From 89284f6692af900e33f1108c035871558e00e24a Mon Sep 17 00:00:00 2001 From: Carlos Santana Date: Wed, 30 Aug 2023 22:50:02 -0400 Subject: [PATCH] Add example to show private git credentials for argocd Signed-off-by: Carlos Santana --- .../examples/eks/private-git/README.md | 27 ++ .../eks/private-git/bootstrap/addons.yaml | 19 ++ .../eks/private-git/bootstrap/workloads.yaml | 20 ++ .../examples/eks/private-git/destroy.sh | 16 + .../examples/eks/private-git/main.tf | 299 ++++++++++++++++++ .../examples/eks/private-git/outputs.tf | 33 ++ .../examples/eks/private-git/tes.yaml | 122 +++++++ .../examples/eks/private-git/variables.tf | 0 .../examples/eks/private-git/versions.tf | 29 ++ 9 files changed, 565 insertions(+) create mode 100644 argocd/iac/terraform/examples/eks/private-git/README.md create mode 100644 argocd/iac/terraform/examples/eks/private-git/bootstrap/addons.yaml create mode 100644 argocd/iac/terraform/examples/eks/private-git/bootstrap/workloads.yaml create mode 100755 argocd/iac/terraform/examples/eks/private-git/destroy.sh create mode 100644 argocd/iac/terraform/examples/eks/private-git/main.tf create mode 100644 argocd/iac/terraform/examples/eks/private-git/outputs.tf create mode 100644 argocd/iac/terraform/examples/eks/private-git/tes.yaml create mode 100644 argocd/iac/terraform/examples/eks/private-git/variables.tf create mode 100644 argocd/iac/terraform/examples/eks/private-git/versions.tf diff --git a/argocd/iac/terraform/examples/eks/private-git/README.md b/argocd/iac/terraform/examples/eks/private-git/README.md new file mode 100644 index 00000000..3974e9ab --- /dev/null +++ b/argocd/iac/terraform/examples/eks/private-git/README.md @@ -0,0 +1,27 @@ +# ArgoCD on Amazon EKS + +This example shows how to deploy Amazon EKS with addons configured via ArgoCD + +The example demonstrate how to use private git repository for addons and workload. + +The example reads your private ssh key, and creates two secretes to access the git repository for addons and another one for workloads + +## Prerequisites +- Create a Github ssh key file, example assumes the file path `~/.ssh/id_rsa`, update `main.tf` if using a different location + +Deploy EKS Cluster +```shell +terraform init +terraform apply +``` + +Access Terraform output to configure `kubectl` and `argocd` +```shell +terraform output +``` + +Destroy EKS Cluster +```shell +cd hub +./destroy.sh +``` diff --git a/argocd/iac/terraform/examples/eks/private-git/bootstrap/addons.yaml b/argocd/iac/terraform/examples/eks/private-git/bootstrap/addons.yaml new file mode 100644 index 00000000..61216a94 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/private-git/bootstrap/addons.yaml @@ -0,0 +1,19 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: bootstrap-addons + namespace: 'argocd' +spec: + destination: + server: https://kubernetes.default.svc + namespace: 'argocd' + project: default + source: + path: ${path} + repoURL: ${repoURL} + targetRevision: ${targetRevision} + directory: + recurse: true + exclude: exclude/* + syncPolicy: + automated: {} diff --git a/argocd/iac/terraform/examples/eks/private-git/bootstrap/workloads.yaml b/argocd/iac/terraform/examples/eks/private-git/bootstrap/workloads.yaml new file mode 100644 index 00000000..9553651e --- /dev/null +++ b/argocd/iac/terraform/examples/eks/private-git/bootstrap/workloads.yaml @@ -0,0 +1,20 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: bootstrap-workloads + namespace: 'argocd' + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + destination: + server: https://kubernetes.default.svc + namespace: 'guestbook' + project: default + source: + path: ${path} + repoURL: ${repoURL} + targetRevision: ${targetRevision} + syncPolicy: + automated: {} + syncOptions: + - CreateNamespace=true \ No newline at end of file diff --git a/argocd/iac/terraform/examples/eks/private-git/destroy.sh b/argocd/iac/terraform/examples/eks/private-git/destroy.sh new file mode 100755 index 00000000..195f9885 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/private-git/destroy.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +set -x + +# Delete the Ingress/SVC before removing the addons +TMPFILE=$(mktemp) +terraform output -raw configure_kubectl > "$TMPFILE" +source "$TMPFILE" + +kubectl delete svc -n argocd argo-cd-argocd-server + +terraform destroy -target="module.gitops_bridge_bootstrap" -auto-approve +terraform destroy -target="module.eks_blueprints_addons" -auto-approve +terraform destroy -target="module.eks" -auto-approve +terraform destroy -target="module.vpc" -auto-approve +terraform destroy -auto-approve diff --git a/argocd/iac/terraform/examples/eks/private-git/main.tf b/argocd/iac/terraform/examples/eks/private-git/main.tf new file mode 100644 index 00000000..dc198ef4 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/private-git/main.tf @@ -0,0 +1,299 @@ +provider "aws" { + region = local.region +} +data "aws_caller_identity" "current" {} +data "aws_availability_zones" "available" {} + +provider "helm" { + kubernetes { + host = module.eks.cluster_endpoint + cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data) + + exec { + api_version = "client.authentication.k8s.io/v1beta1" + command = "aws" + # This requires the awscli to be installed locally where Terraform is executed + args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name, "--region", local.region] + } + } +} + +provider "kubectl" { + host = module.eks.cluster_endpoint + cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data) + exec { + api_version = "client.authentication.k8s.io/v1beta1" + args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name, "--region", local.region] + command = "aws" + } + load_config_file = false + apply_retry_count = 15 +} + +provider "kubernetes" { + host = module.eks.cluster_endpoint + cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data) + + exec { + api_version = "client.authentication.k8s.io/v1beta1" + command = "aws" + # This requires the awscli to be installed locally where Terraform is executed + args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name, "--region", local.region] + } +} + +locals { + name = "ex-${replace(basename(path.cwd), "_", "-")}" + environment = "dev" + region = "us-west-2" + cluster_version = "1.27" + + git_private_ssh_key = "~/.ssh/id_rsa" # Update with the git ssh key to be used by ArgoCD + + gitops_addons_org = "git@github.com:gitops-bridge-dev" + gitops_addons_repo = "gitops-bridge-argocd-control-plane-template" + gitops_addon_path = "bootstrap/control-plane/addons" + gitops_addon_revision = "HEAD" + + gitops_workloads_org = "git@github.com:argoproj" + gitops_workloads_repo = "argocd-example-apps" + gitops_workloads_path = "helm-guestbook" + gitops_workloads_revision = "HEAD" + + aws_addons = { + enable_cert_manager = true + #enable_aws_efs_csi_driver = true + #enable_aws_fsx_csi_driver = true + #enable_aws_cloudwatch_metrics = true + #enable_aws_privateca_issuer = true + #enable_cluster_autoscaler = true + #enable_external_dns = true + #enable_external_secrets = true + #enable_aws_load_balancer_controller = true + #enable_fargate_fluentbit = true + #enable_aws_for_fluentbit = true + #enable_aws_node_termination_handler = true + #enable_karpenter = true + #enable_velero = true + #enable_aws_gateway_api_controller = true + #enable_aws_ebs_csi_resources = true # generate gp2 and gp3 storage classes for ebs-csi + #enable_aws_secrets_store_csi_driver_provider = true + } + oss_addons = { + #enable_argo_rollouts = true + #enable_argo_workflows = true + #enable_cluster_proportional_autoscaler = true + #enable_gatekeeper = true + #enable_gpu_operator = true + #enable_ingress_nginx = true + #enable_kyverno = true + #enable_kube_prometheus_stack = true + enable_metrics_server = true + #enable_prometheus_adapter = true + #enable_secrets_store_csi_driver = true + #enable_vpa = true + #enable_foo = true # you can add any addon here, make sure to update the gitops repo with the corresponding application set + } + addons = merge(local.aws_addons, local.oss_addons, { kubernetes_version = local.cluster_version }) + + addons_metadata = merge( + module.eks_blueprints_addons.gitops_metadata, + { + aws_cluster_name = module.eks.cluster_name + aws_region = local.region + aws_account_id = data.aws_caller_identity.current.account_id + aws_vpc_id = module.vpc.vpc_id + }, + { + gitops_bridge_repo_url = "${local.gitops_addons_org}/${local.gitops_addons_repo}" + gitops_bridge_repo_revision = local.gitops_addon_revision + } + ) + + argocd_bootstrap_app_of_apps = { + addons = templatefile("${path.module}/bootstrap/addons.yaml", { + repoURL = "${local.gitops_addons_org}/${local.gitops_addons_repo}" + path = local.gitops_addon_path + targetRevision = local.gitops_addon_revision + }) + workloads = templatefile("${path.module}/bootstrap/workloads.yaml", { + repoURL = "${local.gitops_workloads_org}/${local.gitops_workloads_repo}" + path = local.gitops_workloads_path + targetRevision = local.gitops_workloads_revision + }) + } + + vpc_cidr = "10.0.0.0/16" + azs = slice(data.aws_availability_zones.available.names, 0, 3) + + tags = { + Blueprint = local.name + GithubRepo = "github.com/csantanapr/terraform-gitops-bridge" + } +} + +################################################################################ +# GitOps Bridge: Private ssh keys for git +################################################################################ +resource "kubernetes_namespace" "argocd" { + depends_on = [ module.eks_blueprints_addons ] + metadata { + name = "argocd" + } +} +resource "kubernetes_secret" "git_secrets" { + depends_on = [ kubernetes_namespace.argocd ] + for_each = { + git-addons = { + type = "git" + url = local.gitops_addons_org + sshPrivateKey = file(pathexpand(local.git_private_ssh_key)) + } + git-workloads = { + type = "git" + url = local.gitops_addons_org + sshPrivateKey = file(pathexpand(local.git_private_ssh_key)) + } + } + metadata { + name = each.key + namespace = kubernetes_namespace.argocd.metadata[0].name + labels = { + "argocd.argoproj.io/secret-type" = "repo-creds" + } + } + data = each.value +} + +################################################################################ +# GitOps Bridge: Metadata +################################################################################ +module "gitops_bridge_metadata" { + source = "../../../modules/gitops-bridge-metadata" + + cluster_name = module.eks.cluster_name + environment = local.environment + metadata = local.addons_metadata + addons = local.addons +} + +################################################################################ +# GitOps Bridge: Bootstrap +################################################################################ +module "gitops_bridge_bootstrap" { + source = "../../../modules/gitops-bridge-bootstrap" + + argocd_cluster = module.gitops_bridge_metadata.argocd + argocd_bootstrap_app_of_apps = local.argocd_bootstrap_app_of_apps + argocd = { create_namespace = false } + depends_on = [kubernetes_secret.git_secrets] +} + + +################################################################################ +# EKS Blueprints Addons +################################################################################ +module "eks_blueprints_addons" { + source = "aws-ia/eks-blueprints-addons/aws" + version = "~> 1.0" + + cluster_name = module.eks.cluster_name + cluster_endpoint = module.eks.cluster_endpoint + cluster_version = module.eks.cluster_version + oidc_provider_arn = module.eks.oidc_provider_arn + + # Using GitOps Bridge + create_kubernetes_resources = false + + # EKS Blueprints Addons + enable_cert_manager = try(local.aws_addons.enable_cert_manager, false) + enable_aws_efs_csi_driver = try(local.aws_addons.enable_aws_efs_csi_driver, false) + enable_aws_fsx_csi_driver = try(local.aws_addons.enable_aws_fsx_csi_driver, false) + enable_aws_cloudwatch_metrics = try(local.aws_addons.enable_aws_cloudwatch_metrics, false) + enable_aws_privateca_issuer = try(local.aws_addons.enable_aws_privateca_issuer, false) + enable_cluster_autoscaler = try(local.aws_addons.enable_cluster_autoscaler, false) + enable_external_dns = try(local.aws_addons.enable_external_dns, false) + enable_external_secrets = try(local.aws_addons.enable_external_secrets, false) + enable_aws_load_balancer_controller = try(local.aws_addons.enable_aws_load_balancer_controller, false) + enable_fargate_fluentbit = try(local.aws_addons.enable_fargate_fluentbit, false) + enable_aws_for_fluentbit = try(local.aws_addons.enable_aws_for_fluentbit, false) + enable_aws_node_termination_handler = try(local.aws_addons.enable_aws_node_termination_handler, false) + enable_karpenter = try(local.aws_addons.enable_karpenter, false) + enable_velero = try(local.aws_addons.enable_velero, false) + enable_aws_gateway_api_controller = try(local.aws_addons.enable_aws_gateway_api_controller, false) + + tags = local.tags +} + +################################################################################ +# EKS Cluster +################################################################################ +#tfsec:ignore:aws-eks-enable-control-plane-logging +module "eks" { + source = "terraform-aws-modules/eks/aws" + version = "~> 19.13" + + cluster_name = local.name + cluster_version = local.cluster_version + cluster_endpoint_public_access = true + + + vpc_id = module.vpc.vpc_id + subnet_ids = module.vpc.private_subnets + + eks_managed_node_groups = { + initial = { + instance_types = ["t3.medium"] + + min_size = 3 + max_size = 10 + desired_size = 3 + } + } + # EKS Addons + cluster_addons = { + vpc-cni = { + # Specify the VPC CNI addon should be deployed before compute to ensure + # the addon is configured before data plane compute resources are created + # See README for further details + before_compute = true + most_recent = true # To ensure access to the latest settings provided + configuration_values = jsonencode({ + env = { + # Reference docs https://docs.aws.amazon.com/eks/latest/userguide/cni-increase-ip-addresses.html + ENABLE_PREFIX_DELEGATION = "true" + WARM_PREFIX_TARGET = "1" + } + }) + } + } + tags = local.tags +} + +################################################################################ +# Supporting Resources +################################################################################ +module "vpc" { + source = "terraform-aws-modules/vpc/aws" + version = "~> 5.0" + + name = local.name + cidr = local.vpc_cidr + + azs = local.azs + private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)] + public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)] + + enable_nat_gateway = true + single_nat_gateway = true + + public_subnet_tags = { + "kubernetes.io/role/elb" = 1 + } + + private_subnet_tags = { + "kubernetes.io/role/internal-elb" = 1 + } + + tags = local.tags +} diff --git a/argocd/iac/terraform/examples/eks/private-git/outputs.tf b/argocd/iac/terraform/examples/eks/private-git/outputs.tf new file mode 100644 index 00000000..2d3b6e57 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/private-git/outputs.tf @@ -0,0 +1,33 @@ +output "configure_kubectl" { + description = "Configure kubectl: make sure you're logged in with the correct AWS profile and run the following command to update your kubeconfig" + value = <<-EOT + export KUBECONFIG="/tmp/${module.eks.cluster_name}" + aws eks --region ${local.region} update-kubeconfig --name ${module.eks.cluster_name} + EOT +} + +output "configure_argocd" { + description = "Terminal Setup" + value = <<-EOT + export KUBECONFIG="/tmp/${module.eks.cluster_name}" + aws eks --region ${local.region} update-kubeconfig --name ${module.eks.cluster_name} + export ARGOCD_OPTS="--port-forward --port-forward-namespace argocd --grpc-web" + kubectl config set-context --current --namespace argocd + argocd login --port-forward --username admin --password $(argocd admin initial-password | head -1) + echo "ArgoCD Username: admin" + echo "ArgoCD Password: $(kubectl get secrets argocd-initial-admin-secret -n argocd --template="{{index .data.password | base64decode}}")" + echo Port Forward: http://localhost:8080 + kubectl port-forward -n argocd svc/argo-cd-argocd-server 8080:80 + EOT +} + +output "access_argocd" { + description = "ArgoCD Access" + value = <<-EOT + export KUBECONFIG="/tmp/${module.eks.cluster_name}" + aws eks --region ${local.region} update-kubeconfig --name ${module.eks.cluster_name} + echo "ArgoCD URL: https://$(kubectl get svc -n argocd argo-cd-argocd-server -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')" + echo "ArgoCD Username: admin" + echo "ArgoCD Password: $(kubectl get secrets argocd-initial-admin-secret -n argocd --template="{{index .data.password | base64decode}}")" + EOT +} diff --git a/argocd/iac/terraform/examples/eks/private-git/tes.yaml b/argocd/iac/terraform/examples/eks/private-git/tes.yaml new file mode 100644 index 00000000..fe48c7ba --- /dev/null +++ b/argocd/iac/terraform/examples/eks/private-git/tes.yaml @@ -0,0 +1,122 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: git-addons + namespace: argocd + labels: + argocd.argoproj.io/secret-type: repo-creds +stringData: + type: git + url: git@github.com:gitops-bridge-dev + sshPrivateKey: | + -----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn +NhAAAAAwEAAQAAAgEAzTv5XrGnVxZ9pe/uTpSRabTFcW/pyszrZiZWxzSr5P26Pbj83BsN +5JyAslUW/zbLjYTfCC20EjYbb8MdQoLo5fquHIN/FC6UH5vvimJnD4hcAz+n8IUZSh26jE +ftKFZzR/CfK8vA44DpQv68cZVslZb/poR74lo9BOWqE8HlwdXJvRqZCEi60Rv4K3bqqhCp +j/wXPDiH4M/pciCXWTWW3gxmA0rSg3TztesOx0G+zjh8pAtcfXt/P5uxr3khqKVXsEW//J +QZVLHqcKOVmFM7RuHwsn3d0mlC3nQNRpH+5BOw/o+sCJuXksHVS2fi2AarlFIaSVxHSkV3 +JedYsEH9d7mTnwqvR5lUvqsMzIyha99Yu2mjFM9n+DhBI4TXDjAQZbln/HivTOcMEHhJHi +8hx6oRY/v9+ZMXG9xEpm9uWIeNA1KYjZ5Sms2yBZcRcSYmmlWXfXkvVzgxUsUQbqGrgJ2A +xUJxoKUP6wEexm16XolMCg399K3T6zPN1LCx5xMwAFTjiRvHfmwFW6LtYKRlT8aF+BFK4N +LjSzHPmmKetmIa6Pgk0o9iPsIARhipMnlfB/sWO8saJLPu9u9RZ2+aMyM3lf4a3S8Ivb/R +fpI5sIGOctJ2Cjq7MeacwYNijl/Xt3DoUoEfe4rakNp2kzmnSRNX8taK/GS9MlhRH8/UzR +sAAAdQyOXyxcjl8sUAAAAHc3NoLXJzYQAAAgEAzTv5XrGnVxZ9pe/uTpSRabTFcW/pyszr +ZiZWxzSr5P26Pbj83BsN5JyAslUW/zbLjYTfCC20EjYbb8MdQoLo5fquHIN/FC6UH5vvim +JnD4hcAz+n8IUZSh26jEftKFZzR/CfK8vA44DpQv68cZVslZb/poR74lo9BOWqE8HlwdXJ +vRqZCEi60Rv4K3bqqhCpj/wXPDiH4M/pciCXWTWW3gxmA0rSg3TztesOx0G+zjh8pAtcfX +t/P5uxr3khqKVXsEW//JQZVLHqcKOVmFM7RuHwsn3d0mlC3nQNRpH+5BOw/o+sCJuXksHV +S2fi2AarlFIaSVxHSkV3JedYsEH9d7mTnwqvR5lUvqsMzIyha99Yu2mjFM9n+DhBI4TXDj +AQZbln/HivTOcMEHhJHi8hx6oRY/v9+ZMXG9xEpm9uWIeNA1KYjZ5Sms2yBZcRcSYmmlWX +fXkvVzgxUsUQbqGrgJ2AxUJxoKUP6wEexm16XolMCg399K3T6zPN1LCx5xMwAFTjiRvHfm +wFW6LtYKRlT8aF+BFK4NLjSzHPmmKetmIa6Pgk0o9iPsIARhipMnlfB/sWO8saJLPu9u9R +Z2+aMyM3lf4a3S8Ivb/RfpI5sIGOctJ2Cjq7MeacwYNijl/Xt3DoUoEfe4rakNp2kzmnSR +NX8taK/GS9MlhRH8/UzRsAAAADAQABAAACACEdAhkjNMq6WD+DvMF0+xlBD3JECkasVXa/ +zNSLTQi/X2NCC5o/yzgNgD5FuFYpMyJ8Q7gAF8OwczDPHFN057rjfWAgX0qUUVXgRP/g7J +v29lGX3bLS5seskEK+ACe3+xWqXyQj1dVfIUOr8h+pakGggVMOoSZeROYbYBub90QVCF24 +guRxR6MhjiMFJsuVsKYImH8g59t/8Dx3wbOlD9h3y6XQVrLbFc9OQ64mj3CacJHPO3cLi/ +ZpWnvjYWjidIl+V4GbK5McuaS+4A4Zr8C6B6nk4Ptn/GAD/XhbafLGspIAAFPLNuN43r8x +3cnZGanurUsU1nPHTXgSIZ8eppR2oExBOU4Z2cdZj1vSRPPKtmTxn+RUTCTj5OblLM2Nbd +s/N+0lPoyeNTTAJt89gSa3RWD/QY5fCHvNs6oiCHoaxw0eNSujWz/xakoX376bxfDpA0wt +6yhZt6/70qGaKaI5lf2Ui1snqfN4Hc4OM9HXfW8XGGD6Z0083mZ0TGsox//HGHpJ26eWvw +F8vPONeZpu5ZEgGJS3HAo+pnVroQ3V0+ufqmeypYF3fKBtjFpmrMVL4tQ2GIsRUzJ0uMh+ +5cf7Y8397of66FbIpx/W1c/t4xi2s44uiV+HcyLATueN7X2vJEd4SEnAgIQQBZwiosCHEI +ec6R0/PQvUBAS3pYWBAAABAEUOMtizBrYxQVunQSZbp13vsKWZG32es5rwyDToQ9lEt0QH +y04kR24SEUzpmfpumZDJXpHcY+QhHzmGNzASv/Jib+DS+dLl0EysK95ticzeg1szBp9T8G +qH5KKmvsPo14VUsQAmD1GVqO8m6l8Mie3yTDc1tUIq/aobzxBmKWvBp88Zp5nuBh47nOEU +M7YbV+2CiybO9TkHB4TFZThRvcuvEn9MEDyLeTQFgrzssLHNAbXiX7WQ6TNoac8Kw+zOy2 +6qiIQc94vciEvF6HKJiRLb9bS45hGCfV6c41HSiitRefZ//zkIoA1UwUBlLBRvwXE4T7Y/ +LaxDXPQ1uP3R7T8AAAEBAOuMocSYOVAcjLXQJ4p6UkCBfYKFErWzX4BkQxAyKbU+DxNbC+ +SPKKEC9BOmZwDUOKDh5YwNgcOiNDQG2ti82y7mC2UyYmuX54osXg+PXXyZla2pT25XcG07 +qzwcaPzSKzpXwS2SC54wthYBoI584mhTVrSKL9tv5T/W3A8nLIAn11au9/kwQRcvRy1iqz +Wwnm5u8BwXCJPi3kO2fWtbZid6NLSkAXi9EkCw0dsazjtX1ybGQPcmfWcgWj05gC/dP1fV +urG7bMHCE86JAeURkEOn4DMv7ohckBkJRWv6RGiddV8tgGWgK5f0e8I5us+9SP0Ey8nJCL +KxQTkmrdkx1CEAAAEBAN8NjaCZUt6+0uyZ0iU9Lay7pn2vaqLSP+nvTlH7c3XZPwqwTV9n +ITRqK85xobiuAeEjrDpTA1gtB0V546k5QgAo4jRUECqrg1wQ08gnUydJNnUuNiXIA1b9v3 +d1XhbZhJFlj9voc00m4+i13M3aL2YV1fUWzKWkrGtIMGULGucDf4ro2hjPqbxL+oMKYw7/ +pm/2GsDRh/jeye3vkQcujcx6B4JBcxQZI3mPkKi9mloJCAsSua4FJ1PSWIV3y49iJG3KUK +DB4Wfkw8Zu32g208r5P6JRXmsOiu22GcM2Une17w+Zo0VjFQzYgs2IVFD0uLg3x0mObbT+ +Qu1L1nHDubsAAAAUY3NhbnRhbmEyM0BnbWFpbC5jb20BAgMEBQYH +-----END OPENSSH PRIVATE KEY----- + +--- +apiVersion: v1 +kind: Secret +metadata: + name: git-workloads + namespace: argocd + labels: + argocd.argoproj.io/secret-type: repo-creds +stringData: + type: git + url: git@github.com:argoproj + sshPrivateKey: -----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn +NhAAAAAwEAAQAAAgEAzTv5XrGnVxZ9pe/uTpSRabTFcW/pyszrZiZWxzSr5P26Pbj83BsN +5JyAslUW/zbLjYTfCC20EjYbb8MdQoLo5fquHIN/FC6UH5vvimJnD4hcAz+n8IUZSh26jE +ftKFZzR/CfK8vA44DpQv68cZVslZb/poR74lo9BOWqE8HlwdXJvRqZCEi60Rv4K3bqqhCp +j/wXPDiH4M/pciCXWTWW3gxmA0rSg3TztesOx0G+zjh8pAtcfXt/P5uxr3khqKVXsEW//J +QZVLHqcKOVmFM7RuHwsn3d0mlC3nQNRpH+5BOw/o+sCJuXksHVS2fi2AarlFIaSVxHSkV3 +JedYsEH9d7mTnwqvR5lUvqsMzIyha99Yu2mjFM9n+DhBI4TXDjAQZbln/HivTOcMEHhJHi +8hx6oRY/v9+ZMXG9xEpm9uWIeNA1KYjZ5Sms2yBZcRcSYmmlWXfXkvVzgxUsUQbqGrgJ2A +xUJxoKUP6wEexm16XolMCg399K3T6zPN1LCx5xMwAFTjiRvHfmwFW6LtYKRlT8aF+BFK4N +LjSzHPmmKetmIa6Pgk0o9iPsIARhipMnlfB/sWO8saJLPu9u9RZ2+aMyM3lf4a3S8Ivb/R +fpI5sIGOctJ2Cjq7MeacwYNijl/Xt3DoUoEfe4rakNp2kzmnSRNX8taK/GS9MlhRH8/UzR +sAAAdQyOXyxcjl8sUAAAAHc3NoLXJzYQAAAgEAzTv5XrGnVxZ9pe/uTpSRabTFcW/pyszr +ZiZWxzSr5P26Pbj83BsN5JyAslUW/zbLjYTfCC20EjYbb8MdQoLo5fquHIN/FC6UH5vvim +JnD4hcAz+n8IUZSh26jEftKFZzR/CfK8vA44DpQv68cZVslZb/poR74lo9BOWqE8HlwdXJ +vRqZCEi60Rv4K3bqqhCpj/wXPDiH4M/pciCXWTWW3gxmA0rSg3TztesOx0G+zjh8pAtcfX +t/P5uxr3khqKVXsEW//JQZVLHqcKOVmFM7RuHwsn3d0mlC3nQNRpH+5BOw/o+sCJuXksHV +S2fi2AarlFIaSVxHSkV3JedYsEH9d7mTnwqvR5lUvqsMzIyha99Yu2mjFM9n+DhBI4TXDj +AQZbln/HivTOcMEHhJHi8hx6oRY/v9+ZMXG9xEpm9uWIeNA1KYjZ5Sms2yBZcRcSYmmlWX +fXkvVzgxUsUQbqGrgJ2AxUJxoKUP6wEexm16XolMCg399K3T6zPN1LCx5xMwAFTjiRvHfm +wFW6LtYKRlT8aF+BFK4NLjSzHPmmKetmIa6Pgk0o9iPsIARhipMnlfB/sWO8saJLPu9u9R +Z2+aMyM3lf4a3S8Ivb/RfpI5sIGOctJ2Cjq7MeacwYNijl/Xt3DoUoEfe4rakNp2kzmnSR +NX8taK/GS9MlhRH8/UzRsAAAADAQABAAACACEdAhkjNMq6WD+DvMF0+xlBD3JECkasVXa/ +zNSLTQi/X2NCC5o/yzgNgD5FuFYpMyJ8Q7gAF8OwczDPHFN057rjfWAgX0qUUVXgRP/g7J +v29lGX3bLS5seskEK+ACe3+xWqXyQj1dVfIUOr8h+pakGggVMOoSZeROYbYBub90QVCF24 +guRxR6MhjiMFJsuVsKYImH8g59t/8Dx3wbOlD9h3y6XQVrLbFc9OQ64mj3CacJHPO3cLi/ +ZpWnvjYWjidIl+V4GbK5McuaS+4A4Zr8C6B6nk4Ptn/GAD/XhbafLGspIAAFPLNuN43r8x +3cnZGanurUsU1nPHTXgSIZ8eppR2oExBOU4Z2cdZj1vSRPPKtmTxn+RUTCTj5OblLM2Nbd +s/N+0lPoyeNTTAJt89gSa3RWD/QY5fCHvNs6oiCHoaxw0eNSujWz/xakoX376bxfDpA0wt +6yhZt6/70qGaKaI5lf2Ui1snqfN4Hc4OM9HXfW8XGGD6Z0083mZ0TGsox//HGHpJ26eWvw +F8vPONeZpu5ZEgGJS3HAo+pnVroQ3V0+ufqmeypYF3fKBtjFpmrMVL4tQ2GIsRUzJ0uMh+ +5cf7Y8397of66FbIpx/W1c/t4xi2s44uiV+HcyLATueN7X2vJEd4SEnAgIQQBZwiosCHEI +ec6R0/PQvUBAS3pYWBAAABAEUOMtizBrYxQVunQSZbp13vsKWZG32es5rwyDToQ9lEt0QH +y04kR24SEUzpmfpumZDJXpHcY+QhHzmGNzASv/Jib+DS+dLl0EysK95ticzeg1szBp9T8G +qH5KKmvsPo14VUsQAmD1GVqO8m6l8Mie3yTDc1tUIq/aobzxBmKWvBp88Zp5nuBh47nOEU +M7YbV+2CiybO9TkHB4TFZThRvcuvEn9MEDyLeTQFgrzssLHNAbXiX7WQ6TNoac8Kw+zOy2 +6qiIQc94vciEvF6HKJiRLb9bS45hGCfV6c41HSiitRefZ//zkIoA1UwUBlLBRvwXE4T7Y/ +LaxDXPQ1uP3R7T8AAAEBAOuMocSYOVAcjLXQJ4p6UkCBfYKFErWzX4BkQxAyKbU+DxNbC+ +SPKKEC9BOmZwDUOKDh5YwNgcOiNDQG2ti82y7mC2UyYmuX54osXg+PXXyZla2pT25XcG07 +qzwcaPzSKzpXwS2SC54wthYBoI584mhTVrSKL9tv5T/W3A8nLIAn11au9/kwQRcvRy1iqz +Wwnm5u8BwXCJPi3kO2fWtbZid6NLSkAXi9EkCw0dsazjtX1ybGQPcmfWcgWj05gC/dP1fV +urG7bMHCE86JAeURkEOn4DMv7ohckBkJRWv6RGiddV8tgGWgK5f0e8I5us+9SP0Ey8nJCL +KxQTkmrdkx1CEAAAEBAN8NjaCZUt6+0uyZ0iU9Lay7pn2vaqLSP+nvTlH7c3XZPwqwTV9n +ITRqK85xobiuAeEjrDpTA1gtB0V546k5QgAo4jRUECqrg1wQ08gnUydJNnUuNiXIA1b9v3 +d1XhbZhJFlj9voc00m4+i13M3aL2YV1fUWzKWkrGtIMGULGucDf4ro2hjPqbxL+oMKYw7/ +pm/2GsDRh/jeye3vkQcujcx6B4JBcxQZI3mPkKi9mloJCAsSua4FJ1PSWIV3y49iJG3KUK +DB4Wfkw8Zu32g208r5P6JRXmsOiu22GcM2Une17w+Zo0VjFQzYgs2IVFD0uLg3x0mObbT+ +Qu1L1nHDubsAAAAUY3NhbnRhbmEyM0BnbWFpbC5jb20BAgMEBQYH +-----END OPENSSH PRIVATE KEY----- diff --git a/argocd/iac/terraform/examples/eks/private-git/variables.tf b/argocd/iac/terraform/examples/eks/private-git/variables.tf new file mode 100644 index 00000000..e69de29b diff --git a/argocd/iac/terraform/examples/eks/private-git/versions.tf b/argocd/iac/terraform/examples/eks/private-git/versions.tf new file mode 100644 index 00000000..11aa91d5 --- /dev/null +++ b/argocd/iac/terraform/examples/eks/private-git/versions.tf @@ -0,0 +1,29 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 4.67.0" + } + helm = { + source = "hashicorp/helm" + version = ">= 2.10.1" + } + kubectl = { + source = "gavinbunney/kubectl" + version = ">= 1.14" + } + kubernetes = { + source = "hashicorp/kubernetes" + version = "2.22.0" + } + } + + # ## Used for end-to-end testing on project; update to suit your needs + # backend "s3" { + # bucket = "terraform-ssp-github-actions-state" + # region = "us-west-2" + # key = "e2e/ipv4-prefix-delegation/terraform.tfstate" + # } +}