Namespace prefix for multi-tenancy support

Jenkinsfile

@@ -162,8 +162,10 @@ node('high-cpu') {
                                 images[1].push(git.tag + '-dev')
                                 images[1].push('dev')
                                 images[1].push('latest-dev')
+                                images[1].push('main-dev')
                                 images[0].push()
                                 images[0].push('latest')
+                                images[0].push('main')
                                 images[0].push(git.tag)
 
                                 currentBuild.description = createImageName(git.tag)

applications/argocd/nginx/helm-jenkins/Jenkinsfile.ftl

@@ -2,13 +2,16 @@
 
 String getApplication() { "nginx-helm-jenkins" }
 String getScmManagerCredentials() { 'scmm-user' }
-String getConfigRepositoryPRBaseUrl() { env.SCMM_URL }
+String getConfigRepositoryPRBaseUrl() { env.${namePrefixForEnvVars}SCMM_URL }
 String getConfigRepositoryPRRepo() { '${namePrefix}argocd/example-apps' }
 <#noparse>
-String getCesBuildLibRepo() { "${env.SCMM_URL}/repo/3rd-party-dependencies/ces-build-lib/" }
+
+String getCesBuildLibRepo() { configRepositoryPRBaseUrl+"/repo/3rd-party-dependencies/ces-build-lib/" }
+String getGitOpsBuildLibRepo() { configRepositoryPRBaseUrl+"/repo/3rd-party-dependencies/gitops-build-lib" }
+
 String getCesBuildLibVersion() { '2.5.0' }
-String getGitOpsBuildLibRepo() { "${env.SCMM_URL}/repo/3rd-party-dependencies/gitops-build-lib" }
 String getGitOpsBuildLibVersion() { '0.7.0'}
+
 String getHelmChartRepository() { "https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami" }
 String getHelmChartName() { "nginx" }
 String getHelmChartVersion() { "13.2.21" }
@@ -104,4 +107,4 @@ node('docker') {
 
 def cesBuildLib
 def gitOpsBuildLib
-</#noparse>
+</#noparse>

applications/argocd/petclinic/helm/Jenkinsfile.ftl

@@ -2,7 +2,7 @@
 
 String getApplication() { "spring-petclinic-helm" }
 String getScmManagerCredentials() { 'scmm-user' }
-String getConfigRepositoryPRBaseUrl() { env.SCMM_URL }
+String getConfigRepositoryPRBaseUrl() { env.${namePrefixForEnvVars}SCMM_URL }
 String getConfigRepositoryPRRepo() { '${namePrefix}argocd/example-apps' }
 
 String getDockerRegistryBaseUrl() { env.${namePrefixForEnvVars}REGISTRY_URL }
@@ -15,11 +15,12 @@ String getDockerRegistryProxyCredentials() { 'registry-proxy-user' }
 </#if>
 
 <#noparse>
-String getCesBuildLibRepo() { "${env.SCMM_URL}/repo/3rd-party-dependencies/ces-build-lib/" }
+
+String getCesBuildLibRepo() { configRepositoryPRBaseUrl+"/repo/3rd-party-dependencies/ces-build-lib/" }
 String getCesBuildLibVersion() { '2.5.0' }
-String getGitOpsBuildLibRepo() { "${env.SCMM_URL}/repo/3rd-party-dependencies/gitops-build-lib" }
+String getGitOpsBuildLibRepo() { configRepositoryPRBaseUrl+"/repo/3rd-party-dependencies/gitops-build-lib" }
 String getGitOpsBuildLibVersion() { '0.7.0'}
-String getHelmChartRepository() { "${env.SCMM_URL}/repo/3rd-party-dependencies/spring-boot-helm-chart-with-dependency" }
+String getHelmChartRepository() { configRepositoryPRBaseUrl+"/repo/3rd-party-dependencies/spring-boot-helm-chart-with-dependency" }
 String getHelmChartVersion() { "1.0.0" }
 String getMainBranch() { 'main' }
 
@@ -196,4 +197,4 @@ String createImageTag() {
 
 def cesBuildLib
 def gitOpsBuildLib
-</#noparse>
+</#noparse>

applications/argocd/petclinic/plain-k8s/Jenkinsfile.ftl

@@ -3,7 +3,7 @@
 String getApplication() { 'spring-petclinic-plain' }
 String getConfigRepositoryPRRepo() { '${namePrefix}argocd/example-apps' }
 String getScmManagerCredentials() { 'scmm-user' }
-String getConfigRepositoryPRBaseUrl() { env.SCMM_URL }
+String getConfigRepositoryPRBaseUrl() { env.${namePrefixForEnvVars}SCMM_URL }
 
 String getDockerRegistryBaseUrl() { env.${namePrefixForEnvVars}REGISTRY_URL }
 String getDockerRegistryPath() { env.${namePrefixForEnvVars}REGISTRY_PATH }
@@ -15,9 +15,11 @@ String getDockerRegistryProxyCredentials() { 'registry-proxy-user' }
 </#if>
 
 <#noparse>
-String getCesBuildLibRepo() { "${env.SCMM_URL}/repo/3rd-party-dependencies/ces-build-lib" }
+
+String getCesBuildLibRepo() { configRepositoryPRBaseUrl+"/repo/3rd-party-dependencies/ces-build-lib/" }
+String getGitOpsBuildLibRepo() { configRepositoryPRBaseUrl+"/repo/3rd-party-dependencies/gitops-build-lib" }
+
 String getCesBuildLibVersion() { '2.5.0' }
-String getGitOpsBuildLibRepo() { "${env.SCMM_URL}/repo/3rd-party-dependencies/gitops-build-lib" }
 String getGitOpsBuildLibVersion() { '0.7.0'}
 
 loadLibraries()
@@ -229,4 +231,4 @@ def loadLibraries() {
 
 def cesBuildLib
 def gitOpsBuildLib
-</#noparse>
+</#noparse>

applications/cluster-resources/monitoring/netpols/prometheus-allow-scraping.ftl.yaml

@@ -9,7 +9,7 @@ spec:
     - from:
         - namespaceSelector:
             matchLabels:
-              kubernetes.io/metadata.name: ${namePrefix}monitoring
+              kubernetes.io/metadata.name: "${namePrefix}monitoring"
           podSelector:
             matchLabels:
               prometheus: kube-prometheus-stack-prometheus

argocd/argocd/operator/rbac/example-apps-production.yaml

@@ -1,7 +1,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
-  namespace: example-apps-production
+  namespace: "${namePrefix}example-apps-production"
   name: argocd
 rules:
   - apiGroups:
@@ -166,7 +166,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   name: argocd
-  namespace: example-apps-production
+  namespace: "${namePrefix}example-apps-production"
 subjects:
   - kind: ServiceAccount
     name: argocd-argocd-server
@@ -180,4 +180,4 @@ subjects:
 roleRef:
   kind: Role
   name: argocd
-  apiGroup: rbac.authorization.k8s.io
+  apiGroup: rbac.authorization.k8s.io

argocd/argocd/operator/rbac/example-apps-staging.yaml

@@ -1,7 +1,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
-  namespace: example-apps-staging
+  namespace: "${namePrefix}example-apps-staging"
   name: argocd
 rules:
   - apiGroups:
@@ -166,7 +166,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   name: argocd
-  namespace: example-apps-staging
+  namespace: "${namePrefix}example-apps-staging"
 subjects:
   - kind: ServiceAccount
     name: argocd-argocd-server
@@ -180,4 +180,4 @@ subjects:
 roleRef:
   kind: Role
   name: argocd
-  apiGroup: rbac.authorization.k8s.io
+  apiGroup: rbac.authorization.k8s.io

argocd/argocd/operator/rbac/ingress-nginx.yaml

@@ -1,7 +1,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
-  namespace: ingress-nginx
+  namespace: "${namePrefix}ingress-nginx"
   name: argocd
 rules:
   - apiGroups:
@@ -166,7 +166,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   name: argocd
-  namespace: ingress-nginx
+  namespace: "${namePrefix}ingress-nginx"
 subjects:
   - kind: ServiceAccount
     name: argocd-argocd-server
@@ -180,4 +180,4 @@ subjects:
 roleRef:
   kind: Role
   name: argocd
-  apiGroup: rbac.authorization.k8s.io
+  apiGroup: rbac.authorization.k8s.io

argocd/argocd/operator/rbac/monitoring.yaml

@@ -1,7 +1,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
-  namespace: monitoring
+  namespace: "${namePrefix}monitoring"
   name: argocd
 rules:
   - apiGroups:
@@ -166,7 +166,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   name: argocd
-  namespace: monitoring
+  namespace: "${namePrefix}monitoring"
 subjects:
   - kind: ServiceAccount
     name: argocd-argocd-server
@@ -180,4 +180,4 @@ subjects:
 roleRef:
   kind: Role
   name: argocd
-  apiGroup: rbac.authorization.k8s.io
+  apiGroup: rbac.authorization.k8s.io

argocd/argocd/operator/rbac/secrets.yaml

@@ -1,7 +1,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
-  namespace: secrets
+  namespace: "${namePrefix}secrets"
   name: argocd
 rules:
   - apiGroups:
@@ -166,7 +166,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   name: argocd
-  namespace: secrets
+  namespace: "${namePrefix}secrets"
 subjects:
   - kind: ServiceAccount
     name: argocd-argocd-server
@@ -180,4 +180,4 @@ subjects:
 roleRef:
   kind: Role
   name: argocd
-  apiGroup: rbac.authorization.k8s.io
+  apiGroup: rbac.authorization.k8s.io

scripts/init-cluster.sh

@@ -275,4 +275,4 @@ function echoHightlighted() {
     fi
 }
 
-main "$@"
+main "$@"

scripts/jenkins/init-jenkins.sh

@@ -21,7 +21,7 @@ fi
 
 function initJenkins() {
   if [[ ${INTERNAL_JENKINS} == true ]]; then
-    setExternalHostnameIfNecessary "JENKINS" "jenkins" "default"
+    setExternalHostnameIfNecessary "JENKINS" "jenkins" "${NAME_PREFIX}jenkins"
   fi
 
   installPlugins

scripts/scm-manager/init-scmm.sh

@@ -26,7 +26,7 @@ function initSCMM() {
 
   echo "SCM provider: ${SCM_PROVIDER}"
   if [[ ${INTERNAL_SCMM} == true ]]; then
-    setExternalHostnameIfNecessary 'SCMM' 'scmm-scm-manager' 'default'
+    setExternalHostnameIfNecessary 'SCMM' 'scmm-scm-manager' "${NAME_PREFIX}scm-manager"
   fi
 
   [[ "${SCMM_URL}" != *scm ]] && SCMM_URL=${SCMM_URL}/scm

src/main/groovy/com/cloudogu/gitops/Application.groovy

@@ -12,12 +12,11 @@ class Application {
     final Config config
 
     Application(Config config,
-            List<Feature> features
+                List<Feature> features
     ) {
-        this.config=config
+        this.config = config
         // Order is important. Enforced by @Order-Annotation on the Singletons
         this.features = features
-
     }
 
     def start() {
@@ -36,15 +35,10 @@ class Application {
 
     void setNamespaceListToConfig(Config config) {
         Set<String> namespaces = new HashSet<>()
-        String namePrefix = config.application.namePrefix;
+        String namePrefix = config.application.namePrefix
 
-        if(config.registry.internal || config.scmm.internal || config.jenkins.internal){
-            namespaces.add(namePrefix + "default")
-        }
-
         if (config.features.argocd.active) {
             namespaces.addAll(Arrays.asList(
-                    namePrefix + "argocd",
                     namePrefix + "example-apps-staging",
                     namePrefix + "example-apps-production"
             ))
@@ -55,14 +49,9 @@ class Application {
                 .collect { it.activeNamespaceFromFeature }
                 .findAll { it }
                 .unique()
-                .collect { "${namePrefix}${it}".toString() })
-
-        //TODO remove after Jenkins/SCMM/Registry got their own namespaces
-        if(config.application.openshift){
-            namespaces.remove(namePrefix + "default")
-        }
+                .collect { "${it}".toString() })
 
         log.debug("Active namespaces retrieved: {}", namespaces);
         config.application.activeNamespaces = namespaces.toList()
     }
-}
+}

src/main/groovy/com/cloudogu/gitops/FeatureWithImage.groovy

@@ -15,12 +15,12 @@ trait FeatureWithImage {
     void createImagePullSecret() {
         if (config.registry.createImagePullSecrets) {
 
-            log.trace("Creating image pull secret 'proxy-registry' in namespace ${namespace}")
+            log.trace("Creating image pull secret 'proxy-registry' in namespace ${this.namespace}")
             String url = config.registry.proxyUrl ?: config.registry.url
             String user = config.registry.proxyUsername ?: config.registry.readOnlyUsername ?: config.registry.username
             String password = config.registry.proxyPassword ?: config.registry.readOnlyPassword ?: config.registry.password
 
-            k8sClient.createNamespace(namespace)
+            k8sClient.createNamespace(this.namespace)
             k8sClient.createImagePullSecret('proxy-registry', namespace, url, user, password)
         }
     }

src/main/groovy/com/cloudogu/gitops/cli/GitopsPlaygroundCliMainScripted.groovy

@@ -19,7 +19,8 @@ import com.cloudogu.gitops.scmm.ScmmRepoProvider
 import com.cloudogu.gitops.utils.*
 import groovy.util.logging.Slf4j
 import io.micronaut.context.ApplicationContext
-import jakarta.inject.Provider 
+import jakarta.inject.Provider
+
 /**
  * Micronaut's dependency injection relies on statically compiled class files with seems incompatible with groovy 
  * scripting/interpretation (without prior compilation).
@@ -52,7 +53,7 @@ class GitopsPlaygroundCliMainScripted {
             def helmClient = new HelmClient(executor)
 
             def httpClientFactory = new HttpClientFactory()
-            
+
             def scmmRepoProvider = new ScmmRepoProvider(config, fileSystemUtils)
             def retrofitFactory = new RetrofitFactory()
 
@@ -72,7 +73,7 @@ class GitopsPlaygroundCliMainScripted {
                     httpClientFactory.okHttpClient(httpClientFactory.createLoggingInterceptor(), jenkinsConfiguration, insecureSslContextProvider))
 
             context.registerSingleton(k8sClient)
-            
+
             if (config.application.destroy) {
                 context.registerSingleton(new Destroyer([
                         new ArgoCDDestructionHandler(config, k8sClient, scmmRepoProvider, helmClient, fileSystemUtils),
@@ -86,9 +87,9 @@ class GitopsPlaygroundCliMainScripted {
 
                 def airGappedUtils = new AirGappedUtils(config, scmmRepoProvider, repoApi, fileSystemUtils, helmClient)
 
-                context.registerSingleton(new Application(config,[
+                context.registerSingleton(new Application(config, [
                         new Registry(config, fileSystemUtils, k8sClient, helmStrategy),
-                        new ScmManager(config, executor, fileSystemUtils, helmStrategy),
+                        new ScmManager(config, executor, fileSystemUtils, helmStrategy, k8sClient),
                         new Jenkins(config, executor, fileSystemUtils, new GlobalPropertyManager(jenkinsApiClient),
                                 new JobManager(jenkinsApiClient), new UserManager(jenkinsApiClient),
                                 new PrometheusConfigurator(jenkinsApiClient), helmStrategy, k8sClient),
@@ -104,4 +105,4 @@ class GitopsPlaygroundCliMainScripted {
             }
         }
     }
-}
+}