Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: refactor avp setup #426

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

chore: refactor avp setup #426

wants to merge 1 commit into from

Conversation

carslen
Copy link
Contributor

@carslen carslen commented Oct 26, 2023

AVP setup has been refactored to get ENVs in sync again. STABLE Env had a different, simplified AVP setup to support the limitation introduced to the STABLE env.

With this AVP setup the kustomize-helm avp plugin has been removed, as we're not using it anymore (although there seems to be a leftover, see also eclipse-tractusx/sig-infra#322).

This AVP Setup has been tested 2 ways:

Simple condition checking

The condition checking was done using this simple sh script:

#!/usr/bin/env sh

cd ../kube-prometheus-stack # here we have kustomization.yaml and values.yaml
pwd

#ARGOCD_ENV_helm_args=" "
#ARGOCD_ENV_HELM_VALUES=" "

if [ -n "$(find . -name 'Chart.yaml')" ] && # if find output is nonzero
   [ -n "$(find . -name 'values.yaml')" ] && # if find output is nonzero
   [ -n "${ARGOCD_ENV_helm_args}" ]; # if var ARGOCD_ENV_helm_args is defined and nonzero
then
  echo "ARGOCD_ENV_helm_args!"
fi

if [ -n "$(find . -name 'Chart.yaml')" ] &&
   [ -n "$(find . -name 'values.yaml')" ] &&
   [ -n "${ARGOCD_ENV_HELM_VALUES}" ];
then
  echo "ARGOCD_ENV_HELM_VALUES"
fi

if [ -n "$(find . -name 'kustomization.yaml')" ] &&
   [ -z "$(find . -name 'Chart.yaml')" ] &&
   [ -z "$(find . -name 'values.yaml')" ];
then
  echo "KUSTOMIZE"
fi

if [ -z "${ARGOCD_ENV_helm_args}" ] &&
   [ -z "${ARGOCD_ENV_HELM_VALUES}" ] &&
   [ -z "$(find . -name 'kustomization.yaml')" ] &&
   [ -n "$(find . -name '*.yaml' -0 | xargs -I {} grep '<path\|avp\.kubernetes\.io' {})" ];
then
  echo "PLAIN_AVP"
fi

After successful testing the condition checks have been applied to the ArgoCD Vault Pluging discovery sections.

Testing on DevSecOps Cluster

This AVP setup has been applied to DevSecOps-Testing cluster manually editing the cmp-plugin configMap, and the argocd-repo-server deployment.

To test two ArgoCD Applications have been deployed, one using HELM_VALUES like it's applied on STABLE env, and one using helm_args as the teams are used to it on DEV/INT environment.

For HELM_VALUES testing the Portal ArgoCD App was used with ingress set to false and changed URLs to avoid side effects to existing deployments.

For helm_args testing one of my AVP demo charts was used.

Both ArgoCD apps deployed as expected and gathered the secrets from Vault.

@carslen
chore: refactor avp setup
7509a7f 
AVP setup has been refactored to get ENVs in sync again. STABLE Env had a different, simplified AVP setup to support the limitation introduced to the STABLE env.

With this AVP setup the kustomize-helm avp plugin has been removed, as we're not using it anymore (although there seems to be a leftover, see also eclipse-tractusx/sig-infra#322).

This AVP Setup has been tested 2 ways:

### Simple condition checking

The condition checking was done using this simple sh script:

```shell
#!/usr/bin/env sh

cd ../kube-prometheus-stack # here we have kustomization.yaml and values.yaml
pwd

#ARGOCD_ENV_helm_args=" "
#ARGOCD_ENV_HELM_VALUES=" "

if [ -n "$(find . -name 'Chart.yaml')" ] && # if find output is nonzero
   [ -n "$(find . -name 'values.yaml')" ] && # if find output is nonzero
   [ -n "${ARGOCD_ENV_helm_args}" ]; # if var ARGOCD_ENV_helm_args is defined and nonzero
then
  echo "ARGOCD_ENV_helm_args!"
fi

if [ -n "$(find . -name 'Chart.yaml')" ] &&
   [ -n "$(find . -name 'values.yaml')" ] &&
   [ -n "${ARGOCD_ENV_HELM_VALUES}" ];
then
  echo "ARGOCD_ENV_HELM_VALUES"
fi

if [ -n "$(find . -name 'kustomization.yaml')" ] &&
   [ -z "$(find . -name 'Chart.yaml')" ] &&
   [ -z "$(find . -name 'values.yaml')" ];
then
  echo "KUSTOMIZE"
fi

if [ -z "${ARGOCD_ENV_helm_args}" ] &&
   [ -z "${ARGOCD_ENV_HELM_VALUES}" ] &&
   [ -z "$(find . -name 'kustomization.yaml')" ] &&
   [ -n "$(find . -name '*.yaml' -0 | xargs -I {} grep '<path\|avp\.kubernetes\.io' {})" ];
then
  echo "PLAIN_AVP"
fi
```

After successful testing the condition checks have been applied to the ArgoCD Vault Pluging discovery sections.

### Testing on DevSecOps Cluster

This AVP setup has been applied to DevSecOps-Testing cluster manually editing the `cmp-plugin` configMap, and the `argocd-repo-server` deployment.

To test two ArgoCD Applications have been deployed, one using `HELM_VALUES` like it's applied on STABLE env, and one using `helm_args` as the teams are used to it on DEV/INT environment.

For `HELM_VALUES` testing the Portal ArgoCD App was used with ingress set to `false` and changed URLs to avoid side effects to existing deployments.

For `helm_args` testing one of my AVP demo charts was used.

Both ArgoCD apps deployed as expected and gathered the secrets from Vault.
SebastianBezold
SebastianBezold approved these changes Oct 26, 2023
View reviewed changes
Copy link
Contributor

@SebastianBezold SebastianBezold left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A bit hard to verify, just by looking at the conditions, but trusting in your test effort 😁

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SebastianBezold SebastianBezold SebastianBezold approved these changes

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@carslen @SebastianBezold