Update: documentation for Gitops

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>
portefaix · Dec 16, 2021 · 691eea9 · 691eea9
1 parent fe2a52c
commit 691eea9
Show file tree

Hide file tree

Showing 7 changed files with 79 additions and 50 deletions.
diff --git a/content/en/docs/aws/deploy/inspec-portefaix.md b/content/en/docs/aws/deploy/inspec-portefaix.md
@@ -4,7 +4,7 @@ description = "Instructions for check Portefaix infrastructure on AWS"
 weight = 20
 +++
 
-[inspec](http://inspec.io/) is used to check infrastructure.
+[Inspec](http://inspec.io/) is used to check infrastructure.
 
 Check:
 

diff --git a/content/en/docs/aws/deploy/install-portefaix.md b/content/en/docs/aws/deploy/install-portefaix.md
@@ -44,4 +44,8 @@ Create a DynamoDB table :
 
 [Terraform Cloud](https://terraform.cloud) is used as the remote backend. [Github Actions](https://github.com/features/actions) perform tasks to deploy the AWS infrastructure.
 
-<img src="/docs/images/portefaix-aws-deploy.png" alt="Portefaix AWS deployment" class="mt-3 mb-3 rounded">
+<img src="/docs/images/portefaix-aws-deploy.png" alt="Portefaix AWS deployment" class="mt-3 mb-3 rounded">
+
+## Gitops for Kubernetes
+
+See : [Gitops with FluxCD](/docs/development/gitops-fluxcd) or [Gitops with ArgoCD](/docs/development/gitops-argocd/)
diff --git a/content/en/docs/azure/deploy/install-portefaix.md b/content/en/docs/azure/deploy/install-portefaix.md
@@ -67,4 +67,8 @@ Set permissions:
 
 [Github Actions](https://github.com/features/actions) with [Terraform Cloud](https://www.terraform.io/cloud) could used to deploy the infrastructure:
 
-<img src="/docs/images/portefaix-azure-deploy.png" alt="Portefaix Azure deployment" class="mt-3 mb-3 rounded">
+<img src="/docs/images/portefaix-azure-deploy.png" alt="Portefaix Azure deployment" class="mt-3 mb-3 rounded">
+
+## Gitops for Kubernetes
+
+See : [Gitops with FluxCD](/docs/development/gitops-fluxcd) or [Gitops with ArgoCD](/docs/development/gitops-argocd/)
diff --git a/content/en/docs/development/gitops-argocd.md b/content/en/docs/development/gitops-argocd.md
@@ -0,0 +1,28 @@
++++
+title = "ArgoCD"
+description = "Gitops model for Kubernetes using ArgoCD"
+weight = 20
+
++++
+<img src="/docs/images/argocd_architecture.png"
+ alt="ArgoCD"
+ class="mt-3 mb-3 border border-info rounded">
+
+## Organization
+
+Bootstrap:
+
+* `gitops/argocd/charts` : directory which contains deployed applications using Helm charts
+* `gitops/argocd/apps/<CLOUD>/<ENVIRONMENT>` : directory which contains applications deployed into a Kubernetes cluster
+
+To configure the Helm chart, we use YAML files :
+
+* `values.yaml`: common configuration to all Kubernetes cluster
+* `values-<CLOUD>-<ENVIRONMENT>.yaml` : configuration of the Helm chart for a Kubernetes cluster
+
+
+## Sync
+
+```shell
+❯ make argocd-bootstrap ENV=<environment> CLOUD=<cloud provider> CHOICE=helm
+```
diff --git a/content/en/docs/development/secrets.md → content/en/docs/development/gitops-fluxcd.md b/content/en/docs/development/secrets.md → content/en/docs/development/gitops-fluxcd.md
@@ -1,31 +1,56 @@
 +++
-title = "Secrets"
-description = "Secrets managment"
-weight = 20
+title = "FluxCD"
+description = "Gitops model for Kubernetes using Flux v2"
+weight = 10
 
 +++
 
+[Gitops](https://www.weave.works/technologies/gitops/) model used is [Flux v2](https://toolkit.fluxcd.io/)
+
+<img src="/docs/images/gitops-toolkit.png"
+ alt="Flux v2"
+ class="mt-3 mb-3 border border-info rounded">
+
+## Organization
+
+Manifests files :
+
+* `kubernetes/base` directory contains manifests for all components
+* `kubernetes/overlays/**` directory contains [Kustomize](https://kustomize.io/) overlays
+
+Flux components are deployed for each cluster on `clusters/<CLOUD>/<ENV>/` :
+
+* `clusters/<CLOUD>/<ENV>/flux-system` : Flux core components
+* `clusters/<CLOUD>/<ENV>/*.yaml` : [Flux Kustomization](https://toolkit.fluxcd.io/components/kustomize/kustomization/) files for components
+
+
+## Sync
+
+```shell
+❯ make fluxcd-bootstrap ENV=<environment> CLOUD=<cloud provider> BRANCH=<git branch to use>
+```
+
 ## Secrets
 
-[Sops](https://github.com/mozilla/sops) is used to manage secrets.
+### Bootstrap
 
-### Age
+[Sops](https://github.com/mozilla/sops) is used to manage secrets.
 
 Create for each cloud provider and environment an [Age](https://age-encryption.org/) key. Store it into:
 
 `.secrets/<CLOUD_PROVIDER>/<ENV>/age/age.agekey`
 
-Create the Kubernetes secret:
+Put your sensitive data into the directory `.secrets` or `.secrets/<CLOUD_PROVIDER>/<ENV>/<APPLICATION>`
+
+Then deploy the Age key into a Kubernetes secret:
 
 ```shell
 ❯ make sops-age-secret CLOUD=<CLOUD_PROVIDER> ENV=<ENV>
 ```
 
-## Store
-
-Put your sensitive data into the directory `.secrets` or `.secrets/<CLOUD_PROVIDER>/<ENV>/<APPLICATION>`
+### Usage
 
-## Kubernetes secret
+#### File
 
 Create a Kubernetes secret file from sensitive file.
 
@@ -44,7 +69,7 @@ config:
 ❯ make kubernetes-secret NAME=thanos-object-storage NAMESPACE=monitoring FILE=.secrets/aws/object-store.yaml > thanos-object-storage.yaml
 ```
 
-## Encrypt
+#### Encrypt
 
 Encrypt the file using Sops:
 
@@ -58,7 +83,7 @@ You can now safely store this file into Git.
 ❯ mv thanos-object-storage.yaml kubernetes/overlays/staging/monitoring/thanos/
 ```
 
-## Decrypt
+#### Decrypt
 
 Check you can decrypt the file:
 
@@ -74,14 +99,14 @@ metadata:
     namespace: monitoring
 ```
 
-## CI/CD
+### CI/CD
 
-### AGE
+#### AGE
 
 {{% alert title="Work In Progress" color="warning" %}}
 {{% /alert %}}
 
-### PGP
+#### PGP
 
 Generate a GPG key with OpenPGP without specifying a passphrase:
 

diff --git a/content/en/docs/development/gitops.md b/content/en/docs/development/gitops.md
diff --git a/content/en/docs/images/argocd_architecture.png b/content/en/docs/images/argocd_architecture.png