Kubernetes ArgoCD

$ export INGRESS_HOST=$(minikube --profile my-profile ip)
$ echo ${INGRESS_HOST}
192.168.49.2

export BASE_HOST=[...] # e.g., $INGRESS_HOST.nip.io

export REGISTRY_SERVER=https://index.docker.io/v1/

# Replace `[...]` with the registry username

export REGISTRY_USER=[...]

# Replace `[...]` with the registry password

export REGISTRY_PASS=[...]

# Replace `[...]` with the registry email

export REGISTRY_EMAIL=[...]

# Replace `[...]` with the GitHub token

export GH_TOKEN=[...]

# Replace `[...]` with the GitHub email

export GH_EMAIL=[...]

$ cd ~/tmp
$ git clone https://github.com/vfarcic/argo-combined-app
$ git clone https://github.com/vfarcic/argo-combined-demo.git

$ cd argo-combined-app

$ cat kustomize/base/ingress.yaml \
 | sed -e "[email protected]@[email protected]" \
 | tee kustomize/overlays/staging/ingress.yaml

$ cat kustomize/overlays/production/rollout.yaml \
 | sed -e "[email protected]@[email protected]" \
 | tee kustomize/overlays/production/rollout.yaml

$ cat kustomize/overlays/staging/deployment.yaml \
 | sed -e "[email protected]@$REGIS[email protected]" \
 | tee kustomize/overlays/staging/deployment.yaml

$ cd argo-combined-demo

$ cat orig/sealed-secrets.yaml \
 | sed -e "[email protected]@[email protected]" \
 | tee production/sealed-secrets.yaml

$ cat argo-cd/base/ingress.yaml \
 | sed -e "[email protected]@[email protected]" \
 | tee argo-cd/overlays/production/ingress.yaml

$ cat argo-workflows/base/ingress.yaml \
 | sed -e "[email protected]@argo-workflows.$BA[email protected]" \
 | tee argo-workflows/overlays/production/ingress.yaml

$ cat argo-events/base/event-sources.yaml \
 | sed -e "[email protected]@[email protected]" \
    | sed -e "[email protected]@[email protected]" \
 | tee argo-events/overlays/production/event-sources.yaml

$ cat argo-events/base/sensors.yaml \
 | sed -e "[email protected]: [email protected]: [email protected]" \
 | sed -e "[email protected]: [email protected]: [email protected]" \
 | tee argo-events/overlays/production/sensors.yaml

$ cat production/argo-cd.yaml \
 | sed -e "[email protected]@[email protected]" \
 | tee production/argo-cd.yaml

$ cat production/argo-workflows.yaml \
 | sed -e "[email protected]@[email protected]" \
 | tee production/argo-workflows.yaml

$ cat production/argo-events.yaml \
 | sed -e "[email protected]@[email protected]" \
 | tee production/argo-events.yaml

$ cat production/argo-rollouts.yaml \
 | sed -e "[email protected]@[email protected]" \
 | tee production/argo-rollouts.yaml

$ cat production/argo-combined-app.yaml \
 | sed -e "[email protected]/[email protected]/[email protected]" \
 | sed -e "[email protected] [email protected] $REGISTRY_US[email protected]" \
 | tee production/argo-combined-app.yaml

$ cat staging/argo-combined-app.yaml \
 | sed -e "[email protected]/[email protected]/[email protected]" \
 | sed -e "[email protected] [email protected] [email protected]" \
 | tee staging/argo-combined-app.yaml

$ cat apps.yaml \
 | sed -e "[email protected]@[email protected]" \
 | tee apps.yaml

$ kubectl apply --filename sealed-secrets

$ kubectl --namespace workflows \
 create secret \
 docker-registry regcred \
 --docker-server=$REGISTRY_SERVER \
    --docker-username=$REGISTRY_USER \
 --docker-password=$REGISTRY_PASS \
    --docker-email=$REGISTRY_EMAIL \
 --output json \
 --dry-run=client \
 | kubeseal --format yaml \
 | tee argo-workflows/overlays/production/regcred.yaml

# Wait for a while and repeat the previous command if the output contains `cannot fetch certificate` error message

$ echo "apiVersion: v1
kind: Secret
metadata:
name: github-access
namespace: workflows
type: Opaque
data:
token: $(echo -n $GH_TOKEN | base64)
user: $(echo -n $GH_ORG | base64)
email: $(echo -n $GH_EMAIL | base64)" \
 | kubeseal --format yaml \
 | tee argo-workflows/overlays/workflows/githubcred.yaml

$ echo "apiVersion: v1
kind: Secret
metadata:
name: github-access
namespace: argo-events
type: Opaque
data:
token: $(echo -n $GH_TOKEN | base64)" \
 | kubeseal --format yaml \
 | tee argo-events/overlays/production/githubcred.yaml

git add .

git commit -m "Manifests"

git push

cd ..

$ cd argo-combined-demo

$ cat production/argo-cd.yaml

$ kustomize build \
 argo-cd/overlays/production \
 | kubectl apply --filename -

$ kubectl --namespace argocd \
 rollout status \
 deployment argocd-server

$ export PASS=$(kubectl \
 --namespace argocd \
 get secret argocd-initial-admin-secret \
 --output jsonpath="{.data.password}" \
 | base64 --decode)

$ argocd login \
 --insecure \
 --username admin \
 --password $PASS \
    --grpc-web \
    argo-cd.$BASE_HOST

$ argocd account update-password \
 --current-password $PASS \
 --new-password admin

http://argo-cd.$BASE_HOST

admin / admin

$ kubectl apply --filename project.yaml

$ kubectl apply --filename apps.yaml

$ cat argo-events/overlays/production/event-sources.yaml

$ cat argo-events/overlays/production/sensors.yaml

open https://github.com/$GH_ORG/argo-combined-app/settings/hooks

open http://argo-workflows.$BASE_HOST

$ cd ../argo-combined-app

# This might not work with providers that do not expose the IP but a host (e.g., AWS EKS)

$ export ISTIO_HOST=$(kubectl \
 --namespace istio-system \
 get svc istio-ingressgateway \
 --output jsonpath="{.status.loadBalancer.ingress[0].ip}")

$ echo $ISTIO_HOST

$ cat kustomize/base/istio.yaml \
 | sed -e "[email protected]@[email protected]" \
 | tee kustomize/overlays/production/istio.yaml

$ cat config.toml \
 | sed -e "[email protected] DevOps becomes [email protected] now\!\!\[email protected]" \
 | tee config.toml

git add .

git commit -m "A silly change"

git push