From 8c0e1adf070c51de7321a6b0bac89e8e7e4cbb52 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Roch=C3=A9=20Compaan?= <roche@upfrontsoftware.co.za>
Date: Fri, 20 Sep 2024 13:11:41 +0200
Subject: [PATCH] feat: add sandbox argocd deployment

---
 .../argocd/sandbox/apps/kustomization.yaml    | 40 +++++++++++++
 .../argocd/sandbox/ingress/certificates.yaml  | 15 +++++
 .../argocd/sandbox/ingress/ingress.yaml       | 59 +++++++++++++++++++
 .../argocd/sandbox/ingress/kustomization.yaml |  6 ++
 4 files changed, 120 insertions(+)
 create mode 100644 {{cookiecutter.project_slug}}/argocd/sandbox/apps/kustomization.yaml
 create mode 100644 {{cookiecutter.project_slug}}/argocd/sandbox/ingress/certificates.yaml
 create mode 100644 {{cookiecutter.project_slug}}/argocd/sandbox/ingress/ingress.yaml
 create mode 100644 {{cookiecutter.project_slug}}/argocd/sandbox/ingress/kustomization.yaml

diff --git a/{{cookiecutter.project_slug}}/argocd/sandbox/apps/kustomization.yaml b/{{cookiecutter.project_slug}}/argocd/sandbox/apps/kustomization.yaml
new file mode 100644
index 00000000..b2b0420d
--- /dev/null
+++ b/{{cookiecutter.project_slug}}/argocd/sandbox/apps/kustomization.yaml
@@ -0,0 +1,40 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+namespace: argocd
+resources:
+- ../../base/argocd
+- ../../base/cert-manager
+- ../../base/cloudnative-pg
+- ../../base/ingress
+- ../../base/local-path-provisioner
+- ../../base/reflector
+- ../../base/sealed-secrets
+- ../../base/traefik
+- ../../base/{{ cookiecutter.project_slug }}
+kind: Kustomization
+patches:
+- patch: |-
+    - op: replace
+      path: /spec/source/targetRevision
+      value: develop
+    - op: replace
+      path: /spec/source/path
+      value: argocd/sandbox/ingress
+  target:
+    kind: Application
+    name: ingress
+- patch: |-
+    - op: replace
+      path: /metadata/name
+      value: {{ cookiecutter.project_slug }}-sandbox
+    - op: replace
+      path: /spec/source/targetRevision
+      value: develop
+    - op: replace
+      path: /spec/source/path
+      value: k8s/sandbox
+    - op: replace
+      path: /spec/destination/namespace
+    value: {{ cookiecutter.project_slug }}-sandbox
+  target:
+    kind: Application
+    name: {{ cookiecutter.project_slug }}
diff --git a/{{cookiecutter.project_slug}}/argocd/sandbox/ingress/certificates.yaml b/{{cookiecutter.project_slug}}/argocd/sandbox/ingress/certificates.yaml
new file mode 100644
index 00000000..01107ada
--- /dev/null
+++ b/{{cookiecutter.project_slug}}/argocd/sandbox/ingress/certificates.yaml
@@ -0,0 +1,15 @@
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: argocd-sandbox-{{ cookiecutter.project_slug }}-tls
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "3"
+spec:
+  secretName: argocd-sandbox-{{ cookiecutter.project_slug }}-tls
+  issuerRef:
+    name: letsencrypt-prod
+    kind: ClusterIssuer
+  dnsNames:
+  - argocd.sandbox.{{ cookiecutter.domain_name }}
diff --git a/{{cookiecutter.project_slug}}/argocd/sandbox/ingress/ingress.yaml b/{{cookiecutter.project_slug}}/argocd/sandbox/ingress/ingress.yaml
new file mode 100644
index 00000000..f7711494
--- /dev/null
+++ b/{{cookiecutter.project_slug}}/argocd/sandbox/ingress/ingress.yaml
@@ -0,0 +1,59 @@
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: argocd-sandbox-{{ cookiecutter.project_slug }}
+  annotations:
+    argocd.argoproj.io/sync-wave: "2"
+  namespace: argocd
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`argocd.sandbox.{{ cookiecutter.domain_name }}`)
+      priority: 10
+      services:
+        - name: argocd-server
+          port: 80
+    - kind: Rule
+      match: Host(`argocd.sandbox.{{ cookiecutter.domain_name }}`) && Headers(`Content-Type`, `application/grpc`)
+      priority: 11
+      services:
+        - name: argocd-server
+          port: 80
+          scheme: h2c
+  tls:
+    secretName: argocd-sandbox-{{ cookiecutter.project_slug }}-tls
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: http-to-https-redirect
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "5"
+spec:
+  entryPoints:
+    - web
+  routes:
+    - kind: Rule
+      match: PathPrefix(`/`)
+      priority: 1
+      middlewares:
+        - name: redirect-to-https
+      services:
+        - kind: TraefikService
+          name: noop@internal
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: redirect-to-https
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "5"
+spec:
+  redirectScheme:
+    scheme: https
+    permanent: true
diff --git a/{{cookiecutter.project_slug}}/argocd/sandbox/ingress/kustomization.yaml b/{{cookiecutter.project_slug}}/argocd/sandbox/ingress/kustomization.yaml
new file mode 100644
index 00000000..f8369620
--- /dev/null
+++ b/{{cookiecutter.project_slug}}/argocd/sandbox/ingress/kustomization.yaml
@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+resources:
+- cert-manager-issuer.yaml
+- certificates.yaml
+- ingress.yaml
+kind: Kustomization