Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adapt ArgoCD setup to our best practices #110

Merged
merged 25 commits into from
May 30, 2023
Merged

Conversation

schnatterer
Copy link
Member

  • ArgoCD GitOps repos now follow the Env per App pattern -> stages can be set per application
  • New Repo structure for ArgoCD production-ready setting
    • manages itself using GitOps, using its own repo argocd
    • example for a repo per team setting, including least privilege authorization via argocd AppProject per team
      • cluster-resources -> infra team;
      • example-apps -> app team
    • notifications per team
    • See also README.md
  • Upgrade to latest GitOps Builds lib and uses its features, e.g. the Env per App pattern and the kubernetes version for rendering helm charts correctly.
  • Unrelated changes/fixes that were done "while on it":

Test image: ghcr.io/cloudogu/gitops-playground:fef946e

Operator (argocd/fluxv2) first. Find apps faster!
Passed to "helm template" by build lib for rendering results that match the k8s version currently used
Via a umbrella chart in a separate repository.
Upgrades to ArgoCD 2.6

Switch to credential templates for repos managed by argocd.

Also fixes #85, by using integrated ArgoCD Notifications.
Also fixed #69.
Will be replaced soon by different options of installing argoCD
A multi-tenant setup with three repos: argocd, cluster-resources and example-applications.
This would match a repo-per team pattern: platform team takes control of cluster-resources and argocd; application team takes control of end-user applications.

One project per team realizes a least-privilege approach. Also, the notification receivers are configured on this level.

Example applications CRs are moved to a "team" namespace (argocd-production/argocd-staging).

Fixes #97.
No need for a separate repository
Basically implements creating the petclinic repos, using JGit.
The ScmmRepo class is not a good fit for this, because it is implemented for Playground SCMM-Repos (using credentials, etc.) and difficult to generalize.
However, JGit is not a good fit for GraalVM :(
Pragmatic choice: Don't init statically. This is not perfect, but a very simple solution. Plus: Unit tests are now also much easier.
Prometheus installation timed out on a system with a lot of load.
Historically, when passing no parameters, all GitOps operators were installed. With the switch to groovy, only Flux v2 is installed when no parameter is passed. This is a bug. But reflecting this, is might be less complicated to explicitly pass the parameter for the operators wanted. This is a breaking change in regard to the parameters, though.

On the other hand, we had this bug for quite a while. Now it is consistent. And it's also possible to not install a GitOps operator at all. Maybe the GitOps Playground is moving to provide general cluster infrastructure or even a platform 😱
* Explain the new repostructure for Argo CD
* Demo app are now called Example apps
* Diagrams created using the method described here: https://github.com/cloudogu/gitops-talks/blob/209625f/docs/image-sources/repo-examples/creating-structure-svgs.md#erdtree
Most likely these mismatches start to occur due to the newest LTS having been released recently
It was outdated and incomplete. We need a more powerful solution anyway. So delete it for now.

In the future, we need a solution that also removes build jobs and repos as well for external Jenkins/SCM-Manager instances. Stay tuned.
Error was argocd-production/misc: application destination {https://kubernetes.default.svc } is not permitted in project 'example-apps'
@schnatterer schnatterer force-pushed the feature/env_per_app branch 4 times, most recently from 40bd798 to 22ac8f9 Compare May 22, 2023 15:37
Add section about using multiple clusters.

Use more accurate links to patterns.

Remove part about scm-pathwp-plugin, as it would probably be a feature of review-plugin, which is not implemented, yet.
All diagrams: Use grey as text color instead of black for better contrast in dark mode.
Autopilot:
* Fix interchanged arrows pointing from argo-cd.yaml and cluster-resources.yaml
* Add envs (staging, prod) for better understanding the role of the projects.
@schnatterer schnatterer force-pushed the feature/env_per_app branch from 22ac8f9 to 6731756 Compare May 23, 2023 09:11
pmarkiewka and others added 3 commits May 26, 2023 15:09
In order to avoid this error:
Some plugins could not be loaded due to unsatisfied dependencies. Fix these issues and restart Jenkins to re-enable these plugins.

**Dependency errors:**

ECharts API Plugin (5.4.0-4)

Update required: Plugin Utilities API Plugin (plugin-util-api 3.2.0) to be updated to 3.2.1 or higher

Some of the above failures also result in additional indirectly dependent plugins not being able to load.

**Indirectly dependent plugins:**

JUnit Plugin (1202.v79a_986785076)

Failed to load: ECharts API Plugin (echarts-api 5.4.0-4)

Lockable Resources plugin (1150.v59db_2b_994618)

Failed to load: Matrix Project Plugin (matrix-project 789.v57a_725b_63c79)

Matrix Project Plugin (789.v57a_725b_63c79)

Failed to load: JUnit Plugin (junit 1202.v79a_986785076)
# Conflicts:
#	scripts/jenkins/plugins/plugins.txt
@pmarkiewka pmarkiewka merged commit e25b0f9 into main May 30, 2023
@pmarkiewka pmarkiewka deleted the feature/env_per_app branch May 30, 2023 17:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
2 participants