Merge pull request #5 from cloud-pi-native/feat/add-dso-charts

feat: 🎉 first chart dso-env with lint and release pipelines
cloud-pi-native · Apr 22, 2024 · 8c70e64 · 8c70e64
2 parents 36760bb + 7080fb8
commit 8c70e64
Show file tree

Hide file tree

Showing 13 changed files with 260 additions and 0 deletions.
diff --git a/.github/cr.yaml b/.github/cr.yaml
@@ -0,0 +1 @@
+sign: false
diff --git a/.github/ct.yaml b/.github/ct.yaml
@@ -0,0 +1,3 @@
+helm-extra-args: --timeout 600
+check-version-increment: true
+debug: true
diff --git a/.github/helm-docs.sh b/.github/helm-docs.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+set -euo pipefail
+
+HELM_DOCS_VERSION="1.13.1"
+
+# install helm-docs
+curl --silent --show-error --fail --location --output /tmp/helm-docs.tar.gz https://github.com/norwoodj/helm-docs/releases/download/v"${HELM_DOCS_VERSION}"/helm-docs_"${HELM_DOCS_VERSION}"_Linux_x86_64.tar.gz
+tar -xf /tmp/helm-docs.tar.gz helm-docs
+
+# validate docs
+./helm-docs
+git diff --exit-code
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -0,0 +1,26 @@
+name: Lint and Test Charts
+
+on:
+  pull_request:
+    paths:
+      - 'charts/**'
+
+jobs:
+  lint-chart:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+      - name: Run chart-testing (lint)
+        uses: helm/chart-testing-action@main
+        with:
+          command: lint
+          config: .github/ct.yaml
+  lint-docs:
+    runs-on: ubuntu-latest
+    needs: lint-chart
+    steps:
+      - name: Checkout
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+      - name: Run helm-docs
+        run: .github/helm-docs.sh
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -0,0 +1,39 @@
+name: Release Charts
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - 'charts/**'
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: write
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+        with:
+          fetch-depth: 0
+
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "[email protected]"
+
+      - name: Install Helm
+        uses: azure/setup-helm@v3
+        with:
+          version: v3.13.0
+
+      - name: Run chart-releaser
+        uses: helm/[email protected]
+        with:
+          charts_dir: charts
+          config: .github/cr.yaml
+        env:
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,2 @@
+# Helm chart automated files
+/charts/*/charts
diff --git a/charts/dso-env/Chart.yaml b/charts/dso-env/Chart.yaml
@@ -0,0 +1,6 @@
+apiVersion: v2
+name: dso-env
+description: Creates argocd Project and Applications to deploy DSO project repositories.
+type: application
+version: 1.0.0
+appVersion: 1.0.0
diff --git a/charts/dso-env/README.md b/charts/dso-env/README.md
@@ -0,0 +1,26 @@
+# dso-env
+
+![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.0](https://img.shields.io/badge/AppVersion-1.0.0-informational?style=flat-square)
+
+Creates argocd Project and Applications to deploy DSO project repositories.
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| application.destination.name | string | `""` | Nom du cluster applicatif cible |
+| application.destination.namespace | string | `"app1"` | Nom du namespace applicatif cible |
+| application.quota.cpu | int | `nil` | Quota CPU pour le namespace |
+| application.quota.memory | string | `nil` | Quota mémoire pour le namespace |
+| application.repositories | list | `[{"path":".","repoURL":"https://gitlab.com/projects/org/demo/quota-explorer.git","targetRevision":"main"}]` | Liste des dépôts à déployer |
+| application.sourceReposPrefix | string | `"https://gitlab.com/projects/org/demo"` | Préfixe des dépôts autorisés |
+| argocd.namespace | string | `"argocd"` | Namespace de création des objets ArgoCD |
+| argocd.project | string | `"project1"` | Préfixe des projets ArgoCD à créer |
+| commonLabels | object | `{}` | Labels appliqués sur les différents objets |
+| environment.roGroup | string | `"/project/environment/RO"` | Nom du groupe à autoriser en lecture seule sur les objets applicatifs (-app) déployés par ArgoCD |
+| environment.rwGroup | string | `"/project/environment/RW"` | Nom du groupe à autoriser en lecture/écriture sur les objets applicatifs (-app) déployés par ArgoCD |
+| environment.valueFilePath | string | `"values.yaml"` | Chemin du fichier à utiliser lors de la récupération des values |
+| environment.valueFileRevision | string | `"HEAD"` | Revision Git à utiliser lors de la récupération des values |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1)
diff --git a/charts/dso-env/templates/application-app.yaml b/charts/dso-env/templates/application-app.yaml
@@ -0,0 +1,20 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: {{ .Values.argocd.project }}-app
+  namespace: {{ .Values.argocd.namespace }}
+  labels:
+    app.kubernetes.io/managed-by: dso-console
+    {{- .Values.commonLabels | toYaml | nindent 4 }}
+spec:
+  project: {{ .Values.argocd.project }}-app
+  sources: {{ .Values.application.repositories | toYaml | nindent 4 }}
+  destination:
+    name: {{ .Values.application.destination.name }}
+    namespace: {{ .Values.application.destination.namespace }}
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+      allowEmpty: true
diff --git a/charts/dso-env/templates/application-env.yaml b/charts/dso-env/templates/application-env.yaml
@@ -0,0 +1,29 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: {{ .Values.argocd.project }}-env
+  namespace: {{ .Values.argocd.namespace }}
+  labels:
+    app.kubernetes.io/managed-by: dso-console
+    {{- .Values.commonLabels | toYaml | nindent 4 }}
+spec:
+  project: {{ .Values.argocd.project }}-env
+  sources:
+    - repoURL: https://github.com/cloud-pi-native/console.git
+      targetRevision: feat/1003-ajouter-les-fichiers-yaml-pour-application-argo
+      path: helm-charts-internal/dso-ns-resources
+      helm:
+        valueFiles:
+          - $values/{{ .Values.environment.valueFilePath }}
+    - repoURL: {{ .Values.environment.valueFileRepository }}
+      targetRevision: {{ .Values.environment.valueFileRevision }}
+      ref: values
+  destination:
+    name: {{ .Values.application.destination.name }}
+    namespace: {{ .Values.application.destination.namespace }}
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+      allowEmpty: false
diff --git a/charts/dso-env/templates/project-app.yaml b/charts/dso-env/templates/project-app.yaml
@@ -0,0 +1,39 @@
+apiVersion: argoproj.io/v1alpha1
+kind: AppProject
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: dso-console
+    {{- .Values.commonLabels | toYaml | nindent 4 }}
+  name: {{ .Values.argocd.project }}-app
+  namespace: {{ .Values.argocd.namespace }}
+spec:
+  destinations:
+  - name: {{ .Values.application.destination.name }}
+    namespace: {{ .Values.application.destination.namespace }}
+  namespaceResourceBlacklist:
+  - group: v1
+    kind: ResourceQuota
+  namespaceResourceWhitelist:
+  - group: '*'
+    kind: '*'
+  roles:
+  - description: read-only group
+    groups:
+    - {{ .Values.environment.roGroup }}
+    name: ro-group
+    policies:
+    - p, proj:{{ .Values.argocd.project }}-app:ro-group, applications, get, {{ .Values.argocd.project }}-app/*,
+      allow
+  - description: read-write group
+    groups:
+    - {{ .Values.environment.rwGroup }}
+    name: rw-group
+    policies:
+    - p, proj:{{ .Values.argocd.project }}-app:rw-group, applications, *, {{ .Values.argocd.project }}-app/*,
+      allow
+    - p, proj:{{ .Values.argocd.project }}-app:rw-group, applications, delete, {{ .Values.argocd.project }}-app/*,
+      allow
+    - p, proj:{{ .Values.argocd.project }}-app:rw-group, applications, create, {{ .Values.argocd.project }}-app/*,
+      deny
+  sourceRepos:
+    - {{ .Values.application.sourceReposPrefix }}/*
diff --git a/charts/dso-env/templates/project-env.yaml b/charts/dso-env/templates/project-env.yaml
@@ -0,0 +1,23 @@
+apiVersion: argoproj.io/v1alpha1
+kind: AppProject
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: dso-console
+    {{- .Values.commonLabels | toYaml | nindent 4 }}
+  name: {{ .Values.argocd.project }}-env
+  namespace: {{ .Values.argocd.namespace }}
+spec:
+  destinations:
+  - name: {{ .Values.application.destination.name }}
+    namespace: {{ .Values.application.destination.namespace }}
+  clusterResourceWhitelist:
+  - group: '*'
+    kind: '*'
+  namespaceResourceWhitelist:
+  - group: '*'
+    kind: '*'
+  sourceRepos:
+    - https://github.com/cloud-pi-native/console.git
+    - {{ .Values.environment.valueFileRepository }}
+    - {{ .Values.application.sourceReposPrefix }}/*
+
diff --git a/charts/dso-env/values.yaml b/charts/dso-env/values.yaml
@@ -0,0 +1,34 @@
+# -- Labels appliqués sur les différents objets
+commonLabels: {}
+argocd:
+  # -- Préfixe des projets ArgoCD à créer
+  project: project1
+  # -- Namespace de création des objets ArgoCD
+  namespace: argocd
+environment:
+  # -- Revision Git à utiliser lors de la récupération des values
+  valueFileRevision: HEAD
+  # -- Chemin du fichier à utiliser lors de la récupération des values
+  valueFilePath: values.yaml
+  # -- Nom du groupe à autoriser en lecture seule sur les objets applicatifs (-app) déployés par ArgoCD
+  roGroup: /project/environment/RO
+  # -- Nom du groupe à autoriser en lecture/écriture sur les objets applicatifs (-app) déployés par ArgoCD
+  rwGroup: /project/environment/RW
+application:
+  # -- Préfixe des dépôts autorisés
+  sourceReposPrefix: https://gitlab.com/projects/org/demo
+  quota:
+    # -- (int) Quota CPU pour le namespace
+    cpu:
+    # -- Quota mémoire pour le namespace
+    memory:
+  destination:
+    # -- Nom du cluster applicatif cible
+    name: ""
+    # -- Nom du namespace applicatif cible
+    namespace: app1
+  # -- Liste des dépôts à déployer
+  repositories:
+  - repoURL: https://gitlab.com/projects/org/demo/quota-explorer.git
+    targetRevision: main
+    path: '.'