gitops-bridge-dev
diff --git a/‎argocd/iac/terraform/examples/eks/karpenter/README.md‎
Lines changed: 175 additions & 0 deletions b/‎argocd/iac/terraform/examples/eks/karpenter/README.md‎
Lines changed: 175 additions & 0 deletions
diff --git a/‎argocd/iac/terraform/examples/eks/karpenter/bootstrap/addons.yaml‎
Lines changed: 26 additions & 0 deletions b/‎argocd/iac/terraform/examples/eks/karpenter/bootstrap/addons.yaml‎
Lines changed: 26 additions & 0 deletions
diff --git a/‎argocd/iac/terraform/examples/eks/karpenter/bootstrap/workloads.yaml‎
Lines changed: 34 additions & 0 deletions b/‎argocd/iac/terraform/examples/eks/karpenter/bootstrap/workloads.yaml‎
Lines changed: 34 additions & 0 deletions
diff --git a/‎argocd/iac/terraform/examples/eks/karpenter/destroy.sh‎
Lines changed: 25 additions & 0 deletions b/‎argocd/iac/terraform/examples/eks/karpenter/destroy.sh‎
Lines changed: 25 additions & 0 deletions
diff --git a/‎argocd/iac/terraform/examples/eks/karpenter/k8s/example.yaml‎
Lines changed: 23 additions & 0 deletions b/‎argocd/iac/terraform/examples/eks/karpenter/k8s/example.yaml‎
Lines changed: 23 additions & 0 deletions
diff --git a/‎argocd/iac/terraform/examples/eks/karpenter/k8s/karpenter.yaml‎
Lines changed: 44 additions & 0 deletions b/‎argocd/iac/terraform/examples/eks/karpenter/k8s/karpenter.yaml‎
Lines changed: 44 additions & 0 deletions
@@ -0,0 +1,175 @@
+# ArgoCD on Amazon EKS
+
+This tutorial guides you through deploying an Amazon EKS cluster with addons configured via ArgoCD, employing the [GitOps Bridge Pattern](https://github.com/gitops-bridge-dev).
+
+<img src="static/gitops-bridge.drawio.png" width=100%>
+
+
+The [GitOps Bridge Pattern](https://github.com/gitops-bridge-dev) enables Kubernetes administrators to utilize Infrastructure as Code (IaC) and GitOps tools for deploying Kubernetes Addons and Workloads. Addons often depend on Cloud resources that are external to the cluster. The configuration metadata for these external resources is required by the Addons' Helm charts. While IaC is used to create these cloud resources, it is not used to install the Helm charts. Instead, the IaC tool stores this metadata either within GitOps resources in the cluster or in a Git repository. The GitOps tool then extracts these metadata values and passes them to the Helm chart during the Addon installation process. This mechanism forms the bridge between IaC and GitOps, hence the term "GitOps Bridge."
+
+Aditonal examples available on the [GitOps Bridge Pattern](https://github.com/gitops-bridge-dev):
+- [argocd-ingress](https://github.com/gitops-bridge-dev/gitops-bridge/tree/main/argocd/iac/terraform/examples/eks/argocd-ingress)
+- [aws-secrets-manager](https://github.com/gitops-bridge-dev/gitops-bridge/tree/main/argocd/iac/terraform/examples/eks/aws-secrets-manager)
+- [crossplane](https://github.com/gitops-bridge-dev/gitops-bridge/tree/main/argocd/iac/terraform/examples/eks/crossplane)
+- [external-secrets](https://github.com/gitops-bridge-dev/gitops-bridge/tree/main/argocd/iac/terraform/examples/eks/external-secrets)
+- [multi-cluster/distributed](https://github.com/gitops-bridge-dev/gitops-bridge/tree/main/argocd/iac/terraform/examples/eks/multi-cluster/distributed)
+- [multi-cluster/hub-spoke](https://github.com/gitops-bridge-dev/gitops-bridge/tree/main/argocd/iac/terraform/examples/eks/multi-cluster/hub-spoke)
+- [multi-cluster/hub-spoke-shared](https://github.com/gitops-bridge-dev/gitops-bridge/tree/main/argocd/iac/terraform/examples/eks/multi-cluster/hub-spoke-shared)
+- [private-git](https://github.com/gitops-bridge-dev/gitops-bridge/tree/main/argocd/iac/terraform/examples/eks/private-git)
+
+
+
+## Prerequisites
+Before you begin, make sure you have the following command line tools installed:
+- git
+- terraform
+- kubectl
+- argocd
+
+## Fork the Git Repositories
+
+### Fork the Addon GitOps Repo
+1. Fork the git repository for addons [here](https://github.com/gitops-bridge-dev/gitops-bridge-argocd-control-plane-template).
+2. Update the following environment variables to point to your fork by changing the default values:
+```shell
+export TF_VAR_gitops_addons_org=https://github.com/gitops-bridge-dev
+export TF_VAR_gitops_addons_repo=gitops-bridge-argocd-control-plane-template
+```
+
+### Fork the Workloads GitOps Repo
+1. Fork the git repository for this pattern [here](https://github.com/gitops-bridge-dev/gitops-bridge)
+2. Update the following environment variables to point to your fork by changing the default values:
+```shell
+export TF_VAR_gitops_workload_org=https://github.com/gitops-bridge-dev
+export TF_VAR_gitops_workload_repo=gitops-bridge
+```
+
+## Deploy the EKS Cluster
+Initialize Terraform and deploy the EKS cluster:
+```shell
+terraform init
+terraform apply -auto-approve
+```
+Retrieve `kubectl` config, then execute the output command:
+```shell
+terraform output -raw configure_kubectl
+```
+
+Terraform will add GitOps Bridge Metadata to the ArgoCD secret.
+The annotations contain metadata for the addons' Helm charts and ArgoCD ApplicationSets.
+```shell
+kubectl get secret -n argocd -l argocd.argoproj.io/secret-type=cluster -o json | jq '.items[0].metadata.annotations'
+```
+The output looks like the following:
+```json
+{
+  "addons_repo_basepath": "",
+  "addons_repo_path": "bootstrap/control-plane/addons",
+  "addons_repo_revision": "main",
+  "addons_repo_url": "https://github.com/gitops-bridge-dev/gitops-bridge-argocd-control-plane-template",
+  "aws_account_id": "0123456789",
+  "aws_cluster_name": "getting-started-gitops",
+  "aws_load_balancer_controller_iam_role_arn": "arn:aws:iam::0123456789:role/alb-controller",
+  "aws_load_balancer_controller_namespace": "kube-system",
+  "aws_load_balancer_controller_service_account": "aws-load-balancer-controller-sa",
+  "aws_region": "us-west-2",
+  "aws_vpc_id": "vpc-001d3f00151bbb731",
+  "cluster_name": "in-cluster",
+  "environment": "dev",
+  "workload_repo_basepath": "argocd/iac/terraform/examples/eks/",
+  "workload_repo_path": "getting-started/k8s",
+  "workload_repo_revision": "main",
+  "workload_repo_url": "https://github.com/gitops-bridge-dev/gitops-bridge"
+}
+```
+The labels offer a straightforward way to enable or disable an addon in ArgoCD for the cluster.
+```shell
+kubectl get secret -n argocd -l argocd.argoproj.io/secret-type=cluster -o json | jq '.items[0].metadata.labels'
+```
+The output looks like the following:
+```json
+{
+  "aws_cluster_name": "getting-started-gitops",
+  "enable_argocd": "true",
+  "enable_aws_load_balancer_controller": "true",
+  "enable_metrics_server": "true",
+  "kubernetes_version": "1.28",
+}
+```
+
+## Deploy the Addons
+Bootstrap the addons using ArgoCD:
+```shell
+kubectl apply -f bootstrap/addons.yaml
+```
+
+### Monitor GitOps Progress for Addons
+Wait until all the ArgoCD applications' `HEALTH STATUS` is `Healthy`. Use Crl+C to exit the `watch` command
+```shell
+watch kubectl get applications -n argocd
+```
+
+### Verify the Addons
+Verify that the addons are ready:
+```shell
+kubectl get deployment -n kube-system \
+  aws-load-balancer-controller \
+  metrics-server
+```
+
+## Access ArgoCD
+Access ArgoCD's UI, run the command from the output:
+```shell
+terraform output -raw access_argocd
+```
+
+
+## Deploy the Workloads
+Deploy a sample application located in [k8s/game-2048.yaml](k8s/game-2048.yaml) using ArgoCD:
+```shell
+kubectl apply -f bootstrap/workloads.yaml
+```
+
+### Monitor GitOps Progress for Workloads
+Watch until the Workloads ArgoCD Application is `Healthy`
+```shell
+watch kubectl get -n argocd applications workloads
+```
+Wait until the ArgoCD Applications `HEALTH STATUS` is `Healthy`. Crl+C to exit the `watch` command
+
+### Verify the Application
+Verify that the application configuration is present and the pod is running:
+```shell
+kubectl get -n game-2048 deployments,service,ep,ingress
+```
+Wait until the Ingress/game-2048 `MESSAGE` column value is `Successfully reconciled`. Crl+C to exit the `watch` command
+```shell
+kubectl events -n game-2048 --for ingress/game-2048 --watch
+```
+
+
+
+### Access the Application using AWS Load Balancer
+Verify the application endpoint health using `curl`:
+```shell
+curl -I $(kubectl get -n game-2048 ingress game-2048 -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')
+```
+The first line of the output should have `HTTP/1.1 200 OK`.
+
+Retrieve the ingress URL for the application, and access in the browser:
+```shell
+echo "Application URL: http://$(kubectl get -n game-2048 ingress game-2048 -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')"
+```
+
+
+### Container Metrics
+Check the application's CPU and memory metrics:
+```shell
+kubectl top pods -n game-2048
+```
+
+## Destroy the EKS Cluster
+To tear down all the resources and the EKS cluster, run the following command:
+```shell
+./destroy.sh
+```
@@ -0,0 +1,26 @@
+apiVersion: argoproj.io/v1alpha1
+kind: ApplicationSet
+metadata:
+  name: cluster-addons
+  namespace: argocd
+spec:
+  syncPolicy:
+    preserveResourcesOnDeletion: true
+  generators:
+    - clusters: {}
+  template:
+    metadata:
+      name: cluster-addons
+    spec:
+      project: default
+      source:
+        repoURL: '{{metadata.annotations.addons_repo_url}}'
+        path: '{{metadata.annotations.addons_repo_basepath}}{{metadata.annotations.addons_repo_path}}'
+        targetRevision: '{{metadata.annotations.addons_repo_revision}}'
+        directory:
+          recurse: true
+      destination:
+        namespace: argocd
+        name: '{{name}}'
+      syncPolicy:
+        automated: {}
@@ -0,0 +1,34 @@
+apiVersion: argoproj.io/v1alpha1
+kind: ApplicationSet
+metadata:
+  name: workloads
+  namespace: argocd
+spec:
+  syncPolicy:
+    preserveResourcesOnDeletion: false
+  generators:
+    - clusters: {}
+  template:
+    metadata:
+      name: workloads
+      finalizers:
+        # This finalizer is for demo purposes, in production remove apps using argocd CLI "argocd app delete workload --cascade"
+        # When you invoke argocd app delete with --cascade, the finalizer is added automatically.
+        - resources-finalizer.argocd.argoproj.io
+    spec:
+      project: default
+      source:
+        repoURL: '{{metadata.annotations.workload_repo_url}}'
+        path: '{{metadata.annotations.workload_repo_basepath}}{{metadata.annotations.workload_repo_path}}'
+        targetRevision: '{{metadata.annotations.workload_repo_revision}}'
+      destination:
+        name: '{{name}}'
+      syncPolicy:
+        automated:
+          allowEmpty: true
+        syncOptions:
+        - CreateNamespace=true
+        retry:
+          backoff:
+            duration: 1m
+          limit: 60
@@ -0,0 +1,25 @@
+#!/bin/bash
+
+set -uo pipefail
+
+SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+ROOTDIR="$(cd ${SCRIPTDIR}/../..; pwd )"
+[[ -n "${DEBUG:-}" ]] && set -x
+
+# Delete the Ingress/SVC before removing the addons
+TMPFILE=$(mktemp)
+terraform -chdir=$SCRIPTDIR output -raw configure_kubectl > "$TMPFILE"
+# check if TMPFILE contains the string "No outputs found"
+if [[ ! $(cat $TMPFILE) == *"No outputs found"* ]]; then
+  source "$TMPFILE"
+  kubectl delete -n argocd applicationset workloads
+  kubectl delete -n argocd applicationset cluster-addons
+  kubectl delete -n argocd applicationset addons-argocd
+  kubectl delete -n argocd svc argo-cd-argocd-server
+fi
+
+terraform destroy -target="module.gitops_bridge_bootstrap" -auto-approve
+terraform destroy -target="module.eks_blueprints_addons" -auto-approve
+terraform destroy -target="module.eks" -auto-approve
+terraform destroy -target="module.vpc" -auto-approve
+terraform destroy -auto-approve
@@ -0,0 +1,23 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: inflate
+  namespace: default
+spec:
+  replicas: 0
+  selector:
+    matchLabels:
+      app: inflate
+  template:
+    metadata:
+      labels:
+        app: inflate
+    spec:
+      terminationGracePeriodSeconds: 0
+      containers:
+        - name: inflate
+          image: public.ecr.aws/eks-distro/kubernetes/pause:3.7
+          resources:
+            requests:
+              cpu: 1
@@ -0,0 +1,44 @@
+---
+apiVersion: karpenter.k8s.aws/v1beta1
+kind: EC2NodeClass
+metadata:
+  name: default
+spec:
+  amiFamily: AL2
+  role: karpenter-karpenter
+  subnetSelectorTerms:
+    - tags:
+        karpenter.sh/discovery: karpenter
+  securityGroupSelectorTerms:
+    - tags:
+        karpenter.sh/discovery: karpenter
+  tags:
+    karpenter.sh/discovery: karpenter
+---
+apiVersion: karpenter.sh/v1beta1
+kind: NodePool
+metadata:
+  name: default
+spec:
+  template:
+    spec:
+      nodeClassRef:
+        name: default
+      requirements:
+        - key: "karpenter.k8s.aws/instance-category"
+          operator: In
+          values: ["c", "m", "r"]
+        - key: "karpenter.k8s.aws/instance-cpu"
+          operator: In
+          values: ["4", "8", "16", "32"]
+        - key: "karpenter.k8s.aws/instance-hypervisor"
+          operator: In
+          values: ["nitro"]
+        - key: "karpenter.k8s.aws/instance-generation"
+          operator: Gt
+          values: ["2"]
+  limits:
+    cpu: 1000
+  disruption:
+    consolidationPolicy: WhenEmpty
+    consolidateAfter: 30s