Created
July 27, 2021 16:26
-
-
Save vfarcic/1479d5ff65ba2b37eefb13529a1f03b7 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Referenced videos: | |
| # - K3d - How to run Kubernetes cluster locally using Rancher k3s: https://youtu.be/mCesuGk-Fks | |
| # - Crossplane TODO: | |
| ######### | |
| # Setup # | |
| ######### | |
| # Watch https://youtu.be/BII6ZY2Rnlc if you are not familiar with GitHub CLI | |
| gh repo fork vfarcic/crossplane-chicken-demo \ | |
| --clone | |
| cd crossplane-chicken-demo | |
| # Install Crossplane CLI from https://crossplane.io/docs/v1.3/getting-started/install-configure.html#start-with-a-self-hosted-crossplane | |
| # Replace `[...]` with the GitHub organization or user | |
| export GITHUB_ORG=[...] | |
| # Install Crossplane CLI from https://crossplane.io/docs/v1.3/getting-started/install-configure.html#start-with-a-self-hosted-crossplane | |
| export REPO_URL=https://github.com/$GITHUB_ORG/crossplane-chicken-demo | |
| cat production/crossplane.yaml \ | |
| | sed -e "s@repoURL: https://github.com.*@repoURL: $REPO_URL@g" \ | |
| | tee production/crossplane.yaml | |
| cat production/infra.yaml \ | |
| | sed -e "s@repoURL: .*@repoURL: $REPO_URL@g" \ | |
| | tee production/infra.yaml | |
| cat apps.yaml \ | |
| | sed -e "s@repoURL: .*@repoURL: $REPO_URL@g" \ | |
| | tee apps.yaml | |
| git add . | |
| git commit -m "Personalization" | |
| git push | |
| ############################ | |
| # Create Local Environment # | |
| ############################ | |
| # Please watch https://youtu.be/mCesuGk-Fks if you are not familiar with k3d | |
| # Feel free to use any other Kubernetes platform | |
| k3d cluster create --config k3d.yaml | |
| # TODO: Switch to Upbound cloud | |
| helm repo add crossplane-stable \ | |
| https://charts.crossplane.io/stable | |
| helm repo update | |
| helm upgrade --install \ | |
| crossplane crossplane-stable/crossplane \ | |
| --namespace crossplane-system \ | |
| --create-namespace \ | |
| --wait | |
| # Replace `[...]` with your access key ID` | |
| export AWS_ACCESS_KEY_ID=[...] | |
| # Replace `[...]` with your secret access key | |
| export AWS_SECRET_ACCESS_KEY=[...] | |
| echo "[default] | |
| aws_access_key_id = $AWS_ACCESS_KEY_ID | |
| aws_secret_access_key = $AWS_SECRET_ACCESS_KEY | |
| " | tee aws-creds.conf | |
| kubectl --namespace crossplane-system \ | |
| create secret generic aws-creds \ | |
| --from-file creds=./aws-creds.conf | |
| kubectl apply \ | |
| --filename crossplane-providers | |
| # Wait for a few moments for the providers to be initialized | |
| kubectl apply \ | |
| --filename crossplane-configs | |
| # Ignore the error about `SealedSecret`. We'll use it later. | |
| kubectl apply \ | |
| --filename crossplane-compositions | |
| # TODO: Delete | |
| # kubectl create namespace infra | |
| kubectl apply --filename infra | |
| kubectl --namespace infra \ | |
| get clusterclaims,clusters,nodegroup,iamroles,iamrolepolicyattachments,vpcs,securitygroups,subnets,internetgateways,routetables,providerconfigs,releases | |
| export KUBECONFIG=$PWD/kubeconfig.yaml | |
| aws eks --region us-east-1 \ | |
| update-kubeconfig \ | |
| --name a-team | |
| kubectl create namespace crossplane-system | |
| kubectl --namespace crossplane-system \ | |
| create secret generic aws-creds \ | |
| --from-file creds=./aws-creds.conf | |
| helm repo add ingress-nginx \ | |
| https://kubernetes.github.io/ingress-nginx | |
| helm repo update | |
| helm upgrade --install ingress-nginx \ | |
| ingress-nginx/ingress-nginx \ | |
| --namespace ingress-nginx \ | |
| --create-namespace \ | |
| --set defaultBackend.service.annotations."service.beta.kubernetes.io/aws-load-balancer-backend-protocol"=tcp \ | |
| --set defaultBackend.service.annotations."service.beta.kubernetes.io/aws-load-balancer-backend-protocol"=\"true\" \ | |
| --set defaultBackend.service.annotations."service.beta.kubernetes.io/aws-load-balancer-type"=nlb | |
| export INGRESS_HOSTNAME=$(kubectl \ | |
| --namespace ingress-nginx \ | |
| get svc ingress-nginx-controller \ | |
| --output jsonpath="{.status.loadBalancer.ingress[0].hostname}") | |
| export INGRESS_HOST=$(\ | |
| dig +short $INGRESS_HOSTNAME) | |
| echo $INGRESS_HOST | |
| # Repeat the `export` commands if the output is empty | |
| # If the output contains more than one IP, wait for a while longer, and repeat the `export` commands. | |
| # If the output continues having more than one IP, choose one of them and execute `export INGRESS_HOST=[...]` with `[...]` being the selected IP. | |
| helm repo add argo \ | |
| https://argoproj.github.io/argo-helm | |
| helm repo update | |
| helm upgrade --install argo-cd \ | |
| argo/argo-cd \ | |
| --namespace argocd \ | |
| --create-namespace \ | |
| --set server.ingress.enabled=true \ | |
| --set server.ingress.hosts={argo-cd.$INGRESS_HOST.nip.io} \ | |
| --set server.extraArgs={--insecure} \ | |
| --wait | |
| export PASS=$(kubectl \ | |
| --namespace argocd \ | |
| get secret argocd-initial-admin-secret \ | |
| --output jsonpath="{.data.password}" \ | |
| | base64 --decode) | |
| argocd login \ | |
| --insecure \ | |
| --username admin \ | |
| --password $PASS \ | |
| --grpc-web \ | |
| argo-cd.$INGRESS_HOST.nip.io | |
| argocd account update-password \ | |
| --current-password $PASS \ | |
| --new-password admin | |
| echo http://argo-cd.$INGRESS_HOST.nip.io | |
| kubectl apply --filename project.yaml | |
| kubectl apply --filename apps.yaml | |
| kubectl --namespace infra \ | |
| get clusterclaims,clusters,nodegroup,iamroles,iamrolepolicyattachments,vpcs,securitygroups,subnets,internetgateways,routetables,providerconfigs,releases | |
| # TODO: Fix it!!! | |
| ########### | |
| # Destroy # | |
| ########### | |
| # TODO: Delete the LB | |
| # TODO: Delete the composite | |
| k3d cluster delete devops-toolkit |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment