diff --git a/argo-cd-apps/base/member/infra-deployments/crossplane-control-plane/crossplane-control-plane.yaml b/argo-cd-apps/base/member/infra-deployments/crossplane-control-plane/crossplane-control-plane.yaml new file mode 100644 index 00000000000..bcb6709a451 --- /dev/null +++ b/argo-cd-apps/base/member/infra-deployments/crossplane-control-plane/crossplane-control-plane.yaml @@ -0,0 +1,50 @@ +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: crossplane-control-plane + labels: + noSourceTransform: "true" +spec: + generators: + - merge: + mergeKeys: + - nameNormalized + generators: + - clusters: + values: + sourceRoot: components/crossplane-control-plane + environment: development + clusterDir: "" + - list: + elements: [] + template: + metadata: + name: crossplane-control-plane-{{nameNormalized}} + spec: + project: default + source: + chart: crossplane + repoURL: https://charts.crossplane.io/stable + targetRevision: 1.18.0 + helm: + values: | + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 1001100001 + runAsUser: 1001100001 + destination: + namespace: crossplane-system + server: '{{server}}' + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + retry: + limit: -1 + backoff: + duration: 10s + factor: 2 + maxDuration: 3m diff --git a/argo-cd-apps/base/member/infra-deployments/crossplane-control-plane/kustomization.yaml b/argo-cd-apps/base/member/infra-deployments/crossplane-control-plane/kustomization.yaml new file mode 100644 index 00000000000..abf9a71bb85 --- /dev/null +++ b/argo-cd-apps/base/member/infra-deployments/crossplane-control-plane/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- crossplane-control-plane.yaml diff --git a/argo-cd-apps/base/member/infra-deployments/crossplane-control-plane/values.yaml b/argo-cd-apps/base/member/infra-deployments/crossplane-control-plane/values.yaml new file mode 100644 index 00000000000..4a89f0cadef --- /dev/null +++ b/argo-cd-apps/base/member/infra-deployments/crossplane-control-plane/values.yaml @@ -0,0 +1,194 @@ +# helm-docs renders these comments into markdown. Use markdown formatting where +# appropiate. +# +# -- The number of Crossplane pod `replicas` to deploy. +replicas: 1 + +# -- The number of Crossplane ReplicaSets to retain. +revisionHistoryLimit: null + +# -- The deployment strategy for the Crossplane and RBAC Manager pods. +deploymentStrategy: RollingUpdate + +image: + # -- Repository for the Crossplane pod image. + repository: xpkg.upbound.io/crossplane/crossplane + # -- The Crossplane image tag. Defaults to the value of `appVersion` in `Chart.yaml`. + tag: "" + # -- The image pull policy used for Crossplane and RBAC Manager pods. + pullPolicy: IfNotPresent + +# -- Add `nodeSelectors` to the Crossplane pod deployment. +nodeSelector: {} +# -- Add `tolerations` to the Crossplane pod deployment. +tolerations: [] +# -- Add `affinities` to the Crossplane pod deployment. +affinity: {} +# -- Add `topologySpreadConstraints` to the Crossplane pod deployment. +topologySpreadConstraints: [] + +# -- Enable `hostNetwork` for the Crossplane deployment. Caution: enabling `hostNetwork` grants the Crossplane Pod access to the host network namespace. Consider setting `dnsPolicy` to `ClusterFirstWithHostNet`. +hostNetwork: false + +# -- Specify the `dnsPolicy` to be used by the Crossplane pod. +dnsPolicy: "" + +# -- Add custom `labels` to the Crossplane pod deployment. +customLabels: {} + +# -- Add custom `annotations` to the Crossplane pod deployment. +customAnnotations: {} + +serviceAccount: + # -- Add custom `annotations` to the Crossplane ServiceAccount. + customAnnotations: {} + +# -- Enable [leader election](https://docs.crossplane.io/latest/concepts/pods/#leader-election) for the Crossplane pod. +leaderElection: true +# -- Add custom arguments to the Crossplane pod. +args: [] + +provider: + # -- A list of Provider packages to install. + packages: [] + +configuration: + # -- A list of Configuration packages to install. + packages: [] + +function: + # -- A list of Function packages to install + packages: [] + +# -- The imagePullSecret names to add to the Crossplane ServiceAccount. +imagePullSecrets: [] + +registryCaBundleConfig: + # -- The ConfigMap name containing a custom CA bundle to enable fetching packages from registries with unknown or untrusted certificates. + name: "" + # -- The ConfigMap key containing a custom CA bundle to enable fetching packages from registries with unknown or untrusted certificates. + key: "" + +service: + # -- Configure annotations on the service object. Only enabled when webhooks.enabled = true + customAnnotations: {} + +webhooks: + # -- Enable webhooks for Crossplane and installed Provider packages. + enabled: true + +rbacManager: + # -- Deploy the RBAC Manager pod and its required roles. + deploy: true + # -- Don't install aggregated Crossplane ClusterRoles. + skipAggregatedClusterRoles: false + # -- The number of RBAC Manager pod `replicas` to deploy. + replicas: 1 + # -- The number of RBAC Manager ReplicaSets to retain. + revisionHistoryLimit: null + # -- Enable [leader election](https://docs.crossplane.io/latest/concepts/pods/#leader-election) for the RBAC Manager pod. + leaderElection: true + # -- Add custom arguments to the RBAC Manager pod. + args: [] + # -- Add `nodeSelectors` to the RBAC Manager pod deployment. + nodeSelector: {} + # -- Add `tolerations` to the RBAC Manager pod deployment. + tolerations: [] + # -- Add `affinities` to the RBAC Manager pod deployment. + affinity: {} + # -- Add `topologySpreadConstraints` to the RBAC Manager pod deployment. + topologySpreadConstraints: [] + +# -- The PriorityClass name to apply to the Crossplane and RBAC Manager pods. +priorityClassName: "" + +resourcesCrossplane: + limits: + # -- CPU resource limits for the Crossplane pod. + cpu: 500m + # -- Memory resource limits for the Crossplane pod. + memory: 1024Mi + requests: + # -- CPU resource requests for the Crossplane pod. + cpu: 100m + # -- Memory resource requests for the Crossplane pod. + memory: 256Mi + +securityContextCrossplane: + # -- The user ID used by the Crossplane pod. + runAsUser: 1001100001 + # -- The group ID used by the Crossplane pod. + runAsGroup: 1001100001 + # -- Enable `allowPrivilegeEscalation` for the Crossplane pod. + allowPrivilegeEscalation: false + # -- Set the Crossplane pod root file system as read-only. + readOnlyRootFilesystem: true + +packageCache: + # -- Set to `Memory` to hold the package cache in a RAM backed file system. Useful for Crossplane development. + medium: "" + # -- The size limit for the package cache. If medium is `Memory` the `sizeLimit` can't exceed Node memory. + sizeLimit: 20Mi + # -- The name of a PersistentVolumeClaim to use as the package cache. Disables the default package cache `emptyDir` Volume. + pvc: "" + # -- The name of a ConfigMap to use as the package cache. Disables the default package cache `emptyDir` Volume. + configMap: "" + +resourcesRBACManager: + limits: + # -- CPU resource limits for the RBAC Manager pod. + cpu: 100m + # -- Memory resource limits for the RBAC Manager pod. + memory: 512Mi + requests: + # -- CPU resource requests for the RBAC Manager pod. + cpu: 100m + # -- Memory resource requests for the RBAC Manager pod. + memory: 256Mi + +securityContextRBACManager: + # -- The user ID used by the RBAC Manager pod. + runAsUser: 1001100001 + # -- The group ID used by the RBAC Manager pod. + runAsGroup: 1001100001 + # -- Enable `allowPrivilegeEscalation` for the RBAC Manager pod. + allowPrivilegeEscalation: false + # -- Set the RBAC Manager pod root file system as read-only. + readOnlyRootFilesystem: true + +metrics: + # -- Enable Prometheus path, port and scrape annotations and expose port 8080 for both the Crossplane and RBAC Manager pods. + enabled: false + +# -- Add custom environmental variables to the Crossplane pod deployment. +# Replaces any `.` in a variable name with `_`. For example, `SAMPLE.KEY=value1` becomes `SAMPLE_KEY=value1`. +extraEnvVarsCrossplane: {} + +# -- Add custom environmental variables to the RBAC Manager pod deployment. +# Replaces any `.` in a variable name with `_`. For example, `SAMPLE.KEY=value1` becomes `SAMPLE_KEY=value1`. +extraEnvVarsRBACManager: {} + +# -- Add a custom `securityContext` to the Crossplane pod. +podSecurityContextCrossplane: {} + +# -- Add a custom `securityContext` to the RBAC Manager pod. +podSecurityContextRBACManager: {} + +# -- Add custom `volumes` to the Crossplane pod. +extraVolumesCrossplane: {} + +# -- Add custom `volumeMounts` to the Crossplane pod. +extraVolumeMountsCrossplane: {} + +# -- To add arbitrary Kubernetes Objects during a Helm Install +extraObjects: [] + # - apiVersion: pkg.crossplane.io/v1alpha1 + # kind: ControllerConfig + # metadata: + # name: aws-config + # annotations: + # eks.amazonaws.com/role-arn: arn:aws:iam::123456789101:role/example + # helm.sh/hook: post-install + # spec: + # podSecurityContext: + # fsGroup: 2000 diff --git a/argo-cd-apps/base/member/infra-deployments/kustomization.yaml b/argo-cd-apps/base/member/infra-deployments/kustomization.yaml index e7b5e19cecf..172eab6f6a8 100644 --- a/argo-cd-apps/base/member/infra-deployments/kustomization.yaml +++ b/argo-cd-apps/base/member/infra-deployments/kustomization.yaml @@ -26,5 +26,6 @@ resources: - workspaces - proactive-scaler - knative-eventing + - crossplane-control-plane components: - ../../../k-components/inject-infra-deployments-repo-details diff --git a/argo-cd-apps/overlays/development/kustomization.yaml b/argo-cd-apps/overlays/development/kustomization.yaml index fb9292f6c99..6c4cc9ebaca 100644 --- a/argo-cd-apps/overlays/development/kustomization.yaml +++ b/argo-cd-apps/overlays/development/kustomization.yaml @@ -184,3 +184,8 @@ patches: kind: ApplicationSet version: v1alpha1 name: knative-eventing + - path: development-overlay-patch.yaml + target: + kind: ApplicationSet + version: v1alpha1 + name: crossplane-control-plane diff --git a/components/crossplane-control-plane/OWNERS b/components/crossplane-control-plane/OWNERS new file mode 100644 index 00000000000..c48b430530f --- /dev/null +++ b/components/crossplane-control-plane/OWNERS @@ -0,0 +1,9 @@ +# See the OWNERS docs: https://go.k8s.io/owners + +approvers: +- gbenhaim +- avi-biton +- amisstea +- yftacherzog +- ifireball +- hmariset diff --git a/components/crossplane-control-plane/base/kustomization.yaml b/components/crossplane-control-plane/base/kustomization.yaml new file mode 100644 index 00000000000..aafe508b810 --- /dev/null +++ b/components/crossplane-control-plane/base/kustomization.yaml @@ -0,0 +1,5 @@ +resources: +- ns.yaml + +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization diff --git a/components/crossplane-control-plane/base/ns.yaml b/components/crossplane-control-plane/base/ns.yaml new file mode 100644 index 00000000000..f704ee0a576 --- /dev/null +++ b/components/crossplane-control-plane/base/ns.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: crossplane-connections diff --git a/components/crossplane-control-plane/base/settings.yaml b/components/crossplane-control-plane/base/settings.yaml new file mode 100644 index 00000000000..37132962ff2 --- /dev/null +++ b/components/crossplane-control-plane/base/settings.yaml @@ -0,0 +1,6 @@ +securityContextCrossplane: + runAsUser: null + runAsGroup: null +securityContextRBACManager: + runAsUser: null + runAsGroup: null \ No newline at end of file diff --git a/components/crossplane-control-plane/development/kustomization.yaml b/components/crossplane-control-plane/development/kustomization.yaml new file mode 100644 index 00000000000..5da221fe313 --- /dev/null +++ b/components/crossplane-control-plane/development/kustomization.yaml @@ -0,0 +1,5 @@ +resources: +- ../base + +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization diff --git a/components/crossplane-control-plane/production/kustomization.yaml b/components/crossplane-control-plane/production/kustomization.yaml new file mode 100644 index 00000000000..5da221fe313 --- /dev/null +++ b/components/crossplane-control-plane/production/kustomization.yaml @@ -0,0 +1,5 @@ +resources: +- ../base + +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization diff --git a/components/crossplane-control-plane/staging/kustomization.yaml b/components/crossplane-control-plane/staging/kustomization.yaml new file mode 100644 index 00000000000..5da221fe313 --- /dev/null +++ b/components/crossplane-control-plane/staging/kustomization.yaml @@ -0,0 +1,5 @@ +resources: +- ../base + +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization