Merge branch 'argo-istio-integration' into 'main'

Add Istio and ArgoCD templates to helm See merge request eclipse/xfsc/tsa/policy!45

Merge branch 'argo-istio-integration' into 'main'
Add Istio and ArgoCD templates to helm See merge request eclipse/xfsc/tsa/policy!45
9410420d · Kalin Canov · 9a6dc104 · bb4adc60 · 9410420d · 9410420d
Commit 9410420d authored 1 year ago by Kalin Canov
--- a/deployment/helm/ci/argocd.yaml
+++ b/deployment/helm/ci/argocd.yaml
+# ArgoCD Application Definition
+source:
+  repoURL: "{{ .RepoURL }}"
+  path: "{{ .Path }}"
+  targetRevision: "{{ .TargetRevision }}"
+
+applications:
+  - name: apps-of-apps
+    namespace: argocd
+    enabled: true
+    k8sAPI: https://kubernetes.default.svc
+    project: my-project
+    sourcePath: "."
+    sourceRef: "main"
+    chartName: "my-name"
+    ignoreDifferences:
+      - group: admissionregistration.k8s.io
+        kind: ValidatingWebhookConfiguration
+        name: cert-manager-webhook
+        jsonPointers:
+          - /webhooks/0/namespaceSelector/matchExpressions/2
+    helmValues:
+      - my_chart/values.yaml # Include values from the Helm chart
+
+  - name: example-app
+    enabled: true
+    sourcePath: "."
+    helmValues:
+      - my_chart/values.yaml # Include values from the Helm chart
+      - my_chart/example-values.yaml # Include additional example-specific values
--- a/deployment/helm/templates/argocd/argo-application.yaml
+++ b/deployment/helm/templates/argocd/argo-application.yaml
--- a/deployment/helm/templates/argocd/argo-project.yaml
+++ b/deployment/helm/templates/argocd/argo-project.yaml
--- a/deployment/helm/templates/istio/autorization-rules.yaml
+++ b/deployment/helm/templates/istio/autorization-rules.yaml
+# templates/istio/authorization-rules.yaml
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+  name: { { include "my_chart.fullname" . } }
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: { { include "my_chart.name" . } }
+      app.kubernetes.io/instance: { { .Release.Name } }
+  action: ALLOW
+  rules:
+    - from:
+        - source:
+            principals: ["cluster.local/ns/default/sa/default"]
+      to:
+        - operation:
+            methods: ["GET"]
--- a/deployment/helm/templates/istio/gateway.yaml
+++ b/deployment/helm/templates/istio/gateway.yaml
+# templates/istio/gateway.yaml
+apiVersion: networking.istio.io/v1alpha3
+kind: Gateway
+metadata:
+  name: my-chart-gateway
+spec:
+  selector:
+    istio: ingressgateway
+  servers:
+    - port:
+        number: 80
+        name: http
+        protocol: HTTP
+      hosts:
+        - "*"
--- a/deployment/helm/templates/istio/virtual-service.yaml
+++ b/deployment/helm/templates/istio/virtual-service.yaml
+# templates/istio/virtual-service.yaml
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: { { include "my_chart.fullname" . } }
+spec:
+  hosts:
+    - "*"
+  gateways:
+    - my-chart-gateway
+  http:
+    - route:
+        - destination:
+            host: { { include "my_chart.fullname" . } }
+            port:
+              number: 80