Skip to content

Commit

Permalink
ApplicationSet for Cluster API operator (#21)
Browse files Browse the repository at this point in the history 
Co-authored-by: David Tesar <david.tesar@microsoft.com>
  • Loading branch information
@zioproto @dtzar
zioproto and dtzar authored Mar 7, 2024
1 parent 41f9a28 commit a3058a5
Show file tree
Hide file tree
Showing 8 changed files with 222 additions and 1 deletion.
8 changes: 7 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,12 @@ Get the initial admin password and the IP address of the ArgoCD web interface.
(Wait a few minutes for the LoadBalancer to be created after the Terraform apply)

```
kubectl --kubeconfig=kubeconfig get secrets argocd-initial-admin-secret -n argocd --template="{{index .data.password | base64decode}}
kubectl --kubeconfig=kubeconfig get secrets argocd-initial-admin-secret -n argocd --template="{{index .data.password | base64decode}}"
kubectl get svc -n argocd argo-cd-argocd-server
```

In case something goes wrong and you don't find a public IP, connect to the ArgoCD server doing a port forward with kubectl

```
kubectl port-forward svc/argo-cd-argocd-server -n argocd 8080:443
```
76 changes: 76 additions & 0 deletions gitops/bootstrap/control-plane/addons/azure/addons-azure-cluster-api-operator.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
---
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: addons-cluster-api
spec:
syncPolicy:
preserveResourcesOnDeletion: true
generators:
- merge:
mergeKeys: [server]
generators:
- clusters:
values:
addonChart: cluster-api-operator
addonChartNamespace: capi-operator-system
addonChartVersion: 0.9.0
addonChartRepository: https://kubernetes-sigs.github.io/cluster-api-operator
selector:
matchExpressions:
- key: akuity.io/argo-cd-cluster-name
operator: NotIn
values: [in-cluster]
- key: enable_cluster_api_operator
operator: In
values: ['true']
- clusters:
selector:
matchLabels:
environment: staging
values:
addonChartVersion: 0.9.0
- clusters:
selector:
matchLabels:
environment: prod
values:
addonChartVersion: 0.9.0
template:
metadata:
name: addon-{{name}}-{{values.addonChart}}
spec:
project: default
sources:
- repoURL: '{{metadata.annotations.addons_repo_url}}'
targetRevision: '{{metadata.annotations.addons_repo_revision}}'
path: '{{metadata.annotations.addons_repo_basepath}}hooks/sleep'
- repoURL: '{{metadata.annotations.addons_repo_url}}'
targetRevision: '{{metadata.annotations.addons_repo_revision}}'
ref: values
- chart: '{{values.addonChart}}'
repoURL: '{{values.addonChartRepository}}'
targetRevision: '{{values.addonChartVersion}}'
helm:
releaseName: '{{values.addonChart}}'
ignoreMissingValueFiles: true
valueFiles:
- $values/{{metadata.annotations.addons_repo_basepath}}environments/default/addons/{{values.addonChart}}/values.yaml
- $values/{{metadata.annotations.addons_repo_basepath}}environments/{{metadata.labels.environment}}/addons/{{values.addonChart}}/values.yaml
- $values/{{metadata.annotations.addons_repo_basepath}}environments/clusters/{{name}}/addons/{{values.addonChart}}/values.yaml
destination:
namespace: '{{values.addonChartNamespace}}'
name: '{{name}}'
syncPolicy:
retry:
limit: 5
automated: {}
syncOptions:
- CreateNamespace=true
- ServerSideApply=true
ignoreDifferences:
- group: apiextensions.k8s.io
kind: CustomResourceDefinition
jqPathExpressions:
- '.spec.conversion.webhook.clientConfig.caBundle'

79 changes: 79 additions & 0 deletions gitops/bootstrap/control-plane/addons/azure/addons-cert-manager-appset.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,79 @@
---
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: addons-cert-manager
spec:
syncPolicy:
preserveResourcesOnDeletion: true
generators:
- merge:
mergeKeys: [server]
generators:
- clusters:
values:
addonChart: cert-manager
# anything not staging or prod use this version
addonChartVersion: v1.14.2
addonChartRepository: https://charts.jetstack.io
selector:
matchExpressions:
- key: akuity.io/argo-cd-cluster-name
operator: NotIn
values: [in-cluster]
- key: enable_cert_manager
operator: In
values: ['true']
- clusters:
selector:
matchLabels:
environment: staging
values:
addonChartVersion: v1.14.2
- clusters:
selector:
matchLabels:
environment: prod
values:
addonChartVersion: v1.14.2
template:
metadata:
name: addon-{{name}}-{{values.addonChart}}
spec:
project: default
sources:
- repoURL: '{{metadata.annotations.addons_repo_url}}'
targetRevision: '{{metadata.annotations.addons_repo_revision}}'
ref: values
- chart: '{{values.addonChart}}'
repoURL: '{{values.addonChartRepository}}'
targetRevision: '{{values.addonChartVersion}}'
helm:
releaseName: '{{values.addonChart}}'
ignoreMissingValueFiles: true
valueFiles:
- $values/{{metadata.annotations.addons_repo_basepath}}environments/default/addons/{{values.addonChart}}/values.yaml
- $values/{{metadata.annotations.addons_repo_basepath}}environments/{{metadata.labels.environment}}/addons/{{values.addonChart}}/values.yaml
- $values/{{metadata.annotations.addons_repo_basepath}}clusters/{{name}}/addons/{{values.addonChart}}/values.yaml
values: |
installCRDs: true
# fileParameters:
# - name:
# path:
# parameters
# values
# valuesObject
destination:
namespace: 'cert-manager'
name: '{{name}}'
syncPolicy:
automated: {}
syncOptions:
- CreateNamespace=true
- ServerSideApply=true # Big CRDs.
ignoreDifferences:
- group: admissionregistration.k8s.io
kind: ValidatingWebhookConfiguration
# Azure adding "control-plane" and "kubernetes.azure.com/managedby" keys to the webhook configuration.
jqPathExpressions:
- '.webhooks[].namespaceSelector.matchExpressions'
13 changes: 13 additions & 0 deletions gitops/environments/default/addons/cluster-api-operator/values.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
addon: helm
infrastructure: "azure:v1.13.2"
manager:
featureGates:
MachinePool: true
ClusterResourceSet: true
ClusterTopology: true
cert-manager:
enabled: false
installCRDs: false
#configSecret:
# name:
# namespace:
19 changes: 19 additions & 0 deletions gitops/hooks/sleep/sleep.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
---
apiVersion: batch/v1
kind: Job
metadata:
generateName: sleep-
annotations:
argocd.argoproj.io/hook: PreSync
argocd.argoproj.io/hook-delete-policy: HookSucceeded
spec:
template:
spec:
containers:
- name: sleep
image: busybox
command:
- "sleep"
- "120"
restartPolicy: Never
backoffLimit: 2
24 changes: 24 additions & 0 deletions terraform/identity.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
resource "azurerm_user_assigned_identity" "capz" {
count = try(var.addons.enable_cluster_api_operator, false) ? 1 : 0
name = "capz"
resource_group_name = azurerm_resource_group.this.name
location = azurerm_resource_group.this.location
}

resource "azurerm_role_assignment" "capz_role_assignment" {
count = try(var.addons.enable_cluster_api_operator, false) ? 1 : 0
scope = azurerm_resource_group.this.id
role_definition_name = "Owner"
principal_id = azurerm_user_assigned_identity.capz[0].principal_id
}

resource "azurerm_federated_identity_credential" "capz" {
count = try(var.addons.enable_cluster_api_operator, false) ? 1 : 0
depends_on = [module.aks]
name = "capz-manager-credential"
resource_group_name = azurerm_resource_group.this.name
audience = ["api://AzureADTokenExchange"]
issuer = module.aks.oidc_issuer_url
parent_id = azurerm_user_assigned_identity.capz[0].id
subject = "system:serviceaccount:azure-infrastructure-system:capz-manager"
}
2 changes: 2 additions & 0 deletions terraform/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,13 +14,15 @@ locals {

azure_addons = {
enable_azure_crossplane_upbound_provider = try(var.addons.enable_azure_crossplane_upbound_provider, false)
enable_cluster_api_operator = try(var.addons.enable_cluster_api_operator, false)
}
oss_addons = {
enable_argocd = try(var.addons.enable_argocd, false)
enable_argo_rollouts = try(var.addons.enable_argo_rollouts, false)
enable_argo_events = try(var.addons.enable_argo_events, false)
enable_argo_workflows = try(var.addons.enable_argo_workflows, false)
enable_cluster_proportional_autoscaler = try(var.addons.enable_cluster_proportional_autoscaler, false)
enable_cert_manager = try(var.addons.enable_cert_manager, false)
enable_gatekeeper = try(var.addons.enable_gatekeeper, false)
enable_gpu_operator = try(var.addons.enable_gpu_operator, false)
enable_ingress_nginx = try(var.addons.enable_ingress_nginx, false)
Expand Down
2 changes: 2 additions & 0 deletions terraform/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,8 +27,10 @@ variable "addons" {
type = any
default = {
enable_argocd = true # installs argocd
enable_cert_manager = true # installs cert manager
enable_crossplane = true # installs crossplane core
enable_azure_crossplane_upbound_provider = true # installs azure upbound provider
enable_cluster_api_operator = true # installs azure api operator
}
}

Expand Down

0 comments on commit a3058a5

Please sign in to comment.