests/base/server/argocd-server-metrics.yaml + output_path: dependencies/argocd/manifests/${argocd:images:argocd:tag}/server/argocd-server-metrics.yaml # redis - type: https - source: https://raw.githubusercontent.com/argoproj/argo-cd/${argocd:git_tag}/manifests/base/redis/argocd-redis-deployment.yaml - output_path: dependencies/argocd/manifests/${argocd:git_tag}/redis/argocd-redis-deployment.yaml + source: https://raw.githubusercontent.com/argoproj/argo-cd/${argocd:images:argocd:tag}/manifests/base/redis/argocd-redis-deployment.yaml + output_path: dependencies/argocd/manifests/${argocd:images:argocd:tag}/redis/argocd-redis-deployment.yaml - type: https - source: https://raw.githubusercontent.com/argoproj/argo-cd/${argocd:git_tag}/manifests/base/redis/argocd-redis-rolebinding.yaml - output_path: dependencies/argocd/manifests/${argocd:git_tag}/redis/argocd-redis-rolebinding.yaml + source: https://raw.githubusercontent.com/argoproj/argo-cd/${argocd:images:argocd:tag}/manifests/base/redis/argocd-redis-rolebinding.yaml + output_path: dependencies/argocd/manifests/${argocd:images:argocd:tag}/redis/argocd-redis-rolebinding.yaml - type: https - source: https://raw.githubusercontent.com/argoproj/argo-cd/${argocd:git_tag}/manifests/base/redis/argocd-redis-sa.yaml - output_path: dependencies/argocd/manifests/${argocd:git_tag}/redis/argocd-redis-sa.yaml + source: https://raw.githubusercontent.com/argoproj/argo-cd/${argocd:images:argocd:tag}/manifests/base/redis/argocd-redis-sa.yaml + output_path: dependencies/argocd/manifests/${argocd:images:argocd:tag}/redis/argocd-redis-sa.yaml - type: https - source: https://raw.githubusercontent.com/argoproj/argo-cd/${argocd:git_tag}/manifests/base/redis/argocd-redis-service.yaml - output_path: dependencies/argocd/manifests/${argocd:git_tag}/redis/argocd-redis-service.yaml + source: https://raw.githubusercontent.com/argoproj/argo-cd/${argocd:images:argocd:tag}/manifests/base/redis/argocd-redis-service.yaml + output_path: dependencies/argocd/manifests/${argocd:images:argocd:tag}/redis/argocd-redis-service.yaml # RBAC - type: https - source: https://raw.githubusercontent.com/argoproj/argo-cd/${argocd:git_tag}/manifests/cluster-rbac/argocd-application-controller-clusterrole.yaml - output_path: dependencies/argocd/manifests/${argocd:git_tag}/rbac/argocd-application-controller-clusterrole.yaml + source: https://raw.githubusercontent.com/argoproj/argo-cd/${argocd:images:argocd:tag}/manifests/cluster-rbac/argocd-application-controller-clusterrole.yaml + output_path: dependencies/argocd/manifests/${argocd:images:argocd:tag}/rbac/argocd-application-controller-clusterrole.yaml - type: https - source: https://raw.githubusercontent.com/argoproj/argo-cd/${argocd:git_tag}/manifests/cluster-rbac/argocd-application-controller-clusterrolebinding.yaml - output_path: dependencies/argocd/manifests/${argocd:git_tag}/rbac/argocd-application-controller-clusterrolebinding.yaml + source: https://raw.githubusercontent.com/argoproj/argo-cd/${argocd:images:argocd:tag}/manifests/cluster-rbac/argocd-application-controller-clusterrolebinding.yaml + output_path: dependencies/argocd/manifests/${argocd:images:argocd:tag}/rbac/argocd-application-controller-clusterrolebinding.yaml - type: https - source: https://raw.githubusercontent.com/argoproj/argo-cd/${argocd:git_tag}/manifests/cluster-rbac/argocd-server-clusterrole.yaml - output_path: dependencies/argocd/manifests/${argocd:git_tag}/rbac/argocd-server-clusterrole.yaml + source: https://raw.githubusercontent.com/argoproj/argo-cd/${argocd:images:argocd:tag}/manifests/cluster-rbac/argocd-server-clusterrole.yaml + output_path: dependencies/argocd/manifests/${argocd:images:argocd:tag}/rbac/argocd-server-clusterrole.yaml - type: https - source: https://raw.githubusercontent.com/argoproj/argo-cd/${argocd:git_tag}/manifests/cluster-rbac/argocd-server-clusterrolebinding.yaml - output_path: dependencies/argocd/manifests/${argocd:git_tag}/rbac/argocd-server-clusterrolebinding.yaml + source: https://raw.githubusercontent.com/argoproj/argo-cd/${argocd:images:argocd:tag}/manifests/cluster-rbac/argocd-server-clusterrolebinding.yaml + output_path: dependencies/argocd/manifests/${argocd:images:argocd:tag}/rbac/argocd-server-clusterrolebinding.yaml compile: - input_paths: @@ -85,7 +85,7 @@ parameters: - output_path: argocd/00_crds/ input_type: copy input_paths: - - argocd/manifests/${argocd:git_tag}/crds/ + - argocd/manifests/${argocd:images:argocd:tag}/crds/ - output_path: argocd/01_rbac/ input_type: jsonnet input_paths: diff --git a/class/defaults.yml b/class/defaults.yml index a6640278..eb5452f7 100644 --- a/class/defaults.yml +++ b/class/defaults.yml @@ -10,13 +10,12 @@ parameters: prometheus: platform cluster_id: ${cluster:name} tenant_id: ${cluster:tenant} - git_tag: v2.2.2 resync_seconds: 180 images: argocd: image: quay.io/argoproj/argocd - tag: ${argocd:git_tag} + tag: v2.2.2 redis: image: docker.io/library/redis tag: '6.2.6' diff --git a/component/application-controller.jsonnet b/component/application-controller.jsonnet index bbd25117..40071c6d 100644 --- a/component/application-controller.jsonnet +++ b/component/application-controller.jsonnet @@ -3,12 +3,13 @@ local kube = import 'lib/kube.libjsonnet'; local inv = kap.inventory(); local params = inv.parameters.argocd; local image = params.images.argocd.image + ':' + params.images.argocd.tag; +local loadManifest = (import 'common.libsonnet').loadManifest; -local statefulset = std.parseJson(kap.yaml_load('argocd/manifests/' + params.git_tag + '/application-controller/argocd-application-controller-statefulset.yaml')); -local role = std.parseJson(kap.yaml_load('argocd/manifests/' + params.git_tag + '/application-controller/argocd-application-controller-role.yaml')); -local role_binding = std.parseJson(kap.yaml_load('argocd/manifests/' + params.git_tag + '/application-controller/argocd-application-controller-rolebinding.yaml')); -local serviceaccount = std.parseJson(kap.yaml_load('argocd/manifests/' + params.git_tag + '/application-controller/argocd-application-controller-sa.yaml')); -local metrics_svc = std.parseJson(kap.yaml_load('argocd/manifests/' + params.git_tag + '/application-controller/argocd-metrics.yaml')); +local statefulset = loadManifest('application-controller/argocd-application-controller-statefulset.yaml'); +local role = loadManifest('application-controller/argocd-application-controller-role.yaml'); +local role_binding = loadManifest('application-controller/argocd-application-controller-rolebinding.yaml'); +local serviceaccount = loadManifest('application-controller/argocd-application-controller-sa.yaml'); +local metrics_svc = loadManifest('application-controller/argocd-metrics.yaml'); local objects = [ statefulset { diff --git a/component/common.libsonnet b/component/common.libsonnet new file mode 100644 index 00000000..539b3928 --- /dev/null +++ b/component/common.libsonnet @@ -0,0 +1,10 @@ +local kap = import 'lib/kapitan.libjsonnet'; +local inv = kap.inventory(); +local params = inv.parameters.argocd; + +local loadManifest = function(path) + std.parseJson(kap.yaml_load('argocd/manifests/' + params.images.argocd.tag + '/' + path)); + +{ + loadManifest: loadManifest, +} diff --git a/component/monitoring.libsonnet b/component/monitoring.libsonnet index b2af7925..376d0114 100644 --- a/component/monitoring.libsonnet +++ b/component/monitoring.libsonnet @@ -92,7 +92,7 @@ local grafana_dashboard = }, spec: { name: 'argocd', - url: 'https://raw.githubusercontent.com/argoproj/argo-cd/' + params.git_tag + '/examples/dashboard.json', + url: 'https://raw.githubusercontent.com/argoproj/argo-cd/' + params.images.argocd.tag + '/examples/dashboard.json', }, }; diff --git a/component/rbac.jsonnet b/component/rbac.jsonnet index 1854fd43..4fe3ca63 100644 --- a/component/rbac.jsonnet +++ b/component/rbac.jsonnet @@ -2,11 +2,12 @@ local kap = import 'lib/kapitan.libjsonnet'; local kube = import 'lib/kube.libjsonnet'; local inv = kap.inventory(); local params = inv.parameters.argocd; +local loadManifest = (import 'common.libsonnet').loadManifest; -local controller_clusterrole = std.parseJson(kap.yaml_load('argocd/manifests/' + params.git_tag + '/rbac/argocd-application-controller-clusterrole.yaml')); -local controller_clusterrolebinding = std.parseJson(kap.yaml_load('argocd/manifests/' + params.git_tag + '/rbac/argocd-application-controller-clusterrolebinding.yaml')); -local server_clusterrole = std.parseJson(kap.yaml_load('argocd/manifests/' + params.git_tag + '/rbac/argocd-server-clusterrole.yaml')); -local server_clusterrolebinding = std.parseJson(kap.yaml_load('argocd/manifests/' + params.git_tag + '/rbac/argocd-server-clusterrolebinding.yaml')); +local controller_clusterrole = loadManifest('rbac/argocd-application-controller-clusterrole.yaml'); +local controller_clusterrolebinding = loadManifest('rbac/argocd-application-controller-clusterrolebinding.yaml'); +local server_clusterrole = loadManifest('rbac/argocd-server-clusterrole.yaml'); +local server_clusterrolebinding = loadManifest('rbac/argocd-server-clusterrolebinding.yaml'); local patch_name(obj) = obj { diff --git a/component/redis.jsonnet b/component/redis.jsonnet index a5d589cd..713e317b 100644 --- a/component/redis.jsonnet +++ b/component/redis.jsonnet @@ -3,11 +3,12 @@ local kube = import 'lib/kube.libjsonnet'; local inv = kap.inventory(); local params = inv.parameters.argocd; local image = params.images.redis.image + ':' + params.images.redis.tag; +local loadManifest = (import 'common.libsonnet').loadManifest; -local deployment = std.parseJson(kap.yaml_load('argocd/manifests/' + params.git_tag + '/redis/argocd-redis-deployment.yaml')); -local role_binding = std.parseJson(kap.yaml_load('argocd/manifests/' + params.git_tag + '/redis/argocd-redis-rolebinding.yaml')); -local serviceaccount = std.parseJson(kap.yaml_load('argocd/manifests/' + params.git_tag + '/redis/argocd-redis-sa.yaml')); -local service = std.parseJson(kap.yaml_load('argocd/manifests/' + params.git_tag + '/redis/argocd-redis-service.yaml')); +local deployment = loadManifest('redis/argocd-redis-deployment.yaml'); +local role_binding = loadManifest('redis/argocd-redis-rolebinding.yaml'); +local serviceaccount = loadManifest('redis/argocd-redis-sa.yaml'); +local service = loadManifest('redis/argocd-redis-service.yaml'); local isOnOpenshift = std.startsWith(params.distribution, 'openshift'); diff --git a/component/repo-server.jsonnet b/component/repo-server.jsonnet index da296b5e..1d42b6ed 100644 --- a/component/repo-server.jsonnet +++ b/component/repo-server.jsonnet @@ -4,10 +4,11 @@ local kube = import 'lib/kube.libjsonnet'; local inv = kap.inventory(); local params = inv.parameters.argocd; local image = params.images.argocd.image + ':' + params.images.argocd.tag; +local loadManifest = (import 'common.libsonnet').loadManifest; local isOpenshift = std.startsWith(params.distribution, 'openshift'); -local deployment = std.parseJson(kap.yaml_load('argocd/manifests/' + params.git_tag + '/repo-server/argocd-repo-server-deployment.yaml')); -local service = std.parseJson(kap.yaml_load('argocd/manifests/' + params.git_tag + '/repo-server/argocd-repo-server-service.yaml')); +local deployment = loadManifest('repo-server/argocd-repo-server-deployment.yaml'); +local service = loadManifest('repo-server/argocd-repo-server-service.yaml'); local vault_agent_config = kube.ConfigMap('vault-agent-config') { data: { 'vault-agent-config.json': std.manifestJson({ diff --git a/component/server.jsonnet b/component/server.jsonnet index 27121980..715b4087 100644 --- a/component/server.jsonnet +++ b/component/server.jsonnet @@ -3,13 +3,14 @@ local kube = import 'lib/kube.libjsonnet'; local inv = kap.inventory(); local params = inv.parameters.argocd; local image = params.images.argocd.image + ':' + params.images.argocd.tag; +local loadManifest = (import 'common.libsonnet').loadManifest; -local deployment = std.parseJson(kap.yaml_load('argocd/manifests/' + params.git_tag + '/server/argocd-server-deployment.yaml')); -local role = std.parseJson(kap.yaml_load('argocd/manifests/' + params.git_tag + '/server/argocd-server-role.yaml')); -local role_binding = std.parseJson(kap.yaml_load('argocd/manifests/' + params.git_tag + '/server/argocd-server-rolebinding.yaml')); -local serviceaccount = std.parseJson(kap.yaml_load('argocd/manifests/' + params.git_tag + '/server/argocd-server-sa.yaml')); -local service = std.parseJson(kap.yaml_load('argocd/manifests/' + params.git_tag + '/server/argocd-server-service.yaml')); -local metrics_svc = std.parseJson(kap.yaml_load('argocd/manifests/' + params.git_tag + '/server/argocd-server-metrics.yaml')) { +local deployment = loadManifest('server/argocd-server-deployment.yaml'); +local role = loadManifest('server/argocd-server-role.yaml'); +local role_binding = loadManifest('server/argocd-server-rolebinding.yaml'); +local serviceaccount = loadManifest('server/argocd-server-sa.yaml'); +local service = loadManifest('server/argocd-server-service.yaml'); +local metrics_svc = loadManifest('server/argocd-server-metrics.yaml') { metadata+: { namespace: params.namespace, }, diff --git a/docs/modules/ROOT/pages/references/parameters.adoc b/docs/modules/ROOT/pages/references/parameters.adoc index c4ea85c4..e767c345 100644 --- a/docs/modules/ROOT/pages/references/parameters.adoc +++ b/docs/modules/ROOT/pages/references/parameters.adoc @@ -19,14 +19,6 @@ default:: ${facts:distribution} The Kubernetes distribution of the cluster. -== `git_tag` - -[horizontal] -type:: string -default:: see `defaults.yml` - -Git tag of Argo CD to deploy. - === `resync_seconds` [horizontal] @@ -50,6 +42,8 @@ type:: dictionary Dictionary containing the container images used by this component. +[NOTE] +The tag for the ArgoCD image is used to download the corresponding deployment manifests. == `resources`