From 3cebce3be6673f1bbe9c15513b8eed3101513392 Mon Sep 17 00:00:00 2001 From: Fabio Torchetti Date: Sat, 16 Dec 2023 11:49:29 -0600 Subject: [PATCH 1/5] Increase ingress buffers for Keycloak Signed-off-by: Fabio Torchetti --- terraform/tempaltes/manifests/ingress-keycloak.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/terraform/tempaltes/manifests/ingress-keycloak.yaml b/terraform/tempaltes/manifests/ingress-keycloak.yaml index e33fa9ef..6313bac5 100644 --- a/terraform/tempaltes/manifests/ingress-keycloak.yaml +++ b/terraform/tempaltes/manifests/ingress-keycloak.yaml @@ -5,6 +5,8 @@ metadata: namespace: keycloak annotations: cert-manager.io/cluster-issuer: 'letsencrypt-prod' + nginx.ingress.kubernetes.io/proxy-buffer-size: "128k" + nginx.ingress.kubernetes.io/proxy-buffers-number: "8" spec: ingressClassName: nginx tls: From 9e2e3e646efa045d051dc77c1da7252e7e758079 Mon Sep 17 00:00:00 2001 From: fabbazon <102178959+fabbazon@users.noreply.github.com> Date: Tue, 19 Dec 2023 08:56:51 -0600 Subject: [PATCH 2/5] Use configured URL when installing (#1) Signed-off-by: Fabio Torchetti --- setups/install.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/setups/install.sh b/setups/install.sh index a7a6b47f..65a1a7ea 100755 --- a/setups/install.sh +++ b/setups/install.sh @@ -20,6 +20,8 @@ if [[ ! "$response" =~ ^[Yy][Ee][Ss]$ ]]; then exit 0 fi +export GITHUB_URL=$(yq '.repo_url' ./setups/config.yaml) + # Set up ArgoCD. We will use ArgoCD to install all components. cd "${REPO_ROOT}/setups/argocd/" ./install.sh From b7e3ea5d2accc24e7812d0b4ad2e35436e994d99 Mon Sep 17 00:00:00 2001 From: fabbazon <102178959+fabbazon@users.noreply.github.com> Date: Tue, 19 Dec 2023 08:57:31 -0600 Subject: [PATCH 3/5] Fix typo in folder name (#2) Signed-off-by: Fabio Torchetti --- terraform/argo-workflows.tf | 8 ++++---- terraform/aws-load-balancer.tf | 2 +- terraform/backstage.tf | 4 ++-- terraform/cert-manager.tf | 4 ++-- terraform/crossplane.tf | 8 ++++---- terraform/external-dns.tf | 2 +- terraform/external-secrets.tf | 2 +- terraform/ingress-nginx.tf | 2 +- terraform/keycloak.tf | 6 +++--- .../argocd-apps/argo-workflows-sso-config.yaml | 0 .../argocd-apps/argo-workflows-templates.yaml | 0 .../argocd-apps/argo-workflows.yaml | 0 .../argocd-apps/aws-load-balancer.yaml | 0 .../{tempaltes => templates}/argocd-apps/backstage.yaml | 0 .../argocd-apps/cert-manager.yaml | 0 .../argocd-apps/crossplane-compositions.yaml | 0 .../argocd-apps/crossplane-provider.yaml | 0 .../{tempaltes => templates}/argocd-apps/crossplane.yaml | 0 .../argocd-apps/external-dns.yaml | 0 .../argocd-apps/external-secrets.yaml | 0 .../argocd-apps/ingress-nginx.yaml | 0 .../{tempaltes => templates}/argocd-apps/keycloak.yaml | 0 .../manifests/cluster-issuer.yaml | 0 .../manifests/crossplane-aws-controller-config.yaml | 0 .../manifests/ingress-argo-workflows.yaml | 0 .../manifests/ingress-backstage.yaml | 0 .../manifests/ingress-keycloak.yaml | 0 .../manifests/keycloak-secret-store.yaml | 0 28 files changed, 19 insertions(+), 19 deletions(-) rename terraform/{tempaltes => templates}/argocd-apps/argo-workflows-sso-config.yaml (100%) rename terraform/{tempaltes => templates}/argocd-apps/argo-workflows-templates.yaml (100%) rename terraform/{tempaltes => templates}/argocd-apps/argo-workflows.yaml (100%) rename terraform/{tempaltes => templates}/argocd-apps/aws-load-balancer.yaml (100%) rename terraform/{tempaltes => templates}/argocd-apps/backstage.yaml (100%) rename terraform/{tempaltes => templates}/argocd-apps/cert-manager.yaml (100%) rename terraform/{tempaltes => templates}/argocd-apps/crossplane-compositions.yaml (100%) rename terraform/{tempaltes => templates}/argocd-apps/crossplane-provider.yaml (100%) rename terraform/{tempaltes => templates}/argocd-apps/crossplane.yaml (100%) rename terraform/{tempaltes => templates}/argocd-apps/external-dns.yaml (100%) rename terraform/{tempaltes => templates}/argocd-apps/external-secrets.yaml (100%) rename terraform/{tempaltes => templates}/argocd-apps/ingress-nginx.yaml (100%) rename terraform/{tempaltes => templates}/argocd-apps/keycloak.yaml (100%) rename terraform/{tempaltes => templates}/manifests/cluster-issuer.yaml (100%) rename terraform/{tempaltes => templates}/manifests/crossplane-aws-controller-config.yaml (100%) rename terraform/{tempaltes => templates}/manifests/ingress-argo-workflows.yaml (100%) rename terraform/{tempaltes => templates}/manifests/ingress-backstage.yaml (100%) rename terraform/{tempaltes => templates}/manifests/ingress-keycloak.yaml (100%) rename terraform/{tempaltes => templates}/manifests/keycloak-secret-store.yaml (100%) diff --git a/terraform/argo-workflows.tf b/terraform/argo-workflows.tf index 49b1be1b..017d6d58 100644 --- a/terraform/argo-workflows.tf +++ b/terraform/argo-workflows.tf @@ -93,7 +93,7 @@ resource "kubectl_manifest" "application_argocd_argo_workflows" { terraform_data.argo_workflows_keycloak_setup ] - yaml_body = templatefile("${path.module}/tempaltes/argocd-apps/argo-workflows.yaml", { + yaml_body = templatefile("${path.module}/templates/argocd-apps/argo-workflows.yaml", { GITHUB_URL = local.repo_url KEYCLOAK_CNOE_URL = local.kc_cnoe_url ARGO_REDIRECT_URL = local.argo_redirect_url @@ -106,7 +106,7 @@ resource "kubectl_manifest" "application_argocd_argo_workflows_templates" { terraform_data.argo_workflows_keycloak_setup ] - yaml_body = templatefile("${path.module}/tempaltes/argocd-apps/argo-workflows-templates.yaml", { + yaml_body = templatefile("${path.module}/templates/argocd-apps/argo-workflows-templates.yaml", { GITHUB_URL = local.repo_url } ) @@ -117,7 +117,7 @@ resource "kubectl_manifest" "application_argocd_argo_workflows_sso_config" { terraform_data.argo_workflows_keycloak_setup ] - yaml_body = templatefile("${path.module}/tempaltes/argocd-apps/argo-workflows-sso-config.yaml", { + yaml_body = templatefile("${path.module}/templates/argocd-apps/argo-workflows-sso-config.yaml", { GITHUB_URL = local.repo_url } ) @@ -128,7 +128,7 @@ resource "kubectl_manifest" "ingress_argo_workflows" { kubectl_manifest.application_argocd_argo_workflows, ] - yaml_body = templatefile("${path.module}/tempaltes/manifests/ingress-argo-workflows.yaml", { + yaml_body = templatefile("${path.module}/templates/manifests/ingress-argo-workflows.yaml", { ARGO_WORKFLOWS_DOMAIN_NAME = local.argo_domain_name } ) diff --git a/terraform/aws-load-balancer.tf b/terraform/aws-load-balancer.tf index 38ac2b6d..262ad51d 100644 --- a/terraform/aws-load-balancer.tf +++ b/terraform/aws-load-balancer.tf @@ -17,7 +17,7 @@ module "aws_load_balancer_role" { resource "kubectl_manifest" "application_argocd_aws_load_balancer_controller" { depends_on = [ module.aws_load_balancer_role ] - yaml_body = templatefile("${path.module}/tempaltes/argocd-apps/aws-load-balancer.yaml", { + yaml_body = templatefile("${path.module}/templates/argocd-apps/aws-load-balancer.yaml", { CLUSTER_NAME = local.cluster_name ROLE_ARN = module.aws_load_balancer_role.iam_role_arn } diff --git a/terraform/backstage.tf b/terraform/backstage.tf index 1810f482..24f494f1 100644 --- a/terraform/backstage.tf +++ b/terraform/backstage.tf @@ -62,7 +62,7 @@ resource "kubectl_manifest" "application_argocd_backstage" { terraform_data.backstage_keycloak_setup ] - yaml_body = templatefile("${path.module}/tempaltes/argocd-apps/backstage.yaml", { + yaml_body = templatefile("${path.module}/templates/argocd-apps/backstage.yaml", { GITHUB_URL = local.repo_url } ) @@ -73,7 +73,7 @@ resource "kubectl_manifest" "ingress_backstage" { kubectl_manifest.application_argocd_backstage, ] - yaml_body = templatefile("${path.module}/tempaltes/manifests/ingress-backstage.yaml", { + yaml_body = templatefile("${path.module}/templates/manifests/ingress-backstage.yaml", { BACKSTAGE_DOMAIN_NAME = local.backstage_domain_name } ) diff --git a/terraform/cert-manager.tf b/terraform/cert-manager.tf index 049009c6..622e86e1 100644 --- a/terraform/cert-manager.tf +++ b/terraform/cert-manager.tf @@ -1,5 +1,5 @@ resource "kubectl_manifest" "application_argocd_cert_manager" { - yaml_body = templatefile("${path.module}/tempaltes/argocd-apps/cert-manager.yaml", { + yaml_body = templatefile("${path.module}/templates/argocd-apps/cert-manager.yaml", { REPO_URL = local.repo_url }) @@ -15,7 +15,7 @@ resource "kubectl_manifest" "cluster_issuer_prod" { kubectl_manifest.application_argocd_cert_manager, kubectl_manifest.application_argocd_ingress_nginx ] - yaml_body = templatefile("${path.module}/tempaltes/manifests/cluster-issuer.yaml", { + yaml_body = templatefile("${path.module}/templates/manifests/cluster-issuer.yaml", { REPO_URL = local.repo_url }) } diff --git a/terraform/crossplane.tf b/terraform/crossplane.tf index 5497b775..78ec1ece 100644 --- a/terraform/crossplane.tf +++ b/terraform/crossplane.tf @@ -18,7 +18,7 @@ module "crossplane_aws_provider_role" { } resource "kubectl_manifest" "application_argocd_crossplane" { - yaml_body = templatefile("${path.module}/tempaltes/argocd-apps/crossplane.yaml", { + yaml_body = templatefile("${path.module}/templates/argocd-apps/crossplane.yaml", { GITHUB_URL = local.repo_url } ) @@ -42,7 +42,7 @@ resource "kubectl_manifest" "crossplane_provider_controller_config" { depends_on = [ kubectl_manifest.application_argocd_crossplane, ] - yaml_body = templatefile("${path.module}/tempaltes/manifests/crossplane-aws-controller-config.yaml", { + yaml_body = templatefile("${path.module}/templates/manifests/crossplane-aws-controller-config.yaml", { ROLE_ARN = module.crossplane_aws_provider_role.iam_role_arn } ) @@ -52,7 +52,7 @@ resource "kubectl_manifest" "application_argocd_crossplane_provider" { depends_on = [ kubectl_manifest.application_argocd_crossplane, ] - yaml_body = templatefile("${path.module}/tempaltes/argocd-apps/crossplane-provider.yaml", { + yaml_body = templatefile("${path.module}/templates/argocd-apps/crossplane-provider.yaml", { GITHUB_URL = local.repo_url } ) @@ -62,7 +62,7 @@ resource "kubectl_manifest" "application_argocd_crossplane_compositions" { depends_on = [ kubectl_manifest.application_argocd_crossplane, ] - yaml_body = templatefile("${path.module}/tempaltes/argocd-apps/crossplane-compositions.yaml", { + yaml_body = templatefile("${path.module}/templates/argocd-apps/crossplane-compositions.yaml", { GITHUB_URL = local.repo_url } ) diff --git a/terraform/external-dns.tf b/terraform/external-dns.tf index 088f881f..7ecc2a71 100644 --- a/terraform/external-dns.tf +++ b/terraform/external-dns.tf @@ -56,7 +56,7 @@ module "external_dns_role" { } resource "kubectl_manifest" "application_argocd_external_dns" { - yaml_body = templatefile("${path.module}/tempaltes/argocd-apps/external-dns.yaml", { + yaml_body = templatefile("${path.module}/templates/argocd-apps/external-dns.yaml", { GITHUB_URL = local.repo_url ROLE_ARN = module.external_dns_role[0].iam_role_arn DOMAIN_NAME = data.aws_route53_zone.selected[0].name diff --git a/terraform/external-secrets.tf b/terraform/external-secrets.tf index d224bf3b..a4631a7d 100644 --- a/terraform/external-secrets.tf +++ b/terraform/external-secrets.tf @@ -1,5 +1,5 @@ resource "kubectl_manifest" "application_argocd_external_secrets" { - yaml_body = templatefile("${path.module}/tempaltes/argocd-apps/external-secrets.yaml", { + yaml_body = templatefile("${path.module}/templates/argocd-apps/external-secrets.yaml", { GITHUB_URL = local.repo_url } ) diff --git a/terraform/ingress-nginx.tf b/terraform/ingress-nginx.tf index ea3b7462..e77e6262 100644 --- a/terraform/ingress-nginx.tf +++ b/terraform/ingress-nginx.tf @@ -2,7 +2,7 @@ resource "kubectl_manifest" "application_argocd_ingress_nginx" { depends_on = [ kubectl_manifest.application_argocd_aws_load_balancer_controller ] - yaml_body = templatefile("${path.module}/tempaltes/argocd-apps/ingress-nginx.yaml", { + yaml_body = templatefile("${path.module}/templates/argocd-apps/ingress-nginx.yaml", { GITHUB_URL = local.repo_url } ) diff --git a/terraform/keycloak.tf b/terraform/keycloak.tf index 4f4cb322..05229849 100644 --- a/terraform/keycloak.tf +++ b/terraform/keycloak.tf @@ -113,7 +113,7 @@ resource "kubectl_manifest" "keycloak_secret_store" { kubernetes_manifest.serviceaccount_external_secret_keycloak ] - yaml_body = templatefile("${path.module}/tempaltes/manifests/keycloak-secret-store.yaml", { + yaml_body = templatefile("${path.module}/templates/manifests/keycloak-secret-store.yaml", { REGION = local.region } ) @@ -206,7 +206,7 @@ resource "kubectl_manifest" "application_argocd_keycloak" { kubectl_manifest.application_argocd_ingress_nginx ] - yaml_body = templatefile("${path.module}/tempaltes/argocd-apps/keycloak.yaml", { + yaml_body = templatefile("${path.module}/templates/argocd-apps/keycloak.yaml", { GITHUB_URL = local.repo_url PATH = "${local.secret_count == 1 ? "packages/keycloak/dev-external-secrets/" : "packages/keycloak/dev/"}" } @@ -232,7 +232,7 @@ resource "kubectl_manifest" "ingress_keycloak" { kubectl_manifest.application_argocd_keycloak, ] - yaml_body = templatefile("${path.module}/tempaltes/manifests/ingress-keycloak.yaml", { + yaml_body = templatefile("${path.module}/templates/manifests/ingress-keycloak.yaml", { KEYCLOAK_DOMAIN_NAME = local.kc_domain_name } ) diff --git a/terraform/tempaltes/argocd-apps/argo-workflows-sso-config.yaml b/terraform/templates/argocd-apps/argo-workflows-sso-config.yaml similarity index 100% rename from terraform/tempaltes/argocd-apps/argo-workflows-sso-config.yaml rename to terraform/templates/argocd-apps/argo-workflows-sso-config.yaml diff --git a/terraform/tempaltes/argocd-apps/argo-workflows-templates.yaml b/terraform/templates/argocd-apps/argo-workflows-templates.yaml similarity index 100% rename from terraform/tempaltes/argocd-apps/argo-workflows-templates.yaml rename to terraform/templates/argocd-apps/argo-workflows-templates.yaml diff --git a/terraform/tempaltes/argocd-apps/argo-workflows.yaml b/terraform/templates/argocd-apps/argo-workflows.yaml similarity index 100% rename from terraform/tempaltes/argocd-apps/argo-workflows.yaml rename to terraform/templates/argocd-apps/argo-workflows.yaml diff --git a/terraform/tempaltes/argocd-apps/aws-load-balancer.yaml b/terraform/templates/argocd-apps/aws-load-balancer.yaml similarity index 100% rename from terraform/tempaltes/argocd-apps/aws-load-balancer.yaml rename to terraform/templates/argocd-apps/aws-load-balancer.yaml diff --git a/terraform/tempaltes/argocd-apps/backstage.yaml b/terraform/templates/argocd-apps/backstage.yaml similarity index 100% rename from terraform/tempaltes/argocd-apps/backstage.yaml rename to terraform/templates/argocd-apps/backstage.yaml diff --git a/terraform/tempaltes/argocd-apps/cert-manager.yaml b/terraform/templates/argocd-apps/cert-manager.yaml similarity index 100% rename from terraform/tempaltes/argocd-apps/cert-manager.yaml rename to terraform/templates/argocd-apps/cert-manager.yaml diff --git a/terraform/tempaltes/argocd-apps/crossplane-compositions.yaml b/terraform/templates/argocd-apps/crossplane-compositions.yaml similarity index 100% rename from terraform/tempaltes/argocd-apps/crossplane-compositions.yaml rename to terraform/templates/argocd-apps/crossplane-compositions.yaml diff --git a/terraform/tempaltes/argocd-apps/crossplane-provider.yaml b/terraform/templates/argocd-apps/crossplane-provider.yaml similarity index 100% rename from terraform/tempaltes/argocd-apps/crossplane-provider.yaml rename to terraform/templates/argocd-apps/crossplane-provider.yaml diff --git a/terraform/tempaltes/argocd-apps/crossplane.yaml b/terraform/templates/argocd-apps/crossplane.yaml similarity index 100% rename from terraform/tempaltes/argocd-apps/crossplane.yaml rename to terraform/templates/argocd-apps/crossplane.yaml diff --git a/terraform/tempaltes/argocd-apps/external-dns.yaml b/terraform/templates/argocd-apps/external-dns.yaml similarity index 100% rename from terraform/tempaltes/argocd-apps/external-dns.yaml rename to terraform/templates/argocd-apps/external-dns.yaml diff --git a/terraform/tempaltes/argocd-apps/external-secrets.yaml b/terraform/templates/argocd-apps/external-secrets.yaml similarity index 100% rename from terraform/tempaltes/argocd-apps/external-secrets.yaml rename to terraform/templates/argocd-apps/external-secrets.yaml diff --git a/terraform/tempaltes/argocd-apps/ingress-nginx.yaml b/terraform/templates/argocd-apps/ingress-nginx.yaml similarity index 100% rename from terraform/tempaltes/argocd-apps/ingress-nginx.yaml rename to terraform/templates/argocd-apps/ingress-nginx.yaml diff --git a/terraform/tempaltes/argocd-apps/keycloak.yaml b/terraform/templates/argocd-apps/keycloak.yaml similarity index 100% rename from terraform/tempaltes/argocd-apps/keycloak.yaml rename to terraform/templates/argocd-apps/keycloak.yaml diff --git a/terraform/tempaltes/manifests/cluster-issuer.yaml b/terraform/templates/manifests/cluster-issuer.yaml similarity index 100% rename from terraform/tempaltes/manifests/cluster-issuer.yaml rename to terraform/templates/manifests/cluster-issuer.yaml diff --git a/terraform/tempaltes/manifests/crossplane-aws-controller-config.yaml b/terraform/templates/manifests/crossplane-aws-controller-config.yaml similarity index 100% rename from terraform/tempaltes/manifests/crossplane-aws-controller-config.yaml rename to terraform/templates/manifests/crossplane-aws-controller-config.yaml diff --git a/terraform/tempaltes/manifests/ingress-argo-workflows.yaml b/terraform/templates/manifests/ingress-argo-workflows.yaml similarity index 100% rename from terraform/tempaltes/manifests/ingress-argo-workflows.yaml rename to terraform/templates/manifests/ingress-argo-workflows.yaml diff --git a/terraform/tempaltes/manifests/ingress-backstage.yaml b/terraform/templates/manifests/ingress-backstage.yaml similarity index 100% rename from terraform/tempaltes/manifests/ingress-backstage.yaml rename to terraform/templates/manifests/ingress-backstage.yaml diff --git a/terraform/tempaltes/manifests/ingress-keycloak.yaml b/terraform/templates/manifests/ingress-keycloak.yaml similarity index 100% rename from terraform/tempaltes/manifests/ingress-keycloak.yaml rename to terraform/templates/manifests/ingress-keycloak.yaml diff --git a/terraform/tempaltes/manifests/keycloak-secret-store.yaml b/terraform/templates/manifests/keycloak-secret-store.yaml similarity index 100% rename from terraform/tempaltes/manifests/keycloak-secret-store.yaml rename to terraform/templates/manifests/keycloak-secret-store.yaml From 97fa0ebc7347c80bc761e98fc4bf6f1504ebd998 Mon Sep 17 00:00:00 2001 From: fabbazon <102178959+fabbazon@users.noreply.github.com> Date: Tue, 19 Dec 2023 09:07:49 -0600 Subject: [PATCH 4/5] Upgrade K8S to 1.28; EBS CSI to 1.25.0 (#3) Signed-off-by: Fabio Torchetti --- eksctl.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/eksctl.yaml b/eksctl.yaml index 727937a7..c1d290d6 100644 --- a/eksctl.yaml +++ b/eksctl.yaml @@ -3,7 +3,7 @@ kind: ClusterConfig metadata: name: cnoe-ref-impl region: us-west-2 - version: "1.27" + version: "1.28" managedNodeGroups: - name: managed-ng-1 instanceType: m5.large @@ -22,7 +22,7 @@ iam: withOIDC: true addons: - name: aws-ebs-csi-driver - version: "v1.20.0-eksbuild.1" + version: "v1.25.0-eksbuild.1" attachPolicyARNs: - arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy # iamIdentityMappings: From a95b7ca5cd840f7bd07e5e1068e3ebd40552b115 Mon Sep 17 00:00:00 2001 From: Fabio Torchetti Date: Sat, 16 Dec 2023 11:49:29 -0600 Subject: [PATCH 5/5] Increase ingress buffers for Keycloak Signed-off-by: Fabio Torchetti --- terraform/templates/manifests/ingress-keycloak.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/terraform/templates/manifests/ingress-keycloak.yaml b/terraform/templates/manifests/ingress-keycloak.yaml index e33fa9ef..6313bac5 100644 --- a/terraform/templates/manifests/ingress-keycloak.yaml +++ b/terraform/templates/manifests/ingress-keycloak.yaml @@ -5,6 +5,8 @@ metadata: namespace: keycloak annotations: cert-manager.io/cluster-issuer: 'letsencrypt-prod' + nginx.ingress.kubernetes.io/proxy-buffer-size: "128k" + nginx.ingress.kubernetes.io/proxy-buffers-number: "8" spec: ingressClassName: nginx tls: