Coder Social home page Coder Social logo

security-base-services's Introduction

security-base-services

helmfile driven secure base services powered by 1PASSWORD connect server ,Bank-VAULT , ARGOCD-server to manage predefined application.

Functionality

Project based self driven, Fully Automated Secure Platform to host Internal Applications managed by Argo-CD application controllers.

Pre-define project scope to instruct Argo-CD to adopt deployed application.

Example Project

Projects provide a logical grouping of applications, which is useful when Argo CD is used by multiple teams.

Projects provide the following features:

  • restrict what may be deployed (trusted Git source repositories)
  • restrict where apps may be deployed to (destination clusters and namespaces)
  • restrict what kinds of objects may or may not be deployed (e.g. RBAC, CRDs, DaemonSets, NetworkPolicy etc...)
  • defining project roles to provide application RBAC (bound to OIDC groups and/or JWT tokens)
apiVersion: argoproj.io/v1alpha1
kind: AppProject
metadata:
  name: "$PROJECT_NAME"
  #Managed by controller in:
  namespace: argocd
  # Finalizer that ensures that project is not deleted until it is not referenced by any application
  finalizers:
    - resources-finalizer.argocd.argoproj.io
spec:
  # Project description
  description: "$Describe_Application"

  # Allow manifests to deploy from any Git repos
  sourceRepos:
  - '*'

  # Only permit applications to deploy to thier manifest generated namespace in the same cluster
  destinations:
  - namespace: '*'
    server: '*'

  # Deny all cluster-scoped resources from being created, except for Namespace
  clusterResourceWhitelist:
  - group: '*'
    kind: '*'

Example root-application

Declaratively specify one Argo CD app that consists only of other apps. this is so called App of Apps Pattern. exteremly usefull for Cluster Bootstrapping, Disaster Recovery scenarios.

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: root-$APPLICATION_NAME
  #Managed by:
  namespace: argocd
  finalizers:
  - resources-finalizer.argocd.argoproj.io
spec:
  destination:
    namespace: default
    name: in-cluster
  project: $PROJECT_NAME
  source:
    #Insert path to directory hosting your applications
    path: argocd/$NEW_PATH
    repoURL: https://github.com/w3f/security-base-services.git
    targetRevision: HEAD
  syncPolicy:
    automated:
      selfHeal: true
      prune: true
    syncOptions:
      - CreateNamespace=true

Example Application

Refer to path of desired applications to be managed by argo-cd:

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  labels:
  name: $APPLICATION_NAME  
#Managed by:
  namespace: argocd
spec:
  destination:
    server: 'https://kubernetes.default.svc'
  # Must match Or assign Value "Default"
  project: $PROJECT_NAME
  source:
    path: .
    plugin:
      name: helmfile
    repoURL: 'https://github.com/w3f/$REPO_NAME.git'
    # Can be assingned to branches for troubleshooting & Enviorment re-creation
    targetRevision: HEAD
  syncPolicy:
    automated: null
    syncOptions:
      - CreateNamespace=true
      - ApplyOutOfSyncOnly=true

security-base-services's People

Contributors

mohamedhabas11 avatar

Forkers

aetheriaxai

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.