From cbac733da477488d1ef3eb37eb6049f52de30a2d Mon Sep 17 00:00:00 2001 From: Jonas Hecht Date: Thu, 31 Mar 2022 16:37:29 +0200 Subject: [PATCH] #43: Refactoring general manifest installation to mostly use Kustomize for Tekton, Tasks etc. Therefore also the ArgoCD Kustomize configuration is now held in the `installation` directory. --- .github/workflows/provision.yml | 27 +++------- README.md | 51 +++++++++++++++---- .../traefik-application-ingress-routes.yml | 0 .../argocd}/argocd-cmd-params-cm-patch.yml | 0 .../argocd}/kustomization.yaml | 0 installation/tekton-tasks/kustomization.yaml | 12 +++++ installation/tekton/kustomization.yaml | 10 ++++ tekton-dashboard-service.yml | 12 ----- 8 files changed, 70 insertions(+), 42 deletions(-) rename traefik-ingress-routes.yml => ingress/traefik-application-ingress-routes.yml (100%) rename {argocd/installation => installation/argocd}/argocd-cmd-params-cm-patch.yml (100%) rename {argocd/installation => installation/argocd}/kustomization.yaml (100%) create mode 100644 installation/tekton-tasks/kustomization.yaml create mode 100644 installation/tekton/kustomization.yaml delete mode 100644 tekton-dashboard-service.yml diff --git a/.github/workflows/provision.yml b/.github/workflows/provision.yml index c76afa3..3cb1196 100644 --- a/.github/workflows/provision.yml +++ b/.github/workflows/provision.yml @@ -148,7 +148,7 @@ jobs: echo "--- Create argo namespace and install it" kubectl create namespace argocd --dry-run=client -o yaml | kubectl apply -f - echo "--- Install & configure ArgoCD via Kustomize - see https://stackoverflow.com/a/71692892/4964553" - kubectl apply -k argocd/installation + kubectl apply -k installation/argocd - name: Expose ArgoCD Dashboard as GitHub environment id: dashboard-expose @@ -225,16 +225,10 @@ jobs: - name: Install Tekton Pipelines, Dashboard, Triggers run: | - echo "--- Install Tekton Pipelines" - kubectl apply --filename https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.32.0/release.yaml - echo "--- Install Tekton Dashboard" - kubectl apply --filename https://github.com/tektoncd/dashboard/releases/latest/download/tekton-dashboard-release.yaml - echo "--- Install Tekton Triggers" - kubectl apply --filename https://storage.googleapis.com/tekton-releases/triggers/previous/v0.18.0/release.yaml - kubectl apply --filename https://storage.googleapis.com/tekton-releases/triggers/previous/v0.18.0/interceptors.yaml - - - name: Wait for Tekton to become ready & show running Tekton pods - run: | + echo "--- Install Tekton Pipelines, Dashboard, Triggers via Kustomize" + kubectl apply -k installation/tekton + + echo "--- Wait for Tekton to become ready & show running Tekton pods" kubectl wait --for=condition=ready pod -l app=tekton-pipelines-controller --namespace tekton-pipelines --timeout=120s kubectl get pods --namespace tekton-pipelines @@ -269,16 +263,9 @@ jobs: echo "--- Show TaskRun logs" tkn taskrun logs $TASK_RUN_NAME - - name: Install Tekton Hub Tasks (git-clone, buildpacks, gitlab-set-status, maven) + - name: Install Tekton Hub & local Tasks via Kustomize run: | - kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/master/task/git-clone/0.4/git-clone.yaml - kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/master/task/buildpacks/0.3/buildpacks.yaml - kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/main/task/gitlab-set-status/0.1/gitlab-set-status.yaml - kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/main/task/maven/0.2/maven.yaml - kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/main/task/yq/0.3/yq.yaml - kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/main/task/git-cli/0.3/git-cli.yaml - kubectl apply -f tasks/replace-yaml-value-with-yq.yml - kubectl apply -f tasks/argocd-task-create-sync-wait.yml + kubectl apply -k installation/tekton-tasks - name: Create Secrets for GitLab Container Registry & Repository access & apply buildpacks PVC, ServiceAccount & Pipeline run: | diff --git a/README.md b/README.md index 9a88453..a13c9a3 100644 --- a/README.md +++ b/README.md @@ -2119,9 +2119,9 @@ In order to declaratively configure the ArgoCD configuration, [the ArgoCD docs h Adopting this to our use case, we need to switch our ArgoCD installation from simply using `kubectl apply -f` to a Kustomize-based installation. The ArgoCD docs also have [a section on how to do this](https://argo-cd.readthedocs.io/en/stable/operator-manual/installation/#kustomize). Here are the brief steps: -#### Create a `argocd/installation` directory with a new file `kustomization.yaml` +#### Create a `installation/argocd` directory with a new file `kustomization.yaml` -We slightly enhance the `kustomization.yaml` proposed in the docs and create it inside [argocd/installation/kustomization.yaml](argocd/installation/kustomization.yaml): +We slightly enhance the `kustomization.yaml` proposed in the docs and create it inside [installation/argocd/kustomization.yaml](installation/argocd/kustomization.yaml): ```yaml apiVersion: kustomize.config.k8s.io/v1beta1 @@ -2147,7 +2147,7 @@ we use the `patchesStrategicMerge` configuration key, which contains another new #### Create a new file `argocd-cmd-params-cm-patch.yml`** -This new [argocd/installation/argocd-cmd-params-cm-patch.yml](argocd/installation/argocd-cmd-params-cm-patch.yml) only contains the configuration we want to change inside the ConfigMap `argocd-cmd-params-cm`: +This new [installation/argocd/argocd-cmd-params-cm-patch.yml](installation/argocd/argocd-cmd-params-cm-patch.yml) only contains the configuration we want to change inside the ConfigMap `argocd-cmd-params-cm`: ```yaml apiVersion: v1 @@ -2164,7 +2164,7 @@ There's a separate `kustomize` CLI one can install e.g. via `brew install kustom ```shell kubectl create namespace argocd --dry-run=client -o yaml | kubectl apply -f - -kubectl apply -k argocd/installation +kubectl apply -k installation/argocd ``` As you can see we also need to make sure the namespace `argocd` is present before Kustomize can apply all the ArgoCD resources. @@ -3415,7 +3415,7 @@ https://doc.traefik.io/traefik/user-guides/crd-acme/#traefik-routers https://doc.traefik.io/traefik/routing/routers/#rule -So start by creating our first `IngressRoute` definition - right now only statically to see it working inside [traefik-ingress-routes.yml](traefik-ingress-routes.yml): +So start by creating our first `IngressRoute` definition - right now only statically to see it working inside [traefik-application-ingress-routes.yml](ingress/traefik-application-ingress-routes.yml): ```yaml apiVersion: traefik.containo.us/v1alpha1 @@ -3434,7 +3434,7 @@ spec: port: 80 ``` -Apply it with `kubectl apply -f traefik-ingress-routes.yml` +Apply it with `kubectl apply -f ingress/traefik-application-ingress-routes.yml` Finally use a REST client like Postman to access our Service: @@ -3455,7 +3455,7 @@ See https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-to-elb-loa ![route53-hostedzone-record](screenshots/route53-hostedzone-record.png) -Let's test it by enhancing our `IngressRoute` inside [traefik-ingress-routes.yml](traefik-ingress-routes.yml): +Let's test it by enhancing our `IngressRoute` inside [traefik-application-ingress-routes.yml](ingress/traefik-application-ingress-routes.yml): ```yaml apiVersion: traefik.containo.us/v1alpha1 @@ -3474,7 +3474,7 @@ spec: port: 80 ``` -And apply it with `kubectl apply -f traefik-ingress-routes.yml` +And apply it with `kubectl apply -f ingress/traefik-application-ingress-routes.yml` ## Automatically creating the Route53 A record based on the Traefik ELB in GitHub Actions @@ -3649,12 +3649,43 @@ Try to access the app after a successful pipeline run using your Browser: +# Renovate should keep Tekton and Argo k8s manifests up-to-date -## ArgoCD Dashboard as Traefik IngressRoute +In order to enable Renovate to keep all our manifests up-to-date, we need a mechanism and a format renovate can read. -https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#ingressroute-crd +As we already use Kustomize to install and configure ArgoCD, we could use it to install all needed remote manifests for us. Kustomize is also supported by Renovate: https://docs.renovatebot.com/modules/manager/kustomize/ +Therefore the directory `installation` has been created and we have the following folder structure now: +``` +├── argocd - here our ArgoCD instsallation and custom configuration is managed +│   ├── argocd-cmd-params-cm-patch.yml +│   └── kustomization.yaml +├── tekton - all Tekton related components +│   └── kustomization.yaml +└── tekton-tasks - all needed Tekton Tasks (Hubs or local) + └── kustomization.yaml +``` + +Inside our GitHub Actions workflow [provision.yml](.github/workflows/provision.yml) Kustomize is used through `kubectl apply -k`: + +``` + - name: Install ArgoCD + run: | + echo "--- Create argo namespace and install it" + kubectl create namespace argocd --dry-run=client -o yaml | kubectl apply -f - + echo "--- Install & configure ArgoCD via Kustomize - see https://stackoverflow.com/a/71692892/4964553" + kubectl apply -k installation/argocd +... + - name: Install Tekton Pipelines, Dashboard, Triggers + run: | + echo "--- Install Tekton Pipelines, Dashboard, Triggers via Kustomize" + kubectl apply -k installation/tekton +... + - name: Install Tekton Hub & local Tasks via Kustomize + run: | + kubectl apply -k installation/tekton-tasks +``` diff --git a/traefik-ingress-routes.yml b/ingress/traefik-application-ingress-routes.yml similarity index 100% rename from traefik-ingress-routes.yml rename to ingress/traefik-application-ingress-routes.yml diff --git a/argocd/installation/argocd-cmd-params-cm-patch.yml b/installation/argocd/argocd-cmd-params-cm-patch.yml similarity index 100% rename from argocd/installation/argocd-cmd-params-cm-patch.yml rename to installation/argocd/argocd-cmd-params-cm-patch.yml diff --git a/argocd/installation/kustomization.yaml b/installation/argocd/kustomization.yaml similarity index 100% rename from argocd/installation/kustomization.yaml rename to installation/argocd/kustomization.yaml diff --git a/installation/tekton-tasks/kustomization.yaml b/installation/tekton-tasks/kustomization.yaml new file mode 100644 index 0000000..838207a --- /dev/null +++ b/installation/tekton-tasks/kustomization.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - https://raw.githubusercontent.com/tektoncd/catalog/master/task/git-clone/0.4/git-clone.yaml + - https://raw.githubusercontent.com/tektoncd/catalog/master/task/buildpacks/0.3/buildpacks.yaml + - https://raw.githubusercontent.com/tektoncd/catalog/main/task/gitlab-set-status/0.1/gitlab-set-status.yaml + - https://raw.githubusercontent.com/tektoncd/catalog/main/task/maven/0.2/maven.yaml + - https://raw.githubusercontent.com/tektoncd/catalog/main/task/yq/0.3/yq.yaml + - https://raw.githubusercontent.com/tektoncd/catalog/main/task/git-cli/0.3/git-cli.yaml + - tasks/replace-yaml-value-with-yq.yml + - tasks/argocd-task-create-sync-wait.yml \ No newline at end of file diff --git a/installation/tekton/kustomization.yaml b/installation/tekton/kustomization.yaml new file mode 100644 index 0000000..8607646 --- /dev/null +++ b/installation/tekton/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.32.0/release.yaml + - https://github.com/tektoncd/dashboard/releases/download/v0.24.1/tekton-dashboard-release.yaml + - https://storage.googleapis.com/tekton-releases/triggers/previous/v0.18.0/release.yaml + - https://storage.googleapis.com/tekton-releases/triggers/previous/v0.18.0/interceptors.yaml + +namespace: tekton-pipelines \ No newline at end of file diff --git a/tekton-dashboard-service.yml b/tekton-dashboard-service.yml deleted file mode 100644 index 373aef8..0000000 --- a/tekton-dashboard-service.yml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: tekton-dashboard-external-svc-manual -spec: - selector: - app: tekton-dashboard - ports: - - protocol: TCP - port: 80 - targetPort: 9097 - type: LoadBalancer \ No newline at end of file