feat: Argocd apps (#2)

* added status-ok-app * added sub app: app-status-ok * added another-app-ok * added app: simple-kube-files-ok * added broken ingress * minor fix * minor fix * minor fix * wrong service port * upgrated broken ingres * changed broken-ingress into broken network * updated broken-network * added broken-pod * minor fix * added broken-rbac * minor fix * added network policy * updated github actions
diegolagospagopa · Aug 23, 2024 · 67152ba · 67152ba
1 parent fdea5fc
commit 67152ba
Show file tree

Hide file tree

Showing 17 changed files with 492 additions and 18 deletions.
diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml
@@ -10,11 +10,12 @@ on:
 jobs:
   main:
     name: Validate PR title
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
       # Please look up the latest version from
       # https://github.com/amannn/action-semantic-pull-request/releases
-      - uses: amannn/action-semantic-pull-request@v3.4.6
+      # from https://github.com/amannn/action-semantic-pull-request/commits/main
+      - uses: amannn/action-semantic-pull-request@01d5fd8a8ebb9aafe902c40c53f0f4744f7381eb
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
@@ -36,7 +37,7 @@ jobs:
           # The variables `subject` and `title` can be used within the message.
           subjectPatternError: |
             The subject "{subject}" found in the pull request title "{title}"
-            didn't match the configured pattern `^.+$/`. Please ensure that the subject
+            didn't match the configured pattern. Please ensure that the subject
             starts with an uppercase character.
           # For work-in-progress PRs you can typically use draft pull requests
           # from Github. However, private repositories on the free plan don't have
@@ -52,4 +53,4 @@ jobs:
           validateSingleCommit: false
           # Related to `validateSingleCommit` you can opt-in to validate that the PR
           # title matches a single commit to avoid confusion.
-          validateSingleCommitMatchesPrTitle: false
+          validateSingleCommitMatchesPrTitle: false
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -16,18 +16,8 @@ jobs:
     name: Release
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout
-        uses: actions/checkout@v2
+      - name: Release action
+        id: release
+        uses: pagopa/eng-github-actions-iac-template/global/release-action@main #
         with:
-          persist-credentials: false
-          fetch-depth: 0
-
-      - name: Release
-        uses: cycjimmy/semantic-release-action@v2
-        with:
-          semantic_version: 18.0.0
-          extra_plugins: |
-            @semantic-release/release-notes-generator@10.0.3
-            @semantic-release/git@10.0.1
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/README.md b/README.md
@@ -1,2 +1,3 @@
 # argocd-showcase
+
 ArgoCD showcase and examples in pagopa
diff --git a/argocd/broken-apps/broken-network.yaml b/argocd/broken-apps/broken-network.yaml
@@ -0,0 +1,27 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: broken-network
+  # You'll usually want to add your resources to the argocd namespace.
+  namespace: argocd
+  # Add this finalizer ONLY if you want these to cascade delete.
+  finalizers:
+    # The default behaviour is foreground cascading deletion
+    - resources-finalizer.argocd.argoproj.io
+    # Alternatively, you can use background cascading deletion
+    # - resources-finalizer.argocd.argoproj.io/background
+  # Add labels to your application object.
+  labels:
+    name: broken-network
+spec:
+  project: terraform-argocd-project
+  source:
+    targetRevision: argocd-apps
+    repoURL: 'https://github.com/diegolagospagopa/argocd-showcase'
+    path: resources/broken-network
+  destination:
+    server: 'https://kubernetes.default.svc'
+    namespace: diego
+  syncPolicy:
+    automated: {}
+  revisionHistoryLimit: 10
diff --git a/argocd/broken-apps/broken-pod.yaml b/argocd/broken-apps/broken-pod.yaml
@@ -0,0 +1,27 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: broken-pod
+  # You'll usually want to add your resources to the argocd namespace.
+  namespace: argocd
+  # Add this finalizer ONLY if you want these to cascade delete.
+  finalizers:
+    # The default behaviour is foreground cascading deletion
+    - resources-finalizer.argocd.argoproj.io
+    # Alternatively, you can use background cascading deletion
+    # - resources-finalizer.argocd.argoproj.io/background
+  # Add labels to your application object.
+  labels:
+    name: broken-pod
+spec:
+  project: terraform-argocd-project
+  source:
+    targetRevision: argocd-apps
+    repoURL: 'https://github.com/diegolagospagopa/argocd-showcase'
+    path: resources/broken-pod
+  destination:
+    server: 'https://kubernetes.default.svc'
+    namespace: diego
+  syncPolicy:
+    automated: {}
+  revisionHistoryLimit: 10
diff --git a/argocd/broken-apps/broken-rbac.yaml b/argocd/broken-apps/broken-rbac.yaml
@@ -0,0 +1,27 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: broken-rbac
+  # You'll usually want to add your resources to the argocd namespace.
+  namespace: argocd
+  # Add this finalizer ONLY if you want these to cascade delete.
+  finalizers:
+    # The default behaviour is foreground cascading deletion
+    - resources-finalizer.argocd.argoproj.io
+    # Alternatively, you can use background cascading deletion
+    # - resources-finalizer.argocd.argoproj.io/background
+  # Add labels to your application object.
+  labels:
+    name: broken-rbac
+spec:
+  project: terraform-argocd-project
+  source:
+    targetRevision: argocd-apps
+    repoURL: 'https://github.com/diegolagospagopa/argocd-showcase'
+    path: resources/broken-rbac
+  destination:
+    server: 'https://kubernetes.default.svc'
+    namespace: diego
+  syncPolicy:
+    automated: {}
+  revisionHistoryLimit: 10
diff --git a/argocd/ok-apps/another-app-ok.yaml b/argocd/ok-apps/another-app-ok.yaml
@@ -0,0 +1,37 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: another-app-ok
+  # You'll usually want to add your resources to the argocd namespace.
+  namespace: argocd
+  # Add this finalizer ONLY if you want these to cascade delete.
+  finalizers:
+    # The default behaviour is foreground cascading deletion
+    - resources-finalizer.argocd.argoproj.io
+    # Alternatively, you can use background cascading deletion
+    # - resources-finalizer.argocd.argoproj.io/background
+  # Add labels to your application object.
+  labels:
+    name: another-app-ok
+spec:
+  project: terraform-argocd-project
+  source:
+#    chart: microservice-chart
+#    targetRevision: 5.4.0
+    repoURL: 'https://github.com/pagopa/devops-app-status'
+    path: helm/devopslab/diego
+    helm:
+      releaseName: another-app-ok
+      valueFiles:
+        - values-dev.yaml
+      valuesObject:
+        microservice-chart:
+          namespace: "diego"
+          ingress:
+            path: /another-app-ok/status(/|$)(.*)
+  destination:
+    server: 'https://kubernetes.default.svc'
+    namespace: diego
+  syncPolicy:
+    automated: {}
+  revisionHistoryLimit: 10
diff --git a/argocd/ok-apps/app-status-ok.yaml b/argocd/ok-apps/app-status-ok.yaml
@@ -0,0 +1,37 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: app-status-ok
+  # You'll usually want to add your resources to the argocd namespace.
+  namespace: argocd
+  # Add this finalizer ONLY if you want these to cascade delete.
+  finalizers:
+    # The default behaviour is foreground cascading deletion
+    - resources-finalizer.argocd.argoproj.io
+    # Alternatively, you can use background cascading deletion
+    # - resources-finalizer.argocd.argoproj.io/background
+  # Add labels to your application object.
+  labels:
+    name: app-status-ok
+spec:
+  project: terraform-argocd-project
+  source:
+#    chart: microservice-chart
+#    targetRevision: 5.4.0
+    repoURL: 'https://github.com/pagopa/devops-app-status'
+    path: helm/devopslab/diego
+    helm:
+      releaseName: app-status-ok
+      valueFiles:
+        - values-dev.yaml
+      valuesObject:
+        microservice-chart:
+          namespace: "diego"
+          ingress:
+            path: /app-status-ok/status(/|$)(.*)
+  destination:
+    server: 'https://kubernetes.default.svc'
+    namespace: diego
+  syncPolicy:
+    automated: {}
+  revisionHistoryLimit: 10
diff --git a/argocd/ok-apps/simple-kube-files-ok.yaml b/argocd/ok-apps/simple-kube-files-ok.yaml
@@ -0,0 +1,27 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: simple-kube-files-ok
+  # You'll usually want to add your resources to the argocd namespace.
+  namespace: argocd
+  # Add this finalizer ONLY if you want these to cascade delete.
+  finalizers:
+    # The default behaviour is foreground cascading deletion
+    - resources-finalizer.argocd.argoproj.io
+    # Alternatively, you can use background cascading deletion
+    # - resources-finalizer.argocd.argoproj.io/background
+  # Add labels to your application object.
+  labels:
+    name: simple-kube-files-ok
+spec:
+  project: terraform-argocd-project
+  source:
+    targetRevision: argocd-apps
+    repoURL: 'https://github.com/diegolagospagopa/argocd-showcase'
+    path: resources/simple-kube-files
+  destination:
+    server: 'https://kubernetes.default.svc'
+    namespace: diego
+  syncPolicy:
+    automated: {}
+  revisionHistoryLimit: 10
diff --git a/resources/broken-network/deployment.yaml b/resources/broken-network/deployment.yaml
@@ -0,0 +1,99 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+    reloader.stakater.com/auto: 'true'
+  labels:
+    app.kubernetes.io/instance: broken-network
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: microservice-chart
+    app.kubernetes.io/version: v1.5.0
+    argocd.argoproj.io/instance: broken-network
+    canaryDelivery: 'false'
+    helm.sh/blueprint-version: 5.4.1
+    helm.sh/chart: microservice-chart-v1.5.0
+  name: broken-network-microservice-chart
+  namespace: diego
+spec:
+  progressDeadlineSeconds: 600
+  replicas: 1
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: broken-network
+      app.kubernetes.io/name: microservice-chart
+      canaryDelivery: 'false'
+  strategy:
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 0
+    type: RollingUpdate
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        aadpodidbinding: diego-pod-identity
+        app.kubernetes.io/instance: broken-network
+        app.kubernetes.io/name: microservice-chart
+        app.kubernetes.io/version: v1.5.0
+        canaryDelivery: 'false'
+    spec:
+      automountServiceAccountToken: false
+      containers:
+        - image: 'ghcr.io/pagopa/devops-app-status:v1.5.0'
+          imagePullPolicy: Always
+          livenessProbe:
+            failureThreshold: 6
+            httpGet:
+              path: /status
+              port: 8000
+              scheme: HTTP
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+          name: microservice-chart
+          ports:
+            - containerPort: 8000
+              name: app-port-8000
+              protocol: TCP
+          readinessProbe:
+            failureThreshold: 6
+            httpGet:
+              path: /status
+              port: 8000
+              scheme: HTTP
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+          resources:
+            limits:
+              cpu: 40m
+              memory: 128Mi
+            requests:
+              cpu: 40m
+              memory: 128Mi
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - all
+            readOnlyRootFilesystem: true
+          terminationMessagePath: /dev/termination-log
+          terminationMessagePolicy: File
+          volumeMounts:
+            - mountPath: /tmp
+              name: tmp
+      dnsPolicy: ClusterFirst
+      restartPolicy: Always
+      schedulerName: default-scheduler
+      securityContext:
+        seccompProfile:
+          type: RuntimeDefault
+      serviceAccount: default
+      serviceAccountName: default
+      terminationGracePeriodSeconds: 30
+      volumes:
+        - emptyDir: {}
+          name: tmp
diff --git a/resources/broken-network/ingress.yaml b/resources/broken-network/ingress.yaml
@@ -0,0 +1,31 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    nginx.ingress.kubernetes.io/force-ssl-redirect: 'true'
+    nginx.ingress.kubernetes.io/proxy-body-size: 1m
+    nginx.ingress.kubernetes.io/rewrite-target: /$2
+    nginx.ingress.kubernetes.io/satisfy: any
+    nginx.ingress.kubernetes.io/use-regex: 'true'
+  labels:
+    argocd.argoproj.io/instance: broken-network
+  name: broken-network-microservice-chart
+  namespace: diego
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: dev01.broken.internal.devopslab.pagopa.it
+      http:
+        paths:
+          - backend:
+              service:
+                # name: broken-network-microservice-chart
+                name: broken
+                port:
+                  number: 8000
+            path: /broken-network/status(/|$)(.*)
+            pathType: ImplementationSpecific
+  tls:
+    - hosts:
+        - dev01.broken.internal.devopslab.pagopa.it
+      secretName: dev01-broken-internal-devopslab-pagopa-it