Skip to content

argocd: Prepare the configuration to migrate to the internal admin network

  • Use the global ingress cluster ip
  • Prepare the certificate to support argocd.internal.a.s.n

Related to T4461

Test Plan

  • pergamon:
diff origin/production/pergamon.softwareheritage.org current/pergamon.softwareheritage.org
*******************************************
  Exec[letsencrypt certonly argocd] =>
   parameters =>
     command =>
      - certbot --text --agree-tos --non-interactive certonly --rsa-key-size 4096 --cert-name 'argocd' -d 'argocd.softwareheritage.org' -d 'argocd-rp.internal.admin.swh.network' --authenticator manual --preferred-challenges dns --manual-public-ip-logging-ok --manual-auth-hook '/usr/local/bin/letsencrypt_gandi_livedns auth' --manual-cleanup-hook '/usr/local/bin/letsencrypt_gandi_livedns cleanup' --deploy-hook '/usr/local/bin/letsencrypt_puppet_export'
      + certbot --text --agree-tos --non-interactive certonly --rsa-key-size 4096 --cert-name 'argocd' -d 'argocd.softwareheritage.org' -d 'argocd.internal.admin.swh.network' -d 'argocd-rp.internal.admin.swh.network' --authenticator manual --preferred-challenges dns --manual-public-ip-logging-ok --manual-auth-hook '/usr/local/bin/letsencrypt_gandi_livedns auth' --manual-cleanup-hook '/usr/local/bin/letsencrypt_gandi_livedns cleanup' --deploy-hook '/usr/local/bin/letsencrypt_puppet_export'
     unless =>
      - /usr/local/sbin/letsencrypt-domain-validation /etc/letsencrypt/live/argocd/cert.pem 'argocd.softwareheritage.org' 'argocd-rp.internal.admin.swh.network'
      + /usr/local/sbin/letsencrypt-domain-validation /etc/letsencrypt/live/argocd/cert.pem 'argocd.softwareheritage.org' 'argocd.internal.admin.swh.network' 'argocd-rp.internal.admin.swh.network'
*******************************************
  Letsencrypt::Certonly[argocd] =>
   parameters =>
     domains =>
      - ["argocd.softwareheritage.org", "argocd-rp.internal.admin.swh.network"]
      + ["argocd.softwareheritage.org", "argocd.internal.admin.swh.network", "argocd-rp.internal.admin.swh.network"]
*******************************************
+ Resource_record[argocd/CNAME] =>
   parameters =>
     "data": "k8s-argocd.internal.admin.swh.network",
     "keyfile": "/etc/bind/keys/local-update",
     "record": "argocd.internal.admin.swh.network",
     "type": "CNAME"
*******************************************
+ Resource_record[k8s-argocd/A+PTR] =>
   parameters =>
     "data": "k8s-argocd.internal.admin.swh.network.",
     "keyfile": "/etc/bind/keys/local-update",
     "record": "42.50.168.192.in-addr.arpa",
     "type": "PTR"
*******************************************
+ Resource_record[k8s-argocd/A] =>
   parameters =>
     "data": "192.168.50.42",
     "keyfile": "/etc/bind/keys/local-update",
     "record": "k8s-argocd.internal.admin.swh.network",
     "type": "A"
*******************************************
*** End octocatalog-diff on pergamon.softwareheritage.org
  • rp1.admin
diff origin/production/rp1.internal.admin.swh.network current/rp1.internal.admin.swh.network
*******************************************
  File[/etc/varnish/includes/01_argocd.vcl] =>
   parameters =>
     content =>
      @@ -7,5 +7,5 @@
       backend argocd
       {
      -    .host = "argo-worker01.internal.admin.swh.network";
      +    .host = "k8s-argocd.internal.admin.swh.network";
           .port = "80";
       }
*******************************************
  File[/etc/varnish/includes/50_vhost_argocd.softwareheritage.org.vcl] =>
   parameters =>
     content =>
      @@ -7,4 +7,5 @@
       sub vcl_recv {
           if (
      +        req.http.host == "argocd.internal.admin.swh.network" ||
               req.http.host == "argocd-rp.internal.admin.swh.network" ||
               req.http.host == "argocd.softwareheritage.org"
*******************************************
  Profile::Varnish::Vcl_include[argocd] =>
   parameters =>
     content =>
      @@ -7,5 +7,5 @@
       backend argocd
       {
      -    .host = "argo-worker01.internal.admin.swh.network";
      +    .host = "k8s-argocd.internal.admin.swh.network";
           .port = "80";
       }
*******************************************
  Profile::Varnish::Vcl_include[vhost_argocd.softwareheritage.org] =>
   parameters =>
     content =>
      @@ -7,4 +7,5 @@
       sub vcl_recv {
           if (
      +        req.http.host == "argocd.internal.admin.swh.network" ||
               req.http.host == "argocd-rp.internal.admin.swh.network" ||
               req.http.host == "argocd.softwareheritage.org"
*******************************************
  Profile::Varnish::Vhost[argocd.softwareheritage.org] =>
   parameters =>
     aliases =>
      - ["argocd-rp.internal.admin.swh.network"]
      + ["argocd.internal.admin.swh.network", "argocd-rp.internal.admin.swh.network"]
     backend_http_host =>
      - argo-worker01.internal.admin.swh.network
      + k8s-argocd.internal.admin.swh.network
*******************************************
  Varnish::Vcl[/etc/varnish/includes/01_argocd.vcl] =>
   parameters =>
     content =>
      @@ -7,5 +7,5 @@
       backend argocd
       {
      -    .host = "argo-worker01.internal.admin.swh.network";
      +    .host = "k8s-argocd.internal.admin.swh.network";
           .port = "80";
       }
*******************************************
  Varnish::Vcl[/etc/varnish/includes/50_vhost_argocd.softwareheritage.org.vcl] =>
   parameters =>
     content =>
      @@ -7,4 +7,5 @@
       sub vcl_recv {
           if (
      +        req.http.host == "argocd.internal.admin.swh.network" ||
               req.http.host == "argocd-rp.internal.admin.swh.network" ||
               req.http.host == "argocd.softwareheritage.org"
*******************************************
*** End octocatalog-diff on rp1.internal.admin.swh.network

Migrated from D8559 (view on Phabricator)

Merge request reports