diff --git a/assets/scripts/destroy-git.sh b/assets/scripts/destroy-git.sh new file mode 100644 index 0000000..7df8c38 --- /dev/null +++ b/assets/scripts/destroy-git.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +set -uo pipefail + +[[ -n "${DEBUG:-}" ]] && set -x + +cd ~/environment/codecommit/ + + +terraform destroy -auto-approve \ No newline at end of file diff --git a/assets/scripts/destroy.sh b/assets/scripts/destroy.sh index 0f69e74..9c0b7ab 100755 --- a/assets/scripts/destroy.sh +++ b/assets/scripts/destroy.sh @@ -2,15 +2,15 @@ set -uo pipefail -~/environment/wgit/assets/scripts/destroy-applications.sh +$SOURCE_DIR/assets/scripts/destroy-applications.sh -~/environment/wgit/assets/scripts/destroy-spoke.sh staging +$SOURCE_DIR/assets/scripts/destroy-spoke.sh staging -~/environment/wgit/assets/scripts/destroy-hub.sh +$SOURCE_DIR/assets/scripts/destroy-hub.sh +$SOURCE_DIR/assets/scripts/destroy-git.sh -~/environment/wgit/assets/scripts/destroy-vpc.sh - +$SOURCE_DIR/assets/scripts/destroy-vpc.sh diff --git a/assets/developer/webstore/assets/base/configMap.yaml b/assets/workload/webstore/assets/base/configMap.yaml similarity index 100% rename from assets/developer/webstore/assets/base/configMap.yaml rename to assets/workload/webstore/assets/base/configMap.yaml diff --git a/assets/developer/webstore/assets/base/deployment.yaml b/assets/workload/webstore/assets/base/deployment.yaml similarity index 100% rename from assets/developer/webstore/assets/base/deployment.yaml rename to assets/workload/webstore/assets/base/deployment.yaml diff --git a/assets/developer/webstore/assets/base/kustomization.yaml b/assets/workload/webstore/assets/base/kustomization.yaml similarity index 100% rename from assets/developer/webstore/assets/base/kustomization.yaml rename to assets/workload/webstore/assets/base/kustomization.yaml diff --git a/assets/developer/webstore/assets/base/service.yaml b/assets/workload/webstore/assets/base/service.yaml similarity index 100% rename from assets/developer/webstore/assets/base/service.yaml rename to assets/workload/webstore/assets/base/service.yaml diff --git a/assets/developer/webstore/assets/base/serviceAccount.yaml b/assets/workload/webstore/assets/base/serviceAccount.yaml similarity index 100% rename from assets/developer/webstore/assets/base/serviceAccount.yaml rename to assets/workload/webstore/assets/base/serviceAccount.yaml diff --git a/assets/developer/webstore/assets/hub/kustomization.yaml b/assets/workload/webstore/assets/hub/kustomization.yaml similarity index 100% rename from assets/developer/webstore/assets/hub/kustomization.yaml rename to assets/workload/webstore/assets/hub/kustomization.yaml diff --git a/assets/developer/webstore/assets/prod/kustomization.yaml b/assets/workload/webstore/assets/prod/kustomization.yaml similarity index 100% rename from assets/developer/webstore/assets/prod/kustomization.yaml rename to assets/workload/webstore/assets/prod/kustomization.yaml diff --git a/assets/developer/webstore/assets/staging/kustomization.yaml b/assets/workload/webstore/assets/staging/kustomization.yaml similarity index 100% rename from assets/developer/webstore/assets/staging/kustomization.yaml rename to assets/workload/webstore/assets/staging/kustomization.yaml diff --git a/assets/developer/webstore/carts/base/deployment.yaml b/assets/workload/webstore/carts/base/deployment.yaml similarity index 100% rename from assets/developer/webstore/carts/base/deployment.yaml rename to assets/workload/webstore/carts/base/deployment.yaml diff --git a/assets/developer/webstore/carts/base/infra-mng/configMap.yaml b/assets/workload/webstore/carts/base/infra-mng/configMap.yaml similarity index 100% rename from assets/developer/webstore/carts/base/infra-mng/configMap.yaml rename to assets/workload/webstore/carts/base/infra-mng/configMap.yaml diff --git a/assets/developer/webstore/carts/base/infra-mng/ddb-table.yaml b/assets/workload/webstore/carts/base/infra-mng/ddb-table.yaml similarity index 100% rename from assets/developer/webstore/carts/base/infra-mng/ddb-table.yaml rename to assets/workload/webstore/carts/base/infra-mng/ddb-table.yaml diff --git a/assets/developer/webstore/carts/base/infra-mng/kustomization.yaml b/assets/workload/webstore/carts/base/infra-mng/kustomization.yaml similarity index 100% rename from assets/developer/webstore/carts/base/infra-mng/kustomization.yaml rename to assets/workload/webstore/carts/base/infra-mng/kustomization.yaml diff --git a/assets/developer/webstore/carts/base/infra/configMap.yaml b/assets/workload/webstore/carts/base/infra/configMap.yaml similarity index 100% rename from assets/developer/webstore/carts/base/infra/configMap.yaml rename to assets/workload/webstore/carts/base/infra/configMap.yaml diff --git a/assets/developer/webstore/carts/base/infra/deployment-db.yaml b/assets/workload/webstore/carts/base/infra/deployment-db.yaml similarity index 100% rename from assets/developer/webstore/carts/base/infra/deployment-db.yaml rename to assets/workload/webstore/carts/base/infra/deployment-db.yaml diff --git a/assets/developer/webstore/carts/base/infra/kustomization.yaml b/assets/workload/webstore/carts/base/infra/kustomization.yaml similarity index 100% rename from assets/developer/webstore/carts/base/infra/kustomization.yaml rename to assets/workload/webstore/carts/base/infra/kustomization.yaml diff --git a/assets/developer/webstore/carts/base/infra/service-db.yaml b/assets/workload/webstore/carts/base/infra/service-db.yaml similarity index 100% rename from assets/developer/webstore/carts/base/infra/service-db.yaml rename to assets/workload/webstore/carts/base/infra/service-db.yaml diff --git a/assets/developer/webstore/carts/base/kustomization-mng.yaml b/assets/workload/webstore/carts/base/kustomization-mng.yaml similarity index 100% rename from assets/developer/webstore/carts/base/kustomization-mng.yaml rename to assets/workload/webstore/carts/base/kustomization-mng.yaml diff --git a/assets/developer/webstore/carts/base/kustomization.yaml b/assets/workload/webstore/carts/base/kustomization.yaml similarity index 100% rename from assets/developer/webstore/carts/base/kustomization.yaml rename to assets/workload/webstore/carts/base/kustomization.yaml diff --git a/assets/developer/webstore/carts/base/service.yaml b/assets/workload/webstore/carts/base/service.yaml similarity index 100% rename from assets/developer/webstore/carts/base/service.yaml rename to assets/workload/webstore/carts/base/service.yaml diff --git a/assets/developer/webstore/carts/base/serviceAccount.yaml b/assets/workload/webstore/carts/base/serviceAccount.yaml similarity index 100% rename from assets/developer/webstore/carts/base/serviceAccount.yaml rename to assets/workload/webstore/carts/base/serviceAccount.yaml diff --git a/assets/developer/webstore/carts/hub/kustomization.yaml b/assets/workload/webstore/carts/hub/kustomization.yaml similarity index 100% rename from assets/developer/webstore/carts/hub/kustomization.yaml rename to assets/workload/webstore/carts/hub/kustomization.yaml diff --git a/assets/developer/webstore/carts/prod/kustomization-mng.yaml b/assets/workload/webstore/carts/prod/kustomization-mng.yaml similarity index 100% rename from assets/developer/webstore/carts/prod/kustomization-mng.yaml rename to assets/workload/webstore/carts/prod/kustomization-mng.yaml diff --git a/assets/developer/webstore/carts/prod/kustomization.yaml b/assets/workload/webstore/carts/prod/kustomization.yaml similarity index 100% rename from assets/developer/webstore/carts/prod/kustomization.yaml rename to assets/workload/webstore/carts/prod/kustomization.yaml diff --git a/assets/developer/webstore/carts/staging/kustomization-mng.yaml b/assets/workload/webstore/carts/staging/kustomization-mng.yaml similarity index 100% rename from assets/developer/webstore/carts/staging/kustomization-mng.yaml rename to assets/workload/webstore/carts/staging/kustomization-mng.yaml diff --git a/assets/developer/webstore/carts/staging/kustomization.yaml b/assets/workload/webstore/carts/staging/kustomization.yaml similarity index 100% rename from assets/developer/webstore/carts/staging/kustomization.yaml rename to assets/workload/webstore/carts/staging/kustomization.yaml diff --git a/assets/developer/webstore/carts/staging/try-namespace.yaml b/assets/workload/webstore/carts/staging/try-namespace.yaml similarity index 100% rename from assets/developer/webstore/carts/staging/try-namespace.yaml rename to assets/workload/webstore/carts/staging/try-namespace.yaml diff --git a/assets/developer/webstore/catalog/base/configMap.yaml b/assets/workload/webstore/catalog/base/configMap.yaml similarity index 100% rename from assets/developer/webstore/catalog/base/configMap.yaml rename to assets/workload/webstore/catalog/base/configMap.yaml diff --git a/assets/developer/webstore/catalog/base/deployment.yaml b/assets/workload/webstore/catalog/base/deployment.yaml similarity index 100% rename from assets/developer/webstore/catalog/base/deployment.yaml rename to assets/workload/webstore/catalog/base/deployment.yaml diff --git a/assets/developer/webstore/catalog/base/kustomization.yaml b/assets/workload/webstore/catalog/base/kustomization.yaml similarity index 100% rename from assets/developer/webstore/catalog/base/kustomization.yaml rename to assets/workload/webstore/catalog/base/kustomization.yaml diff --git a/assets/developer/webstore/catalog/base/secrets.yaml b/assets/workload/webstore/catalog/base/secrets.yaml similarity index 100% rename from assets/developer/webstore/catalog/base/secrets.yaml rename to assets/workload/webstore/catalog/base/secrets.yaml diff --git a/assets/developer/webstore/catalog/base/service-mysql.yaml b/assets/workload/webstore/catalog/base/service-mysql.yaml similarity index 100% rename from assets/developer/webstore/catalog/base/service-mysql.yaml rename to assets/workload/webstore/catalog/base/service-mysql.yaml diff --git a/assets/developer/webstore/catalog/base/service.yaml b/assets/workload/webstore/catalog/base/service.yaml similarity index 100% rename from assets/developer/webstore/catalog/base/service.yaml rename to assets/workload/webstore/catalog/base/service.yaml diff --git a/assets/developer/webstore/catalog/base/serviceAccount.yaml b/assets/workload/webstore/catalog/base/serviceAccount.yaml similarity index 100% rename from assets/developer/webstore/catalog/base/serviceAccount.yaml rename to assets/workload/webstore/catalog/base/serviceAccount.yaml diff --git a/assets/developer/webstore/catalog/base/statefulset-mysql.yaml b/assets/workload/webstore/catalog/base/statefulset-mysql.yaml similarity index 100% rename from assets/developer/webstore/catalog/base/statefulset-mysql.yaml rename to assets/workload/webstore/catalog/base/statefulset-mysql.yaml diff --git a/assets/developer/webstore/catalog/hub/kustomization.yaml b/assets/workload/webstore/catalog/hub/kustomization.yaml similarity index 100% rename from assets/developer/webstore/catalog/hub/kustomization.yaml rename to assets/workload/webstore/catalog/hub/kustomization.yaml diff --git a/assets/developer/webstore/catalog/prod/kustomization.yaml b/assets/workload/webstore/catalog/prod/kustomization.yaml similarity index 100% rename from assets/developer/webstore/catalog/prod/kustomization.yaml rename to assets/workload/webstore/catalog/prod/kustomization.yaml diff --git a/assets/developer/webstore/catalog/staging/kustomization.yaml b/assets/workload/webstore/catalog/staging/kustomization.yaml similarity index 100% rename from assets/developer/webstore/catalog/staging/kustomization.yaml rename to assets/workload/webstore/catalog/staging/kustomization.yaml diff --git a/assets/developer/webstore/checkout/base/configMap.yaml b/assets/workload/webstore/checkout/base/configMap.yaml similarity index 100% rename from assets/developer/webstore/checkout/base/configMap.yaml rename to assets/workload/webstore/checkout/base/configMap.yaml diff --git a/assets/developer/webstore/checkout/base/deployment-redis.yaml b/assets/workload/webstore/checkout/base/deployment-redis.yaml similarity index 100% rename from assets/developer/webstore/checkout/base/deployment-redis.yaml rename to assets/workload/webstore/checkout/base/deployment-redis.yaml diff --git a/assets/developer/webstore/checkout/base/deployment.yaml b/assets/workload/webstore/checkout/base/deployment.yaml similarity index 100% rename from assets/developer/webstore/checkout/base/deployment.yaml rename to assets/workload/webstore/checkout/base/deployment.yaml diff --git a/assets/developer/webstore/checkout/base/kustomization.yaml b/assets/workload/webstore/checkout/base/kustomization.yaml similarity index 100% rename from assets/developer/webstore/checkout/base/kustomization.yaml rename to assets/workload/webstore/checkout/base/kustomization.yaml diff --git a/assets/developer/webstore/checkout/base/service-redis.yaml b/assets/workload/webstore/checkout/base/service-redis.yaml similarity index 100% rename from assets/developer/webstore/checkout/base/service-redis.yaml rename to assets/workload/webstore/checkout/base/service-redis.yaml diff --git a/assets/developer/webstore/checkout/base/service.yaml b/assets/workload/webstore/checkout/base/service.yaml similarity index 100% rename from assets/developer/webstore/checkout/base/service.yaml rename to assets/workload/webstore/checkout/base/service.yaml diff --git a/assets/developer/webstore/checkout/base/serviceAccount.yaml b/assets/workload/webstore/checkout/base/serviceAccount.yaml similarity index 100% rename from assets/developer/webstore/checkout/base/serviceAccount.yaml rename to assets/workload/webstore/checkout/base/serviceAccount.yaml diff --git a/assets/developer/webstore/checkout/hub/kustomization.yaml b/assets/workload/webstore/checkout/hub/kustomization.yaml similarity index 100% rename from assets/developer/webstore/checkout/hub/kustomization.yaml rename to assets/workload/webstore/checkout/hub/kustomization.yaml diff --git a/assets/developer/webstore/checkout/prod/kustomization.yaml b/assets/workload/webstore/checkout/prod/kustomization.yaml similarity index 100% rename from assets/developer/webstore/checkout/prod/kustomization.yaml rename to assets/workload/webstore/checkout/prod/kustomization.yaml diff --git a/assets/developer/webstore/checkout/staging/kustomization.yaml b/assets/workload/webstore/checkout/staging/kustomization.yaml similarity index 100% rename from assets/developer/webstore/checkout/staging/kustomization.yaml rename to assets/workload/webstore/checkout/staging/kustomization.yaml diff --git a/assets/developer/webstore/orders/base/configMap.yaml b/assets/workload/webstore/orders/base/configMap.yaml similarity index 100% rename from assets/developer/webstore/orders/base/configMap.yaml rename to assets/workload/webstore/orders/base/configMap.yaml diff --git a/assets/developer/webstore/orders/base/deployment-mysql.yaml b/assets/workload/webstore/orders/base/deployment-mysql.yaml similarity index 100% rename from assets/developer/webstore/orders/base/deployment-mysql.yaml rename to assets/workload/webstore/orders/base/deployment-mysql.yaml diff --git a/assets/developer/webstore/orders/base/deployment.yaml b/assets/workload/webstore/orders/base/deployment.yaml similarity index 100% rename from assets/developer/webstore/orders/base/deployment.yaml rename to assets/workload/webstore/orders/base/deployment.yaml diff --git a/assets/developer/webstore/orders/base/kustomization.yaml b/assets/workload/webstore/orders/base/kustomization.yaml similarity index 100% rename from assets/developer/webstore/orders/base/kustomization.yaml rename to assets/workload/webstore/orders/base/kustomization.yaml diff --git a/assets/developer/webstore/orders/base/secrets.yaml b/assets/workload/webstore/orders/base/secrets.yaml similarity index 100% rename from assets/developer/webstore/orders/base/secrets.yaml rename to assets/workload/webstore/orders/base/secrets.yaml diff --git a/assets/developer/webstore/orders/base/service-mysql.yaml b/assets/workload/webstore/orders/base/service-mysql.yaml similarity index 100% rename from assets/developer/webstore/orders/base/service-mysql.yaml rename to assets/workload/webstore/orders/base/service-mysql.yaml diff --git a/assets/developer/webstore/orders/base/service.yaml b/assets/workload/webstore/orders/base/service.yaml similarity index 100% rename from assets/developer/webstore/orders/base/service.yaml rename to assets/workload/webstore/orders/base/service.yaml diff --git a/assets/developer/webstore/orders/base/serviceAccount.yaml b/assets/workload/webstore/orders/base/serviceAccount.yaml similarity index 100% rename from assets/developer/webstore/orders/base/serviceAccount.yaml rename to assets/workload/webstore/orders/base/serviceAccount.yaml diff --git a/assets/developer/webstore/orders/hub/kustomization.yaml b/assets/workload/webstore/orders/hub/kustomization.yaml similarity index 100% rename from assets/developer/webstore/orders/hub/kustomization.yaml rename to assets/workload/webstore/orders/hub/kustomization.yaml diff --git a/assets/developer/webstore/orders/prod/kustomization.yaml b/assets/workload/webstore/orders/prod/kustomization.yaml similarity index 100% rename from assets/developer/webstore/orders/prod/kustomization.yaml rename to assets/workload/webstore/orders/prod/kustomization.yaml diff --git a/assets/developer/webstore/orders/staging/kustomization.yaml b/assets/workload/webstore/orders/staging/kustomization.yaml similarity index 100% rename from assets/developer/webstore/orders/staging/kustomization.yaml rename to assets/workload/webstore/orders/staging/kustomization.yaml diff --git a/assets/developer/webstore/ui/base/configMap.yaml b/assets/workload/webstore/ui/base/configMap.yaml similarity index 100% rename from assets/developer/webstore/ui/base/configMap.yaml rename to assets/workload/webstore/ui/base/configMap.yaml diff --git a/assets/developer/webstore/ui/base/deployment.yaml b/assets/workload/webstore/ui/base/deployment.yaml similarity index 100% rename from assets/developer/webstore/ui/base/deployment.yaml rename to assets/workload/webstore/ui/base/deployment.yaml diff --git a/assets/developer/webstore/ui/base/hpa.yaml b/assets/workload/webstore/ui/base/hpa.yaml similarity index 100% rename from assets/developer/webstore/ui/base/hpa.yaml rename to assets/workload/webstore/ui/base/hpa.yaml diff --git a/assets/developer/webstore/ui/base/kustomization.yaml b/assets/workload/webstore/ui/base/kustomization.yaml similarity index 100% rename from assets/developer/webstore/ui/base/kustomization.yaml rename to assets/workload/webstore/ui/base/kustomization.yaml diff --git a/assets/developer/webstore/ui/base/nlb.yaml b/assets/workload/webstore/ui/base/nlb.yaml similarity index 100% rename from assets/developer/webstore/ui/base/nlb.yaml rename to assets/workload/webstore/ui/base/nlb.yaml diff --git a/assets/developer/webstore/ui/base/service.yaml b/assets/workload/webstore/ui/base/service.yaml similarity index 100% rename from assets/developer/webstore/ui/base/service.yaml rename to assets/workload/webstore/ui/base/service.yaml diff --git a/assets/developer/webstore/ui/base/serviceAccount.yaml b/assets/workload/webstore/ui/base/serviceAccount.yaml similarity index 100% rename from assets/developer/webstore/ui/base/serviceAccount.yaml rename to assets/workload/webstore/ui/base/serviceAccount.yaml diff --git a/assets/developer/webstore/ui/hub/kustomization.yaml b/assets/workload/webstore/ui/hub/kustomization.yaml similarity index 100% rename from assets/developer/webstore/ui/hub/kustomization.yaml rename to assets/workload/webstore/ui/hub/kustomization.yaml diff --git a/assets/developer/webstore/ui/prod/hpa.yaml b/assets/workload/webstore/ui/prod/hpa.yaml similarity index 100% rename from assets/developer/webstore/ui/prod/hpa.yaml rename to assets/workload/webstore/ui/prod/hpa.yaml diff --git a/assets/developer/webstore/ui/prod/kustomization.yaml b/assets/workload/webstore/ui/prod/kustomization.yaml similarity index 100% rename from assets/developer/webstore/ui/prod/kustomization.yaml rename to assets/workload/webstore/ui/prod/kustomization.yaml diff --git a/assets/developer/webstore/ui/staging/kustomization.yaml b/assets/workload/webstore/ui/staging/kustomization.yaml similarity index 100% rename from assets/developer/webstore/ui/staging/kustomization.yaml rename to assets/workload/webstore/ui/staging/kustomization.yaml diff --git a/content/010_prerequisites/index.en.md b/content/010-prerequisites.md similarity index 58% rename from content/010_prerequisites/index.en.md rename to content/010-prerequisites.md index 7efb29b..6d65808 100644 --- a/content/010_prerequisites/index.en.md +++ b/content/010-prerequisites.md @@ -7,8 +7,6 @@ weight: 10 1. Basic knowledge of [Terraform](https://developer.hashicorp.com/terraform/tutorials/aws-get-started), Terraform [workspaces](https://developer.hashicorp.com/terraform/language/state/workspaces) 2. Basic knowledge of [Argo CD](https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/) Application, ApplicationSet, Projects, App of App pattern and Generator concepts - Cluster, Git, and Matrix, -3. GitHub account -4. Familiarity with GitHub cli commands clone, commit, pull, push -5. GitHub [access token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#creating-a-fine-grained-personal-access-token) -6. Basic knowledge of [GitOps Bridge](https://github.com/gitops-bridge-dev/kubecon-2023-na-argocon/blob/main/terraform/eks-argocd/README.md) -7. Basic knowledge of [Helm](https://helm.sh/docs/) +3. Familiarity with Git cli commands clone, commit, pull, push +4. Basic knowledge of [GitOps Bridge](https://github.com/gitops-bridge-dev/kubecon-2023-na-argocon/blob/main/terraform/eks-argocd/README.md) +5. Basic knowledge of [Helm](https://helm.sh/docs/) diff --git a/content/010_prerequisites/010-fork-github.md b/content/010_prerequisites/010-fork-github.md deleted file mode 100644 index a0ca85c..0000000 --- a/content/010_prerequisites/010-fork-github.md +++ /dev/null @@ -1,44 +0,0 @@ ---- -title: 'Fork workshop repo' -weight: 10 ---- - -### 1. Github account - -You need to have a GitHub account. - -If you don't have an account - -1. Navigate to https://github.com/ -2. Click Sign up -3. Follow the prompts to create an account - -### 2. Fork the workshop repository -Forking a repository makes a copy of the workshop files into your GitHub account. You will update your repository throughout the workshop. - -1. Navigate to https://github.com/aws-samples/eks-blueprints-for-terraform-workshop -2. Click on the arrow near the **Fork** button and choose "**Create a new fork**" - - ![GitHub Fork](/static/images/github-fork.png) -3. Under "Owner," select the dropdown menu and click your github for the forked repository -4. Keep the repository name as eks-blueprints-for-terraform-workshop -5. Click **Create fork** - -### 3. Generate GitHub access token -Throughout the workshop you will be updating the forked repository. You will use token to authenticate to GitHub. - -1. Navigate to https://github.com -2. In the upper-right corner of any page, click your profile photo, then click Settings -![GitHub Fork](/static/images/github-setting.png) -3. On the left sidebar, at the bottom, click **Developer settings** -4. In the left sidebar, under **Personal access tokens**, click **Fine-grained tokens** -5. Click **Generate new token** button. Use the default value for any field that is not explicitly specified in the steps below. -6. Under **Token name**, enter a name for the token -7. Under Expiration, select an expiration for the token -8. Under **Repository access**, click either **All repositoties** or **Only select repositories** to restrict the token on and select the forked **eks-blueprints-for-terraform-workshop** repository -9. Under Permissions, select **Repository Permissions** -10. Select *Contents* dropdown and select "Read and Write" - - ![GitHub permissions](/static/images/github-permission.png) -11. Click **Generate Token**. Store this token safely. You will need this token throughout the workshop. If you loose it, generate a new token. - diff --git a/content/030_base/030_create-vpc/010-create-vpc.md b/content/030_base/030_create-vpc/010-create-vpc.md index 7bc8f59..44e81cf 100644 --- a/content/030_base/030_create-vpc/010-create-vpc.md +++ b/content/030_base/030_create-vpc/010-create-vpc.md @@ -160,6 +160,4 @@ terraform apply -auto-approve Once completed, you can see the VPC in the [console](https://console.aws.amazon.com/vpc/home?#vpcs:tag:Name=eks-blueprint) -Next, you will create an EKS cluster. - ::alert[This workshop uses local Terraform state. To learn about a proper setup, take a look at https://www.terraform.io/language/state]{header="Terraform State Management"} diff --git a/content/030_base/035_gitrepo/010-create-repo.md b/content/030_base/035_gitrepo/010-create-repo.md new file mode 100644 index 0000000..87850eb --- /dev/null +++ b/content/030_base/035_gitrepo/010-create-repo.md @@ -0,0 +1,467 @@ +--- +title: 'Create CodeCommit Repository' +weight: 10 +--- + +### 1. Create Terraform providers + +Define Terraform and providers versions + +```bash +mkdir -p ~/environment/codecommit +cd ~/environment/codecommit +cat > ~/environment/codecommit/versions.tf << 'EOF' +terraform { + required_version = ">= 1.4.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 5.0.0" + } + random = { + version = ">= 3" + } + } +} +EOF +``` + +### 2. Define variables + +Define values for CodeCommit repository names and repo path within the repositories. + +```bash +cat > ~/environment/codecommit/variables.tf << 'EOF' + + +variable "ssh_key_basepath" { + description = "path to .ssh directory" + type = string + default = "~/.ssh" +} + +variable "gitops_addons_basepath" { + description = "Git repository base path for addons" + default = "addons/" +} +variable "gitops_addons_path" { + description = "Git repository path for addons" + default = "applicationset/" +} +variable "gitops_addons_revision" { + description = "Git repository revision/branch/ref for addons" + default = "HEAD" +} +variable "gitops_addons_repo_name" { + description = "Git repository name for addons" + default = "gitops-platform" +} + +variable "gitops_platform_basepath" { + description = "Git repository base path for platform" + default = "" +} +variable "gitops_platform_path" { + description = "Git repository path for workload" + default = "bootstrap" +} +variable "gitops_platform_revision" { + description = "Git repository revision/branch/ref for workload" + default = "HEAD" +} +variable "gitops_platform_repo_name" { + description = "Git repository name for platform" + default = "gitops-platform" +} + +variable "gitops_workload_basepath" { + description = "Git repository base path for workload" + default = "" +} +variable "gitops_workload_path" { + description = "Git repository path for workload" + default = "" +} +variable "gitops_workload_revision" { + description = "Git repository revision/branch/ref for workload" + default = "HEAD" +} +variable "gitops_workload_repo_name" { + description = "Git repository name for workload" + default = "gitops-workload" +} + +EOF +``` + +### 3. Create repositories + +Create repositories, IAM user and configure the user to access repositories. + +```bash +cat > ~/environment/codecommit/main.tf <<'EOF' + + +data "aws_region" "current" {} + +locals { + + context_prefix = "terraform-workshop" + + gitops_workload_repo_name = var.gitops_workload_repo_name + gitops_workload_org = "ssh://${aws_iam_user_ssh_key.gitops.id}@git-codecommit.${data.aws_region.current.id}.amazonaws.com" + gitops_workload_repo = "v1/repos/${local.gitops_workload_repo_name}" + + gitops_platform_repo_name = var.gitops_platform_repo_name + gitops_platform_org = "ssh://${aws_iam_user_ssh_key.gitops.id}@git-codecommit.${data.aws_region.current.id}.amazonaws.com" + gitops_platform_repo = "v1/repos/${local.gitops_platform_repo_name}" + + gitops_addons_repo_name = var.gitops_addons_repo_name + gitops_addons_org = "ssh://${aws_iam_user_ssh_key.gitops.id}@git-codecommit.${data.aws_region.current.id}.amazonaws.com" + gitops_addons_repo = "v1/repos/${local.gitops_addons_repo_name}" + + ssh_key_basepath = var.ssh_key_basepath + git_private_ssh_key = "${local.ssh_key_basepath}/gitops_ssh.pem" + git_private_ssh_key_config = "${local.ssh_key_basepath}/config" + ssh_host = "git-codecommit.*.amazonaws.com" + ssh_config = <<-EOF + # AWS Workshop https://github.com/aws-samples/argocd-on-amazon-eks-workshop.git + Host ${local.ssh_host} + User ${aws_iam_user_ssh_key.gitops.id} + IdentityFile ${local.git_private_ssh_key} + EOF + +} + +resource "aws_codecommit_repository" "workloads" { + repository_name = local.gitops_workload_repo_name + description = "CodeCommit repository for ArgoCD workloads" +} + +resource "aws_codecommit_repository" "platform" { + repository_name = local.gitops_platform_repo_name + description = "CodeCommit repository for ArgoCD platform" +} + + +resource "aws_iam_user" "gitops" { + name = "${local.context_prefix}-gitops" + path = "/" +} + +resource "aws_iam_user_ssh_key" "gitops" { + username = aws_iam_user.gitops.name + encoding = "SSH" + public_key = tls_private_key.gitops.public_key_openssh +} + +resource "tls_private_key" "gitops" { + algorithm = "RSA" + rsa_bits = 4096 +} + +resource "random_string" "secret_suffix" { + length = 5 # Length of the random string + special = false # Set to true if you want to include special characters + upper = true # Set to true if you want uppercase letters in the string + lower = true # Set to true if you want lowercase letters in the string + number = true # Set to true if you want numbers in the string +} +resource "aws_secretsmanager_secret" "codecommit_key" { + name = "codecommit-key-${random_string.secret_suffix.result}" +} + +resource "aws_secretsmanager_secret_version" "private_key_secret_version" { + secret_id = aws_secretsmanager_secret.codecommit_key.id + secret_string = tls_private_key.gitops.private_key_pem +} + +resource "local_file" "ssh_private_key" { + content = tls_private_key.gitops.private_key_pem + filename = pathexpand(local.git_private_ssh_key) + file_permission = "0600" +} + +resource "local_file" "ssh_config" { + count = local.ssh_key_basepath == "/home/ec2-user/.ssh" ? 1 : 0 + content = local.ssh_config + filename = pathexpand(local.git_private_ssh_key_config) + file_permission = "0600" + + # Ensure that the local_file resource is created/updated after the local-exec provisioner + depends_on = [null_resource.append_string_block] +} + +resource "null_resource" "append_string_block" { + count = local.ssh_key_basepath == "/home/ec2-user/.ssh" ? 0 : 1 + triggers = { + always_run = "${timestamp()}" + file = pathexpand(local.git_private_ssh_key_config) + } + + provisioner "local-exec" { + when = create + command = <<-EOL + start_marker="### START BLOCK AWS Workshop ###" + end_marker="### END BLOCK AWS Workshop ###" + block="$start_marker\n${replace(local.ssh_config, "\n", "\n")}\n$end_marker" + file="${self.triggers.file}" + + if ! grep -q "$start_marker" "$file"; then + echo "$block" >> "$file" + fi + EOL + } + + provisioner "local-exec" { + when = destroy + command = <<-EOL + start_marker="### START BLOCK AWS Workshop ###" + end_marker="### END BLOCK AWS Workshop ###" + file="${self.triggers.file}" + + if grep -q "$start_marker" "$file"; then + sed -i "/$start_marker/,/$end_marker/d" "$file" + fi + EOL + + } +} + + +data "aws_iam_policy_document" "gitops_access" { + statement { + sid = "" + actions = [ + "codecommit:GitPull", + "codecommit:GitPush" + ] + effect = "Allow" + resources = [ + aws_codecommit_repository.workloads.arn, + aws_codecommit_repository.platform.arn, + ] + } +} + +resource "aws_iam_policy" "gitops_access" { + name = "${local.context_prefix}-gitops" + path = "/" + policy = data.aws_iam_policy_document.gitops_access.json +} + +resource "aws_iam_user_policy_attachment" "gitops_access" { + user = aws_iam_user.gitops.name + policy_arn = aws_iam_policy.gitops_access.arn +} + + +EOF +``` + +### 4. Create outputs + +The outputs are referenced in upcoming chapters. + +```bash +cat > ~/environment/codecommit/outputs.tf <<'EOF' +output "configure_argocd" { + value = "argocd repo add ${local.gitops_workload_org}/${local.gitops_workload_repo} --ssh-private-key-path $${HOME}/.ssh/gitops_ssh.pem --insecure-ignore-host-key --upsert --name git-repo" +} +output "git_clone" { + value = "git clone ${local.gitops_workload_org}/${local.gitops_workload_repo}" +} +output "ssh_config" { + value = local.ssh_config +} +output "ssh_host" { + value = local.ssh_host +} + +output "git_private_ssh_key" { + value = local.git_private_ssh_key +} + +output "gitops_addons_url" { + value = "${local.gitops_addons_org}/${local.gitops_addons_repo}" +} +output "gitops_addons_org" { + description = "Git repository org/user contains for addons" + value = local.gitops_addons_org +} +output "gitops_addons_repo" { + description = "Git repository contains for addons" + value = local.gitops_addons_repo +} +output "gitops_addons_basepath" { + description = "Git repository base path for addons" + value = var.gitops_addons_basepath +} +output "gitops_addons_path" { + description = "Git repository path for addons" + value = var.gitops_addons_path +} +output "gitops_addons_revision" { + description = "Git repository revision/branch/ref for addons" + value = var.gitops_addons_revision +} + +output "gitops_platform_url" { + value = "${local.gitops_platform_org}/${local.gitops_platform_repo}" +} +output "gitops_platform_org" { + description = "Git repository org/user contains for platform" + value = local.gitops_platform_org +} +output "gitops_platform_repo" { + description = "Git repository contains for platform" + value = local.gitops_workload_repo +} +output "gitops_platform_basepath" { + description = "Git repository base path for platform" + value = var.gitops_platform_basepath +} +output "gitops_platform_path" { + description = "Git repository path for platform" + value = var.gitops_platform_path +} +output "gitops_platform_revision" { + description = "Git repository revision/branch/ref for platform" + value = var.gitops_platform_revision +} + +output "gitops_workload_url" { + value = "${local.gitops_workload_org}/${local.gitops_workload_repo}" +} +output "gitops_workload_org" { + description = "Git repository org/user contains for workload" + value = local.gitops_workload_org +} +output "gitops_workload_repo" { + description = "Git repository contains for workload" + value = local.gitops_workload_repo +} +output "gitops_workload_basepath" { + description = "Git repository base path for workload" + value = var.gitops_workload_basepath +} +output "gitops_workload_path" { + description = "Git repository path for workload" + value = var.gitops_workload_path +} +output "gitops_workload_revision" { + description = "Git repository revision/branch/ref for workload" + value = var.gitops_workload_revision +} +output "codecommit_key_id" { + description = "Secret name that holds the SSH key for accessing CodeCommit" + value = aws_secretsmanager_secret.codecommit_key.id +} +output "codecommit_key_name" { + description = "Secret name that holds the SSH key for accessing CodeCommit" + value = aws_secretsmanager_secret.codecommit_key.name +} + +EOF +``` +### 5. Provision CodeCommit repositories + +```bash +cd ~/environment/codecommit +terraform init +terraform apply --auto-approve +``` + +## Populate git repositories + +The CodeCommit repositories will be populated with starter files first. These starter files will provide a foundation for the workshop. In the following workshop chapters, we will build on top of these starter files. +### 1. Set environment variables + +```bash +export ACCOUNT_ID=$(aws sts get-caller-identity --output text --query Account) +export AWS_DEFAULT_REGION=$(curl -s 169.254.169.254/latest/dynamic/instance-identity/document | jq -r '.region') +export WORKING_DIR="$HOME/environment" +export SOURCE_DIR="$WORKING_DIR/source/assets" +export SCRIPT_DIR="$SOURCE_DIR/scripts" +export GITOPS_DIR="$WORKING_DIR/gitops-repos" + + +echo "export ACCOUNT_ID=${ACCOUNT_ID}" | tee -a ~/.bash_profile +echo "export AWS_DEFAULT_REGION=${AWS_DEFAULT_REGION}" | tee -a ~/.bash_profile +echo "export WORKING_DIR=${WORKING_DIR}" | tee -a ~/.bash_profile +echo "export SOURCE_DIR=${SOURCE_DIR}" | tee -a ~/.bash_profile +echo "export SCRIPT_DIR=${SCRIPT_DIR}" | tee -a ~/.bash_profile +echo "export GITOPS_DIR=${GITOPS_DIR}" | tee -a ~/.bash_profile +source ~/.bash_profile + +``` + + + +### 2. Clone starter files + +Clone webstore workload , starter files for platform and cleanup scripts. + +![Clone Repository](/static/images/clone_starterfiles.png) + +```bash +cd $WORKING_DIR +git clone --depth 1 --no-checkout https://github.com/aws-samples/eks-blueprints-for-terraform-workshop source +cd source +git sparse-checkout set assets +git checkout +cd $WORKING_DIR + +``` +::::expand{header="What is in my cloned repo?"} +This repository contains resources for managing Kubernetes clusters in the **assets** directory. It includes Kubernetes YAML files for deploying workloads, ApplicationSets, and configuration values for addons, namespaces, and projects. + +Asset Folder:![Asset Folders](/static/images/asset-github-folders.png) + +Platform Folder:![Platform Folders](/static/images/platform-github-folders.png) + +Webstore Workload Folder:![Workload Folders](/static/images/workload-github-folders.png) +:::: + +### 3. Populate codecommit gitops-platform repository + +Copy platform starter files to "gitops-repos" folder from the cloned repository. + +![Local Platform](/static/images/local_platform.png) + +Push "gitops-repos" platform folder to codecommit "gitops-platform" repository + +![CodeCommit Platform](/static/images/codecommit_platform.png) + + +```bash +mkdir -p ${GITOPS_DIR} +gitops_platform_url=ssh://git-codecommit.${AWS_DEFAULT_REGION}.amazonaws.com/v1/repos/gitops-platform +# populate platform repository +ssh-keyscan -H git-codecommit.${AWS_REGION}.amazonaws.com &> ~/.ssh/known_hosts +git clone ${gitops_platform_url} ${GITOPS_DIR}/platform +cp -r $SOURCE_DIR/platform/* ${GITOPS_DIR}/platform +cd ${GITOPS_DIR}/platform +git -C ${GITOPS_DIR}/platform add . || true +git -C ${GITOPS_DIR}/platform commit -m "initial commit" || true +git -C ${GITOPS_DIR}/platform push || true +``` + + + +### 4. Populate codecommit gitops-workload repository + + +```bash +cd ~/environment +gitops_workload_url=ssh://git-codecommit.${AWS_DEFAULT_REGION}.amazonaws.com/v1/repos/gitops-workload +# populate workload repository +git clone ${gitops_workload_url} ${GITOPS_DIR}/workload +cp -r $SOURCE_DIR/workload/* ${GITOPS_DIR}/workload +cd ${GITOPS_DIR}/workload +git -C ${GITOPS_DIR}/workload add . || true +git -C ${GITOPS_DIR}/workload commit -m "initial commit" || true +git -C ${GITOPS_DIR}/workload push || true + +``` \ No newline at end of file diff --git a/content/030_base/035_gitrepo/index.en.md b/content/030_base/035_gitrepo/index.en.md new file mode 100644 index 0000000..64cf798 --- /dev/null +++ b/content/030_base/035_gitrepo/index.en.md @@ -0,0 +1,19 @@ +--- +title: 'Setup Git Repository' +weight: 35 +--- + +In this workshop you are going to create two codecommit repositories: + +![CodeCommit Repository](/static/images/codecommit_repos.png) + +1. "gitops-workload" for developers to store Kubernetes manifests for webstore microservices workload + +2. "gitops-platform" for platform engineers to store infrastructure artifacts like addons, application deployment, etc. + +The separation of the workload and platform repositories between developers and platform engineers illustrates a separation of roles and responsibilities. Using CodeCommit provides a managed git service on AWS. Creating the IAM user allows controlled access to the repositories. + +This workshop creates "terraform-workshop-gitops" IAM user to [access](https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-ssh-unixes.html#setting-up-ssh-unixes-keys) both repositories. + +* Creates policy to access two repositories +* Configures SSH access to the repositories with public and private key diff --git a/content/030_base/060_addons/030-update-metadata.md b/content/030_base/060_addons/030-update-metadata.md index ba19c76..881f405 100644 --- a/content/030_base/060_addons/030-update-metadata.md +++ b/content/030_base/060_addons/030-update-metadata.md @@ -13,132 +13,60 @@ In the Argo CD user interface, go to the hub cluster. The hub-cluster currently > Labels can be used to find collections of objects that satisfy generator conditions. Annotations provide additional information. -### 1. Add variables -You can have separate git repository for addons, platform and workloads. In this workshop they all exist in the same repository. -Define Git repository variables for addons, platform, and workloads. These repository variables will be referenced in upcoming chapters when generating Applications. +### 1. Codecommit Remote State +The hub cluster references codecommit module outputs. ```json -cat <<'EOF' >> ~/environment/hub/variables.tf -variable "gitops_addons_url" { - type = string - description = "Git repository addons url" - default = "https://github.com/aws-samples/eks-blueprints-for-terraform-workshop.git" -} -variable "gitops_platform_url" { - type = string - description = "Git repository platform url" - default = "https://github.com/aws-samples/eks-blueprints-for-terraform-workshop.git" -} -variable "gitops_workload_url" { - type = string - description = "Git repository platform url" - default = "https://github.com/aws-samples/eks-blueprints-for-terraform-workshop.git" -} -variable "gitops_addons_basepath" { - type = string - description = "Git repository base path for addons" - default = "assets/platform/addons/" -} -variable "gitops_addons_path" { - type = string - description = "Git repository path for addons" - default = "applicationset/" -} -variable "gitops_addons_revision" { - type = string - description = "Git repository revision/branch/ref for addons" - default = "HEAD" -} -variable "gitops_platform_basepath" { - type = string - description = "Git repository base path for platform" - default = "assets/platform/" -} -variable "gitops_platform_path" { - type = string - description = "Git repository path for platform" - default = "bootstrap" -} -variable "gitops_platform_revision" { - type = string - description = "Git repository revision/branch/ref for platform" - default = "HEAD" -} -variable "gitops_workload_basepath" { - type = string - description = "Git repository base path for platform" - default = "assets/developer/" -} -variable "gitops_workload_path" { - type = string - description = "Git repository path for workload" - default = "gitops/apps" -} -variable "gitops_workload_revision" { - type = string - description = "Git repository revision/branch/ref for platform" - default = "HEAD" +cat <<'EOF' >> ~/environment/hub/remote_state.tf + +data "terraform_remote_state" "git" { + backend = "local" + + config = { + path = "${path.module}/../codecommit/terraform.tfstate" + } } EOF ``` -### Set git Values - -Copy the provided code snippet, replace the placeholder value "<>" with your actual GitHub User Name, used to fork the repository. We use the full HTTPS clone URL **Then you can proceed.**. ->If you have clone the repo in another organisation than you're GitHub User, you can also update the GITHUB_LOGIN with your org name. - -```bash -export GITHUB_USER="<>" -export GITHUB_LOGIN=$GITHUB_USER -export GITHUB_TOKEN="<> -``` +### 2. Reference Codecommit outputs values ```json -cat <> ~/environment/terraform.tfvars -gitops_addons_url = "https://github.com/${GITHUB_LOGIN}/eks-blueprints-for-terraform-workshop.git" -gitops_platform_url = "https://github.com/${GITHUB_LOGIN}/eks-blueprints-for-terraform-workshop.git" -gitops_workload_url = "https://github.com/${GITHUB_LOGIN}/eks-blueprints-for-terraform-workshop.git" - -addons = { - enable_aws_load_balancer_controller = false - enable_aws_argocd = false +cat <<'EOF' >> ~/environment/hub/main.tf +locals{ + + gitops_addons_url = data.terraform_remote_state.git.outputs.gitops_addons_url + gitops_addons_basepath = data.terraform_remote_state.git.outputs.gitops_addons_basepath + gitops_addons_path = data.terraform_remote_state.git.outputs.gitops_addons_path + gitops_addons_revision = data.terraform_remote_state.git.outputs.gitops_addons_revision + + gitops_platform_url = data.terraform_remote_state.git.outputs.gitops_platform_url + gitops_platform_basepath = data.terraform_remote_state.git.outputs.gitops_platform_basepath + gitops_platform_path = data.terraform_remote_state.git.outputs.gitops_platform_path + gitops_platform_revision = data.terraform_remote_state.git.outputs.gitops_platform_revision + + gitops_workload_url = data.terraform_remote_state.git.outputs.gitops_workload_url + gitops_workload_basepath = data.terraform_remote_state.git.outputs.gitops_workload_basepath + gitops_workload_path = data.terraform_remote_state.git.outputs.gitops_workload_path + gitops_workload_revision = data.terraform_remote_state.git.outputs.gitops_workload_revision + } EOF ``` -::alert[Check the file is correctly filled]{header="Important" type="warning"} -```bash -c9 open ~/environment/terraform.tfvars -``` - -Example: -``` -eks_admin_role_name = "WSParticipantRole" -gitops_addons_url = "https://github.com/seb-workshop/eks-blueprints-for-terraform-workshop.git" -gitops_platform_url = "https://github.com/seb-workshop/eks-blueprints-for-terraform-workshop.git" -gitops_workload_url = "https://github.com/seb-workshop/eks-blueprints-for-terraform-workshop.git" - -addons = { - enable_aws_load_balancer_controller = false - enable_aws_argocd = false -} -``` -::alert[For simplicity in this workshop, we use the same Git repository for add-ons, platform, and workloads. However, the project is structured to allow you to easily use separate Git repositories for each functionality, depending on your needs.]{header="Important" type="warning"} +### 2. Define addons variables -### 2. Define local variables +Define enable-* addons boolean variables. These provide a simple way to control whether addons are installed or removed. Define addons variable as a list of key/value pairs of addon(enable-*) values. Define addons_metadata variable as a list of key/value pairs of mainly codecommit values. -Define some local variables, that include: -- *'addons'* local, which represents the Labels that will be sent to the Cluster Secret -- *'addons_metadata'* local, which represents the annotations that will be sent to the Cluster Secfret Some values are commented and will be used later in the workshop. -:::code{showCopyAction=true showLineNumbers=false language=json highlightLines='48,73'} +:::code{showCopyAction=true showLineNumbers=false language=json highlightLines='48,58'} cat <<'EOF' >> ~/environment/hub/main.tf locals{ @@ -196,21 +124,6 @@ locals{ ) - gitops_addons_url = var.gitops_addons_url - gitops_addons_basepath = var.gitops_addons_basepath - gitops_addons_path = var.gitops_addons_path - gitops_addons_revision = var.gitops_addons_revision - - gitops_platform_url = var.gitops_platform_url - gitops_platform_basepath = var.gitops_platform_basepath - gitops_platform_path = var.gitops_platform_path - gitops_platform_revision = var.gitops_platform_revision - - gitops_workload_url = var.gitops_workload_url - gitops_workload_basepath = var.gitops_workload_basepath - gitops_workload_path = var.gitops_workload_path - gitops_workload_revision = var.gitops_workload_revision - addons_metadata = merge( #enableaddonmetadata module.eks_blueprints_addons.gitops_metadata, { @@ -248,63 +161,6 @@ locals{ EOF ::: -### 3. Define outputs - -The purpose of these outputs is to provide data for upcoming spoke modules (in advanced sections). - -```bash -cat <<'EOF' >> ~/environment/hub/outputs.tf - -output "gitops_addons_url" { - value = local.gitops_addons_url -} - -output "gitops_addons_path" { - value = local.gitops_addons_path -} - -output "gitops_addons_revision" { - value = local.gitops_addons_revision -} - -output "gitops_addons_basepath" { - value = local.gitops_addons_basepath -} - -output "gitops_platform_url" { - value = local.gitops_platform_url -} - -output "gitops_platform_path" { - value = local.gitops_platform_path -} - -output "gitops_platform_revision" { - value = local.gitops_platform_revision -} - -output "gitops_platform_basepath" { - value = local.gitops_platform_basepath -} - -output "gitops_workload_url" { - value = local.gitops_workload_url -} - -output "gitops_workload_path" { - value = local.gitops_workload_path -} - -output "gitops_workload_revision" { - value = local.gitops_workload_revision -} - -output "gitops_workload_basepath" { - value = local.gitops_workload_basepath -} - -EOF -``` ### 4. Update Labels and Annotations We need to update the labels and annotations on the hub-cluster Cluster object. To do this, we will use the GitOps Bridge. The GitOps Bridge is configured to update labels and annotations on the specified cluster object. @@ -342,8 +198,9 @@ Goto to the **Settings > Clusters > hub-cluster** in the Argo CD dashboard. Exa ![Hub Cluster Updated Metadata](/static/images/hubcluster-update-metadata.png) -You can check that the Labels and annotations are correctly propagated to the cluster secret: +ArgoCD pulls lables and annotations for the cluster object from a kubernetes secret. We used gitops bridge to update labels and annotations for the secret. +You can check the Labels and annotations on the cluster secret: ```bash kubectl --context hub get secrets -n argocd hub-cluster -o yaml diff --git a/content/030_base/060_addons/033-argocd-repos.md b/content/030_base/060_addons/033-argocd-repos.md new file mode 100644 index 0000000..2e7cee0 --- /dev/null +++ b/content/030_base/060_addons/033-argocd-repos.md @@ -0,0 +1,62 @@ +--- +title: 'Create ArgoCD Repositories' +weight: 33 +--- + +In the previous chapter, we created "gitops-platform" and "gitops-workload" CodeCommit repositories. There are [different ways](https://argo-cd.readthedocs.io/en/stable/user-guide/private-repositories/) to provide ArgoCD access to these repositories. In this chapter, we will use SSH private keys to grant ArgoCD access to the CodeCommit repositories. + +### 1. Create ArgoCD git repositories + +```json +cat <<'EOF' >> ~/environment/hub/main.tf +locals{ + git_private_ssh_key = data.terraform_remote_state.git.outputs.git_private_ssh_key +} + +resource "kubernetes_secret" "git_secrets" { + for_each = { + git-platform = { + type = "git" + url = local.gitops_platform_url + sshPrivateKey = file(pathexpand(local.git_private_ssh_key)) + insecureIgnoreHostKey = "true" + } + git-workloads = { + type = "git" + url = local.gitops_workload_url + sshPrivateKey = file(pathexpand(local.git_private_ssh_key)) + insecureIgnoreHostKey = "true" + } + + } + metadata { + name = each.key + namespace = local.argocd_namespace + labels = { + "argocd.argoproj.io/secret-type" = "repository" + } + } + data = each.value +} +EOF +``` + +### 2. Apply Terraform + +```bash +cd ~/environment/hub +terraform apply --auto-approve +``` + +Navigate to the ArgoCD dashboard, then go to the Settings page, and select Repositories to view gitops-platform and gitops-workload repositories + +![ArgoCD Repositories](/static/images/argocd-repositories.png) + +The Git repository connection data for ArgoCD is stored in a Kubernetes Secret. You can verify that ArgoCD has created the Secret object that contains the configuration, including the SSH private keys, to access Git repositories. + +```json +kubectl get secret -n argocd --selector=argocd.argoproj.io/secret-type=repository --context hub +``` + +![ArgoCD Repository Secret](/static/images/argocd_k8s_repos.png) + diff --git a/content/030_base/060_addons/040-addons-applicationset.md b/content/030_base/060_addons/040-addons-applicationset.md index cc3c6f9..8083372 100644 --- a/content/030_base/060_addons/040-addons-applicationset.md +++ b/content/030_base/060_addons/040-addons-applicationset.md @@ -5,35 +5,16 @@ weight: 40 The focus of this chapter is to set up Argo CD to install and manage add-ons for EKS clusters. -### 1. Clone repository +### 1. Configure Addons ApplicationSet -Make a clone of your GitHub repository locally so that you can add applicationset files to it. Instead of cloning the entire repo, checkout only `assets` folder to keep things simple using sparse-checkout. (Note, this also checkouts files not tied to a directory) - - -```bash -cd ~/environment -git clone --no-checkout https://${GITHUB_USER}:${GITHUB_TOKEN}@github.com/${GITHUB_LOGIN}/eks-blueprints-for-terraform-workshop.git wgit -cd wgit -git sparse-checkout init --cone -git sparse-checkout set assets -git checkout -``` - -::::expand{header="What is in my cloned repo?"} -This repository contains resources for managing Kubernetes clusters in the **assets** directory. It includes Kubernetes YAML files for deploying workloads, ApplicationSets, and configuration values for addons, namespaces, and projects. - -![Kubernetes Addons](/static/images/platform-github-folders.png) -:::: - -### 2. Configure Addons ApplicationSet - -Previously, you created an "App of Apps" Application that referenced the "appofapps" folder to include all the files in this folder. You will add "cluster-addons" Argo CD Application, which is configured to point to the cloned copy of the GitOps Bridge ApplicationSet repository in your own Git repo. Addons repo is under `assets/platform/addons/applicationset` folder. +Previously, you created an "App of Apps" Application that referenced the "appofapps" folder. You will add "cluster-addons" Argo CD ApplicationSet in appofapps folder, which is configured to point to the cloned copy of the GitOps Bridge ApplicationSet repository in your own "gitops-platform" repo. ![cluster-addons](/static/images/cluster-addons.png) ```bash -cat > ~/environment/wgit/assets/platform/appofapps/addons-applicationset.yaml << 'EOF' + +cat > $GITOPS_DIR/platform/appofapps/addons-applicationset.yaml << 'EOF' apiVersion: argoproj.io/v1alpha1 kind: ApplicationSet metadata: @@ -67,19 +48,25 @@ spec: EOF ``` -### 3. Commit addons ApplicationSet to Git + - When pushing to from a remote git repository, if you haven't authenticated before, it will prompt you for your credentials. + + + + + + + + + + You may need to authenticate with username="" and password="" to push on the repository--> ```bash -cd ~/environment/wgit -git add . -git commit -m "add addons applicationset" -git push +git -C ${GITOPS_DIR}/platform add . || true +git -C ${GITOPS_DIR}/platform commit -m "add addon applicationset" || true +git -C ${GITOPS_DIR}/platform push || true ``` -> You may need to authenticate with username="" and password="" to push on the repository - ### 4. Validate addons ApplicationSet ::alert[The default configuration for Argo CD is to check for updates in a git repository every 3 minutes. It might take upto 3 minutes to recognize the new file in the git repo. Click on REFRESH APPS on the Argo CD Dashboard to refresh rightaway.]{header="cluster-addons Application"} diff --git a/content/030_base/060_addons/050-loadbalancer-addon.md b/content/030_base/060_addons/050-loadbalancer-addon.md index 128cbcb..779b5b7 100644 --- a/content/030_base/060_addons/050-loadbalancer-addon.md +++ b/content/030_base/060_addons/050-loadbalancer-addon.md @@ -5,10 +5,10 @@ weight: 50 The goal of this chapter is to demonstrate how easy it can be to install an addon on a Kubernetes cluster using Argo CD. The steps will show you how a simple change to the Git repository can trigger Argo CD to deploy and manage an addon in an automated way. -In the previous chapter, we created ApplicationSets for various add-ons, but they did not generate any Applications yet because the conditions were not met. For example, looking at the `assets/platform/addons/applicationset/aws/addons-aws-load-balancer-controller-appset.yaml` file in your Git repo, the loadbalancer ApplicationSet requires clusters to have the label `enable_aws_load_balancer_controller=true`. Currently, your only cluster is hub-cluster and it does not have that label. +In the previous chapter, we created ApplicationSets for various add-ons, but they did not generate any Applications yet because the conditions were not met. For example, looking at the `addons/applicationset/aws/addons-aws-load-balancer-controller-appset.yaml` file in your "gitops-platform" repo, the loadbalancer ApplicationSet requires clusters to have the label `enable_aws_load_balancer_controller=true`. Currently, your only cluster is hub-cluster and it does not have that label. ```bash -c9 open ~/environment/wgit/assets/platform/addons/applicationset/aws/addons-aws-load-balancer-controller-appset.yaml +c9 open $GITOPS_DIR/platform/addons/applicationset/aws/addons-aws-load-balancer-controller-appset.yaml ``` :::code{showCopyAction=false showLineNumbers=false language=yaml highlightLines='7-10'} @@ -26,19 +26,17 @@ generators: ### 1. Set load balancer label in terraform variables -```bash -sed -i "s/enable_aws_load_balancer_controller = false/enable_aws_load_balancer_controller = true/g" ~/environment/terraform.tfvars -``` -The above code snippet will uncomment the label `enable_aws_load_balancer_controller=true` in the `~/environment/terraform.tfvars` file, as shown highlighted below. +We will set enable_aws_argocd to true in upcoming capter. + +```json +cat <> ~/environment/terraform.tfvars -:::code{showCopyAction=false showLineNumbers=false language=yaml highlightLines='6-6'} -... addons = { - ... enable_aws_load_balancer_controller = true + enable_aws_argocd = false } - -::: +EOF +``` ### 2. Create IAM roles for addon diff --git a/content/030_base/070_selfmanage_argocd/010-argocd-selfmanaged.md b/content/030_base/070_selfmanage_argocd/010-argocd-selfmanaged.md index b70f106..30fe3f7 100644 --- a/content/030_base/070_selfmanage_argocd/010-argocd-selfmanaged.md +++ b/content/030_base/070_selfmanage_argocd/010-argocd-selfmanaged.md @@ -21,14 +21,14 @@ addons = { ::: -The ApplicationSet addons-aws-oss-argocd-hub-appset.yaml file references configuration values for Argo CD from the `assets/platform/addons/environments/default/addons/argo-cd/values.yaml` file. You can update the `values.yaml` as per your need. The default Refresh interval for the Argo CD is 3 minutes (180 seconds). For this workshop, the Refresh interval has been updated to 5 seconds by setting the `timeout.reconciliation` value in `values.yaml` to 5. This shorter interval allows changes to happen faster during the workshop demonstrations. +The ApplicationSet addons-aws-oss-argocd-hub-appset.yaml file references configuration values for Argo CD from the `addons/environments/default/addons/argo-cd/values.yaml` file in gitops-platform . You can update the `values.yaml` as per your need. The default Refresh interval for the Argo CD is 3 minutes (180 seconds). For this workshop, the Refresh interval has been updated to 5 seconds by setting the `timeout.reconciliation` value in `values.yaml` to 5. This shorter interval allows changes to happen faster during the workshop demonstrations. ![argocd-values](/static/images/argocd-values.png) You can open the file in cloud9. Don't forget to commit if you make any changes. ```bash -c9 open ~/environment/wgit/assets/platform/addons/environments/default/addons/argo-cd/values.yaml +c9 open $GITOPS_DIR/platform/addons/environments/default/addons/argo-cd/values.yaml ``` ### 2. Apply Terraform diff --git a/content/030_base/075_namespace/010-enable-namespace.md b/content/030_base/075_namespace/010-enable-namespace.md index 0430b4d..b2ac8b0 100644 --- a/content/030_base/075_namespace/010-enable-namespace.md +++ b/content/030_base/075_namespace/010-enable-namespace.md @@ -3,19 +3,23 @@ title: 'Create Namespace' weight: 10 --- -You will use namespace helm templates to create namespace, limitrange, networkpolicy, rbac and resource quota. +In this chapter you will create webstore workload namespaces carts, catalog, checkout, orders, rabbitmq, assets, and ui. At the end of this chapter, we will setup ArgoCD so that creating namespaces for a new workload for example "payment" is as simple as creating a new "payment" folder with manifests. -![namespace-helm](/static/images/namespace-helm.png) - -::alert[In this workshop helm chart is in the GitHub repository to make it easy to understand. Use a Helm chart repository to store and serve charts - This is the preferred way to share charts. ]{header="Important" type="warning"} +![appofapps-applicationset-watch](/static/images/namespace-design.png) ### 1. Create AppofApps namespace applicationset -AppofApps Namespace application set scans workload folders under `config/workload` and creates specific application sets for each workload. When you add a new -workload it detects the change and creates workload specific namespace applicationset without requiring manual intervention. +In the "Kubernetes Addons" chapter, we added a file called "appofapps-applicationset.yaml" that watches the "appofapps" folder and processes any changes. + +![namespace-begin](/static/images/namespace-begin.png) + +Lets Add namespace applicationset into the appofapps folder. -:::code{showCopyAction=false showLineNumbers=true language=bash highlightLines='18, 21, 33'} -cat > ~/environment/wgit/assets/platform/appofapps/namespace-applicationset.yaml << 'EOF' +![namespace-add-namespace-applicationset](/static/images/namespace-namespace-applicationset.png) + +:::code{showCopyAction=true showLineNumbers=true language=json highlightLines='22,34'} + +cat > $GITOPS_DIR/platform/appofapps/namespace-applicationset.yaml << 'EOF' apiVersion: argoproj.io/v1alpha1 kind: ApplicationSet metadata: @@ -63,30 +67,14 @@ spec: EOF ::: -Again, we can note, that it uses the annotations from the secret like {{metadata.annotations.platform_repo_url}}, which means that it will retrieve the value -from the secret, like we can do manually with: - -```bash -kubectl --context hub get secrets -n argocd hub-cluster -o json | jq ".metadata.annotations.platform_repo_url" -``` - -Additionaly, we are using a git generator, that will watch the defined directory : `{{metadata.annotations.platform_repo_basepath}}config/workload/*` which points -to your git repository, which is normally checkout locally, so you can check the content here: - -```bash -ls -la ~/environment/wgit/assets/platform/config/workload/ -``` +This ApplicationSet initiates the creation of namespaces for all the workloads. -The git generator will iterate for each item present in this directory and then generate an ApplicationSet that will add the `/namespace` to the item find, -this is done with the syntax: `path: '{{path}}/namespace'`, so the target will be `assets/platform/config/workload/xxxx/namespace/`where xxxx is every directory -find by the git generator. - -> Later we will use the same git generator to deploy also our workloads. +Git generator(line 22) iterates through folders under "config/workload" in gitops-workload repository. For each folder( line 34), ApplicationSet process files under "namespace" folder. Since there are currently no workload folders under "config/workload/webstore/workload", there are no files to process at this point. ### 2. Git commit ```bash -cd ~/environment/wgit +cd $GITOPS_DIR/platform git add . git commit -m "add appofapps namespace applicationset" git push @@ -99,16 +87,16 @@ On the Argo CD dashboard click on appofapps Application to see newly created nam ![namespace-helm](/static/images/appofapps-namespace-applicationset.png) +### 3. Create webstore namespace -### 3. Create webstore namespace applicationset +Let's create an ApplicationSet that is responsible for the namespaces associated with the webstore workload. -Now, we create an ApplicationSet stored in the directory that is watched by the `namespace` ApplicationSet we juste created. +![namespace-helm](/static/images/namespace-webstore-applicationset.png) -The Webstore Namespace ApplicationSet automatically creates an Argo CD Namespace Application for any clusters that have the label `workload_webstore: 'true'`, and use the `environment` label (line 20) from the cluster secret to customize the name of the Application, in our case the name will be `namespace-staging-webstore`. -:::code{showCopyAction=false showLineNumbers=true language=bash highlightLines='15,20'} -mkdir -p ~/environment/wgit/assets/platform/config/workload/webstore/namespace -cat > ~/environment/wgit/assets/platform/config/workload/webstore/namespace/namespace-webstore-applicationset.yaml << 'EOF' +:::code{showCopyAction=true showLineNumbers=true language=json highlightLines='15,29,35,36'} +mkdir -p $GITOPS_DIR/platform/config/workload/webstore/namespace +cat > $GITOPS_DIR/platform/config/workload/webstore/namespace/namespace-webstore-applicationset.yaml << 'EOF' apiVersion: argoproj.io/v1alpha1 kind: ApplicationSet metadata: @@ -157,16 +145,22 @@ spec: EOF ::: -### 4. Create default namespace values +Line 17: Only clusters that have label workload_webstore: 'true' are selected +Line 29: Install the helm chart in the folder charts/namespace +![namespace-helm](/static/images/namespace-helm.png) + +::alert[In this workshop helm chart is in the GitHub repository to make it easy to understand. Use a Helm chart repository to store and serve charts - This is the preferred way to share charts. ]{header="Important" type="warning"} + +Line 35: Default values for the namespace helm chart +Line 36: (optional) Override values for the namespace helm chart. For example you could override default values for environment = hub with the file hub-values.yaml -The Webstore ApplicationSet reads the default namespace configuration values (line 35) from `assets/platform/config/workload/webstore/namespace/values/default-values.yaml` in the git repository. It then looks for environment specific overrides in the `-values.yaml` files if it exists. +### 4. Create webstore namespace values -For example, for the hub-cluster which has the environment label `"hub"`, it will check `assets/platform/config/workload/webstore/namespace/values/hub-values.yaml` for any overrides. If the override file for a specific environment label does not exist, such as `-values.yaml`, then the Webstore ApplicationSet will ignore it and just use the default values in `default-values.yaml`. -The `default-values.yaml` contains the namespaces to create, along with the **limitRanges** and **resourceQuotas** to apply for each namespace. +![namespace-helm](/static/images/namespace-webstore-defalut-values.png) -:::code{showCopyAction=false showLineNumbers=true language=yaml highlightLines='7,39,71,103,135,167,199'} -mkdir -p ~/environment/wgit/assets/platform/config/workload/webstore/namespace/values -cat > ~/environment/wgit/assets/platform/config/workload/webstore/namespace/values/default-values.yaml << 'EOF' +```json +mkdir -p $GITOPS_DIR/platform/config/workload/webstore/namespace/values +cat > $GITOPS_DIR/platform/config/workload/webstore/namespace/values/default-values.yaml << 'EOF' name: webstore labels: environment: hub @@ -396,12 +390,11 @@ namespaces: scopeName: PriorityClass values: ["high"] EOF -::: +``` -Thoses values will be used with the namespace helm Chart that you can find in the Application target which is `assets/platform/charts/namespace`. ```bash -tree ~/environment/wgit/assets/platform/charts/namespace +tree $GITOPS_DIR/platform/charts/namespace ``` Output: @@ -432,18 +425,10 @@ Output: └── values.yaml ``` -### 5. Git commit - -```bash -cd ~/environment/wgit -git add . -git commit -m "add webstore namespace applicationset and namespace values" -git push -``` -### 6. Set workload_webstore: 'true' label on the hub cluster +### 5. Enable hub cluster for webstore workload -You want to deploy the webstore workload on the hub cluster . You can do this by setting the label workload_webstore: 'true' on the hub cluster. +The webstore Namespace applicationset( step 5) only creates webstore namespaces on clusters labeled with workload_webstore: 'true'. Let's add this label to the hub cluster. ```bash sed -i "s/#enablewebstore//g" ~/environment/hub/main.tf @@ -461,7 +446,7 @@ locals{ } ::: -### 7. Apply Terraform +### 6. Apply Terraform This will set the label workload_webstore: 'true' on the hub cluster. @@ -469,6 +454,22 @@ This will set the label workload_webstore: 'true' on the hub cluster. cd ~/environment/hub terraform apply --auto-approve ``` +### 7. Git commit + +```bash +cd $GITOPS_DIR/platform +git add . +git commit -m "add webstore namespace applicationset and namespace values" +git push +``` +The namespace-applicationset.yaml file iterates through the folders under config/workload/\<\>/namespace. +With the recent commit, it now processes the files located under config/workload/webstore/namespace. + +![namespace-helm](/static/images/namespace-process-webstore-applicationset.png) + +The namespace-webstore-applicationset.yaml file installs the namespace Helm chart using the default values. +![namespace-helm](/static/images/namespace-create-webstore-namespace.png) + ### 8. Validate namespaces diff --git a/content/030_base/078_workload/010-deploy-workloads.md b/content/030_base/078_workload/010-deploy-workloads.md index ab1dee2..1efa717 100644 --- a/content/030_base/078_workload/010-deploy-workloads.md +++ b/content/030_base/078_workload/010-deploy-workloads.md @@ -2,12 +2,18 @@ title: 'Deploy Workloads' weight: 10 --- +In this chapter you will deploy webstore workload. Similiar to namespace in the previous chater , we will setup ArgoCD so that deploying a new workload is as simple as creating a new a folder with manifests. + ### 1. Create AppofApps workload applicationset -App of Apps workload application set scans workload folders under `config/workload` and creates specific application sets for each workload. When you add a new workload it detects the change and creates workload specific applicationset without requiring manual intervention. +This ApplicationSet initiates the deployment of all the workloads. + +![workload-appofapps](/static/images/workload-appofapps.png) + -:::code{showCopyAction=false showLineNumbers=true language=yaml highlightLines='13,17,21,32'} -cat > ~/environment/wgit/assets/platform/appofapps/workload-applicationset.yaml << 'EOF' +:::code{showCopyAction=true showLineNumbers=true language=yaml highlightLines='22,33'} + +cat > $GITOPS_DIR/platform/appofapps/workload-applicationset.yaml << 'EOF' apiVersion: argoproj.io/v1alpha1 kind: ApplicationSet metadata: @@ -52,40 +58,50 @@ spec: syncOptions: - CreateNamespace=true EOF + ::: -Again, we have the git generator that will iterate in the directory `assets/platform/config/workload/*`, and will create it from the `path: '{{path}}/workload'`, so we will need to create this directory. +Line 22: Git generator iterates through folders under "config/workload" in gitops-platform repository +Line 33: {path} maps to each workload folder under config/workload. For webstore {path} maps to config/workload/webstore. Since there is no folder "config/workload/webstore/workload", there are no files to process at this point. ### 2. Git commit ```bash -cd ~/environment/wgit +cd $GITOPS_DIR/platform git add . git commit -m "add appofapps workload applicationset" git push ``` +As the appofapps folder is monitored, when a new file like workload-applicationset.yaml is added, it gets processed. + +![workload-appofapps-monitor](/static/images/workload-appofapps-monitor.png) + +The newly added workload-applicationset.yaml file iterates through the config/workload folders and processes any workload config files found under config/workload/\<>/workload. Since the folder config/workload/webstore/workload does not exist it has nothing to process. + +![workload-appofapps-monitor](/static/images/workload-appofapps-iteration.png) + + On the Argo CD dashboard click on appofapps Application to see newly created workload applicationset. ![appofapps-workload-applicationset](/static/images/appofapps-workload-applicationset.png) -### 3. Create webstore workload applicationset +### 3. Deploy webstore workload + +The webstore workload configuration files are in the **gitops-workload** repository, not in the **gitops-platform** repository. + +The webstore workload supports multiple environments like hub, staging and prod. Environment-specific configurations are applied using kustomization. -The Webstore Workload ApplicationSet automatically activate for for any clusters that have the label `workload_webstore: 'true'`, and will iterate for each items present in the target directory. -So we define a `webstore` ApplicationSet there, that will create Argo CD Application for each of our microservice. +![workload-webstore-folders](/static/images/workload-webstore-folders.png) -In this example, the Webstore ApplicationSet will deploy the `"hub"` version of the application to the hub-cluster, which is defined in the directory `assets/developer/webstore/xxx/hub/`: +Lets add webstore applicationset to deploy the webstore workload in the gitops-workload repository. -- There is only one cluster labeled with `workload_webstore: 'true'` -- That cluster also has the label `environment: 'hub'` -- `{{metadata.annotations.workload_repo_basepath}}` points to `assets/developer` -- `{{values.workload}}` points to `webstore` -- `'{{path}}/{{metadata.labels.environment}}'` (line 39) points to `assets/developer/webstore/xxx/hub/` where xxx is each webstore microservice +![workload-webstore](/static/images/workload-webstore.png) -:::code{showCopyAction=false showLineNumbers=true language=yaml highlightLines='14,21,25,39'} -mkdir -p ~/environment/wgit/assets/platform/config/workload/webstore/workload -cat > ~/environment/wgit/assets/platform/config/workload/webstore/workload/webstore-applicationset.yaml << 'EOF' +:::code{showCopyAction=true showLineNumbers=true language=yaml highlightLines='17,22,25,39,42'} +mkdir -p $GITOPS_DIR/platform/config/workload/webstore/workload +cat > $GITOPS_DIR/platform/config/workload/webstore/workload/webstore-applicationset.yaml << 'EOF' apiVersion: argoproj.io/v1alpha1 kind: ApplicationSet metadata: @@ -137,14 +153,25 @@ spec: limit: 100 EOF + ::: +Line 17: The webstore workload is only deployed on clusters that have the label workload_webstore = true. The hub cluster has workload_webstore = true label. +Line 22: metadata.annotations.workload_repo_url i.e workload_repo_url annotation on the hub cluster has the value of the gitops-worload repository. +Line 25: It maps to webstore/* ( microservices under webstore folder). +Line 39: Path gets the value each microservice directory. The label environment on the hub cluster is "hub". Kustomization deploys "hub" environment of each microservice. +Line 42: path.basename maps to the microservice directory name, which maps to the target namespace for deployment. So each microservice deploys into its own matching namespace. This makes asset microservice deploy to asset namespace, carts to carts and so on. + + +![workload-webstore-folders](/static/images/workload-webstore-deployment.png) + + ### 4. Git commit ```bash -cd ~/environment/wgit +cd $GITOPS_DIR/platform git add . -git commit -m "add webstore workload applicationset" +git commit -m "add appofapps workload applicationset" git push ``` @@ -153,7 +180,7 @@ git push ::alert[It takes few minutes to deploy the workload and create a loadbalancer]{header="Important" type="warning"} ```bash -echo -n "Click here to open -> http://" ; kubectl get svc ui-nlb -n ui --context hub --output jsonpath='{.status.loadBalancer.ingress[0].hostname}'; echo "" +echo "Click here to open -> http://$(kubectl get svc ui-nlb -n ui --context hub --output jsonpath='{.status.loadBalancer.ingress[0].hostname}')" ``` Access webstore in the browser. diff --git a/content/030_base/index.en.md b/content/030_base/index.en.md index ecb17c4..65edd06 100644 --- a/content/030_base/index.en.md +++ b/content/030_base/index.en.md @@ -5,4 +5,4 @@ weight: 30 In this module, we are going to create a single EKS cluster using Terraform, and configure with Argo CD for addons and workloads. -![](/static/images/argocd-standalone.png) +![eks-blueprint-blue](/static/images/argocd-update-metadata.png) diff --git a/content/040_advanced/010_hub_and_spoke/020_create-spoke-cluster/010-provision-spoke.md b/content/040_advanced/010_hub_and_spoke/020_create-spoke-cluster/010-provision-spoke.md index 454baa4..38de9b4 100644 --- a/content/040_advanced/010_hub_and_spoke/020_create-spoke-cluster/010-provision-spoke.md +++ b/content/040_advanced/010_hub_and_spoke/020_create-spoke-cluster/010-provision-spoke.md @@ -24,6 +24,13 @@ data "terraform_remote_state" "hub" { path = "${path.module}/../hub/terraform.tfstate" } } +data "terraform_remote_state" "git" { + backend = "local" + + config = { + path = "${path.module}/../codecommit/terraform.tfstate" + } +} EOF ``` @@ -66,22 +73,23 @@ locals { - gitops_addons_url = data.terraform_remote_state.hub.outputs.gitops_addons_url - gitops_addons_basepath = data.terraform_remote_state.hub.outputs.gitops_addons_basepath - gitops_addons_path = data.terraform_remote_state.hub.outputs.gitops_addons_path - gitops_addons_revision = data.terraform_remote_state.hub.outputs.gitops_addons_revision + gitops_addons_url = data.terraform_remote_state.git.outputs.gitops_addons_url + gitops_addons_basepath = data.terraform_remote_state.git.outputs.gitops_addons_basepath + gitops_addons_path = data.terraform_remote_state.git.outputs.gitops_addons_path + gitops_addons_revision = data.terraform_remote_state.git.outputs.gitops_addons_revision - gitops_platform_url = data.terraform_remote_state.hub.outputs.gitops_platform_url - gitops_platform_basepath = data.terraform_remote_state.hub.outputs.gitops_platform_basepath - gitops_platform_path = data.terraform_remote_state.hub.outputs.gitops_platform_path - gitops_platform_revision = data.terraform_remote_state.hub.outputs.gitops_platform_revision + gitops_platform_url = data.terraform_remote_state.git.outputs.gitops_platform_url + gitops_platform_basepath = data.terraform_remote_state.git.outputs.gitops_platform_basepath + gitops_platform_path = data.terraform_remote_state.git.outputs.gitops_platform_path + gitops_platform_revision = data.terraform_remote_state.git.outputs.gitops_platform_revision - gitops_workload_url = data.terraform_remote_state.hub.outputs.gitops_workload_url - gitops_workload_basepath = data.terraform_remote_state.hub.outputs.gitops_workload_basepath - gitops_workload_path = data.terraform_remote_state.hub.outputs.gitops_workload_path - gitops_workload_revision = data.terraform_remote_state.hub.outputs.gitops_workload_revision + gitops_workload_url = data.terraform_remote_state.git.outputs.gitops_workload_url + gitops_workload_basepath = data.terraform_remote_state.git.outputs.gitops_workload_basepath + gitops_workload_path = data.terraform_remote_state.git.outputs.gitops_workload_path + gitops_workload_revision = data.terraform_remote_state.git.outputs.gitops_workload_revision aws_addons = { + enable_aws_argocd = try(var.addons.enable_aws_argocd, false) enable_cert_manager = try(var.addons.enable_cert_manager, false) enable_aws_efs_csi_driver = try(var.addons.enable_aws_efs_csi_driver, false) enable_aws_fsx_csi_driver = try(var.addons.enable_aws_fsx_csi_driver, false) diff --git a/content/040_advanced/010_hub_and_spoke/030_hub_spoke_connectivity/010-configure-hub-cluster.md b/content/040_advanced/010_hub_and_spoke/030_hub_spoke_connectivity/010-configure-hub-cluster.md index 66f0145..2b00749 100644 --- a/content/040_advanced/010_hub_and_spoke/030_hub_spoke_connectivity/010-configure-hub-cluster.md +++ b/content/040_advanced/010_hub_and_spoke/030_hub_spoke_connectivity/010-configure-hub-cluster.md @@ -16,7 +16,8 @@ The IAM policy aws_assume_policy attached to the hub-cluster-argocd-hub role inc By creating this role and policy, you establish a centralized identity management approach, enabling Argo CD to seamlessly deploy applications and manage resources across multiple EKS clusters within the same AWS account while maintaining proper access controls and security best practices. -:::code{showCopyAction=true showLineNumbers=true language=yaml highlightLines='29,35,50,56'} + +```json cat <<'EOF' >> ~/environment/hub/main.tf ################################################################################ @@ -80,7 +81,8 @@ resource "aws_eks_pod_identity_association" "argocd_api_server" { } EOF -::: +``` + We also configure EKS Pod Identity, with a Pod association, allowing our Argo CD application server and controller, to assume that role. @@ -118,7 +120,7 @@ kubectl rollout restart -n argocd statefulset argo-cd-argocd-application-control You can verify that EKS Pod Identity is correctly applied by looking at the injected environment variables: ```bash -kubectl exec -it deployment/argo-cd-argocd-server -n argocd -- env | grep AWS +kubectl --context hub exec -it deployment/argo-cd-argocd-server -n argocd -- env | grep AWS ``` should be like: diff --git a/content/040_advanced/010_hub_and_spoke/030_hub_spoke_connectivity/020-configure-spoke-staging.md b/content/040_advanced/010_hub_and_spoke/030_hub_spoke_connectivity/020-configure-spoke-staging.md index c722fac..69a8233 100644 --- a/content/040_advanced/010_hub_and_spoke/030_hub_spoke_connectivity/020-configure-spoke-staging.md +++ b/content/040_advanced/010_hub_and_spoke/030_hub_spoke_connectivity/020-configure-spoke-staging.md @@ -156,4 +156,3 @@ The Argo CD Dashboard should have the spoke-staging cluster ![Stagging Cluster](/static/images/spoke-staging-cluster.png) -It's perfectly normal to see the "Unknown" status displayed, as Argo CD has not yet attempted to deploy any resources to the spoke cluster. \ No newline at end of file diff --git a/content/040_advanced/010_hub_and_spoke/030_hub_spoke_connectivity/030-test-hub-spoke-connectivity.md b/content/040_advanced/010_hub_and_spoke/030_hub_spoke_connectivity/030-test-hub-spoke-connectivity.md index 0e80a23..f745573 100644 --- a/content/040_advanced/010_hub_and_spoke/030_hub_spoke_connectivity/030-test-hub-spoke-connectivity.md +++ b/content/040_advanced/010_hub_and_spoke/030_hub_spoke_connectivity/030-test-hub-spoke-connectivity.md @@ -3,34 +3,34 @@ title: 'Test Hub Spoke Connectivity' weight: 30 --- -In this chapter, you will test hub-spoke connectivity by checking the installation of the AWS Load Balancer Controller on the spoke Kubernetes cluster. We have configured the `enable_aws_load_balancer_controller = true` on the spoke cluster's labels. As soon as the Hub's Argo CD has connectivity, it can reconcile the labels and install associated addons. +This chapter validates hub-spoke connectivity by checking for the AWS Load Balancer Controller installed on the spoke-staging cluster. In this workhshop, ArgoCD was configured to install addon by setting a label to true. The label enable_aws_load_balancer_controller=true installs the load balancer addon. This label was set during creation of the spoke cluster. Once hub-spoke connectivity between hub and spoke was established, ArgoCD installed the load balancer on the spoke by detecting this label had been set. + +:::code{showCopyAction=true showLineNumbers=false language=yaml} +cat ~/environment/spoke/terraform.tfvars +::: :::code{showCopyAction=false showLineNumbers=false language=yaml highlightLines='4'} -$ cat ~/environment/spoke/terraform.tfvars ... addons = { enable_aws_load_balancer_controller = true } ::: -In this contexte, the eks-blueprints-addons module from spoke-staging, will create necessary AWS resources for the load balancer controller to work, then it will update the spoke-staging secret in the hub-cluster with the label to activate the addon, and also provide additional metadatas like the IAM role to be used by the load balancer controller. - -You can check the label with: +You can check the label on the spoke-staging cluster: ```bash kubectl --context hub get secrets -n argocd spoke-staging -o json | jq ".metadata.labels" | grep load_balancer ``` -and the annotations with: +The Terraform blueprint modules and gitops bridge set up an IAM role that gets assigned to the service account for the load balancer. This configures the necessary permissions for the load balancer to operate. + +You can check the IAM role on the spoke-stagging annotations: ```bash kubectl --context hub get secrets -n argocd spoke-staging -o json | jq ".metadata.annotations" | grep load_balancer ``` -From then, Argo CD in the hub-cluster will trigger some deployments using the annoations in the secret to configure the addon, targeting the spoke-staging cluster, and installing the load balancer controller addon. - - The Argo CD dashboard should have the stagging load balancer addon. ![Stagging LB](/static/images/spoke-lb.png) diff --git a/content/040_advanced/010_hub_and_spoke/040_project/010-create-project.md b/content/040_advanced/010_hub_and_spoke/040_project/010-create-project.md index 7d9dd01..418f482 100644 --- a/content/040_advanced/010_hub_and_spoke/040_project/010-create-project.md +++ b/content/040_advanced/010_hub_and_spoke/040_project/010-create-project.md @@ -3,18 +3,21 @@ title: 'Argo CD Project' weight: 10 --- -### 1. Create App of Apps Project ApplicationSet +Projects define guardrails that set constraints for associated applications. When an application is associated with a project, it must operate within the guardrails established by that project. + +In this chapter we will create a project for the webstore workload. In upcoming chapters, we will associate the webstore workload deployment with this project. -The App of Apps Project ApplicationSet functionality offers a seamless approach to managing and deploying workloads within your Git repository. By automatically scanning the designated `assets/platform/config/workload` folder, it dynamically identifies any new or modified workloads. Consequently, it creates or updates the corresponding Project ApplicationSets without requiring manual intervention. You can link many different project to many different Git repository as source, and control which cluster and namespace destination they are allowed to deploy into. +### 1. Create App of Apps Project ApplicationSet -This automated process not only saves valuable time but also mitigates the risk of human errors, ensuring a consistent and reliable deployment experience across your environment. With this feature, you can dedicate your efforts to developing and maintaining workloads, while the App of Apps Project ApplicationSet handles the deployment aspect efficiently. +Create an applicationset that creates Argo CD project for each workload. +![Project AppofApps](/static/images/project-applicationset.png) -Overall, the App of Apps Project ApplicationSet feature streamlines workload management, enhances productivity, and promotes a more automated and consistent application lifecycle management process within your Git repository. -```bash -cat > ~/environment/wgit/assets/platform/appofapps/argoproject-applicationset.yaml << 'EOF' + +:::code{showCopyAction=true showLineNumbers=true language=json highlightLines='16,20,25,44,46,47'} +cat > $GITOPS_DIR/platform/appofapps/argoproject-applicationset.yaml << 'EOF' apiVersion: argoproj.io/v1alpha1 kind: ApplicationSet metadata: @@ -73,15 +76,29 @@ spec: syncOptions: - CreateNamespace=true EOF -``` + +::: + +Line 16: Projects are installed on the hub cluster and not on the spoke clusters. +Line 20: Argo CD projects are created with a helm chart. Installs the project helm chart from argoproject. +Line 25: Iterates through all the workload folders under config/workload folder +Line 44: project values for each workload. +Line 46,47: Replace sourceRepos value with the gitops-workload url( Line 7 below in the project-values.yaml) + ### 2. Create Project Values +Lets create webstore project values. + +![project-values](/static/images/project-values.png) + + + The following helm values file contains source repositories, destinations, and allowed resources for the webstore workload. Few values are commented for the upcoming chapters. -```bash -mkdir -p ~/environment/wgit/assets/platform/config/workload/webstore/project -cat > ~/environment/wgit/assets/platform/config/workload/webstore/project/project-values.yaml << 'EOF' +:::code{showCopyAction=true showLineNumbers=true language=json highlightLines='7,12,39,47'} +mkdir -p $GITOPS_DIR/platform/config/workload/webstore/project +cat > $GITOPS_DIR/platform/config/workload/webstore/project/project-values.yaml << 'EOF' # using upstream argo chart https://github.com/argoproj/argo-helm/tree/main/charts/argocd-apps projects: - name: webstore @@ -152,12 +169,17 @@ projects: - group: 'autoscaling' kind: HorizontalPodAutoscaler EOF -``` +::: + +Line 7(Restrict what may be deployed): List of premitted git repositories that are allowed to deploy. The value gets replaced with gitops-workload url( Line 46,47 of argoproject-applicationset.yaml). +Line 12(Restrict where apps may be deployed to): Permitted destionation of clusters and namespaces. For example carts namespace is restricted to spoke-staging cluster. +Line 39: Restricted resource creation list. +Line 47: Allowed resource creation list. ### 3. Git commit ```bash -cd ~/environment/wgit +cd $GITOPS_DIR/platform git add . git commit -m "add appofapps project applicationset and webstore project values" git push diff --git a/content/040_advanced/010_hub_and_spoke/050-enable-namespace.md b/content/040_advanced/010_hub_and_spoke/050-enable-namespace.md index 2aa31b6..0aafa5a 100644 --- a/content/040_advanced/010_hub_and_spoke/050-enable-namespace.md +++ b/content/040_advanced/010_hub_and_spoke/050-enable-namespace.md @@ -8,13 +8,15 @@ In this chapter you will associate both namespace and workload application to we ### 1. Set Project ```bash -sed -i "s/project: default/project: webstore/g" ~/environment/wgit/assets/platform/config/workload/webstore/workload/webstore-applicationset.yaml +sed -i "s/project: default/project: webstore/g" $GITOPS_DIR/platform/config/workload/webstore/workload/webstore-applicationset.yaml ``` Changes by the code snippet is highlighted below. -:::code{showCopyAction=false showLineNumbers=false language=yaml highlightLines='9'} -$ git diff ---- a/assets/platform/config/workload/webstore/workload/webstore-applicationset.yaml -+++ b/assets/platform/config/workload/webstore/workload/webstore-applicationset.yaml +:::code{showCopyAction=true showLineNumbers=false language=yaml highlightLines='0'} +git diff +::: +:::code{showCopyAction=false showLineNumbers=false language=yaml highlightLines='8'} +--- a/config/workload/webstore/workload/webstore-applicationset.yaml ++++ b/config/workload/webstore/workload/webstore-applicationset.yaml @@ -31,7 +31,7 @@ spec: component: '{{path.basename}}' workloads: 'true' @@ -28,7 +30,7 @@ $ git diff ### 2. Git commit ```bash -cd ~/environment/wgit +cd $GITOPS_DIR/platform git add . git commit -m "set namespace and webstore applicationset project to webstore" git push @@ -53,7 +55,7 @@ terraform apply --auto-approve ::alert[It takes few minutes to deploy the workload and create a loadbalancer]{header="Important" type="warning"} ```bash -echo -n "Click here to open -> http://" ; kubectl get svc ui-nlb -n ui --context spoke-staging --output jsonpath='{.status.loadBalancer.ingress[0].hostname}'; echo "" +echo "Click here to open -> http://$(kubectl get svc ui-nlb -n ui --context spoke-staging --output jsonpath='{.status.loadBalancer.ingress[0].hostname}')" ``` Access webstore in the browser. diff --git a/content/090_cleanup/index.en.md b/content/090_cleanup/index.en.md index 7410363..7635a3c 100644 --- a/content/090_cleanup/index.en.md +++ b/content/090_cleanup/index.en.md @@ -17,7 +17,7 @@ If you have deployed additional resources, that may have created Wloud resources You can just execute the cleanup script. In this script, there can be somme errors, but that is normal and the script will repeat some of the actions until normally cleanup sucess. ```bash -~/environment/wgit/assets/scripts/destroy.sh +$SCRIPT_DIR/assets/scripts/destroy.sh ``` diff --git a/static/images/argocd-repositories.png b/static/images/argocd-repositories.png new file mode 100644 index 0000000..4bc0cda Binary files /dev/null and b/static/images/argocd-repositories.png differ diff --git a/static/images/argocd_k8s_repos.png b/static/images/argocd_k8s_repos.png new file mode 100644 index 0000000..5ae0898 Binary files /dev/null and b/static/images/argocd_k8s_repos.png differ diff --git a/static/images/asset-github-folders.png b/static/images/asset-github-folders.png new file mode 100644 index 0000000..df1c635 Binary files /dev/null and b/static/images/asset-github-folders.png differ diff --git a/static/images/clone_starterfiles.png b/static/images/clone_starterfiles.png new file mode 100644 index 0000000..d631d50 Binary files /dev/null and b/static/images/clone_starterfiles.png differ diff --git a/static/images/cluster-addons.png b/static/images/cluster-addons.png index fe928de..a1340da 100644 Binary files a/static/images/cluster-addons.png and b/static/images/cluster-addons.png differ diff --git a/static/images/codecommit_platform.png b/static/images/codecommit_platform.png new file mode 100644 index 0000000..2de1c74 Binary files /dev/null and b/static/images/codecommit_platform.png differ diff --git a/static/images/codecommit_repos.png b/static/images/codecommit_repos.png new file mode 100644 index 0000000..e6f1bbb Binary files /dev/null and b/static/images/codecommit_repos.png differ diff --git a/static/images/local_platform.png b/static/images/local_platform.png new file mode 100644 index 0000000..7a4809b Binary files /dev/null and b/static/images/local_platform.png differ diff --git a/static/images/namespace-begin.png b/static/images/namespace-begin.png new file mode 100644 index 0000000..f4ed9f7 Binary files /dev/null and b/static/images/namespace-begin.png differ diff --git a/static/images/namespace-create-webstore-namespace.png b/static/images/namespace-create-webstore-namespace.png new file mode 100644 index 0000000..825cf86 Binary files /dev/null and b/static/images/namespace-create-webstore-namespace.png differ diff --git a/static/images/namespace-design.png b/static/images/namespace-design.png new file mode 100644 index 0000000..9b84937 Binary files /dev/null and b/static/images/namespace-design.png differ diff --git a/static/images/namespace-namespace-applicationset.png b/static/images/namespace-namespace-applicationset.png new file mode 100644 index 0000000..28d5112 Binary files /dev/null and b/static/images/namespace-namespace-applicationset.png differ diff --git a/static/images/namespace-process-webstore-applicationset.png b/static/images/namespace-process-webstore-applicationset.png new file mode 100644 index 0000000..f9f71e7 Binary files /dev/null and b/static/images/namespace-process-webstore-applicationset.png differ diff --git a/static/images/namespace-webstore-applicationset.png b/static/images/namespace-webstore-applicationset.png new file mode 100644 index 0000000..969647e Binary files /dev/null and b/static/images/namespace-webstore-applicationset.png differ diff --git a/static/images/namespace-webstore-defalut-values.png b/static/images/namespace-webstore-defalut-values.png new file mode 100644 index 0000000..cbb9572 Binary files /dev/null and b/static/images/namespace-webstore-defalut-values.png differ diff --git a/static/images/platform-github-folders.png b/static/images/platform-github-folders.png index 45627dd..9313fc6 100644 Binary files a/static/images/platform-github-folders.png and b/static/images/platform-github-folders.png differ diff --git a/static/images/project-applicationset.png b/static/images/project-applicationset.png new file mode 100644 index 0000000..19e4463 Binary files /dev/null and b/static/images/project-applicationset.png differ diff --git a/static/images/project-values.png b/static/images/project-values.png new file mode 100644 index 0000000..b5e65c6 Binary files /dev/null and b/static/images/project-values.png differ diff --git a/static/images/workload-appofapps-iteration.png b/static/images/workload-appofapps-iteration.png new file mode 100644 index 0000000..2891e0a Binary files /dev/null and b/static/images/workload-appofapps-iteration.png differ diff --git a/static/images/workload-appofapps-monitor.png b/static/images/workload-appofapps-monitor.png new file mode 100644 index 0000000..aa4893b Binary files /dev/null and b/static/images/workload-appofapps-monitor.png differ diff --git a/static/images/workload-appofapps.png b/static/images/workload-appofapps.png new file mode 100644 index 0000000..64a08f1 Binary files /dev/null and b/static/images/workload-appofapps.png differ diff --git a/static/images/workload-github-folders.png b/static/images/workload-github-folders.png new file mode 100644 index 0000000..961dc6d Binary files /dev/null and b/static/images/workload-github-folders.png differ diff --git a/static/images/workload-webstore-deployment.png b/static/images/workload-webstore-deployment.png new file mode 100644 index 0000000..d1a6aab Binary files /dev/null and b/static/images/workload-webstore-deployment.png differ diff --git a/static/images/workload-webstore-folders.png b/static/images/workload-webstore-folders.png new file mode 100644 index 0000000..1a1f1e6 Binary files /dev/null and b/static/images/workload-webstore-folders.png differ diff --git a/static/images/workload-webstore.png b/static/images/workload-webstore.png new file mode 100644 index 0000000..7eeaf1b Binary files /dev/null and b/static/images/workload-webstore.png differ diff --git a/static/namespace-process-webstore-applicationset.png b/static/namespace-process-webstore-applicationset.png new file mode 100644 index 0000000..f9f71e7 Binary files /dev/null and b/static/namespace-process-webstore-applicationset.png differ