From e068c590e7f981a3057e5ea6ce421b71f290e90e Mon Sep 17 00:00:00 2001 From: bm8 bmFtZQ Date: Fri, 14 Jun 2024 10:04:14 +0700 Subject: [PATCH 01/11] Create readme.md --- argocd/notification/readme.md | 1 + 1 file changed, 1 insertion(+) create mode 100644 argocd/notification/readme.md diff --git a/argocd/notification/readme.md b/argocd/notification/readme.md new file mode 100644 index 0000000..d0ab1c7 --- /dev/null +++ b/argocd/notification/readme.md @@ -0,0 +1 @@ +## notification From 487d3f119205c9f99184bdfa923697bf7ddf8d4f Mon Sep 17 00:00:00 2001 From: bm8 bmFtZQ Date: Fri, 14 Jun 2024 10:07:05 +0700 Subject: [PATCH 02/11] Create readme.md --- argocd/deployments/readme.md | 1 + 1 file changed, 1 insertion(+) create mode 100644 argocd/deployments/readme.md diff --git a/argocd/deployments/readme.md b/argocd/deployments/readme.md new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/argocd/deployments/readme.md @@ -0,0 +1 @@ + From 47a297fea92de98d15004ca9f1d2a34e12c4adac Mon Sep 17 00:00:00 2001 From: bm8 bmFtZQ Date: Fri, 14 Jun 2024 10:07:26 +0700 Subject: [PATCH 03/11] Create readme.md --- argocd/sso/readme.md | 1 + 1 file changed, 1 insertion(+) create mode 100644 argocd/sso/readme.md diff --git a/argocd/sso/readme.md b/argocd/sso/readme.md new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/argocd/sso/readme.md @@ -0,0 +1 @@ + From 1f515d5be99c7e6a0f41c0d603a39eb3fbbabc75 Mon Sep 17 00:00:00 2001 From: bm8 bmFtZQ Date: Fri, 14 Jun 2024 10:08:21 +0700 Subject: [PATCH 04/11] Create sso-argocd-github-client-secret.yaml --- argocd/sso/sso-argocd-github-client-secret.yaml | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 argocd/sso/sso-argocd-github-client-secret.yaml diff --git a/argocd/sso/sso-argocd-github-client-secret.yaml b/argocd/sso/sso-argocd-github-client-secret.yaml new file mode 100644 index 0000000..ccf1de3 --- /dev/null +++ b/argocd/sso/sso-argocd-github-client-secret.yaml @@ -0,0 +1,11 @@ +## add secret to SSO +apiVersion: v1 +kind: Secret +metadata: + name: github-client-secret + namespace: argocd + labels: + app.kubernetes.io/part-of: argocd +type: Opaque +data: + dex.github.clientSecret: QXBwbGljYXRpb24gcmVjb25jaWxpYXRpb24gdGltZW91dCBpcyB0aGUgbWF4IGFtb3VudCBvZiB0aW1lIHJlcXVpcmVkIHRvIGRpc2NvdmVyIGlmIGEgbmV3IG1hbmlmZXN0cyB2ZXJzaW9uIGdvdA== # gen clientSecret and encode clientSecret From 5a38fc9513d72395a15a89075516931f93245e21 Mon Sep 17 00:00:00 2001 From: bm8 bmFtZQ Date: Fri, 14 Jun 2024 10:09:10 +0700 Subject: [PATCH 05/11] Create sso-argocd-github-configmap.yaml --- argocd/sso/sso-argocd-github-configmap.yaml | 48 +++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 argocd/sso/sso-argocd-github-configmap.yaml diff --git a/argocd/sso/sso-argocd-github-configmap.yaml b/argocd/sso/sso-argocd-github-configmap.yaml new file mode 100644 index 0000000..f5071a8 --- /dev/null +++ b/argocd/sso/sso-argocd-github-configmap.yaml @@ -0,0 +1,48 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/name: argocd-cm + app.kubernetes.io/part-of: argocd + name: argocd-cm + namespace: argocd +data: + admin.enabled: "false" + + # disables user. User is enabled by default + #accounts.alice.enabled: "false" + #accounts.test-user.enabled: "false" + + # Application reconciliation timeout is the max amount of time required to discover if a new manifests version got + # published to the repository. Reconciliation by timeout is disabled if timeout is set to 0. Three minutes by default. + # > Note: argocd-repo-server deployment must be manually restarted after changing the setting. + timeout.reconciliation: 180s + + configManagementPlugins: | + - name: argocd-vault-plugin + generate: + command: ["argocd-vault-plugin"] + args: ["generate", "./"] + - name: argocd-vault-plugin-kustomize + generate: + command: ["sh", "-c"] + args: ["kustomize build . > all.yaml && argocd-vault-plugin generate all.yaml"] + - name: argocd-vault-plugin-helm + generate: + command: ["sh", "-c"] + args: ["helm template $ARGOCD_APP_NAME ${helm_args} . | argocd-vault-plugin generate -"] + +### enable SSO with GitHub OAuth2 + url: https://tainguyenbp-argocd.onpoint.vn + dex.config: | + connectors: + - type: github + id: github + name: GitHub + config: + clientID: 1234567890 + clientSecret: $github-client-secret:dex.github.clientSecret + orgs: + - name: tainguyenbp # Name of the organization in Github + teams: # The list of authorized teams (optional) + - SRE From 99a50ca41d9b3fd89bdc5e67ca14b6a9d6567603 Mon Sep 17 00:00:00 2001 From: bm8 bmFtZQ Date: Fri, 14 Jun 2024 10:15:30 +0700 Subject: [PATCH 06/11] Create application-notification-slack.yaml --- .../application-notification-slack.yaml | 30 +++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 argocd/notification/application-notification-slack.yaml diff --git a/argocd/notification/application-notification-slack.yaml b/argocd/notification/application-notification-slack.yaml new file mode 100644 index 0000000..156fe3b --- /dev/null +++ b/argocd/notification/application-notification-slack.yaml @@ -0,0 +1,30 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: nginx + namespace: argocd + annotations: + notifications.argoproj.io/subscribe.on-deployed.slack: alerts + notifications.argoproj.io/subscribe.on-sync-failed.slack: alerts + notifications.argoproj.io/subscribe.on-sync-succeeded.slack: alerts + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + source: + repoURL: https://github.com/tainguyenbp/kubernetes-cluster.git + targetRevision: HEAD + path: nginx + destination: + server: https://kubernetes.default.svc + syncPolicy: + automated: + prune: true + selfHeal: true + allowEmpty: false + syncOptions: + - Validate=true + - CreateNamespace=false + - PrunePropagationPolicy=foreground + - PruneLast=true From 3551553c34357d564fee1a39ae8a9c17149401f8 Mon Sep 17 00:00:00 2001 From: bm8 bmFtZQ Date: Fri, 14 Jun 2024 10:16:08 +0700 Subject: [PATCH 07/11] Create argocd-notifications-slack-cm.yaml --- .../argocd-notifications-slack-cm.yaml | 538 ++++++++++++++++++ 1 file changed, 538 insertions(+) create mode 100644 argocd/notification/argocd-notifications-slack-cm.yaml diff --git a/argocd/notification/argocd-notifications-slack-cm.yaml b/argocd/notification/argocd-notifications-slack-cm.yaml new file mode 100644 index 0000000..c9c2929 --- /dev/null +++ b/argocd/notification/argocd-notifications-slack-cm.yaml @@ -0,0 +1,538 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: argocd-notifications-cm + namespace: argocd +data: + context: | + argocdUrl: http://localhost:8080 + service.slack: | + token: $slack-token + template.app-created: | + email: + subject: Application {{.app.metadata.name}} has been created. + message: Application {{.app.metadata.name}} has been created. + teams: + title: Application {{.app.metadata.name}} has been created. + template.app-deleted: | + email: + subject: Application {{.app.metadata.name}} has been deleted. + message: Application {{.app.metadata.name}} has been deleted. + teams: + title: Application {{.app.metadata.name}} has been deleted. + template.app-deployed: | + email: + subject: New version of an application {{.app.metadata.name}} is up and running. + message: | + {{if eq .serviceType "slack"}}:white_check_mark:{{end}} New version of *{{.app.metadata.name}}* is deployed. + slack: + attachments: | + [{ + "color": "#18be52", + "fields": [ + { + "title": "Author", + "value": "{{(call .repo.GetCommitMetadata .app.status.sync.revision).Author}}", + "short": true + }, + { + "title": "Message", + "value": "{{(call .repo.GetCommitMetadata .app.status.sync.revision).Message}}", + "short": true + }, + { + "title": "Repository", + "value": "{{.app.spec.source.repoURL}}", + "short": true + } + {{range $index, $image := .app.status.summary.images}} + {{if not $index}},{{end}} + {{if $index}},{{end}} + { + "title": "Version", + "value": "{{$image}}", + "short": true + } + {{end}} + ] + }] + deliveryPolicy: Post + groupingKey: "" + notifyBroadcast: false + teams: + facts: | + [{ + "name": "Sync Status", + "value": "{{.app.status.sync.status}}" + }, + { + "name": "Repository", + "value": "{{.app.spec.source.repoURL}}" + }, + { + "name": "Revision", + "value": "{{.app.status.sync.revision}}" + } + {{range $index, $c := .app.status.conditions}} + {{if not $index}},{{end}} + {{if $index}},{{end}} + { + "name": "{{$c.type}}", + "value": "{{$c.message}}" + } + {{end}} + ] + potentialAction: |- + [{ + "@type":"OpenUri", + "name":"Operation Application", + "targets":[{ + "os":"default", + "uri":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}" + }] + }, + { + "@type":"OpenUri", + "name":"Open Repository", + "targets":[{ + "os":"default", + "uri":"{{.app.spec.source.repoURL | call .repo.RepoURLToHTTPS}}" + }] + }] + themeColor: '#000080' + title: New version of an application {{.app.metadata.name}} is up and running. + template.app-health-degraded: | + email: + subject: Application {{.app.metadata.name}} has degraded. + message: | + {{if eq .serviceType "slack"}}:exclamation:{{end}} Application {{.app.metadata.name}} has degraded. + Application details: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}. + slack: + attachments: | + [{ + "title": "{{ .app.metadata.name}}", + "title_link": "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", + "color": "#f4c030", + "fields": [ + { + "title": "Health Status", + "value": "{{.app.status.health.status}}", + "short": true + }, + { + "title": "Repository", + "value": "{{.app.spec.source.repoURL}}", + "short": true + } + {{range $index, $c := .app.status.conditions}} + {{if not $index}},{{end}} + {{if $index}},{{end}} + { + "title": "{{$c.type}}", + "value": "{{$c.message}}", + "short": true + } + {{end}} + ] + }] + deliveryPolicy: Post + groupingKey: "" + notifyBroadcast: false + teams: + facts: | + [{ + "name": "Health Status", + "value": "{{.app.status.health.status}}" + }, + { + "name": "Repository", + "value": "{{.app.spec.source.repoURL}}" + } + {{range $index, $c := .app.status.conditions}} + {{if not $index}},{{end}} + {{if $index}},{{end}} + { + "name": "{{$c.type}}", + "value": "{{$c.message}}" + } + {{end}} + ] + potentialAction: | + [{ + "@type":"OpenUri", + "name":"Open Application", + "targets":[{ + "os":"default", + "uri":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}" + }] + }, + { + "@type":"OpenUri", + "name":"Open Repository", + "targets":[{ + "os":"default", + "uri":"{{.app.spec.source.repoURL | call .repo.RepoURLToHTTPS}}" + }] + }] + themeColor: '#FF0000' + title: Application {{.app.metadata.name}} has degraded. + template.app-sync-failed: | + email: + subject: Failed to sync application {{.app.metadata.name}}. + message: | + {{if eq .serviceType "slack"}}:exclamation:{{end}} The sync operation of application {{.app.metadata.name}} has failed at {{.app.status.operationState.finishedAt}} with the following error: {{.app.status.operationState.message}} + Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true . + slack: + attachments: | + [{ + "title": "{{ .app.metadata.name}}", + "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", + "color": "#E96D76", + "fields": [ + { + "title": "Sync Status", + "value": "{{.app.status.sync.status}}", + "short": true + }, + { + "title": "Repository", + "value": "{{.app.spec.source.repoURL}}", + "short": true + } + {{range $index, $c := .app.status.conditions}} + {{if not $index}},{{end}} + {{if $index}},{{end}} + { + "title": "{{$c.type}}", + "value": "{{$c.message}}", + "short": true + } + {{end}} + ] + }] + deliveryPolicy: Post + groupingKey: "" + notifyBroadcast: false + teams: + facts: | + [{ + "name": "Sync Status", + "value": "{{.app.status.sync.status}}" + }, + { + "name": "Failed at", + "value": "{{.app.status.operationState.finishedAt}}" + }, + { + "name": "Repository", + "value": "{{.app.spec.source.repoURL}}" + } + {{range $index, $c := .app.status.conditions}} + {{if not $index}},{{end}} + {{if $index}},{{end}} + { + "name": "{{$c.type}}", + "value": "{{$c.message}}" + } + {{end}} + ] + potentialAction: |- + [{ + "@type":"OpenUri", + "name":"Open Operation", + "targets":[{ + "os":"default", + "uri":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true" + }] + }, + { + "@type":"OpenUri", + "name":"Open Repository", + "targets":[{ + "os":"default", + "uri":"{{.app.spec.source.repoURL | call .repo.RepoURLToHTTPS}}" + }] + }] + themeColor: '#FF0000' + title: Failed to sync application {{.app.metadata.name}}. + template.app-sync-running: | + email: + subject: Start syncing application {{.app.metadata.name}}. + message: | + The sync operation of application {{.app.metadata.name}} has started at {{.app.status.operationState.startedAt}}. + Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true . + slack: + attachments: | + [{ + "title": "{{ .app.metadata.name}}", + "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", + "color": "#0DADEA", + "fields": [ + { + "title": "Sync Status", + "value": "{{.app.status.sync.status}}", + "short": true + }, + { + "title": "Repository", + "value": "{{.app.spec.source.repoURL}}", + "short": true + } + {{range $index, $c := .app.status.conditions}} + {{if not $index}},{{end}} + {{if $index}},{{end}} + { + "title": "{{$c.type}}", + "value": "{{$c.message}}", + "short": true + } + {{end}} + ] + }] + deliveryPolicy: Post + groupingKey: "" + notifyBroadcast: false + teams: + facts: | + [{ + "name": "Sync Status", + "value": "{{.app.status.sync.status}}" + }, + { + "name": "Started at", + "value": "{{.app.status.operationState.startedAt}}" + }, + { + "name": "Repository", + "value": "{{.app.spec.source.repoURL}}" + } + {{range $index, $c := .app.status.conditions}} + {{if not $index}},{{end}} + {{if $index}},{{end}} + { + "name": "{{$c.type}}", + "value": "{{$c.message}}" + } + {{end}} + ] + potentialAction: |- + [{ + "@type":"OpenUri", + "name":"Open Operation", + "targets":[{ + "os":"default", + "uri":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true" + }] + }, + { + "@type":"OpenUri", + "name":"Open Repository", + "targets":[{ + "os":"default", + "uri":"{{.app.spec.source.repoURL | call .repo.RepoURLToHTTPS}}" + }] + }] + title: Start syncing application {{.app.metadata.name}}. + template.app-sync-status-unknown: | + email: + subject: Application {{.app.metadata.name}} sync status is 'Unknown' + message: | + {{if eq .serviceType "slack"}}:exclamation:{{end}} Application {{.app.metadata.name}} sync is 'Unknown'. + Application details: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}. + {{if ne .serviceType "slack"}} + {{range $c := .app.status.conditions}} + * {{$c.message}} + {{end}} + {{end}} + slack: + attachments: | + [{ + "title": "{{ .app.metadata.name}}", + "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", + "color": "#E96D76", + "fields": [ + { + "title": "Sync Status", + "value": "{{.app.status.sync.status}}", + "short": true + }, + { + "title": "Repository", + "value": "{{.app.spec.source.repoURL}}", + "short": true + } + {{range $index, $c := .app.status.conditions}} + {{if not $index}},{{end}} + {{if $index}},{{end}} + { + "title": "{{$c.type}}", + "value": "{{$c.message}}", + "short": true + } + {{end}} + ] + }] + deliveryPolicy: Post + groupingKey: "" + notifyBroadcast: false + teams: + facts: | + [{ + "name": "Sync Status", + "value": "{{.app.status.sync.status}}" + }, + { + "name": "Repository", + "value": "{{.app.spec.source.repoURL}}" + } + {{range $index, $c := .app.status.conditions}} + {{if not $index}},{{end}} + {{if $index}},{{end}} + { + "name": "{{$c.type}}", + "value": "{{$c.message}}" + } + {{end}} + ] + potentialAction: |- + [{ + "@type":"OpenUri", + "name":"Open Application", + "targets":[{ + "os":"default", + "uri":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}" + }] + }, + { + "@type":"OpenUri", + "name":"Open Repository", + "targets":[{ + "os":"default", + "uri":"{{.app.spec.source.repoURL | call .repo.RepoURLToHTTPS}}" + }] + }] + title: Application {{.app.metadata.name}} sync status is 'Unknown' + template.app-sync-succeeded: | + email: + subject: Application {{.app.metadata.name}} has been successfully synced. + message: | + {{if eq .serviceType "slack"}}:white_check_mark:{{end}} Application {{.app.metadata.name}} has been successfully synced at {{.app.status.operationState.finishedAt}}. + Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true . + slack: + attachments: | + [{ + "title": "{{ .app.metadata.name}}", + "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", + "color": "#18be52", + "fields": [ + { + "title": "Sync Status", + "value": "{{.app.status.sync.status}}", + "short": true + }, + { + "title": "Repository", + "value": "{{.app.spec.source.repoURL}}", + "short": true + } + {{range $index, $c := .app.status.conditions}} + {{if not $index}},{{end}} + {{if $index}},{{end}} + { + "title": "{{$c.type}}", + "value": "{{$c.message}}", + "short": true + } + {{end}} + ] + }] + deliveryPolicy: Post + groupingKey: "" + notifyBroadcast: false + teams: + facts: | + [{ + "name": "Sync Status", + "value": "{{.app.status.sync.status}}" + }, + { + "name": "Synced at", + "value": "{{.app.status.operationState.finishedAt}}" + }, + { + "name": "Repository", + "value": "{{.app.spec.source.repoURL}}" + } + {{range $index, $c := .app.status.conditions}} + {{if not $index}},{{end}} + {{if $index}},{{end}} + { + "name": "{{$c.type}}", + "value": "{{$c.message}}" + } + {{end}} + ] + potentialAction: |- + [{ + "@type":"OpenUri", + "name":"Operation Details", + "targets":[{ + "os":"default", + "uri":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true" + }] + }, + { + "@type":"OpenUri", + "name":"Open Repository", + "targets":[{ + "os":"default", + "uri":"{{.app.spec.source.repoURL | call .repo.RepoURLToHTTPS}}" + }] + }] + themeColor: '#000080' + title: Application {{.app.metadata.name}} has been successfully synced + trigger.on-created: | + - description: Application is created. + oncePer: app.metadata.name + send: + - app-created + when: "true" + trigger.on-deleted: | + - description: Application is deleted. + oncePer: app.metadata.name + send: + - app-deleted + when: app.metadata.deletionTimestamp != nil + trigger.on-deployed: | + - description: Application is synced and healthy. Triggered once per commit. + oncePer: app.status.operationState.syncResult.revision + send: + - app-deployed + when: app.status.operationState.phase in ['Succeeded'] and app.status.health.status + == 'Healthy' + trigger.on-health-degraded: | + - description: Application has degraded + send: + - app-health-degraded + when: app.status.health.status == 'Degraded' + trigger.on-sync-failed: | + - description: Application syncing has failed + send: + - app-sync-failed + when: app.status.operationState.phase in ['Error', 'Failed'] + trigger.on-sync-running: | + - description: Application is being synced + send: + - app-sync-running + when: app.status.operationState.phase in ['Running'] + trigger.on-sync-status-unknown: | + - description: Application status is 'Unknown' + send: + - app-sync-status-unknown + when: app.status.sync.status == 'Unknown' + trigger.on-sync-succeeded: | + - description: Application syncing has succeeded + send: + - app-sync-succeeded + when: app.status.operationState.phase in ['Succeeded'] From 4fbcb07d4f3bfec64e742aa047ceea3b7975570f Mon Sep 17 00:00:00 2001 From: bm8 bmFtZQ Date: Fri, 14 Jun 2024 10:18:06 +0700 Subject: [PATCH 08/11] Create argocd-notifications-slack-secret.yml --- argocd/notification/argocd-notifications-slack-secret.yml | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 argocd/notification/argocd-notifications-slack-secret.yml diff --git a/argocd/notification/argocd-notifications-slack-secret.yml b/argocd/notification/argocd-notifications-slack-secret.yml new file mode 100644 index 0000000..1365350 --- /dev/null +++ b/argocd/notification/argocd-notifications-slack-secret.yml @@ -0,0 +1,8 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: argocd-notifications-secret + namespace: argocd +stringData: + slack-token: xoxb-123456789-123456789-123456789 From 7611996f6db7ef6c3066e1e6084724688c67daed Mon Sep 17 00:00:00 2001 From: bm8 bmFtZQ Date: Fri, 14 Jun 2024 10:20:22 +0700 Subject: [PATCH 09/11] Create application-notifications-telegram.yaml --- .../application-notifications-telegram.yaml | 35 +++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 argocd/notification/application-notifications-telegram.yaml diff --git a/argocd/notification/application-notifications-telegram.yaml b/argocd/notification/application-notifications-telegram.yaml new file mode 100644 index 0000000..c96dd98 --- /dev/null +++ b/argocd/notification/application-notifications-telegram.yaml @@ -0,0 +1,35 @@ +# Create new Telegram channel. +# Add your bot as an administrator. +# Use this channel username (public channel) or chatID (private channel) in the subscription for your Telegram integration: +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: nginx + namespace: argocd + annotations: + notifications.argoproj.io/subscribe.on-deployed.telegram: alerts + notifications.argoproj.io/subscribe.on-sync-failed.telegram: alerts + notifications.argoproj.io/subscribe.on-sync-succeeded.telegram: alerts + notifications.argoproj.io/subscribe.on-sync-succeeded.telegram: username + notifications.argoproj.io/subscribe.on-sync-succeeded.telegram: -1000000000000 + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + source: + repoURL: https://github.com/tainguyenbp/kubernetes-cluster.git + targetRevision: HEAD + path: nginx + destination: + server: https://kubernetes.default.svc + syncPolicy: + automated: + prune: true + selfHeal: true + allowEmpty: false + syncOptions: + - Validate=true + - CreateNamespace=false + - PrunePropagationPolicy=foreground + - PruneLast=true From b5c880d556f5e1a9480da15de433b6e86b3a9838 Mon Sep 17 00:00:00 2001 From: bm8 bmFtZQ Date: Fri, 14 Jun 2024 10:22:51 +0700 Subject: [PATCH 10/11] Create argocd-notifications-telegram-secret.yml --- .../notification/argocd-notifications-telegram-secret.yml | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 argocd/notification/argocd-notifications-telegram-secret.yml diff --git a/argocd/notification/argocd-notifications-telegram-secret.yml b/argocd/notification/argocd-notifications-telegram-secret.yml new file mode 100644 index 0000000..d6c8598 --- /dev/null +++ b/argocd/notification/argocd-notifications-telegram-secret.yml @@ -0,0 +1,8 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: argocd-notifications-telegram-secret + namespace: argocd +stringData: + slack-token: xoxb-123456789-123456789-123456789 From 43d5357788f4ddee17fae6ad551961a41872eebe Mon Sep 17 00:00:00 2001 From: bm8 bmFtZQ Date: Fri, 14 Jun 2024 10:25:21 +0700 Subject: [PATCH 11/11] Create argocd-notifications-telegram-cm.yaml --- .../argocd-notifications-telegram-cm.yaml | 95 +++++++++++++++++++ 1 file changed, 95 insertions(+) create mode 100644 argocd/notification/argocd-notifications-telegram-cm.yaml diff --git a/argocd/notification/argocd-notifications-telegram-cm.yaml b/argocd/notification/argocd-notifications-telegram-cm.yaml new file mode 100644 index 0000000..f770ea4 --- /dev/null +++ b/argocd/notification/argocd-notifications-telegram-cm.yaml @@ -0,0 +1,95 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: argocd-notifications-cm +data: + # Triggers define the condition when the notification should be sent and list of templates required to generate the message + # Recipients can subscribe to the trigger and specify the required message template and destination notification service. + trigger.on-sync-status-unknown: | + - when: app.status.sync.status == 'Unknown' + send: [my-custom-template] + + # Optional 'oncePer' property ensure that notification is sent only once per specified field value + # E.g. following is triggered once per sync revision + trigger.on-deployed: | + - when: app.status.operationState.phase in ['Succeeded'] and app.status.health.status == 'Healthy' + oncePer: app.status.sync.revision + send: [app-sync-succeeded] + + # Templates are used to generate the notification template message + template.my-custom-template: | + message: | + Application details: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}. + + # Templates might have notification service specific fields. E.g. slack message might include annotations + template.my-custom-template-slack-template: | + message: | + Application {{.app.metadata.name}} sync is {{.app.status.sync.status}}. + Application details: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}. + email: + subject: Application {{.app.metadata.name}} sync status is {{.app.status.sync.status}} + slack: + attachments: | + [{ + "title": "{{.app.metadata.name}}", + "title_link": "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}", + "color": "#18be52" + }] + + # Holds list of triggers that are used by default if trigger is not specified explicitly in the subscription + defaultTriggers: | + - on-sync-status-unknown + + # Notification services are used to deliver message. + # Service definition might reference values from argocd-notifications-secret Secret using $my-key format + # Service format key is: service.. + # Slack + service.slack: | + token: $slack-token + username: # optional username + icon: # optional icon for the message (supports both emoij and url notation) + + # Slack based notifier with name mattermost + service.slack.mattermost: | + apiURL: https://my-mattermost-url.com/api + token: $slack-token + username: # optional username + icon: # optional icon for the message (supports both emoij and url notation) + + # Email + service.email: | + host: smtp.gmail.com + port: 587 + from: @gmail.com + username: $email-username + password: $email-password + + # Opsgenie + service.opsgenie: | + apiUrl: api.opsgenie.com + apiKeys: + $opsgenie-team-id: $opsgenie-team-api-key + ... + + # Telegram + service.telegram: | + token: $telegram-token + + # Context holds list of variables that can be referenced in templates + context: | + argocdUrl: https://cd.apps.argoproj.io/ + + # Contains centrally managed global application subscriptions + subscriptions: | + # subscription for on-sync-status-unknown trigger notifications + - recipients: + - slack:test2 + - email:test@gmail.com + triggers: + - on-sync-status-unknown + # subscription restricted to applications with matching labels only + - recipients: + - slack:test3 + selector: test=true + triggers: + - on-sync-status-unknown