gitops: Adding argocd appset file for dev,qa and prod env

2 files changed, 667 insertions, 0 deletions

diff --git a/astroshop-platform/README.md b/astroshop-platform/README.md
new file mode 100644
index 0000000..e45e3c1
--- /dev/null
+++ b/astroshop-platform/README.md
@@ -0,0 +1,397 @@
+# Astroshop ArgoCD ApplicationSet
+
+This repository contains the ArgoCD ApplicationSet configuration for deploying the Astroshop microservices application across multiple environments (Dev, QA, and Production).
+
+## Overview
+
+The ApplicationSet automatically generates and manages ArgoCD Applications for all Astroshop services across three environments, creating a total of **57 applications** (19 services × 3 environments).
+
+### Services Deployed
+
+The following microservices are deployed:
+
+- `accounting`
+- `ad`
+- `cart`
+- `checkout`
+- `currency`
+- `email`
+- `flagd`
+- `fraud-detection`
+- `frontend`
+- `frontendproxy`
+- `imageprovider`
+- `kafka`
+- `loadgenerator`
+- `payment`
+- `productcatalog`
+- `quote`
+- `recommendation`
+- `shipping`
+- `valkey`
+
+## Architecture
+
+### Environment Configuration
+
+| Environment | Namespace | Values File | Sync Policy | Purpose |
+|------------|-----------|-------------|-------------|---------|
+| **Dev** | `astroshop-dev` | `values.yaml` | Automated | Development and testing |
+| **QA** | `astroshop-qa` | `values-qa.yaml` | Automated | Quality assurance and staging |
+| **Prod** | `astroshop-prod` | `values-prod.yaml` | Manual | Production workloads |
+
+### Repository Structure
+
+```
+astroshop-helm/
+├── accounting/
+│   ├── Chart.yaml
+│   ├── values.yaml
+│   ├── values-qa.yaml
+│   ├── values-prod.yaml
+│   └── templates/
+├── ad/
+│   ├── Chart.yaml
+│   ├── values.yaml
+│   ├── values-qa.yaml
+│   └── values-prod.yaml
+├── ...
+└── [other services]
+```
+
+## Prerequisites
+
+- ArgoCD installed and running (v2.8+)
+- Kubernetes cluster with appropriate RBAC permissions
+- Access to GitOps repository: `https://git.draconyan.xyz/Astroshop-Gitops`
+- kubectl CLI configured
+
+## Installation
+
+### 1. Apply the ApplicationSet
+
+```bash
+kubectl apply -f argocd-applicationset.yaml
+```
+
+### 2. Verify ApplicationSet Creation
+
+```bash
+# Check ApplicationSet
+kubectl get applicationset -n argocd astroshop-services
+
+# View all generated applications
+kubectl get applications -n argocd -l app.kubernetes.io/part-of=astroshop
+```
+
+### 3. Check Application Status
+
+```bash
+# View applications by environment
+kubectl get applications -n argocd -l environment=dev
+kubectl get applications -n argocd -l environment=qa
+kubectl get applications -n argocd -l environment=prod
+
+# Get detailed status of a specific application
+kubectl describe application astroshop-productcatalog-dev -n argocd
+```
+
+## Configuration
+
+### AppProjects
+
+Three dedicated ArgoCD Projects are created:
+
+#### astroshop-dev
+- **Purpose**: Development environment
+- **Sync**: Fully automated
+- **Allowed Resources**: All namespaced resources
+- **Destination**: `astroshop-dev` namespace
+
+#### astroshop-qa
+- **Purpose**: QA/Staging environment
+- **Sync**: Fully automated
+- **Allowed Resources**: All namespaced resources
+- **Destination**: `astroshop-qa` namespace
+
+#### astroshop-prod
+- **Purpose**: Production environment
+- **Sync**: Manual approval required
+- **Sync Window**: Weekdays 10:00-18:00 only
+- **Allowed Resources**: All namespaced resources
+- **Destination**: `astroshop-prod` namespace
+
+### Sync Policies
+
+#### Dev & QA Environments
+```yaml
+syncPolicy:
+  automated:
+    prune: true        # Auto-delete resources not in Git
+    selfHeal: true     # Auto-sync on drift detection
+  syncOptions:
+    - CreateNamespace=true
+  retry:
+    limit: 5
+    backoff:
+      duration: 5s
+      factor: 2
+      maxDuration: 3m
+```
+
+#### Production Environment
+```yaml
+syncPolicy:
+  automated:
+    prune: false       # Manual deletion required
+    selfHeal: false    # Manual sync required
+```
+
+## Operations
+
+### Viewing Applications in ArgoCD UI
+
+1. Access ArgoCD UI: `https://argocd.yourdomain.com`
+2. Filter by labels:
+   - `environment=dev|qa|prod`
+   - `app.kubernetes.io/part-of=astroshop`
+   - `service=<service-name>`
+
+### Manual Sync (Production)
+
+```bash
+# Sync a specific production application
+argocd app sync astroshop-productcatalog-prod
+
+# Sync all production applications
+argocd app sync -l environment=prod
+
+# Sync with dry-run
+argocd app sync astroshop-productcatalog-prod --dry-run
+```
+
+### Refresh Applications
+
+```bash
+# Hard refresh (force Git pull)
+argocd app get astroshop-productcatalog-dev --hard-refresh
+
+# Refresh all dev applications
+argocd app get -l environment=dev --refresh
+```
+
+### Rollback
+
+```bash
+# List application history
+argocd app history astroshop-productcatalog-prod
+
+# Rollback to specific revision
+argocd app rollback astroshop-productcatalog-prod <revision-id>
+```
+
+## Customization
+
+### Adding a New Service
+
+1. Create Helm chart in `astroshop-helm/<service-name>/`
+2. Add service to the ApplicationSet generator list:
+
+```yaml
+- list:
+    elements:
+      - service: newservice
+        port: 8080
+```
+
+3. Commit and push changes
+4. ApplicationSet will automatically create 3 new applications
+
+### Modifying Environment Configuration
+
+Edit the environment generator in the ApplicationSet:
+
+```yaml
+- list:
+    elements:
+      - env: dev
+        namespace: astroshop-dev
+        valuesFile: values.yaml
+        syncPolicy: automated
+        # ... modify settings
+```
+
+### Changing Sync Windows (Production)
+
+Edit the `astroshop-prod` AppProject:
+
+```yaml
+syncWindows:
+  - kind: allow
+    schedule: '0 10-18 * * 1-5'  # Cron format
+    duration: 8h
+    manualSync: true
+```
+
+## Monitoring and Notifications
+
+### Slack Notifications
+
+The ApplicationSet includes Slack notification annotations:
+
+```yaml
+annotations:
+  notifications.argoproj.io/subscribe.on-sync-succeeded.slack: astroshop-deployments
+  notifications.argoproj.io/subscribe.on-sync-failed.slack: astroshop-alerts
+```
+
+**Setup Required:**
+1. Configure ArgoCD Notifications controller
+2. Update channel names in the ApplicationSet
+3. Configure Slack integration in ArgoCD
+
+### Health Checks
+
+Applications inherit health checks from their Helm charts. Monitor via:
+
+```bash
+# Check application health
+argocd app get astroshop-productcatalog-prod
+
+# Check sync status
+argocd app list -l environment=prod
+```
+
+## Troubleshooting
+
+### Application Not Syncing
+
+```bash
+# Check application details
+kubectl describe application astroshop-<service>-<env> -n argocd
+
+# Check sync status
+argocd app get astroshop-<service>-<env>
+
+# View sync errors
+argocd app sync astroshop-<service>-<env> --dry-run
+```
+
+### ApplicationSet Not Generating Apps
+
+```bash
+# Check ApplicationSet logs
+kubectl logs -n argocd -l app.kubernetes.io/name=argocd-applicationset-controller
+
+# Verify ApplicationSet status
+kubectl get applicationset astroshop-services -n argocd -o yaml
+```
+
+### Git Repository Access Issues
+
+```bash
+# Test repository connectivity
+argocd repo get https://git.draconyan.xyz/Astroshop-Gitops
+
+# Add repository if missing
+argocd repo add https://git.draconyan.xyz/Astroshop-Gitops \
+  --username <username> \
+  --password <token>
+```
+
+### Permission Issues
+
+```bash
+# Check AppProject permissions
+kubectl get appproject astroshop-dev -n argocd -o yaml
+
+# Verify RBAC
+kubectl auth can-i create deployment --namespace=astroshop-dev
+```
+
+## Labels and Selectors
+
+All applications are labeled with:
+
+| Label | Description | Example |
+|-------|-------------|---------|
+| `app.kubernetes.io/name` | Service name | `productcatalog` |
+| `app.kubernetes.io/instance` | Environment instance | `astroshop-dev` |
+| `app.kubernetes.io/part-of` | Application suite | `astroshop` |
+| `environment` | Environment name | `prod` |
+| `service` | Service identifier | `productcatalog` |
+
+### Useful Label Selectors
+
+```bash
+# Get all dev applications
+kubectl get applications -n argocd -l environment=dev
+
+# Get specific service across all environments
+kubectl get applications -n argocd -l service=productcatalog
+
+# Get all applications for a specific instance
+kubectl get applications -n argocd -l app.kubernetes.io/instance=astroshop-prod
+```
+
+## Best Practices
+
+### Development Workflow
+
+1. **Make Changes**: Update Helm values or charts in feature branch
+2. **Test in Dev**: Changes auto-sync to dev environment
+3. **Promote to QA**: Merge to main, QA auto-syncs
+4. **Deploy to Prod**: Manual sync after approval
+
+### Production Deployments
+
+1. **Review Changes**: Check Git diff before syncing
+2. **Use Dry Run**: Verify changes with `--dry-run` flag
+3. **Sync During Windows**: Deploy during business hours only
+4. **Monitor Health**: Watch application health post-deployment
+5. **Keep Rollback Ready**: Know the previous revision number
+
+### Security Considerations
+
+- Production requires manual sync approval
+- Sync windows restrict deployment times
+- RBAC controls access to each environment
+- Git repository access via tokens (not passwords)
+- Separate AppProjects per environment
+
+## Advanced Features
+
+### Ignore Differences
+
+The ApplicationSet ignores replica count differences (useful for HPA):
+
+```yaml
+ignoreDifferences:
+  - group: apps
+    kind: Deployment
+    jsonPointers:
+      - /spec/replicas
+```
+
+### Orphaned Resources
+
+Orphaned resources are tracked but not automatically deleted:
+
+```yaml
+orphanedResources:
+  warn: true  # Warn but don't delete
+```
+
+### Revision History
+
+Limited to 3 revisions per application:
+
+```yaml
+revisionHistoryLimit: 3
+```
+
+## Resources
+
+- [ArgoCD Documentation](https://argo-cd.readthedocs.io/)
+- [ApplicationSet Documentation](https://argo-cd.readthedocs.io/en/stable/user-guide/application-set/)
+- [GitOps Best Practices](https://www.gitops.tech/)
diff --git a/astroshop-platform/argocd-applicationset.yaml b/astroshop-platform/argocd-applicationset.yaml
new file mode 100644
index 0000000..28ec579
--- /dev/null
+++ b/astroshop-platform/argocd-applicationset.yaml
@@ -0,0 +1,270 @@
+apiVersion: argoproj.io/v1alpha1
+kind: ApplicationSet
+metadata:
+  name: astroshop-services
+  namespace: argocd
+  labels:
+    app.kubernetes.io/name: astroshop
+    app.kubernetes.io/component: applicationset
+spec:
+  goTemplate: true
+  goTemplateOptions: ["missingkey=error"]
+  generators:
+    - matrix:
+        generators:
+          # Environment generator
+          - list:
+              elements:
+                - env: dev
+                  namespace: astroshop-dev
+                  repoURL: https://git.draconyan.xyz/Astroshop-Gitops
+                  targetRevision: main
+                  valuesFile: values.yaml
+                  syncPolicy: automated
+                  project: astroshop-dev
+                  clusterName: in-cluster
+                  
+                - env: qa
+                  namespace: astroshop-qa
+                  repoURL: https://git.draconyan.xyz/Astroshop-Gitops
+                  targetRevision: main
+                  valuesFile: values-qa.yaml
+                  syncPolicy: automated
+                  project: astroshop-qa
+                  clusterName: in-cluster
+                  
+                - env: prod
+                  namespace: astroshop-prod
+                  repoURL: https://git.draconyan.xyz/Astroshop-Gitops
+                  targetRevision: main
+                  valuesFile: values-prod.yaml
+                  syncPolicy: manual
+                  project: astroshop-prod
+                  clusterName: in-cluster
+          
+          # Services generator
+          - list:
+              elements:
+                - service: accounting
+                  port: 8080
+                - service: ad
+                  port: 8080
+                - service: cart
+                  port: 8080
+                - service: checkout
+                  port: 8080
+                - service: currency
+                  port: 8080
+                - service: email
+                  port: 8080
+                - service: flagd
+                  port: 8013
+                - service: fraud-detection
+                  port: 8080
+                - service: frontend
+                  port: 8080
+                - service: frontendproxy
+                  port: 8080
+                - service: imageprovider
+                  port: 8080
+                - service: kafka
+                  port: 9092
+                - service: loadgenerator
+                  port: 8080
+                - service: payment
+                  port: 8080
+                - service: productcatalog
+                  port: 8080
+                - service: quote
+                  port: 8080
+                - service: recommendation
+                  port: 8080
+                - service: shipping
+                  port: 8080
+                - service: valkey
+                  port: 6379
+
+  template:
+    metadata:
+      name: 'astroshop-{{.service}}-{{.env}}'
+      labels:
+        app.kubernetes.io/name: '{{.service}}'
+        app.kubernetes.io/instance: 'astroshop-{{.env}}'
+        app.kubernetes.io/part-of: astroshop
+        app.kubernetes.io/managed-by: argocd
+        environment: '{{.env}}'
+        service: '{{.service}}'
+      annotations:
+        notifications.argoproj.io/subscribe.on-sync-succeeded.slack: astroshop-deployments
+        notifications.argoproj.io/subscribe.on-sync-failed.slack: astroshop-alerts
+        argocd.argoproj.io/manifest-generate-paths: .
+    spec:
+      project: '{{.project}}'
+      
+      source:
+        repoURL: '{{.repoURL}}'
+        targetRevision: '{{.targetRevision}}'
+        path: 'astroshop-helm/{{.service}}'
+        helm:
+          valueFiles:
+            - '{{.valuesFile}}'
+          parameters:
+            - name: namespace
+              value: '{{.namespace}}'
+            - name: environment
+              value: '{{.env}}'
+      
+      destination:
+        server: 'https://kubernetes.default.svc'
+        namespace: '{{.namespace}}'
+      
+      syncPolicy:
+        automated:
+          prune: '{{if eq .syncPolicy "automated"}}true{{else}}false{{end}}'
+          selfHeal: '{{if eq .syncPolicy "automated"}}true{{else}}false{{end}}'
+          allowEmpty: false
+        syncOptions:
+          - CreateNamespace=true
+          - PrunePropagationPolicy=foreground
+          - PruneLast=true
+          - RespectIgnoreDifferences=true
+        retry:
+          limit: 5
+          backoff:
+            duration: 5s
+            factor: 2
+            maxDuration: 3m
+      
+      revisionHistoryLimit: 3
+      
+      ignoreDifferences:
+        - group: apps
+          kind: Deployment
+          jsonPointers:
+            - /spec/replicas
+
+---
+apiVersion: argoproj.io/v1alpha1
+kind: AppProject
+metadata:
+  name: astroshop-dev
+  namespace: argocd
+  labels:
+    environment: dev
+spec:
+  description: Astroshop Development Environment
+  sourceRepos:
+    - 'https://git.draconyan.xyz/Astroshop-Gitops'
+  destinations:
+    - namespace: 'astroshop-dev'
+      server: 'https://kubernetes.default.svc'
+    - namespace: 'opentelemetry-demo'
+      server: 'https://kubernetes.default.svc'
+  clusterResourceWhitelist:
+    - group: ''
+      kind: Namespace
+    - group: 'rbac.authorization.k8s.io'
+      kind: ClusterRole
+    - group: 'rbac.authorization.k8s.io'
+      kind: ClusterRoleBinding
+  namespaceResourceWhitelist:
+    - group: '*'
+      kind: '*'
+  orphanedResources:
+    warn: true
+
+---
+apiVersion: argoproj.io/v1alpha1
+kind: AppProject
+metadata:
+  name: astroshop-qa
+  namespace: argocd
+  labels:
+    environment: qa
+spec:
+  description: Astroshop QA Environment
+  sourceRepos:
+    - 'https://git.draconyan.xyz/Astroshop-Gitops'
+  destinations:
+    - namespace: 'astroshop-qa'
+      server: 'https://kubernetes.default.svc'
+    - namespace: 'opentelemetry-demo'
+      server: 'https://kubernetes.default.svc'
+  clusterResourceWhitelist:
+    - group: ''
+      kind: Namespace
+    - group: 'rbac.authorization.k8s.io'
+      kind: ClusterRole
+    - group: 'rbac.authorization.k8s.io'
+      kind: ClusterRoleBinding
+  namespaceResourceWhitelist:
+    - group: '*'
+      kind: '*'
+  orphanedResources:
+    warn: true
+
+---
+apiVersion: argoproj.io/v1alpha1
+kind: AppProject
+metadata:
+  name: astroshop-prod
+  namespace: argocd
+  labels:
+    environment: prod
+spec:
+  description: Astroshop Production Environment
+  sourceRepos:
+    - 'https://git.draconyan.xyz/Astroshop-Gitops'
+  destinations:
+    - namespace: 'astroshop-prod'
+      server: 'https://kubernetes.default.svc'
+    - namespace: 'opentelemetry-demo'
+      server: 'https://kubernetes.default.svc'
+  clusterResourceWhitelist:
+    - group: ''
+      kind: Namespace
+    - group: 'rbac.authorization.k8s.io'
+      kind: ClusterRole
+    - group: 'rbac.authorization.k8s.io'
+      kind: ClusterRoleBinding
+  namespaceResourceWhitelist:
+    - group: '*'
+      kind: '*'
+  orphanedResources:
+    warn: true
+  # Production requires manual approval
+  syncWindows:
+    - kind: allow
+      schedule: '0 10-18 * * 1-5'  # Only allow sync during business hours on weekdays
+      duration: 8h
+      applications:
+        - '*'
+      manualSync: true
+
+---
+# Optional: Create namespaces beforehand or enable create-namespaces:true
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: astroshop-dev
+  labels:
+    environment: dev
+    app.kubernetes.io/part-of: astroshop
+
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: astroshop-qa
+  labels:
+    environment: qa
+    app.kubernetes.io/part-of: astroshop
+
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: astroshop-prod
+  labels:
+    environment: prod
+    app.kubernetes.io/part-of: astroshop