Merge pull request #230 from bcgov/201-argocd

201 argocd changes

Author: mtspn

openshift-201/README.md

@@ -24,12 +24,14 @@ Please join the [OpenShift 201 Self-Paced](https://chat.developer.gov.bc.ca/chan
 ### Lab topics:
 
 The Openshift 201 Lab is divided into the following topics:
-* Openshift Pipelines (you can choose to do either one)
-    * [React Application](./react-pipeline.md)
-    * [Java Application (Maven)](./pipelines.md)
+* [OpenShift Gitops](/.gitops.md)
 * [Resource Management](./resource-mgmt.md) 
 * [Network Policy & ACS](./network-policy.md)
 * [Application Logging with Kibana](./logging.md)
 * [Best Practices for Image Management](./image-management.md)
 * [Pod Auto Scaling](./rh201-pod-auto-scale.md)
 * [Post Outage Checkup](./post-outage-checkup.md)
+Archived sections: 
+* Openshift Pipelines (you can choose to do either one)
+    * [React Application](./react-pipeline.md)
+    * [Java Application (Maven)](./pipelines.md)

openshift-201/gitops.md

@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: mariadb-helm
+spec:
+  destination:
+    namespace: LICENSEPLATE-test
+    server: https://kubernetes.default.svc
+  project: LICENSEPLATE
+  sources:
+    - chart: bitnamicharts/mariadb
+      helm:
+        #releaseName: mariadb
+        valueFiles:
+          - $values/mariadb-helm/values.yaml
+      repoURL: artifacts.developer.gov.bc.ca/docker-helm-oci-remote
+      targetRevision: 20.2.0
+    - ref: values
+      repoURL: https://github.com/bcgov-c/tenant-gitops-LICENSEPLATE.git
+      targetRevision: main

openshift-201/gitops_files/app.helm-multi-source.yaml

@@ -0,0 +1,76 @@
+# GitOpsTeam - create this resource in your tools namespace in order to enable
+#   Argo CD for your project
+apiVersion: warden.devops.gov.bc.ca/v1alpha1
+kind: GitOpsTeam
+metadata:
+  name: gitopsteam-myproject
+  namespace: myproject-tools
+spec:
+  # gitOpsMembers defines the git repo access (tenant-gitops-LICENSEPLATE)
+  # Note that if users listed here are not already members of the GitHub
+  # 'bcgov-c' organization, they will have to accept an email invitation
+  # to join.
+  #
+  # Note:
+  #   Do not append "@github" to GitHub IDs in the gitOpsMembers section
+  #   This section is for GitHub repo access, so only GitHub IDs, no IDIRs
+  #   For GitHub teams, use the appropriate "Teams" lists (e.g., adminTeams)
+  # ------------------------------------------------------------------------
+  gitOpsMembers:
+
+    # Full admin access to the repo, including repo deletion, adding of users
+    # Recommended for people who need full access to the project, including
+    # sensitive and destructive actions like managing security or deleting a
+    # repository.
+    admins:
+      - myGitHubID
+    adminTeams:
+      - ourGitHubTeam
+
+    # Recommended for contributors who actively push to your project.
+    writers:
+      - dev1-githubid
+    writerTeams:
+
+    # Recommended for project managers who need to manage the repository without
+    # access to sensitive or destructive actions.
+    maintainers:
+    maintainerTeams:
+
+    # Recommended for non-code contributors who want to view or discuss your
+    # project.
+    readers:
+    readerTeams:
+
+    # Recommended for contributors who need to manage issues and pull requests
+    # without write access.
+    triage:
+    triageTeams:
+
+  # projectMembers defines access to the Argo CD UI and is based on Keycloak
+  #   groups
+  #
+  # Note:
+  #   GitHub IDs must have "@github" appended to the ID
+  #   You may include IDIR email addresses (UPN) for IDIR-based access
+  #   GitHub IDs are not case sensitive in this section
+  #   Do not use GitHub teams here, just individual IDs
+  # ------------------------------------------------------------------------
+  projectMembers:
+
+    # Project Maintainers have full access to the prod and nonprod ArgoCD
+    # projects.
+    maintainers:
+      - seniorDev@gov.bc.ca
+
+    # Nonprod users have full access to the nonprod ArgoCD project, which can
+    # deploy to the dev, test, and tools namespaces.  They cannot overwrite a
+    # GitOpsTeam or GitOpsAlliance resource.
+    nonprod:
+      - otherDev@gov.bc.ca
+      - contractor1@github
+
+    # Project Readers have read-only access to the Project in the Argo CD UI
+    readers:
+      - projectManager@gov.bc.ca
+

openshift-201/gitops_files/gitopsteam_template.yaml

@@ -0,0 +1,137 @@
+#!/bin/bash
+#
+# set_up_kustomize.sh
+# 
+# Create a Kustomize app
+# ----------------------
+
+APP_NAME=my-kustomize-app
+
+echo ""
+echo -n "--> Run this script at the top level of your GitOps repository. Continue? [Yn] "
+read INPUT
+case $INPUT in
+  Y | y | "")
+    ;;
+  *)
+    echo "Canceling"
+    exit 1
+esac
+
+echo "Creating directory tree ${APP_NAME}..."
+mkdir -p ${APP_NAME}/base ${APP_NAME}/overlays/dev ${APP_NAME}/overlays/test ${APP_NAME}/overlays/prod
+
+cat <<EOF > ${APP_NAME}/base/kustomization.yaml
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - deployment.yaml
+EOF
+
+cat <<EOF > ${APP_NAME}/base/deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: httpd
+spec:
+  selector:
+    matchLabels:
+      app: httpd
+  replicas: 3
+  template:
+    metadata:
+      labels:
+        app: httpd
+    spec:
+      containers:
+        - name: httpd
+          image: >-
+            image-registry.openshift-image-registry.svc:5000/openshift/httpd:latest
+          ports:
+            - containerPort: 8080
+              protocol: TCP
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 25%
+      maxUnavailable: 25%
+EOF
+
+cat <<EOF > ${APP_NAME}/overlays/dev/kustomization.yaml
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../../base
+  - configmap.yaml
+patchesStrategicMerge:
+  - patch.deployment.yaml
+EOF
+
+cat <<EOF > ${APP_NAME}/overlays/dev/configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: ${APP_NAME}
+data:
+  foo: bar
+EOF
+
+cat <<EOF > ${APP_NAME}/overlays/dev/patch.deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: httpd
+spec:
+  replicas: 1
+EOF
+
+cat <<EOF > ${APP_NAME}/overlays/test/kustomization.yaml
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../../base
+patchesStrategicMerge:
+  - patch.deployment.yaml
+EOF
+
+cat <<EOF > ${APP_NAME}/overlays/test/patch.deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: httpd
+spec:
+  replicas: 2
+EOF
+
+cat <<EOF > ${APP_NAME}/overlays/prod/kustomization.yaml
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../../base
+EOF
+
+echo ""
+echo "Here is the layout of your new Kustomize app:
+my-kustomize-app
+├── base
+│   ├── deployment.yaml
+│   └── kustomization.yaml
+└── overlays
+    ├── dev
+    │   ├── configmap.yaml
+    │   ├── kustomization.yaml
+    │   └── patch.deployment.yaml
+    ├── prod
+    │   └── kustomization.yaml
+    └── test
+        ├── kustomization.yaml
+        └── patch.deployment.yaml
+
+5 directories, 8 files
+"
+echo "Done"
+

openshift-201/gitops_files/set_up_kustomize.sh

@@ -299,6 +299,4 @@ If you now look at the pipelines you should see a new `PipelineRun` created and
 
 **Note 1:** If your pipeline fails due to exceeding the storage quota on your namespace, delete any preivous 'PipelineRuns' on the namespace. This will delete the associated persistent volume claims (PVCs) which should give you sufficient storage space to run your pipeline.
 
-**Note 2:** if you are creating your own pipelines in the future, you can use the 'pipeline builder' feature of the OpenShift web console. The can be accessed via the 'create' button on the Pipelines window of the web console. Since the 4.10 update, this pipeline builder will filter the tasks to show only those which are supported by the cluster. 
-
-Next Topic - [Resource Management](https://github.com/BCDevOps/devops-platform-workshops/blob/master/openshift-201/resource-mgmt.md)
+**Note 2:** if you are creating your own pipelines in the future, you can use the 'pipeline builder' feature of the OpenShift web console. The can be accessed via the 'create' button on the Pipelines window of the web console. Since the 4.10 update, this pipeline builder will filter the tasks to show only those which are supported by the cluster. 

openshift-201/pipelines.md

@@ -320,7 +320,3 @@ If you now look at the pipelines you should see a new `PipelineRun` created and
 **Note 1:** If your pipeline fails due to exceeding the storage quota on your namespace, delete any preivous 'PipelineRuns' on the namespace. This will delete the associated persistent volume claims (PVCs) which should give you sufficient storage space to run your pipeline.
 
 **Note 2:** if you are creating your own pipelines in the future, you can use the 'pipeline builder' feature of the OpenShift web console. The can be accessed via the 'create' button on the Pipelines window of the web console. Since the 4.10 update, this pipeline builder will filter the tasks to show only those which are supported by the cluster. 
-
-
-Next Topic - [Resource Management](https://github.com/BCDevOps/devops-platform-workshops/blob/master/openshift-201/resource-mgmt.md)
-