refactor with argocd application set

Signed-off-by: Yulong Ruan <ruanyl@amazon.com>

Author: ruanyl

.gitignore

@@ -1,3 +1,4 @@
 .cache
 .build
 .downloads
+.DS_Store

README.md

@@ -3,3 +3,14 @@
 GitOps environment repo for OpenSearch and OpenSearch-Dashboards development
 
 > OpenSearch and OpenSearch-Dashboards helm charts are from the official [helm-charts](https://github.com/opensearch-project/helm-charts)
+
+## Create an OpenSearch cluster
+
+1. fork this repo
+2. create a empty folder in `deployments/`, for example `deployments/my-app`, you can name it as you like
+3. create a `config.json` file in `my-app` folder, take `deployments/demo` for example
+4. update `owner` with your email address in `config.json`, you will be notified on slack once the cluster is created
+5. create a pull request with above changes to `main`
+6. once the PR is merged, the opensearch cluster will be deployed automatically(default is a 2 nodes opensearch cluster) and you will receive slack notifications about the endpoints
+
+## Customize the deployment

appset/opensearch-appset.yaml

@@ -0,0 +1,46 @@
+apiVersion: argoproj.io/v1alpha1
+kind: ApplicationSet
+metadata:
+  name: opensearch
+  namespace: argocd
+spec:
+  generators:
+    - matrix:
+        generators:
+          - list:
+              elements:
+              - appName: opensearch
+              - appName: opensearch-dashboards
+          - git:
+              repoURL: https://github.com/ruanyl/ml-commons-dev-env.git
+              revision: argocd-appset
+              files:
+              - path: "deployments/**/config.json"
+
+  template:
+    metadata:
+      name: '{{appName}}-{{path.basename}}'
+      annotations:
+        owner: '{{owner}}'
+        notifications.argoproj.io/subscribe.on-deployed.slack_webhook: ""
+        notifications.argoproj.io/subscribe.on-health-degraded.slack_webhook: ""
+        notifications.argoproj.io/subscribe.on-sync-failed.slack_webhook: ""
+        notifications.argoproj.io/subscribe.on-deleted.slack_webhook_deleted: ""
+    spec:
+      project: default
+      source:
+        repoURL: https://github.com/ruanyl/ml-commons-dev-env.git
+        targetRevision: argocd-appset
+        path: "charts/{{appName}}"
+        plugin:
+          name: helm-argocd-vault-replacer
+          env:
+            - name: VALUE_FILES
+              value: "../../deployments/{{path.basename}}/{{appName}}.yaml"
+      destination:
+        server: "https://kubernetes.default.svc"
+        namespace: '{{path.basename}}'
+      syncPolicy:
+        automated: {}
+        syncOptions:
+          - CreateNamespace=true

charts/opensearch-dashboards/plugins/README.md

@@ -161,15 +161,13 @@ spec:
             #!/usr/bin/bash
             set -e
 
-            {{- $artifacts := .Files.Get "plugins/artifacts.json" | fromJson }}
-            {{- range $plugin := $artifacts.plugins  }}
-            if ./bin/opensearch-dashboards-plugin list | grep -q {{ $plugin.name }}; then
-              ./bin/opensearch-dashboards-plugin remove {{ $plugin.name }}
+            {{- if .Values.plugins.enabled }}
+            {{- range $plugin := .Values.plugins.removeList }}
+            if ./bin/opensearch-dashboards-plugin list | grep -q {{ $plugin }}; then
+              ./bin/opensearch-dashboards-plugin remove {{ $plugin }}
             fi
-            ./bin/opensearch-dashboards-plugin install {{ $plugin.url }}
-            {{- end  }}
+            {{- end }}
 
-            {{- if .Values.plugins.enabled }}
             {{- range $plugin := .Values.plugins.installList }}
             ./bin/opensearch-dashboards-plugin install {{ $plugin }}
             {{- end }}

charts/opensearch-dashboards/plugins/artifacts.json

@@ -7,14 +7,13 @@
 
 opensearchHosts: "https://opensearch-cluster-master:9200"
 replicaCount: 1
-global:
+# global:
   # Set if you want to change the default docker registry, e.g. a private one.
   # dockerRegistry: "public.ecr.aws"
-  dockerRegistry: "public.ecr.aws"
 image:
-  repository: "r9h9r7k4/opensearch-dashboards-dev"
+  repository: "opensearchproject/opensearch-dashboards"
   # override image tag, which is .Chart.AppVersion by default
-  tag: "7523695040"
+  tag: ""
   pullPolicy: "IfNotPresent"
 startupProbe:
   tcpSocket:

charts/opensearch-dashboards/templates/deployment.yaml

@@ -316,15 +316,13 @@ spec:
           #!/usr/bin/env bash
           set -euo pipefail
 
-          {{- $artifacts := .Files.Get "plugins/artifacts.json" | fromJson }}
-          {{- range $plugin := $artifacts.plugins  }}
-          if ./bin/opensearch-plugin list | grep -q {{ $plugin.name }}; then
-            ./bin/opensearch-plugin remove {{ $plugin.name }}
+          {{- if .Values.plugins.enabled }}
+          {{- range $plugin := .Values.plugins.removeList }}
+          if ./bin/opensearch-plugin list | grep -q {{ $plugin }}; then
+            ./bin/opensearch-plugin remove {{ $plugin }}
           fi
-          ./bin/opensearch-plugin install --batch {{ $plugin.url }}
-          {{- end  }}
+          {{- end }}
 
-          {{- if .Values.plugins.enabled }}
           {{- range $plugin := .Values.plugins.installList }}
           ./bin/opensearch-plugin install -b {{ $plugin }}
           {{- end }}

charts/opensearch-dashboards/values.yaml

@@ -17,11 +17,10 @@ roles:
   - remote_cluster_client
 replicas: 2
 # if not set, falls back to parsing .Values.imageTag, then .Chart.appVersion.
-majorVersion: "7"
-global:
+majorVersion: ""
+# global:
   # Set if you want to change the default docker registry, e.g. a private one.
   # dockerRegistry: "public.ecr.aws"
-  dockerRegistry: "public.ecr.aws"
 # Allows you to add any config files in {{ .Values.opensearchHome }}/config
 opensearchHome: /usr/share/opensearch
 # such as opensearch.yml and log4j2.properties
@@ -259,9 +258,9 @@ hostAliases: []
 #   - "bar.local"
 
 image:
-  repository: "r9h9r7k4/opensearch-dev"
+  repository: "opensearchproject/opensearch"
   # override image tag, which is .Chart.AppVersion by default
-  tag: "7549061222"
+  tag: ""
   pullPolicy: "IfNotPresent"
 podAnnotations: {}
 # iam.amazonaws.com/role: es-cluster
@@ -1288,6 +1287,8 @@ sysctlInit:
 ## Enable to add 3rd Party / Custom plugins not offered in the default OpenSearch image.
 plugins:
   enabled: false
+  removeList: []
+  # - opensearch-example-plugin
   installList: []
   # - example-fake-plugin
 sampleData:

charts/opensearch/plugins/README.md

@@ -1,5 +1,8 @@
 replicaCount: 1
 
+image:
+  tag: "2.11.0"
+
 resources:
   requests:
     cpu: "1"

charts/opensearch/plugins/artifacts.json

@@ -1,14 +1,18 @@
 replicas: 2
 
 image:
-  repository: "r9h9r7k4/opensearch-dev"
-  # override image tag, which is .Chart.AppVersion by default
-  tag: "7622430882"
-  pullPolicy: "IfNotPresent"
+  tag: "2.11.0"
 
 opensearchJavaOpts: "-Xmx2G -Xms2G"
 
 resources:
   requests:
     cpu: "2"
     memory: "4Gi"
+
+plugins:
+  enabled: true
+  removeList:
+    - opensearch-ml
+  installList:
+    - https://github.com/ruanyl/security.zip

charts/opensearch/templates/statefulset.yaml

@@ -0,0 +1,17 @@
+## ArgoCD notifications setup
+1. update config map `argocd-notifications-cm`
+```
+k apply -f kustomize/argocd/argocd-notifications-cm.yaml
+```
+
+2. update ArgoCD application annotations
+```
+metadata:
+  annotations:
+    notifications.argoproj.io/subscribe.on-deployed.slack_webhook: ""
+    notifications.argoproj.io/subscribe.on-health-degraded.slack_webhook: ""
+    notifications.argoproj.io/subscribe.on-sync-failed.slack_webhook: ""
+    notifications.argoproj.io/subscribe.on-deleted.slack_webhook_deleted: ""
+```
+
+Then run: `argocd appset create appset/opensearch-appset.yaml --upsert`

charts/opensearch/values.yaml

@@ -0,0 +1,66 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: argocd-notifications-cm
+  namespace: argocd
+data:
+  service.webhook.slack_webhook: |
+    url: https://hooks.slack.com/workflows/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
+    headers:
+    - name: Content-Type
+      value: application/json
+
+  service.webhook.slack_webhook_deleted: |
+    url: https://hooks.slack.com/workflows/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
+    headers:
+    - name: Content-Type
+      value: application/json
+
+  template.send-slack: |
+    webhook:
+      slack_webhook:
+        method: POST
+        body: |
+          {
+            "name": "{{.app.metadata.name}}",
+            "email": "{{.app.metadata.annotations.owner}}",
+            "url": "{{index .app.status.summary.externalURLs 0}}",
+            "syncStatus": "{{.app.status.sync.status}}",
+            "healthStatus": "{{.app.status.health.status}}",
+            "operationPhase": "{{.app.status.operationState.phase}}",
+            "content": "{{.app.status.operationState.message}}"
+          }
+
+  template.send-slack-deleted: |
+    webhook:
+      slack_webhook_deleted:
+        method: POST
+        body: |
+          {
+            "name": "{{.app.metadata.name}}",
+            "email": "{{.app.metadata.annotations.owner}}",
+          }
+
+  trigger.on-deployed: |
+    - description: Application is synced and healthy. Triggered once per commit.
+      oncePer: app.status.operationState.syncResult.revision
+      send:
+      - send-slack
+      when: app.status.operationState.phase in ['Succeeded'] and app.status.health.status
+        == 'Healthy'
+  trigger.on-health-degraded: |
+    - description: Application has degraded
+      send:
+      - send-slack
+      when: app.status.health.status == 'Degraded'
+  trigger.on-sync-failed: |
+    - description: Application syncing has failed
+      send:
+      - send-slack
+      when: app.status.operationState.phase in ['Error', 'Failed']
+  trigger.on-deleted: |
+    - description: Application is deleted.
+      oncePer: app.metadata.name
+      send:
+      - send-slack-deleted
+      when: app.metadata.deletionTimestamp != nil