Feature/dev 930
Hoan To
3 years ago
parent
6b1fd778b5
commit
955a40448c
@ -0,0 +1,158 @@
|
||||
---
|
||||
|
||||
argocd_server_admin_password: "{{ argocd_server_admin_password_vault }}"
|
||||
k8s_argocd_helm__name: "argo-cd"
|
||||
k8s_argocd_helm__release_namespace: "argo-cd"
|
||||
|
||||
k8s_argocd_with_keycloak: False
|
||||
|
||||
# https://github.com/argoproj/argo-helm/tree/master/charts/argo-cd
|
||||
k8s_argocd_helm__release_values:
|
||||
repoServer:
|
||||
serviceAccount:
|
||||
create: true
|
||||
name: argo-cd-argocd-repo-server
|
||||
rbac:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- secrets
|
||||
verbs:
|
||||
- get
|
||||
logLevel: warn
|
||||
logFormat: json
|
||||
env:
|
||||
- name: ARGOCD_MAX_CONCURRENT_LOGIN_REQUESTS_COUNT
|
||||
value: "0"
|
||||
- name: ARGOCD_EXEC_TIMEOUT
|
||||
value: "300s"
|
||||
- name: XDG_CONFIG_HOME
|
||||
value: /.config
|
||||
- name: GNUPGHOME
|
||||
value: /home/argocd/.gnupg
|
||||
- name: HELM_PLUGINS
|
||||
value: /custom-tools/helm-plugins/
|
||||
- name: HELM_SECRETS_SOPS_PATH
|
||||
value: /custom-tools/sops
|
||||
- name: HELM_SECRETS_VALS_PATH
|
||||
value: /custom-tools/vals
|
||||
- name: HELM_SECRETS_KUBECTL_PATH
|
||||
value: /custom-tools/kubectl
|
||||
- name: HELM_SECRETS_CURL_PATH
|
||||
value: /custom-tools/curl
|
||||
# https://github.com/jkroepke/helm-secrets/wiki/Security-in-shared-environments
|
||||
- name: HELM_SECRETS_KEY_LOCATION_PREFIX
|
||||
value: "/sops-gpg/"
|
||||
- name: HELM_SECRETS_VALUES_ALLOW_SYMLINKS
|
||||
value: "false"
|
||||
- name: HELM_SECRETS_VALUES_ALLOW_ABSOLUTE_PATH
|
||||
value: "false"
|
||||
- name: HELM_SECRETS_VALUES_ALLOW_PATH_TRAVERSAL
|
||||
value: "false"
|
||||
volumes:
|
||||
- name: custom-tools
|
||||
emptyDir: {}
|
||||
- name: custom-tools-helm
|
||||
emptyDir: {}
|
||||
- name: gnupg-home
|
||||
emptyDir: {}
|
||||
- name: sops-gpg
|
||||
secret:
|
||||
secretName: sops-gpg
|
||||
volumeMounts:
|
||||
- mountPath: /home/argocd/.gnupg
|
||||
name: gnupg-home
|
||||
subPath: .gnupg
|
||||
- mountPath: /usr/local/bin/kustomize
|
||||
name: custom-tools
|
||||
subPath: kustomize
|
||||
# Verify this matches a XDG_CONFIG_HOME=/.config env variable
|
||||
- mountPath: /.config/kustomize/plugin/viaduct.ai/v1/ksops/ksops
|
||||
name: custom-tools
|
||||
subPath: ksops
|
||||
- mountPath: /custom-tools/helm-plugins
|
||||
name: custom-tools-helm
|
||||
subPath: helm-plugins
|
||||
- mountPath: /custom-tools/kubectl
|
||||
name: custom-tools-helm
|
||||
subPath: kubectl
|
||||
- mountPath: /custom-tools/sops
|
||||
name: custom-tools-helm
|
||||
subPath: sops
|
||||
- mountPath: /custom-tools/vals
|
||||
name: custom-tools-helm
|
||||
subPath: vals
|
||||
initContainers:
|
||||
- name: 1-install-ksops
|
||||
image: viaductoss/ksops:v3.0.1
|
||||
command: ["/bin/sh", "-c"]
|
||||
args:
|
||||
- echo "Installing KSOPS...";
|
||||
mv ksops /custom-tools/;
|
||||
mv $GOPATH/bin/kustomize /custom-tools/;
|
||||
echo "Done.";
|
||||
volumeMounts:
|
||||
- mountPath: /custom-tools
|
||||
name: custom-tools
|
||||
- name: 2-download-tools
|
||||
image: alpine:latest
|
||||
command: [sh, -ec]
|
||||
env:
|
||||
- name: HELM_SECRETS_VERSION
|
||||
value: "3.12.0"
|
||||
- name: KUBECTL_VERSION
|
||||
value: "1.24.3"
|
||||
- name: VALS_VERSION
|
||||
value: "0.18.0"
|
||||
- name: SOPS_VERSION
|
||||
value: "3.7.3"
|
||||
args:
|
||||
- |
|
||||
echo "Installing helm secrets...";
|
||||
mkdir -p /custom-tools/helm-plugins
|
||||
wget -qO- https://github.com/jkroepke/helm-secrets/releases/download/v${HELM_SECRETS_VERSION}/helm-secrets.tar.gz | tar -C /custom-tools/helm-plugins -xzf-;
|
||||
echo "Done.";
|
||||
|
||||
echo "Downloading SOPS=${SOPS_VERSION} and kubectl ...";
|
||||
wget -qO /custom-tools/sops https://github.com/mozilla/sops/releases/download/v${SOPS_VERSION}/sops-v${SOPS_VERSION}.linux
|
||||
wget -qO /custom-tools/kubectl https://dl.k8s.io/release/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl
|
||||
echo "Done.";
|
||||
|
||||
echo "Downloading vals...";
|
||||
wget -qO- https://github.com/variantdev/vals/releases/download/v${VALS_VERSION}/vals_${VALS_VERSION}_linux_amd64.tar.gz | tar -xzf- -C /custom-tools/ vals;
|
||||
echo "Done.";
|
||||
|
||||
chmod +x /custom-tools/*;
|
||||
volumeMounts:
|
||||
- mountPath: /custom-tools
|
||||
name: custom-tools-helm
|
||||
- name: 3-import-gpg-key
|
||||
image: argoproj/argocd:v2.2.5
|
||||
command: ["gpg", "--import","/sops-gpg/gpg_key_smardigo_automation__private"]
|
||||
env:
|
||||
- name: GNUPGHOME
|
||||
value: /gnupg-home/.gnupg
|
||||
volumeMounts:
|
||||
- mountPath: /sops-gpg
|
||||
name: sops-gpg
|
||||
- mountPath: /gnupg-home
|
||||
name: gnupg-home
|
||||
server:
|
||||
logLevel: warn
|
||||
logFormat: json
|
||||
config:
|
||||
kustomize.buildOptions: "--enable-alpha-plugins"
|
||||
helm.valuesFileSchemes: >-
|
||||
secrets+gpg-import, secrets+gpg-import-kubernetes,
|
||||
secrets+age-import, secrets+age-import-kubernetes,
|
||||
secrets,secrets+literal,
|
||||
https
|
||||
service:
|
||||
sessionAffinity: ClientIP
|
||||
dex:
|
||||
enabled: false
|
||||
applicationSet:
|
||||
enabled: false
|
||||
configs:
|
||||
secret:
|
||||
argocdServerAdminPassword: '{{ argocd_server_admin_password | password_hash("bcrypt") }}'
|
||||
@ -0,0 +1,12 @@
|
||||
---
|
||||
|
||||
argocd_bootstrap_infrastructure: true
|
||||
|
||||
harbor_bootstrap_helm_url: "prodnso-harbor-01.smardigo.digital/infrastructure"
|
||||
harbor_bootstrap_helm_name: "infrastructure"
|
||||
harbor_bootstrap_username: "{{ harbor_bootstrap_username_vault }}"
|
||||
harbor_bootstrap_password: "{{ harbor_bootstrap_password_vault}}"
|
||||
|
||||
gitea_bootstrap_url: "https://qa-gitea-01.smardigo.digital/qanso/qanso-argocd"
|
||||
gitea_bootstrap_username: "{{ gitea_admin_username }}"
|
||||
gitea_bootstrap_password: "{{ gitea_admin_password }}"
|
||||
@ -0,0 +1,3 @@
|
||||
---
|
||||
prometheus_tsdb_rentention_time: '2w'
|
||||
kubernetes_prometheus_endpoint: "qanso-prometheus.{{ domain }}"
|
||||
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue