127-crossplane-argo-cd.sh

# Source: https://gist.github.com/77e1fcadab647cf29fcb67d3b40e1bea

#########
# TODO: #
# TODO: #
#########

# Referenced videos:
# - Argo CD - Applying GitOps Principles To Manage Production Environment In Kubernetes: https://youtu.be/vpWQeoaiRM4
# - Bitnami Sealed Secrets - How To Store Kubernetes Secrets In Git Repositories: https://youtu.be/xd2QoV6GJlc
# - TODO: Upbound videos

# What is GitOps
# Process is not an issue
# Manifests are the problem
# Infra and apps

# TODO: https://github.com/crossplane/crossplane/issues/2121

#################
# Setup Cluster #
#################

# Watch https://youtu.be/BII6ZY2Rnlc if you are not familiar with GitHub CLI
gh repo fork vfarcic/devops-toolkit-crossplane \
    --clone

cd devops-toolkit-crossplane

# Using Rancher Desktop for the demo, but it can be any other Kubernetes cluster with Ingress

# If not using Rancher Desktop, replace `127.0.0.1` with the base host accessible through NGINX Ingress
export INGRESS_HOST=127.0.0.1

cp examples/namespaces.yaml infra/.

export GIT_URL=$(git remote get-url origin)

cat examples/aws-eks-gitops.yaml \
    | sed -e "s@gitOpsRepo: .*@gitOpsRepo: $GIT_URL@g" \
    | tee examples/aws-eks-gitops.yaml

cat argocd/apps.yaml \
    | sed -e "s@repoURL: .*@repoURL: $GIT_URL@g" \
    | tee argocd/apps.yaml

cat argocd/infra.yaml \
    | sed -e "s@repoURL: .*@repoURL: $GIT_URL@g" \
    | tee argocd/infra.yaml

cat examples/crossplane-definitions.yaml \
    | sed -e "s@repoURL: .*@repoURL: $GIT_URL@g" \
    | tee examples/crossplane-definitions.yaml

cat examples/crossplane-provider-configs.yaml \
    | sed -e "s@repoURL: .*@repoURL: $GIT_URL@g" \
    | tee examples/crossplane-provider-configs.yaml

##################
# Sealed Secrets #
##################

kubectl apply \
    --filename https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.16.0/controller.yaml

#############
# Setup AWS #
#############

# Replace `[...]` with your access key ID`
export AWS_ACCESS_KEY_ID=[...]

# Replace `[...]` with your secret access key
export AWS_SECRET_ACCESS_KEY=[...]

echo "[default]
aws_access_key_id = $AWS_ACCESS_KEY_ID
aws_secret_access_key = $AWS_SECRET_ACCESS_KEY
" >aws-creds.conf

# Please watch https://youtu.be/xd2QoV6GJlc if you are not familiar with SealedSecrets
kubectl --namespace crossplane-system \
    create secret generic aws-creds \
    --from-file creds=./aws-creds.conf \
    --output json \
    --dry-run=client \
    | kubeseal --format yaml \
    | tee crossplane-provider-configs/aws-creds.yaml

####################
# Setup Crossplane #
####################

cp crossplane-config/provider-kubernetes.yaml \
    crossplane-config/config-k8s.yaml \
    crossplane-config/config-gitops.yaml \
    crossplane-definitions/.

cp crossplane-config/provider-config-aws.yaml \
    crossplane-provider-configs/.

cp examples/crossplane.yaml \
    examples/crossplane-definitions.yaml \
    examples/crossplane-provider-configs.yaml \
    infra/.

#################
# Setup Argo CD #
#################

git add .

git commit -m "Infra"

git push

helm repo add argo \
    https://argoproj.github.io/argo-helm

helm repo update

helm upgrade --install \
    argocd argo/argo-cd \
    --namespace argocd \
    --create-namespace \
    --set server.ingress.hosts="{argo-cd.$INGRESS_HOST.nip.io}" \
    --values argocd/helm-values.yaml \
    --wait

kubectl apply --filename argocd/project.yaml

kubectl apply --filename argocd/infra.yaml

echo http://argo-cd.$INGRESS_HOST.nip.io

# Open it in a browser
# User `admin`, password `admin123`

cp examples/aws-eks-gitops-no-claim.yaml \
    infra/aws-eks.yaml

# Modify `spec.parameters.gitOpsRepo` in `infra/aws-eks.yaml`

git add .

git commit -m "My cluster"

git push

########
# Demo #
########

# Shift left
# Simple
# Git is the only tool used by everyone
# Kubernetes is an implementation detail

# Show Argo CD

cat examples/aws-eks-gitops-no-claim.yaml

kubectl get managed,releases

cat packages/k8s/definition.yaml

cat packages/k8s/eks.yaml

cat crossplane-config/config-k8s.yaml

cat packages/gitops/definition.yaml

cat packages/gitops/argo-cd.yaml

cat crossplane-config/config-gitops.yaml

cat infra/aws-eks.yaml

kubectl get managed,releases

kubectl --namespace crossplane-system \
    get secret a-team-eks-no-claim-cluster \
    --output jsonpath="{.data.kubeconfig}" \
    | base64 -d >kubeconfig.yaml

kubectl \
    --kubeconfig kubeconfig.yaml \
    get namespaces

kubectl \
    --kubeconfig kubeconfig.yaml \
    --namespace argocd \
    get applications

kubectl \
    --kubeconfig kubeconfig.yaml \
    --namespace argocd port-forward \
    svc/a-team-gitops-no-claim-argocd-server \
    8080:443 &

# Open http://localhost:8080 in a browser
# User `admin`, password `admin123`

mkdir -p apps

cat examples/app-frontend-no-claim.yaml

cp examples/app-frontend-no-claim.yaml \
    apps/.

cat examples/app-backend-no-claim.yaml

cp examples/app-backend-no-claim.yaml \
    apps/.

git add .

git commit -m "Adding dot"

git push

kubectl \
    --kubeconfig kubeconfig.yaml \
    --namespace production \
    get all,ingresses

###########
# Destroy #
###########

pkill kubectl

rm infra/aws-eks.yaml

git add .

git commit -m "Destroy everything"

git push

kubectl get managed

# Repeat the previous command until all the managed resources are removed

rm crossplane-definitions/*.yaml

rm crossplane-provider-configs/*.yaml

rm infra/*.yaml

rm apps/*.yaml

git add .

git commit -m "Destroy everything"

git push

# Destroy or reset the management cluster

# Destroy the GitOps repo