-
-
Save kingdonb/73adaa96ebe75ab57247f0c64728eeb4 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Source: https://gist.github.com/0c56f8b8a820198ada44123fa1bf4b60 | |
################################################################ | |
# How To Apply GitOps For Everything Using Crossplane And Flux # | |
# https://youtu.be/dunU2ABitMA # | |
################################################################ | |
# Additional Info: | |
# - eksctl - How to Create and Manage AWS EKS clusters: https://youtu.be/pNECqaxyewQ | |
# - Flux CD v2 With GitOps Toolkit - Kubernetes Deployment And Sync Mechanism: https://youtu.be/R6OeIgb7lUI | |
# - How To Shift Left Infrastructure Management Using Crossplane Compositions: https://youtu.be/AtbS1u2j7po | |
# - How To Manage Applications With Databases Using Helm, Crossplane, And Schemahero: https://youtu.be/lZpKF1B80dU | |
######### | |
# Setup # | |
######### | |
# Replace `[...]` with the GitHub organization or user | |
export GITHUB_ORG=[...] | |
# Replace `[...]` with the GitHub token | |
export GITHUB_TOKEN=[...] | |
# Replace `[...]` with `true` if it is a personal account, or with `false` if it is an GitHub organization | |
export GITHUB_PERSONAL=[...] | |
############################ | |
# Setup Management Cluster # | |
############################ | |
# Replace `[...]` with your access key ID` | |
export AWS_ACCESS_KEY_ID=[...] | |
# Replace `[...]` with your secret access key | |
export AWS_SECRET_ACCESS_KEY=[...] | |
eksctl create cluster \ | |
--name management \ | |
--region us-east-1 | |
kubectl create namespace crossplane-system | |
kubectl create namespace dev | |
kubectl create namespace clusters | |
############# | |
# Setup AWS # | |
############# | |
echo "[default] | |
aws_access_key_id = $AWS_ACCESS_KEY_ID | |
aws_secret_access_key = $AWS_SECRET_ACCESS_KEY | |
" >aws-creds.conf | |
kubectl --namespace crossplane-system \ | |
create secret generic aws-creds \ | |
--from-file creds=./aws-creds.conf | |
############## | |
# Setup Flux # | |
############## | |
flux bootstrap github \ | |
--owner $GITHUB_ORG \ | |
--repository crossplane-flux \ | |
--branch main \ | |
--path infra \ | |
--personal $GITHUB_PERSONAL | |
git clone \ | |
https://github.com/$GITHUB_ORG/crossplane-flux | |
cd crossplane-flux | |
echo "/kubeconfig.yaml | |
/aws-creds.conf" \ | |
| tee .gitignore | |
#################### | |
# Setup Crossplane # | |
#################### | |
mkdir infra/crossplane-system | |
flux create source helm crossplane \ | |
--interval 1h \ | |
--url https://charts.crossplane.io/stable \ | |
--export \ | |
| tee infra/crossplane-system/source.yaml | |
flux create helmrelease crossplane \ | |
--interval 1h \ | |
--release-name crossplane \ | |
--target-namespace crossplane-system \ | |
--create-target-namespace \ | |
--source HelmRepository/crossplane \ | |
--chart crossplane \ | |
--chart-version 1.6.4 \ | |
--crds CreateReplace \ | |
--export \ | |
| tee infra/crossplane-system/release.yaml | |
git add . | |
git commit -m "Crossplane" | |
git push | |
kubectl --namespace flux-system \ | |
get helmreleases,kustomizations | |
# Wait for a few moments for everything to sync | |
curl -o infra/crossplane-system/providers.yaml \ | |
https://gist.githubusercontent.com/vfarcic/b5d3ab028fe65cda27438e28415b5c83/raw | |
git add . | |
git commit -m "Crossplane" | |
git push | |
kubectl --namespace flux-system \ | |
get helmreleases,kustomizations | |
kubectl get pkgrev | |
# Wait until all the packages are healthy | |
curl -o infra/crossplane-system/provider-config-aws.yaml \ | |
https://raw.githubusercontent.com/vfarcic/devops-toolkit-crossplane/master/crossplane-config/provider-config-aws.yaml | |
git add . | |
git commit -m "Crossplane" | |
git push | |
kubectl --namespace flux-system \ | |
get helmreleases,kustomizations | |
export SA=$(kubectl \ | |
--namespace crossplane-system \ | |
get serviceaccount \ | |
--output name \ | |
| grep provider-helm \ | |
| sed -e 's|serviceaccount\/|crossplane-system:|g') | |
kubectl create clusterrolebinding \ | |
provider-helm-admin-binding \ | |
--clusterrole cluster-admin \ | |
--serviceaccount="${SA}" | |
###################### | |
# Production Cluster # | |
###################### | |
# Created a management cluster and installed Flux and Crossplane | |
mkdir infra/clusters | |
echo "apiVersion: devopstoolkitseries.com/v1alpha1 | |
kind: ClusterClaim | |
metadata: | |
name: production | |
namespace: flux-system | |
spec: | |
id: production | |
compositionSelector: | |
matchLabels: | |
provider: aws | |
cluster: eks | |
parameters: | |
nodeSize: small | |
minNodeCount: 3 | |
writeConnectionSecretToRef: | |
name: production-cluster" \ | |
| tee infra/clusters/production.yaml | |
git add . | |
git commit -m "Cluster" | |
git push | |
kubectl --namespace flux-system \ | |
get clusterclaims | |
########################### | |
# Development Environment # | |
########################### | |
mkdir dev-apps | |
echo "apiVersion: devopstoolkitseries.com/v1alpha1 | |
kind: AppClaim | |
metadata: | |
name: silly-demo | |
namespace: dev | |
spec: | |
id: silly-demo-dev | |
compositionSelector: | |
matchLabels: | |
type: backend-db | |
parameters: | |
namespace: dev | |
image: vfarcic/sql-demo:0.1.10 | |
port: 8080 | |
host: dev.backend.acme.com | |
--- | |
apiVersion: devopstoolkitseries.com/v1alpha1 | |
kind: SQLClaim | |
metadata: | |
name: silly-demo | |
namespace: dev | |
spec: | |
id: silly-demo-dev | |
compositionSelector: | |
matchLabels: | |
provider: local-k8s | |
db: postgresql | |
parameters: | |
version: \"13.4\" | |
size: small | |
namespace: dev | |
writeConnectionSecretToRef: | |
name: silly-demo-dev" \ | |
| tee dev-apps/backend.yaml | |
git add . | |
git commit -m "Backend" | |
git push | |
flux create kustomization dev-apps \ | |
--source GitRepository/flux-system \ | |
--path dev-apps \ | |
--prune true \ | |
--interval 1m | |
kubectl --namespace dev \ | |
get appclaims,sqlclaims | |
kubectl --namespace dev \ | |
get all,ingresses,secrets | |
###################### | |
# Production Cluster # | |
###################### | |
kubectl get managed | |
kubectl get clusters | |
kubectl --namespace flux-system \ | |
get clusterclaims | |
# Wait until the claim is ready. | |
kubectl --namespace crossplane-system \ | |
get secret production-cluster \ | |
--output jsonpath="{.data.kubeconfig}" \ | |
| base64 -d >kubeconfig.yaml | |
# The credentials are temporary so you might need to recreate kubeconfig later on | |
kubectl --kubeconfig kubeconfig.yaml \ | |
get nodes | |
echo "[default] | |
aws_access_key_id = $AWS_ACCESS_KEY_ID | |
aws_secret_access_key = $AWS_SECRET_ACCESS_KEY | |
" >aws-creds.conf | |
kubectl --kubeconfig kubeconfig.yaml \ | |
--namespace crossplane-system \ | |
create secret generic aws-creds \ | |
--from-file creds=./aws-creds.conf | |
########################## | |
# Production Environment # | |
########################## | |
mkdir prod-apps | |
echo "apiVersion: devopstoolkitseries.com/v1alpha1 | |
kind: AppClaim | |
metadata: | |
name: silly-demo | |
namespace: production | |
spec: | |
id: silly-demo | |
compositionSelector: | |
matchLabels: | |
type: backend-db | |
parameters: | |
namespace: production | |
image: vfarcic/sql-demo:0.1.10 | |
port: 8080 | |
host: devops-toolkit.127.0.0.1.nip.io | |
--- | |
apiVersion: devopstoolkitseries.com/v1alpha1 | |
kind: SQLClaim | |
metadata: | |
name: silly-demo | |
namespace: production | |
spec: | |
id: silly-demo | |
compositionSelector: | |
matchLabels: | |
provider: aws | |
db: postgresql | |
parameters: | |
version: \"13.4\" | |
size: small | |
namespace: production | |
writeConnectionSecretToRef: | |
name: silly-demo" \ | |
| tee prod-apps/backend.yaml | |
git add . | |
git commit -m "Backend" | |
git push | |
mkdir -p tmp | |
flux create kustomization prod-apps \ | |
--source GitRepository/flux-system \ | |
--path prod-apps \ | |
--prune true \ | |
--interval 1m \ | |
--export \ | |
| tee tmp/prod-apps.yaml | |
# Edit the file and set `spec.kubeConfig.secretRef.name` to `production-cluster` | |
kubectl apply \ | |
--filename tmp/prod-apps.yaml | |
kubectl --kubeconfig kubeconfig.yaml \ | |
--namespace production \ | |
get appclaims,sqlclaims | |
kubectl --kubeconfig kubeconfig.yaml \ | |
--namespace production \ | |
get all,ingresses,secrets | |
kubectl --kubeconfig kubeconfig.yaml \ | |
get managed | |
kubectl --kubeconfig kubeconfig.yaml \ | |
--namespace production \ | |
get pods | |
########### | |
# Destroy # | |
########### | |
rm -rf delete dev-apps/*.yaml | |
touch dev-apps/dummy | |
rm -rf delete prod-apps/*.yaml | |
touch prod-apps/dummy | |
git add . | |
git commit -m "Remove apps" | |
git push | |
kubectl --kubeconfig kubeconfig.yaml \ | |
get managed | |
# Repeat the previous command until all the `aws` resources are deleted | |
kubectl --kubeconfig kubeconfig.yaml \ | |
--namespace ingress-nginx \ | |
delete service production-ingress-ingress-nginx-controller | |
rm -rf infra/clusters/*.yaml | |
git add . | |
git commit -m "Destroy" | |
git push | |
kubectl get managed | |
# Repeat the previous command until all the `aws` resources are deleted | |
eksctl delete cluster \ | |
--name management \ | |
--region us-east-1 | |
gh repo view --web | |
# Delete the repo | |
cd .. | |
rm -rf crossplane-flux |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment