feat: implement ability to disable default argocd consoleLink (#333)

* feat: implement ability to disable default argocd consolelink

* add documentation about all environmental variables

Author: reginapizza

common/common.go

@@ -21,6 +21,8 @@ const (
 	ArgoCDInstanceName = "openshift-gitops"
 	// DisableDefaultInstallEnvVar is an env variable to disable the default instance
 	DisableDefaultInstallEnvVar = "DISABLE_DEFAULT_ARGOCD_INSTANCE"
+	// DisableDefaultArgoCDConsoleLink is an env variable to disable the default Argo CD ConsoleLink
+	DisableDefaultArgoCDConsoleLink = "DISABLE_DEFAULT_ARGOCD_CONSOLELINK"
 )
 
 // InfraNodeSelector returns openshift label for infrastructure nodes

controllers/argocd_controller.go

@@ -20,13 +20,16 @@ import (
 	"context"
 	"encoding/base64"
 	"fmt"
+	"os"
+	"strings"
 
 	// embed the Argo icon during compile time
 	_ "embed"
 
 	"github.com/go-logr/logr"
 	console "github.com/openshift/api/console/v1"
 	routev1 "github.com/openshift/api/route/v1"
+	"github.com/redhat-developer/gitops-operator/common"
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -59,10 +62,16 @@ func init() {
 	encodedArgoImage = imageDataURL(base64.StdEncoding.EncodeToString(argoImage))
 }
 
+// if DISABLE_DEFAULT_ARGOCD_CONSOLELINK env variable is true, Argo CD ConsoleLink will be deleted
+func isConsoleLinkDisabled() bool {
+	return strings.ToLower(os.Getenv(common.DisableDefaultArgoCDConsoleLink)) == "true"
+}
+
 // SetupWithManager sets up the controller with the Manager.
 func (r *ReconcileArgoCDRoute) SetupWithManager(mgr ctrl.Manager) error {
 	// Watch for changes to argocd-server route in the default argocd instance namespace
 	// The ConsoleLink holds the route URL and should be regenerated when route is updated
+
 	return ctrl.NewControllerManagedBy(mgr).
 		For(&routev1.Route{}, builder.WithPredicates(filterPredicate(filterArgoCDRoute))).
 		Complete(r)
@@ -119,26 +128,31 @@ func (r *ReconcileArgoCDRoute) Reconcile(ctx context.Context, request reconcile.
 		}
 		return reconcile.Result{}, err
 	}
+
 	reqLogger.Info("Route found for argocd-server", "Route.Host", argoCDRoute.Spec.Host)
 
-	argocCDRouteURL := fmt.Sprintf("https://%s", argoCDRoute.Spec.Host)
+	argoCDRouteURL := fmt.Sprintf("https://%s", argoCDRoute.Spec.Host)
 
-	consoleLink := newConsoleLink(argocCDRouteURL, "Cluster Argo CD")
+	consoleLink := newConsoleLink(argoCDRouteURL, "Cluster Argo CD")
 
 	found := &console.ConsoleLink{}
 	err = r.Client.Get(ctx, types.NamespacedName{Name: consoleLink.Name}, found)
+
 	if err != nil {
 		if errors.IsNotFound(err) {
-			reqLogger.Info("Creating a new ConsoleLink", "ConsoleLink.Name", consoleLink.Name)
-			return reconcile.Result{}, r.Client.Create(ctx, consoleLink)
+			if !isConsoleLinkDisabled() {
+				reqLogger.Info("Creating a new ConsoleLink", "ConsoleLink.Name", consoleLink.Name)
+				return reconcile.Result{}, r.Client.Create(ctx, consoleLink)
+			}
 		}
-		reqLogger.Error(err, "Failed to create ConsoleLink", "ConsoleLink.Name", consoleLink.Name)
+		reqLogger.Error(err, "ConsoleLink not found", "ConsoleLink.Name", consoleLink.Name)
 		return reconcile.Result{}, err
 	}
-
-	if found.Spec.Href != argocCDRouteURL {
+	if isConsoleLinkDisabled() {
+		return reconcile.Result{}, r.deleteConsoleLinkIfPresent(ctx, reqLogger)
+	} else if found.Spec.Href != argoCDRouteURL {
 		reqLogger.Info("Updating the existing ConsoleLink", "ConsoleLink.Name", consoleLink.Name)
-		found.Spec.Href = argocCDRouteURL
+		found.Spec.Href = argoCDRouteURL
 		return reconcile.Result{}, r.Client.Update(ctx, found)
 	}
 

controllers/argocd_controller_test.go

@@ -19,23 +19,28 @@ package controllers
 import (
 	"context"
 	"net/url"
+	"os"
 	"testing"
 
+	"github.com/argoproj-labs/argocd-operator/controllers/argocd"
 	"github.com/google/go-cmp/cmp"
 	configv1 "github.com/openshift/api/config/v1"
 	console "github.com/openshift/api/console/v1"
 	routev1 "github.com/openshift/api/route/v1"
+	"gotest.tools/assert"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/client-go/kubernetes/scheme"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/client/fake"
+	logf "sigs.k8s.io/controller-runtime/pkg/log"
 	"sigs.k8s.io/controller-runtime/pkg/reconcile"
 )
 
 const (
-	argocdInstanceName = "openshift-gitops"
+	argocdInstanceName       = "openshift-gitops"
+	disableArgoCDConsoleLink = "DISABLE_DEFAULT_ARGOCD_CONSOLELINK"
 )
 
 var (
@@ -66,13 +71,79 @@ func TestReconcile_create_consolelink(t *testing.T) {
 }
 
 func TestReconcile_delete_consolelink(t *testing.T) {
-	reconcileArgoCD, fakeClient := newFakeReconcileArgoCD(argoCDRoute, consoleLink)
+	logf.SetLogger(argocd.ZapLogger(true))
 
-	err := fakeClient.Delete(context.TODO(), &routev1.Route{ObjectMeta: v1.ObjectMeta{Name: argocdRouteName, Namespace: argocdNS}})
-	assertNoError(t, err)
+	restoreEnvFunc := func() {
+		os.Unsetenv(disableArgoCDConsoleLink)
+	}
+
+	tests := []struct {
+		name                   string
+		setEnvVarFunc          func(string)
+		envVar                 string
+		consoleLinkShouldExist bool
+		wantErr                bool
+		Err                    error
+	}{
+		{
+			name: "DISABLE_DEFAULT_ARGOCD_CONSOLELINK is set to true and consoleLink gets deleted",
+			setEnvVarFunc: func(envVar string) {
+				os.Setenv(disableArgoCDConsoleLink, envVar)
+			},
+			consoleLinkShouldExist: false,
+			envVar:                 "true",
+			wantErr:                false,
+		},
+		{
+			name: "DISABLE_DEFAULT_ARGOCD_CONSOLELINK is set to false and consoleLink doesn't get deleted",
+			setEnvVarFunc: func(envVar string) {
+				os.Setenv(disableArgoCDConsoleLink, envVar)
+			},
+			envVar:                 "false",
+			consoleLinkShouldExist: true,
+			wantErr:                false,
+		},
+		{
+			name:                   "DISABLE_DEFAULT_ARGOCD_CONSOLELINK isn't set and consoleLink doesn't get deleted",
+			setEnvVarFunc:          nil,
+			envVar:                 "",
+			consoleLinkShouldExist: true,
+			wantErr:                false,
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			defer restoreEnvFunc()
+
+			reconcileArgoCD, fakeClient := newFakeReconcileArgoCD(argoCDRoute, consoleLink)
+			consoleLink := newConsoleLink("https://test.com", "Cluster Argo CD")
+			fakeClient.Create(context.TODO(), consoleLink)
+
+			if test.setEnvVarFunc != nil {
+				test.setEnvVarFunc(test.envVar)
+			}
+
+			result, err := reconcileArgoCD.Reconcile(context.TODO(), newRequest(argocdNS, argocdInstanceName))
+			if !test.consoleLinkShouldExist {
+				assertConsoleLinkDeletion(t, fakeClient, reconcileResult{result, err})
+			} else {
+				assertConsoleLinkExists(t, fakeClient, reconcileResult{result, err}, consoleLink)
+			}
+			if err != nil {
+				if !test.wantErr {
+					t.Errorf("Got unexpected error")
+				} else {
+					assert.Equal(t, test.Err, err)
+				}
+			} else {
+				if test.wantErr {
+					t.Errorf("expected error but didn't get one")
+				}
+			}
+		})
+	}
 
-	result, err := reconcileArgoCD.Reconcile(context.TODO(), newRequest(argocdNS, argocdRouteName))
-	assertConsoleLinkDeletion(t, fakeClient, reconcileResult{result, err})
 }
 
 func TestReconcile_update_consolelink(t *testing.T) {

docs/OpenShift GitOps Usage Guide.md

@@ -3,19 +3,20 @@
 ## Table of Contents
 1. [Installing OpenShift GitOps](#installing-openshift-gitops)  
 2. [Configure RHSSO for OpenShift GitOps(>= v1.2)](#configure-rhsso-for-openshift-gitops-v12)  
-3. [Setting up OpenShift Login (=< v1.1.2)](#setting-up-openshift-login--v112)  
-4. [Configuring the groups claim](#configuring-the-groups-claim-)  
-5. [Getting started with GitOps Application Manager (kam)](#getting-started-with-gitops-application-manager-kam)  
-6. [Setting up a new ArgoCD instance](#setting-up-a-new-argo-cd-instance)  
-7. [Configure resource quota/requests for OpenShift GitOps workloads](#configure-resource-quotarequests-for-openshift-gitops-workloads)  
-8. [Running default Gitops workloads on Infrastructure Nodes](#running-default-gitops-workloads-on-infrastructure-nodes)  
-9. [Monitoring](#monitoring)  
-10. [Logging](#logging)  
-11. [Prevent auto-reboot during Argo CD sync with machine configs](#prevent-auto-reboot-during-argo-cd-sync-with-machine-configs)  
-12. [Machine configs and Argo CD: Performance challenges](#machine-configs-and-argo-cd-performance-challenges)  
-13. [Health status of OpenShift resources](#health-status-of-openshift-resources)  
-14. [Upgrade GitOps Operator from v1.0.1 to v1.1.0 (GA)](#upgrade-gitops-operator-from-v101-to-v110-ga)  
-15. [Upgrade GitOps Operator from v1.1.2 to v1.2.0 (GA)](#upgrade-gitops-operator-from-v112-to-v120-ga)  
+3. [Setting up OpenShift Login (=< v1.1.2)](#setting-up-openshift-login--v112)
+4. [Setting environment variables](#setting-environment-variables)    
+5. [Configuring the groups claim](#configuring-the-groups-claim-)  
+6. [Getting started with GitOps Application Manager (kam)](#getting-started-with-gitops-application-manager-kam)  
+7. [Setting up a new ArgoCD instance](#setting-up-a-new-argo-cd-instance)  
+8. [Configure resource quota/requests for OpenShift GitOps workloads](#configure-resource-quotarequests-for-openshift-gitops-workloads)  
+9. [Running default Gitops workloads on Infrastructure Nodes](#running-default-gitops-workloads-on-infrastructure-nodes)  
+10. [Monitoring](#monitoring)  
+11. [Logging](#logging)  
+12. [Prevent auto-reboot during Argo CD sync with machine configs](#prevent-auto-reboot-during-argo-cd-sync-with-machine-configs)  
+13. [Machine configs and Argo CD: Performance challenges](#machine-configs-and-argo-cd-performance-challenges)  
+14. [Health status of OpenShift resources](#health-status-of-openshift-resources)  
+15. [Upgrade GitOps Operator from v1.0.1 to v1.1.0 (GA)](#upgrade-gitops-operator-from-v101-to-v110-ga)  
+16. [Upgrade GitOps Operator from v1.1.2 to v1.2.0 (GA)](#upgrade-gitops-operator-from-v112-to-v120-ga)  
 
 ## Installing OpenShift GitOps
 
@@ -99,6 +100,8 @@ You can launch into this Argo CD instance from the Console Application Launcher.
 
 ![image alt text](assets/5.console_application_launcher.png)
 
+**Note: To disable the Link to Argo CD in the Console Application Launcher, see the documentation on how to disable consoleLink in the [setting environment variables section](#setting-environment-variables)**
+
 Alternatively, the DNS hostname of the Argo CD Web Console can be retrieved by the command line.  
 
 `oc get route openshift-gitops-server -n openshift-gitops -o jsonpath='{.spec.host}'`
@@ -412,6 +415,50 @@ Make sure to click **Save**. You should now have a new tab called **Credentials*
 
 ![image alt text](assets/16.credentials_setup.png)
 
+## **Setting environment variables**
+
+Updating the following environment variables in the existing Subscription Object for the GitOps Operator will allow you (as an admin) to change certain properties in your cluster:
+
+<table>
+  <tr>
+    <td>Environment variable</td>
+    <td>Default value</td>
+    <td>Description</td>
+  </tr>
+  <tr>
+    <td>ARGOCD_CLUSTER_CONFIG_NAMESPACES</td>
+    <td>none</td>
+    <td>When provided with a namespace, Argo CD is granted permissions to manage specific cluster-scoped resources which include
+    platform operators, optional OLM operators, user management, etc. Argo CD is not granted cluster-admin.</td>
+  </tr>
+  <tr>
+    <td>CONTROLLER_CLUSTER_ROLE</td>
+    <td>none</td>
+    <td>Administrators can configure a common cluster role for all the managed namespaces in role bindings for the Argo CD application controller with this environment variable. Note: If this environment variable contains custom roles, the Operator doesn't create the default admin role. Instead, it uses the existing custom role for all managed namespaces.</td>
+  </tr>
+  <tr>
+    <td>DISABLE_DEFAULT_ARGOCD_CONSOLELINK</td>
+    <td>false</td>
+    <td>When set to `true`, will disable the ConsoleLink for Argo CD, which appears as the link to Argo CD in the Application Launcher. This can be beneficial to users of multi-tenant clusters who have multiple instances of Argo CD.</td>
+  </tr>
+  <tr>
+    <td>DISABLE_DEFAULT_ARGOCD_INSTANCE</td>
+    <td>false</td>
+    <td>When set to `true`, will disable the default 'ready-to-use' installation of Argo CD in `openshift-gitops` namespace.</td>
+  </tr>
+  <tr>
+    <td>DISABLE_DEX</td>
+    <td>false</td>
+    <td> When set to `true`, will remove the Dex deployment from the openshift-gitops namespace. Note: Disabling Dex will not be supported in v.1.9.0+. 
+    </td>
+  </tr>
+  <tr>
+    <td>SERVER_CLUSTER_ROLE</td>
+    <td>none</td>
+    <td>Administrators can configure a common cluster role for all the managed namespaces in role bindings for the Argo CD server with this environment variable. Note: If this environment variable contains custom roles, the Operator doesn’t create the default admin role. Instead, it uses the existing custom role for all managed namespaces.</td>
+  </tr>
+</table>
+
 ## **Configuring the groups claim**[ ¶](https://argoproj.github.io/argo-cd/operator-manual/user-management/keycloak/#configuring-the-groups-claim)
 
 In order for Argo CD to provide the groups the user is in we need to configure a groups claim that can be included in the authentication token. To do this we'll start by creating a new **Client Scope** called *groups*.
@@ -562,7 +609,7 @@ data:
 
 ### Working with Dex
 
-**NOTE:** For a fresh install of v1.3.0, Dex is automatically configured. You can log into the default Argo CD instance in the openshift-gitops namespace using the OpenShift or kubeadmin credentials. As an admin you can disable the Dex installation after the Operator is installed which will remove the Dex deployment from the openshift-gitops namespace.
+**NOTE:** As of v1.3.0, Dex is automatically configured. You can log into the default Argo CD instance in the openshift-gitops namespace using the OpenShift or kubeadmin credentials. As an admin you can disable the Dex installation after the Operator is installed which will remove the Dex deployment from the openshift-gitops namespace.
 
 :warning: **DISABLE_DEX is Deprecated in OpenShift GitOps v1.6.0 and support will be removed in v1.9.0. Dex can be enabled/disabled by setting `.spec.sso.provider: dex` as follows:**