From d00694ce106444405280613238547303df5c75d3 Mon Sep 17 00:00:00 2001 From: Yash Khare Date: Sat, 4 Nov 2023 19:55:03 +0530 Subject: [PATCH 1/3] :seedling: clusterimportpolicy for argocd accessed clusters Signed-off-by: Yash Khare --- kustomize/clusterimportpolicy/argocd.yaml | 41 +++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 kustomize/clusterimportpolicy/argocd.yaml diff --git a/kustomize/clusterimportpolicy/argocd.yaml b/kustomize/clusterimportpolicy/argocd.yaml new file mode 100644 index 000000000..ec228ea34 --- /dev/null +++ b/kustomize/clusterimportpolicy/argocd.yaml @@ -0,0 +1,41 @@ +apiVersion: policy.clusterpedia.io/v1alpha1 +kind: ClusterImportPolicy +metadata: + name: argocd +spec: + source: + group: "" + resource: clusters + selectorTemplate: "" + references: + - group: "" + resource: secrets + namespaceTemplate: "{{ .source.spec.authSecretRef.namespace }}" + nameTemplate: "{{ .source.spec.authSecretRef.name }}" + key: authSecret + nameTemplate: "argocd-{{ .source.metadata.name }}" + template: | + spec: + apiserver: "{{ .source.spec.apiEndpoint }}" + caData: "{{ .references.authSecret.data.ca }}" + tokenData: "{{ .references.authSecret.data.token }}" + syncResources: + - group: "" + resources: + - "pods" + - "services" + - "configmaps" + - "secrets" + - "namespaces" + - group: "apps" + resources: + - "*" + syncResourcesRefName: "" + creationCondition: | + {{ if ne .source.spec.apiEndpoint "" }} + {{ range .source.status.conditions }} + {{ if eq .type "Ready" }} + {{ if eq .status "True" }} true {{ end }} + {{ end }} + {{ end }} + {{ end }} \ No newline at end of file From 8120e44bdfb6ddf9bc59cc5e5d3a31132b11426a Mon Sep 17 00:00:00 2001 From: Yash Khare Date: Thu, 16 Nov 2023 11:24:49 +0530 Subject: [PATCH 2/3] update clusterimportpolicy Signed-off-by: Yash Khare --- kustomize/clusterimportpolicy/argocd.yaml | 43 ++++++++++++----------- 1 file changed, 22 insertions(+), 21 deletions(-) diff --git a/kustomize/clusterimportpolicy/argocd.yaml b/kustomize/clusterimportpolicy/argocd.yaml index ec228ea34..8ef98dc9e 100644 --- a/kustomize/clusterimportpolicy/argocd.yaml +++ b/kustomize/clusterimportpolicy/argocd.yaml @@ -5,20 +5,28 @@ metadata: spec: source: group: "" - resource: clusters - selectorTemplate: "" - references: - - group: "" - resource: secrets - namespaceTemplate: "{{ .source.spec.authSecretRef.namespace }}" - nameTemplate: "{{ .source.spec.authSecretRef.name }}" - key: authSecret - nameTemplate: "argocd-{{ .source.metadata.name }}" + resource: secrets + selectorTemplate: | + {{ if hasPrefix "argo-" .source.metadata.name }} + {{ $ca := (get .source.data "certificate-authority") }} + {{ $clientca := (get .source.data "client-certificate") }} + {{ $clientkey := (get .source.data "client-key") }} + + {{/* Use a specific data format tofilter out the argocd's secret */}} + {{ if and $ca $clientca $clientkey (hasKey .source.data "config") }} + {{ $kubeconfig := (b64dec .source.data.config) }} + {{ and + (contains $ca $kubeconfig) + (contains $clientca $kubeconfig) + (contains $clientkey $kubeconfig) + }} + {{ end }} + {{ end }} + nameTemplate: 'argo-{{ .source.metadata.namespace }}-{{ trimPrefix "argo-" .source.metadata.name }}' template: | spec: - apiserver: "{{ .source.spec.apiEndpoint }}" - caData: "{{ .references.authSecret.data.ca }}" - tokenData: "{{ .references.authSecret.data.token }}" + apiserver: 'https://{{ trimPrefix "argo-" .source.metadata.name }}.{{ .source.metadata.namespace }}.svc' + kubeconfig: '{{ .source.data.config }}' syncResources: - group: "" resources: @@ -29,13 +37,6 @@ spec: - "namespaces" - group: "apps" resources: - - "*" + - "*" syncResourcesRefName: "" - creationCondition: | - {{ if ne .source.spec.apiEndpoint "" }} - {{ range .source.status.conditions }} - {{ if eq .type "Ready" }} - {{ if eq .status "True" }} true {{ end }} - {{ end }} - {{ end }} - {{ end }} \ No newline at end of file + creationCondition: "true" \ No newline at end of file From 6d37ae4778fb00945df3167b922c2057869fa74a Mon Sep 17 00:00:00 2001 From: Yash Khare Date: Sun, 31 Dec 2023 23:14:12 +0530 Subject: [PATCH 3/3] merged argocd cluster policy in already accessed policy clusters --- kustomize/clusterimportpolicy/argocd.yaml | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/kustomize/clusterimportpolicy/argocd.yaml b/kustomize/clusterimportpolicy/argocd.yaml index 8ef98dc9e..56e88a459 100644 --- a/kustomize/clusterimportpolicy/argocd.yaml +++ b/kustomize/clusterimportpolicy/argocd.yaml @@ -8,17 +8,13 @@ spec: resource: secrets selectorTemplate: | {{ if hasPrefix "argo-" .source.metadata.name }} - {{ $ca := (get .source.data "certificate-authority") }} - {{ $clientca := (get .source.data "client-certificate") }} - {{ $clientkey := (get .source.data "client-key") }} - - {{/* Use a specific data format tofilter out the argocd's secret */}} - {{ if and $ca $clientca $clientkey (hasKey .source.data "config") }} + {{ $name := (get .source.data "name") }} + {{ $serverurl := (get .source.data "server") }} + {{ if and $name $serverurl (hasKey .source.data "config") }} {{ $kubeconfig := (b64dec .source.data.config) }} {{ and - (contains $ca $kubeconfig) - (contains $clientca $kubeconfig) - (contains $clientkey $kubeconfig) + (contains $name $kubeconfig) + (contains $serverurl $kubeconfig) }} {{ end }} {{ end }} @@ -26,7 +22,7 @@ spec: template: | spec: apiserver: 'https://{{ trimPrefix "argo-" .source.metadata.name }}.{{ .source.metadata.namespace }}.svc' - kubeconfig: '{{ .source.data.config }}' + kubeconfig: '{'tlsClientConfig':{'insecure':false}}' syncResources: - group: "" resources: