Skip to content

Instantly share code, notes, and snippets.

@vfarcic
Last active June 21, 2023 08:01
Show Gist options
  • Star 38 You must be signed in to star a gist
  • Fork 13 You must be signed in to fork a gist
  • Save vfarcic/6fb3e7da327df9203d9d4c184fcb5831 to your computer and use it in GitHub Desktop.
Save vfarcic/6fb3e7da327df9203d9d4c184fcb5831 to your computer and use it in GitHub Desktop.
# Source: https://gist.github.com/6fb3e7da327df9203d9d4c184fcb5831
##############################################################################
# Combining Argo CD (GitOps), Crossplane (Control Plane), And Kubevela (OAM) #
# https://youtu.be/eEcgn_gU3SM #
##############################################################################
# Referenced videos:
# - Argo CD - Applying GitOps Principles To Manage Production Environment In Kubernetes: https://youtu.be/vpWQeoaiRM4
# - Cloud-Native Apps With Open Application Model (OAM) And KubeVela: https://youtu.be/2CBu6sOTtwk
# - Crossplane - GitOps-based Infrastructure as Code through Kubernetes API: https://youtu.be/n8KjVmuHm7A
# - How to apply GitOps to everything - combining Argo CD and Crossplane: https://youtu.be/yrj4lmScKHQ
# - How To Shift Left Infrastructure Management Using Crossplane Composites: https://youtu.be/AtbS1u2j7po
# - Bitnami Sealed Secrets - How To Store Kubernetes Secrets In Git Repositories: https://youtu.be/xd2QoV6GJlc
# - Terraform vs. Pulumi vs. Crossplane - Infrastructure as Code (IaC) Tools Comparison: https://youtu.be/RaoKcJGchKM
# - Portainer - Container Management Made Easy: https://youtu.be/-mWUbDHTEkQ
# - Ketch - How to Simplify Kubernetes Deployments: https://youtu.be/sMOIiTfGnj0
# - Shipa - A Kubernetes platform from developer's perspective: https://youtu.be/aCwlI3AhNOY
# - Flux CD v2 With GitOps Toolkit - Kubernetes Deployment And Sync Mechanism: https://youtu.be/R6OeIgb7lUI
# - GitHub CLI - How to manage repositories more efficiently: https://youtu.be/BII6ZY2Rnlc
#########
# Setup #
#########
# Create a Kuberentes cluster with Ingress. It can be a local (e.g., KinD, minikube, etc.) or a remote cluster.
# Replace `[...]` with the external IP of the Ingress service
export INGRESS_HOST=[...]
# Replace `[...]` with the GitHub organization or user
export GITHUB_ORG=[...]
# Watch https://youtu.be/BII6ZY2Rnlc if you are not familiar with GitHub CLI
gh repo fork vfarcic/crossplane-kubevela-argocd-demo \
--clone
cd crossplane-kubevela-argocd-demo
# Install Crossplane CLI from https://crossplane.io/docs/v1.3/getting-started/install-configure.html#start-with-a-self-hosted-crossplane
export REPO_URL=https://github.com/$GITHUB_ORG/crossplane-kubevela-argocd-demo
cat production/sealed-secrets.yaml \
| sed -e "s@repoURL: .*@repoURL: $REPO_URL@g" \
| tee production/sealed-secrets.yaml
cat production/crossplane.yaml \
| sed -e "s@repoURL: https://github.com.*@repoURL: $REPO_URL@g" \
| tee production/crossplane.yaml
cat production/team-a-infra.yaml \
| sed -e "s@repoURL: .*@repoURL: $REPO_URL@g" \
| tee production/team-a-infra.yaml
cat orig/team-app-reqs.yaml \
| sed -e "s@repoURL: .*@repoURL: $REPO_URL@g" \
| tee orig/team-app-reqs.yaml
cat orig/team-apps.yaml \
| sed -e "s@repoURL: .*@repoURL: $REPO_URL@g" \
| tee orig/team-apps.yaml
cat apps.yaml \
| sed -e "s@repoURL: .*@repoURL: $REPO_URL@g" \
| tee apps.yaml
kubectl apply --filename sealed-secrets
#############
# Setup AWS #
#############
# Replace `[...]` with your access key ID`
export AWS_ACCESS_KEY_ID=[...]
# Replace `[...]` with your secret access key
export AWS_SECRET_ACCESS_KEY=[...]
echo "[default]
aws_access_key_id = $AWS_ACCESS_KEY_ID
aws_secret_access_key = $AWS_SECRET_ACCESS_KEY
" | tee aws-creds.conf
kubectl --namespace crossplane-system \
create secret generic aws-creds \
--from-file creds=./aws-creds.conf \
--output json \
--dry-run=client \
| kubeseal --format yaml \
| tee crossplane-configs/aws-creds.yaml
#################
# Setup Argo CD #
#################
git add .
git commit -m "Personalization"
git push
helm repo add argo \
https://argoproj.github.io/argo-helm
helm repo update
helm upgrade --install \
argocd argo/argo-cd \
--namespace argocd \
--create-namespace \
--set server.ingress.hosts="{argo-cd.$INGRESS_HOST.nip.io}" \
--set server.ingress.enabled=true \
--set server.extraArgs="{--insecure}" \
--set controller.args.appResyncPeriod=30 \
--wait
kubectl apply --filename project.yaml
kubectl apply --filename apps.yaml
export PASS=$(kubectl \
--namespace argocd \
get secret argocd-initial-admin-secret \
--output jsonpath="{.data.password}" \
| base64 --decode)
argocd login \
--insecure \
--username admin \
--password $PASS \
--grpc-web \
argo-cd.$INGRESS_HOST.nip.io
argocd account update-password \
--current-password $PASS \
--new-password admin123
echo http://argo-cd.$INGRESS_HOST.nip.io
# Open it in a browser
# Use `admin` as both the username and password
# Open a second terminal and go to the same directory as in the first
##########
# GitOps #
##########
# Observe the Argo CD UI and wait until the apps are rolled out
##################
# Infrastructure #
##################
cat orig/cluster.yaml
cp orig/cluster.yaml team-a-infra/.
git add .
git commit -m "Team A infra"
git push
# In the second terminal
kubectl get clusters,nodegroup,iamroles,iamrolepolicyattachments,vpcs,securitygroups,subnets,internetgateways,routetables,providerconfigs.helm.crossplane.io,releases
# It might take a while until Argo CD detects the changes and the resources appear.
# Wait until all the resources are ready and synced
chmod +x config-cluster-aws.sh
./config-cluster-aws.sh team-a
################
# Applications #
################
cat orig/my-app.yaml
cp orig/my-app.yaml team-a-apps/.
git add .
git commit -m "Team A apps"
git push
# In the second terminal
export KUBECONFIG=$PWD/kubeconfig.yaml
# In the second terminal
kubectl --namespace production \
get all,hpa,ingress
##########################
# How did it all happen? #
##########################
# In the second terminal
cat apps.yaml
# In the second terminal
ls -1 production
# In the second terminal
cat production/team-a-infra.yaml
# In the second terminal
ls -1 team-a-infra
# In the second terminal
cat crossplane-compositions/definition.yaml
# In the second terminal
cat crossplane-compositions/cluster-aws.yaml
cat team-a-infra/cluster.yaml
# In the second terminal
cat team-a-app-reqs/kubevela.yaml
cat team-a-apps/my-app.yaml
# Show Argo CD
###########################
# Deleting infrastructure #
###########################
rm team-a-infra/cluster.yaml
git add .
git commit -m "Remove the cluster"
git push
# In the second terminal
unset KUBECONFIG
# In the second terminal
kubectl get clusters,nodegroup,iamroles,iamrolepolicyattachments,vpcs,securitygroups,subnets,internetgateways,routetables,providerconfigs.helm.crossplane.io,releases
# Wait until all the resources are removed
###########
# Destroy #
###########
rm -rf team-a-apps
rm -rf team-a-app-reqs
rm production/team-a-apps.yaml
rm production/team-a-app-reqs.yaml
git add .
git commit -m "Revert"
git push
# Delete the cluster
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment