Compare commits

...

5 Commits

3 changed files with 162 additions and 0 deletions

148
README.md
View File

@ -2,3 +2,151 @@
Kubernetes Digital Ocean Challenge
[Deploy a GitOps CI/CD implementation](https://www.digitalocean.com/community/pages/kubernetes-challenge#anchor--challenges)
## Installation
Run the `install.sh` script, which will install Helm, Nginx Ingress controller, ArgoCD, and tekton.
```sh
./install.sh
```
Update the DNS records to point to the load balancer.
Install cert-manager and create Ingress for ArgoCD.
```sh
DOMAIN=my.domain EMAIL_ADDRESS=victor@my.domain ./install-cert-manager.sh
```
## Create the pipeline
To create the pipeline fork the `https://github.com/victor-timofei/tekton-example-pipeline` repo.
You should also fork the application repo `https://github.com/victor-timofei/tekton-pipeline-example-app`.
Create the secrets inside the `tekton-pipeline/resources/secrets` directory.
You can get the ArgoCD admin password by running the `get-argocd-admin-password.sh` script from
this repo.
For the docker password you can create an [access token](https://hub.docker.com/settings/security) if you are using docker hub.
For the github password you should use the [personal access token](https://github.com/settings/tokens).
```sh
cat << EOF > argocd_secrets.env
ARGOCD_USERNAME=admin
ARGOCD_PASSWORD=<admin_password>
EOF
cat << EOF > docker_secrets.env
username=<service_principal_id>
password=<service_principal_password>
EOF
cat << EOF > git_app_secrets.env
username=<username>
password=<personal_access_token>
EOF
```
Edit the `ARGOCD_SERVER` in `tekton-pipeline/resources/argocd-task-cm.yaml` with your ArgoCD
server address:
```yaml
ARGOCD_SERVER: argocd.k8s-argocd.tk
```
Edit the git and docker url in `tekton-pipeline/resources/secrets.yaml`:
```yaml
tekton.dev/git-0: https://github.com/victor-timofei/tekton-pipeline-example-app
...
tekton.dev/docker-0: registry.hub.docker.com
```
Edit the `DOCKER_IMAGE_NAME` and `DOCKER_NAMESPACE` in `tekton-pipeline/resources/secrets.yaml`.
Since I was using docker hub, the docker namespace was my username.
```yaml
DOCKER_IMAGE_NAME: hello-app
DOCKER_NAMESPACE: vtimofei
```
Edit the docker registry name in the `tekton-pipeline/triggers/trigger-template.yaml`.
```yaml
spec:
params:
- name: url
# Replace <docker_registry_name> with your docker registry name (e.g. my-acr.azurecr.io)
value: registry.hub.docker.com
```
Edit the trigger binding params in `tekton-pipeline/triggers/trigger-binding.yaml`.
These are extracted from the GitHub request webhook, depending on your git hosting service the
request schema might be different.
```yaml
spec:
params:
- name: git-app-repo-url
value: $(body.repository.url)
- name: git-app-repo-revision
value: $(body.repository.default_branch)
```
Set your own address on the certficates and ingresses.
Edit the `tekton-pipeline/triggers/certficate.yaml` on the `tekton-example-pipeline` repo and
`kustomize/certficate.yaml` on the `tekton-pipeline-example-app` repo.
```yaml
dnsNames:
- k8s-argocd.tk
```
Edit the `tekton-pipeline/triggers/ingress.yaml` on the `tekton-example-pipeline` repo and
`kustomize/ingress.yaml` on the `tekton-pipeline-example-app` repo.
```yaml
dnsNames:
- k8s-argocd.tk
...
tls:
- hosts:
- k8s-argocd.tk
```
## Add the pipeline to ArgoCD
Login to argocd via the CLI:
```sh
argocd login argocd.k8s-argocd.tk
```
You might want to add the argocd binary that was downloaded via the install script to your path.
You can do it easily with:
```sh
source env
```
Add your cluster to ArgoCD:
```sh
argocd cluster add do-fra1-k8s-challenge
```
Create the pipeline secretes:
```sh
kubectl apply -k tekton-pipeline/resources/.
```
Register your git repos with ArgoCD:
```sh
export SCM_USERNAME=<git_repo_username>
export SCM_PAT=<git_repo_personal_access_token>
argocd repo add <pipeline_repo_url> --username $SCM_USERNAME --password $SCM_PAT
argocd repo add <app_repo_url> --username $SCM_USERNAME --password $SCM_PAT
```
Create the ArgoCD applications:
```sh
argocd app create tekton-pipeline-app --repo <pipeline_repo_url> --path tekton-pipeline --dest-server https://kubernetes.default.svc --dest-namespace tekton-argocd-example
argocd app create 2048-game-app --repo <app_repo> --path kustomize --dest-server https://kubernetes.default.svc --dest-namespace game-2048 --sync-option CreateNamespace=true
```
Sync the tekton pipeline:
```sh
argocd app sync tekton-pipeline-app --prune
```
Register the tekton webhook with your git provider. The webhook should be like `https://k8s-argocd.tk/tekton-argocd-example-build-webhook`.
Now you everytime you push to your default application branch the pipeline is triggered, your
application is built and push to the container registry and finally it is deployed.

7
get-argocd-admin-password.sh Executable file
View File

@ -0,0 +1,7 @@
#!/usr/bin/bash
source ./env
${KUBECTL_BIN} -n argocd \
get secret argocd-initial-admin-secret \
-o jsonpath='{.data.password}' | base64 -d

View File

@ -29,6 +29,13 @@ function install_argocd_full {
function install_tekton {
${KUBECTL_BIN} apply \
-f https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml
${KUBECTL_BIN} apply \
-f https://storage.googleapis.com/tekton-releases/triggers/latest/release.yaml
${KUBECTL_BIN} create configmap config-artifact-pvc \
--from-literal=size=10Gi \
--from-literal=storageClassName=manual \
-o yaml -n tekton-pipelines \
--dry-run=client | ${KUBECTL_BIN} replace -f -
}
mkdir -pv "${INSTALL_DIR}"