Revert manifests removal (#639)

* Revert "Remove unused manifests (#638)"

This reverts commit a9c1e99.

* fix version

Author: danielm-codefresh

manifests/app-proxy/app-proxy.cm.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cap-app-proxy-cm
+data:
+  argoCdUsername: admin
+  argoCdInsecure: "true"

manifests/app-proxy/app-proxy.crb.yaml

@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: cap-app-proxy-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: argo-server-cluster-role
+subjects:
+- kind: ServiceAccount
+  name: cap-app-proxy
+  namespace: default

manifests/app-proxy/app-proxy.deploy.yaml

@@ -0,0 +1,152 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: cap-app-proxy
+  name: cap-app-proxy
+spec:
+  selector:
+    matchLabels:
+      app: cap-app-proxy
+  template:
+    metadata:
+      labels:
+        app: cap-app-proxy
+    spec:
+      serviceAccountName: cap-app-proxy
+      containers:
+        - env:
+            - name: ARGO_CD_URL
+              valueFrom:
+                configMapKeyRef:
+                  name: cap-app-proxy-cm
+                  key: argoCdUrl
+                  optional: true
+            - name: ARGO_CD_USERNAME
+              valueFrom:
+                configMapKeyRef:
+                  name: cap-app-proxy-cm
+                  key: argoCdUsername
+                  optional: true
+            - name: ARGO_CD_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: argocd-initial-admin-secret
+                  key: password
+            - name: ARGO_CD_INSECURE
+              valueFrom:
+                configMapKeyRef:
+                  name: cap-app-proxy-cm
+                  key: argoCdInsecure
+            - name: ARGO_WORKFLOWS_INSECURE
+              valueFrom:
+                configMapKeyRef:
+                  name: cap-app-proxy-cm
+                  key: argoWorkflowsInsecure
+            - name: ARGO_WORKFLOWS_URL
+              valueFrom:
+                configMapKeyRef:
+                  name: cap-app-proxy-cm
+                  key: argoWorkflowsUrl
+                  optional: true
+            - name: CF_HOST
+              valueFrom:
+                configMapKeyRef:
+                  name: cap-app-proxy-cm
+                  key: cfHost
+                  optional: true
+            - name: CORS
+              valueFrom:
+                configMapKeyRef:
+                  name: cap-app-proxy-cm
+                  key: cors
+                  optional: true
+            - name: ENV
+              valueFrom:
+                configMapKeyRef:
+                  name: cap-app-proxy-cm
+                  key: env
+                  optional: true
+            - name: GRAPHQL_DEBUG
+              valueFrom:
+                configMapKeyRef:
+                  name: cap-app-proxy-cm
+                  key: graphqlDebug
+                  optional: true
+            - name: GRAPHQL_PLAYGROUND
+              valueFrom:
+                configMapKeyRef:
+                  name: cap-app-proxy-cm
+                  key: graphqlPlayground
+                  optional: true
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: PORT
+              valueFrom:
+                configMapKeyRef:
+                  name: cap-app-proxy-cm
+                  key: port
+                  optional: true
+            - name: REPOS_DIR
+              valueFrom:
+                configMapKeyRef:
+                  name: cap-app-proxy-cm
+                  key: reposDir
+                  optional: true
+            - name: RUNTIME_NAME
+              valueFrom:
+                configMapKeyRef:
+                  name: cap-app-proxy-cm
+                  key: runtimeName
+                  optional: true
+            - name: RUNTIME_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: codefresh-token
+                  key: token
+            - name: RUNTIME_STORE_IV
+              valueFrom:
+                secretKeyRef:
+                  name: codefresh-token
+                  key: encryptionIV
+                  optional: true
+            - name: STORE_BACKEND
+              valueFrom:
+                configMapKeyRef:
+                  name: cap-app-proxy-cm
+                  key: storeBackend
+                  optional: true
+            - name: STRIP_PREFIX
+              valueFrom:
+                configMapKeyRef:
+                  name: cap-app-proxy-cm
+                  key: stripPrefix
+                  optional: true
+          image: quay.io/codefresh/cap-app-proxy
+          imagePullPolicy: Always
+          name: cap-app-proxy
+          readinessProbe:
+            initialDelaySeconds: 10
+            timeoutSeconds: 10
+            httpGet:
+              port: http
+              path: /api/readyz
+          livenessProbe:
+            initialDelaySeconds: 10
+            timeoutSeconds: 10
+            failureThreshold: 10
+            httpGet:
+              port: http
+              path: /api/healthz
+          ports:
+            - name: http
+              containerPort: 80
+          resources:
+            requests:
+              memory: "256Mi"
+              cpu: "100m"
+            limits:
+              memory: "2048Mi"
+              cpu: "2"

manifests/app-proxy/app-proxy.rb.yaml

@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app: cap-app-proxy
+  name: cap-app-proxy
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: cap-app-proxy
+subjects:
+  - kind: ServiceAccount
+    name: cap-app-proxy

manifests/app-proxy/app-proxy.role.yaml

@@ -0,0 +1,37 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    app: cap-app-proxy
+  name: cap-app-proxy
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+      - configmap
+      - pods
+    verbs:
+      - get
+      - create
+      - delete
+      - deletecollection
+      - update
+      - patch
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - services
+    verbs:
+      - get
+      - list
+  - apiGroups:
+      - argoproj.io
+    resources:
+      - applications
+    verbs:
+      - get
+      - list
+      - watch

manifests/app-proxy/app-proxy.sa.yaml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app: cap-app-proxy
+  name: cap-app-proxy

manifests/app-proxy/app-proxy.svc.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: cap-app-proxy
+  name: cap-app-proxy
+spec:
+  selector:
+    app: cap-app-proxy
+  ports:
+    - name: http
+      port: 3017
+      protocol: TCP
+      targetPort: http

manifests/app-proxy/kustomization.yaml

@@ -0,0 +1,14 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+images:
+  - name: quay.io/codefresh/cap-app-proxy
+    newName: quay.io/codefresh/cap-app-proxy
+    newTag: 1.1960.1
+resources:
+  - app-proxy.deploy.yaml
+  - app-proxy.svc.yaml
+  - app-proxy.sa.yaml
+  - app-proxy.rb.yaml
+  - app-proxy.crb.yaml
+  - app-proxy.role.yaml
+  - app-proxy.cm.yaml

manifests/argo-cd/default-rbac.yaml

@@ -0,0 +1,23 @@
+# allow default service account to read the codefresh-cm configmap
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: codefresh-config-reader
+rules:
+  - apiGroups: [""]
+    resources: ["configmaps", "secrets"]
+    resourceNames: ["codefresh-cm", "codefresh-token"]
+    verbs: ["get"]
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: codefresh-config-reader
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: codefresh-config-reader
+subjects:
+  - kind: ServiceAccount
+    name: default

manifests/argo-cd/kustomization.yaml

@@ -0,0 +1,55 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - https://raw.githubusercontent.com/codefresh-io/argo-cd/release-2.3/manifests/install.yaml
+  - default-rbac.yaml
+images:
+  - name: quay.io/codefresh/argocd
+    newName: quay.io/codefresh/argocd
+    newTag: v2.3.4-cap-CR-14428-dest-server-validation
+
+# will be effective on argo-cd 2.1
+configMapGenerator:
+  - name: argocd-cm
+    behavior: merge
+    literals:
+      - "timeout.reconciliation=20s"
+      - "accounts.admin=apiKey,login" # need to be able to generate apikey for generic eventsource
+  - name: argocd-cmd-params-cm
+    behavior: merge
+    literals:
+      - "server.insecure=true"
+
+patches:
+  # reset the crbs to `subject.namespace: default`, so that argo-cd will later change them to the actual ns
+  - target:
+      group: rbac.authorization.k8s.io
+      version: v1
+      kind: ClusterRoleBinding
+    patch: |-
+      - op: replace
+        path: /subjects/0/namespace
+        value: default
+
+  # Istio protocol selection: https://istio.io/latest/docs/ops/configuration/traffic-management/protocol-selection/
+  # Ovveride the default protocol selection which is done by the port name (http), since this port is being used for both http and grpc.
+  - target:
+      version: v1
+      kind: Service
+      name: argocd-server
+    patch: |
+      - op: add
+        path: /spec/ports/0/appProtocol
+        value: tcp
+
+  - target:
+      version: v1
+      group: apps
+      kind: Deployment
+      name: argocd-server
+    patch: |
+      - op: add
+        path: /spec/template/spec/containers/0/env/-
+        value:
+          name: ARGOCD_SYNC_WAVE_DELAY
+          value: "10"

manifests/argo-events/codefresh-eventbus.eventbus.yaml

@@ -0,0 +1,22 @@
+apiVersion: argoproj.io/v1alpha1
+kind: EventBus
+metadata:
+  name: codefresh-eventbus
+  annotations:
+    argocd.argoproj.io/sync-wave: "2"
+spec:
+  nats:
+    native:
+      replicas: 3
+      auth: token
+      maxPayload: "2MB"
+      containerTemplate:
+        resources:
+          limits:
+            cpu: 500m
+            memory: 8Gi
+            ephemeral-storage: 2Gi
+          requests:
+            cpu: 200m
+            memory: 500Mi
+            ephemeral-storage: 2Gi

manifests/argo-events/codefresh-eventbus.pdb.yaml

@@ -0,0 +1,12 @@
+# This api version is only acceptable since kubernetes 1.21
+# We need to think how we introduce this gradually to our customers
+
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: codefresh-eventbus
+spec:
+  minAvailable: 2
+  selector:
+    matchLabels:
+      eventbus-name: codefresh-eventbus

manifests/argo-events/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - https://raw.githubusercontent.com/codefresh-io/argo-events/v1.7.2-cap-CR-14600/manifests/install.yaml
+  - https://raw.githubusercontent.com/codefresh-io/argo-events/v1.7.2-cap-CR-14600/manifests/install-validating-webhook.yaml
+  - codefresh-eventbus.eventbus.yaml
+#  - codefresh-eventbus.pdb.yaml