refactor: cleanup and decoupling of openshift-gitops and op1st-gitops

Signed-off-by: Christoph Görn <[email protected]>
goern · May 6, 2024 · 8cb75f3 · 8cb75f3
1 parent a03feb0
commit 8cb75f3
Show file tree

Hide file tree

Showing 6 changed files with 26 additions and 41 deletions.
diff --git a/docs/gitops.md b/docs/gitops.md
@@ -1,17 +1,18 @@
 ## adding a cluster to ArgoCD
 
 ```bash
-go install github.com/hairyhenderson/gomplate/v4/cmd/gomplate@latest
-export OP1ST_B4MAD_SECRET_NAME=argocd-manager # this is default for op1st
+# go install github.com/hairyhenderson/gomplate/v4/cmd/gomplate@latest
+alias gomplate='podman run --rm -ti docker.io/hairyhenderson/gomplate:latest'
+export OP1ST_B4MAD_SECRET_NAME=$(oc get serviceaccount --namespace kube-system argocd-manager -o jsonpath='{.secrets[0].name}')
 export OP1ST_B4MAD_AUTHENTICATION_TOKEN=$(oc get secret --namespace kube-system ${OP1ST_B4MAD_SECRET_NAME} -o jsonpath='{.data.token}' | base64 --decode)
 export OP1ST_B4MAD_CLUSTER_NAME=$(oc get nodes -o json | jq '.items[0].metadata.name' | tr -d \")
 export OP1ST_B4MAD_URL=$(oc whoami --show-server)
 
 # at this point: make sure, you are running kubeseal on nostromo, as that cluster needs to be able to unseal the secrets!
-cat manifests/applications/gitops/clusters/cluster.tpl | gomplate | kubeseal --namespace openshift-gitops --controller-namespace=sealed-secrets -o yaml >manifests/applications/gitops/clusters/${OP1ST_B4MAD_CLUSTER_NAME}.yaml
+cat manifests/applications/openshift-gitops/clusters/cluster.tpl | gomplate | kubeseal --namespace openshift-gitops --controller-namespace=sealed-secrets -o yaml >manifests/applications/openshift-gitops/clusters/${OP1ST_B4MAD_CLUSTER_NAME}.yaml
 pre-commit run --all-files
-git add manifests/applications/gitops/clusters/${OP1ST_B4MAD_CLUSTER_NAME}.yaml
-git commit manifests/applications/gitops/clusters/${OP1ST_B4MAD_CLUSTER_NAME}.yaml -sS -m "🔐 add ${OP1ST_B4MAD_CLUSTER_NAME} cluster to ArgoCD"
+git add manifests/applications/openshift-gitops/clusters/${OP1ST_B4MAD_CLUSTER_NAME}.yaml
+git commit manifests/applications/openshift-gitops/clusters/${OP1ST_B4MAD_CLUSTER_NAME}.yaml -sS -m "🔐 add ${OP1ST_B4MAD_CLUSTER_NAME} cluster to ArgoCD"
 ```
 
 ### References

diff --git a/manifests/applications/openshift-gitops/clusters/cluster.tpl b/manifests/applications/openshift-gitops/clusters/cluster.tpl
@@ -12,7 +12,4 @@ stringData:
   config: |
     {
       "bearerToken": "{{.Env.OP1ST_B4MAD_AUTHENTICATION_TOKEN}}",
-      "tlsClientConfig": {
-        "insecure": true
-      }
     }
diff --git a/manifests/applications/openshift-gitops/clusters/kustomization.yaml b/manifests/applications/openshift-gitops/clusters/kustomization.yaml
@@ -1,7 +1,7 @@
----
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: openshift-gitops
 
 resources:
+  - nostromo.yaml
   - phobos.yaml
diff --git a/manifests/applications/openshift-gitops/clusters/nostromo.yaml b/manifests/applications/openshift-gitops/clusters/nostromo.yaml
@@ -0,0 +1,19 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: nostromo
+  namespace: openshift-gitops
+spec:
+  encryptedData:
+    config: AgAGYo/5Qow/AcmA9mBx6LETuJhzViwMDQdgkwj4CRQrJqHY2Hj7no/iTJrQKzYEZGM5VDlZ76Qq8Oos0g96PVTyxt7TGK2DprrqEn+UWm8cqGrD7jwDnvImeyYP+MdyQNeZlWZd8cpUCNQKHthPE+YtJWRQD2Jte9eyzYlCLCtIJMvxJEcQndV4liuRXfvMflvso6CKUiyQRex/U/XasxNCcnvx/Jk5lUKT7jlmLx8E/Ena+nb055c2xda5CK+Mt/cv4FIhA6DChzfQuh6LigC6dCgPUQklvTIaSprgYSWw99efDoILKG4jVtbF3eEMeahNDip+ZHNenA4qV+H0lBnmb24TzSatS3lkdxKk1jA+nwJs64rZC8hg/Z1dyKB/cmvNRJmm5choPm17U+g6citqNYMEz31aR1/gV8/gAF0X14wgQdMSxfjVsiD9iIMQNIfowc0hgGjISuRRyYJ9DnI800ykaxhTcBvY79Gvbu7qN/yU1MfnuZcG7rv0xqB2XWyv2HJfYej3HmTUJWkEZsYdpLOJzUAuywyb2zKyJTQfBflKEbaMMYPm4eMCdu8W/WJO5NbIbOLuZXT80B0staqxR3uG68CbpXv/u3kF3TULmeFwMdBHSIeieVpm08kl9hP2zDIigYh8+XIldBrHp3hZSZROfK5sLvyQHatOcSRtWDRmZ9d+b6Z321rTwjl9A4rznSEFD0+zAElwswbUfzyLVKR3qt1ke0W5
+    name: AgBTQw0PrRpdWQBlfn8sxI788Ht6tBbupaGSnutcu1ilb/zLDpCMFxGmA70H/yor6OHrrt1hz7qOoECVV0JskVgRi71R2Pivkf/oC5D5hYUOogK07kcwt4yAFhM8P4/jAiZ07XjRmjNG2/1WMWnMJPm733PFQAOuBhNCWzdS3EKjDLfkc+wymR73CbSOVNIHWCpp627hsUkc51klyJetTiI5LOldm0GyheAxmZel/aYkDQG+jo10v5ccY4HzwKyMRBgP9O20wkVZKv/TxoP/AqlAayyZw62zo+2TOtfDQS30ZZyG3HI3NRjGG5A08nvuC69Z9SF+0Zj+qgMuCzGY0afdtfg2i1BRdTW82fxUsXeEUpG67bWOzhgH6ffi7zkq+QIDyGelzEj+PfyyGcpja6d7eTe2RpLTp/Xc2UY7/RwqAGZ2hCpU/YEIEwLeYXuqhAyfnFxlBrftzu1P8I+lR4lnaHR5T9g0VGtVtUfhS7SxcKU4B3Kjf2s/CLnDDE2ypfpoI2/0AjYqrJ227ca7T3gxIdnx2kyEYkf4gMhk+hdt0ybZc0sE87cM7Gx3Ei6DEg1feKlDHSiiI78qTy+V1+9EQ9oPhR8WW21R+7M9+3EOAesn0RYbVk6ghefbEzw2Qq9lmQ3QDVCjCtn0KQxPvS0/YpGXJhaX79k6icuRKFTp17HD/prqvRgj6M4QAsTMJ08UGMtSfoNLQQ==
+    server: AgB8tDSwJ2E7+6esdLvsA5Y7uqWXRZOxf/DjLuUwelbxWDEKzPmiwFOw1mRI+NIn0U1vl42GZR/AQO6H6qLIG/0NiXJpjQ6/n3fwgfSHFkdZjXGTQM6JWGFhev4HUxUw6DEvtZZIcU9V5FnoO7+QG2waPR4zLGEL9NQX3JFTFtaqZPZMVlpQQgpSN1uUuodGBGHj/MiGUqqr1NtUj3vxlYP6Cd9mK2/bOH0j7/0yZvxigk7YZCHEJ3J1gHaNSM2niUc1+16scvsaXPWCEOAPVhTYaUVbcbi4MBq8Ce454jbXKJeSIp6c6+Zu+4eOu0+YNhajcTAI9pteoD9LPdNfma7FuqucKHAF0RmSq3R/eqwgLyvvokNX/2jYhj9c/7IyhccqCDhCxMm+iCJlZ3Nq4H06Cm2hu7jV9ln9RlV+yNHUkKXP4ePMDd2AtNTBP5djlR38Njn3H3bGxtp9F45oHTVpsRn5NIQPCVn4qh3VwkX4IJwdk6r0cZ1M00wsrijB3S20rGf/t2LLAjoY2yQp0rIJ5wsykHnvZmMsQRzS+XcWRLDWG+84vdq7CGzMauyNe1vUaGbEIV/JVo+yRC+nrdMb0xtvsFFIURvISYe1kCTVgx8P+BH6SWuhcm8Td/4kseHleiDqIbTkqPOMmP++dT2U92dpFjfMFwkkyWAKKDpuZH1yfhyts5w1sey40CjhamaTNfNEURaVs1bDt/T+UgXujHmugCDVkXDFaYO0uvJ2nChC66Gz9d/qlQk7ljETFJCn8BT2+723vn0gFwYrQNRpRREJ2Q==
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        argocd.argoproj.io/secret-type: cluster
+      name: nostromo
+      namespace: openshift-gitops
+    type: Opaque
diff --git a/manifests/environments/nostromo/openshift-gitops/kustomization.yaml b/manifests/environments/nostromo/openshift-gitops/kustomization.yaml
@@ -6,7 +6,6 @@ resources:
   - namespace.yaml
   - clusterrole.yaml
 
-  # - rbac/bitnami-sealedsecrets.yaml
   - rbac/integreatly-grafana.yaml
   - rbac/openshift-performanceprofiles.yaml
   - rbac/openshift-gitops-integration.yaml

diff --git a/manifests/environments/nostromo/openshift-gitops/rbac/bitnami-sealedsecrets.yaml b/manifests/environments/nostromo/openshift-gitops/rbac/bitnami-sealedsecrets.yaml