migrate: applicationsets -> argocd-apps (prod only)

MIGRATION.md

@@ -0,0 +1,43 @@
+# ArgoCD Apps Migration
+
+## Summary
+
+This repository has been converted from `applicationsets/` to `argocd-apps/`.
+
+- Previous model: `ApplicationSet` manifests under `applicationsets/`
+- New model: single `Application` manifests under `argocd-apps/`
+
+`applicationsets/` is now **deprecated** and has been moved to `archive/applicationsets/`.
+
+## What Changed
+
+For each file in `applicationsets/`, an equivalent `Application` was created in `argocd-apps/`.
+
+- API kind changed from `ApplicationSet` to `Application`
+- Existing app name, project, destination server, destination namespace, repo URL, target revision, and sync policy were preserved
+- `syncOptions` includes `CreateNamespace=true`
+- `spec.syncPolicy.automated.prune` is temporarily set to `false` during takeover to avoid accidental deletions
+
+## Environment Values Policy
+
+This repo now references **prod-only** chart values in ArgoCD app definitions.
+
+- `values-int.yaml` is no longer referenced by generated ArgoCD apps
+- Existing `values-int.yaml` files were not deleted
+- Helm apps now read values from `manifests/<app>/values.yaml`
+
+## Archived Legacy Structure
+
+- Old `applicationsets/` files were moved to `archive/applicationsets/`
+- `charts/` and `manifests/` remain active in place
+
+## Required Root App Change
+
+Update your ArgoCD root app (or app-of-apps) to point to `argocd-apps/` instead of `applicationsets/`.
+
+Typical change:
+
+- From: `spec.source.path: applicationsets`
+- To: `spec.source.path: argocd-apps`
+
+Apply and sync the root app after this path update.

archive/applicationsets/dcgm-exporter.yaml

@@ -0,0 +1,23 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: dcgm-exporter
+  namespace: argocd
+spec:
+  project: ai-stack
+  source:
+    repoURL: https://git.dvirlabs.com/dvirlabs/observability-stack.git
+    targetRevision: HEAD
+    path: charts/ollama
+    helm:
+      valueFiles:
+        - ../../manifests/ollama/values.yaml
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: ai-stack
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true

archive/applicationsets/eck-resources.yaml

@@ -0,0 +1,38 @@
+apiVersion: argoproj.io/v1alpha1
+kind: ApplicationSet
+metadata:
+  name: eck-resources
+  namespace: argocd
+spec:
+  generators:
+    - list:
+        elements:
+          - env: prod
+            valuesFile: values-prod.yaml
+            nameSuffix: eck-prod
+            host: kibana.dvirlabs.com
+          - env: int
+            valuesFile: values-int.yaml
+            nameSuffix: eck-int
+            host: kibana-int.dvirlabs.com
+  template:
+    metadata:
+      name: '{{nameSuffix}}'
+    spec:
+      project: observability
+      source:
+        repoURL: https://git.dvirlabs.com/dvirlabs/observability-stack.git
+        targetRevision: master
+        path: charts/eck-resources
+        helm:
+          valueFiles:
+            - my-values/{{valuesFile}}
+      destination:
+        server: https://kubernetes.default.svc
+        namespace: monitoring
+      syncPolicy:
+        automated:
+          prune: true
+          selfHeal: true
+        syncOptions:
+          - CreateNamespace=true

archive/applicationsets/external-secrets-appset.yaml

@@ -0,0 +1,30 @@
+apiVersion: argoproj.io/v1alpha1
+kind: ApplicationSet
+metadata:
+  name: external-secrets-appset
+  namespace: argocd
+spec:
+  generators:
+    - git:
+        repoURL: https://git.dvirlabs.com/dvirlabs/observability-stack.git
+        revision: master
+        directories:
+          - path: manifests/external-secrets
+  template:
+    metadata:
+      name: 'external-secret-{{path.basename}}'
+    spec:
+      project: observability
+      source:
+        repoURL: https://git.dvirlabs.com/dvirlabs/observability-stack.git
+        targetRevision: master
+        path: '{{path}}'
+        directory:
+          recurse: true
+      destination:
+        server: https://kubernetes.default.svc
+        namespace: monitoring
+      syncPolicy:
+        automated:
+          prune: true
+          selfHeal: true

archive/applicationsets/prometheus-scrape-secret.yaml

@@ -0,0 +1,28 @@
+apiVersion: argoproj.io/v1alpha1
+kind: ApplicationSet
+metadata:
+  name: prometheus-scrape-secret
+  namespace: argocd
+spec:
+  generators:
+    - list:
+        elements:
+          - name: prometheus-scrape-secret
+  template:
+    metadata:
+      name: '{{name}}'
+    spec:
+      project: observability
+      source:
+        repoURL: https://git.dvirlabs.com/dvirlabs/observability-stack.git
+        targetRevision: HEAD
+        path: manifests/prometheus-scrape-secret
+      destination:
+        server: https://kubernetes.default.svc
+        namespace: monitoring
+      syncPolicy:
+        automated:
+          prune: true
+          selfHeal: true
+        syncOptions:
+          - CreateNamespace=true

archive/applicationsets/rancher-monitoring-appset.yaml

@@ -0,0 +1,34 @@
+apiVersion: argoproj.io/v1alpha1
+kind: ApplicationSet
+metadata:
+  name: rancher-monitoring-appset
+  namespace: argocd
+spec:
+  generators:
+    - list:
+        elements:
+          - env: prod
+            valuesFile: values-prod.yaml
+            nameSuffix: rancher-monitoring-prod
+            host: grafana.dvirlabs.com
+  template:
+    metadata:
+      name: '{{nameSuffix}}'
+    spec:
+      project: observability
+      source:
+        repoURL: https://git.dvirlabs.com/dvirlabs/observability-stack.git
+        targetRevision: HEAD
+        path: charts/rancher-monitoring
+        helm:
+          valueFiles:
+            - my-values/{{valuesFile}}
+      destination:
+        server: https://kubernetes.default.svc
+        namespace: monitoring
+      syncPolicy:
+        automated:
+          prune: true
+          selfHeal: true
+        syncOptions:
+          - CreateNamespace=true

archive/applicationsets/uptime-kuma.yaml

@@ -0,0 +1,34 @@
+apiVersion: argoproj.io/v1alpha1
+kind: ApplicationSet
+metadata:
+  name: uptime-kuma
+  namespace: argocd
+spec:
+  generators:
+    - list:
+        elements:
+          - env: prod
+            valuesFile: values-prod.yaml
+            nameSuffix: uptime-kuma-prod
+            host: kuma.dvirlabs.com
+  template:
+    metadata:
+      name: '{{nameSuffix}}'
+    spec:
+      project: observability
+      source:
+        repoURL: https://git.dvirlabs.com/dvirlabs/observability-stack.git
+        targetRevision: master
+        path: charts/uptime-kuma
+        helm:
+          valueFiles:
+            - my-values/{{valuesFile}}
+      destination:
+        server: https://kubernetes.default.svc
+        namespace: monitoring
+      syncPolicy:
+        automated:
+          prune: true
+          selfHeal: true
+        syncOptions:
+          - CreateNamespace=true

argocd-apps/dcgm-exporter.yaml

@@ -0,0 +1,23 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: dcgm-exporter
+  namespace: argocd
+spec:
+  project: ai-stack
+  source:
+    repoURL: https://git.dvirlabs.com/dvirlabs/observability-stack.git
+    targetRevision: HEAD
+    path: charts/ollama
+    helm:
+      valueFiles:
+        - ../../manifests/ollama/values.yaml
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: ai-stack
+  syncPolicy:
+    automated:
+      prune: false
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true

argocd-apps/eck-resources.yaml

@@ -0,0 +1,23 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: eck-resources
+  namespace: argocd
+spec:
+  project: observability
+  source:
+    repoURL: https://git.dvirlabs.com/dvirlabs/observability-stack.git
+    targetRevision: HEAD
+    path: charts/eck-resources
+    helm:
+      valueFiles:
+        - ../../manifests/eck-resources/values.yaml
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: monitoring
+  syncPolicy:
+    automated:
+      prune: false
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true

argocd-apps/external-secrets-appset.yaml

@@ -0,0 +1,22 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: external-secrets-appset
+  namespace: argocd
+spec:
+  project: observability
+  source:
+    repoURL: https://git.dvirlabs.com/dvirlabs/observability-stack.git
+    targetRevision: master
+    path: manifests/external-secrets
+    directory:
+      recurse: true
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: monitoring
+  syncPolicy:
+    automated:
+      prune: false
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true

argocd-apps/prometheus-scrape-secret.yaml

@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: prometheus-scrape-secret
+  namespace: argocd
+spec:
+  project: observability
+  source:
+    repoURL: https://git.dvirlabs.com/dvirlabs/observability-stack.git
+    targetRevision: HEAD
+    path: manifests/prometheus-scrape-secret
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: monitoring
+  syncPolicy:
+    automated:
+      prune: false
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true

argocd-apps/rancher-monitoring-appset.yaml

@@ -0,0 +1,23 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: rancher-monitoring-appset
+  namespace: argocd
+spec:
+  project: observability
+  source:
+    repoURL: https://git.dvirlabs.com/dvirlabs/observability-stack.git
+    targetRevision: HEAD
+    path: charts/rancher-monitoring
+    helm:
+      valueFiles:
+        - ../../manifests/rancher-monitoring/values.yaml
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: monitoring
+  syncPolicy:
+    automated:
+      prune: false
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true

argocd-apps/uptime-kuma.yaml

@@ -0,0 +1,23 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: uptime-kuma
+  namespace: argocd
+spec:
+  project: observability
+  source:
+    repoURL: https://git.dvirlabs.com/dvirlabs/observability-stack.git
+    targetRevision: HEAD
+    path: charts/uptime-kuma
+    helm:
+      valueFiles:
+        - ../../manifests/uptime-kuma/values.yaml
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: monitoring
+  syncPolicy:
+    automated:
+      prune: false
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true

manifests/eck-resources/values.yaml

@@ -0,0 +1,3 @@
+enabled: true
+env: prod
+host: kibana.dvirlabs.com

manifests/rancher-monitoring/values.yaml

@@ -0,0 +1,62 @@
+namespaceOverride: monitoring
+
+prometheus:
+  prometheusSpec:
+    serviceMonitorSelectorNilUsesHelmValues: false
+    podMonitorSelectorNilUsesHelmValues: false
+    retention: 10d
+    resources:
+      requests:
+        memory: 400Mi
+        cpu: 200m
+    storageSpec:
+      volumeClaimTemplate:
+        spec:
+          accessModes: ["ReadWriteOnce"]
+          storageClassName: nfs-client
+          resources:
+            requests:
+              storage: 50Gi
+    additionalScrapeConfigsSecret:
+      enabled: true
+      name: prometheus-additional-scrape-configs
+      key: additional-scrape-configs.yaml
+
+grafana:
+  persistence:
+    enabled: true
+    storageClassName: nfs-client
+    accessModes: ["ReadWriteOnce"]
+    size: 2Gi
+
+  ingress:
+    enabled: true
+    hosts:
+      - grafana.dvirlabs.com
+    annotations:
+      cert-manager.io/cluster-issuer: letsencrypt
+    tls:
+      - hosts:
+          - grafana.dvirlabs.com
+        secretName: tls-grafana
+
+  envFromSecret: grafana-oidc-secret
+
+  grafana.ini:
+    server:
+      root_url: https://grafana.dvirlabs.com
+    auth:
+      disable_login_form: true
+      disable_signout_menu: false
+    auth.generic_oauth:
+      enabled: true
+      name: Keycloak
+      allow_sign_up: true
+      client_id: grafana
+      client_secret: ${client_secret}
+      scopes: openid profile email
+      auth_url: https://keycloak.dvirlabs.com/realms/lab/protocol/openid-connect/auth
+      token_url: https://keycloak.dvirlabs.com/realms/lab/protocol/openid-connect/token
+      api_url: https://keycloak.dvirlabs.com/realms/lab/protocol/openid-connect/userinfo
+      role_attribute_path: 'Admin'
+      allow_assign_grafana_admin: true

manifests/uptime-kuma/values.yaml

@@ -0,0 +1,19 @@
+enabled: true
+
+image:
+  tag: "2.0.2"
+
+volume:
+  enabled: true
+  storageClassName: nfs-client
+  accessMode: ReadWriteOnce
+  size: 5Gi
+
+service:
+  type: ClusterIP
+  port: 3001
+
+ingress:
+  enabled: false
+
+replicaCount: 1