diff --git a/.github/workflows/e2e-parallel-destroy.yml b/.github/workflows/e2e-parallel-destroy.yml index b7804a9cf6..85b70c810e 100644 --- a/.github/workflows/e2e-parallel-destroy.yml +++ b/.github/workflows/e2e-parallel-destroy.yml @@ -28,7 +28,7 @@ jobs: include: - example_path: patterns/agones-game-controller - example_path: patterns/fargate-serverless - - example_path: patterns/argocd + - example_path: patterns/gitops/getting-started-argocd - example_path: patterns/ipv6-eks-cluster - example_path: patterns/karpenter - example_path: patterns/multi-tenancy-with-teams @@ -65,6 +65,7 @@ jobs: run: | terraform init -upgrade=true terraform destroy -target=module.eks_blueprints_kubernetes_addons -no-color -input=false -auto-approve - terraform destroy -target=module.eks_blueprints -no-color -input=false -auto-approve + terraform destroy -target=module.eks_blueprints_addons -no-color -input=false -auto-approve + terraform destroy -target=module.eks_blueprints -no-color -input=false -auto-approve terraform destroy -target=module.eks -no-color -input=false -auto-approve terraform destroy -no-color -input=false -auto-approve diff --git a/.github/workflows/e2e-parallel-full.yml b/.github/workflows/e2e-parallel-full.yml index b711334bb3..45d7f623af 100644 --- a/.github/workflows/e2e-parallel-full.yml +++ b/.github/workflows/e2e-parallel-full.yml @@ -62,7 +62,7 @@ jobs: include: - example_path: patterns/agones-game-controller - example_path: patterns/fargate-serverless - - example_path: patterns/argocd + - example_path: patterns/gitops/getting-started-argocd - example_path: patterns/ipv6-eks-cluster - example_path: patterns/karpenter - example_path: patterns/multi-tenancy-with-teams @@ -115,6 +115,7 @@ jobs: terraform apply -target=module.eks_blueprints -no-color -input=false -auto-approve terraform apply -target=module.eks -no-color -input=false -auto-approve terraform apply -target=module.eks_blueprints_kubernetes_addons -no-color -input=false -auto-approve + terraform apply -target=module.eks_blueprints_addons -no-color -input=false -auto-approve terraform apply -no-color -input=false -auto-approve - name: Terraform Destroy @@ -125,9 +126,10 @@ jobs: export AWS_CSM_ENABLED=true export AWS_CSM_PORT=31000 export AWS_CSM_HOST=127.0.0.1 - terraform destroy -target=module.eks_blueprints_kubernetes_addons -no-color -input=false -auto-approve - terraform destroy -target=module.eks_blueprints -no-color -input=false -auto-approve - terraform destroy -target=module.eks -no-color -input=false -auto-approve + terraform destroy -target=module.eks_blueprints_kubernetes_addons -no-color -input=false -auto-approve + terraform destroy -target=module.eks_blueprints_addons -no-color -input=false -auto-approve + terraform destroy -target=module.eks_blueprints -no-color -input=false -auto-approve + terraform destroy -target=module.eks -no-color -input=false -auto-approve terraform destroy -no-color -input=false -auto-approve - name: Fail if TF apply failed diff --git a/docs/patterns/argocd.md b/docs/patterns/argocd.md deleted file mode 100644 index d9fd12c2e7..0000000000 --- a/docs/patterns/argocd.md +++ /dev/null @@ -1,7 +0,0 @@ ---- -title: ArgoCD ---- - -{% - include-markdown "../../patterns/argocd/README.md" -%} diff --git a/docs/patterns/gitops-getting-started-argocd.md b/docs/patterns/gitops-getting-started-argocd.md new file mode 100644 index 0000000000..1492cc377a --- /dev/null +++ b/docs/patterns/gitops-getting-started-argocd.md @@ -0,0 +1,7 @@ +--- +title: GitOps Getting Started (ArgoCD) +--- + +{% + include-markdown "../../patterns/gitops/getting-started-argocd/README.md" +%} diff --git a/patterns/argocd/README.md b/patterns/argocd/README.md deleted file mode 100644 index 507c96553f..0000000000 --- a/patterns/argocd/README.md +++ /dev/null @@ -1,117 +0,0 @@ -# Amazon EKS Cluster w/ ArgoCD - -This pattern demonstrates an EKS cluster that uses ArgoCD for application deployments. - -- [Documentation](https://argo-cd.readthedocs.io/en/stable/) -- [EKS Blueprints Add-ons Repo](https://github.com/aws-samples/eks-blueprints-add-ons) -- [EKS Blueprints Workloads Repo](https://github.com/aws-samples/eks-blueprints-workloads) - -## Deploy - -See [here](https://aws-ia.github.io/terraform-aws-eks-blueprints/getting-started/#prerequisites) for the prerequisites and steps to deploy this pattern. - -## Validate - -1. List out the pods running currently: - - ```sh - kubectl get pods -A - ``` - - ```text - NAMESPACE NAME READY STATUS RESTARTS AGE - argo-rollouts argo-rollouts-5d47ccb8d4-854s6 1/1 Running 0 23h - argo-rollouts argo-rollouts-5d47ccb8d4-srjk9 1/1 Running 0 23h - argocd argo-cd-argocd-application-controller-0 1/1 Running 0 24h - argocd argo-cd-argocd-applicationset-controller-547f9cfd68-kp89p 1/1 Running 0 24h - argocd argo-cd-argocd-dex-server-55765f7cd7-t8r2f 1/1 Running 0 24h - argocd argo-cd-argocd-notifications-controller-657df4dbcb-p596r 1/1 Running 0 24h - argocd argo-cd-argocd-repo-server-7d4dddf886-2vmgt 1/1 Running 0 24h - argocd argo-cd-argocd-repo-server-7d4dddf886-bm7tz 1/1 Running 0 24h - argocd argo-cd-argocd-server-775ddf74b8-8jzvc 1/1 Running 0 24h - argocd argo-cd-argocd-server-775ddf74b8-z6lz6 1/1 Running 0 24h - argocd argo-cd-redis-ha-haproxy-6d7b7d4656-b8bt8 1/1 Running 0 24h - argocd argo-cd-redis-ha-haproxy-6d7b7d4656-mgjx5 1/1 Running 0 24h - argocd argo-cd-redis-ha-haproxy-6d7b7d4656-qsbgw 1/1 Running 0 24h - argocd argo-cd-redis-ha-server-0 4/4 Running 0 24h - argocd argo-cd-redis-ha-server-1 4/4 Running 0 24h - argocd argo-cd-redis-ha-server-2 4/4 Running 0 24h - cert-manager cert-manager-586ccb6656-2v8mf 1/1 Running 0 23h - cert-manager cert-manager-cainjector-99d64d795-2gwnj 1/1 Running 0 23h - cert-manager cert-manager-webhook-8d87786cb-24kww 1/1 Running 0 23h - geolocationapi geolocationapi-85599c5c74-rqqqs 2/2 Running 0 25m - geolocationapi geolocationapi-85599c5c74-whsp6 2/2 Running 0 25m - geordie downstream0-7f6ff946b6-r8sxc 1/1 Running 0 25m - geordie downstream1-64c7db6f9-rsbk5 1/1 Running 0 25m - geordie frontend-646bfb947c-wshpb 1/1 Running 0 25m - geordie redis-server-6bd7885d5d-s7rqw 1/1 Running 0 25m - geordie yelb-appserver-5d89946ffd-vkxt9 1/1 Running 0 25m - geordie yelb-db-697bd9f9d9-2t4b6 1/1 Running 0 25m - geordie yelb-ui-75ff8b96ff-fh6bw 1/1 Running 0 25m - karpenter karpenter-7b99fb785d-87k6h 1/1 Running 0 106m - karpenter karpenter-7b99fb785d-lkq9l 1/1 Running 0 106m - kube-system aws-load-balancer-controller-6cf9bdbfdf-h7bzb 1/1 Running 0 20m - kube-system aws-load-balancer-controller-6cf9bdbfdf-vfbrj 1/1 Running 0 20m - kube-system aws-node-cvjmq 1/1 Running 0 24h - kube-system aws-node-fw7zc 1/1 Running 0 24h - kube-system aws-node-l7589 1/1 Running 0 24h - kube-system aws-node-nll82 1/1 Running 0 24h - kube-system aws-node-zhz8l 1/1 Running 0 24h - kube-system coredns-7975d6fb9b-5sf7r 1/1 Running 0 24h - kube-system coredns-7975d6fb9b-k78dz 1/1 Running 0 24h - kube-system ebs-csi-controller-5cd4944c94-7jwlb 6/6 Running 0 24h - kube-system ebs-csi-controller-5cd4944c94-8tcsg 6/6 Running 0 24h - kube-system ebs-csi-node-66jmx 3/3 Running 0 24h - kube-system ebs-csi-node-b2pw4 3/3 Running 0 24h - kube-system ebs-csi-node-g4v9z 3/3 Running 0 24h - kube-system ebs-csi-node-k7nvp 3/3 Running 0 24h - kube-system ebs-csi-node-tfq9q 3/3 Running 0 24h - kube-system kube-proxy-4x8vm 1/1 Running 0 24h - kube-system kube-proxy-gtlpm 1/1 Running 0 24h - kube-system kube-proxy-vfnbf 1/1 Running 0 24h - kube-system kube-proxy-z9wdh 1/1 Running 0 24h - kube-system kube-proxy-zzx9m 1/1 Running 0 24h - kube-system metrics-server-7f4db5fd87-9n6dv 1/1 Running 0 23h - kube-system metrics-server-7f4db5fd87-t8wxg 1/1 Running 0 23h - kube-system metrics-server-7f4db5fd87-xcxlv 1/1 Running 0 23h - team-burnham burnham-66fccc4fb5-k4qtm 1/1 Running 0 25m - team-burnham burnham-66fccc4fb5-rrf4j 1/1 Running 0 25m - team-burnham burnham-66fccc4fb5-s9kbr 1/1 Running 0 25m - team-burnham nginx-7d47cfdff7-lzdjb 1/1 Running 0 25m - team-riker deployment-2048-6f7c78f959-h76rx 1/1 Running 0 25m - team-riker deployment-2048-6f7c78f959-skmrr 1/1 Running 0 25m - team-riker deployment-2048-6f7c78f959-tn9dw 1/1 Running 0 25m - team-riker guestbook-ui-c86c478bd-zg2z4 1/1 Running 0 25m - ``` - -2. Access the ArgoCD UI by running the following command: - - ```sh - kubectl port-forward svc/argo-cd-argocd-server 8080:443 -n argocd - ``` - - Then, open your browser and navigate to `https://localhost:8080/` - Username should be `admin`. - - The password will be the generated password by `random_password` resource, stored in AWS Secrets Manager. - You can easily retrieve the password by running the following command: - - ```sh - aws secretsmanager get-secret-value --secret-id --region - ``` - - Replace `` with the name of the secret name, if you haven't changed it then it should be `argocd`, also, make sure to replace `` with the region you are using. - - Pickup the the secret from the `SecretString`. - -## Destroy - -First, we need to ensure that the ArgoCD applications are properly cleaned up from the cluster, this can be achieved in multiple ways: - -- Disabling the `argocd_applications` configuration and running `terraform apply` again -- Deleting the apps using `argocd` [cli](https://argo-cd.readthedocs.io/en/stable/user-guide/app_deletion/#deletion-using-argocd) -- Deleting the apps using `kubectl` following [ArgoCD guidance](https://argo-cd.readthedocs.io/en/stable/user-guide/app_deletion/#deletion-using-kubectl) - -{% - include-markdown "../../docs/_partials/destroy.md" -%} diff --git a/patterns/argocd/main.tf b/patterns/argocd/main.tf deleted file mode 100644 index 20438794d4..0000000000 --- a/patterns/argocd/main.tf +++ /dev/null @@ -1,188 +0,0 @@ -provider "aws" { - region = local.region -} - -provider "kubernetes" { - host = module.eks.cluster_endpoint - cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data) - - exec { - api_version = "client.authentication.k8s.io/v1beta1" - command = "aws" - # This requires the awscli to be installed locally where Terraform is executed - args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name] - } -} - -provider "helm" { - kubernetes { - host = module.eks.cluster_endpoint - cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data) - - exec { - api_version = "client.authentication.k8s.io/v1beta1" - command = "aws" - # This requires the awscli to be installed locally where Terraform is executed - args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name] - } - } -} - -provider "bcrypt" {} - -data "aws_availability_zones" "available" {} - -locals { - name = basename(path.cwd) - region = "us-west-2" - - vpc_cidr = "10.0.0.0/16" - azs = slice(data.aws_availability_zones.available.names, 0, 3) - - tags = { - Blueprint = local.name - GithubRepo = "github.com/aws-ia/terraform-aws-eks-blueprints" - } -} - -################################################################################ -# Cluster -################################################################################ - -module "eks" { - source = "terraform-aws-modules/eks/aws" - version = "~> 19.16" - - cluster_name = local.name - cluster_version = "1.27" - cluster_endpoint_public_access = true - - # EKS Addons - cluster_addons = { - coredns = {} - kube-proxy = {} - vpc-cni = {} - } - - vpc_id = module.vpc.vpc_id - subnet_ids = module.vpc.private_subnets - - eks_managed_node_groups = { - initial = { - instance_types = ["m5.large"] - - min_size = 3 - max_size = 10 - desired_size = 5 - } - } - - tags = local.tags -} - -################################################################################ -# EKS Blueprints Addons -################################################################################ - -module "eks_blueprints_addons" { - # Users should pin the version to the latest available release - # tflint-ignore: terraform_module_pinned_source - source = "github.com/aws-ia/terraform-aws-eks-blueprints//modules/kubernetes-addons?ref=v4.32.1" - - eks_cluster_id = module.eks.cluster_name - eks_cluster_endpoint = module.eks.cluster_endpoint - eks_cluster_version = module.eks.cluster_version - eks_oidc_provider = module.eks.oidc_provider - eks_oidc_provider_arn = module.eks.oidc_provider_arn - - enable_argocd = true - # This example shows how to set default ArgoCD Admin Password using SecretsManager with Helm Chart set_sensitive values. - argocd_helm_config = { - set_sensitive = [ - { - name = "configs.secret.argocdServerAdminPassword" - value = bcrypt_hash.argo.id - } - ] - } - - argocd_manage_add_ons = true # Indicates that ArgoCD is responsible for managing/deploying add-ons - argocd_applications = { - addons = { - path = "chart" - repo_url = "https://github.com/aws-samples/eks-blueprints-add-ons.git" - add_on_application = true - } - workloads = { - path = "envs/dev" - repo_url = "https://github.com/aws-samples/eks-blueprints-workloads.git" - add_on_application = false - } - } - - # Add-ons - enable_amazon_eks_aws_ebs_csi_driver = true - enable_aws_load_balancer_controller = true - enable_cert_manager = true - enable_karpenter = true - enable_metrics_server = true - enable_argo_rollouts = true - - tags = local.tags -} - -#--------------------------------------------------------------- -# ArgoCD Admin Password credentials with Secrets Manager -# Login to AWS Secrets manager with the same role as Terraform to extract the ArgoCD admin password with the secret name as "argocd" -#--------------------------------------------------------------- -resource "random_password" "argocd" { - length = 16 - special = true - override_special = "!#$%&*()-_=+[]{}<>:?" -} - -# Argo requires the password to be bcrypt, we use custom provider of bcrypt, -# as the default bcrypt function generates diff for each terraform plan -resource "bcrypt_hash" "argo" { - cleartext = random_password.argocd.result -} - -#tfsec:ignore:aws-ssm-secret-use-customer-key -resource "aws_secretsmanager_secret" "argocd" { - name = "argocd" - recovery_window_in_days = 0 # Set to zero for this example to force delete during Terraform destroy -} - -resource "aws_secretsmanager_secret_version" "argocd" { - secret_id = aws_secretsmanager_secret.argocd.id - secret_string = random_password.argocd.result -} - -################################################################################ -# Supporting Resources -################################################################################ - -module "vpc" { - source = "terraform-aws-modules/vpc/aws" - version = "~> 5.0" - - name = local.name - cidr = local.vpc_cidr - - azs = local.azs - private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)] - public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)] - - enable_nat_gateway = true - single_nat_gateway = true - - public_subnet_tags = { - "kubernetes.io/role/elb" = 1 - } - - private_subnet_tags = { - "kubernetes.io/role/internal-elb" = 1 - } - - tags = local.tags -} diff --git a/patterns/argocd/outputs.tf b/patterns/argocd/outputs.tf deleted file mode 100644 index d79912bf44..0000000000 --- a/patterns/argocd/outputs.tf +++ /dev/null @@ -1,4 +0,0 @@ -output "configure_kubectl" { - description = "Configure kubectl: make sure you're logged in with the correct AWS profile and run the following command to update your kubeconfig" - value = "aws eks update-kubeconfig --name ${module.eks.cluster_name} --alias ${module.eks.cluster_name}" -} diff --git a/patterns/argocd/variables.tf b/patterns/argocd/variables.tf deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/patterns/gitops/getting-started-argocd/README.md b/patterns/gitops/getting-started-argocd/README.md new file mode 100644 index 0000000000..80c0e06663 --- /dev/null +++ b/patterns/gitops/getting-started-argocd/README.md @@ -0,0 +1,288 @@ +# ArgoCD on Amazon EKS + +This tutorial guides you through deploying an Amazon EKS cluster with addons configured via ArgoCD, employing the [GitOps Bridge Pattern](https://github.com/gitops-bridge-dev). + + + + +The [GitOps Bridge Pattern](https://github.com/gitops-bridge-dev) enables Kubernetes administrators to utilize Infrastructure as Code (IaC) and GitOps tools for deploying Kubernetes Addons and Workloads. Addons often depend on Cloud resources that are external to the cluster. The configuration metadata for these external resources is required by the Addons' Helm charts. While IaC is used to create these cloud resources, it is not used to install the Helm charts. Instead, the IaC tool stores this metadata either within GitOps resources in the cluster or in a Git repository. The GitOps tool then extracts these metadata values and passes them to the Helm chart during the Addon installation process. This mechanism forms the bridge between IaC and GitOps, hence the term "GitOps Bridge." + +Additional examples available on the [GitOps Bridge Pattern](https://github.com/gitops-bridge-dev): +- [argocd-ingress](https://github.com/gitops-bridge-dev/gitops-bridge/tree/main/argocd/iac/terraform/examples/eks/argocd-ingress) +- [aws-secrets-manager](https://github.com/gitops-bridge-dev/gitops-bridge/tree/main/argocd/iac/terraform/examples/eks/aws-secrets-manager) +- [crossplane](https://github.com/gitops-bridge-dev/gitops-bridge/tree/main/argocd/iac/terraform/examples/eks/crossplane) +- [external-secrets](https://github.com/gitops-bridge-dev/gitops-bridge/tree/main/argocd/iac/terraform/examples/eks/external-secrets) +- [multi-cluster/distributed](https://github.com/gitops-bridge-dev/gitops-bridge/tree/main/argocd/iac/terraform/examples/eks/multi-cluster/distributed) +- [multi-cluster/hub-spoke](https://github.com/gitops-bridge-dev/gitops-bridge/tree/main/argocd/iac/terraform/examples/eks/multi-cluster/hub-spoke) +- [multi-cluster/hub-spoke-shared](https://github.com/gitops-bridge-dev/gitops-bridge/tree/main/argocd/iac/terraform/examples/eks/multi-cluster/hub-spoke-shared) +- [private-git](https://github.com/gitops-bridge-dev/gitops-bridge/tree/main/argocd/iac/terraform/examples/eks/private-git) + + + +## Prerequisites +Before you begin, make sure you have the following command line tools installed: +- git +- terraform +- kubectl +- argocd + +## (Optional) Fork the GitOps git repositories +See the appendix section [Fork GitOps Repositories](#fork-gitops-repositories) for more info on the terraform variables to override. + + +## Deploy the EKS Cluster +Initialize Terraform and deploy the EKS cluster: +```shell +terraform init +terraform apply -target="module.vpc" -auto-approve +terraform apply -target="module.eks" -auto-approve +terraform apply -auto-approve +``` +Retrieve `kubectl` config, then execute the output command: +```shell +terraform output -raw configure_kubectl +``` +The expected output will have two lines you run in your terminal +```text +export KUBECONFIG="/tmp/getting-started-gitops" +aws eks --region us-west-2 update-kubeconfig --name getting-started-gitops +``` +>The first line sets the `KUBECONFIG` environment variable to a temporary file +that includes the cluster name. The second line uses the `aws` CLI to populate +that temporary file with the `kubectl` configuration. This approach offers the +advantage of not altering your existing `kubectl` context, allowing you to work +in other terminal windows without interference. + + +Terraform will add GitOps Bridge Metadata to the ArgoCD secret. +The annotations contain metadata for the addons' Helm charts and ArgoCD ApplicationSets. +```shell +kubectl get secret -n argocd -l argocd.argoproj.io/secret-type=cluster -o json | jq '.items[0].metadata.annotations' +``` +The output looks like the following: +```json +{ + "addons_repo_basepath": "argocd/", + "addons_repo_path": "bootstrap/control-plane/addons", + "addons_repo_revision": "main", + "addons_repo_url": "https://github.com/aws-samples/eks-blueprints-add-ons", + "aws_account_id": "0123456789", + "aws_cluster_name": "getting-started-gitops", + "aws_load_balancer_controller_iam_role_arn": "arn:aws:iam::0123456789:role/alb-controller", + "aws_load_balancer_controller_namespace": "kube-system", + "aws_load_balancer_controller_service_account": "aws-load-balancer-controller-sa", + "aws_region": "us-west-2", + "aws_vpc_id": "vpc-001d3f00151bbb731", + "cluster_name": "in-cluster", + "environment": "dev", + "workload_repo_basepath": "patterns/gitops/", + "workload_repo_path": "getting-started-argocd/k8s", + "workload_repo_revision": "main", + "workload_repo_url": "https://github.com/csantanapr/terraform-aws-eks-blueprints" +} +``` +The labels offer a straightforward way to enable or disable an addon in ArgoCD for the cluster. +```shell +kubectl get secret -n argocd -l argocd.argoproj.io/secret-type=cluster -o json | jq '.items[0].metadata.labels' | grep -v false | jq . +``` +The output looks like the following: +```json +{ + "argocd.argoproj.io/secret-type": "cluster", + "aws_cluster_name": "getting-started-gitops", + "cluster_name": "in-cluster", + "enable_argocd": "true", + "enable_aws_load_balancer_controller": "true", + "enable_metrics_server": "true", + "environment": "dev", + "kubernetes_version": "1.28" +} +``` + +## Deploy the Addons +Bootstrap the addons using ArgoCD: +```shell +kubectl apply -f bootstrap/addons.yaml +``` + +### Monitor GitOps Progress for Addons +Wait until all the ArgoCD applications' `HEALTH STATUS` is `Healthy`. +Use `Ctrl+C` or `Cmd+C` to exit the `watch` command. ArgoCD Applications +can take a couple of minutes in order to achieve the Healthy status. +```shell +watch kubectl get applications -n argocd +``` +The expected output should look like the following: +```text +NAME SYNC STATUS HEALTH STATUS +addon-in-cluster-argo-cd Synced Healthy +addon-in-cluster-aws-load-balancer-controller Synced Healthy +addon-in-cluster-metrics-server Synced Healthy +cluster-addons Synced Healthy +``` + +### Verify the Addons +Verify that the addons are ready: +```shell +kubectl get deployment -n kube-system \ + aws-load-balancer-controller \ + metrics-server +kubectl get deploy -n argocd \ + argo-cd-argocd-applicationset-controller \ + argo-cd-argocd-repo-server \ + argo-cd-argocd-server +``` +The expected output should look like the following: +```text +NAME READY UP-TO-DATE AVAILABLE AGE +aws-load-balancer-controller 2/2 2 2 7m21s +metrics-server 1/1 1 1 7m41s +argo-cd-argocd-applicationset-controller 1/1 1 1 109m +argo-cd-argocd-repo-server 1/1 1 1 109m +argo-cd-argocd-server 1/1 1 1 109m +``` + + +## (Optional) Access ArgoCD +Access to the ArgoCD's UI is completely optional, if you want to do it, +run the commands shown in the Terraform output as the example below: +```shell +terraform output -raw access_argocd +``` +The expected output should contain the `kubectl` config followed by `kubectl` command to retrieve +the URL, username, password to login into ArgoCD UI or CLI. +```text +echo "ArgoCD Username: admin" +echo "ArgoCD Password: $(kubectl get secrets argocd-initial-admin-secret -n argocd --template="{{index .data.password | base64decode}}")" +echo "ArgoCD URL: https://$(kubectl get svc -n argocd argo-cd-argocd-server -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')" +``` + +## Deploy the Workloads +Deploy a sample application located in [k8s/game-2048.yaml](k8s/game-2048.yaml) using ArgoCD: +```shell +kubectl apply -f bootstrap/workloads.yaml +``` + +### Monitor GitOps Progress for Workloads +Wait until all the ArgoCD applications' `HEALTH STATUS` is `Healthy`. +Use `Ctrl+C` or `Cmd+C` to exit the `watch` command. ArgoCD Applications +can take a couple of minutes in order to achieve the Healthy status. +```shell +watch kubectl get -n argocd applications workloads +``` +The expected output should look like the following: +```text +NAME SYNC STATUS HEALTH STATUS +workloads Synced Healthy +``` + +### Verify the Application +Verify that the application configuration is present and the pod is running: +```shell +kubectl get -n game-2048 deployments,service,ep,ingress +``` +The expected output should look like the following: +```text +NAME READY UP-TO-DATE AVAILABLE AGE +deployment.apps/game-2048 1/1 1 1 7h59m + +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +service/game-2048 ClusterIP 172.20.155.47 80/TCP 7h59m + +NAME ENDPOINTS AGE +endpoints/game-2048 10.0.13.64:80 7h59m + +NAME CLASS HOSTS ADDRESS PORTS AGE +ingress/game-2048 alb * k8s-<>.us-west-2.elb.amazonaws.com 80 7h59m +``` + +AWS Load Balancer can take a couple of minutes in order to be created. + +Run the following command and wait until and event for ingress `game-2048` contains `Successfully reconciled`. +Use `Ctrl+C` or `Cmd+C`to exit the `watch` command. +```shell +kubectl events -n game-2048 --for ingress/game-2048 --watch +``` +The expected output should look like the following: +```text +LAST SEEN TYPE REASON OBJECT MESSAGE +11m Normal SuccessfullyReconciled Ingress/game-2048 Successfully reconciled +``` + +### Access the Application using AWS Load Balancer +Verify the application endpoint health using `wget`: +```shell +kubectl exec -n game-2048 deploy/game-2048 -- \ +wget -S --spider $(kubectl get -n game-2048 ingress game-2048 -o jsonpath='{.status.loadBalancer.ingress[0].hostname}') +``` +The expected output should look like the following: +```text + HTTP/1.1 200 OK + Date: Wed, 01 Nov 2023 22:44:57 GMT + Content-Type: text/html + Content-Length: 3988 +``` +>A success response should contain `HTTP/1.1 200 OK`. + +Retrieve the ingress URL to access the application in your local web browser. +```shell +echo "Application URL: http://$(kubectl get -n game-2048 ingress game-2048 -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')" +``` + +### Container Metrics +Check the application's CPU and memory metrics: +```shell +kubectl top pods -n game-2048 +``` +The expected output should look like the following: +```text +NAME CPU(cores) MEMORY(bytes) +game-2048-66fb78b995-hqbjv 1m 2Mi +``` +Check the CPU and memory metrics for all pods for Addons and Workloads: +```shell +kubectl top pods -A +``` +The expected output should look like the following: +```text +NAMESPACE NAME CPU(cores) MEMORY(bytes) +argocd argo-cd-argocd-application-controller-0 43m 138Mi +argocd argo-cd-argocd-applicationset-controller-5db688844c-79skp 1m 25Mi +argocd argo-cd-argocd-dex-server-cd48d7bc-x7flf 1m 16Mi +argocd argo-cd-argocd-notifications-controller-7d7ccc6b9d-dg9r6 1m 17Mi +argocd argo-cd-argocd-redis-7f89c69877-6mmcj 2m 3Mi +argocd argo-cd-argocd-repo-server-644b9b5668-m9ddg 8m 62Mi +argocd argo-cd-argocd-server-57cbbd6f94-lp4wx 2m 26Mi +game-2048 game-2048-66fb78b995-hqbjv 1m 2Mi +kube-system aws-load-balancer-controller-8488df87c-4nxv6 2m 26Mi +kube-system aws-load-balancer-controller-8488df87c-zs4p6 1m 19Mi +kube-system aws-node-ck6vq 3m 57Mi +kube-system aws-node-fvvsg 3m 56Mi +kube-system coredns-59754897cf-5rlxp 1m 13Mi +kube-system coredns-59754897cf-fn7jb 1m 13Mi +kube-system kube-proxy-lzbdc 1m 11Mi +kube-system kube-proxy-pdvlm 1m 12Mi +kube-system metrics-server-5b76987ff-5gzsv 4m 17Mi +``` + +## Destroy the EKS Cluster +To tear down all the resources and the EKS cluster, run the following command: +```shell +./destroy.sh +``` + +## Appendix + +## Fork GitOps Repositories +To modify the `values.yaml` file for addons or the workload manifest files (.ie yaml), you'll need to fork two repositories: [aws-samples/eks-blueprints-add-ons](https://github.com/aws-samples/eks-blueprints-add-ons) for addons and [github.com/aws-ia/terraform-aws-eks-blueprints](https://github.com/aws-ia/terraform-aws-eks-blueprints) for workloads located in this pattern directory. + +After forking, update the following environment variables to point to your forks, replacing the default values. +```shell +export TF_VAR_gitops_addons_org=https://github.com/aws-samples +export TF_VAR_gitops_addons_repo=eks-blueprints-add-ons +export TF_VAR_gitops_addons_revision=main + +export TF_VAR_gitops_workload_org=https://github.com/aws-ia +export TF_VAR_gitops_workload_repo=terraform-aws-eks-blueprints +export TF_VAR_gitops_workload_revision=main +``` diff --git a/patterns/gitops/getting-started-argocd/bootstrap/addons.yaml b/patterns/gitops/getting-started-argocd/bootstrap/addons.yaml new file mode 100644 index 0000000000..e867a1c878 --- /dev/null +++ b/patterns/gitops/getting-started-argocd/bootstrap/addons.yaml @@ -0,0 +1,26 @@ +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: cluster-addons + namespace: argocd +spec: + syncPolicy: + preserveResourcesOnDeletion: true + generators: + - clusters: {} + template: + metadata: + name: cluster-addons + spec: + project: default + source: + repoURL: '{{metadata.annotations.addons_repo_url}}' + path: '{{metadata.annotations.addons_repo_basepath}}{{metadata.annotations.addons_repo_path}}' + targetRevision: '{{metadata.annotations.addons_repo_revision}}' + directory: + recurse: true + destination: + namespace: argocd + name: '{{name}}' + syncPolicy: + automated: {} diff --git a/patterns/gitops/getting-started-argocd/bootstrap/workloads.yaml b/patterns/gitops/getting-started-argocd/bootstrap/workloads.yaml new file mode 100644 index 0000000000..abebd17f9e --- /dev/null +++ b/patterns/gitops/getting-started-argocd/bootstrap/workloads.yaml @@ -0,0 +1,32 @@ +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: workloads + namespace: argocd +spec: + syncPolicy: + preserveResourcesOnDeletion: true + generators: + - clusters: {} + template: + metadata: + name: workloads + finalizers: + # This finalizer is for demo purposes, in production remove apps using argocd CLI "argocd app delete workload --cascade" + # When you invoke argocd app delete with --cascade, the finalizer is added automatically. + - resources-finalizer.argocd.argoproj.io + spec: + project: default + source: + repoURL: '{{metadata.annotations.workload_repo_url}}' + path: '{{metadata.annotations.workload_repo_basepath}}{{metadata.annotations.workload_repo_path}}' + targetRevision: '{{metadata.annotations.workload_repo_revision}}' + destination: + name: '{{name}}' + syncPolicy: + automated: + allowEmpty: true + syncOptions: + - CreateNamespace=true + retry: + limit: 60 diff --git a/patterns/gitops/getting-started-argocd/destroy.sh b/patterns/gitops/getting-started-argocd/destroy.sh new file mode 100755 index 0000000000..06f44bf77b --- /dev/null +++ b/patterns/gitops/getting-started-argocd/destroy.sh @@ -0,0 +1,28 @@ +#!/bin/bash + +set -uo pipefail + +SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" +ROOTDIR="$(cd ${SCRIPTDIR}/../..; pwd )" +[[ -n "${DEBUG:-}" ]] && set -x + +# Delete the Ingress/SVC before removing the addons +TMPFILE=$(mktemp) +terraform -chdir=$SCRIPTDIR output -raw configure_kubectl > "$TMPFILE" +# check if TMPFILE contains the string "No outputs found" +if [[ ! $(cat $TMPFILE) == *"No outputs found"* ]]; then + source "$TMPFILE" + kubectl delete -n argocd applicationset workloads + echo "Deleting ingress/svc for game-2048, takes a few minutes for Load Balancer to be deleted" + kubectl delete -n game-2048 ing game-2048 + kubectl delete -n argocd applicationset cluster-addons + kubectl delete -n argocd applicationset addons-argocd + echo "Deleting ingress/svc for argo-cd-argocd-server, takes a few minutes for Load Balancer to be deleted" + kubectl delete -n argocd svc argo-cd-argocd-server +fi + +terraform destroy -target="module.gitops_bridge_bootstrap" -auto-approve +terraform destroy -target="module.eks_blueprints_addons" -auto-approve +terraform destroy -target="module.eks" -auto-approve +terraform destroy -target="module.vpc" -auto-approve +terraform destroy -auto-approve diff --git a/patterns/gitops/getting-started-argocd/k8s/game-2048.yaml b/patterns/gitops/getting-started-argocd/k8s/game-2048.yaml new file mode 100644 index 0000000000..44e2d12e50 --- /dev/null +++ b/patterns/gitops/getting-started-argocd/k8s/game-2048.yaml @@ -0,0 +1,62 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: game-2048 +spec: {} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + namespace: game-2048 + name: game-2048 +spec: + selector: + matchLabels: + app.kubernetes.io/name: game-2048 + template: + metadata: + labels: + app.kubernetes.io/name: game-2048 + spec: + containers: + - image: public.ecr.aws/l6m2t8p7/docker-2048 + name: game-2048 + ports: + - containerPort: 80 + name: http +--- +apiVersion: v1 +kind: Service +metadata: + namespace: game-2048 + name: game-2048 +spec: + ports: + - name: http + port: 80 + targetPort: http + protocol: TCP + type: ClusterIP + selector: + app.kubernetes.io/name: game-2048 +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + namespace: game-2048 + name: game-2048 + annotations: + alb.ingress.kubernetes.io/scheme: internet-facing + alb.ingress.kubernetes.io/target-type: ip +spec: + ingressClassName: alb + rules: + - http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: game-2048 + port: + name: http \ No newline at end of file diff --git a/patterns/gitops/getting-started-argocd/main.tf b/patterns/gitops/getting-started-argocd/main.tf new file mode 100644 index 0000000000..a4a0413d89 --- /dev/null +++ b/patterns/gitops/getting-started-argocd/main.tf @@ -0,0 +1,261 @@ +provider "aws" { + region = local.region +} +data "aws_caller_identity" "current" {} +data "aws_availability_zones" "available" {} + +provider "helm" { + kubernetes { + host = module.eks.cluster_endpoint + cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data) + + exec { + api_version = "client.authentication.k8s.io/v1beta1" + command = "aws" + # This requires the awscli to be installed locally where Terraform is executed + args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name, "--region", local.region] + } + } +} + +provider "kubernetes" { + host = module.eks.cluster_endpoint + cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data) + + exec { + api_version = "client.authentication.k8s.io/v1beta1" + command = "aws" + # This requires the awscli to be installed locally where Terraform is executed + args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name, "--region", local.region] + } +} + +locals { + name = "getting-started-gitops" + region = var.region + + cluster_version = var.kubernetes_version + + vpc_cidr = var.vpc_cidr + azs = slice(data.aws_availability_zones.available.names, 0, 3) + + gitops_addons_url = "${var.gitops_addons_org}/${var.gitops_addons_repo}" + gitops_addons_basepath = var.gitops_addons_basepath + gitops_addons_path = var.gitops_addons_path + gitops_addons_revision = var.gitops_addons_revision + + gitops_workload_url = "${var.gitops_workload_org}/${var.gitops_workload_repo}" + gitops_workload_basepath = var.gitops_workload_basepath + gitops_workload_path = var.gitops_workload_path + gitops_workload_revision = var.gitops_workload_revision + + aws_addons = { + enable_cert_manager = try(var.addons.enable_cert_manager, false) + enable_aws_efs_csi_driver = try(var.addons.enable_aws_efs_csi_driver, false) + enable_aws_fsx_csi_driver = try(var.addons.enable_aws_fsx_csi_driver, false) + enable_aws_cloudwatch_metrics = try(var.addons.enable_aws_cloudwatch_metrics, false) + enable_aws_privateca_issuer = try(var.addons.enable_aws_privateca_issuer, false) + enable_cluster_autoscaler = try(var.addons.enable_cluster_autoscaler, false) + enable_external_dns = try(var.addons.enable_external_dns, false) + enable_external_secrets = try(var.addons.enable_external_secrets, false) + enable_aws_load_balancer_controller = try(var.addons.enable_aws_load_balancer_controller, false) + enable_fargate_fluentbit = try(var.addons.enable_fargate_fluentbit, false) + enable_aws_for_fluentbit = try(var.addons.enable_aws_for_fluentbit, false) + enable_aws_node_termination_handler = try(var.addons.enable_aws_node_termination_handler, false) + enable_karpenter = try(var.addons.enable_karpenter, false) + enable_velero = try(var.addons.enable_velero, false) + enable_aws_gateway_api_controller = try(var.addons.enable_aws_gateway_api_controller, false) + enable_aws_ebs_csi_resources = try(var.addons.enable_aws_ebs_csi_resources, false) + enable_aws_secrets_store_csi_driver_provider = try(var.addons.enable_aws_secrets_store_csi_driver_provider, false) + enable_ack_apigatewayv2 = try(var.addons.enable_ack_apigatewayv2, false) + enable_ack_dynamodb = try(var.addons.enable_ack_dynamodb, false) + enable_ack_s3 = try(var.addons.enable_ack_s3, false) + enable_ack_rds = try(var.addons.enable_ack_rds, false) + enable_ack_prometheusservice = try(var.addons.enable_ack_prometheusservice, false) + enable_ack_emrcontainers = try(var.addons.enable_ack_emrcontainers, false) + enable_ack_sfn = try(var.addons.enable_ack_sfn, false) + enable_ack_eventbridge = try(var.addons.enable_ack_eventbridge, false) + } + oss_addons = { + enable_argocd = try(var.addons.enable_argocd, true) + enable_argo_rollouts = try(var.addons.enable_argo_rollouts, false) + enable_argo_events = try(var.addons.enable_argo_events, false) + enable_argo_workflows = try(var.addons.enable_argo_workflows, false) + enable_cluster_proportional_autoscaler = try(var.addons.enable_cluster_proportional_autoscaler, false) + enable_gatekeeper = try(var.addons.enable_gatekeeper, false) + enable_gpu_operator = try(var.addons.enable_gpu_operator, false) + enable_ingress_nginx = try(var.addons.enable_ingress_nginx, false) + enable_kyverno = try(var.addons.enable_kyverno, false) + enable_kube_prometheus_stack = try(var.addons.enable_kube_prometheus_stack, false) + enable_metrics_server = try(var.addons.enable_metrics_server, false) + enable_prometheus_adapter = try(var.addons.enable_prometheus_adapter, false) + enable_secrets_store_csi_driver = try(var.addons.enable_secrets_store_csi_driver, false) + enable_vpa = try(var.addons.enable_vpa, false) + } + addons = merge( + local.aws_addons, + local.oss_addons, + { kubernetes_version = local.cluster_version }, + { aws_cluster_name = module.eks.cluster_name } + ) + + addons_metadata = merge( + module.eks_blueprints_addons.gitops_metadata, + { + aws_cluster_name = module.eks.cluster_name + aws_region = local.region + aws_account_id = data.aws_caller_identity.current.account_id + aws_vpc_id = module.vpc.vpc_id + }, + { + addons_repo_url = local.gitops_addons_url + addons_repo_basepath = local.gitops_addons_basepath + addons_repo_path = local.gitops_addons_path + addons_repo_revision = local.gitops_addons_revision + }, + { + workload_repo_url = local.gitops_workload_url + workload_repo_basepath = local.gitops_workload_basepath + workload_repo_path = local.gitops_workload_path + workload_repo_revision = local.gitops_workload_revision + } + ) + + argocd_app_of_appsets_addons = var.enable_gitops_auto_addons ? { + addons = file("${path.module}/bootstrap/addons.yaml") + } : {} + argocd_app_of_appsets_workloads = var.enable_gitops_auto_workloads ? { + workloads = file("${path.module}/bootstrap/workloads.yaml") + } : {} + + argocd_apps = merge(local.argocd_app_of_appsets_addons, local.argocd_app_of_appsets_workloads) + + + tags = { + Blueprint = local.name + GithubRepo = "github.com/aws-ia/terraform-aws-eks-blueprints" + } +} + +################################################################################ +# GitOps Bridge: Bootstrap +################################################################################ +module "gitops_bridge_bootstrap" { + source = "github.com/gitops-bridge-dev/gitops-bridge-argocd-bootstrap-terraform?ref=v2.0.0" + + cluster = { + metadata = local.addons_metadata + addons = local.addons + } + apps = local.argocd_apps +} + +################################################################################ +# EKS Blueprints Addons +################################################################################ +module "eks_blueprints_addons" { + source = "aws-ia/eks-blueprints-addons/aws" + version = "~> 1.0" + + cluster_name = module.eks.cluster_name + cluster_endpoint = module.eks.cluster_endpoint + cluster_version = module.eks.cluster_version + oidc_provider_arn = module.eks.oidc_provider_arn + + # Using GitOps Bridge + create_kubernetes_resources = false + + # EKS Blueprints Addons + enable_cert_manager = local.aws_addons.enable_cert_manager + enable_aws_efs_csi_driver = local.aws_addons.enable_aws_efs_csi_driver + enable_aws_fsx_csi_driver = local.aws_addons.enable_aws_fsx_csi_driver + enable_aws_cloudwatch_metrics = local.aws_addons.enable_aws_cloudwatch_metrics + enable_aws_privateca_issuer = local.aws_addons.enable_aws_privateca_issuer + enable_cluster_autoscaler = local.aws_addons.enable_cluster_autoscaler + enable_external_dns = local.aws_addons.enable_external_dns + enable_external_secrets = local.aws_addons.enable_external_secrets + enable_aws_load_balancer_controller = local.aws_addons.enable_aws_load_balancer_controller + enable_fargate_fluentbit = local.aws_addons.enable_fargate_fluentbit + enable_aws_for_fluentbit = local.aws_addons.enable_aws_for_fluentbit + enable_aws_node_termination_handler = local.aws_addons.enable_aws_node_termination_handler + enable_karpenter = local.aws_addons.enable_karpenter + enable_velero = local.aws_addons.enable_velero + enable_aws_gateway_api_controller = local.aws_addons.enable_aws_gateway_api_controller + + tags = local.tags +} + +################################################################################ +# EKS Cluster +################################################################################ +#tfsec:ignore:aws-eks-enable-control-plane-logging +module "eks" { + source = "terraform-aws-modules/eks/aws" + version = "~> 19.13" + + cluster_name = local.name + cluster_version = local.cluster_version + cluster_endpoint_public_access = true + + + vpc_id = module.vpc.vpc_id + subnet_ids = module.vpc.private_subnets + + eks_managed_node_groups = { + initial = { + instance_types = ["m5.large"] + + min_size = 1 + max_size = 3 + desired_size = 2 + } + } + # EKS Addons + cluster_addons = { + coredns = {} + kube-proxy = {} + vpc-cni = { + # Specify the VPC CNI addon should be deployed before compute to ensure + # the addon is configured before data plane compute resources are created + # See README for further details + before_compute = true + most_recent = true # To ensure access to the latest settings provided + configuration_values = jsonencode({ + env = { + # Reference docs https://docs.aws.amazon.com/eks/latest/userguide/cni-increase-ip-addresses.html + ENABLE_PREFIX_DELEGATION = "true" + WARM_PREFIX_TARGET = "1" + } + }) + } + } + tags = local.tags +} + +################################################################################ +# Supporting Resources +################################################################################ +module "vpc" { + source = "terraform-aws-modules/vpc/aws" + version = "~> 5.0" + + name = local.name + cidr = local.vpc_cidr + + azs = local.azs + private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)] + public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)] + + enable_nat_gateway = true + single_nat_gateway = true + + public_subnet_tags = { + "kubernetes.io/role/elb" = 1 + } + + private_subnet_tags = { + "kubernetes.io/role/internal-elb" = 1 + } + + tags = local.tags +} diff --git a/patterns/gitops/getting-started-argocd/outputs.tf b/patterns/gitops/getting-started-argocd/outputs.tf new file mode 100644 index 0000000000..d4ecfbf1fe --- /dev/null +++ b/patterns/gitops/getting-started-argocd/outputs.tf @@ -0,0 +1,33 @@ +output "configure_kubectl" { + description = "Configure kubectl: make sure you're logged in with the correct AWS profile and run the following command to update your kubeconfig" + value = <<-EOT + export KUBECONFIG="/tmp/${module.eks.cluster_name}" + aws eks --region ${local.region} update-kubeconfig --name ${module.eks.cluster_name} + EOT +} + +output "configure_argocd" { + description = "Terminal Setup" + value = <<-EOT + export KUBECONFIG="/tmp/${module.eks.cluster_name}" + aws eks --region ${local.region} update-kubeconfig --name ${module.eks.cluster_name} + export ARGOCD_OPTS="--port-forward --port-forward-namespace argocd --grpc-web" + kubectl config set-context --current --namespace argocd + argocd login --port-forward --username admin --password $(argocd admin initial-password | head -1) + echo "ArgoCD Username: admin" + echo "ArgoCD Password: $(kubectl get secrets argocd-initial-admin-secret -n argocd --template="{{index .data.password | base64decode}}")" + echo Port Forward: http://localhost:8080 + kubectl port-forward -n argocd svc/argo-cd-argocd-server 8080:80 + EOT +} + +output "access_argocd" { + description = "ArgoCD Access" + value = <<-EOT + export KUBECONFIG="/tmp/${module.eks.cluster_name}" + aws eks --region ${local.region} update-kubeconfig --name ${module.eks.cluster_name} + echo "ArgoCD Username: admin" + echo "ArgoCD Password: $(kubectl get secrets argocd-initial-admin-secret -n argocd --template="{{index .data.password | base64decode}}")" + echo "ArgoCD URL: https://$(kubectl get svc -n argocd argo-cd-argocd-server -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')" + EOT +} diff --git a/patterns/gitops/getting-started-argocd/static/gitops-bridge.drawio b/patterns/gitops/getting-started-argocd/static/gitops-bridge.drawio new file mode 100644 index 0000000000..51f8e7eae1 --- /dev/null +++ b/patterns/gitops/getting-started-argocd/static/gitops-bridge.drawio @@ -0,0 +1 @@ +7b3XkuNIsi36NW127sNugxaPAKEIQQhCEHjZBg2Q0JLk198IZmZ1V2W1mJkWM2M7SyShAx7uy9fyCIA/4If2Lk/xUBl9ljc/YEh2/wEXfsAwlMEZ8AuuebytIWn8bUU51dn7Tj+tONfP/H0l8r52rbN8/mrHpe+bpR6+Xpn2XZeny1fr4mnq9693K/rm66sOcZl/WnFO4+bz2qDOluptLUMiP61X8rqsPq6MIu9b2vhj5/cVcxVn/f6zVbj4A36Y+n55+9TeD3kDjfdhl7fjpF/Y+qVhU94tv+cAj+gvwv/SCb1Nzjp1bMdP0/+g76fZ4mZ9v+P31i6PDxNM/dplOTwL8gPO71W95OchTuHWHXQ6WFctbQOWUPDx/XT5tOT3X2wo+uX2gd/kfZsv0wPs8n7Ah23fPQZj35f3n+yP0+/rqp/Z/suO8Xufl19O/ZNZwId3y/wDVqI+GUnUzp/sNN/yJa3ezTT0dbe82kHy4C9o2eHtHwl2PcA1P2Lkd1Z+bx39eSX6eTfwC/3eFb5d+b119OeV6Ofd4NJHq79e+b11NPm5xd8ejX7naPSbo8FfnO/Xpam7/PAlyqGNi75bDn3TTy/74+CPBDuVL6c4q/Ovtkk0IyLEz7YJ9QROVPcd2N71E3Qsvqib5mfHCAh5QGmwfl6m/pb/bEvx+gFbsniuvkQGdPoaIIceJ3lj9XP9fvqkX5a+/dkOXFOXcMPSw+CJ35dS0Kp8+jqa4B2+YyKKfSy/exy8ZDwPb+Yo6jtsBw9AZoAb23sJ8fjHeJ+JH6d87tcpzY8pbA8PFt8+fb1Xfpv/svglvxO+5J8VvR+Q9u+Ecf+Dsl9bCcfoT1b6ss9XKIdgf5ad8E92OsaHT6YCN718bY+v46Pru/ybYHpf9cnTvw2Its4yeJnvdsDXXfSH9AH+TR/gn/sA/04X4H+apxKfegBG5S87K/rbzvrJ6H+I5Sj8a8sx7GfvJb5nuj/LeQnmk5nyDDC590WI8H3Zd3Ej/rT2G5f6aR+9h8j8Mt81X5bHOwTH69J/bdz8Xi+X98Ph5xB+BvnsbUm4/2yT8PhY6MD9Xn7aES6GP9/202GvpY/j3u4P3tSv9xqwwQvtf83P3gnNEk9lvvyaVanv+8GUN/FSb1+35I8Ph8+8C4TD/yZgaZggvfrfOMv67j8hQAic/JsD5CO//MyYZQ0YCLAnEF5l/r8JUCIAyYF5/gPMyaB/tznZT+Z0pX9HWsF8MtRfSr7IvweXf8JYBPkaZX8ErvTrQPtasvKpBhaAHvwFwn8G2h9Y/6tI/wci9gfl+E3EJvG/E7HJz1FxmPJ4yX/AqAayxmQCn0r4ifs+dENrvQTUb6DKL1JHoG7qZ5x8kUhfC3Hh1+LsvYb0fvAPXyo3P++wX3HyX45KoHtRlvoqMN9x6Xd3y/vJLXg3P9ulL4oZ+MO3/falDf98V3543M+6kpvK/iD87SD3pV8+kgHymbb/pRj3kZz+/bnnH4lIH9XY30IkHPl+b/41iER9llROHmdgDTcMDUAQWKQ55wAhPiHUB3L9fM/v7LbXwOkwBDQ3zuIl/u9ANOoX0sj76UFaRUn0qyj8H/RfQ7QvDIb5+pA/EeH+DWvfBP3b/O27ZSGUZX7Z1P9SBH1Q6J+ZSa4Xc/icu/9rKkMk8duFIeyvLAzhn0tzH/zpWzgCou4VhUP/K878N+k44lt1wn4uG31vZOeDVv7xdv1cYQC+razJfwQQ/KUkB/9cPwj66db0cQa8EPl3djvyG1sSJPXZ7bAfye9Y808DVeaTNY/dvMTwyG/5Q5dxcCAbGqWJ57lOv7bY1575wQo/GOI/VpH8Wil/Ec5/QUXy3bv+aTb5k9Si8I9a8MeUg38ocP5F/oJRX/saiXyDXW+meD/qJy/6dCIc/dZpvznRm6l+5UR/AYP6LPf5vl/Ob1XET4r/K8L9yc+/Gj7/mX9/Ncb6Qo/5a/T4ZtgWY2hSxD6Rj58P2347OP8qEsFRZ0h7vxoYfx+1/mYt+9213xu6Z9lfODH9OvpHlv0do/MQ+r/a90X6f3O4+TdJ1dv487dDxrc1yacuB2b+sX4bMB6m9/HidMr+ADhmvnFshvhdAUr8WVhMfNYBTg5uOK2b79Wtft2L/zm0fnOUnyP2W5XyH4Zs+rcwG57l29rmH4jjH4jwB+A4QhPEV46C/ZU4/j/fjA2TKAVQ4qcf7J9DdfQbZUGw5I8swdAo/fqf+RgB/t0g/436/vMxn/gsB895Ov0foP8nAvr8s577lzCdJr9y6y/z8/42TP8smH9pIOIXvPcPoN2/E8H/qCGqv4OOv6HBr8I4xWBfQ97fCuMIDcLup59v/O/3wjiGflvIoD/k478RPSd+qfb9bQj8VLv+dkvcdf3yUfn+96I62N9MdT4S4R9AdQAN+KaYjv+dQUKw/yS7Yd8m+H6VCLAfYZnvF+Lt3yFIyN+dKQ7NOkNX+vep0GCvWcF/a6YgfmcUoL9OIMC9YPg3vvPfFAP/KK//8x2fYj878l85M+dvqzUSv3f24xsL+rtGronPYxM/jUgH51c73u4V1t+7PIf9Ap9wmmBr3keHkP93dM4c3LdvAP//8cf/D27s4I75fehneLKlylv4q//hV0ax/2vG9v4H/3Y04IOf/nyI9XujUH/a6B75y6N7/yep/9Mk9dBnf4CX4t8+moD+zYKa/Kwlfjb8939u+n9u+uaSn7H0L3XTj3nhfy2peXPPj+eDf5oB8IfQFZL8F1nIL020+qaGQX6b336Bo/5R/JP5nPWAb08xIDDtdwoRw9A8vtu3/3Fz65jfUkKfSmb/6ty6P19MfDT430NMsBT1z8jivyCM/wWh/NeoDuZznodZJF2a/+6YxH5dNEBeQbNfU7J/95gkP1e2PjO1d8YQpwukVn/FI0rfyK8vcy1/Rhm+9yQX9Wepr48T/3c+ofRRZfw3ekKJ+FP4DMZ+XXUjUPrrU/zuiVfE5woeifzeCt4fVp37PCnll8rSv6zD/iOhmPrt4ZL/uIep6N/xqMEHFNft65VEvy0KG7iBj9Nb+UKjD3Wc5UW8vlzkF9438u07Q14X5D7WIh9r4KlgJRDn3hYxaehKIFtrnzedHdHksufAz+nsVaJXgk8G/E84HrgjXF+b104Fv8er2Ii27xCd+chy3/F8OgHnGqPbeJgOtl3Hju3wN5G/22Lg2CLW3Qc3qJGQdKslvhVel2TjDxh/2fTL3LjRtsXuk5n6Z9bOFH4OW6c1U1nTz6NwtY2+M5jn4+KJnu9nNlCZkh8/QaYGfsrPGJ2XY3+gaqUHiwV96APwO89T8D/F4s9JwLc1fTzPydMjwqtmVhbY0muhShqzzu3N8SBVsSjqh91QA74KzyV/2Bfh4FehLE7cPqs2V4VBVWn7LBy88hhIvW2/Dg1lqdI4cCgCDpXK8Ax22BsOnhAcCk94fh0KTgi2+GUYiD0HDrXBoeBS2m7oB4+DJwSH/m1t6QwHxfggdNVIOIaCBaMhtx/JwApyqbChzidodrnPuT6KkWvHiMueR8cVI0GLbNFC2cIH2/12RtvFb1c0GC1nPEn9VQyvqiY4sXW4OGAddXGBBpSIlOYH8NtyEdIkO41kDlgGlgHS8WtpWNWqt6QdNjtYp0rQRUMQjrRaVFp3oRDJUAdzWKYYW/Uq7H3Bpi62XLKKg8SKE+tOPHlUZ9xLsN9pyBTHm9jCjYWz+7DPXU/OwtM5Umf+HGHBLncXmbxwsWDHhYsFp93k73iGZ8UFxDbvPlK3So/OIQzuM308SgfyahSgQVQo27sM78G8MaWtHRjndhrWk9OeTPdGJgG5pPpSTOwZWYAP+4fRuZ6GDc2v2H1DrPMxGPp+Y50L0hmc6x97oUFuhl/b2daSaxgo/HOmzX0WufpQEtZlQhnr6dTKTilEc90PXelUtm1cG2abqLVH5Bt6DanTUZWOY3PRyE3DluTiIJLVtygH7qQedvqSNKjK8HnjaAjwHJI7RYJZC1qDBFfZ8Pla6AuBvGhC2avpxUdYS3jU/agThU5dGjQDHlv3zN71J569hs7N4PtGRJYuwrJrqKmWal57Clu2pPH6hpU38Y7tu6xWoB9Qs8ISA3jXvfV2udxFdZUeqzc2SNbFZn2sytmvS7uMBc5Wa2NoGAskwpcRqj5VlPsjHbVyiB2jVEjueIrk07VHtCrUpdDiCStvKttSwVWoe4lzSaZGlurow232q/m0bPoD29RbfVnplTz0LjSI1RC9pKvgBMcnWHSu91a5PA1FnqaRCs7jRbqnHnpyvevxYeynmypEjTpxucYZ0QHsAk4Fun898PYG8cjaQ4GL9ftFxbKVXugUVx/2zRKeLEbzZRw/jHJhnyluJi05u+L9lBXFHX+oh4tLXRyYmTDeMIqpeYGa1A11KPPpJXra8RJYPXsZJbuRfD/2bU075Dof6b1/KGXbMlTgu1d/XxMMXU5RY+g1sQKvACfqBirX0HgOdL60vepY6znOYtaluiL5ftUiVwB9DLxzHM+3QQMHbBNdEzkIJAnYEOGpsnQPINHcRO76uknCPyAgoI4Od1xaOls7obLbrIvusb4EAs+NGoeBwEwWijl4+AXEjWAO+Ao82eCo6C6yfH8SqOKJcTtXHg9dt62mHQtlQjxk7nG6hsgIfGdtYOwxuS6vU0206pxI9wDglcjN0gpiqLYfsWF659YHLQW4g2ZLcsaSp01oh76PQ5ZicpeAfTwk547EjbiVhiWbKnBrGLslbybeqLRTH8AwMrjkDeISsLUQUcUjcOqZ7ewI9gNgmzy8ZeiJFJuu7vGmivbYJDSKNrNcPkQQ30h5lIXUWzgEMcZ+l8NDeJu8rFTn03Vu1TKKhxX2O20+K4TOxnM7lIQhnB50BlgRP/hWgkPnOO2MKczHuUmlchdAdKSTg/jy4EtDFKTdlfHv2SW3amLQzrfyKHA0vJ0mpRt3o5B9PxMeaoLobbzhmXbaOFKLdKxEI6YBLF4U4KuI2nmEdeDq47Un81XhQW6o+lDmSsYtFmqdRog6jTc6fCqeZz4Pr7zRpgcuvobhnR+20+XKyZlmnOsYPg+Awe4mwc2N4zyUhnkFveNQN6a9AchDgxbNLw3J26HcDVhWhuahdaP5wO0WC93p3g6YBNYDfcXKAChBb3bATisAFLzQARI9MRsmgQvwr3su7TswS8ISDMD8HkRy7vsXKRJ0nF6wpFN3Q2D2hwsMeuyLBgY1dtnOlGA8QSwVPNI1iZAkEfHwNTQ3r8c9tS4jsgHTt0Ge39Kt2RKMLQlT0IZAc8dcKFIHpCMXGhln0QxcriHyg92oMRov5wEJz/XlhImv6JVudainx1ipiKBmgouOMqt+uHsab+/FNnRgjzTcZe4OsuStFDlb5uuwGx7gbAlAIc0/5/kznGNq1evYfQTxU2XGCDVKNuhrubgtpTOC7EeD3u7nbbtWON08Fr9ZkgDfJnTE2gFwrvMBZLlU6Pk8SaHbGlhhXnSSMc9cGZ4umu+sOebytDzxin54+OfFQ50mCvxuod/o1LXXFD3cz5U2sanCc69A2gbZ8YIlmPxxD4+SIYYyQfvmgBmP1gdN9ttjFgXX++LPp81SSiEaUuWwQ5gE2Mv0wMk2mi0mP04AoOzZkeMnuiUh/9MD0sOS03yR7zUZL/LV7ITuuizM814bLjpfj2clg/PPpaIoUDa7nDH3ER9UoxpPFk9ZzyBMBC6Mr2nUzmy+BHT21h84CfI4iKlncT4+5ciVuSifHmLknG4P7sKdBHjOKwjeRZWdW6I95p55O7Ip61sCQFSu0WAoLzKBywA5KoTKrAsNbOnayEm4kabrof6Zs63DpCDe4xIDREXlAfVQCzphYXXyvY8rcPPI4QHaGT+Dwx2iFeAWzKYDgJbM541yziqgu8LVSTiaunbycu6ZTRVS5+DGie7YmvQgU8qcxsdaPH2KzfEMECcWz/RIOhJa3kOw3Jq0a0CyAlTsgvJ2KsenYMaSbLoBNoExFA7Cdpgi2b2BWKFRisxi4NUSsUk6H+r6KbUPPGeLPHcWBy1oyiSgHaNzNxcFTnCjtK6GvG0f3MrC2gNHW883ELWJ1IwBI9x8ugAnpKE6h6kMeCWwDXXp6abzwY/r4Sc23y7NA02WTrnexwMgGc28BXGvAt8PfDLvhvUNmnmQSUCm4QLidPVCQSphpxTvORLELYjf5OWV4yG349QQOKvt6AG9mrzU6lirQyWS0FEV01QFyGjWqc/2qXZX0rRvEjfBMcZsGOMWRgd6uvilj8hOWQIkh3CGgni4qI+0SRaMyuYs1tNWGdhiBFzoWMB2PO79qB70IRcMx4oThym6h683td2qNZmtjd1L/LHQPbt4nqqZhlxXm9Hey2+kx6FRkQpkPIbPZtk1PjwFox8BDwTgpwCwzItixZ05V5ZkyNTDuy17yrqSoEMB7g/tM9u6a7YpywVvbmol2w8Zthsi6pMBCuEw+6URtsdHG4xoOxdXwK1mFjgNBCF8hnntkMj3NGyWfo6tCa/FuMMy+9QK4JCIY7GTWbuS7fpocQG3FAJ3t+tjfdRh7zLz9M5RGMBXUwQF3BO0cIF9hIP4zDBZcFbQzmPP2qRzrB9XxK+gE5y9Tl+wa+Ccj67heXt7Y4qr7lPMCtiqG/tnGDUTFTSyb6XqwaadIVxb5WhLq7TO7bHVwmfhTuET47Owea7ZgwPaFAOpm8dbsgoj+XwLanql1rVC1hvVeY/Su6cXiX1rcKE/bsPZa1SgbY+pEmFdR0n6RWZmBUgIT+J3B7AyQWQs7nHV+MpZAQqoh7RL2AeR5sqhurw5IUNCtgDR4rREre8GVogf/eTBJSnIr9Q2xYBAxdIeCU62vR0jbXNzi9tl0kAbONdIjKSH+mGR+pNRilHszS2rIOx4vh/8h9SQxUUHAlciz7QVgSwXZOtFa6I4kLqDieQdAnEVYN0KZDSinUFYPHcGN0VBR1LtgdkP34+CCHAz6R4Gj9V/HJQKOMENZBcK9Ci0wW3yKRLyb9mT8J1qAOhEVMQ66uLUj0qWVVsQ7ujoO3GArpM33hC5R88jUEKJ6uqggSibvN0blIvgX6VtDrV58ZULcD5whKvvg8uAaOJLZC8ZmcvBH2c0T6Cxfaa/KOrWPyOG2oESy6+w+yFHmiggNZWSQLnznDkGHW5q59J4UmFLMy8D3A2CHGKCdISfHilkolcPOWlOMD5EhE7ToqAe83R6MHlxsort6FI0rkSKHM7W9JbnYKg82Gzd3J3wLEQXbqnbOjfSiE8ym6+XdOsYohvsSxQYk9PN8tOtNd/TZpHNoL/Fp9zVkmAYAX2KkbVBtMHTsDLaxSNmXBWOUPTrFSTinl/vgiFyIrNnDCDs3l3z3BRodAA2IETcU3QFt8yc6rqvj4CX8dFTiz78NcOle+nUp/oy5JqCU5fzeAebYteJOYjV4DPLSiBSZhBXNIDXCaEs4T4bwy0UxAiHmTDtOvx+9tEcLz46i6/s+eJOJ7viTHHIigmKVJckGCyb4nGxht40nnKP83v6zm3yxkKpe2TAElpunY4Dwqvhhud9Q8tnvn+ijphX7iF8ytzzlaoRCDfxNX/n2sV2eqYotRUUTdOE4J75i5I4Fd8bfH4V91Q7SeaBI8jTIPCokmoZoNBZejjkXDFzxgT4qOqcAD0MFbMK6H59SxPg7w0pb/ao2A9m1p/izCglWJmWB75x2Bv4eFby8AFpBoA7X3pxGF2pnwNCA99P7VjeeduTQN48rXgB7Ldgk8eVrUI7yP0SQNx7y+QTSrHaIB1PQMA8RZFQDGr049lUrnsIPADQsqY80cdVl+v72SJOj6db9is90yd3yDiQoZ5vlgd/5ROdP2cxMtT5YAznkQ1uD0k/KoR37ImxeihO7x/rOx1D6suHjUwBai4Ivc5VVllfe9qEmiE1DQXk/BujDJbKWoBe0PCpdj4dQXa8zU1DbSp6UYmEDyfBn9D6DtSa++76MAGDj0o2L5DfouwF33c7xZPlTrCZfzk+jvXQNqeumFRA8tYhvjSs2blOkWtwIo+8ycSqX/dVuL+rKb7stYP6vF2shz1hT1hgi1wt0oZkgK0CPCZWngRjgqjWeHMgzAIW51xZ4y2f3z28B87H0NKzPS8IAiLgamyNUDIWyrpeJGedCfTXCrRppvgoUzTM4g+LGhbDlTmU7EXFM7YYMp5LBA/d4qAZYPVGKh6P90wFYIgEDMpcL8zwKOebV3studBsPvg3rxSPiC2Xd/EsTirMsSCZJi/5DOuJHcY+6auB3qhTqkPJv9F3JlX0+9upL0NxIdl4utA7wYnxXAmJ5Nv2mN3vV3TOF60914BbrtHRsM0ZDeWYu48hIt+wDqFxHO9WyFfhmeCrB6Vc4d3HTQ1UbGkLzJGOIl9GK0YnC7viCUTTWbivqSLsPZxsw68dTrPgFCtl1v26Dw9VGw7a+pxfap3JTakK/XiKEjWSgR67sZC4SYA+mqCz91XaQbeVZWopzXXb14cIVM/1mLCpPhRqZAI6AtlIsKxJH4a27sdCaOSonDsX4fzEXObE3Nf+6AxeGQQmOBZfdDs18cg48jyR49s71i5d1L4sal25u4Hl0CO0zMsc2DKFeHhAiLPJUu+b/nZAfQ8XIOwBgnhx41WeLwG0FyqCyuRrNIOMu+oTSMzAeyUn8Adwo4lW9zdtQ0G2TDTLkflbtF6KDR/PN9WqfOgz+pBNDKPOQqNUAdV4GGiW6XL7TQVyE1ztBD5z0qlpjwtvE5eAHiUMVkLpuONfNcijKCjuSp91rttT9jywxkmA8lSPdK0dxuQBWP1bEIKVLHt/Hu7hfBPHZjbcI4wRDLnfgZazHoDrgi7F2GIDkbherA5kK41UNBJkx2GiILPIN7e/nU9KU98jYu0GM+6mLjzvAhcJSUuvC5xsxptP0OZDxKuDCYgnHqMo9KIX8BeQ7ZXGZDya2q+KTeYeLWDqzzTQJdjIzIRlW9tfoc1V4iAm641jmEOmP3RyQW3N2tJgfpx8j/SO876GkS7f97SwAOSBDqkATjKWsN/E8gY0b24MnQENcC4JDHQYdECpnP0G8C/REe+whEl/wcB1A8qHAL2e3wPruUI8Z1qQx4AjXu3z9jirRajFIAEx1rZte3oRQnCs0rNSX3RQNlrwLgeXZFm26c6Lo3TeKYxYRpkyYYSKym983/M116WiMWmJdpUhk5YTd92q1JlpwIJsbZ6lfgWNB9ihDJBA8xvIlm+t3Mt5q45n0eXdLUHe1Y471bT5SEHvrXSOs0+3KHwpu+yMVsH8AWAgPrEkATg+DOjjKdsrTXV49i2LKiABRYoTm85uivHVALKPXPzLBcUekdF6KuWL5uNcemMbgw3PFLdeFGmh827i1GNy9qyCUKiTbQdnC1b6AOcYP5TYPB0fsP6qH/b5+LAEPMMyTWMGl2BCwUiAhpwFbjdAjrsTRKpJt0h0Um4A/HRCCUMWsjaq7XvY3qiW2SyA1fkJ6En8KFZlJBfd9E5j43q4BM8q1O0RLHEjfoHVlxQorBebG4GOUWrAgMDCWJDIbN4ubQtzxONAoIXtXe9356ZGvnYA0EMvQM7CBGt2kTf5TKLckUxyUvGYqBB7HUAjnvAhagpQ1c7qnrNy5A86RxtneVYGKt9oDNYtJCCqvejqJYHMxQLwUeWOTxdhqZjgOmawCjFNMUDUo9GadXUpYeQ0TxMceO8TRJWfsY6F+XLwxMOaOLHgALESLJDF8zZUgt2dKaTz6Dgrodga0XGEdYUCFNK864kyFdkYmnSqiEB+YvkTXg8IuUtF+IC4ux17E9K9YV81zcJK14sB2ZGNEgnCy22JxzqlOfplGU3hLvT2JZN7gxz5uml5STR5SzfiaxyjQAdOcMhsg32pS/UeKg6WXXvPLQ9LNgeq5NwSub36Ey2AW3OqSeAWBkhBNVwCOvpC1WlI90Abh+EwrsCRV3bzsQkFesEfj7sXq056BiCa66ajcOLaJrX/uBLX1fVn2JGXNN/Da2MjjJ0cwmt9D7jnySItlTa3CSJXAvKn3lQCkkO6KOwMrEuIjY/0MWiyScE6wAb3i2NEq5gTWEEdnmcgEyCWQLULo/u52wh6EgqHcg+JiwyOdosnjrTvyUET61AgpMt1l0tGgVXR9GJVzNbnSgXM7iM8x0nTrZYG+2RiUHJ559HTKk+7InmFmE2tV60tTg4+rs4e8m0pDUJjt6JdQ1z8YiiYmGFVsuu6mzyd01Kd4qfVWESYlTY6a9IBRInlDrASx9saV4TYdLVDVPZQx+NV/QxLPB4QAZk5IKd57x+Lezxmz4egcUf3QECIPNg3kIH7I6GIZB9rNb4881sIqBMsBZyWNIvkqBXK3ehFzAPEJubLVAlBjn3Mg1Z7zkE31vs49D0s3ztRxWJkK97b4g3FpNY9dVOD0UsHpznxAIPZO9A6Z0A8EkvsugOfJmKlw/GvaGKx8+lJ1Dw3AkkL3O3wFIPKE4VdRGE0WggOYEUMTVbOji0tQxx2bxLfx3AwRKnSC1wDWFYL4hmkY02T7PqgHlTUoyrGUAXuLioUxChx7lmFgKizpxJ/Awn+pTAPJWU+N6cpsf6ZGEbZcZ7HIVi743qQou0MuP7aXe8EADJbAWHZ3kHWzEEWuebRBEcL+codDeE2SXp/9RetLFx/OEkDgOol8Jc4M/EchGbfYi2I/tWwHjiShjF3wvog0vknzm6xWUNme7ynG06wiXHEQPLruLU978FhDiZPyzjW4R5eo8KKhgMSITg5nXFXm1yWt8xBHr1doIrC9U78cALygoeM9Cxej9cKocXKcPsAoMTSnzTkGW9y45JXgfbPo++/YkOo7FumVIxUEoAR+IdHwdXpyoou7IRGFo96qZS9KfTAlpCph+3pOrDx6N5vVJfSVyYCiHXSzwgU+c2QBOQat8BSD6gdHqIp2j5tJlH6IEIbIvrJ08Z1GsFt5ODe6904cO1TZrLRIAbmeIccui0NBIPSHNaa/MMgFVdkVOpp9FpRrvQQjhqSYSDBERYg0KJZtEtR4egOySmbOx91GbOEqsRA3wMi0KBTIj/mMb45NXM5drIYQSlb2kcFtKenEEUT+9tNh1e2IM82BzSYJq6o3EvfraEsspCFwHoY1GPsyiuW60i07To2B84wPa4gcaSAnDyzDa92V0ROjzTdz51RAChcL5fxxeMhIL+XLqI5v9zI6nA9ILelfuvHoLdb+XywGkEMRhRruX0+dTMIwQAa8xRswVXYxE4T703lGfztBDJXMHhUNsZtX868gc47lcaOgdOPFGgskL8ajMpMWK8qiteoYYGRF5OeA0gPJf0KhKLda2an32qAhFzXoBmeCyGkkxUcNc5WtaSOEsuh3oi+DxoyHOBQ6iNu25H05ELbmLt6wLa0z3TgICWQGA8XUiZwLXbVFc33TmZ3dL3QkB3vyAvi3XBuAGRk52aT0UE4uPAuy+OBO7EsM79V6TOtOaPA322gZGH10Of2AjU4o7lX3tlmG/G4SIA5oVDD8HQGtAWuo+3jfoAlrod30+uHUwVGQqJ+VsCtAhtTgUzVNM6XqpOEnQR8ddFd5J4uwex2DOx2UoIJREuFOoWwQZhCyW4JRoOfadTqsHMQ9CA5q+GS0tzk7vPRe4eqXPcsDImqffpmnt7QODDOE5o3CJZ10VstvRtsLz9mLTLaaqrldxo09+ZGDWlxBxACi+IgwRurgnZLgPYvnsx2jOX7UhHCteH46yRa2DOfsHwPOOQkOMhrrEFwZ3xCEntkSqVjtNZj48DiTVkYM6FZaDJP2kdrQ7/mRngFSYyx3ZmapErpKQKCIF4vzhxIbdSwrKJIQoovDPDyR9qoEfLym2mDdRyGTlRWjcPbPoBkvCJjs8IaxYviARe7G2exKWe03NUDOTawVoifnulzJs1FnpGJfyh5mnrMZLtCnz9zC8Syv+JTs+J0CYegczji5hy1Csg55VQTaX6Cl920C7Ko57HCnw6UDS6cQRHAelmy3IzqJh5vO7YzN1Z+1DQcGJ203ShkqWf25/5Eudhl9CqFfARPekRTSkI+aPVQ+anepVBNHJHcvOjNg8xAR9F8ojCtfkox2g0fV1X2GrFvzE4o+ZE6tzNvPQcJoaLpRAJFbJ9LO3VS9ZHhRbFAzynW7jLt+gVnTWGiQCfTKGm5MO7cAYECgi28aiKHK31ub2QulEKjneA8EFi6AEosQo+RclWKPE8Lc9ABmK8PxJHG9Vq7TWoah8i8voVWEGAQmwEjpVe9JDRIb5QDUF8Kv6e6aql8Gcq1gAhogVzZ417fwqsaAYeq4OOZ0Mt0/hKI6MnNv/gdTl7DV9aFUb5F1anUjKo2gKS8KE8SSHtYD7YDc14qg6+gb3SQJrPByHqZ4qC9SojRrPOcqDSux0LeCQw867NlrBjHIbIN6O0e3Z4RIMEy1eTPUDX6E+cxr9o+xLfNutYQDKPiSZqnltyS0jYUkHBTHSCZY3lMbVfikKqa/Vzvx/MjctU4afGtffJNyGFuN7SKy+VhyfCxS5ruDY4XuZfwRA/GqWPglVKT40AW0EA654Vk7PUK3i8dmajJVvkAFPoNqJZChZmKlvnzDjyYKMIGaEeospdhguqzURPCNPSOQd9qp3zg5Ve8uBO3IHLFCD0Reu09Iv9mYmsqh0EK5V9v8UeeOwLgwrAMozPs5LvhWa+Zzezc5aQu1pua90Hmv04zQWB8EkSaR/FhRZMAGdfAb6OVDufQRJbzWa6Oq/4g5m2brx3zClerRLZIffCNM2EqSQcooJ+8CNQ+4N8wT2JJ81TR2LcKntjMvChw+gKyhIlHRXDMqn6O4bCOTp8zRC4ROMFNwnHFsmgg9p+sNlhCSQTSyUXYJODXk8L3hiM7LZmZzbnewn4hVJDdsXFshzW5xXTKeTI/J+JdqeicYXfX5syKNEkrsgTCgcWM9AI0mOJid6UwDi1Qq4K9NuTq3ArlfIbI5fjKpXkMF0DE2GLD6SxdNxHomjbJVoyO8jfvNX1xRWqGmfupAsSAkk9YtkXIk48h/FOkerKgzISDXmcfnPUeaHfAs7t2P4rCa4SrgwDjEckpeokFmAQZbKx2Ni+ON2xL+pt7Sl5pE/S/CAyyl/KSwKS+TRjNshvpIoJwZz7K/c/na/SKmbe3xDl+KYcDRy8wLOp1QOWodjhcMHG538rnQLDm00Yq4X1onP5yBGJLZ/DjoyRJFgCu7kaDmBtqEdQdDhpONE09XgNisMx51AfbxloandAHlblbsSwsW4duW50PMJta8LxvdYcclhaVMzPrJ2jqwl21ITkf/HFjnwH0bDgjCUbN5XKB/jVS3PuYtX5gNv7OdmIVwiFmQEEGODmGXR2SYOKTdF4CiKvqmViTRvNblwRpftObGkcBClrK9Qln0Zn03ZTsVb6xLbVbl7oz28ECkvs1+UfXIY99aAtFsfHCWg6So2fJVC4jqktA199zK268dtDO4ZiPnCodG3WM6/pYRHcgvvSqe97Jt3l1CqxEn8GVFKdH0m5x2uEaIQvUBtu2rebd1Ui0Kjk1h6N1zi2UmXYfpWNt36pTpcIpdnBiyVbQFEW2UQswUQeesohUYXX4iB5apHjYRnifY7mv6FI95c9b9OgPZLENzzDsUVpBSYIIL9u7N+S54cJiHm+Ve2glS4vp1xCDM+OAfaDpcIo9nSyIvGfxEdxUfn8Vtk91lvReX6iRPsD8gmVTKEw2i5hX5GngAEHWwDUZdD7ccWk3T8pmXYKAsuP7nMhZ56OBn8y43jwH1VGu1eOeu7cjAuvMljHLcDYDrByGuVxNMbJIdQuZbx9cCihOgRwp5olAeEMFSNCxojdeZTq7td75cNalGjufD27/UHcyJUdAPXJtdweCMQ+q+ChsB5brMF33gH525ScJTX2R0OyMDNpRpWfGVAQ4sEudtpmWn0QEO+5QOaIjegDL1y2YkoVkHvFdnS8SyEuB7oy4ejsJNi3f5+I1aSOvjhfpmZZ7ahFQ1gOflA9lqSOSY1dSvz7nSdXOt0kMr/LlAT17Z8TKdCdwywtQoSDFAQHleLEUjBTQSOkcwhUpuCD0Rl/YUrVMpY1sB4ZBcJw8jDBOZEVBB/WCgqt4vQXJACcAAKB1S57GsR9ntmUAp5GpZ3GbkiI3hu006ESoJMVhgK9k5c/XsZlGwtzaYU4Odm4BivjQ0GR53AsDdBLJ24HUJRt+xfWnmMlOQ1LU2ZuQvjWvNdFr6nW8XlJmRpZQp3FE3KQWjicLgC4GLpT+jMbYGzmas0HlljdT+AsxEhppw0kOSUEg3gaNJAbuXmuq9gRMNEuwKBCfQQTYzVkF7Og8Js6zVl6eNuDdrBjoNgfG4SQ/86OCKYKSr52nn6HE2AA6MWcLKjVH3o6r8cjMZ7rqQL/jydafFR9lk3KY0DfQvG4UjvONPbDWggNQHcZQpiMFoeK8wCfYvR16teHIBJyRojq6ugTbBc4ARfyCfh/F3OiVyiWbujsUPheE5C1olueBR60hnoS1PAvwEQ+JGcxC1FmQyuDw6sA4lwuO+fkpOQ/eVplaJ3Gw9Xt6pxXYxVL7VlXl79sgwKGrFhWwSKsjKBEoxMu3J8EEXWoQ6b1+hsR8ei559vBHWAhmmNfsvvD6DumKqfjH6GYNV5hhL+XtLGJS42bEVgiHwyOzOjgTxvboh/W6LUimiZuqNxRTm2oV6jF/lJFrarm95zEHWGxkm7Mft7Ezi+XaEK04ZP7YOMaTDFB8kq0ubJezMc+T3T333c5B0IPwS+0WBfrgklQ7VxAdVF6TiyzaetHbgzG8JCP4R9gl/EV27xYYqMEziFWMkgZnAcljDuZY309D6V6ca8tJs18ZMCdfV/pKrvMKZXj3JNE5x2nAP8Am8SqPmpOvmFb3w6l9Jvdch96WAjx9Ei32lgDtMzTeTGSRetipzqOp2KM1WJM8hWcrHtepp3KGqP1LXY8+yxTWg7gzrxHnnvNHOGVqYFm2apk5ehyxAOa4NLdk586yi1xYSslYV+h3sLh6+OFjkPeoj/fiisE7JEHkLbIi8EDK1n2v9Ysh59ZruAWf4Y2YJL5RZq2ODu+DPNgF/ulsAtI1qFmStmc1N9tOLtvzczSJzkrxDNPrfgRId3tM603XDvNk4kJpKwOsZ9cP1VfJbG9GNr9e7iGcCYiSuVK3J/sA1MqTGwRaYW8HbTrx42ko5MBRXuMTc4d3quwYAalhpnIWF41pT9fyCfg2yRiWhd235JVV4WMMIPtfivo1Y1W5uBvFfmEaUg6/pSDKn/eu9jxWh51/ibFmOj82+Vhz9eJfFyefpNC1dAhzlmwViFu4c5GGQpyc4aCGebAZCyoEXLwjQYeQImUqGZ7RDqunXSryfWy2RAsuROuuEvWeqUynfdp8GJckQ2WQtd+86JG+avVOtt0tRG19YvYB7KkeRHxwgZ1IO/k6MkwaJs1EvGY1y69xAwwWJ3WYExQOKAgXzZ1XBXjw4+A2MGm5FZus1/ExgRXOWiY1RyRNYROvG8x+5KC5N+4oP+arTjRzc1NrrwFKeBgosL/nXK6IXR+zBuhJzAqW5gbnZOgCWsMMAUt0d/kMznsB8qwNmqfVSPP8SES58W7gBgb98fI3S6W7W92vOkqhiYNMLZ2jJ1YaYvlWF0URRV6nvMWbAblozd1CgUtmErEenLPT2fx8DJVShAzfzrA+E4EMeTajLD0+Wgb/UlGGv6yc3MKTXDvn5TIB9hj2ge8/fDPwK6h9WZJEcbzbNivW6Ck57KkEM2OCVMeztYfi7tEX0MrGvwarmuAukBGSk15K4vjOZWwXqXXtetwNU0rHJoUVgTSDvWnBubrk3XgWUGgyLNHf1IPdelbUqAa/SpEbJ9c7Qkcbg1mp/So9rdIpEvG2cqXUSmbMaxZZPHfI260gw2v2vN5maei3PCzbGE7ACq9qQYwPnA35wlu72M6Cs8bP5X3m9XdO3W6aMs+3VrscYA6GrVOtIlrNJ1BVRki1Z3DsfKzv/s2ed8zQDvvGs9jxNTetU/f0gc3VIdhQavGDcgU0TIqAGcMB+jvQUyyVH6BnGodKwJTxKZGV7Qsehr3LgkhmIOeBELLNBmHxNv+YsJqZZ7aBBG9zBmj7gCOYKHvklwfsSRpb0DiArHul1go6T6FUe6oI6eEhgjR9ew3+5EZuKlFCVsdcgcNBsOATlQZfv19a1bW7GMBZlxccR4HPbWtqhhdHvhGUfqFo8znDWUKMX8+eXcMxAXsU9+NZrIyn4Qb54LAWHHABKtOJCR9SNcW5RbZVAYvnJhx80MZpZGD1R1EfsnZHRzKTgU43WvL0lKMnYDHm2WtVwBYPfo7v+4TD0suGJ5P/uMY0nBfjnE5k2h0fdwG/oEvUAuu+qpLtmSPNqENC+nCDkwjgfMo+FvkJyGiAqNq1B+e+jY9iPRrMvTxSe1MeW5Hd0x3w+6St7W+fVBIOtDQYTGyfRZ7n2FNlANJGqEepq5xK2yWk+uqpp/DchZsAYtQR8RP0wftrBCw6lFZnIzxP+DwPpKe8X2414IkhduoGMk+xAuotHlC7leBmILhZ5vHC4bdeKWZfcnzE7PABGS/HO3UPXmNuE4XcBshyCDdw3admYc2NFNErhcTgVoFuzOd7a+DyU75xpajuTJ6p82k2R/YKwON0mk8Q8BjyyXQDfPTlApRz441NBGcYBCOebx1CG6mMJdkiO0hxiiazGYdH2imvOjWsREhUsxxMj5Xq/cJ5gGYil+v13qOWtXW3DOYMGvffq8JVQVCjaVm9Xu4ZnePd6806pxMkTekit25kk28RvMG5OFLxZOBM5bQ7PWFDQWYnG4OvVpde2idJpEVxrSjWrABSGwkcvYHx/CVLbTj8KhvpjfLDBA6RkjmqVAwAWLrK5+clvQKIlYfmubt2OMrWbA0bODE7GgH1qmi+4UEVY/ZUgmV+7CR7mc9tire6v2K7EGrIIYHz3KxABpqhHOf2yG/HyOzqMe/v537QQrHsJLNzO5FQTlpwDoEy6radOEq2xu2WQKc5OzWvqk4EkJZuYK7OhWMhSBLK3IrbalihfUJYQU4gW+lbkGpehQf0kR9boMeA5PrhbchgoxE2TUAMtHYLSxXKQOc7IttoFDQzgiez9jAoNBhRbQhPSKGIrH5GTsNz2EnuzUq3ay+b7ykFmgDiO8CQJkXlrlafHDY25rOngsMz2DqcRjiixujs5Uce6Acljil2wRJVmnzIZpnUu5w6UzifNWXfYQ8I6oBWPVVBOj/rh3KC4z3XFiQWVVMISU3uLi1bR2/xa5ArBE5wZhAeiiTtyEm4cDeIM3o2vagQQJF5fKz27TCZbLJ1O7lIcLQVVgMbIMiJPVY2koxyVWf8Pb3IdwODE4XrXBziSbSPg9irj1x5jefAeH0mDGHyZeeRXWRnD8Am8d1OoR3MxirQnnLg1OPOQVgOeN+RCzgp8vxTlV7frCcyd1s90MgFTwvFedhnxQXGOO2LFMh3lC6nBs6KxeCs1UKAGvpL9QamyZKQBUTvn89XYMEQs+rbMCag2a54n+M1APqZyXXpzhvvPl5d5V5kX6NFdjYEzypO67UWaROFk3xkKxN69m1eAGi33GxCsV0W/EGGSwwfODu2ACIBMNaNanulx+9UpjVgsYezTEy8WMVDrsJaJhwEVGnacM8apFBWsBW7R07NiFJb13VPlmZXACDJhuQbYsHMdefGGwsfshjjeoIvGpGQPj+PYhU1ZDdqqyiY7n/Hk6r/altgoF52juOst06FzxBf/AuTTdwRPufMcWfPNx2NPITHI3yAG+fTph6s+PUOi7qb8+X/wUfQAW4gxNsvSCVev+Gbwcj/7495nQbKfvnioo+H4b/zqjgU+c6XG1HEj8if9RoZ+vO3RX1+O8FPr819f1XkL78z9598a+g/8629X78FCPuDX5eL/c63ZNC/0O1/zdtw0W/fhot98/aV3/19F9982cuXl2/+Ra/RoD9/z9Yf44c/fv3Olt/ph//IO5//VD/8eCHFb7+8/G/1w/9hvnkRy8e30P3j37vyCSR/ZCmMpCiGIFiU/Xh/2b/slmBx6vvl57vDVzEafQbfwiL+/w== \ No newline at end of file diff --git a/patterns/gitops/getting-started-argocd/static/gitops-bridge.drawio.png b/patterns/gitops/getting-started-argocd/static/gitops-bridge.drawio.png new file mode 100644 index 0000000000..603b7e3e33 Binary files /dev/null and b/patterns/gitops/getting-started-argocd/static/gitops-bridge.drawio.png differ diff --git a/patterns/gitops/getting-started-argocd/variables.tf b/patterns/gitops/getting-started-argocd/variables.tf new file mode 100644 index 0000000000..b4c7511302 --- /dev/null +++ b/patterns/gitops/getting-started-argocd/variables.tf @@ -0,0 +1,88 @@ +variable "vpc_cidr" { + description = "VPC CIDR" + type = string + default = "10.0.0.0/16" +} +variable "region" { + description = "AWS region" + type = string + default = "us-west-2" +} +variable "kubernetes_version" { + description = "Kubernetes version" + type = string + default = "1.28" +} +variable "addons" { + description = "Kubernetes addons" + type = any + default = { + enable_aws_load_balancer_controller = true + enable_metrics_server = true + } +} +# Addons Git +variable "gitops_addons_org" { + description = "Git repository org/user contains for addons" + type = string + default = "https://github.com/aws-samples" +} +variable "gitops_addons_repo" { + description = "Git repository contains for addons" + type = string + default = "eks-blueprints-add-ons" +} +variable "gitops_addons_revision" { + description = "Git repository revision/branch/ref for addons" + type = string + default = "main" +} +variable "gitops_addons_basepath" { + description = "Git repository base path for addons" + type = string + default = "argocd/" +} +variable "gitops_addons_path" { + description = "Git repository path for addons" + type = string + default = "bootstrap/control-plane/addons" +} + +# Workloads Git +variable "gitops_workload_org" { + description = "Git repository org/user contains for workload" + type = string + default = "https://github.com/aws-ia" +} +variable "gitops_workload_repo" { + description = "Git repository contains for workload" + type = string + default = "terraform-aws-eks-blueprints" +} +variable "gitops_workload_revision" { + description = "Git repository revision/branch/ref for workload" + type = string + default = "main" +} +variable "gitops_workload_basepath" { + description = "Git repository base path for workload" + type = string + default = "patterns/gitops/" +} +variable "gitops_workload_path" { + description = "Git repository path for workload" + type = string + default = "getting-started-argocd/k8s" +} + +variable "enable_gitops_auto_addons" { + description = "Automatically deploy addons" + type = bool + default = false +} + +variable "enable_gitops_auto_workloads" { + description = "Automatically deploy addons" + type = bool + default = false +} diff --git a/patterns/argocd/versions.tf b/patterns/gitops/getting-started-argocd/versions.tf similarity index 58% rename from patterns/argocd/versions.tf rename to patterns/gitops/getting-started-argocd/versions.tf index aa00573a68..c3fb7ee058 100644 --- a/patterns/argocd/versions.tf +++ b/patterns/gitops/getting-started-argocd/versions.tf @@ -4,23 +4,15 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.47" + version = ">= 4.67.0" } helm = { source = "hashicorp/helm" - version = ">= 2.9" + version = ">= 2.10.1" } kubernetes = { source = "hashicorp/kubernetes" - version = ">= 2.20" - } - random = { - source = "hashicorp/random" - version = ">= 3.5" - } - bcrypt = { - source = "viktorradnai/bcrypt" - version = ">= 0.1.2" + version = "2.22.0" } } @@ -28,6 +20,6 @@ terraform { # backend "s3" { # bucket = "terraform-ssp-github-actions-state" # region = "us-west-2" - # key = "e2e/argocd/terraform.tfstate" + # key = "e2e/getting-started-argocd/terraform.tfstate" # } } diff --git a/patterns/private-public-ingress/main.tf b/patterns/private-public-ingress/main.tf index 1a77cf8fdd..fd81fc2772 100644 --- a/patterns/private-public-ingress/main.tf +++ b/patterns/private-public-ingress/main.tf @@ -243,7 +243,7 @@ module "ingres_nginx_internal" { } } -module "eks_blueprints_kubernetes_addons" { +module "eks_blueprints_addons" { source = "aws-ia/eks-blueprints-addons/aws" version = "~> 1.0"