With project

Author: kostis-codefresh

declarative/apps-and-project/demo-app1.yml

@@ -0,0 +1,36 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: demo-app1
+  # You'll usually want to add your resources to the argocd namespace.
+  namespace: argocd
+  # Add a this finalizer ONLY if you want these to cascade delete.
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  # The project the application belongs to.
+  project: my-project
+
+  # Source of the application manifests
+  source:
+    repoURL: https://github.com/codefresh-contrib/gitops-certification-examples.git
+    targetRevision: HEAD
+    path: ./simple-app
+   
+    # directory
+    directory:
+      recurse: false
+  # Destination cluster and namespace to deploy the application
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: demo1
+
+  # Sync policy
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true  
+    automated: # automated sync by default retries failed attempts 5 times with following delays between attempts ( 5s, 10s, 20s, 40s, 80s ); retry controlled using `retry` field.
+      prune: true # Specifies if resources should be pruned during auto-syncing ( false by default ).
+      selfHeal: true # Specifies if partial app sync should be executed when resources are changed only in target Kubernetes cluster and no git change detected ( false by default ).
+      allowEmpty: false # Allows deleting all application resources during automatic syncing ( false by default ).
+  

declarative/apps-and-project/my-demo-project.yml

@@ -8,59 +8,22 @@ metadata:
     - resources-finalizer.argocd.argoproj.io
 spec:
   # Project description
-  description: Example Project
+  description: My Demo project
 
   # Allow manifests to deploy from any Git repos
   sourceRepos:
   - '*'
 
   # Only permit applications to deploy to the guestbook namespace in the same cluster
   destinations:
-  - namespace: guestbook
+  - namespace: demo1
+    server: https://kubernetes.default.svc
+  - namespace: demo2
+    server: https://kubernetes.default.svc
+  - namespace: demo3
     server: https://kubernetes.default.svc
-
   # Deny all cluster-scoped resources from being created, except for Namespace
   clusterResourceWhitelist:
-  - group: ''
-    kind: Namespace
-
-  # Allow all namespaced-scoped resources to be created, except for ResourceQuota, LimitRange, NetworkPolicy
-  namespaceResourceBlacklist:
-  - group: ''
-    kind: ResourceQuota
-  - group: ''
-    kind: LimitRange
-  - group: ''
-    kind: NetworkPolicy
-
-  # Deny all namespaced-scoped resources from being created, except for Deployment and StatefulSet
-  namespaceResourceWhitelist:
-  - group: 'apps'
-    kind: Deployment
-  - group: 'apps'
-    kind: StatefulSet
-
-  # Enables namespace orphaned resource monitoring.
-  orphanedResources:
-    warn: false
-
-  roles:
-  # A role which provides read-only access to all applications in the project
-  - name: read-only
-    description: Read-only privileges to my-project
-    policies:
-    - p, proj:my-project:read-only, applications, get, my-project/*, allow
-    groups:
-    - my-oidc-group
-
-  # A role which provides sync privileges to only the guestbook-dev application, e.g. to provide
-  # sync privileges to a CI system
-  - name: ci-role
-    description: Sync privileges for guestbook-dev
-    policies:
-    - p, proj:my-project:ci-role, applications, sync, my-project/guestbook-dev, allow
+  - group: '*'
+    kind: '*'
 
-    # NOTE: JWT tokens can only be generated by the API server and the token is not persisted
-    # anywhere by Argo CD. It can be prematurely revoked by removing the entry from this list.
-    jwtTokens:
-    - iat: 1535390316