Refactor to enable shared resources to target other clusters

MacroPower · MacroPower · commit 8ef1e02955d4 · 2025-03-30T19:01:53.000-04:00
diff --git a/apps/argo/_tenant/.argocd.yaml b/apps/argo/_tenant/.argocd.yaml
diff --git a/apps/argo/_tenant/base/.tenant.yaml b/apps/argo/_tenant/base/.tenant.yaml
diff --git a/apps/argo/_tenant/base/kcl.mod b/apps/argo/_tenant/base/kcl.mod
@@ -3,7 +3,7 @@ name = "argo_tenant"
 version = "0.1.0"
 
 [dependencies]
-konfig = { path = "../../../konfig" }
+konfig = { path = "../../../../konfig" }
 
 [profile]
 entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"]
diff --git a/apps/argo/_tenant/base/kcl.mod.lock b/apps/argo/_tenant/base/kcl.mod.lock
diff --git a/apps/argo/_tenant/base/main.k b/apps/argo/_tenant/base/main.k
@@ -0,0 +1,5 @@
+import konfig.models.frontend
+
+tenantConfiguration: frontend.Tenant {
+    name = "argo"
+}
diff --git a/apps/argo/_tenant/shared/.tenant.yaml b/apps/argo/_tenant/shared/.tenant.yaml
diff --git a/apps/argo/_tenant/shared/kcl.mod b/apps/argo/_tenant/shared/kcl.mod
@@ -0,0 +1,9 @@
+[package]
+name = "argo"
+version = "0.1.0"
+
+[dependencies]
+argo_tenant = { path = "../base" }
+
+[profile]
+entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"]
diff --git a/apps/argo/_tenant/shared/kcl.mod.lock b/apps/argo/_tenant/shared/kcl.mod.lock
@@ -1,4 +1,8 @@
 [dependencies]
+  [dependencies.argo_tenant]
+    name = "argo_tenant"
+    full_name = "argo_tenant_0.1.0"
+    version = "0.1.0"
   [dependencies.charts]
     name = "charts"
     full_name = "charts_0.1.0"
diff --git a/apps/argo/_tenant/shared/main.k b/apps/argo/_tenant/shared/main.k
@@ -1,8 +1,9 @@
+import argo_tenant
 import konfig.models.frontend
 
-tenantConfiguration: frontend.Tenant {
-    name = "argo"
+tenant = argo_tenant.tenantConfiguration
 
+shared: frontend.SharedApp {
     secretStores.default = {
         name = "argo"
         provider.doppler.auth.secretRef.dopplerToken = {
diff --git a/apps/argo/cd/base/kcl.mod b/apps/argo/cd/base/kcl.mod
@@ -3,4 +3,4 @@ name = "argo_cd_base"
 version = "0.1.0"
 
 [dependencies]
-argo_tenant = { path = "../../_tenant" }
+argo = { path = "../../_tenant/shared" }
diff --git a/apps/argo/cd/base/kcl.mod.lock b/apps/argo/cd/base/kcl.mod.lock
@@ -1,4 +1,8 @@
 [dependencies]
+  [dependencies.argo]
+    name = "argo"
+    full_name = "argo_shared_0.1.0"
+    version = "0.1.0"
   [dependencies.argo_tenant]
     name = "argo_tenant"
     full_name = "argo_tenant_0.1.0"
diff --git a/apps/argo/cd/base/main.k b/apps/argo/cd/base/main.k
@@ -1,6 +1,6 @@
 import file
 
-import argo_tenant
+import argo
 import charts.argo_cd
 import konfig.models.frontend
 import konfig.utils
@@ -9,8 +9,8 @@ _values = utils.read_yaml(file.current(), "values.yaml")
 
 app: frontend.App {
     name = "cd"
-    tenantName = argo_tenant.tenantConfiguration.name
-    secretStore = argo_tenant.tenantConfiguration.secretStores.default.name
+    tenantName = argo.tenant.name
+    secretStore = argo.shared.secretStores.default.name
 
     charts.argo_cd = argo_cd.Chart {
         values: _values | argo_cd.Values {}
diff --git a/apps/argo/cd/mgmt/.app.yaml b/apps/argo/cd/mgmt/.app.yaml
@@ -0,0 +1,5 @@
+# yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json
+
+syncPolicy:
+  automated:
+    selfHeal: true
diff --git a/apps/argo/cd/mgmt/kcl.mod.lock b/apps/argo/cd/mgmt/kcl.mod.lock
@@ -1,4 +1,8 @@
 [dependencies]
+  [dependencies.argo]
+    name = "argo"
+    full_name = "argo_shared_0.1.0"
+    version = "0.1.0"
   [dependencies.argo_cd_base]
     name = "argo_cd_base"
     full_name = "argo_cd_base_0.1.0"
diff --git a/apps/cilium/_tenant/.argocd.yaml b/apps/cilium/_tenant/.argocd.yaml
diff --git a/apps/cilium/_tenant/base/.tenant.yaml b/apps/cilium/_tenant/base/.tenant.yaml
@@ -0,0 +1,5 @@
+# yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json
+
+syncPolicy:
+  automated:
+    selfHeal: true
diff --git a/apps/cilium/_tenant/base/kcl.mod b/apps/cilium/_tenant/base/kcl.mod
@@ -3,7 +3,7 @@ name = "cilium_tenant"
 version = "0.1.0"
 
 [dependencies]
-konfig = { path = "../../../konfig" }
+konfig = { path = "../../../../konfig" }
 
 [profile]
 entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"]
diff --git a/apps/cilium/_tenant/base/main.k b/apps/cilium/_tenant/base/main.k
diff --git a/apps/cilium/_tenant/shared/.tenant.yaml b/apps/cilium/_tenant/shared/.tenant.yaml
@@ -0,0 +1,5 @@
+# yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json
+
+syncPolicy:
+  automated:
+    selfHeal: true
diff --git a/apps/cilium/_tenant/shared/kcl.mod b/apps/cilium/_tenant/shared/kcl.mod
@@ -0,0 +1,9 @@
+[package]
+name = "cilium_shared"
+version = "0.1.0"
+
+[dependencies]
+cilium_tenant = { path = "../base" }
+
+[profile]
+entries = ["main.k", "${konfig:KCL_MOD}/models/render/render.k"]
diff --git a/apps/cilium/_tenant/shared/kcl.mod.lock b/apps/cilium/_tenant/shared/kcl.mod.lock
@@ -0,0 +1,53 @@
+[dependencies]
+  [dependencies.charts]
+    name = "charts"
+    full_name = "charts_0.1.0"
+    version = "0.1.0"
+  [dependencies.cilium]
+    name = "cilium"
+    full_name = "cilium_0.4.1"
+    version = "0.4.1"
+    sum = "YmVvSokDKgHSwDc7XRfVyNdniLwF+lA57/Vgi60MDGo="
+    reg = "ghcr.io"
+    repo = "kcl-lang/cilium"
+    oci_tag = "0.4.1"
+  [dependencies.cilium_tenant]
+    name = "cilium_tenant"
+    full_name = "cilium_tenant_0.1.0"
+    version = "0.1.0"
+  [dependencies.filepath]
+    name = "filepath"
+    full_name = "filepath_0.12.0"
+    version = "0.12.0"
+    sum = "zok5+7YXY/qutpo/CnjoJRbrvjWclw40zkBrB2peSa4="
+    reg = "ghcr.io"
+    repo = "macropower/kclipper/filepath"
+    oci_tag = "0.12.0"
+  [dependencies.helm]
+    name = "helm"
+    full_name = "helm_0.12.0"
+    version = "0.12.0"
+    sum = "7vrtMRNYMwG+F+lTKbmp0eC/yh0mHwWv0rYV4oP5h9I="
+    reg = "ghcr.io"
+    repo = "macropower/kclipper/helm"
+    oci_tag = "0.12.0"
+  [dependencies.json_merge_patch]
+    name = "json_merge_patch"
+    full_name = "json_merge_patch_0.1.1"
+    version = "0.1.1"
+    sum = "o1aamShk1L2MGjnN9u3IErRZ3xBNDxgmFxXsGVMt8Wk="
+    reg = "ghcr.io"
+    repo = "kcl-lang/json_merge_patch"
+    oci_tag = "0.1.1"
+  [dependencies.k8s]
+    name = "k8s"
+    full_name = "k8s_1.31.2"
+    version = "1.31.2"
+    sum = "xBZgPsnpVVyWBpahuPQHReeRx28eUHGFoaPeqbct+vs="
+    reg = "ghcr.io"
+    repo = "kcl-lang/k8s"
+    oci_tag = "1.31.2"
+  [dependencies.konfig]
+    name = "konfig"
+    full_name = "konfig_0.0.1"
+    version = "0.0.1"
diff --git a/apps/cilium/_tenant/shared/main.k b/apps/cilium/_tenant/shared/main.k
@@ -0,0 +1,6 @@
+import cilium_tenant
+import konfig.models.frontend
+
+tenant = cilium_tenant.tenantConfiguration
+
+shared: frontend.SharedApp {}
diff --git a/apps/cilium/system/base/kcl.mod b/apps/cilium/system/base/kcl.mod
@@ -3,4 +3,4 @@ name = "cilium_system_base"
 version = "0.1.0"
 
 [dependencies]
-cilium_tenant = { path = "../../_tenant" }
+cilium_shared = { path = "../../_tenant/shared" }
diff --git a/apps/cilium/system/base/kcl.mod.lock b/apps/cilium/system/base/kcl.mod.lock
@@ -11,6 +11,10 @@
     reg = "ghcr.io"
     repo = "kcl-lang/cilium"
     oci_tag = "0.4.1"
+  [dependencies.cilium_shared]
+    name = "cilium_shared"
+    full_name = "cilium_shared_0.1.0"
+    version = "0.1.0"
   [dependencies.cilium_tenant]
     name = "cilium_tenant"
     full_name = "cilium_tenant_0.1.0"
diff --git a/apps/cilium/system/base/main.k b/apps/cilium/system/base/main.k
@@ -1,15 +1,15 @@
 import file
 
 import charts.cilium
-import cilium_tenant
+import cilium_shared
 import konfig.models.frontend
 import konfig.utils
 
 _valueFile = utils.abs_path(file.current(), "values.yaml")
 
 app: frontend.App {
     name = "system"
-    tenantName = cilium_tenant.tenantConfiguration.name
+    tenantName = cilium_shared.tenant.name
 
     charts.cilium = cilium.Chart {
         valueFiles: [_valueFile]
diff --git a/apps/cilium/system/mgmt/.app.yaml b/apps/cilium/system/mgmt/.app.yaml
@@ -0,0 +1,5 @@
+# yaml-language-server: $schema=../../../../konfig/models/frontend/patch.schema.json
+
+syncPolicy:
+  automated:
+    selfHeal: true
diff --git a/apps/cilium/system/mgmt/kcl.mod.lock b/apps/cilium/system/mgmt/kcl.mod.lock
@@ -11,6 +11,10 @@
     reg = "ghcr.io"
     repo = "kcl-lang/cilium"
     oci_tag = "0.4.1"
+  [dependencies.cilium_shared]
+    name = "cilium_shared"
+    full_name = "cilium_shared_0.1.0"
+    version = "0.1.0"
   [dependencies.cilium_system_base]
     name = "cilium_system_base"
     full_name = "cilium_system_base_0.1.0"
diff --git a/appsets/tenants.yaml b/appsets/tenants.yaml
@@ -24,11 +24,11 @@ spec:
               repoURL: https://github.com/MacroPower/homelab
               revision: main
               files:
-                - path: apps/*/_tenant/.argocd.yaml
+                - path: apps/*/_tenant/base/.tenant.yaml
               pathParamPrefix: app
   template:
     metadata:
-      name: "{{index .app.path.segments 1}}-{{.values.clusterName}}"
+      name: "{{index .app.path.segments 1}}"
       annotations:
         argocd.argoproj.io/compare-options: ServerSideDiff=true,IncludeMutationWebhook=true
       finalizers:
diff --git a/konfig/models/backend/shared_app_backend.k b/konfig/models/backend/shared_app_backend.k
@@ -0,0 +1,22 @@
+import models.frontend.shared_app
+import models.mixins
+import models.resource
+
+schema SharedAppBackend[inputConfig: shared_app.SharedApp]:
+    """
+    AppBackend converts the user-written front-end model `App` into a collection
+    of k8s resources and places the resource collection into the `k8s` attribute.
+    """
+    mixin [
+        # Resource builder mixin
+        mixins.ClusterRoleMixin,
+        mixins.ClusterRoleBindingMixin,
+        mixins.ClusterSecretStoreMixin,
+    ]
+
+    # Store the input config parameter, ensure it can be seen in protocol and mixin.
+    config: shared_app.SharedApp = inputConfig
+
+    _tmp = config
+
+    kubernetes: resource.ResourceMapping = {}
diff --git a/konfig/models/backend/tenant_backend.k b/konfig/models/backend/tenant_backend.k
@@ -12,10 +12,10 @@ schema TenantBackend[inputConfig: frontend.Tenant]:
     collection of k8s resources and places the resource collection into
     the `k8s` attribute.
     """
-    mixin [
-        # Resource builder mixin
-        mixins.ClusterSecretStoreMixin
-    ]
+    # mixin [
+    #     # Resource builder mixin
+    #     mixins.ClusterSecretStoreMixin
+    # ]
     # Store the input config parameter, ensure it can be seen in protocol and mixin.
     config: frontend.Tenant = inputConfig
 
@@ -44,6 +44,70 @@ schema TenantBackend[inputConfig: frontend.Tenant]:
             server = _c?.server or "*"
         } for _k, _c in config.destinations]
 
+    _argoSharedApplicationSet: argov1alpha1.ApplicationSet {
+        metadata = utils.AppMetadataBuilder(config | {
+            name = "${config.name}-shared"
+        }, utils.ArgoCDOptions {
+            sync.Prune = "false"
+            finalize = False
+        })
+        spec: {
+            goTemplate = True
+            goTemplateOptions = ["missingkey=error"]
+            generators = [{
+                clusters: {
+                    selector.matchLabels = {
+                        "argocd.argoproj.io/secret-type" = "cluster"
+                    }
+                    values = {
+                        clusterName = "{{.name}}"
+                    }
+                }
+                git: {
+                    repoURL = kmd.__META_REPO_URL
+                    revision = kmd.__META_REVISION
+                    files = [{
+                        path = "apps/${config.name}/_tenant/shared/.tenant.yaml"
+                    }]
+                    pathParamPrefix = "app"
+                }
+            }]
+            template.metadata: utils.AppMetadataBuilder(config | {
+                name = "${config.name}-{{.values.clusterName}}"
+            }, utils.ArgoCDOptions {
+                compare.ServerSideDiff = True
+                compare.IncludeMutationWebhook = True
+                sync.Prune = "confirm"
+            })
+            template.spec: {
+                project = config.name
+                source: {
+                    repoURL = kmd.__META_REPO_URL
+                    targetRevision = kmd.__META_REVISION
+                    path = "{{.app.path.path}}"
+                }
+                destination: {
+                    name = "{{.values.clusterName}}"
+                    namespace = "default" # This appset should only deploy cluster resources.
+                }
+                syncPolicy: {
+                    syncOptions = [
+                        "ServerSideApply=true"
+                        "FailOnSharedResource=true"
+                    ]
+                    retry: {
+                        limit = 5
+                        backoff: {
+                            duration = "15s"
+                            factor = 2
+                            maxDuration = "5m"
+                        }
+                    }
+                }
+            }
+        }
+    }
+
     _argoApplicationSet: argov1alpha1.ApplicationSet {
         metadata = utils.AppMetadataBuilder(config | {
             name = "${config.name}-apps"
@@ -59,7 +123,7 @@ schema TenantBackend[inputConfig: frontend.Tenant]:
                     repoURL = kmd.__META_REPO_URL
                     revision = kmd.__META_REVISION
                     files = [{
-                        path = "apps/${config.name}/*/*/.argocd.yaml"
+                        path = "apps/${config.name}/*/*/.app.yaml"
                     }]
                     pathParamPrefix = "app"
                 }
@@ -126,5 +190,8 @@ schema TenantBackend[inputConfig: frontend.Tenant]:
         if _argoAppProject:
             "${typeof(_argoAppProject)}" = [_argoAppProject]
         if _argoApplicationSet:
-            "${typeof(_argoApplicationSet)}" = [_argoApplicationSet]
+            "${typeof(_argoApplicationSet)}" = [
+                _argoSharedApplicationSet
+                _argoApplicationSet
+            ]
     }
diff --git a/konfig/models/frontend/shared_app.k b/konfig/models/frontend/shared_app.k
diff --git a/konfig/models/render/render.k b/konfig/models/render/render.k
