Enable auto-sync for remaining Argo applications. (#60)

* chore: More lenient retry strategy

README.md

@@ -5,9 +5,14 @@
 - [Overview](#overview)
   * [IBM Cloud Paks](#ibm-cloud-paks)
   * [GitOps](#gitops)
+  * [Governance Policies](#governance-policies)
 - [Installation](#installation)
+  * [Individual clusters](#individual-clusters)
+  * [Fleet of clusters with governance](#fleet-of-clusters-with-governance)
 - [Contributing](#contributing)
 
+---
+
 ## Overview
 
 This repository contains Argo CD `Application` resources representing basic deployments of IBM Cloud Paks, and, as such, they are meant for inclusion in an Argo CD cluster. Different Cloud Paks are represented with different `Application` resources and grouped by a resource label tied to each Cloud Pak.
@@ -24,13 +29,26 @@ The supported deployment mechanisms for Cloud Paks are documented in their respe
 
 GitOps is a declarative way to implement continuous deployment for cloud-native applications. The Red Hat® OpenShift® Container Platform offers the [OpenShift GitOps operator](https://docs.openshift.com/container-platform/4.7/cicd/gitops/understanding-openshift-gitops.html), which manages the entire lifecycle for [Argo CD](https://argoproj.github.io/argo-cd/) and its components.
 
+### Governance Policies
+
+Practicing GitOps at scale, with dozens or even hundreds of clusters, benefits from a level of abstraction where each cluster follows a few select policies. This repository contains a simple deployment of governance policies for the deployment of OpenShift GitOps and Cloud Paks to a fleet of clusters.
+
 
 ## Installation
 
+### Individual clusters
+
 Argo applications are added to the Argo CD server. An application defines the source of the Kubernetes resources and the target cluster where those resources should be deployed. The Argo CD server "installs" a Cloud Pak by synchronizing the applications representing the Cloud Pak into the target cluster.
 
 Refer to the [installation page](docs/install.md) for instructions on configuring an OCP server with the OpenShift GitOps operator and then adding the Cloud Pak GitOps resources to the default GitOps server created by the operator.
 
+### Fleet of clusters with governance
+
+Use governance policies and placement rules to configure entire clusters with GitOps infrastructure and manage Cloud Pak deployments from Red Hat Advanced Cluster Management for Kubernetes (RHACM.)
+
+Refer to the [RHACM page](docs/rhacm.md) for an overview and instructions on how to add RHACM to an existing OpenShift cluster.
+
+
 ## Contributing
 
 Making changes to this repository requires a working knowledge of Argo CD administration and configuration. This section describes the workflow of submitting a change. A change entails forking the repository, modifying it, installing the changes on a target cluster to validate them, then gathering the output of validation commands using the `argocd` command-line interface.

config/argocd-cloudpaks/cp-shared/templates/00-presync-cp4a-config-map.yaml

@@ -32,20 +32,13 @@ spec:
 
               result=0
 
-              # https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/21.0.x?topic=deployment-installing-capabilities-in-operator-hub
-              # Demo installation requires a hostname suffix. We want to make this setting
-              # match the hostname of the cluster
-              ocp_domain=$(oc get ingress.config.openshift.io cluster -o jsonpath={.spec.domain})
-              if [ -z "${ocp_domain}" ]; then
-                  echo "ERROR: Unable to determine cluster domain."
-                  exit 1
-              fi
-
               # https://www.ibm.com/docs/en/cloud-paks/cp-biz-automation/21.0.x?topic=deployment-installing-capabilities-in-operator-hub
               platform=$(oc get Infrastructure cluster  -o jsonpath={.status.platform})
               cp4a_platform="${platform}"
-              if [ "${cp4a_platform}" != "IBMCloud" ]; then
+              if [ "${cp4a_platform}" == "IBMCloud" ]; then
                 cp4a_platform=OCP
+              else
+                cp4a_platform=ROKS
               fi
 
               api_url=$(oc get Infrastructure cluster  -o jsonpath={.status.apiServerURL})
@@ -79,10 +72,9 @@ spec:
               oc get configmap "${config_map_name}" \
                   --namespace "${ARGOCD_NAMESPACE}" > /dev/null 2>&1 \
               && oc patch configmap "${config_map_name}" \
-                  --patch "{\"data\":{\"serviceaccount.argocd_application_controller\":\"{{.Values.serviceaccount.argocd_application_controller}}\", \"shared_configuration.sc_deployment_hostname_suffix\":\"${ocp_domain}\", \"shared_configuration.sc_deployment_platform\":\"${cp4a_platform}\", \"storageclass.gold\":\"${storage_class_gold}\", \"storageclass.silver\":\"${storage_class_silver}\", \"storageclass.bronze\":\"${storage_class_bronze}\" }}" \
+                  --patch "{\"data\":{\"serviceaccount.argocd_application_controller\":\"{{.Values.serviceaccount.argocd_application_controller}}\", \"shared_configuration.sc_deployment_platform\":\"${cp4a_platform}\", \"storageclass.gold\":\"${storage_class_gold}\", \"storageclass.silver\":\"${storage_class_silver}\", \"storageclass.bronze\":\"${storage_class_bronze}\" }}" \
                   --namespace "${ARGOCD_NAMESPACE}" \
               || oc create configmap "${config_map_name}" \
-                  --from-literal=shared_configuration.sc_deployment_hostname_suffix="${ocp_domain}" \
                   --from-literal=serviceaccount.argocd_application_controller="{{.Values.serviceaccount.argocd_application_controller}}" \
                   --from-literal=shared_configuration.sc_deployment_platform="${cp4a_platform}" \
                   --from-literal=storageclass.gold="${storage_class_gold}" \

config/argocd-cloudpaks/cp-shared/templates/cp-shared-app.yaml

@@ -9,7 +9,7 @@ metadata:
     argocd.argoproj.io/sync-wave: "100"
 spec:
   destination:
-    namespace: {{.Values.argocd_app_namespace}}
+    namespace: {{.Values.metadata.argocd_app_namespace}}
     server: https://kubernetes.default.svc
   ignoreDifferences:
     - group: argoproj.io

config/argocd-cloudpaks/cp-shared/templates/cp-shared-operators-app.yaml

@@ -37,6 +37,12 @@ spec:
       selfHeal: true
     syncOptions:
       - CreateNamespace=true
+    retry:
+      limit: 10
+      backoff:
+        duration: 10s
+        factor: 2
+        maxDuration: 1h0m0s
 status:
   health: {}
   summary: {}

config/argocd-cloudpaks/cp4a/templates/00-presync-adjust-ocp-platform.yaml

@@ -35,24 +35,37 @@ spec:
               platform=$(oc get configmap argocd-cp4a-config \
                   --namespace "${ARGOCD_NAMESPACE}" -o jsonpath='{.data.shared_configuration\.sc_deployment_platform}')
 
-              if [ "${platform}" != "IBMCloud" ]; then
-                  helm_params=$(oc get Application "${ARGOCD_APP_NAME}" --namespace "${ARGOCD_NAMESPACE}" -o yaml -o jsonpath={.spec.source.helm.parameters})
-                  if [[ ! ${helm_params} == *OCP* ]]; then
-                      oc patch Application "${ARGOCD_APP_NAME}" \
-                          --namespace "${ARGOCD_NAMESPACE}" \
-                          -o yaml \
-                          --type=json \
-                          -p "[{\"op\":\"add\", \"path\":\"/spec/source/helm/parameters/0\", \"value\": {\"forceString\": true, \"name\": \"spec.shared_configuration.sc_deployment_platform\", \"value\": \"OCP\"}} ]" \
-                      && echo "INFO: Patched CR ${ARGOCD_APP_NAME}." \
-                      || echo "ERROR: Failed to patch application ${ARGOCD_APP_NAME}."
-                  else
-                      echo "INFO: Application ${ARGOCD_APP_NAME} was already patched."
-                  fi
-                  echo "INFO: Application ${ARGOCD_APP_NAME} current helm parameters:"
-                  oc get Application "${ARGOCD_APP_NAME}" \
-                        --namespace "${ARGOCD_NAMESPACE}" \
-                        -o jsonpath={.spec.source.helm.parameters}
+              if [ "${platform}" == "IBMCloud" ]; then
+                  exit
               fi
+
+              echo "INFO: Install Argo CLI."
+              # Install it from cluster, not from Internet, so airgap scenarios still work
+              argo_route=openshift-gitops-server
+              argo_secret=openshift-gitops-cluster
+              if [ {{.Values.serviceaccount.argocd_application_controller}} == argocd-cluster-argocd-application-controller ]; then
+                  argo_route=argocd-cluster-server
+                  argo_secret=argocd-cluster-cluster
+              fi
+
+              export HOME=/tmp
+              argo_cmd="${HOME}/argocd"
+              result=0
+
+              argo_url=$(oc get route ${argo_route} -n ${ARGOCD_NAMESPACE} -ojsonpath='{.spec.host}') \
+              && curl -skL "${argo_url}/download/argocd-linux-amd64" -o "${argo_cmd}" \
+              && chmod 755 "${argo_cmd}" \
+              && argo_pwd=$(oc get secret ${argo_secret} -n ${ARGOCD_NAMESPACE} -ojsonpath='{.data.admin\.password}' | base64 -d ; echo ) \
+              && "${argo_cmd}" login "${argo_url}" --username admin --password "${argo_pwd}" --insecure \
+              && "${argo_cmd}" app set "${ARGOCD_APP_NAME}" \
+                  --helm-set-string spec.shared_configuration.sc_deployment_platform="${platform}" \
+              && echo "INFO: ${ARGOCD_APP_NAME} successfully updated storage classes." \
+              || result=1
+
+              echo "INFO: Application ${ARGOCD_APP_NAME} current parameters:"
+              "${argo_cmd}" app get "${ARGOCD_APP_NAME}" --show-params
+
+              exit ${result}
       restartPolicy: Never
       serviceAccountName: {{.Values.serviceaccount.argocd_application_controller}}
   backoffLimit: 2

config/argocd-cloudpaks/cp4a/templates/00-presync-adjust-storage-classes.yaml

@@ -42,56 +42,42 @@ spec:
                 exit 1
               fi
 
-              echo "INFO: Patching application ${ARGOCD_APP_NAME}."
-              helm_params=$(oc get Application "${ARGOCD_APP_NAME}" --namespace "${ARGOCD_NAMESPACE}" -o yaml -o jsonpath={.spec.source.helm.parameters})
-              if [[ ! ${helm_params} == *${storage_class_gold}* ]]; then
-                  app_patch=/tmp/patch.json
-              cat<<EOF > "${app_patch}"
-                [
-                  {
-                    "op": "add",
-                    "path": "/spec/source/helm/parameters/0",
-                    "value": {
-                      "forceString": true,
-                      "name": "storageclass.gold",
-                      "value": "${storage_class_gold}"
-                    }
-                  },
-                  {
-                    "op": "add",
-                    "path": "/spec/source/helm/parameters/0",
-                    "value": {
-                      "forceString": true,
-                      "name": "storageclass.silver",
-                      "value": "${storage_class_silver}"
-                    }
-                  },
-                  {
-                    "op": "add",
-                    "path": "/spec/source/helm/parameters/0",
-                    "value": {
-                      "forceString": true,
-                      "name": "storageclass.bronze",
-                      "value": "${storage_class_bronze}"
-                    }
-                  }
-                ]
-              EOF
+              echo "INFO: Install Argo CLI."
+              # Install it from cluster, not from Internet, so airgap scenarios still work
+              argo_route=openshift-gitops-server
+              argo_secret=openshift-gitops-cluster
+              if [ {{.Values.serviceaccount.argocd_application_controller}} == argocd-cluster-argocd-application-controller ]; then
+                  argo_route=argocd-cluster-server
+                  argo_secret=argocd-cluster-cluster
+              fi
+
+              export HOME=/tmp
+              argo_cmd="${HOME}/argocd"
+              result=0
+
+              argo_url=$(oc get route ${argo_route} -n ${ARGOCD_NAMESPACE} -ojsonpath='{.spec.host}') \
+              && curl -skL "${argo_url}/download/argocd-linux-amd64" -o "${argo_cmd}" \
+              && chmod 755 "${argo_cmd}" \
+              && argo_pwd=$(oc get secret ${argo_secret} -n ${ARGOCD_NAMESPACE} -ojsonpath='{.data.admin\.password}' | base64 -d ; echo ) \
+              && "${argo_cmd}" login "${argo_url}" --username admin --password "${argo_pwd}" --insecure \
+              || result=1
 
-                  oc patch Application "${ARGOCD_APP_NAME}" \
-                      --namespace "${ARGOCD_NAMESPACE}" \
-                      -o yaml \
-                      --type=json \
-                      --patch-file "${app_patch}" \
-                  && echo "INFO: Patched application ${ARGOCD_APP_NAME}." \
-                  || echo "ERROR: Failed to patch application ${ARGOCD_APP_NAME}."
+              if [ ${result} -eq 0 ]; then
+                  echo "INFO: Patching storage for ${ARGOCD_APP_NAME}." \
+                  && "${argo_cmd}" app set "${ARGOCD_APP_NAME}" \
+                      --helm-set-string storageclass.bronze="${storage_class_bronze}" \
+                      --helm-set-string storageclass.gold="${storage_class_gold}" \
+                      --helm-set-string storageclass.silver="${storage_class_silver}" \
+                  && echo "INFO: ${ARGOCD_APP_NAME} successfully updated storage classes." \
+                  || result=1
               else
-                  echo "INFO: Application ${ARGOCD_APP_NAME} was already patched."
+                  echo "ERROR: Unable to login to Argo."
               fi
+
               echo "INFO: Application ${ARGOCD_APP_NAME} current helm parameters:"
-              oc get Application "${ARGOCD_APP_NAME}" \
-                    --namespace "${ARGOCD_NAMESPACE}" \
-                    -o jsonpath={.spec.source.helm.parameters}
+              "${argo_cmd}" app get "${ARGOCD_APP_NAME}" --show-params
+
+              exit ${result}
 
       restartPolicy: Never
       serviceAccountName: {{.Values.serviceaccount.argocd_application_controller}}

config/argocd-cloudpaks/cp4a/templates/cp4a-operator-app.yaml

@@ -41,7 +41,16 @@ spec:
     path: config/cloudpaks/cp4a/operators
     repoURL: {{.Values.repoURL}}
     targetRevision: {{.Values.targetRevision}}
-  syncPolicy: {}
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    retry:
+      limit: 10
+      backoff:
+        duration: 10s
+        factor: 2
+        maxDuration: 1h0m0s
 status:
   health: {}
   summary: {}

config/argocd-cloudpaks/cp4a/templates/cp4a-resources-app.yaml

@@ -51,7 +51,16 @@ spec:
     path: config/cloudpaks/cp4a/resources
     repoURL: {{.Values.repoURL}}
     targetRevision: {{.Values.targetRevision}}
-  syncPolicy: {}
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    retry:
+      limit: 10
+      backoff:
+        duration: 10s
+        factor: 2
+        maxDuration: 1h0m0s
 status:
   health: {}
   summary: {}

config/argocd-cloudpaks/cp4a/values.yaml

@@ -8,7 +8,6 @@ metadata:
   argocd_namespace: openshift-gitops
 spec:
   shared_configuration:
-    sc_deployment_hostname_suffix: to-be-set-via-presync-hook
     sc_deployment_platform: ROKS
 storageclass:
   gold: cp4a-file-retain-gold-gid

config/argocd-cloudpaks/cp4aiops/templates/cp4aiops-operator-app.yaml

@@ -41,7 +41,16 @@ spec:
     path: config/cloudpaks/cp4aiops/operators
     repoURL: {{.Values.repoURL}}
     targetRevision: {{.Values.targetRevision}}
-  syncPolicy: {}
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    retry:
+      limit: 10
+      backoff:
+        duration: 10s
+        factor: 2
+        maxDuration: 1h0m0s
 status:
   health: {}
   summary: {}

config/argocd-cloudpaks/cp4aiops/templates/cp4aiops-resources-app.yaml

@@ -45,7 +45,16 @@ spec:
     path: config/cloudpaks/cp4aiops/resources
     repoURL: {{.Values.repoURL}}
     targetRevision: {{.Values.targetRevision}}
-  syncPolicy: {}
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    retry:
+      limit: 10
+      backoff:
+        duration: 10s
+        factor: 2
+        maxDuration: 1h0m0s
 status:
   health: {}
   summary: {}