diff --git a/cli/cmd/argocd.go b/cli/cmd/argocd.go index a493f600..59601d16 100644 --- a/cli/cmd/argocd.go +++ b/cli/cmd/argocd.go @@ -96,7 +96,6 @@ func AddArgoCDCmd(parentCmd *cobra.Command, opts *GlobalOptions) { When --deploy-dc-config is set, Codesphere-managed resources are applied after the chart install/upgrade: - - AppProjects (always) - Helm OCI registry secret (always, requires OMS_REGISTRY_PASSWORD) - Local cluster secret (only if --dc-id is provided) - Git repo credentials (only if OMS_GIT_PASSWORD env var is set) @@ -118,7 +117,7 @@ func AddArgoCDCmd(parentCmd *cobra.Command, opts *GlobalOptions) { argocd.cmd.Flags().StringVar(&argocd.Opts.DatacenterId, "dc-id", "", "Codesphere Datacenter ID (optional, registers local cluster in ArgoCD)") argocd.cmd.Flags().StringVar(&argocd.Opts.RegistryURL, "registry-url", "ghcr.io/codesphere-cloud/charts", "OCI registry URL for the Helm chart repository") argocd.cmd.Flags().StringVarP(&argocd.Opts.Version, "version", "v", "", "Version of the ArgoCD helm chart to install") - argocd.cmd.Flags().BoolVar(&argocd.Opts.FullInstall, "deploy-dc-config", false, "Apply Codesphere-managed resources (AppProjects, Repo Creds, ...) after installing the chart") + argocd.cmd.Flags().BoolVar(&argocd.Opts.FullInstall, "deploy-dc-config", false, "Apply Codesphere-managed resources (Repo Creds, ...) after installing the chart") argocd.cmd.Flags().StringArrayVarP(&argocd.Opts.ValueFiles, "values", "f", nil, "Specify values in a YAML file (can be specified multiple times)") argocd.cmd.Flags().BoolVar(&argocd.Opts.ForceConflicts, "force-conflicts", false, "Force field ownership conflicts during upgrade (sets server-side apply ForceConflicts)") argocd.cmd.Flags().StringVar(&argocd.Opts.RepoURL, "repo", "", "Helm chart repository URL; supports HTTP (default: https://argoproj.github.io/argo-helm) and OCI (e.g. oci://ghcr.io/argoproj/argo-helm)") diff --git a/docs/oms_beta_install_argocd.md b/docs/oms_beta_install_argocd.md index d13d4be9..6df7f005 100644 --- a/docs/oms_beta_install_argocd.md +++ b/docs/oms_beta_install_argocd.md @@ -8,7 +8,6 @@ Install or upgrade the ArgoCD helm release. When --deploy-dc-config is set, Codesphere-managed resources are applied after the chart install/upgrade: - - AppProjects (always) - Helm OCI registry secret (always, requires OMS_REGISTRY_PASSWORD) - Local cluster secret (only if --dc-id is provided) - Git repo credentials (only if OMS_GIT_PASSWORD env var is set) @@ -45,7 +44,7 @@ $ oms beta install argocd --deploy-dc-config --dc-id 0 ``` --dc-id string Codesphere Datacenter ID (optional, registers local cluster in ArgoCD) - --deploy-dc-config Apply Codesphere-managed resources (AppProjects, Repo Creds, ...) after installing the chart + --deploy-dc-config Apply Codesphere-managed resources (Repo Creds, ...) after installing the chart --force-conflicts Force field ownership conflicts during upgrade (sets server-side apply ForceConflicts) -h, --help help for argocd --registry-url string OCI registry URL for the Helm chart repository (default "ghcr.io/codesphere-cloud/charts") diff --git a/internal/installer/argocd/argocd_resources.go b/internal/installer/argocd/argocd_resources.go index 6e1f8261..dc307be6 100644 --- a/internal/installer/argocd/argocd_resources.go +++ b/internal/installer/argocd/argocd_resources.go @@ -11,7 +11,6 @@ import ( "log" k8s "github.com/codesphere-cloud/oms/internal/util" - "k8s.io/client-go/dynamic" "k8s.io/client-go/kubernetes" ) @@ -22,7 +21,6 @@ type ArgoCDResources interface { type argoCDResources struct { clientset kubernetes.Interface - dynClient dynamic.Interface DatacenterId string OciPassword string @@ -30,10 +28,9 @@ type argoCDResources struct { GitPassword string } -func NewArgoCDResources(clientset kubernetes.Interface, dynClient dynamic.Interface, dataCenterId string, ociPassword string, ociRegistryURL string, gitPassword string) (ArgoCDResources, error) { +func NewArgoCDResources(clientset kubernetes.Interface, dataCenterId string, ociPassword string, ociRegistryURL string, gitPassword string) (ArgoCDResources, error) { return &argoCDResources{ clientset: clientset, - dynClient: dynClient, DatacenterId: dataCenterId, OciPassword: ociPassword, OciRegistryURL: ociRegistryURL, @@ -41,9 +38,6 @@ func NewArgoCDResources(clientset kubernetes.Interface, dynClient dynamic.Interf }, nil } -//go:embed manifests/app-projects.yaml -var appProjectsYAML []byte - //go:embed manifests/cluster-local.yaml.tpl var localClusterTpl []byte @@ -54,10 +48,6 @@ var helmRegistryTpl []byte var gitRepoTpl []byte func (a *argoCDResources) ApplyAll(ctx context.Context) error { - if err := a.applyAppProjects(ctx); err != nil { - return fmt.Errorf("applying app projects: %w", err) - } - if a.DatacenterId != "" { if err := a.applyLocalCluster(ctx); err != nil { return fmt.Errorf("applying local cluster secret: %w", err) @@ -81,25 +71,6 @@ func (a *argoCDResources) ApplyAll(ctx context.Context) error { return nil } -func (a *argoCDResources) applyAppProjects(ctx context.Context) error { - log.Println("Applying AppProjects... ") - objects, err := k8s.DecodeMultiDocYAML(appProjectsYAML) - if err != nil { - return fmt.Errorf("decoding app projects yaml: %w", err) - } - - for _, obj := range objects { - gvr, err := k8s.GvrForUnstructured(obj) - if err != nil { - return err - } - if err := k8s.ApplyUnstructured(ctx, a.dynClient, gvr, obj); err != nil { - return fmt.Errorf("applying app project %q: %w", obj.GetName(), err) - } - } - return nil -} - func (a *argoCDResources) applyLocalCluster(ctx context.Context) error { log.Println("Applying local cluster secret... ") rendered, err := k8s.RenderTemplate(localClusterTpl, map[string]string{ diff --git a/internal/installer/argocd/installer.go b/internal/installer/argocd/installer.go index f454075a..be03780c 100644 --- a/internal/installer/argocd/installer.go +++ b/internal/installer/argocd/installer.go @@ -52,11 +52,11 @@ func NewInstaller(cfg InstallerConfig) (*Installer, error) { return nil, fmt.Errorf("init helm client failed: %w", err) } - clientset, dynClient, err := k8s.NewClientsFromRESTConfig(cfg.RESTConfig) + clientset, _, err := k8s.NewClientsFromRESTConfig(cfg.RESTConfig) if err != nil { return nil, fmt.Errorf("creating kubernetes clients: %w", err) } - resources, err := NewArgoCDResources(clientset, dynClient, cfg.DatacenterId, cfg.OciPassword, cfg.OciRegistryURL, cfg.GitPassword) + resources, err := NewArgoCDResources(clientset, cfg.DatacenterId, cfg.OciPassword, cfg.OciRegistryURL, cfg.GitPassword) if err != nil { return nil, fmt.Errorf("init argocd resources client failed: %w", err) } @@ -70,11 +70,11 @@ func NewInstaller(cfg InstallerConfig) (*Installer, error) { if err != nil { return nil, fmt.Errorf("init helm client failed: %w", err) } - clientset, dynClient, err := k8s.NewClients() + clientset, _, err := k8s.NewClients() if err != nil { return nil, fmt.Errorf("creating kubernetes clients: %w", err) } - resources, err := NewArgoCDResources(clientset, dynClient, cfg.DatacenterId, cfg.OciPassword, cfg.OciRegistryURL, cfg.GitPassword) + resources, err := NewArgoCDResources(clientset, cfg.DatacenterId, cfg.OciPassword, cfg.OciRegistryURL, cfg.GitPassword) if err != nil { return nil, fmt.Errorf("init argocd resources client failed: %w", err) } diff --git a/internal/installer/argocd/manifests/app-projects.yaml b/internal/installer/argocd/manifests/app-projects.yaml deleted file mode 100644 index f34917eb..00000000 --- a/internal/installer/argocd/manifests/app-projects.yaml +++ /dev/null @@ -1,74 +0,0 @@ -# Copyright (c) Codesphere Inc. -# SPDX-License-Identifier: Apache-2.0 - -# yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/argoproj.io/appproject_v1alpha1.json -apiVersion: argoproj.io/v1alpha1 -kind: AppProject -metadata: - name: prod - namespace: argocd - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - description: Project containing production apps - clusterResourceWhitelist: - - group: "*" - kind: "*" - destinations: - - namespace: "*" - name: dc-0 - - namespace: "*" - name: dc-1 - - namespace: "*" - name: dc-2 - - namespace: "*" - name: dc-4 - - namespace: "*" - name: dc-6 - sourceRepos: - - "https://github.com/codesphere-cloud/charts.git" - - "ghcr.io/codesphere-cloud/charts" - roles: - - name: admin - description: Admin privileges to prod - policies: - - p, proj:prod:admin, *, *, */*, allow - groups: - - ops@codesphere.com - - name: read-only - description: Read-only privileges to prod - policies: - - p, proj:prod:read-only, *, get, prod/*, allow - groups: - - development@codesphere.com ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/argoproj.io/appproject_v1alpha1.json -apiVersion: argoproj.io/v1alpha1 -kind: AppProject -metadata: - name: dev - namespace: argocd - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - description: Project containing dev apps - clusterResourceWhitelist: - - group: "*" - kind: "*" - destinations: - - namespace: "codesphere-dev" - name: "*" - - namespace: "*" - name: dc-5 - - namespace: "*" - name: dc-7 - sourceRepos: - - "*" - roles: - - name: admin - description: Admin privileges to dev - policies: - - p, proj:dev:admin, *, *, */*, allow - groups: - - ops@codesphere.com - - development@codesphere.com diff --git a/internal/util/k8s.go b/internal/util/k8s.go index 96c14614..a456010c 100644 --- a/internal/util/k8s.go +++ b/internal/util/k8s.go @@ -66,7 +66,6 @@ func VaultGVR() schema.GroupVersionResource { // gvrMappings maps Kubernetes Kind names to their plural resource names. // New kinds used in embedded templates need a corresponding entry here. var gvrMappings = map[string]string{ - "AppProject": "appprojects", "Vault": "vaults", "ServiceAccount": "serviceaccounts", "Role": "roles", diff --git a/internal/util/k8s_test.go b/internal/util/k8s_test.go index a8a1df9f..cdca1ad7 100644 --- a/internal/util/k8s_test.go +++ b/internal/util/k8s_test.go @@ -133,18 +133,6 @@ var _ = Describe("DenderTemplate", func() { }) var _ = Describe("GvrForUnstructured", func() { - It("returns the correct GVR for AppProject", func() { - obj := &unstructured.Unstructured{} - obj.SetAPIVersion("argoproj.io/v1alpha1") - obj.SetKind("AppProject") - - gvr, err := util.GvrForUnstructured(obj) - Expect(err).ToNot(HaveOccurred()) - Expect(gvr.Group).To(Equal("argoproj.io")) - Expect(gvr.Version).To(Equal("v1alpha1")) - Expect(gvr.Resource).To(Equal("appprojects")) - }) - It("returns the correct GVR for Vault", func() { obj := &unstructured.Unstructured{} obj.SetAPIVersion("vault.banzaicloud.com/v1alpha1")