rackerlabs · cardoe · Apr 8, 2024 · Mar 21, 2024 · Mar 22, 2024 · Mar 22, 2024
diff --git a/apps/app-of-apps.yaml b/apps/app-of-apps.yaml
@@ -0,0 +1,23 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: app-of-apps
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  destination:
+    namespace: argocd
+    server: https://kubernetes.default.svc
+  project: default
+  source:
+    path: clusters/${DEPLOY_NAME}
+    repoURL: ${UC_DEPLOY_GIT_URL}
+    targetRevision: main
+    directory:
+      recurse: true
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
diff --git a/apps/components/argo-events.yaml b/apps/components/argo-events.yaml
@@ -14,3 +14,5 @@ spec:
   syncPolicy:
     automated:
       selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
diff --git a/apps/components/argo-workflows.yaml b/apps/components/argo-workflows.yaml
@@ -14,3 +14,5 @@ spec:
   syncPolicy:
     automated:
       selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
diff --git a/apps/components/argocd-understack-project.yaml b/apps/components/argocd-understack-project.yaml
@@ -16,6 +16,8 @@ spec:
     server: '*'
   - namespace: 'argo-events'
     server: '*'
+  - namespace: 'dex'
+    server: '*'
   clusterResourceWhitelist:
   - group: '*'
     kind: '*'
diff --git a/apps/components/dexidp.yaml b/apps/components/dexidp.yaml
@@ -4,13 +4,20 @@ metadata:
   name: dexidp
 spec:
   project: understack
-  source:
-    repoURL: https://github.com/rackerlabs/understack.git
-    path: components/13-dexidp/
-    targetRevision: HEAD
+  sources:
+    - repoURL: https://github.com/rackerlabs/understack.git
+      path: components/13-dexidp/
+      targetRevision: HEAD
+    - repoURL: ${UC_DEPLOY_GIT_URL}
+      path: secrets/${DEPLOY_NAME}/
+      targetRevision: HEAD
+      directory:
+        include: secret-nautobot-sso-dex.yaml
   destination:
     server: "https://kubernetes.default.svc"
     namespace: dex
   syncPolicy:
     automated:
       selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
diff --git a/apps/components/ironic.yaml b/apps/components/ironic.yaml
@@ -4,13 +4,38 @@ metadata:
   name: ironic
 spec:
   project: understack
-  source:
-    repoURL: https://github.com/rackerlabs/understack.git
-    path: components/13-ironic/
-    targetRevision: HEAD
+  sources:
+    - repoURL: https://github.com/rackerlabs/understack.git
+      path: components/13-ironic/
+      targetRevision: HEAD
+      directory:
+        exclude: kustomization.yaml
+        recurse: false
+      ref: understack
+    - repoURL: https://tarballs.opendev.org/openstack/openstack-helm/
+      chart: ironic
+      targetRevision: 0.2.10
+      helm:
+        releaseName: ironic
+        valueFiles:
+          - $understack/components/openstack-2023.1-jammy.yaml
+          - $understack/components/13-ironic/aio-values.yaml
+          - $secrets/secrets/${DEPLOY_NAME}/secret-openstack.yaml
+    - repoURL: ${UC_DEPLOY_GIT_URL}
+      path: secrets/${DEPLOY_NAME}/
+      targetRevision: HEAD
+      directory:
+        include: 'secret-ironic-*.yaml'
+      ref: secrets
   destination:
     server: "https://kubernetes.default.svc"
     namespace: openstack
   syncPolicy:
     automated:
       selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+    managedNamespaceMetadata:
+      labels:
+        kubernetes.io/metadata.name: openstack
+        name: openstack
diff --git a/apps/components/keystone.yaml b/apps/components/keystone.yaml
@@ -4,13 +4,48 @@ metadata:
   name: keystone
 spec:
   project: understack
-  source:
-    repoURL: https://github.com/rackerlabs/understack.git
-    path: components/10-keystone/
-    targetRevision: HEAD
+  sources:
+    - repoURL: https://github.com/rackerlabs/understack.git
+      path: components/10-keystone/
+      targetRevision: HEAD
+      directory:
+        exclude: kustomization.yaml
+        recurse: false
+      ref: understack
+    - repoURL: https://tarballs.opendev.org/openstack/openstack-helm/
+      chart: keystone
+      targetRevision: 0.3.7
+      helm:
+        releaseName: keystone
+        valueFiles:
+          - $understack/components/openstack-2023.1-jammy.yaml
+          - $understack/components/10-keystone/aio-values.yaml
+          - $secrets/secrets/${DEPLOY_NAME}/secret-openstack.yaml
+    - repoURL: ${UC_DEPLOY_GIT_URL}
+      path: secrets/${DEPLOY_NAME}/
+      targetRevision: HEAD
+      directory:
+        include: 'secret-keystone-*.yaml'
+      ref: secrets
+  ignoreDifferences:
+    - kind: Secret
+      name: keystone-fernet-keys
+      jqPathExpressions:
+        - .data
+    - kind: Secret
+      name: keystone-credential-keys
+      jqPathExpressions:
+        - .data
   destination:
     server: "https://kubernetes.default.svc"
     namespace: openstack
   syncPolicy:
     automated:
       selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+      - RespectIgnoreDifferences=true
+    managedNamespaceMetadata:
+      labels:
+        kubernetes.io/metadata.name: openstack
+        name: openstack
diff --git a/apps/components/kustomization.yaml b/apps/components/kustomization.yaml
@@ -5,12 +5,10 @@ namespace: argocd
 
 resources:
   - argocd-understack-project.yaml
-  - namespaces.yaml
   - mariadb.yaml
   - rabbitmq-cluster.yaml
   - memcached.yaml
   - postgres-db.yaml
-  - nautobot-redis.yaml
   - nautobot.yaml
   - keystone.yaml
   - argo-workflows.yaml

diff --git a/apps/components/mariadb.yaml b/apps/components/mariadb.yaml
@@ -4,13 +4,20 @@ metadata:
   name: mariadb
 spec:
   project: understack
-  source:
-    repoURL: https://github.com/rackerlabs/understack.git
-    path: components/03-mariadb/
-    targetRevision: HEAD
+  sources:
+    - repoURL: https://github.com/rackerlabs/understack.git
+      path: components/03-mariadb/
+      targetRevision: HEAD
+    - repoURL: ${UC_DEPLOY_GIT_URL}
+      path: secrets/${DEPLOY_NAME}/
+      targetRevision: HEAD
+      directory:
+        include: secret-mariadb.yaml
   destination:
     server: "https://kubernetes.default.svc"
     namespace: openstack
   syncPolicy:
     automated:
       selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
diff --git a/apps/components/memcached.yaml b/apps/components/memcached.yaml
@@ -14,3 +14,5 @@ spec:
   syncPolicy:
     automated:
       selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
diff --git a/apps/components/namespaces.yaml b/apps/components/namespaces.yaml
diff --git a/apps/components/nautobot-redis.yaml b/apps/components/nautobot-redis.yaml
diff --git a/apps/components/nautobot.yaml b/apps/components/nautobot.yaml
@@ -4,13 +4,39 @@ metadata:
   name: nautobot
 spec:
   project: understack
-  source:
-    repoURL: https://github.com/rackerlabs/understack.git
-    path: components/09-nautobot/
-    targetRevision: HEAD
+  sources:
+    - repoURL: https://github.com/rackerlabs/understack.git
+      path: components/08-nautobot-redis/
+      targetRevision: HEAD
+    - repoURL: https://github.com/rackerlabs/understack.git
+      path: components/09-nautobot/
+      targetRevision: HEAD
+      kustomize:
+        patches:
+          - target:
+              kind: Ingress
+              name: nautobot
+            patch: |-
+              - op: replace
+                path: /spec/rules/0/host
+                value: nautobot.${DNS_ZONE}
+              - op: replace
+                path: /spec/tls/0/hosts/0
+                value: nautobot.${DNS_ZONE}
+              - op: replace
+                path: '/metadata/annotations/cert-manager.io~1cluster-issuer'
+                value: ${DEPLOY_NAME}-cluster-issuer
+    - repoURL: ${UC_DEPLOY_GIT_URL}
+      path: secrets/${DEPLOY_NAME}/
+      targetRevision: HEAD
+      directory:
+        include: 'secret-nautobot*.yaml'
+        exclude: secret-nautobot-sso-dex.yaml
   destination:
     server: "https://kubernetes.default.svc"
     namespace: nautobot
   syncPolicy:
     automated:
       selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
diff --git a/apps/components/postgres-db.yaml b/apps/components/postgres-db.yaml
@@ -14,3 +14,5 @@ spec:
   syncPolicy:
     automated:
       selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
diff --git a/apps/components/rabbitmq-cluster.yaml b/apps/components/rabbitmq-cluster.yaml
@@ -14,3 +14,5 @@ spec:
   syncPolicy:
     automated:
       selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
diff --git a/apps/operators/cert-manager.yaml b/apps/operators/cert-manager.yaml
@@ -0,0 +1,32 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: cert-manager
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: operators
+  sources:
+    - chart: cert-manager
+      repoURL: https://charts.jetstack.io
+      targetRevision: 1.*
+      helm:
+        releaseName: cert-manager
+        valuesObject:
+          installCRDs: true
+    - repoURL: ${UC_DEPLOY_GIT_URL}
+      path: secrets/${DEPLOY_NAME}/
+      targetRevision: HEAD
+      directory:
+        include: cluster-issuer.yaml
+  destination:
+    namespace: cert-manager
+    server: https://kubernetes.default.svc
+  syncPolicy:
+    automated:
+      prune: false
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
diff --git a/apps/operators/mariadb-operator.yaml b/apps/operators/mariadb-operator.yaml
@@ -15,4 +15,5 @@ spec:
     automated:
       selfHeal: true
     syncOptions:
+      - CreateNamespace=true
       - ServerSideApply=true
diff --git a/apps/operators/messaging-topology-operator.yaml b/apps/operators/messaging-topology-operator.yaml
@@ -15,4 +15,5 @@ spec:
     automated:
       selfHeal: true
     syncOptions:
+      - CreateNamespace=true
       - ServerSideApply=true
diff --git a/apps/operators/postgres-operator.yaml b/apps/operators/postgres-operator.yaml
@@ -15,4 +15,5 @@ spec:
     automated:
       selfHeal: true
     syncOptions:
+      - CreateNamespace=true
       - ServerSideApply=true
diff --git a/apps/operators/rabbitmq-operator.yaml b/apps/operators/rabbitmq-operator.yaml
@@ -15,4 +15,5 @@ spec:
     automated:
       selfHeal: true
     syncOptions:
+      - CreateNamespace=true
       - ServerSideApply=true
diff --git a/components/00-namespaces/argo-workflows.yaml b/components/00-namespaces/argo-workflows.yaml
diff --git a/components/00-namespaces/dexidp.yaml b/components/00-namespaces/dexidp.yaml
diff --git a/components/00-namespaces/kustomization.yaml b/components/00-namespaces/kustomization.yaml
diff --git a/components/00-namespaces/nautobot.yaml b/components/00-namespaces/nautobot.yaml
diff --git a/components/00-namespaces/openstack.yaml b/components/00-namespaces/openstack.yaml