feat: deploy sealed secrets from the values repo (#1924)

Co-authored-by: Dennis van Kekem <[email protected]>

Author: j-zimnowoda

.values/env/settings.yaml

@@ -1 +1 @@
-version: 28
+version: 33

.values/env/teams.yaml

@@ -1,13 +1,3 @@
 teamConfig:
     admin:
         id: admin
-        managedMonitoring:
-            alertmanager: true
-            grafana: true
-            prometheus: true
-        selfService:
-            access:
-                - shell
-                - downloadCertificateAuthority
-            policies:
-                - edit policies

charts/team-ns/templates/argocd/argocd-gitops.yaml

@@ -0,0 +1,31 @@
+{{- $v := .Values }}
+{{- $a := $v.apps.argocd }}
+{{- if $a.enabled }}
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: team-{{ $v.teamId }}-values-gitops
+  namespace: argocd
+spec:
+  project: team-{{ $v.teamId }}
+  source:
+    repoURL: {{ $v.gitOps.valuesRepoUrl }}
+    targetRevision: HEAD
+    path: 'env/teams/{{ $v.teamId }}/sealedsecrets'
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: team-{{ $v.teamId }}
+  syncPolicy:
+    automated:
+      allowEmpty: false
+      prune: true
+      selfHeal: true
+    retry:
+      backoff:
+        # duration - Retry backoff base duration. Input needs to be a duration (e.g. 2m, 1h) (default 5s)
+        # factor - Factor multiplies the base duration after each failed retry (default 2)
+        # maxDuration - Max retry backoff duration. Input needs to be a duration (e.g. 2m, 1h) (default 3m0s)
+        duration: 10s
+        factor: 2
+    syncOptions: []
+{{- end }}

charts/team-ns/templates/argocd/argocd-project.yaml

@@ -14,6 +14,7 @@ spec:
   # Allow manifests to deploy from any Git repos
   sourceRepos:
   - {{ $v.gitOps.teamRepoUrl }}
+  - {{ $v.gitOps.valuesRepoUrl }}
   {{- range $v.workloads }}
   - {{ .url }}
   {{- end }}

charts/team-ns/templates/sealedsecrets.yaml

@@ -1335,4 +1335,4 @@ environments:
           upgrade:
             version: main
         # TODO: update this when schema version changes
-        version: 32
+        version: 33

helmfile.d/snippets/defaults.yaml

@@ -44,7 +44,7 @@ environments:
       - {{ $database }}
 {{- end }}{{ end }}
 {{- range $team := $teams }}
-  {{- range $type := list "services" "netpols" "jobs" "workloads" "backups" "builds" "policies" "sealedsecrets" "apps"}}
+  {{- range $type := list "services" "netpols" "jobs" "workloads" "backups" "builds" "policies" "apps"}}
     {{- if eq (exec "bash" (list "-c" (printf "( test -f $ENV_DIR/env/teams/%s.%s.yaml && echo 'true' ) || echo 'false'" $type $team)) | trim) "true" }}
       - {{ $ENV_DIR }}/env/teams/{{ $type }}.{{ $team }}.yaml
     {{- end }}