diff --git a/argo1/templates/template-operator.yaml b/argo1/templates/template-operator.yaml new file mode 100644 index 0000000..c997add --- /dev/null +++ b/argo1/templates/template-operator.yaml @@ -0,0 +1,31 @@ +# {{ if (index .Values "template-operator").enabled }} +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: {{ .Release.Name }}-template-operator + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + source: + repoURL: "{{ .Values.bootstrap.source.repoURL }}" + targetRevision: "{{ .Values.bootstrap.source.targetRevision }}" + path: {{ (index .Values "template-operator").path | default "template-operator" | quote }} + destination: + server: "https://kubernetes.default.svc" + namespace: {{ (index .Values "template-operator").namespace | default "template-operator" | quote }} + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + - ServerSideApply=true + retry: + limit: 10 + backoff: + duration: 5s + factor: 2 + maxDuration: 3m0s +# {{- end }} diff --git a/argo1/values.yaml b/argo1/values.yaml index b46b491..61055f8 100644 --- a/argo1/values.yaml +++ b/argo1/values.yaml @@ -116,5 +116,6 @@ metallb: {enabled: true} pgo: {enabled: true} secrets: {enabled: true} sealed-secrets: {enabled: true} +template-operator: {enabled: true} trust-manager: {enabled: true} ytmd: {enabled: true} diff --git a/template-operator/fetch.sh b/template-operator/fetch.sh new file mode 100644 index 0000000..70e5ad0 --- /dev/null +++ b/template-operator/fetch.sh @@ -0,0 +1 @@ +curl -Ls -o operator.yaml https://github.com/flanksource/template-operator/releases/download/v0.7.0/operator.yml diff --git a/template-operator/operator.yaml b/template-operator/operator.yaml new file mode 100644 index 0000000..60a4454 --- /dev/null +++ b/template-operator/operator.yaml @@ -0,0 +1,698 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: template-operator +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.0 + creationTimestamp: null + name: rests.templating.flanksource.com +spec: + group: templating.flanksource.com + names: + kind: REST + listKind: RESTList + plural: rests + singular: rest + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: REST is the Schema for the rest API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: RESTSpec defines the desired state of REST + properties: + auth: + description: Auth may be used for http basic authentication + properties: + namespace: + description: Namespace where secret / config map is present + type: string + password: + description: Password represents the HTTP Basic Auth password + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + username: + description: Username represents the HTTP Basic Auth username + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + headers: + additionalProperties: + type: string + description: Headers are optional http headers to be sent on the request + type: object + remove: + description: Remove defines the payload to be sent when CRD item is + deleted + properties: + body: + description: Body represents the HTTP Request body + type: string + method: + description: 'Method represents HTTP method to be used for the + request. Example: POST' + type: string + status: + additionalProperties: + type: string + description: Status defines the status fields which will be updated + based on response status + type: object + url: + description: URL represents the URL used for the request + type: string + type: object + update: + description: Update defines the payload to be sent when CRD item is + updated + properties: + body: + description: Body represents the HTTP Request body + type: string + method: + description: 'Method represents HTTP method to be used for the + request. Example: POST' + type: string + status: + additionalProperties: + type: string + description: Status defines the status fields which will be updated + based on response status + type: object + url: + description: URL represents the URL used for the request + type: string + type: object + url: + description: URL represents the URL address used to send requests + type: string + type: object + status: + additionalProperties: + type: string + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.0 + creationTimestamp: null + name: templates.templating.flanksource.com +spec: + group: templating.flanksource.com + names: + kind: Template + listKind: TemplateList + plural: templates + singular: template + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: Template is the Schema for the templates API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TemplateSpec defines the desired state of Template + properties: + copyToNamespaces: + description: Copy this object to other namespaces + properties: + namespaceSelector: + description: A label selector is a label query over a set of resources. + The result of matchLabels and matchExpressions are ANDed. An + empty label selector matches all objects. A null label selector + matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + items: + type: string + type: array + type: object + jsonPatches: + items: + properties: + object: + description: TypeMeta describes an individual object in an API + response or request with strings representing the type of + the object and its API schema version. Structures that are + versioned or persisted should inline TypeMeta. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of + this representation of an object. Servers should convert + recognized schemas to the latest internal value, and may + reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST + resource this object represents. Servers may infer this + from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + type: object + patch: + type: string + type: object + type: array + onceoff: + description: Onceoff will not apply templating more than once (usually + at admission stage) + type: boolean + patchTarget: + description: Target optionally allows to lookup related resources + to patch, defaults to the source object selected + properties: + annotationSelector: + additionalProperties: + type: string + type: object + apiVersion: + type: string + fieldSelector: + type: string + gitRepository: + properties: + glob: + type: string + name: + type: string + namespace: + type: string + type: object + kind: + type: string + labelSelector: + description: A label selector is a label query over a set of resources. + The result of matchLabels and matchExpressions are ANDed. An + empty label selector matches all objects. A null label selector + matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label selector is a label query over a set of resources. + The result of matchLabels and matchExpressions are ANDed. An + empty label selector matches all objects. A null label selector + matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + type: object + patches: + description: Patches is list of strategic merge patches to apply to + to the targets Must specify at least resources or patches or both + items: + type: string + type: array + resources: + description: Resources is a list of new resources to create for each + source object found Must specify at least resources or patches or + both + items: + type: object + x-kubernetes-preserve-unknown-fields: true + type: array + resourcesTemplate: + description: Resources template is a template of resources to be created + for each source object found + type: string + source: + description: Source selects objects on which to use as a templating + object + properties: + annotationSelector: + additionalProperties: + type: string + type: object + apiVersion: + type: string + fieldSelector: + type: string + gitRepository: + properties: + glob: + type: string + name: + type: string + namespace: + type: string + type: object + kind: + type: string + labelSelector: + description: A label selector is a label query over a set of resources. + The result of matchLabels and matchExpressions are ANDed. An + empty label selector matches all objects. A null label selector + matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label selector is a label query over a set of resources. + The result of matchLabels and matchExpressions are ANDed. An + empty label selector matches all objects. A null label selector + matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + type: object + type: object + status: + description: TemplateStatus defines the observed state of Template + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: template-operator-manager + namespace: template-operator +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: template-operator-leader-election-role + namespace: template-operator +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps/status + verbs: + - get + - update + - patch +- apiGroups: + - "" + resources: + - events + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: template-operator-manager-role +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: template-operator-leader-election-rolebinding + namespace: template-operator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: template-operator-leader-election-role +subjects: +- kind: ServiceAccount + name: template-operator-manager + namespace: template-operator +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: template-operator-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: template-operator-manager-role +subjects: +- kind: ServiceAccount + name: template-operator-manager + namespace: template-operator +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/scrape: "true" + labels: + control-plane: template-operator + name: template-operator-template-operator + namespace: template-operator +spec: + ports: + - name: prometheus + port: 8080 + protocol: TCP + selector: + control-plane: template-operator +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + control-plane: template-operator + name: template-operator-controller-manager + namespace: template-operator +spec: + replicas: 1 + selector: + matchLabels: + control-plane: template-operator + template: + metadata: + labels: + control-plane: template-operator + spec: + containers: + - args: + - --metrics-addr=0.0.0.0:8080 + - --enable-leader-election + - --sync-period=20s + image: flanksource/template-operator:v0.7.0 + name: manager + resources: + limits: + cpu: 100m + memory: 130Mi + requests: + cpu: 100m + memory: 120Mi + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=2 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + serviceAccount: template-operator-manager + terminationGracePeriodSeconds: 10