feat(Argo CD): Switch to Helm chart

infra/argocd/argocd-cm-cmp-kustomize-build-with-helm.yaml

@@ -1,14 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: argocd-cm-cmp-kustomize-build-with-helm
-data:
-  kustomize-build-with-helm.yaml: |
-    apiVersion: argoproj.io/v1alpha1
-    kind: ConfigManagementPlugin
-    metadata:
-      name: kustomize-build-with-helm
-    spec:
-      generate:
-        command: [ "sh", "-c" ]
-        args: [ "kustomize build --enable-helm" ]

infra/argocd/auth/kustomization.yaml

@@ -0,0 +1,14 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: argocd
+
+helmGlobals:
+  chartHome: ../../../charts
+
+helmCharts:
+  - name: application
+    releaseName: auth
+    valuesFile: auth-values.yaml
+
+resources:
+  - traefik-forward-auth-secrets.yaml

infra/argocd/kustomization.yaml

@@ -1,31 +1,15 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
-namespace: argocd
-
-helmGlobals:
-  chartHome: ../../charts
-
-helmCharts:
-  - name: application
-    releaseName: auth
-    valuesFile: auth-values.yaml
 
 resources:
-  - namespace.yaml
-  - traefik-forward-auth-secrets.yaml
-  - https://raw.githubusercontent.com/argoproj/argo-cd/v2.10.0/manifests/install.yaml
-  - ingress.yaml
-  - argocd-cm-cmp-kustomize-build-with-helm.yaml
+  - ns.yaml
+  - ingress-route.yaml
+  - auth
 
-patches:
-  # Copy binaries from ArgoCD-image
-  - path: patches/argocd-repo-copyutil-patch.yaml
-  # Plugin to enable Kustomize with Helm
-  - path: patches/argocd-repo-server-plugin-sidecar-patch.yaml
-#  # Ignore CiliumIdentity CRDs
-#  - path: patches/argocd-cm-resource-exclusion-cilium-identity-patch.yaml
-  # Configure tracking method to annotation
-  # https://argo-cd.readthedocs.io/en/stable/user-guide/resource_tracking/#additional-tracking-methods-via-an-annotation
-  - path: patches/argocd-cm-tracking-method-annotation.yaml
-  # Traefik handles TLS
-  - path: patches/argocd-cmd-params-cm-server-insecure-patch.yaml
+helmCharts:
+  - name: argo-cd
+    repo: https://argoproj.github.io/argo-helm
+    version: 6.0.6
+    releaseName: "argocd"
+    namespace: argocd
+    valuesFile: values.yaml

infra/argocd/patches/argocd-cm-resource-exclusion-cilium-identity-patch.yaml

@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: argocd-cm
-data:
-  resource.exclusions: |
-    - apiGroups:
-        - cilium.io
-      kinds:
-        - CiliumIdentity
-      clusters:
-        - "*"

infra/argocd/patches/argocd-cm-tracking-method-annotation.yaml

@@ -1,6 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: argocd-cm
-data:
-  application.resourceTrackingMethod: "annotation"

infra/argocd/patches/argocd-cmd-params-cm-server-insecure-patch.yaml

@@ -1,7 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: argocd-cmd-params-cm
-data:
-  # Traefik handles TLS
-  server.insecure: "true"

infra/argocd/patches/argocd-repo-copyutil-patch.yaml

@@ -1,16 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: argocd-repo-server
-spec:
-  template:
-    spec:
-      initContainers:
-        - name: copyutil
-          command: [ /bin/bash ]
-          args:
-            - -c
-            - >-
-              /bin/cp -n /usr/local/bin/argocd /var/run/argocd/argocd-cmp-server &&
-              /bin/cp -n /usr/local/bin/kustomize /var/run/argocd/kustomize &&
-              /bin/cp -n /usr/local/bin/helm /var/run/argocd/helm

infra/argocd/patches/argocd-repo-server-plugin-sidecar-patch.yaml

@@ -1,34 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: argocd-repo-server
-spec:
-  template:
-    spec:
-      containers:
-        - name: kustomize-build-with-helm
-          env:
-            - name: PATH
-              value: "/var/run/argocd:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
-          command:
-            - argocd-cmp-server
-          image: alpine/git:2.40.1
-          securityContext:
-            runAsNonRoot: true
-            runAsUser: 999
-          volumeMounts:
-            - name: var-files
-              mountPath: /var/run/argocd
-            - name: plugins
-              mountPath: /home/argocd/cmp-server/plugins
-            - name: cmp-kustomize-build-with-helm
-              mountPath: /home/argocd/cmp-server/config/plugin.yaml
-              subPath: kustomize-build-with-helm.yaml
-            - mountPath: /tmp
-              name: cmp-tmp
-      volumes:
-        - name: cmp-kustomize-build-with-helm
-          configMap:
-            name: argocd-cm-cmp-kustomize-build-with-helm
-        - name: cmp-tmp
-          emptyDir: { }

infra/argocd/values.yaml

@@ -0,0 +1,43 @@
+configs:
+  cm:
+    create: true
+    application.resourceTrackingMethod: "annotation+label"
+  cmp:
+    create: true
+    plugins:
+      kustomize-build-with-helm:
+        generate:
+          command: [ "sh", "-c" ]
+          args: [ "kustomize build --enable-helm" ]
+  params:
+    server.insecure: true
+
+crds:
+  install: true
+  # -- Keep CRDs on chart uninstall
+  keep: false
+
+repoServer:
+  extraContainers:
+    - name: kustomize-build-with-helm
+      command:
+        - argocd-cmp-server
+      image: '{{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.repoServer.image.tag }}'
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 999
+      volumeMounts:
+        - name: plugins
+          mountPath: /home/argocd/cmp-server/plugins
+        - name: cmp-kustomize-build-with-helm
+          mountPath: /home/argocd/cmp-server/config/plugin.yaml
+          subPath: kustomize-build-with-helm.yaml
+        - mountPath: /tmp
+          name: cmp-tmp
+  volumes:
+    - name: cmp-kustomize-build-with-helm
+      configMap:
+        name: argocd-cmp-cm
+    - name: cmp-tmp
+      emptyDir: { }
+