get changes from upstream

.github/workflows/check-signed.yml

@@ -0,0 +1,14 @@
+---
+name: Validate if commits in PR are signed
+on: pull_request
+
+jobs:
+  signed-commits-check:
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: Check out code
+        uses: actions/[email protected]
+
+      - name: Check signed commits in PR
+        uses: 1Password/check-signed-commits-action@v1

.github/workflows/terraform.yml

@@ -8,10 +8,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
+
       - name: Setup Terraform
         uses: hashicorp/setup-terraform@v2
-        with:
-          terraform_version: 1.3.8
+
       - name: Terraform fmt
-        id: fmt
-        run: terraform fmt -check
+        run: |
+          terraform fmt -check -recursive .

.gitignore

@@ -3,6 +3,8 @@
 **/.terraform/
 **/.terraform.lock.hcl
 **/terraform.tfstate
+*/**/terraform.tfstate.backup
+.plugin-cache/*
 .vscode
 .DS_Store
 deprecated-*

Makefile

@@ -0,0 +1,17 @@
+default: help
+
+.PHONY: help
+help: ## print targets and their descrptions
+	@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
+
+.PHONY: fmt
+fmt: ## terraform fmt
+	terraform fmt -recursive -write .
+
+.PHONY: validate
+validate: ## terraform validate
+	@for dir in $(shell find . -name "*.tf" -not -path "*.terraform*" -printf '%h ' | uniq); do \
+		echo "====> $$dir"; \
+		terraform -chdir=$$dir init -backend=false || exit 1; \
+		terraform -chdir=$$dir validate || exit 1; \
+	done

akamai-github/atlantis.yaml

@@ -0,0 +1,23 @@
+version: 3
+automerge: true
+projects:
+  - dir: terraform/<CLOUD_PROVIDER>
+    terraform_version: 1.3.8
+    autoplan:
+      enabled: true
+      when_modified: ['**/*.tf', '*.tf*']
+  - dir: terraform/<GIT_PROVIDER>
+    terraform_version: 1.3.8
+    autoplan:
+      enabled: true
+      when_modified: ['**/*.tf', '*.tf*']
+  - dir: terraform/users
+    terraform_version: 1.3.8
+    autoplan:
+      enabled: true
+      when_modified: ['**/*.tf', '**/modules/*.tf', '**/admins/*.tf', '**/developers/*.tf', '*.tf*']
+  - dir: terraform/vault
+    terraform_version: 1.3.8
+    autoplan:
+      enabled: true
+      when_modified: ['**/*.tf', '*.tf*']

akamai-github/registry/environments/development/metaphor.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: development-environment-metaphor
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+  annotations:
+    argocd.argoproj.io/sync-wave: '45'
+spec:
+  project: default
+  source:
+    repoURL: <GITOPS_REPO_URL>
+    path: registry/environments/development/metaphor
+    targetRevision: HEAD
+  destination:
+    name: <WORKLOAD_CLUSTER_NAME>
+    namespace: development
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true

vultr-gitlab/cluster-types/mgmt/components/development/metaphor/Chart.yaml → akamai-github/registry/environments/development/metaphor/Chart.yaml

@@ -2,8 +2,8 @@ apiVersion: v2
 dependencies:
   - name: metaphor
     repository: http://chartmuseum.chartmuseum.svc.cluster.local:8080
-    version: 0.1.0
+    version: 0.0.1-rc.awaiting-ci
 description: metaphor example application
-name: metaphor-development
+name: metaphor
 type: application
 version: 1.0.0

akamai-github/registry/environments/development/metaphor/values.yaml

@@ -0,0 +1,36 @@
+metaphor:
+  annotations: |
+    linkerd.io/inject: "enabled"
+  labels: |
+    mirror.linkerd.io/exported: "true"
+  image:
+    repository: <CONTAINER_REGISTRY_URL>/metaphor
+  imagePullSecrets:
+    - name: docker-config
+  ingress:
+    className: nginx
+    enabled: true
+    annotations:
+      <CERT_MANAGER_ISSUER_ANNOTATION_1>
+      <CERT_MANAGER_ISSUER_ANNOTATION_2>
+      <CERT_MANAGER_ISSUER_ANNOTATION_3>
+      <CERT_MANAGER_ISSUER_ANNOTATION_4>
+      nginx.ingress.kubernetes.io/service-upstream: "true"
+    hosts:
+      - host: metaphor-development.<DOMAIN_NAME>
+        paths:
+          - path: /
+            pathType: Prefix
+    tls:
+      - secretName: metaphor-tls
+        hosts:
+          - metaphor-development.<DOMAIN_NAME>
+  metaphor:
+    host: https://metaphor-development.<DOMAIN_NAME>/api
+    console: https://kubefirst.<DOMAIN_NAME>
+
+  clusterSecretStoreName: <WORKLOAD_CLUSTER_NAME>-vault-kv-secret
+  vaultSecretPath: <WORKLOAD_CLUSTER_NAME>/metaphor
+  configs:
+    configOne: <WORKLOAD_CLUSTER_NAME>-config-one
+    configTwo: <WORKLOAD_CLUSTER_NAME>-config-two

akamai-github/registry/environments/production/metaphor.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: production-environment-metaphor
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+  annotations:
+    argocd.argoproj.io/sync-wave: '45'
+spec:
+  project: default
+  source:
+    repoURL: <GITOPS_REPO_URL>
+    path: registry/environments/production/metaphor
+    targetRevision: HEAD
+  destination:
+    name: <WORKLOAD_CLUSTER_NAME>
+    namespace: production
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true

vultr-gitlab/cluster-types/mgmt/components/production/metaphor/Chart.yaml → akamai-github/registry/environments/production/metaphor/Chart.yaml

@@ -2,8 +2,8 @@ apiVersion: v2
 dependencies:
   - name: metaphor
     repository: http://chartmuseum.chartmuseum.svc.cluster.local:8080
-    version: 0.1.0
+    version: 0.0.1-rc.awaiting-ci
 description: metaphor example application
-name: metaphor-production
+name: metaphor
 type: application
 version: 1.0.0

akamai-github/registry/environments/production/metaphor/values.yaml

@@ -0,0 +1,36 @@
+metaphor:
+  annotations: |
+    linkerd.io/inject: "enabled"
+  labels: |
+    mirror.linkerd.io/exported: "true"
+  image:
+    repository: <CONTAINER_REGISTRY_URL>/metaphor
+  imagePullSecrets:
+    - name: docker-config
+  ingress:
+    className: nginx
+    enabled: true
+    annotations:
+      <CERT_MANAGER_ISSUER_ANNOTATION_1>
+      <CERT_MANAGER_ISSUER_ANNOTATION_2>
+      <CERT_MANAGER_ISSUER_ANNOTATION_3>
+      <CERT_MANAGER_ISSUER_ANNOTATION_4>
+      nginx.ingress.kubernetes.io/service-upstream: "true"
+    hosts:
+      - host: metaphor-production.<DOMAIN_NAME>
+        paths:
+          - path: /
+            pathType: Prefix
+    tls:
+      - secretName: metaphor-tls
+        hosts:
+          - metaphor-production.<DOMAIN_NAME>
+  metaphor:
+    host: https://metaphor-production.<DOMAIN_NAME>/api
+    console: https://kubefirst.<DOMAIN_NAME>
+
+  clusterSecretStoreName: <WORKLOAD_CLUSTER_NAME>-vault-kv-secret
+  vaultSecretPath: <WORKLOAD_CLUSTER_NAME>/metaphor
+  configs:
+    configOne: <WORKLOAD_CLUSTER_NAME>-config-one
+    configTwo: <WORKLOAD_CLUSTER_NAME>-config-two

akamai-github/registry/environments/staging/metaphor.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: staging-environment-metaphor
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+  annotations:
+    argocd.argoproj.io/sync-wave: '45'
+spec:
+  project: default
+  source:
+    repoURL: <GITOPS_REPO_URL>
+    path: registry/environments/staging/metaphor
+    targetRevision: HEAD
+  destination:
+    name: <WORKLOAD_CLUSTER_NAME>
+    namespace: staging
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true

vultr-gitlab/cluster-types/mgmt/components/staging/metaphor/Chart.yaml → akamai-github/registry/environments/staging/metaphor/Chart.yaml

@@ -2,8 +2,8 @@ apiVersion: v2
 dependencies:
   - name: metaphor
     repository: http://chartmuseum.chartmuseum.svc.cluster.local:8080
-    version: 0.1.0
+    version: 0.0.1-rc.awaiting-ci
 description: metaphor example application
-name: metaphor-staging
+name: metaphor
 type: application
 version: 1.0.0

akamai-github/registry/environments/staging/metaphor/values.yaml

@@ -0,0 +1,36 @@
+metaphor:
+  annotations: |
+    linkerd.io/inject: "enabled"
+  labels: |
+    mirror.linkerd.io/exported: "true"
+  image:
+    repository: <CONTAINER_REGISTRY_URL>/metaphor
+  imagePullSecrets:
+    - name: docker-config
+  ingress:
+    className: nginx
+    enabled: true
+    annotations:
+      <CERT_MANAGER_ISSUER_ANNOTATION_1>
+      <CERT_MANAGER_ISSUER_ANNOTATION_2>
+      <CERT_MANAGER_ISSUER_ANNOTATION_3>
+      <CERT_MANAGER_ISSUER_ANNOTATION_4>
+      nginx.ingress.kubernetes.io/service-upstream: "true"
+    hosts:
+      - host: metaphor-staging.<DOMAIN_NAME>
+        paths:
+          - path: /
+            pathType: Prefix
+    tls:
+      - secretName: metaphor-tls
+        hosts:
+          - metaphor-staging.<DOMAIN_NAME>
+  metaphor:
+    host: https://metaphor-staging.<DOMAIN_NAME>/api
+    console: https://kubefirst.<DOMAIN_NAME>
+
+  clusterSecretStoreName: <WORKLOAD_CLUSTER_NAME>-vault-kv-secret
+  vaultSecretPath: <WORKLOAD_CLUSTER_NAME>/metaphor
+  configs:
+    configOne: <WORKLOAD_CLUSTER_NAME>-config-one
+    configTwo: <WORKLOAD_CLUSTER_NAME>-config-two

akamai-github/templates/mgmt/actions-runner-controller.yaml

@@ -0,0 +1,31 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: actions-runner-controller-components
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: '50'
+spec:
+  project: default
+  source:
+    repoURL: <GITOPS_REPO_URL>
+    path: registry/clusters/<CLUSTER_NAME>/components/actions-runner-controller
+    targetRevision: HEAD
+  destination:
+    name: in-cluster
+    namespace: github-runner
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+      - ApplyOutOfSyncOnly=true
+      - Replace=true
+      - PruneLast=true
+    retry:
+      limit: 5
+      backoff:
+        duration: 5s
+        maxDuration: 5m0s
+        factor: 2

akamai-github/templates/mgmt/appprojects.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: argocd-projects
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+  annotations:
+    argocd.argoproj.io/sync-wave: '0'
+spec:
+  project: default
+  source:
+    repoURL: <GITOPS_REPO_URL>
+    path: registry/clusters/<CLUSTER_NAME>/components/argocd-appprojects
+    targetRevision: HEAD
+  destination:
+    name: in-cluster
+    namespace: argocd
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true

vultr-gitlab/cluster-types/mgmt/argo-workflows.yaml → akamai-github/templates/mgmt/argo-workflows.yaml

@@ -9,10 +9,10 @@ spec:
   project: default
   source:
     repoURL: <GITOPS_REPO_URL>
-    path: registry/<CLUSTER_NAME>/components/argo-workflows
+    path: registry/clusters/<CLUSTER_NAME>/components/argo-workflows
     targetRevision: HEAD
   destination:
-    server: https://kubernetes.default.svc
+    name: in-cluster
     namespace: argo
   syncPolicy:
     automated: