diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..574abe6 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +/password.txt +/*.secret.yaml diff --git a/README.md b/README.md index 7495301..3bd144b 100644 --- a/README.md +++ b/README.md @@ -1,66 +1,136 @@ +# ArgoCD Cli installation -# ArgoCD Cli installation +On the operator machine: +``` +curl -sSL -o /usr/local/bin/argocd https://github.com/argoproj/argo-cd/releases/latest/download/argocd-linux-amd64 +chmod +x /usr/local/bin/argocd +``` - - curl -sSL -o /usr/local/bin/argocd https://github.com/argoproj/argo-cd/releases/latest/download/argocd-linux-amd64 - - chmod +x /usr/local/bin/argocd +# ArgoCD installation -# ArgoCD installation - - - kubectl create namespace argocd - - wget https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml -O argocd_installation.yaml - - kubectl apply -f argocd_installation.yaml +On the cluster: +``` +export NS=argocd +kubectl create namespace $NS +kubectl apply -n $NS \ + -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml +``` # Access The Argo CD API Server - - By default, the Argo CD API server is not exposed with an external IP. To access the API server, choose one of the following techniques to expose the Argo CD API server: - - - Service type Load Balancer - - kubectl patch svc argocd-server -n argocd -p '{"spec": {"type": "LoadBalancer"}}' - - - Custom Ingress file named ingress.yaml -# Store ArgoCD admin dashboard +By default, the Argo CD API server is not exposed with an external IP. To access the API +server, expose the Argo CD API server through the service type Load Balancer: - - kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d > password.txt - -# Change ArgocCD admin login password +``` +kubectl patch svc argocd-server -n $NS -p '{"spec": {"type": "LoadBalancer"}}' +``` - - argocd login # example : argocd login localhost:8080 - - argocd account update-password +# Store ArgoCD admin dashboard +``` +kubectl -n $NS get secret argocd-initial-admin-secret \ + -o jsonpath="{.data.password}" | base64 -d > password.txt +``` -# Custom the secret.yaml file to add a new cluster +# Change ArgocCD admin login password - - kubectl apply -f secret.yaml +``` +# example: argocd login localhost:8080 +argocd login $ARGOCD_SERVER +argocd account update-password +``` + +Note: +With minikube, you will need the following port-forward: + +``` +kubectl port-forward services/argocd-server 8080:443 -n $NS +``` + +Note: +The password must be a string of characters between [8-32] characters. + +# Custom configuration + +We need to retrieve the cluster configurations we want argocd to discuss with out of the +rancher ui [1]. + +For each cluster, we want to create the following yaml file: + +``` +apiVersion: v1 +kind: Secret +metadata: + # must match $NS at the top of the readme + namespace: argocd + name: mycluster-secret + labels: + argocd.argoproj.io/secret-type: cluster +type: Opaque +stringData: + name: $CLUSTER_NAME + server: $CLUSER_URL + config: | + { + "bearerToken": "$CLUSTER_TOKEN", + "tlsClientConfig": { + "insecure": false, + "caData": "$CLUSTER_CERTIFICATE" + } + } + +``` + +where the $variable are extracted out of the retrieve yaml configuration: +- CLUSTER_NAME: e.g. deployment-internship +- CLUSTER_URL: e.g. https://rancher.euwest.azure.internal.softwareheritage.org/k8s/clusters/c-fvnrx +- CLUSTER_TOKEN: authentication token of the cluster (from clusters > users > + $cluster-name > user > token) +- CLUSTER_CERTFICATE: extracted out (from clusters[0] > cluster > + certificate-authority-data) + + +Custom cluster-config.yaml file to add to a new cluster: + +``` +kubectl apply -f cluster-config.secret.yaml +``` + +[1] https://rancher.euwest.azure.internal.softwareheritage.org/ ("download kubeconfig") # Jenkinsfile in "charts_code/worker" directory - - Custom this fields - - credentialsID - - passwordVariable - - usernameVariable - - Custum sh commands +- Custom this fields + - credentialsID + - passwordVariable + - usernameVariable -# Jenkinsfile in "image_code" +- Custom sh commands - - Custum stage +# Jenkinsfile in "image_code" +- Custom stage # Values files - - Custom values files +- Custom values files - myvalues.yaml - ranchervalues.yaml - myvalues.yaml # Custom argocd app file - - Custom stag_app_deployment.yaml - - Custom production_app_deployment.yaml +- Custom stag_app_deployment.yaml +- Custom production_app_deployment.yaml # Create stag argocd app - - kubectl apply -f stag_app_deployment.yaml +``` +kubectl apply -f stag_app_deployment.yaml +``` # Create production argocd app - - kubectl apply -f production_app_deployment.yaml \ No newline at end of file +``` +kubectl apply -f production_app_deployment.yaml +``` diff --git a/charts_code/Jenkinsfile b/charts_code/Jenkinsfile index 7a82cdf..a88cefa 100644 --- a/charts_code/Jenkinsfile +++ b/charts_code/Jenkinsfile @@ -1,31 +1,29 @@ node { def app stage('Clone repository') { - - checkout scm } stage('Update GIT') { - script { - catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { - withCredentials([usernamePassword(credentialsId: 'github', passwordVariable: 'GIT_PASSWORD', usernameVariable: 'GIT_USERNAME')]) { - def encodedPassword = URLEncoder.encode("$GIT_PASSWORD",'UTF-8') - sh "git config user.email amadouth6@gmail.com" - sh "git config user.name amadouth6" - sh "git switch minikube-cluster" - sh "cat swh-graphql/myvalues.yaml" - sh "sed -i 's+version:.*+version: \"${DOCKERTAG}\"+g' swh-graphql/myvalues.yaml" - //sh "sed -i 's+amadouth/graphql.*+amadouth/graphql:${DOCKERTAG}+g' swh-graphql/myvalues.yaml" - sh "cat swh-graphql/myvalues.yaml" - sh "git add ./swh-graphql/myvalues.yaml" - sh "git commit -m 'Done by Jenkins Job changemanifest: ${env.BUILD_NUMBER}'" - sh "echo '============DERNIERE ETAPE================'" - //sh " git pull https://${GIT_USERNAME}:${GIT_PASSWORD}@github.com/${GIT_USERNAME}/argocd.git" - sh "git push -f https://${GIT_USERNAME}:${GIT_PASSWORD}@github.com/${GIT_USERNAME}/argocd.git minikube-cluster" + script { + catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') { + withCredentials([usernamePassword(credentialsId: 'github', passwordVariable: 'GIT_PASSWORD', usernameVariable: 'GIT_USERNAME')]) { + def encodedPassword = URLEncoder.encode("$GIT_PASSWORD",'UTF-8') + sh "git config user.email amadouth6@gmail.com" + sh "git config user.name amadouth6" + sh "git switch minikube-cluster" + sh "cat swh-graphql/myvalues.yaml" + sh "sed -i 's+version:.*+version: \"${DOCKERTAG}\"+g' swh-graphql/myvalues.yaml" + //sh "sed -i 's+amadouth/graphql.*+amadouth/graphql:${DOCKERTAG}+g' swh-graphql/myvalues.yaml" + sh "cat swh-graphql/myvalues.yaml" + sh "git add ./swh-graphql/myvalues.yaml" + sh "git commit -m 'Done by Jenkins Job changemanifest: ${env.BUILD_NUMBER}'" + sh "echo '============DERNIERE ETAPE================'" + //sh " git pull https://${GIT_USERNAME}:${GIT_PASSWORD}@github.com/${GIT_USERNAME}/argocd.git" + sh "git push -f https://${GIT_USERNAME}:${GIT_PASSWORD}@github.com/${GIT_USERNAME}/argocd.git minikube-cluster" } } } } } diff --git a/ingress.yaml b/ingress.yaml deleted file mode 100644 index 2b58a8e..0000000 --- a/ingress.yaml +++ /dev/null @@ -1,25 +0,0 @@ ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: argocd-server-http - annotations: - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/force-ssl-redirect: "true" - nginx.ingress.kubernetes.io/ssl-passthrough: "true" -spec: - rules: - - host: argocd.localdomain - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: argocd-server - port: - name: http - # tls: - # - hosts: - # - internal.path.to.argocd.io - # secretName: your-certificate-name \ No newline at end of file