Add ArgoCD GitOps bootstrap contract for railiance01
Define platform-owned AppProjects, root app-of-apps, repository registration templates, and tenant onboarding docs so issue-core can deploy via ArgoCD. Ignore encrypted repository secrets locally and cross-link OpenBao delivery guidance with the new GitOps contract.
This commit is contained in:
22
argocd/bootstrap/00-railiance-bootstrap-project.yaml
Normal file
22
argocd/bootstrap/00-railiance-bootstrap-project.yaml
Normal file
@@ -0,0 +1,22 @@
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: AppProject
|
||||
metadata:
|
||||
name: railiance-bootstrap
|
||||
namespace: argocd
|
||||
labels:
|
||||
app.kubernetes.io/part-of: railiance-gitops
|
||||
railiance-platform/component: gitops
|
||||
spec:
|
||||
description: Platform-owned ArgoCD bootstrap project for Railiance app-of-apps.
|
||||
sourceRepos:
|
||||
- https://gitea.coulomb.social/coulomb/railiance-platform.git
|
||||
destinations:
|
||||
- server: https://kubernetes.default.svc
|
||||
namespace: argocd
|
||||
clusterResourceWhitelist: []
|
||||
namespaceResourceWhitelist:
|
||||
- group: argoproj.io
|
||||
kind: Application
|
||||
orphanedResources:
|
||||
warn: true
|
||||
|
||||
52
argocd/bootstrap/01-railiance-tenants-project.yaml
Normal file
52
argocd/bootstrap/01-railiance-tenants-project.yaml
Normal file
@@ -0,0 +1,52 @@
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: AppProject
|
||||
metadata:
|
||||
name: railiance-tenants
|
||||
namespace: argocd
|
||||
labels:
|
||||
app.kubernetes.io/part-of: railiance-gitops
|
||||
railiance-platform/component: gitops
|
||||
spec:
|
||||
description: Guardrails for Railiance tenant applications deployed by ArgoCD.
|
||||
sourceRepos:
|
||||
- https://gitea.coulomb.social/coulomb/*.git
|
||||
destinations:
|
||||
- server: https://kubernetes.default.svc
|
||||
namespace: "*"
|
||||
clusterResourceWhitelist:
|
||||
- group: ""
|
||||
kind: Namespace
|
||||
namespaceResourceWhitelist:
|
||||
- group: ""
|
||||
kind: ConfigMap
|
||||
- group: ""
|
||||
kind: PersistentVolumeClaim
|
||||
- group: ""
|
||||
kind: Secret
|
||||
- group: ""
|
||||
kind: Service
|
||||
- group: ""
|
||||
kind: ServiceAccount
|
||||
- group: apps
|
||||
kind: Deployment
|
||||
- group: apps
|
||||
kind: StatefulSet
|
||||
- group: autoscaling
|
||||
kind: HorizontalPodAutoscaler
|
||||
- group: batch
|
||||
kind: CronJob
|
||||
- group: batch
|
||||
kind: Job
|
||||
- group: external-secrets.io
|
||||
kind: ExternalSecret
|
||||
- group: networking.k8s.io
|
||||
kind: Ingress
|
||||
- group: networking.k8s.io
|
||||
kind: NetworkPolicy
|
||||
- group: traefik.io
|
||||
kind: IngressRoute
|
||||
- group: traefik.io
|
||||
kind: Middleware
|
||||
orphanedResources:
|
||||
warn: true
|
||||
|
||||
26
argocd/bootstrap/10-railiance-apps-root.application.yaml
Normal file
26
argocd/bootstrap/10-railiance-apps-root.application.yaml
Normal file
@@ -0,0 +1,26 @@
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: railiance-apps-root
|
||||
namespace: argocd
|
||||
labels:
|
||||
app.kubernetes.io/part-of: railiance-gitops
|
||||
railiance-platform/component: gitops
|
||||
spec:
|
||||
project: railiance-bootstrap
|
||||
source:
|
||||
repoURL: https://gitea.coulomb.social/coulomb/railiance-platform.git
|
||||
targetRevision: main
|
||||
path: argocd/applications
|
||||
destination:
|
||||
server: https://kubernetes.default.svc
|
||||
namespace: argocd
|
||||
syncPolicy:
|
||||
automated:
|
||||
prune: true
|
||||
selfHeal: true
|
||||
syncOptions:
|
||||
- CreateNamespace=false
|
||||
- ApplyOutOfSyncOnly=true
|
||||
- PruneLast=true
|
||||
|
||||
7
argocd/bootstrap/kustomization.yaml
Normal file
7
argocd/bootstrap/kustomization.yaml
Normal file
@@ -0,0 +1,7 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- 00-railiance-bootstrap-project.yaml
|
||||
- 01-railiance-tenants-project.yaml
|
||||
- 10-railiance-apps-root.application.yaml
|
||||
|
||||
Reference in New Issue
Block a user