Copy/paste.

2025-03-26 10:29:34 +03:00
parent a8f61c6db9
commit 43784970e1
29 changed files with 2473 additions and 2 deletions
--- a/1-example/application.yaml
+++ b/1-example/application.yaml
@@ -0,0 +1,26 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: my-app
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  source:
+    repoURL: https://github.com/antonputra/lesson-158.git
+    targetRevision: HEAD
+    path: my-app
+  destination:
+    server: https://kubernetes.default.svc
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+      allowEmpty: false
+    syncOptions:
+      - Validate=true
+      - CreateNamespace=false
+      - PrunePropagationPolicy=foreground
+      - PruneLast=true
--- a/2-example/application.yaml
+++ b/2-example/application.yaml
@@ -0,0 +1,26 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: apps-staging
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  source:
+    repoURL: https://github.com/antonputra/lesson-158.git
+    targetRevision: HEAD
+    path: environments/staging/apps
+  destination:
+    server: https://kubernetes.default.svc
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+      allowEmpty: false
+    syncOptions:
+      - Validate=true
+      - CreateNamespace=false
+      - PrunePropagationPolicy=foreground
+      - PruneLast=true
--- a/3-example/application.yaml
+++ b/3-example/application.yaml
@@ -0,0 +1,26 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: my-app
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  source:
+    repoURL: git@github.com:antonputra/lesson-158-private.git
+    targetRevision: HEAD
+    path: my-app
+  destination:
+    server: https://kubernetes.default.svc
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+      allowEmpty: false
+    syncOptions:
+      - Validate=true
+      - CreateNamespace=false
+      - PrunePropagationPolicy=foreground
+      - PruneLast=true
--- a/3-example/git-repo-secret.yaml
+++ b/3-example/git-repo-secret.yaml
@@ -0,0 +1,20 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: lesson-158-private
+  namespace: argocd
+  labels:
+    argocd.argoproj.io/secret-type: repository
+stringData:
+  url: git@github.com:antonputra/lesson-158-private.git
+  sshPrivateKey: |
+    -----BEGIN OPENSSH PRIVATE KEY-----
+    b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+    QyNTUxOQAAACAvG2MZK7C4yJzkfQcunxQp2OpOluYI+pSJmdfL4HNrwwAAAJine2Aip3tg
+    IgAAAAtzc2gtZWQyNTUxOQAAACAvG2MZK7C4yJzkfQcunxQp2OpOluYI+pSJmdfL4HNrww
+    AAAEApkokq4ThivZHCdSZE+xQBI/DvJki6B7QhPQUpGfzTTS8bYxkrsLjInOR9By6fFCnY
+    6k6W5gj6lImZ18vgc2vDAAAAFWFyZ29jZEBhbnRvbnB1dHJhLmNvbQ==
+    -----END OPENSSH PRIVATE KEY-----
+  insecure: "false"
+  enableLfs: "true"
--- a/4-example/application.yaml
+++ b/4-example/application.yaml
@@ -0,0 +1,41 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: metrics-server
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  source:
+    repoURL: https://kubernetes-sigs.github.io/metrics-server/
+    targetRevision: 3.8.4
+    chart: metrics-server
+    helm:
+      version: v3
+      releaseName: my-metrics
+      passCredentials: false
+      parameters:
+        - name: "image.tag"
+          value: v0.6.2
+      values: |
+        defaultArgs:
+        - --cert-dir=/tmp
+        - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
+        - --kubelet-use-node-status-port
+        - --metric-resolution=15s
+        - --kubelet-insecure-tls
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: monitoring
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+      allowEmpty: false
+    syncOptions:
+      - Validate=true
+      - CreateNamespace=true
+      - PrunePropagationPolicy=foreground
+      - PruneLast=true
--- a/5-example/application.yaml
+++ b/5-example/application.yaml
@@ -0,0 +1,26 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: my-app-dev
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  source:
+    repoURL: git@github.com:antonputra/lesson-158-private.git
+    targetRevision: HEAD
+    path: environments/dev/my-app
+  destination:
+    server: https://kubernetes.default.svc
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+      allowEmpty: false
+    syncOptions:
+      - Validate=true
+      - CreateNamespace=false
+      - PrunePropagationPolicy=foreground
+      - PruneLast=true
--- a/5-example/git-repo-secret.yaml
+++ b/5-example/git-repo-secret.yaml
@@ -0,0 +1,20 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: lesson-158-private
+  namespace: argocd
+  labels:
+    argocd.argoproj.io/secret-type: repository
+stringData:
+  url: git@github.com:antonputra/lesson-158-private.git
+  sshPrivateKey: |
+    -----BEGIN OPENSSH PRIVATE KEY-----
+    b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+    QyNTUxOQAAACAvG2MZK7C4yJzkfQcunxQp2OpOluYI+pSJmdfL4HNrwwAAAJine2Aip3tg
+    IgAAAAtzc2gtZWQyNTUxOQAAACAvG2MZK7C4yJzkfQcunxQp2OpOluYI+pSJmdfL4HNrww
+    AAAEApkokq4ThivZHCdSZE+xQBI/DvJki6B7QhPQUpGfzTTS8bYxkrsLjInOR9By6fFCnY
+    6k6W5gj6lImZ18vgc2vDAAAAFWFyZ29jZEBhbnRvbnB1dHJhLmNvbQ==
+    -----END OPENSSH PRIVATE KEY-----
+  insecure: "false"
+  enableLfs: "true"
--- a/README.md
+++ b/README.md
@@ -1,2 +0,0 @@
-# argocd-001
-
--- a/argocd-defaults.yaml
+++ b/argocd-defaults.yaml
--- a/lesson-158-private/README.md
+++ b/lesson-158-private/README.md
@@ -0,0 +1 @@
+# lesson-158-private
--- a/lesson-158-private/environments/dev/my-app/kustomization.yaml
+++ b/lesson-158-private/environments/dev/my-app/kustomization.yaml
@@ -0,0 +1,7 @@
+---
+namespace: staging
+images:
+  - name: aputra/nginx
+    newTag: v0.1.0
+resources:
+  - ../../../my-app-base
--- a/lesson-158-private/my-app-base/deployment.yaml
+++ b/lesson-158-private/my-app-base/deployment.yaml
@@ -0,0 +1,21 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+        - name: nginx
+          imagePullPolicy: Always
+          image: aputra/nginx
+          ports:
+            - containerPort: 80
--- a/lesson-158-private/my-app-base/kustomization.yaml
+++ b/lesson-158-private/my-app-base/kustomization.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+metadata:
+  name: arbitrary
+resources:
+  - deployment.yaml
+  - namespace.yaml
--- a/lesson-158-private/my-app-base/namespace.yaml
+++ b/lesson-158-private/my-app-base/namespace.yaml
@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: default
--- a/lesson-158-private/my-app/0-namespace.yaml
+++ b/lesson-158-private/my-app/0-namespace.yaml
@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: foo
--- a/lesson-158-private/my-app/1-deployment.yaml
+++ b/lesson-158-private/my-app/1-deployment.yaml
@@ -0,0 +1,26 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx
+  namespace: foo
+  labels:
+    app: nginx
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+        - name: nginx
+          imagePullPolicy: Always
+          image: aputra/nginx-private:v0.1.0
+          ports:
+            - containerPort: 80
+      imagePullSecrets:
+        - name: dockerconfigjson
--- a/lesson-158/README.md
+++ b/lesson-158/README.md
@@ -0,0 +1 @@
+# lesson-158
--- a/lesson-158/environments/staging/apps/my-app.yaml
+++ b/lesson-158/environments/staging/apps/my-app.yaml
@@ -0,0 +1,26 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: my-app-foo
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  source:
+    repoURL: https://github.com/antonputra/lesson-158.git
+    targetRevision: HEAD
+    path: environments/staging/my-app
+  destination:
+    server: https://kubernetes.default.svc
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+      allowEmpty: false
+    syncOptions:
+      - Validate=true
+      - CreateNamespace=false
+      - PrunePropagationPolicy=foreground
+      - PruneLast=true
--- a/lesson-158/environments/staging/apps/second-app.yaml
+++ b/lesson-158/environments/staging/apps/second-app.yaml
@@ -0,0 +1,26 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: second-app-bar
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  source:
+    repoURL: https://github.com/antonputra/lesson-158.git
+    targetRevision: HEAD
+    path: environments/staging/second-app
+  destination:
+    server: https://kubernetes.default.svc
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+      allowEmpty: false
+    syncOptions:
+      - Validate=true
+      - CreateNamespace=false
+      - PrunePropagationPolicy=foreground
+      - PruneLast=true
--- a/lesson-158/environments/staging/my-app/0-namespace.yaml
+++ b/lesson-158/environments/staging/my-app/0-namespace.yaml
@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: foo
--- a/lesson-158/environments/staging/my-app/1-deployment.yaml
+++ b/lesson-158/environments/staging/my-app/1-deployment.yaml
@@ -0,0 +1,23 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx
+  namespace: foo
+  labels:
+    app: nginx
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+        - name: nginx
+          image: aputra/nginx:v0.1.3
+          ports:
+            - containerPort: 80
--- a/lesson-158/environments/staging/second-app/0-namespace.yaml
+++ b/lesson-158/environments/staging/second-app/0-namespace.yaml
@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: bar
--- a/lesson-158/environments/staging/second-app/1-deployment.yaml
+++ b/lesson-158/environments/staging/second-app/1-deployment.yaml
@@ -0,0 +1,23 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx
+  namespace: bar
+  labels:
+    app: nginx
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+        - name: nginx
+          image: aputra/nginx:v0.1.3
+          ports:
+            - containerPort: 80
--- a/metrics-server-defaults.yaml
+++ b/metrics-server-defaults.yaml
@@ -0,0 +1,151 @@
+# Default values for metrics-server.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+image:
+  repository: registry.k8s.io/metrics-server/metrics-server
+  # Overrides the image tag whose default is v{{ .Chart.AppVersion }}
+  tag: ""
+  pullPolicy: IfNotPresent
+
+imagePullSecrets: []
+# - name: registrySecretName
+
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+  # The list of secrets mountable by this service account.
+  # See https://kubernetes.io/docs/reference/labels-annotations-taints/#enforce-mountable-secrets
+  secrets: []
+
+rbac:
+  # Specifies whether RBAC resources should be created
+  create: true
+  pspEnabled: false
+
+apiService:
+  # Specifies if the v1beta1.metrics.k8s.io API service should be created.
+  #
+  # You typically want this enabled! If you disable API service creation you have to
+  # manage it outside of this chart for e.g horizontal pod autoscaling to
+  # work with this release.
+  create: true
+  # Annotations to add to the API service
+  annotations: {}
+  # Specifies whether to skip TLS verification
+  insecureSkipTLSVerify: true
+  # The PEM encoded CA bundle for TLS verification
+  caBundle: ""
+
+commonLabels: {}
+podLabels: {}
+podAnnotations: {}
+
+podSecurityContext: {}
+
+securityContext:
+  allowPrivilegeEscalation: false
+  readOnlyRootFilesystem: true
+  runAsNonRoot: true
+  runAsUser: 1000
+
+priorityClassName: system-cluster-critical
+
+containerPort: 4443
+
+hostNetwork:
+  # Specifies if metrics-server should be started in hostNetwork mode.
+  #
+  # You would require this enabled if you use alternate overlay networking for pods and
+  # API server unable to communicate with metrics-server. As an example, this is required
+  # if you use Weave network on EKS
+  enabled: false
+
+replicas: 1
+
+updateStrategy: {}
+#   type: RollingUpdate
+#   rollingUpdate:
+#     maxSurge: 0
+#     maxUnavailable: 1
+
+podDisruptionBudget:
+  # https://kubernetes.io/docs/tasks/run-application/configure-pdb/
+  enabled: false
+  minAvailable:
+  maxUnavailable:
+
+defaultArgs:
+  - --cert-dir=/tmp
+  - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
+  - --kubelet-use-node-status-port
+  - --metric-resolution=15s
+
+args: []
+
+livenessProbe:
+  httpGet:
+    path: /livez
+    port: https
+    scheme: HTTPS
+  initialDelaySeconds: 0
+  periodSeconds: 10
+  failureThreshold: 3
+
+readinessProbe:
+  httpGet:
+    path: /readyz
+    port: https
+    scheme: HTTPS
+  initialDelaySeconds: 20
+  periodSeconds: 10
+  failureThreshold: 3
+
+service:
+  type: ClusterIP
+  port: 443
+  annotations: {}
+  labels: {}
+  #  Add these labels to have metrics-server show up in `kubectl cluster-info`
+  #  kubernetes.io/cluster-service: "true"
+  #  kubernetes.io/name: "Metrics-server"
+
+metrics:
+  enabled: false
+
+serviceMonitor:
+  enabled: false
+  additionalLabels: {}
+  interval: 1m
+  scrapeTimeout: 10s
+  metricRelabelings: []
+  relabelings: []
+
+# See https://github.com/kubernetes-sigs/metrics-server#scaling
+resources: {}
+
+extraVolumeMounts: []
+
+extraVolumes: []
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+topologySpreadConstraints: []
+
+# Annotations to add to the deployment
+deploymentAnnotations: {}
+
+schedulerName: ""
+
--- a/terraform/.terraform.lock.hcl
+++ b/terraform/.terraform.lock.hcl
@@ -0,0 +1,21 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/helm" {
+  version = "2.9.0"
+  hashes = [
+    "h1:fEDID5J/9ret/sLpOSNAu98F/ZBEZhOmL0Leut7m5JU=",
+    "zh:1471cb45908b426104687c962007b2980cfde294fa3530fabc4798ce9fb6c20c",
+    "zh:1572e9cec20591ec08ece797b3630802be816a5adde36ca91a93359f2430b130",
+    "zh:1b10ae03cf5ab1ae21ffaac2251de99797294ae4242b156b3b0beebbdbcb7e0f",
+    "zh:3bd043b68de967d8d0b549d3f71485193d81167d5656f5507d743dedfe60e352",
+    "zh:538911921c729185900176cc22eb8edcb822bc8d22b9ebb48103a1d9bb53cc38",
+    "zh:69a6a2d40c0463662c3fb1621e37a3ee65024ea4479adf4d5f7f19fb0dea48c2",
+    "zh:94b58daa0c351a49d01f6d8f1caae46c95c2d6c3f29753e2b9ea3e3c0e7c9ab4",
+    "zh:9d0543331a4a32241e1ab5457f30b41df745acb235a0391205c725a5311e4809",
+    "zh:a6789306524ca121512a95e873e3949b4175114a6c5db32bed2df2551a79368f",
+    "zh:d146b94cd9502cca7f2044797a328d71c7ec2a98e2d138270d8a28c872f04289",
+    "zh:d14ccd14511f0446eacf43a9243f22de7c1427ceb059cf67d7bf9803be2cb15d",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}
--- a/terraform/0-provider.tf
+++ b/terraform/0-provider.tf
@@ -0,0 +1,17 @@
+provider "helm" {
+  kubernetes {
+    config_path = "~/.kube/config"
+  }
+}
+
+# provider "helm" {
+#   kubernetes {
+#     host                   = aws_eks_cluster.demo.endpoint
+#     cluster_ca_certificate = base64decode(aws_eks_cluster.demo.certificate_authority[0].data)
+#     exec {
+#       api_version = "client.authentication.k8s.io/v1beta1"
+#       args        = ["eks", "get-token", "--cluster-name", aws_eks_cluster.demo.id]
+#       command     = "aws"
+#     }
+#   }
+# }
--- a/terraform/1-argocd.tf
+++ b/terraform/1-argocd.tf
@@ -0,0 +1,12 @@
+# helm install argocd -n argocd --create-namespace argo/argo-cd --version 3.35.4 -f terraform/values/argocd.yaml
+resource "helm_release" "argocd" {
+  name = "argocd"
+
+  repository       = "https://argoproj.github.io/argo-helm"
+  chart            = "argo-cd"
+  namespace        = "argocd"
+  create_namespace = true
+  version          = "3.35.4"
+
+  values = [file("values/argocd.yaml")]
+}
--- a/terraform/values/argocd.yaml
+++ b/terraform/values/argocd.yaml
@@ -0,0 +1,8 @@
+---
+global:
+  image:
+    tag: "v2.6.6"
+
+server:
+  extraArgs:
+    - --insecure
--- a/upgrade.sh
+++ b/upgrade.sh
@@ -0,0 +1,33 @@
+#!/bin/bash
+
+# exit when any command fails
+set -e
+
+new_ver=$1
+
+echo "new version: $new_ver"
+
+# Simulate release of the new docker images
+docker tag nginx:1.23.3 aputra/nginx:$new_ver
+
+# Push new version to dockerhub
+docker push aputra/nginx:$new_ver
+
+# Create temporary folder
+tmp_dir=$(mktemp -d)
+echo $tmp_dir
+
+# Clone GitHub repo
+git clone git@github.com:antonputra/lesson-158.git $tmp_dir
+
+# Update image tag
+sed -i '' -e "s/aputra\/nginx:.*/aputra\/nginx:$new_ver/g" $tmp_dir/my-app/1-deployment.yaml
+
+# Commit and push
+cd $tmp_dir
+git add .
+git commit -m "Update image to $new_ver"
+git push
+
+# Optionally on build agents - remove folder
+rm -rf $tmp_dir