Merge pull request #3191 from lsst-sqre/tickets/DM-43837

DM-43837: Allow the app-of-apps name to be configured

docs/extras/schemas/environment.json

@@ -176,6 +176,19 @@
       "title": "Domain name",
       "type": "string"
     },
+    "appOfAppsName": {
+      "anyOf": [
+        {
+          "type": "string"
+        },
+        {
+          "type": "null"
+        }
+      ],
+      "default": null,
+      "description": "Name of the parent Argo CD app-of-apps that manages all of the enabled applications. This is required in the merged values file that includes environment overrides, but the environment override file doesn't need to set it, so it's marked as optional for schema checking purposes to allow the override file to be schema-checked independently.",
+      "title": "Argo CD app-of-apps name"
+    },
     "butlerRepositoryIndex": {
       "anyOf": [
         {

environments/README.md

@@ -4,6 +4,7 @@
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
+| appOfAppsName | string | `"app-of-apps"` | Name of the parent Argo CD app-of-apps that manages all the applications enabled for this environment |
 | applications.alert-stream-broker | bool | `false` | Enable the alert-stream-broker application |
 | applications.argo-workflows | bool | `false` | Enable the argo-workflows application |
 | applications.argocd | bool | `true` | Enable the Argo CD application. This must be enabled for all environments and is present here only because it makes parsing easier |

environments/values-base.yaml

@@ -1,6 +1,7 @@
-name: base
-fqdn: base-lsp.lsst.codes
-vaultPathPrefix: secret/k8s_operator/base-lsp.lsst.codes
+name: "base"
+fqdn: "base-lsp.lsst.codes"
+appOfAppsName: "science-platform"
+vaultPathPrefix: "secret/k8s_operator/base-lsp.lsst.codes"
 
 applications:
   argo-workflows: true

environments/values-ccin2p3.yaml

@@ -1,6 +1,7 @@
-name: ccin2p3
-fqdn: data-dev.lsst.eu
-vaultPathPrefix: secret/k8s_operator/rsp-cc
+name: "ccin2p3"
+fqdn: "data-dev.lsst.eu"
+appOfAppsName: "science-platform"
+vaultPathPrefix: "secret/k8s_operator/rsp-cc"
 
 applications:
   datalinker: true

environments/values-idfdev.yaml

@@ -1,5 +1,6 @@
 name: "idfdev"
 fqdn: "data-dev.lsst.cloud"
+appOfAppsName: "science-platform"
 butlerRepositoryIndex: "s3://butler-us-central1-repo-locations/data-dev-repos.yaml"
 butlerServerRepositories:
   dp02: "https://data-dev.lsst.cloud/api/butler/repo/dp02/butler.yaml"

environments/values-idfint.yaml

@@ -1,5 +1,6 @@
 name: "idfint"
 fqdn: "data-int.lsst.cloud"
+appOfAppsName: "science-platform"
 butlerRepositoryIndex: "s3://butler-us-central1-repo-locations/data-int-repos.yaml"
 butlerServerRepositories:
   dp02: "https://data-int.lsst.cloud/api/butler/repo/dp02/butler.yaml"

environments/values-idfprod.yaml

@@ -1,5 +1,6 @@
 name: "idfprod"
 fqdn: "data.lsst.cloud"
+appOfAppsName: "science-platform"
 butlerRepositoryIndex: "s3://butler-us-central1-repo-locations/data-repos.yaml"
 butlerServerRepositories:
   dp01: "https://data.lsst.cloud/api/butler/repo/dp01/butler.yaml"

environments/values-minikube.yaml

@@ -1,9 +1,9 @@
-name: minikube
-fqdn: minikube.lsst.codes
+name: "minikube"
+fqdn: "minikube.lsst.codes"
 onepassword:
   connectUrl: "https://roundtable-dev.lsst.cloud/1password"
   vaultTitle: "RSP minikube.lsst.codes"
-vaultPathPrefix: secret/phalanx/minikube
+vaultPathPrefix: "secret/phalanx/minikube"
 
 # The primary constraint on enabling applications is the low available memory
 # of a GitHub Actions runner, since minikube is used for smoke testing of new

environments/values-roe.yaml

@@ -1,7 +1,8 @@
-name: roe
-fqdn: rsp.lsst.ac.uk
+name: "roe"
+fqdn: "rsp.lsst.ac.uk"
+appOfAppsName: "science-platform"
 vaultUrl: "https://vault.lsst.ac.uk"
-vaultPathPrefix: secret/k8s_operator/roe
+vaultPathPrefix: "secret/k8s_operator/roe"
 
 applications:
   mobu: true

environments/values-roundtable-dev.yaml

@@ -1,5 +1,6 @@
 name: "roundtable-dev"
 fqdn: "roundtable-dev.lsst.cloud"
+appOfAppsName: "roundtable"
 gcp:
   projectId: "roundtable-dev-abe2"
   region: "us-central1"

environments/values-roundtable-prod.yaml

@@ -1,5 +1,6 @@
 name: "roundtable-prod"
 fqdn: "roundtable.lsst.cloud"
+appOfAppsName: "roundtable"
 gcp:
   projectId: "roundtable-prod-f6fd"
   region: "us-central1"

environments/values-summit.yaml

@@ -1,6 +1,7 @@
-name: summit
-fqdn: summit-lsp.lsst.codes
-vaultPathPrefix: secret/k8s_operator/summit-lsp.lsst.codes
+name: "summit"
+fqdn: "summit-lsp.lsst.codes"
+appOfAppsName: "science-platform"
+vaultPathPrefix: "secret/k8s_operator/summit-lsp.lsst.codes"
 
 applications:
   consdb: true

environments/values-tucson-teststand.yaml

@@ -1,5 +1,6 @@
 name: "tucson-teststand"
 fqdn: "tucson-teststand.lsst.codes"
+appOfAppsName: "science-platform"
 onepassword:
   connectUrl: "https://roundtable-dev.lsst.cloud/1password"
   vaultTitle: "RSP tucson-teststand.lsst.codes"

environments/values-usdfdev.yaml

@@ -1,10 +1,11 @@
+fqdn: "usdf-rsp-dev.slac.stanford.edu"
+name: "usdfdev"
+appOfAppsName: "science-platform"
 butlerRepositoryIndex: "s3://rubin-summit-users/data-repos.yaml"
 butlerServerRepositories:
   embargo: "https://usdf-rsp-dev.slac.stanford.edu/api/butler/repo/embargo/butler.yaml"
-fqdn: usdf-rsp-dev.slac.stanford.edu
-name: usdfdev
 vaultUrl: "https://vault.slac.stanford.edu"
-vaultPathPrefix: secret/rubin/usdf-rsp-dev
+vaultPathPrefix: "secret/rubin/usdf-rsp-dev"
 
 applications:
   # This environment uses an ingress managed in a separate Kubernetes cluster,

environments/values-usdfint.yaml

@@ -1,10 +1,11 @@
+fqdn: "usdf-rsp-int.slac.stanford.edu"
+name: "usdfint"
+appOfAppsName: "science-platform"
 butlerRepositoryIndex: "s3://rubin-summit-users/data-repos.yaml"
 butlerServerRepositories:
   embargo: "https://usdf-rsp-int.slac.stanford.edu/api/butler/repo/embargo/butler.yaml"
-fqdn: usdf-rsp-int.slac.stanford.edu
-name: usdfint
 vaultUrl: "https://vault.slac.stanford.edu"
-vaultPathPrefix: secret/rubin/usdf-rsp-int
+vaultPathPrefix: "secret/rubin/usdf-rsp-int"
 
 applications:
   # This environment uses an ingress managed in a separate Kubernetes cluster,

environments/values-usdfprod.yaml

@@ -1,10 +1,11 @@
+fqdn: "usdf-rsp.slac.stanford.edu"
+name: "usdfprod"
+appOfAppsName: "science-platform"
 butlerRepositoryIndex: "s3://rubin-summit-users/data-repos.yaml"
 butlerServerRepositories:
   embargo: "https://usdf-rsp.slac.stanford.edu/api/butler/repo/embargo/butler.yaml"
-fqdn: usdf-rsp.slac.stanford.edu
-name: usdfprod
 vaultUrl: "https://vault.slac.stanford.edu"
-vaultPathPrefix: secret/rubin/usdf-rsp
+vaultPathPrefix: "secret/rubin/usdf-rsp"
 
 applications:
   # This environment uses an ingress managed in a separate Kubernetes cluster,

environments/values.yaml

@@ -1,5 +1,17 @@
 # These four settings should be set in each environment values-*.yaml file.
 
+# -- Name of the environment
+# @default -- None, must be set
+name: ""
+
+# -- Fully-qualified domain name where the environment is running
+# @default -- None, must be set
+fqdn: ""
+
+# -- Name of the parent Argo CD app-of-apps that manages all the applications
+# enabled for this environment
+appOfAppsName: "app-of-apps"
+
 # -- Butler repository index URI to use for this environment, for services that
 # connect directly to the Butler database.
 # @default -- None, must be set
@@ -10,14 +22,6 @@ butlerRepositoryIndex: ""
 # @default -- None, must be set
 butlerServerRepositories: {}
 
-# -- Name of the environment
-# @default -- None, must be set
-name: ""
-
-# -- Fully-qualified domain name where the environment is running
-# @default -- None, must be set
-fqdn: ""
-
 # -- URL of the repository for all applications
 repoUrl: https://github.com/lsst-sqre/phalanx.git
 

src/phalanx/models/environments.py

@@ -151,7 +151,9 @@ class ControlSystemConfig(CamelCaseModel):
 
 
 class EnvironmentBaseConfig(CamelCaseModel):
-    """Configuration common to `~phalanx.models.environments.EnvironmentConfig`
+    """Environment configuration options.
+
+    Configuration common to `~phalanx.models.environments.EnvironmentConfig`
     and `~phalanx.models.environments.Environment`.
     """
 
@@ -165,6 +167,19 @@ class EnvironmentBaseConfig(CamelCaseModel):
         ),
     )
 
+    app_of_apps_name: str | None = Field(
+        None,
+        title="Argo CD app-of-apps name",
+        description=(
+            "Name of the parent Argo CD app-of-apps that manages all of the"
+            " enabled applications. This is required in the merged values"
+            " file that includes environment overrides, but the environment"
+            " override file doesn't need to set it, so it's marked as"
+            " optional for schema checking purposes to allow the override"
+            " file to be schema-checked independently."
+        ),
+    )
+
     butler_repository_index: str | None = Field(
         None,
         title="Butler repository index URL",

src/phalanx/services/environment.py

@@ -72,10 +72,16 @@ def install(
         ------
         CommandFailedError
             Raised if one of the underlying commands fails.
+        ValueError
+            Raised if ``appOfAppsName`` is not set in the environment
+            configuration.
         VaultNotFoundError
             Raised if a necessary secret was not found in Vault.
         """
         environment = self._config.load_environment(environment_name)
+        if not environment.app_of_apps_name:
+            raise ValueError(f"appOfAppsName not set for {environment_name}")
+        app_of_apps = environment.app_of_apps_name
         vault = self._vault_storage.get_vault_client(
             environment, credentials=vault_credentials
         )
@@ -132,17 +138,17 @@ def install(
             )
 
         # Create and sync the top-level Argo CD application.
-        with action_group("Install science-platform app-of-apps"):
+        with action_group(f"Install {app_of_apps} app-of-apps"):
             self._argocd.login("admin", argocd_password.get_secret_value())
             self._argocd.create_environment(
                 environment.name,
-                "science-platform",
+                app_of_apps,
                 git_url=git_url,
                 git_branch=git_branch,
             )
-            self._argocd.sync("science-platform")
+            self._argocd.sync(app_of_apps)
             project = Project.infrastructure
-            self._argocd.set_project("science-platform", project)
+            self._argocd.set_project(app_of_apps, project)
 
         # Sync Argo CD and wait for it to finish syncing so that the pods
         # don't restart in the middle of proxying another Argo CD operation.
@@ -176,9 +182,7 @@ def install(
 
         # Sync everything else.
         with action_group("Sync remaining applications"):
-            self._argocd.sync_all(
-                "science-platform", timeout=timedelta(minutes=5)
-            )
+            self._argocd.sync_all(app_of_apps, timeout=timedelta(minutes=5))
 
     def lint(self, environment: str | None = None) -> bool:
         """Lint the Helm chart for environments.
@@ -200,15 +204,15 @@ def lint(self, environment: str | None = None) -> bool:
             success &= self._helm.lint_environment(environment)
         return success
 
-    def template(self, environment: str) -> str:
+    def template(self, environment_name: str) -> str:
         """Expand the templates of the top-level chart.
 
         Run :command:`helm template` for a top-level chart, passing in the
         appropriate parameters for the given environment.
 
         Parameters
         ----------
-        environment
+        environment_name
             Environment for which to expand the top-level chart.
 
         Returns
@@ -220,5 +224,13 @@ def template(self, environment: str) -> str:
         ------
         CommandFailedError
             Raised if Helm fails.
+        ValueError
+            Raised if ``appOfAppsName`` is not set in the environment
+            configuration.
         """
-        return self._helm.template_environment(environment)
+        environment = self._config.load_environment(environment_name)
+        if not environment.app_of_apps_name:
+            raise ValueError(f"appOfAppsName not set for {environment_name}")
+        return self._helm.template_environment(
+            environment.name, environment.app_of_apps_name
+        )

src/phalanx/storage/helm.py

@@ -308,7 +308,9 @@ def template_application(
             sys.stderr.write(result.stderr)
         return result.stdout
 
-    def template_environment(self, environment: str) -> str:
+    def template_environment(
+        self, environment: str, app_of_apps_name: str
+    ) -> str:
         """Expand the top-level chart into its Kubernetes resources.
 
         Runs :command:`helm template` to expand the top-level chart into its
@@ -319,6 +321,8 @@ def template_environment(self, environment: str) -> str:
         ----------
         environment
             Name of the environment for which to expand the chart.
+        app_of_apps_name
+            Name of the app-of-apps for that environment.
 
         Returns
         -------
@@ -334,7 +338,7 @@ def template_environment(self, environment: str) -> str:
         try:
             result = self._helm.capture(
                 "template",
-                "science-platform",
+                app_of_apps_name,
                 str(path),
                 "--include-crds",
                 "--values",

tests/data/input/environments/values-idfdev.yaml

@@ -1,5 +1,6 @@
 name: idfdev
 fqdn: data-dev.lsst.cloud
+appOfAppsName: science-platform
 gcp:
   projectId: science-platform-dev-7696
   region: us-central1

tests/data/input/environments/values.yaml

@@ -8,6 +8,10 @@ name: ""
 # @default -- None, must be set
 fqdn: ""
 
+# -- Name of the parent Argo CD app-of-apps that manages all the applications
+# enabled for this environment
+appOfAppsName: "app-of-apps"
+
 onepassword:
   # -- URL to the 1Password server for this environment, if 1Password is used
   # for static secrets.

tests/data/output/minikube/values-after-add.yaml

@@ -8,6 +8,10 @@ name: ""
 # @default -- None, must be set
 fqdn: ""
 
+# -- Name of the parent Argo CD app-of-apps that manages all the applications
+# enabled for this environment
+appOfAppsName: "app-of-apps"
+
 onepassword:
   # -- URL to the 1Password server for this environment, if 1Password is used
   # for static secrets.