From 9044b58c82446f9313162cc92fc5c32d059a3589 Mon Sep 17 00:00:00 2001
From: Vojtech Mares <iam@vojtechmares.com>
Date: Mon, 2 Oct 2023 19:41:33 +0200
Subject: [PATCH] refactor: move cert-manager and clusterissuer
 'letsencrypt-prod' to universal (multi-cluster)

---
 .../letsencrypt-prod.yaml                     |  0
 clusters/cherry/apps/cert-manager.yaml        | 37 --------------
 clusters/cherry/apps/clusterissuer.yaml       | 18 -------
 universal/cert-manager.yaml                   | 48 +++++++++++++++++++
 universal/clusterissuer.yaml                  | 31 ++++++++++++
 5 files changed, 79 insertions(+), 55 deletions(-)
 rename clusters/cherry/manifests/clusterissuer/clusterissuer.yaml => clusterissuer/letsencrypt-prod.yaml (100%)
 delete mode 100644 clusters/cherry/apps/cert-manager.yaml
 delete mode 100644 clusters/cherry/apps/clusterissuer.yaml
 create mode 100644 universal/cert-manager.yaml
 create mode 100644 universal/clusterissuer.yaml

diff --git a/clusters/cherry/manifests/clusterissuer/clusterissuer.yaml b/clusterissuer/letsencrypt-prod.yaml
similarity index 100%
rename from clusters/cherry/manifests/clusterissuer/clusterissuer.yaml
rename to clusterissuer/letsencrypt-prod.yaml
diff --git a/clusters/cherry/apps/cert-manager.yaml b/clusters/cherry/apps/cert-manager.yaml
deleted file mode 100644
index d959fd6..0000000
--- a/clusters/cherry/apps/cert-manager.yaml
+++ /dev/null
@@ -1,37 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: cherry-cert-manager
-  namespace: argocd
-spec:
-  project: infrastructure
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true
-    syncOptions:
-      - CreateNamespace=true
-  destination:
-    server: https://kubernetes.default.svc
-    namespace: cert-manager
-  source:
-    chart: cert-manager
-    repoURL: https://charts.jetstack.io
-    targetRevision: 1.13.1
-    helm:
-      releaseName: cert-manager
-      valuesObject:
-        installCRDs: true
-        featureGates: "AdditionalCertificateOutputFormats=true"
-        strategy:
-          type: RollingUpdate
-          rollingUpdate:
-            maxSurge: 1
-            maxUnavailable: 0
-        webhook:
-          featureGates: "AdditionalCertificateOutputFormats=true"
-          strategy:
-            type: RollingUpdate
-            rollingUpdate:
-              maxSurge: 1
-              maxUnavailable: 0
diff --git a/clusters/cherry/apps/clusterissuer.yaml b/clusters/cherry/apps/clusterissuer.yaml
deleted file mode 100644
index 331dd2c..0000000
--- a/clusters/cherry/apps/clusterissuer.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: cherry-clusterissuer
-  namespace: argocd
-spec:
-  project: infrastructure
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true
-  destination:
-    server: https://kubernetes.default.svc
-    namespace: default
-  source:
-    path: clusters/cherry/manifests/clusterissuer/
-    repoURL: https://github.com/vojtechmares/gitops.git
-    targetRevision: HEAD
diff --git a/universal/cert-manager.yaml b/universal/cert-manager.yaml
new file mode 100644
index 0000000..1faaba1
--- /dev/null
+++ b/universal/cert-manager.yaml
@@ -0,0 +1,48 @@
+apiVersion: argoproj.io/v1alpha1
+kind: ApplicationSet
+metadata:
+  name: universal-cert-manager
+  annotations:
+    argocd.argoproj.io/sync-wave: "1"
+spec:
+  generators:
+    - list:
+        elements:
+          - cluster: cherry
+            url: https://kubernetes.default.svc
+  syncPolicy:
+    applicationsSync: create-update
+    preserveResourcesOnDeletion: true
+  template:
+    metadata:
+      name: "{{cluster}}-cert-manager"
+    spec:
+      project: infrastructure
+      syncPolicy:
+        automated:
+          prune: true
+          selfHeal: true
+        syncOptions:
+          - CreateNamespace=true
+      source:
+        chart: cert-manager
+        repoURL: https://charts.jetstack.io
+        targetRevision: 1.13.1
+        helm:
+          releaseName: cert-manager
+          valuesObject:
+            installCRDs: true
+            strategy:
+              type: RollingUpdate
+              rollingUpdate:
+                maxSurge: 1
+                maxUnavailable: 0
+            webhook:
+              strategy:
+                type: RollingUpdate
+                rollingUpdate:
+                  maxSurge: 1
+                  maxUnavailable: 0
+      destination:
+        server: "{{url}}"
+        namespace: cert-manager
diff --git a/universal/clusterissuer.yaml b/universal/clusterissuer.yaml
new file mode 100644
index 0000000..a70a05a
--- /dev/null
+++ b/universal/clusterissuer.yaml
@@ -0,0 +1,31 @@
+apiVersion: argoproj.io/v1alpha1
+kind: ApplicationSet
+metadata:
+  name: universal-clusterissuer
+  annotations:
+    argocd.argoproj.io/sync-wave: "2"
+spec:
+  generators:
+    - list:
+        elements:
+          - cluster: cherry
+            url: https://kubernetes.default.svc
+  syncPolicy:
+    applicationsSync: create-update
+    preserveResourcesOnDeletion: true
+  template:
+    metadata:
+      name: "{{cluster}}-http-clusterissuer"
+    spec:
+      project: infrastructure
+      syncPolicy:
+        automated:
+          prune: true
+          selfHeal: true
+      source:
+        path: clusterissuer/
+        repoURL: https://github.com/vojtechmares/gitops.git
+        targetRevision: HEAD
+      destination:
+        server: "{{url}}"
+        namespace: default