Adds template for cluster and project sets

system/argocd/argoset/clusterSet.yaml

@@ -0,0 +1,34 @@
+apiVersion: argoproj.io/v1alpha1
+kind: ApplicationSet
+metadata:
+  name: ClusterSet
+  namespace: argocd
+spec:
+  goTemplate: true
+  goTemplateOptions: ["missingkey=error"]
+  generators:
+  - clusters: {}
+  template:
+    metadata:
+      name: '{{.name}}'
+    spec:
+      project: "management"
+      source:
+        repoURL: https://github.com/ClubCedille/k8s-management/
+        targetRevision: HEAD
+        path: argocd/appset
+      destination:
+        server: https://kubernetes.default.svc
+        namespace: management
+      kustomize:
+        patches:
+        - patch: |-
+          apiVersion: argoproj.io/v1alpha1
+          kind: Application
+          spec:
+            project: '{{.name}}'
+        - patch: |-
+          apiVersion: argoproj.io/v1alpha1
+          kind: AppProject
+          metadata:
+            name: '{{.name}}'

system/argocd/argoset/projectSet.yaml

@@ -0,0 +1,50 @@
+apiVersion: argoproj.io/v1alpha1
+kind: AppProject
+metadata:
+  name: management
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  description: ''
+  sourceRepos:
+    - '*'
+  destinations:
+    - namespace: ''
+      server: https://kubernetes.default.svc
+  # Deny all cluster-scoped resources from being created, except for Namespace
+  # clusterResourceWhitelist:
+  # - group: ''
+  #   kind: Namespace
+  # Allow all namespaced-scoped resources to be created, except for ResourceQuota, LimitRange, NetworkPolicy
+  # namespaceResourceBlacklist:
+  # - group: ''
+  #   kind: ResourceQuota
+  # - group: ''
+  #   kind: LimitRange
+  # - group: ''
+  #   kind: NetworkPolicy
+  # # Deny all namespaced-scoped resources from being created, except for Deployment and StatefulSet
+  # namespaceResourceWhitelist:
+  # - group: 'apps'
+  #   kind: Deployment
+  # - group: 'apps'
+  #   kind: StatefulSet
+  # roles:
+  # # A role which provides read-only access to all applications in the project
+  # - name: read-only
+  #   description: Read-only privileges to my-project
+  #   policies:
+  #   - p, proj:my-project:read-only, applications, get, my-project/*, allow
+  #   groups:
+  #   - my-oidc-group
+  # # A role which provides sync privileges to only the guestbook-dev application, e.g. to provide
+  # # sync privileges to a CI system
+  # - name: ci-role
+  #   description: Sync privileges for guestbook-dev
+  #   policies:
+  #   - p, proj:my-project:ci-role, applications, sync, my-project/guestbook-dev, allow
+  #   # NOTE: JWT tokens can only be generated by the API server and the token is not persisted
+  #   # anywhere by Argo CD. It can be prematurely revoked by removing the entry from this list.
+  #   jwtTokens:
+  #   - iat: 1535390316

system/argocd/kustomization.yaml

@@ -2,4 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
 resources:
-  - argocd-app.yaml
+  - argocd-app.yaml
+  - argoset/clusterSet.yaml
+  - argoset/projectSet.yaml