diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index 9f22c0c0..bbad951f 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -5,7 +5,7 @@ on: branches: - main paths: - - "helm/**" + - "charts/**" permissions: contents: read diff --git a/charts/xquare-application/templates/argocd-application.yaml b/charts/xquare-application/templates/argocd-application.yaml index edd18cf7..d284c614 100644 --- a/charts/xquare-application/templates/argocd-application.yaml +++ b/charts/xquare-application/templates/argocd-application.yaml @@ -1,37 +1,41 @@ +{{- range .Values.projects }} +{{ $projectName := .name }} +{{- range .applications }} apiVersion: argoproj.io/v1alpha1 kind: Application metadata: - name: xquare + name: {{ .name }} namespace: argocd spec: destination: namespace: argocd server: https://kubernetes.default.svc - project: xquare + project: {{ $projectName }} source: - path: deploy - repoURL: https://github.com/team-xquare/xquare-gitops-repo.git - targetRevision: HEAD + path: {{ .source.path }} + repoURL: {{ .source.repoURL }} + targetRevision: {{ .source.rtargetRevision }} syncPolicy: automated: - prune: true - selfHeal: true - + prune: {{ .syncPolicy.prune }} + selfHeal: {{ .syncPolicy.selfHeal }} +{{- end }} +--- apiVersion: argoproj.io/v1alpha1 -kind: Application +kind: AppProject metadata: - name: {{ .Values.application.name }} - namespace: {{ .Values.application.namespace }} + name: {{ $projectName }} + namespace: argocd + # Finalizer that ensures that project is not deleted until it is not referenced by any application + finalizers: + - resources-finalizer.argocd.argoproj.io spec: - destination: - namespace: {{ .Values.application.namespace }} - server: https://kubernetes.default.svc - project: {{ .Values.application.project }} - source: - path: {{ .Values.application.source.path }} - repoURL: {{ .Values.application.source.repoURL }} - targetRevision: {{ .Values.application.source.targetRevision }} - syncPolicy: - automated: - prune: {{ .Values.application.syncPolicy.automated.prune }} - selfHeal: {{ .Values.application.syncPolicy.automated.selfHeal }} + sourceRepos: + - '*' + destinations: + - namespace: '*' + server: '*' + clusterResourceWhitelist: + - group: '*' + kind: '*' +{{- end }} \ No newline at end of file diff --git a/charts/xquare-application/templates/argocd-project.yaml b/charts/xquare-application/templates/argocd-project.yaml deleted file mode 100644 index 8f3c1b88..00000000 --- a/charts/xquare-application/templates/argocd-project.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: AppProject -metadata: - name: {{ .Values.application.project }} - namespace: argocd - # Finalizer that ensures that project is not deleted until it is not referenced by any application - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - sourceRepos: - - '*' - destinations: - - namespace: '*' - server: '*' - clusterResourceWhitelist: - - group: '*' - kind: '*' \ No newline at end of file diff --git a/charts/xquare-application/values.yaml b/charts/xquare-application/values.yaml index e69de29b..bb264cc1 100644 --- a/charts/xquare-application/values.yaml +++ b/charts/xquare-application/values.yaml @@ -0,0 +1,23 @@ +projects: + - name: xquare-application + applications: + - name: xquare + source: + path: deploy + repoURL: https://github.com/team-xquare/xquare-gitops-repo.git + targetRevision: HEAD + syncPolicy: + automated: + prune: true + selfHeal: true + - name: xquare-k8s-resources + applications: + - name: xquare-role + source: + path: charts/xquare-role + repoURL: https://github.com/team-xquare/k8s-resource.git + targetRevision: HEAD + syncPolicy: + automated: + prune: true + selfHeal: true \ No newline at end of file diff --git a/charts/xquare-role/Chart.yaml b/charts/xquare-role/Chart.yaml new file mode 100644 index 00000000..96d12699 --- /dev/null +++ b/charts/xquare-role/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +type: application +name: xquare-role +version: 1.0.1 +appVersion: "1.0.0" +description: Xquare role \ No newline at end of file diff --git a/charts/xquare-role/templates/role.yaml b/charts/xquare-role/templates/role.yaml new file mode 100644 index 00000000..bd716f45 --- /dev/null +++ b/charts/xquare-role/templates/role.yaml @@ -0,0 +1,45 @@ +{{- range .Values.clubs }} +{{- $clubname := .name }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + namespace: + name: {{ $clubname }}-role +rules: +- apiGroups: [""] + resources: ["pods", "pods/log"] + verbs: ["get", "list"] + resourceNames: + {{- range .deployments }} + - name: {{ . }} + {{- end }} +{{- range .users }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ $clubname }}-rolebinding + namespace: xquare-prod +subjects: +- kind: User + name: {{ . }} +roleRef: + kind: Role + name: {{ $clubname }}-pod-read-and-logs + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ $clubname }}-rolebinding + namespace: xquare-stag +subjects: +- kind: User + name: {{ . }} +roleRef: + kind: Role + name: {{ $clubname }}-pod-read-and-logs + apiGroup: rbac.authorization.k8s.io +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/xquare-role/values.yaml b/charts/xquare-role/values.yaml new file mode 100644 index 00000000..dbd764a0 --- /dev/null +++ b/charts/xquare-role/values.yaml @@ -0,0 +1,6 @@ +clubs: + - name: dms + deployments: + - "feed-fe-prod" + users: + - "rlaisqls@gmail.com" \ No newline at end of file