Skip to content

V2 Improvements #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
Oct 17, 2025
Merged

V2 Improvements #2

merged 8 commits into from
Oct 17, 2025

Conversation

@nusnewob
Copy link
Contributor

@nusnewob nusnewob commented Oct 1, 2025
edited
Loading

Description

Improve deployment process:

  • Use Taskfile.yml to replace shell scripts
  • Use helmfile.yaml to manage initial helm chart install
  • Use Crossplane and modules to replace Terraform to manage workload identities
  • Update packages/ to work on Azure AKS, and remove EKS specific configs
  • Update docs

Additional Information

  • This was demo'd to the CNOE community on the Technical call on 30th September 2025.
  • Any enhancements will be ticketed as issues and worked through in priority order

Type of Change

  • Bug fix
  • New Feature
  • Enhancement (e.g., performance improvement, usability enhancement)
  • Documentation update
  • Other (please specify}

@nusnewob nusnewob marked this pull request as ready for review October 1, 2025 17:18
@nusnewob nusnewob force-pushed the v2 branch 10 times, most recently from 50b1f9a to 5c93cdd Compare October 2, 2025 12:06
punkwalker and others added 7 commits October 2, 2025 13:06
@punkwalker @csantanapr @nusnewob
Improved version of CNOE AWS Reference Implementation (#52)
49c0663 
WIP: Improved version of CNOE AWS Reference Implementation

- New directory structure
- Leverages ArgoCD Application Sets
- Deploy the IDP to a remote EKS cluster from a kind cluster (ie.
idpbuilder)

Fixes: #49

---------

Signed-off-by: Pankaj Walke <punkwalker@gmail.com>
Signed-off-by: Carlos Santana <carrlos@amazon.com>
Co-authored-by: Carlos Santana <carrlos@amazon.com>
Signed-off-by: Bowen Sun <bowensun@gmail.com>
@nusnewob
feat(refactor): add taskfile and helmfile to replace shell scripts + …
f8226ab 
…refactor components for azure + remove aws specific configs

Signed-off-by: Bowen Sun <bowensun@gmail.com>
@nusnewob
refactor: update configs for azure
1361abe 
Signed-off-by: Bowen Sun <bowensun@gmail.com>
@nusnewob
fix: bitnami images 👎🏿
d8da4aa 
Signed-off-by: Bowen Sun <bowensun@gmail.com>
@nusnewob
refactor: improve initial and component install
f0d5fac 
Signed-off-by: Bowen Sun <bowensun@gmail.com>
@nusnewob
docs: update docs
a019588 
Signed-off-by: Bowen Sun <bowensun@gmail.com>
@nusnewob
chore: improve uninstall
ce69c52 
Signed-off-by: Bowen Sun <bowensun@gmail.com>
csantanapr
csantanapr requested changes Oct 7, 2025
View reviewed changes
Copy link
Contributor

@csantanapr csantanapr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you @nusnewob and team for this great V2 implementation, I captured some items that I think we should go back to the aws implementation and do the same way you did here

Everything looks good the only thing would be good to update the is the appset-chart to match aws to have consistency make it more top level folder

🔍 Azure Reference Implementation PR Review

Approved Aspects

  1. Correct ArgoCD ApplicationSet Pattern: Properly implements GitOps Bridge with ApplicationSets ✓
  2. Modern Build System - Taskfile: Superior to shell scripts for cross-platform automation ✓
  3. Modern Deployment Tool - Helmfile: Declarative Helm chart management vs manual helm commands ✓
  4. Azure-Native Authentication: Proper Azure Workload Identity implementation ✓
  5. External Secrets Integration: Correctly uses Azure Key Vault ✓
  6. Better Metadata Usage: Uses .metadata.annotations appropriately ✓

⚠️ Required Changes Before Merge (3% Misalignment)

Critical (Must Fix)

  1. Directory Structure Alignment:

    Current: packages/charts/appset/
Required: packages/appset-chart/

  2. Bootstrap Path Fix in packages/bootstrap.yaml:

    # Change from:
path: charts/appset
# To:
path: appset-chart

☁️ Azure-Specific Differences (Correctly Implemented)

These differences are appropriate and expected for Azure:

  1. External DNS Configuration:

    • Uses Azure DNS provider vs AWS Route53
    • Requires Azure config file mount vs AWS IAM roles

  2. Crossplane Providers:

    • Uses provider-family-azure vs provider-aws
    • Includes Azure-specific providers (authorization, managedidentity)

  3. Authentication Method:

    • Uses Azure Workload Identity vs AWS Pod Identity
    • Different annotation patterns (azure.workload.identity/*)

  4. Secret Management:

    • Integrates with Azure Key Vault vs AWS Secrets Manager
    • Different external-secrets configuration

🚀 Future Azure Enhancement Recommendations

  1. Add Azure Compositions: Create equivalent to AWS crossplane-compositions package for Azure-specific resource compositions

📊 Overall Assessment

  • Alignment Score: 97% with AWS reference
  • Recommendation: Approve with required changes
  • Key Strengths: Superior build system (Taskfile + Helmfile) + proper metadata usage + better crossplane structure + appropriate Azure adaptations

Status: Ready to merge after addressing the 2 structural alignment issues above.

🔄 Recommendations for AWS Reference Implementation

The Azure implementation introduces superior practices that should be backported to AWS:

  1. Adopt Taskfile: Replace shell scripts with Taskfile (reference: [Taskfile.yml]https://github.com/livewyer-ops/reference-implementation-azure/blob/v2/Taskfile.yml)) for better maintainability and cross-platform support

  2. Adopt Helmfile for Bootstrap: Replace manual helm commands with Helmfile (reference: helmfile.yaml) for declarative ArgoCD and ApplicationSet deployment

  3. Use .metadata.annotations: Update AWS implementation to use annotations instead of labels in packages/addons/values.yaml for:

    • .metadata.annotations.pathRouting (instead of .metadata.labels.path_routing)
    • .metadata.annotations.domain (instead of .metadata.labels.domain)
    • .metadata.annotations.letsencryptEnv (instead of .metadata.labels.letsencrypt_env)

  4. Simplify Crossplane Provider Structure: Remove separate crossplane-aws-upbound package and integrate providers directly into main crossplane configuration like Azure does

@CallumTaylorLW CallumTaylorLW mentioned this pull request Oct 9, 2025
Closed
@nusnewob
refactor: suggested changes for PR
b14443f 
Signed-off-by: Bowen Sun <bowensun@gmail.com>
csantanapr
csantanapr approved these changes Oct 17, 2025
View reviewed changes
Copy link
Contributor

@csantanapr csantanapr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

punkwalker
punkwalker approved these changes Oct 17, 2025
View reviewed changes
@punkwalker punkwalker merged commit 8b8fcd9 into cnoe-io:main Oct 17, 2025
1 check passed
@nusnewob nusnewob deleted the v2 branch October 21, 2025 13:41
@nusnewob nusnewob restored the v2 branch October 21, 2025 13:42
@nusnewob nusnewob mentioned this pull request Nov 14, 2025
Open
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@punkwalker punkwalker punkwalker approved these changes

@csantanapr csantanapr csantanapr approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@nusnewob @csantanapr @punkwalker