kubefirst / gitops-template Goto Github PK

View Code? Open in Web Editor NEW

49.0 10.0 45.0 4.08 MB

a template of gitops infrastucture for consumption by kubefirst users

License: MIT License

HCL 94.29% Dockerfile 0.12% Mustache 0.31% TypeScript 5.01% JavaScript 0.14% CSS 0.05% Makefile 0.09%

gitops-template's Introduction

Kubefirst Instant GitOps Platforms

Install | Twitter | LinkedIn | Slack | Blog

gitops

The gitops repository has 2 main sections

/registry: the argocd gitops application registry for each of our clusters
/terraform: infrastructure as code & configuration as code for your cloud, git provider, vault, and user resources

kubefirst apps

The kubefirst cli has established the following applications:

Application	Namespace	Description	URL (where applicable)
Argo CD	argocd	GitOps Continuous Delivery	<ARGOCD_INGRESS_URL>
Argo Workflows	argo	Application Continuous Integration	<ARGO_WORKFLOWS_INGRESS_URL>
Atlantis	atlantis	Terraform Workflow Automation	<ATLANTIS_INGRESS_URL>
Cert Manager	cert-manager	Certificate Automation Utility
Certificate Issuers	clusterwide	Let's Encrypt browser-trusted certificates
Chart Museum	chartmuseum	Helm Chart Registry	<CHARTMUSEUM_INGRESS_URL>
External Secrets	external-secrets	Syncs Kubernetes secrets with Vault secrets
Metaphor Development	development	Development instance of sample application	<METAPHOR_DEVELOPMENT_INGRESS_URL>
Metaphor Staging	staging	Staging instance of sample application	<METAPHOR_STAGING_INGRESS_URL>
Metaphor Production	production	Production instance of sample application	<METAPHOR_PRODUCTION_INGRESS_URL>
Nginx Ingress Controller	ingress-nginx	Ingress Controller
Vault	vault	Secrets Management	<VAULT_INGRESS_URL>

gitops registry

The argocd configurations in this repo can be found in the registry directory. The applications that we build and release on the kubefirst platform will also be registered here in the development, staging, and production folders. The metaphor application can be found there to serve as an example to follow for building and shipping code on the platform.

The main branch's registry directory represents the gitops desired state for all apps registered with kubernetes. Argo CD will automatically apply your desired state to kubernetes through. You can see the Sync status of all of your apps in argo cd.

terraform infrastructure as code

The terraform in this repository can be found in the terraform directory. It has entry points for management of cloud resources, vault configurations, git provider configurations, and user management.

All of our terraform is automated with a tool called atlantis that integrates with your git pull requests. To see the terraform entry points and under what circumstance they are triggered, see atlantis.yaml.

Any change to a *.tf file, even a whitespace change, will trigger its corresponding Atlantis workflow once a pull request is submitted. Within a minute it will post the plan to the pull request with instruction on how to apply the plan if approved.

gitops-template's People

Contributors

Stargazers

Watchers

Forkers

kubefirst kxdroid bwaibel lgs jarededwards stehessel suyambuganesh82 6za cloudgeometry steffenhaak kubefirst-demo-bot abangser johndietz claywd gosquidmaster linuxexplore cameronraysmith drummyfloyd eydunn ego kryptokrauts linqto-team fharper youbake jonparkdev movchynnikov aiknow-public scorpion-aug iamlookod anatoliiperfun maxiar metadeng hakanbayraktar jinlingan cloudcap10 blue928 ale13jo marc0olo falcosuessgott chadmcrowell galang-kecilin backendgames assis-co adaosantos simplyagree

gitops-template's Issues

eks-graviton-support

Support Graviton/ARM instance type on EKS modules

admin policy lacks permissions for auth methods

Kubefirst mongodb Username and Password not set for arm builds

I think there might be a bug when using kubefirst for mongodb with arm on 2.2.17. As bitnami don't have an arm image, the gitops catalogue uses the official mongo one. However the official mongo image looks for different env vars for the username and password (MONGO_INITDB_ROOT_USERNAME for the official image but MONGO_ROOT_USER for bitnami as they appear to have some extra logic for primary vs secondary). Specifically, I think the env vars for k3d-arm need to be like so:

helm install mongo-test --version 13.18.1 oci://registry-1.docker.io/bitnamicharts/mongodb --namespace kubefirst --set image.repository=arm64v8/mongo --set image.tag=7.0.1 --set persistence.mountPath=/data/db --set "extraEnvVars[0].name=MONGO_INITDB_ROOT_USERNAME" --set "extraEnvVars[0].value=root" --set "extraEnvVars[1].name=MONGO_INITDB_ROOT_PASSWORD" --set "extraEnvVars[1].value=root"

The env vars for the kubefirst 2.2.17 deployed console looks like the below which is ignored. No user is created and so the authentication fails after a pod restart.

    - name: MONGODB_ROOT_USER
      value: root
    - name: MONGODB_ROOT_PASSWORD
      valueFrom:
        secretKeyRef:
          key: mongodb-root-password
          name: kubefirst-initial-secrets

If they were like this I think it works.

    - name: MONGODB_INIT_ROOT_USERNAME
      value: root
    - name: MONGODB_INIT_ROOT_PASSWORD
      valueFrom:
        secretKeyRef:
          key: mongodb-root-password
          name: kubefirst-initial-secrets

admin and developer gitlab groups should be members of kubefirst group

gitlab repo terraform needs github repo equivalent

github terraform has `name` attribute removed

╷
│ Error: "name": [REMOVED] The name attribute is no longer necessary.
│
│ with github_repository_webhook.gitops_atlantis_webhook,
│ on repos.tf line 26, in resource "github_repository_webhook" "gitops_atlantis_webhook":
│ 26: resource "github_repository_webhook" "gitops_atlantis_webhook" {
│
╵