feat(k8s/argo-apps/dcsi): add argo app

.gitignore

@@ -1 +1,2 @@
 .idea/
+secrets.yaml

k8s/argo-apps/dcsi.yaml

@@ -0,0 +1,30 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: democratic-csi
+  namespace: argocd
+spec:
+  destination:
+    name: ''
+    namespace: 'democratic-csi'
+    server: 'https://kubernetes.default.svc'
+  source:
+    chart: democratic-csi
+    repoURL: https://democratic-csi.github.io/charts/
+    targetRevision: 0.14.4
+    helm:
+      releaseName: zfs-nfs
+      valuesObject:
+        csiDriver:
+          name: "org.dcsi.nfs"
+        driver:
+          existingConfigSecret: secrets-dcsi
+          config:
+            driver: freenas-api-nfs
+  sources: []
+  project: fuku
+  syncPolicy:
+    automated:
+      prune: false
+      selfHeal: true
+

k8s/argo-apps/democratic-csi.yaml

@@ -1,21 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: democratic-csi
-  namespace: argocd
-spec:
-  destination:
-    name: ''
-    namespace: 'dcsi'
-    server: 'https://kubernetes.default.svc'
-  source:
-    path:
-    repoURL: 'https://gitlab.com/fukurokuju/k3s/services.git'
-    targetRevision: main
-  sources: []
-  project: roboces
-  syncPolicy:
-    automated:
-      prune: false
-      selfHeal: false
-

k8s/services/argo/appgen.yaml

@@ -0,0 +1,16 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: fukuops-appgen
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  destination:
+    namespace: default
+    name: in-cluster
+  project: default
+  source:
+    path: k8s/argo-apps
+    repoURL: https://git.roboces.dev/catalin/fukuops.git
+    targetRevision: main

k8s/services/argo/argocd-cmd-params-cm.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: argocd-cmd-params-cm
+  namespace: argocd
+  labels:
+    app.kubernetes.io/name: argocd-cmd-params-cm
+    app.kubernetes.io/part-of: argocd
+data:
+  server.insecure: "true"

k8s/services/argo/ingress-route.yaml

@@ -0,0 +1,24 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: argocd-server
+  namespace: argocd
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`argo.fuku`)
+      priority: 10
+      services:
+        - name: argocd-server
+          port: 80
+    - kind: Rule
+      match: Host(`argo.fuku`) && Headers(`Content-Type`, `application/grpc`)
+      priority: 11
+      services:
+        - name: argocd-server
+          port: 80
+          scheme: h2c
+  tls:
+    certResolver: default

k8s/services/argo/project-fuku.yaml

@@ -0,0 +1,19 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: AppProject
+metadata:
+  namespace: argocd
+  name: fuku
+spec:
+  destinations:
+    - namespace: apps-fuku
+      server: https://kubernetes.default.svc
+    - namespace: democratic-csi
+      server: https://kubernetes.default.svc
+  clusterResourceWhitelist:
+    - group: "*"
+      kind: "*"
+  sourceRepos:
+    - https://gitlab.com/fukurokuju/k3s/services.git
+    - https://git.roboces.dev/catalin/fukuops.git
+    - https://democratic-csi.github.io/charts/

k8s/services/argo/project-roboces.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: AppProject
+metadata:
+  namespace: argocd
+  name: roboces
+spec:
+  destinations:
+    - namespace: apps-roboces
+      server: https://kubernetes.default.svc
+
+  sourceRepos:
+    - https://gitlab.com/fukurokuju/k3s/services.git

k8s/services/argo/repos.yaml

@@ -0,0 +1,10 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: fuku-services
+  namespace: argocd
+  labels:
+    argocd.argoproj.io/secret-type: repository
+stringData:
+  url: https://gitlab.com/fukurokuju/k3s/services.git

k8s/services/dcsi/sealedsecrets.yaml

@@ -0,0 +1,16 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: secrets-dcsi
+  namespace: democratic-csi
+spec:
+  encryptedData:
+    driver-config-file.yaml: AgBlO8BsDvPZ680OaqdWB9dv/GQ7UI/UN2dJaLT6fGQBOC/ipeIHw8htNAxQQUSblW5+hVRcYeY32H20q5H+8dzGJpuf7XWjWEPB2zXVhEJChtuBVYTwri0+WswCYUjbr4ZbOag8usQiJPLIDGbBN0crZQ5ETq7Z7NoGAnvZy7GlUpmbygLEoHb5l80Ai3Gtss9Gu+2CuFMBF/MoLlxJnABEkmDUZ5fRhuEnYgY20y1enFw1oO+Hqk2a1fwWOJLrx1kPB0zW2MRxIpr8M1Un0kuZZ4acjc0cTRVy3ju0eiRdINFq+SGstXMuMTSGUu8oxptV2BpFQzR05KLSmzJ3dt5ggEUtDSRAl8nINdOlqHVZNh4USkILS5dAEgHL27tA7WFE3QFradN+XeyHsraZAqA+uYxm6tZ8wgzyhrfgSe6g21iyzYRrPyA95/o3RG5y8zLtg3oSpSTwOai52GK8TqzSto8gazeG8ZfuHbm5ZiIEXDv5K6KY/MHQFzVgWoMmnVs0hzG7Lb+J5BhjRvHtmEhG/ti8MmRUrNpeS+4au/szJVNhRYDEvz5IwgqoC9w5UYw4mMYb7Acmbc9WA9JZaJg4DHt9EZZUxt9QvZQ7d+Rvc/QxJLrJnq963AOAc5appgXPvGbvbdCNCqO2wId6wsD44RpponqTzSznZlpVjXKjNF2c3bxlxFdlZyg/vTrvQasz1SziLNvIsUtFIP5P1IUVovOcfTzigC3QabqxpkD11tKQBmm8EW7K7l+SkWehhE923OSMlih+Ar4gqHOR8jjp3AXsDF16GDxJTjb5L7jAV/Jc9n1C63auZ5f61DiBq2SaVVTroV/d5WqSlieMwh4yRSVWKtwLO8lZslquhBMll/DTdVY+qCvgIsi/VVwZUMn+q7Jjou4QIeOreyg3SqmWfu0vQcK/rrIs6Vl+mtDQ8tsDhgQacf4usZv03CnmXKADITgrHu6ytV/XkPYYyPsCKSjQryWDMwETNUggo1RCfSNcaGUa39KW3v7NQLKBffUVaKCaNPd+QEFUp8+/Xq9MjpQ07ep8SdM6J15FH/IBSP5nEzxfRVFli9dH6fAi8iNlZR4lS7gem7FwWDKbGhVcRHqDw7pRWqCysPpZWBU1HIC6auWpMDe/Pbw3ITCL7FpxpahO/NQpFBJHz75AVcYvvfpqn75Izzang+za1DczCugYZBzWATCXmBMpHBkgIIyT2EIIcjcOMeMz3qHNgiweVgi4qQHn6PsMYTj4qhpccPLCBzCnKNFlxWZPUlMpz+/mAWYN2LuBIaThGDjNflQ9JD2DABZKD6o7Nl5EpSpjoExDoqSmLnRQdATqoZS23e3PHDA4ZoS6fXKPo2T+gSTbwCzFVceNWw2gG1VpEdyPYxoKQ+jiIKvcCR0pmD83zEQ7RVK9o7NeV76jp60EHU41WL1O7jVOsuiRTAylZaeBVsVRdyQQPznNmVcPKkhGAtft3c1OD9lMLGwoUrcBCcnKjRBHj3/c6+xgpAndHw==
+  template:
+    metadata:
+      creationTimestamp: null
+      name: secrets-dcsi
+      namespace: democratic-csi
+    type: Opaque
+

k8s/services/dcsi/test.yaml

@@ -1,35 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: nginx
-spec:
-  selector:
-    matchLabels:
-      app: nginx
-  template:
-    metadata:
-      labels:
-        app: nginx
-    spec:
-      containers:
-      - name: nginx 
-        image: nginx
-        volumeMounts:
-        - name: data
-          mountPath: /data
-      volumes:
-      - name: data
-        persistentVolumeClaim: 
-          claimName: nfs-pvc
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: nfs-pvc
-spec:
-  accessModes:
-  - ReadWriteOnce
-  storageClassName: "truenas-nfs-csi"
-  resources:
-    requests:
-      storage: 1Gi

k8s/services/dcsi/truenas-nfs.yaml

@@ -1,40 +0,0 @@
-csiDriver:
-  name: "org.dcsi.nfs"
-
-storageClasses:
-- name: truenas-nfs-csi
-  defaultClass: false
-  reclaimPolicy: Delete
-  volumeBindingMode: Immediate
-  allowVolumeExpansion: true
-  parameters:
-    fsType: nfs
-  mountOptions:
-    - noatime
-    - nfsvers=4.2
-driver:
-  config:
-    driver: freenas-api-nfs
-    instance_id:
-    httpConnection:
-      protocol: http
-      host: 192.168.1.3
-      port: 80
-      apiKey: "bogus"
-      allowInsecure: true
-    zfs:
-      datasetParentName: pool1/dcsi/a/vols
-      detachedSnapshotsDatasetParentName: pool1/dcsi/a/snaps
-      datasetEnableQuotas: true
-      datasetEnableReservation: false
-      datasetPermissionsMode: "0777"
-      datasetPermissionsUser: 0
-      datasetPermissionsGroup: 0
-
-    nfs:
-      shareHost: 192.168.1.3
-      shareAlldirs: false
-      shareAllowedHosts: []
-      shareAllowedNetworks: []
-      shareMapallUser: apps
-      shareMapallGroup: apps