kind: Template apiVersion: template.openshift.io/v1 metadata: name: sxcm-cluster-argocd-project annotations: openshift.io/display-name: STARTX ArgoCD (gitops) description: Deploy ArgoCD gitops environment to sxcm definitions iconClass: icon-openshift tags: startx,cluster,config,admin,argocd,gitops openshift.io/provider-display-name: STARTX openshift.io/generated-by: sxcm sxcm_console_timeout: "20" labels: template: sxcm-cluster-argocd-project app.kubernetes.io/name: "sxcm-cluster-argocd-project" app.kubernetes.io/managed-by: sxcm message: |- Your ArgoCD gitops project is now configured Scope : ${SCOPE} Cluster : ${CLUSTER} Operator : red-hat-argocd.v3.3.2-20200903 labels: template: sxcm-cluster-argocd-project app.kubernetes.io/managed-by: sxcm objects: - kind: Project apiVersion: project.openshift.io/v1 metadata: name: "${ARGOCD_NS}" labels: &basic_labels app.startx.fr/scope: "${SCOPE}" app.startx.fr/cluster: "${CLUSTER}" app.startx.fr/component: "argocd" app.kubernetes.io/name: "${ARGOCD_NS}-project" app.kubernetes.io/part-of: ${CLUSTER} app.kubernetes.io/version: "${VERSION}" app.kubernetes.io/component: "argocd" annotations: openshift.io/description: "STARTX ArgoCD control plane" openshift.io/display-name: "Startx ARGOCD" openshift.io/requester: sxcm - kind: ResourceQuota apiVersion: v1 metadata: name: ${ARGOCD_NS}-quotas namespace: "${ARGOCD_NS}" labels: <<: *basic_labels app.kubernetes.io/name: "${ARGOCD_NS}-quotas" annotations: &basic_annotations openshift.io/generated-by: sxcm spec: hard: limits.cpu: "12000m" limits.memory: "16Gi" requests.cpu: "4000m" requests.memory: "10Gi" requests.storage: "0" persistentvolumeclaims: "0" ephemeral-storage: "10Gi" gp2.storageclass.storage.k8s.io/requests.storage: "0Gi" gp2.storageclass.storage.k8s.io/persistentvolumeclaims: "0" aws-generic-retain.storageclass.storage.k8s.io/requests.storage: "0" aws-generic-retain.storageclass.storage.k8s.io/persistentvolumeclaims: "0" aws-generic-delete.storageclass.storage.k8s.io/requests.storage: "0" aws-generic-delete.storageclass.storage.k8s.io/persistentvolumeclaims: "0" aws-fast-retain.storageclass.storage.k8s.io/requests.storage: "0" aws-fast-retain.storageclass.storage.k8s.io/persistentvolumeclaims: "0" aws-fast-delete.storageclass.storage.k8s.io/requests.storage: "0" aws-fast-delete.storageclass.storage.k8s.io/persistentvolumeclaims: "0" aws-slow-retain.storageclass.storage.k8s.io/requests.storage: "0" aws-slow-retain.storageclass.storage.k8s.io/persistentvolumeclaims: "0" aws-slow-delete.storageclass.storage.k8s.io/requests.storage: "0" aws-slow-delete.storageclass.storage.k8s.io/persistentvolumeclaims: "0" ocs-generic-delete.storageclass.storage.k8s.io/requests.storage: "0" ocs-generic-delete.storageclass.storage.k8s.io/persistentvolumeclaims: "0" ocs-generic-retain.storageclass.storage.k8s.io/requests.storage: "0" ocs-generic-retain.storageclass.storage.k8s.io/persistentvolumeclaims: "0" ocs-fs-delete.storageclass.storage.k8s.io/requests.storage: "0" ocs-fs-delete.storageclass.storage.k8s.io/persistentvolumeclaims: "0" ocs-fs-retain.storageclass.storage.k8s.io/requests.storage: "0" ocs-fs-retain.storageclass.storage.k8s.io/persistentvolumeclaims: "0" ocs-storagecluster-ceph-rbd.storageclass.storage.k8s.io/requests.storage: "0" ocs-storagecluster-ceph-rbd.storageclass.storage.k8s.io/persistentvolumeclaims: "0" openshift-storage.noobaa.io.storageclass.storage.k8s.io/requests.storage: "0" openshift-storage.noobaa.io.storageclass.storage.k8s.io/persistentvolumeclaims: "0" pods: "20" services: "20" services.loadbalancers: "0" services.nodeports: "0" secrets: "75" configmaps: "50" replicationcontrollers: "5" openshift.io/imagestreams: "0" count/replicasets.apps: "40" count/daemonsets.apps: "0" count/deployments.apps: "15" - kind: LimitRange apiVersion: v1 metadata: name: ${ARGOCD_NS}-limits namespace: "${ARGOCD_NS}" labels: <<: *basic_labels app.kubernetes.io/name: "${ARGOCD_NS}-limitrange" annotations: <<: *basic_annotations spec: limits: - type: "Pod" min: cpu: "20m" memory: "32Mi" max: cpu: 6 ephemeral-storage: "1Gi" memory: "5Gi" - type: "Container" defaultRequest: cpu: "100m" memory: "128Mi" default: cpu: "200m" memory: "256Mi" min: cpu: "20m" memory: "32Mi" max: cpu: 6 ephemeral-storage: "1Gi" memory: "5Gi" - kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: devops-rb namespace: ${ARGOCD_NS} labels: <<: *basic_labels app.kubernetes.io/name: "devops-rolebinding" annotations: <<: *basic_annotations roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: edit subjects: - kind: Group apiGroup: rbac.authorization.k8s.io name: "devops" - kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: dev-argocd-rb namespace: ${ARGOCD_NS} labels: <<: *basic_labels app.kubernetes.io/name: "dev-argocd-rolebinding" annotations: <<: *basic_annotations roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: appprojects.argoproj.io-v1alpha1-view subjects: - kind: Group apiGroup: rbac.authorization.k8s.io name: dev - kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: devops-argocd-rb namespace: ${ARGOCD_NS} labels: <<: *basic_labels app.kubernetes.io/name: "devops-argocd-rolebinding" annotations: <<: *basic_annotations roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: appprojects.argoproj.io-v1alpha1-admin subjects: - kind: Group apiGroup: rbac.authorization.k8s.io name: "devops" - kind: Group apiGroup: rbac.authorization.k8s.io name: "system:cluster-admins" - kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: sa-admin-argocdctl-appprojects-rb namespace: ${ARGOCD_NS} labels: <<: *basic_labels app.kubernetes.io/name: "sa-admin-argocdctl-appprojects-rolebinding" annotations: <<: *basic_annotations roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: appprojects.argoproj.io-v1alpha1-admin subjects: - kind: ServiceAccount name: ${ARGOCD_NS}-argocd-application-controller namespace: ${ARGOCD_NS} - kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: sa-admin-argocdctl-rb labels: <<: *basic_labels app.kubernetes.io/name: "sa-admin-argocdctl-rolebinding" annotations: <<: *basic_annotations roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: ${ARGOCD_NS}-argocd-application-controller namespace: ${ARGOCD_NS} - kind: Subscription apiVersion: operators.coreos.com/v1alpha1 metadata: name: openshift-gitops-operator namespace: "${OPERATOR_NS}" labels: <<: *basic_labels app.kubernetes.io/name: "argocd-operator-subscription" annotations: <<: *basic_annotations spec: channel: stable startingCSV: openshift-gitops-operator.v1.3.1 installPlanApproval: Automatic name: openshift-gitops-operator source: redhat-operators sourceNamespace: ${MARKETPLACE_NS} - kind: NetworkPolicy apiVersion: networking.k8s.io/v1 metadata: name: registry-allow-all-ns namespace: "${ARGOCD_NS}" spec: podSelector: matchLabels: app: argocd-operator argocd-enterprise-component: app argocd-enterprise-cr: startx ingress: - from: - namespaceSelector: {} parameters: - name: ARGOCD_NS displayName: The namespace where argocd server goes to description: "Namespace to place argocd server to" value: openshift-gitops - name: OPERATOR_NS displayName: The operator namespace where objects goes to description: "operator namespace to place objects to" value: openshift-operators - name: MARKETPLACE_NS displayName: The operator marketplace namespace where objects goes to description: "operator marketplace namespace to place objects to" value: openshift-marketplace - name: SCOPE displayName: Project scope description: "Project scope (ex: sxv4)" value: startx - name: CLUSTER displayName: Cluster name description: "Name of the current cluster (ex: sxsf)" value: sxsf - name: ENV displayName: Project environment description: "Project environment (ex: dev, factory, preprod or prod)" value: dev - name: VERSION displayName: Project version description: "Project deployed release" value: 3.9.x-dev - name: CLUSTER_PROFILE displayName: Name of the cluster profile description: "The name of the cluster profile" value: default - name: DOCKERHUB_LOGIN displayName: Login to use for pulling images from the dockerhub registry description: "The login to use for pulling images from the dockerhub registry" value: myDockerhubLogin - name: DOCKERHUB_PWD displayName: Password to use for pulling images from the dockerhub registry description: "The Password coresponding to the login for pulling images from the dockerhub registry" value: myDockerhubPassword - name: QUAYIO_LOGIN displayName: Login to use for pulling images from the quay.io registry description: "The login to use for pulling images from the quay.io registry" value: myQuayioLogin - name: QUAYIO_PWD displayName: Password to use for pulling images from the quay.io registry description: "The Password coresponding to the login for pulling images from the quay.ioi registry" value: myQuayioPassword