Skip to content

Instantly share code, notes, and snippets.

@kingdonb
Forked from vfarcic/999-crossplane-flux.sh
Created April 13, 2022 23:20
Show Gist options
  • Save kingdonb/73adaa96ebe75ab57247f0c64728eeb4 to your computer and use it in GitHub Desktop.
Save kingdonb/73adaa96ebe75ab57247f0c64728eeb4 to your computer and use it in GitHub Desktop.
# Source: https://gist.github.com/0c56f8b8a820198ada44123fa1bf4b60
################################################################
# How To Apply GitOps For Everything Using Crossplane And Flux #
# https://youtu.be/dunU2ABitMA #
################################################################
# Additional Info:
# - eksctl - How to Create and Manage AWS EKS clusters: https://youtu.be/pNECqaxyewQ
# - Flux CD v2 With GitOps Toolkit - Kubernetes Deployment And Sync Mechanism: https://youtu.be/R6OeIgb7lUI
# - How To Shift Left Infrastructure Management Using Crossplane Compositions: https://youtu.be/AtbS1u2j7po
# - How To Manage Applications With Databases Using Helm, Crossplane, And Schemahero: https://youtu.be/lZpKF1B80dU
#########
# Setup #
#########
# Replace `[...]` with the GitHub organization or user
export GITHUB_ORG=[...]
# Replace `[...]` with the GitHub token
export GITHUB_TOKEN=[...]
# Replace `[...]` with `true` if it is a personal account, or with `false` if it is an GitHub organization
export GITHUB_PERSONAL=[...]
############################
# Setup Management Cluster #
############################
# Replace `[...]` with your access key ID`
export AWS_ACCESS_KEY_ID=[...]
# Replace `[...]` with your secret access key
export AWS_SECRET_ACCESS_KEY=[...]
eksctl create cluster \
--name management \
--region us-east-1
kubectl create namespace crossplane-system
kubectl create namespace dev
kubectl create namespace clusters
#############
# Setup AWS #
#############
echo "[default]
aws_access_key_id = $AWS_ACCESS_KEY_ID
aws_secret_access_key = $AWS_SECRET_ACCESS_KEY
" >aws-creds.conf
kubectl --namespace crossplane-system \
create secret generic aws-creds \
--from-file creds=./aws-creds.conf
##############
# Setup Flux #
##############
flux bootstrap github \
--owner $GITHUB_ORG \
--repository crossplane-flux \
--branch main \
--path infra \
--personal $GITHUB_PERSONAL
git clone \
https://github.com/$GITHUB_ORG/crossplane-flux
cd crossplane-flux
echo "/kubeconfig.yaml
/aws-creds.conf" \
| tee .gitignore
####################
# Setup Crossplane #
####################
mkdir infra/crossplane-system
flux create source helm crossplane \
--interval 1h \
--url https://charts.crossplane.io/stable \
--export \
| tee infra/crossplane-system/source.yaml
flux create helmrelease crossplane \
--interval 1h \
--release-name crossplane \
--target-namespace crossplane-system \
--create-target-namespace \
--source HelmRepository/crossplane \
--chart crossplane \
--chart-version 1.6.4 \
--crds CreateReplace \
--export \
| tee infra/crossplane-system/release.yaml
git add .
git commit -m "Crossplane"
git push
kubectl --namespace flux-system \
get helmreleases,kustomizations
# Wait for a few moments for everything to sync
curl -o infra/crossplane-system/providers.yaml \
https://gist.githubusercontent.com/vfarcic/b5d3ab028fe65cda27438e28415b5c83/raw
git add .
git commit -m "Crossplane"
git push
kubectl --namespace flux-system \
get helmreleases,kustomizations
kubectl get pkgrev
# Wait until all the packages are healthy
curl -o infra/crossplane-system/provider-config-aws.yaml \
https://raw.githubusercontent.com/vfarcic/devops-toolkit-crossplane/master/crossplane-config/provider-config-aws.yaml
git add .
git commit -m "Crossplane"
git push
kubectl --namespace flux-system \
get helmreleases,kustomizations
export SA=$(kubectl \
--namespace crossplane-system \
get serviceaccount \
--output name \
| grep provider-helm \
| sed -e 's|serviceaccount\/|crossplane-system:|g')
kubectl create clusterrolebinding \
provider-helm-admin-binding \
--clusterrole cluster-admin \
--serviceaccount="${SA}"
######################
# Production Cluster #
######################
# Created a management cluster and installed Flux and Crossplane
mkdir infra/clusters
echo "apiVersion: devopstoolkitseries.com/v1alpha1
kind: ClusterClaim
metadata:
name: production
namespace: flux-system
spec:
id: production
compositionSelector:
matchLabels:
provider: aws
cluster: eks
parameters:
nodeSize: small
minNodeCount: 3
writeConnectionSecretToRef:
name: production-cluster" \
| tee infra/clusters/production.yaml
git add .
git commit -m "Cluster"
git push
kubectl --namespace flux-system \
get clusterclaims
###########################
# Development Environment #
###########################
mkdir dev-apps
echo "apiVersion: devopstoolkitseries.com/v1alpha1
kind: AppClaim
metadata:
name: silly-demo
namespace: dev
spec:
id: silly-demo-dev
compositionSelector:
matchLabels:
type: backend-db
parameters:
namespace: dev
image: vfarcic/sql-demo:0.1.10
port: 8080
host: dev.backend.acme.com
---
apiVersion: devopstoolkitseries.com/v1alpha1
kind: SQLClaim
metadata:
name: silly-demo
namespace: dev
spec:
id: silly-demo-dev
compositionSelector:
matchLabels:
provider: local-k8s
db: postgresql
parameters:
version: \"13.4\"
size: small
namespace: dev
writeConnectionSecretToRef:
name: silly-demo-dev" \
| tee dev-apps/backend.yaml
git add .
git commit -m "Backend"
git push
flux create kustomization dev-apps \
--source GitRepository/flux-system \
--path dev-apps \
--prune true \
--interval 1m
kubectl --namespace dev \
get appclaims,sqlclaims
kubectl --namespace dev \
get all,ingresses,secrets
######################
# Production Cluster #
######################
kubectl get managed
kubectl get clusters
kubectl --namespace flux-system \
get clusterclaims
# Wait until the claim is ready.
kubectl --namespace crossplane-system \
get secret production-cluster \
--output jsonpath="{.data.kubeconfig}" \
| base64 -d >kubeconfig.yaml
# The credentials are temporary so you might need to recreate kubeconfig later on
kubectl --kubeconfig kubeconfig.yaml \
get nodes
echo "[default]
aws_access_key_id = $AWS_ACCESS_KEY_ID
aws_secret_access_key = $AWS_SECRET_ACCESS_KEY
" >aws-creds.conf
kubectl --kubeconfig kubeconfig.yaml \
--namespace crossplane-system \
create secret generic aws-creds \
--from-file creds=./aws-creds.conf
##########################
# Production Environment #
##########################
mkdir prod-apps
echo "apiVersion: devopstoolkitseries.com/v1alpha1
kind: AppClaim
metadata:
name: silly-demo
namespace: production
spec:
id: silly-demo
compositionSelector:
matchLabels:
type: backend-db
parameters:
namespace: production
image: vfarcic/sql-demo:0.1.10
port: 8080
host: devops-toolkit.127.0.0.1.nip.io
---
apiVersion: devopstoolkitseries.com/v1alpha1
kind: SQLClaim
metadata:
name: silly-demo
namespace: production
spec:
id: silly-demo
compositionSelector:
matchLabels:
provider: aws
db: postgresql
parameters:
version: \"13.4\"
size: small
namespace: production
writeConnectionSecretToRef:
name: silly-demo" \
| tee prod-apps/backend.yaml
git add .
git commit -m "Backend"
git push
mkdir -p tmp
flux create kustomization prod-apps \
--source GitRepository/flux-system \
--path prod-apps \
--prune true \
--interval 1m \
--export \
| tee tmp/prod-apps.yaml
# Edit the file and set `spec.kubeConfig.secretRef.name` to `production-cluster`
kubectl apply \
--filename tmp/prod-apps.yaml
kubectl --kubeconfig kubeconfig.yaml \
--namespace production \
get appclaims,sqlclaims
kubectl --kubeconfig kubeconfig.yaml \
--namespace production \
get all,ingresses,secrets
kubectl --kubeconfig kubeconfig.yaml \
get managed
kubectl --kubeconfig kubeconfig.yaml \
--namespace production \
get pods
###########
# Destroy #
###########
rm -rf delete dev-apps/*.yaml
touch dev-apps/dummy
rm -rf delete prod-apps/*.yaml
touch prod-apps/dummy
git add .
git commit -m "Remove apps"
git push
kubectl --kubeconfig kubeconfig.yaml \
get managed
# Repeat the previous command until all the `aws` resources are deleted
kubectl --kubeconfig kubeconfig.yaml \
--namespace ingress-nginx \
delete service production-ingress-ingress-nginx-controller
rm -rf infra/clusters/*.yaml
git add .
git commit -m "Destroy"
git push
kubectl get managed
# Repeat the previous command until all the `aws` resources are deleted
eksctl delete cluster \
--name management \
--region us-east-1
gh repo view --web
# Delete the repo
cd ..
rm -rf crossplane-flux
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment