feat: multi-repo overlay architecture for addon values#628
Open
allamand wants to merge 2 commits into
Open
Conversation
Add support for an optional overlay Git repository that provides value overrides for addons without modifying the source platform repo. Changes: - Terraform: 3 new variables (overlay_repo_url, revision, base_path) - Bootstrap addons.yaml: ref:values → ref:defaults + conditional ref:overlay - appset-chart: $values/ → $defaults/ + conditional $overlay/ paths - Fully backward-compatible: empty overlay_repo_url = no change in behavior
8c41627 to
8390cec
Compare
The bootstrap Application loads gitops/bootstrap/ as a directory source,
which parses YAML before ArgoCD processes Go templates. The {{- if }}
conditionals broke YAML parsing.
Fix:
- Always include overlay source, using 'or' to fall back to the main
repo when overlay_repo_url is empty
- Add empty overlay annotations to seed secret so missingkey=error
doesn't fail on missing keys
- ignoreMissingValueFiles: true handles non-existent overlay files
Collaborator
|
@allamand We have folks testing with the current structure. once that is implemented, we will merge this as this will require changes to the other appset paths we are validating on. @punkwalker Please review this as well |
allamand
pushed a commit
that referenced
this pull request
Jun 4, 2026
…rom PR #628) Add support for an optional overlay Git repository (GitLab) that provides value overrides for addons without modifying the source platform repo (GitHub). Changes: - bootstrap/addons.yaml: ref:values → ref:defaults + conditional ref:overlay - appset-chart: $values/ → $defaults/ + conditional $overlay/ paths - New valuesObject passes overlay repo coordinates to appset-chart - Fully backward-compatible: empty overlay_repo_url = no change in behavior
Contributor
Author
|
@hmuthusamy I will close this branch, i've cherry pick the changes in #709 directly, and currently validating it works end to end |
65 tasks
allamand
pushed a commit
that referenced
this pull request
Jun 5, 2026
…patible) + open addon enablement via GitLab overlay CRITICAL: the PR #628 cherry-pick added Go-template {{- if }} control blocks to addons.yaml. gitops/bootstrap is applied in ArgoCD directory mode (raw YAML), so {{- if }} broke YAML parsing — bootstrap app errored: 'Failed to unmarshal addons.yaml: line 28 could not find expected':''. Fix: use sprig 'dig' (missingkey-safe) for optional overlay_repo_* annotations instead of {{- if }} structural control flow. Overlay source is now always present, defaulting to the addons/fleet repo when overlay_repo_url is absent (idempotent no-op). Valid YAML, backward-compatible, missingkey-safe. Also opens addon enablement to tenants: fleet-secret appsets (hub + spokes) now merge $overlay enabled-addons.yaml/addon-overrides.yaml from GitLab fleet-config on top of the GitHub defaults.
allamand
added a commit
that referenced
this pull request
Jun 5, 2026
…e failure) (#718) * fix(crossplane): stop NATGateway late-initializing vpcId The PlatformCluster Composition never sets spec.forProvider.vpcId on the NATGateway, but the Upbound AWS EC2 provider late-initializes it from the observed resource. availabilityMode defaults to "zonal", for which the EC2 API rejects VpcId on create: MissingParameter: VpcId is not supported for a NAT gateway with availability mode zonal This stays dormant while the NAT exists (observe-only), but any (re)create - e.g. after an out-of-band NAT deletion - fails, which breaks the private subnet default route, blocks provider image pulls, and cascades into ArgoCD cluster-cache sync errors. Excluding LateInitialize from managementPolicies prevents the provider from copying vpcId into the spec, so (re)create uses subnetId only and succeeds. * fix(bootstrap): replace {{- if }} blocks with dig (directory-mode compatible) + open addon enablement via GitLab overlay CRITICAL: the PR #628 cherry-pick added Go-template {{- if }} control blocks to addons.yaml. gitops/bootstrap is applied in ArgoCD directory mode (raw YAML), so {{- if }} broke YAML parsing — bootstrap app errored: 'Failed to unmarshal addons.yaml: line 28 could not find expected':''. Fix: use sprig 'dig' (missingkey-safe) for optional overlay_repo_* annotations instead of {{- if }} structural control flow. Overlay source is now always present, defaulting to the addons/fleet repo when overlay_repo_url is absent (idempotent no-op). Valid YAML, backward-compatible, missingkey-safe. Also opens addon enablement to tenants: fleet-secret appsets (hub + spokes) now merge $overlay enabled-addons.yaml/addon-overrides.yaml from GitLab fleet-config on top of the GitHub defaults. --------- Co-authored-by: Workshop User <workshopuser@example.com>
allamand
added a commit
that referenced
this pull request
Jun 12, 2026
…rom PR #628) Add support for an optional overlay Git repository (GitLab) that provides value overrides for addons without modifying the source platform repo (GitHub). Changes: - bootstrap/addons.yaml: ref:values → ref:defaults + conditional ref:overlay - appset-chart: $values/ → $defaults/ + conditional $overlay/ paths - New valuesObject passes overlay repo coordinates to appset-chart - Fully backward-compatible: empty overlay_repo_url = no change in behavior
allamand
added a commit
that referenced
this pull request
Jun 12, 2026
…e failure) (#718) * fix(crossplane): stop NATGateway late-initializing vpcId The PlatformCluster Composition never sets spec.forProvider.vpcId on the NATGateway, but the Upbound AWS EC2 provider late-initializes it from the observed resource. availabilityMode defaults to "zonal", for which the EC2 API rejects VpcId on create: MissingParameter: VpcId is not supported for a NAT gateway with availability mode zonal This stays dormant while the NAT exists (observe-only), but any (re)create - e.g. after an out-of-band NAT deletion - fails, which breaks the private subnet default route, blocks provider image pulls, and cascades into ArgoCD cluster-cache sync errors. Excluding LateInitialize from managementPolicies prevents the provider from copying vpcId into the spec, so (re)create uses subnetId only and succeeds. * fix(bootstrap): replace {{- if }} blocks with dig (directory-mode compatible) + open addon enablement via GitLab overlay CRITICAL: the PR #628 cherry-pick added Go-template {{- if }} control blocks to addons.yaml. gitops/bootstrap is applied in ArgoCD directory mode (raw YAML), so {{- if }} broke YAML parsing — bootstrap app errored: 'Failed to unmarshal addons.yaml: line 28 could not find expected':''. Fix: use sprig 'dig' (missingkey-safe) for optional overlay_repo_* annotations instead of {{- if }} structural control flow. Overlay source is now always present, defaulting to the addons/fleet repo when overlay_repo_url is absent (idempotent no-op). Valid YAML, backward-compatible, missingkey-safe. Also opens addon enablement to tenants: fleet-secret appsets (hub + spokes) now merge $overlay enabled-addons.yaml/addon-overrides.yaml from GitLab fleet-config on top of the GitHub defaults. --------- Co-authored-by: Workshop User <workshopuser@example.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Implements #574 — Multi-Repo Values Overlay Architecture.
Adds support for an optional overlay Git repository (GitLab, CodeCommit, or any Git source) that provides value overrides for addons without modifying the source platform repo.
Changes
platform/infra/terraform/common/variables.tfoverlay_repo_url,overlay_repo_revision,overlay_repo_base_pathplatform/infra/terraform/common/locals.tfgitops/bootstrap/addons.yamlref:values→ref:defaults+ conditionalref:overlaysourceplatform-charts/appset-chart/values.yamlplatform-charts/appset-chart/templates/application-set.yamlplatform-charts/appset-chart/templates/_application_set.tpl$values/→$defaults/+$overlay/paths in valueFiles helperHow to use
The overlay repo structure mirrors the platform repo:
Backward compatibility
overlay_repo_urlis empty (default) → no overlay source rendered → identical behavior to todayignoreMissingValueFiles: truealready in place → missing overlay files are silently skippedCloses #574