TB Platform ApplicationSets

ApplicationSets that deploy services to tb-platform clusters

Multiple ApplicationSets deploy services to the three tb-platform clusters (dev, qa, prod). This page provides an overview of all tb-platform ApplicationSets.

ApplicationSet Summary

ApplicationSet	Services Deployed	Clusters
`tb-platform-init-resources`	Bootstrap resources	dev, qa, prod
`tb-platform-init-services`	Init service Applications	dev, qa, prod
`tb-platform-environments`	Config Connector env resources	dynamic
`tb-platform-vpc-config`	Config Connector VPC resources	dynamic
`tb-platform-external-secrets`	External Secrets Operator	dev, qa, prod
`tb-platform-grafana-alloy`	Grafana Alloy	dev, qa, prod
`tb-platform-1password-operator`	1Password Connect + Operator	dev, qa, prod
`tb-platform-config-connector-operator`	Config Connector Operator	dev, qa, prod
`tb-platform-malware-scanner`	ClamAV malware scanner	dev, qa, prod
`tb-platform-tykctl`	Tyk API Gateway management	dev, qa, prod
`tb-platform-api-docs`	API documentation portal	dev, qa, prod
`tb-platform-kube-green`	Resource scheduling	dev, qa

Cluster Endpoints

Environment	Cluster IP
Dev	`https://10.64.128.34`
QA	`https://10.64.128.50`
Prod	`https://10.64.128.66`

External Secrets

Deploys the External Secrets Operator to each cluster.

File: application-sets/tb-platform-external-secrets.yaml

spec:
  generators:
   - list:
      elements:
      - environment: dev
        cluster: https://10.64.128.34
      - environment: qa
        cluster: https://10.64.128.50
      - environment: prod
        cluster: https://10.64.128.66
  template:
    spec:
      destination:
        server: '{{.cluster}}'
        namespace: external-secrets
      source:
        chart: external-secrets
        repoURL: https://charts.external-secrets.io
        targetRevision: 0.14.1

Generated Apps: tb-platform-dev-external-secrets, tb-platform-qa-external-secrets, tb-platform-prod-external-secrets

Grafana Alloy

Deploys Grafana Alloy for telemetry collection.

File: application-sets/tb-platform-grafana-alloy.yaml

spec:
  generators:
   - list:
      elements:
      - environment: dev
        cluster: https://10.64.128.34
        updateStrategy: latest
      - environment: qa
        cluster: https://10.64.128.50
        updateStrategy: latest
      - environment: prod
        cluster: https://10.64.128.66
        updateStrategy: semver
  template:
    spec:
      destination:
        namespace: monitoring
        server: '{{.cluster}}'
      source:
        chart: alloy
        repoURL: https://grafana.github.io/helm-charts
        targetRevision: 1.1.2

Generated Apps: tb-platform-dev-grafana-alloy, tb-platform-qa-grafana-alloy, tb-platform-prod-grafana-alloy

1Password Operator

Deploys 1Password Connect and Operator for secret injection.

File: application-sets/tb-platform-onepassword-operator.yaml

spec:
  generators:
   - list:
      elements:
      - environment: dev
        cluster: https://10.64.128.34
        projectID: tb-platform-dev
      - environment: qa
        cluster: https://10.64.128.50
        projectID: tb-platform-qa
      - environment: prod
        cluster: https://10.64.128.66
        projectID: tb-platform-prod
  template:
    spec:
      destination:
        server: '{{.cluster}}'
        namespace: onepassword
      source:
        repoURL: 'https://1password.github.io/connect-helm-charts'
        chart: connect
        targetRevision: '2.0.2'

Generated Apps: tb-platform-dev-1password-operator, tb-platform-qa-1password-operator, tb-platform-prod-1password-operator

Config Connector Operator

Deploys the Config Connector operator to each cluster.

File: application-sets/tb-platform-config-connector.yaml

spec:
  generators:
   - list:
      elements:
      - environment: dev
        cluster: https://10.64.128.34
      - environment: qa
        cluster: https://10.64.128.50
      - environment: prod
        cluster: https://10.64.128.66
  template:
    spec:
      source:
        repoURL: https://github.com/Titanbay/infra-services.git
        targetRevision: 'main'
        path: k8s/infra-services/gcp-config-connector
      destination:
        server: '{{.cluster}}'

Generated Apps: tb-platform-dev-cluster-config-connector-operator, etc.

Malware Scanner

Deploys ClamAV-based malware scanning service.

File: application-sets/tb-platform-malware-scanner.yaml

spec:
  template:
    spec:
      source:
        repoURL: https://github.com/titanbay/infra-services.git
        targetRevision: 'main'
        path: k8s/infra-services/malware-scanner/overlays/{{.environment}}
      destination:
        server: '{{.cluster}}'
        namespace: malware-scanner

Generated Apps: malware-scanner-dev, malware-scanner-qa, malware-scanner-prod

Tykctl

Deploys Tyk API Gateway management tool with image auto-updates.

File: application-sets/tb-platform-tykctl.yaml

spec:
  template:
    metadata:
      annotations:
        argocd-image-updater.argoproj.io/image-list: tykctl=europe-west1-docker.pkg.dev/tb-platform-{{.environment}}/services/tykctl:~1.x
        argocd-image-updater.argoproj.io/tykctl.update-strategy: '{{.updateStrategy}}'
        argocd-image-updater.argoproj.io/write-back-method: git
    spec:
      source:
        path: 'k8s/infra-services/tykctl/overlays/{{.environment}}'
      destination:
        server: '{{.cluster}}'
        namespace: tyk

Generated Apps: tb-platform-dev-tykctl, tb-platform-qa-tykctl, tb-platform-prod-tykctl

API Docs

Deploys API documentation portal with image auto-updates.

File: application-sets/tb-platform-api-docs.yaml

spec:
  template:
    metadata:
      annotations:
        argocd-image-updater.argoproj.io/image-list: api-docs=europe-west1-docker.pkg.dev/tb-platform-{{.environment}}/infra/api-docs
        argocd-image-updater.argoproj.io/api-docs.update-strategy: '{{.updateStrategy}}'
    spec:
      source:
        path: 'k8s/infra-services/api-docs/overlays/{{.environment}}'
      destination:
        server: '{{.cluster}}'
        namespace: tyk

Generated Apps: tb-platform-dev-api-docs, tb-platform-qa-api-docs, tb-platform-prod-api-docs

Kube-green

Deploys kube-green for resource scheduling (cost savings). Not deployed to prod.

File: application-sets/tb-platform-kube-green.yaml

spec:
  generators:
   - list:
      elements:
      - environment: dev
        cluster: https://10.64.128.34
      - environment: qa
        cluster: https://10.64.128.50
      # prod is commented out
  template:
    spec:
      destination:
        server: '{{.cluster}}'
        namespace: kube-green
      source:
        chart: kube-green
        repoURL: https://kube-green.github.io/helm-charts
        targetRevision: 0.7.1

Generated Apps: tb-platform-dev-kube-green, tb-platform-qa-kube-green

TB Ops Project

Generates Applications for tb-ops project environments.

File: application-sets/tb-ops-project.yaml

spec:
  generators:
    - git:
        repoURL: https://github.com/Titanbay/infra-services.git
        revision: 'main'
        directories:
          - path: k8s/infra-services/tb-ops-project/env/*
          - path: k8s/infra-services/tb-ops-project/env/base
            exclude: true
  template:
    spec:
      destination:
        server: https://kubernetes.default.svc
        namespace: 'tb-ops-project-{{.path.basename}}'

Generated Apps: Dynamic based on directories in k8s/infra-services/tb-ops-project/env/

How to Update

Adding a New Environment

Add the environment to the generator’s elements list
Ensure the cluster endpoint is correct
Commit and push to main

Modifying Helm Values

Edit the valuesObject in the ApplicationSet
Changes apply to all generated Applications
Commit and push to main

Environment-Specific Configuration

For Kustomize-based ApplicationSets (like malware-scanner, tykctl):

Edit the environment overlay in the source path
Commit and push to main

Last modified January 19, 2026: docs: add ArgoCD managed services (#1932) (2efa8f20)