From 1706d26814efe42d3f484f06273b413a59602b54 Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Sun, 8 Jun 2025 13:47:03 +0200 Subject: [PATCH 01/69] Fixing crossplane install --- .github/workflows/create-cluster.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/create-cluster.yaml b/.github/workflows/create-cluster.yaml index 249146a..e09bd56 100644 --- a/.github/workflows/create-cluster.yaml +++ b/.github/workflows/create-cluster.yaml @@ -36,7 +36,7 @@ jobs: - name: Install Crossplane run: | - helm upgrade --install crossplane crossplane-stable/crossplane \ + helm upgrade --install crossplane-stable/crossplane crossplane \ --namespace crossplane-system \ --create-namespace \ --repo https://charts.crossplane.io/stable/ \ From f65d7ed396fc876458fd16127d2962517f1c2cf9 Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Sun, 8 Jun 2025 13:49:03 +0200 Subject: [PATCH 02/69] Fixing crossplane install --- .github/workflows/create-cluster.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/create-cluster.yaml b/.github/workflows/create-cluster.yaml index e09bd56..3b9af83 100644 --- a/.github/workflows/create-cluster.yaml +++ b/.github/workflows/create-cluster.yaml @@ -36,7 +36,7 @@ jobs: - name: Install Crossplane run: | - helm upgrade --install crossplane-stable/crossplane crossplane \ + helm upgrade --install crossplane crossplane \ --namespace crossplane-system \ --create-namespace \ --repo https://charts.crossplane.io/stable/ \ From fd870bcd15cf8e5ad13a73b3684d94983bd967ea Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Sun, 8 Jun 2025 14:32:09 +0200 Subject: [PATCH 03/69] Separating job steps --- .github/workflows/create-cluster.yaml | 11 +++-------- .github/workflows/setup-helm/action.yaml | 15 +++++++++++++++ 2 files changed, 18 insertions(+), 8 deletions(-) create mode 100644 .github/workflows/setup-helm/action.yaml diff --git a/.github/workflows/create-cluster.yaml b/.github/workflows/create-cluster.yaml index 3b9af83..6ca7579 100644 --- a/.github/workflows/create-cluster.yaml +++ b/.github/workflows/create-cluster.yaml @@ -8,14 +8,8 @@ jobs: - name: Checkout repository uses: actions/checkout@v4 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Set up kubectl - uses: azure/setup-kubectl@v4 - - - name: Set up Helm - uses: azure/setup-helm@v4 + - name: Set up helm + uses: ./.github/actions/setup-helm - name: Install kind run: | @@ -39,6 +33,7 @@ jobs: helm upgrade --install crossplane crossplane \ --namespace crossplane-system \ --create-namespace \ + --version 1.20.0 \ --repo https://charts.crossplane.io/stable/ \ --wait diff --git a/.github/workflows/setup-helm/action.yaml b/.github/workflows/setup-helm/action.yaml new file mode 100644 index 0000000..cf98e98 --- /dev/null +++ b/.github/workflows/setup-helm/action.yaml @@ -0,0 +1,15 @@ +name: Setup Helm +run-name: Setting up Helm +on: [push] +jobs: + SpinUpCluster: + runs-on: ubuntu-24.04 + steps: + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Set up kubectl + uses: azure/setup-kubectl@v4 + + - name: Set up Helm + uses: azure/setup-helm@v4 From 217832345416bc7042b71b916e7d66c4843431f2 Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Sun, 8 Jun 2025 14:32:49 +0200 Subject: [PATCH 04/69] Fixing path --- .github/workflows/create-cluster.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/create-cluster.yaml b/.github/workflows/create-cluster.yaml index 6ca7579..0c62736 100644 --- a/.github/workflows/create-cluster.yaml +++ b/.github/workflows/create-cluster.yaml @@ -9,7 +9,7 @@ jobs: uses: actions/checkout@v4 - name: Set up helm - uses: ./.github/actions/setup-helm + uses: ./.github/setup-helm - name: Install kind run: | From feeb93fc93773e0eb98ef213e83892be2bebab52 Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Sun, 8 Jun 2025 20:30:33 +0200 Subject: [PATCH 05/69] Adjusting paths --- .github/{workflows => actions}/setup-helm/action.yaml | 0 .github/workflows/create-cluster.yaml | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename .github/{workflows => actions}/setup-helm/action.yaml (100%) diff --git a/.github/workflows/setup-helm/action.yaml b/.github/actions/setup-helm/action.yaml similarity index 100% rename from .github/workflows/setup-helm/action.yaml rename to .github/actions/setup-helm/action.yaml diff --git a/.github/workflows/create-cluster.yaml b/.github/workflows/create-cluster.yaml index 0c62736..6ca7579 100644 --- a/.github/workflows/create-cluster.yaml +++ b/.github/workflows/create-cluster.yaml @@ -9,7 +9,7 @@ jobs: uses: actions/checkout@v4 - name: Set up helm - uses: ./.github/setup-helm + uses: ./.github/actions/setup-helm - name: Install kind run: | From 447b655aa0f47b453ff0f0b1e77d68a01a7d6084 Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Sun, 8 Jun 2025 21:32:32 +0200 Subject: [PATCH 06/69] Fixing action --- .github/actions/setup-helm/action.yaml | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) diff --git a/.github/actions/setup-helm/action.yaml b/.github/actions/setup-helm/action.yaml index cf98e98..45beba5 100644 --- a/.github/actions/setup-helm/action.yaml +++ b/.github/actions/setup-helm/action.yaml @@ -1,15 +1,13 @@ name: Setup Helm -run-name: Setting up Helm -on: [push] -jobs: - SpinUpCluster: - runs-on: ubuntu-24.04 - steps: - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 +description: This action sets up Docker, kubectl, and Helm in the GitHub Actions environment. +runs: + using: "composite" + steps: + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 - - name: Set up kubectl - uses: azure/setup-kubectl@v4 - - - name: Set up Helm - uses: azure/setup-helm@v4 + - name: Set up kubectl + uses: azure/setup-kubectl@v4 + + - name: Set up Helm + uses: azure/setup-helm@v4 From 3dcefd3e8c21b8809f36ea6bae7db1b8f5cb3649 Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Mon, 9 Jun 2025 15:34:45 +0200 Subject: [PATCH 07/69] Initial cluster --- .github/actions/kind/action.yaml | 20 ++++++++++ .github/actions/setup-helm/action.yaml | 23 +++++++++++- .github/actions/sops/action.yaml | 19 ++++++++++ .github/workflows/create-cluster.yaml | 37 +++---------------- .gitignore | 3 ++ aws-eu1/apps/infrastructure.yaml | 16 ++++++++ aws-eu1/crossplane/Chart.yaml | 13 +++++++ .../crossplane/templates/aws-creds.enc.yaml | 33 +++++++++++++++++ aws-eu1/crossplane/templates/buckets.yaml | 12 ++++++ .../crossplane/templates/provider-config.yaml | 14 +++++++ aws-eu1/crossplane/templates/providers.yaml | 9 +++++ aws-eu1/crossplane/values.yaml | 5 +++ helmfile.yaml | 25 +++++++++++++ 13 files changed, 197 insertions(+), 32 deletions(-) create mode 100644 .github/actions/kind/action.yaml create mode 100644 .github/actions/sops/action.yaml create mode 100644 .gitignore create mode 100644 aws-eu1/apps/infrastructure.yaml create mode 100644 aws-eu1/crossplane/Chart.yaml create mode 100644 aws-eu1/crossplane/templates/aws-creds.enc.yaml create mode 100644 aws-eu1/crossplane/templates/buckets.yaml create mode 100644 aws-eu1/crossplane/templates/provider-config.yaml create mode 100644 aws-eu1/crossplane/templates/providers.yaml create mode 100644 aws-eu1/crossplane/values.yaml create mode 100644 helmfile.yaml diff --git a/.github/actions/kind/action.yaml b/.github/actions/kind/action.yaml new file mode 100644 index 0000000..d53f4e4 --- /dev/null +++ b/.github/actions/kind/action.yaml @@ -0,0 +1,20 @@ +name: Setup Kind +description: This action sets up Docker, kubectl, and Helm in the GitHub Actions environment. +runs: + using: "composite" + steps: + - name: Install kind + run: | + curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.22.0/kind-linux-amd64 + chmod +x ./kind + sudo mv ./kind /usr/local/bin/kind + + - name: Create kind cluster + run: | + kind create cluster --wait 60s + + - name: Get Cluster status + run: | + kubectl wait --for=condition=ready pods --namespace=kube-system -l k8s-app=kube-dns + kubectl get nodes -o wide + kubectl get pods -A diff --git a/.github/actions/setup-helm/action.yaml b/.github/actions/setup-helm/action.yaml index 45beba5..5413837 100644 --- a/.github/actions/setup-helm/action.yaml +++ b/.github/actions/setup-helm/action.yaml @@ -10,4 +10,25 @@ runs: uses: azure/setup-kubectl@v4 - name: Set up Helm - uses: azure/setup-helm@v4 + uses: azure/setup-helm@v4^ + + # configure kubeseal + - name: Install Kubeseal + shell: bash + run: | + set -eu + curl -sL https://github.com/bitnami-labs/sealed-secrets/releases/download/v${{ inputs.version }}/kubeseal-${{ inputs.version }}-linux-amd64.tar.gz \ + -o $GITHUB_WORKSPACE/kubeseal-${{ inputs.version }}-linux-amd64.tar.gz + tar xzvf $GITHUB_WORKSPACE/kubeseal-${{ inputs.version }}-linux-amd64.tar.gz + mkdir -p $GITHUB_WORKSPACE/bin + mv $GITHUB_WORKSPACE/{,bin/}kubeseal + chmod +x $GITHUB_WORKSPACE/bin/kubeseal + echo $GITHUB_WORKSPACE/bin >> $GITHUB_PATH + + # configure aws credentials + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v3 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: ${{ secrets.AWS_REGION }} diff --git a/.github/actions/sops/action.yaml b/.github/actions/sops/action.yaml new file mode 100644 index 0000000..aa7df8e --- /dev/null +++ b/.github/actions/sops/action.yaml @@ -0,0 +1,19 @@ +name: "Setup kubeseal" +description: "Sets up kubeseal CLI in your GitHub Actions workflow." + +inputs: + version: + required: false + default: "0.23.0" + description: "kubeseal CLI version to install" + +runs: + using: "composite" + steps: + - name: Set up SOPS + run: |- + curl -O -L -C - https://github.com/mozilla/sops/releases/download/v3.7.3/sops-v3.7.3.linux + sudo mv sops-v3.7.3.linux /usr/bin/sops + sudo chmod +x /usr/bin/sops + - name: Decrypt + run: find . -type f -name *.enc.yaml -exec sops decrypt -i {} \; diff --git a/.github/workflows/create-cluster.yaml b/.github/workflows/create-cluster.yaml index 6ca7579..2f7d05d 100644 --- a/.github/workflows/create-cluster.yaml +++ b/.github/workflows/create-cluster.yaml @@ -8,36 +8,11 @@ jobs: - name: Checkout repository uses: actions/checkout@v4 - - name: Set up helm + - name: Set up Helm uses: ./.github/actions/setup-helm - - - name: Install kind - run: | - curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.22.0/kind-linux-amd64 - chmod +x ./kind - sudo mv ./kind /usr/local/bin/kind - - name: Create kind cluster - run: | - kind create cluster --wait 60s - - - name: Get Cluster status - run: | - # wait network is ready - kubectl wait --for=condition=ready pods --namespace=kube-system -l k8s-app=kube-dns - kubectl get nodes -o wide - kubectl get pods -A - - - name: Install Crossplane - run: | - helm upgrade --install crossplane crossplane \ - --namespace crossplane-system \ - --create-namespace \ - --version 1.20.0 \ - --repo https://charts.crossplane.io/stable/ \ - --wait - - - name: Check Crossplane status - run: | - kubectl get pods -n crossplane-system - kubectl get crds | grep crossplane.io \ No newline at end of file + - name: Set up Kind + uses: ./.github/actions/kind + + # - name: Decrypt secrets + # uses: ./.github/actions/sops diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..c0d8840 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +.secrets/ +*.tgz +*.lock diff --git a/aws-eu1/apps/infrastructure.yaml b/aws-eu1/apps/infrastructure.yaml new file mode 100644 index 0000000..7b870b3 --- /dev/null +++ b/aws-eu1/apps/infrastructure.yaml @@ -0,0 +1,16 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: infrastructure + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + source: + repoURL: https://github.com/diegopso/crossplane-example.git + targetRevision: cluster-creation + path: aws-eu1/crossplane + destination: + server: https://kubernetes.default.svc + namespace: infrastructure diff --git a/aws-eu1/crossplane/Chart.yaml b/aws-eu1/crossplane/Chart.yaml new file mode 100644 index 0000000..53bb117 --- /dev/null +++ b/aws-eu1/crossplane/Chart.yaml @@ -0,0 +1,13 @@ +apiVersion: v2 +name: crossplane-infrastructure +description: A Helm chart for Kubernetes + +type: application +version: 0.1.0 +appVersion: "1.20.0" +icon: https://docs.crossplane.io/favicon-32x32.png + +# dependencies: +# - name: crossplane +# version: "1.20.0" +# repository: https://charts.crossplane.io/stable \ No newline at end of file diff --git a/aws-eu1/crossplane/templates/aws-creds.enc.yaml b/aws-eu1/crossplane/templates/aws-creds.enc.yaml new file mode 100644 index 0000000..6763e13 --- /dev/null +++ b/aws-eu1/crossplane/templates/aws-creds.enc.yaml @@ -0,0 +1,33 @@ +apiVersion: v1 +kind: Secret +metadata: + name: aws-secret + namespace: crossplane-system +data: + creds: ENC[AES256_GCM,data:yXrPQP9G8A/Cp+qDR+QCzy4JN02vZuAPPIwBt08PnU0J/gVjTergCLAuTob91XI5fhumxw80WYV6CFyd+2k0Q5b2U9zF1DkO3bspxb7UVKIRqulzy+hphkMTCQL5+562xAoBSsQZV4wZLG9exHkro5Yt5HJdc0Zhkovpoltc+J9DL/ta+gJsO5X872iy7EWxGFtEysUNRzHwLGoUqkEzxA==,iv:ZW0w/E+w74krLieZRoinxoI4KJgUoiDyGyJX4teWSvE=,tag:yGyo8LDAXNEvm9l12kYBgw==,type:str] +sops: + lastmodified: "2025-06-09T13:29:11Z" + mac: ENC[AES256_GCM,data:U9G1fbkBLAj5TT4RGSxb4Qz7IsaGFZkPMYLzAWjMsGawwWNMj8sU1pvaYWpsOgQIN4vl1nRyZp30ZagNfXeFmebFYWCa5t9B5K4KAb0gfzFxB4UjSAofR0WvgnWoTrc+iYwDTKEPSeyAD/hjgYIWb6/Z3V9ddVY/K3nKMEY0V1Q=,iv:OW/xcYBfeTbbEOY9gR0mnrbxxke0/rypQiskqr5Bbak=,tag:rwbDiAZp6GF7FpjnlpA66A==,type:str] + pgp: + - created_at: "2025-06-09T13:29:11Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA/b4SgaRrjB1ARAArpXXTLDcH8XlGyr345ga1I31DY09W0Ma8g5f7A2Qbqot + qDg/cf+4/Acy2egY0ohsiIyST7TTmlZ0rOeaKU7KvcYL7mSpjz9/TJ3cIVcxPzX6 + SjL3arY+tZ2OlLPaYIBZbO3pRJEyfZtcG41rZayV3gXtoC/MwyH9A6+CyUCQPOxX + Aw6Y1EohhDvXl0DDCWkC4ds5WakJi4aJbcU5qunRxGKh7JUUPSrPIe5WqdOfH0M2 + 2FNuPaXDNrlZX6VHRSXiI3lJlS4hydiT9eyWudNLSF1zmMqtwr6xZXptFVBf5MIY + wBmIWDlXGwGM6WiSQktIs95ll9JASDuJZWC9UV/Gmon+scM+nepuuCa/ksx+/ftY + y0QBs7K672sRWyx+0AEZ8sljZzVvdDG95merTi55OuK62GqgKJPxETKJCSWBYVNs + hS8UiX+zHjxrpL9NOXdzqjqqZKm0R+3LxWEKO04biic/aKheJ/SYRHrz372RmQIx + 1xPBuGitR1pEiBiIVnoJHdNkpYweE4g7Giq2ydVWBb0vC3MaaJc2eNTJQmHgqwJO + kF/qfHlQWGGXPJf7XSuUl3pxHcJ3nMhIFptEpnB14rX4gDovp0Ct/s0a0H0Vy+lB + D7pSuNjCSIdlBzk/jSP0ILfhsPUByH/ZvNKWTiQrqzCzl0AFdcZTcCeE047Dk2/U + WwEJAhAwrSoz1sbNiX89/Us19BQOTsk4/Q72ys6imoaem7gLtNouXadL8MutNjwD + BZ/ztfT12Qliefa8M7bntTueoySeq/NLtmd0CuWVQn/suFx/r50FANzHcpo= + =6BaZ + -----END PGP MESSAGE----- + fp: F5F3E2B76838D78BBA5E40E0E87E041E1CF025EA + encrypted_regex: ^(data|stringData)$ + version: 3.10.2 diff --git a/aws-eu1/crossplane/templates/buckets.yaml b/aws-eu1/crossplane/templates/buckets.yaml new file mode 100644 index 0000000..d242593 --- /dev/null +++ b/aws-eu1/crossplane/templates/buckets.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: s3.aws.upbound.io/v1beta1 +kind: Bucket +metadata: + generateName: crossplane-bucket- + annotations: + argocd.argoproj.io/sync-wave: {{ .Values.argoSyncWaves.crossplane.infrastructure }} +spec: + forProvider: + region: us-east-2 + providerConfigRef: + name: default diff --git a/aws-eu1/crossplane/templates/provider-config.yaml b/aws-eu1/crossplane/templates/provider-config.yaml new file mode 100644 index 0000000..db57ab5 --- /dev/null +++ b/aws-eu1/crossplane/templates/provider-config.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: aws.upbound.io/v1beta1 +kind: ProviderConfig +metadata: + name: default + annotations: + argocd.argoproj.io/sync-wave: {{ .Values.argoSyncWaves.crossplane.providersConfigurations }} +spec: + credentials: + source: Secret + secretRef: + namespace: crossplane-system + name: aws-secret + key: creds diff --git a/aws-eu1/crossplane/templates/providers.yaml b/aws-eu1/crossplane/templates/providers.yaml new file mode 100644 index 0000000..9ca3fd5 --- /dev/null +++ b/aws-eu1/crossplane/templates/providers.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: pkg.crossplane.io/v1 +kind: Provider +metadata: + name: provider-aws-s3 + annotations: + argocd.argoproj.io/sync-wave: {{ .Values.argoSyncWaves.crossplane.providers }} +spec: + package: xpkg.crossplane.io/crossplane-contrib/provider-aws-s3:v1.21.1 diff --git a/aws-eu1/crossplane/values.yaml b/aws-eu1/crossplane/values.yaml new file mode 100644 index 0000000..38ce351 --- /dev/null +++ b/aws-eu1/crossplane/values.yaml @@ -0,0 +1,5 @@ +argoSyncWaves: + crossplane: + providers: -10000 + providersConfigurations: -9990 + infrastructure: -9980 \ No newline at end of file diff --git a/helmfile.yaml b/helmfile.yaml new file mode 100644 index 0000000..d240ab6 --- /dev/null +++ b/helmfile.yaml @@ -0,0 +1,25 @@ +repositories: + - name: crossplane-stable + url: https://charts.crossplane.io/stable + - name: argo + url: https://argoproj.github.io/argo-helm + +releases: + - name: crossplane + namespace: crossplane-system + chart: crossplane-stable/crossplane + version: "1.20.0" + - name: argocd + namespace: argocd + chart: argo/argo-cd + version: "8.0.16" + # - name: crossplane + # namespace: crossplane-system + # chart: ./crossplane + # version: "0.1.0" + # - name: infrastructure + # namespace: crossplane-system + # chart: ./infrastructure + # version: "0.1.0" + # needs: + # - crossplane From 2a5df9ef93ba1927400d4512c54e73ed622abb1e Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Mon, 9 Jun 2025 15:36:27 +0200 Subject: [PATCH 08/69] Removing AWS config --- .github/actions/setup-helm/action.yaml | 21 --------------------- .github/workflows/create-cluster.yaml | 8 ++++++++ 2 files changed, 8 insertions(+), 21 deletions(-) diff --git a/.github/actions/setup-helm/action.yaml b/.github/actions/setup-helm/action.yaml index 5413837..0040b74 100644 --- a/.github/actions/setup-helm/action.yaml +++ b/.github/actions/setup-helm/action.yaml @@ -11,24 +11,3 @@ runs: - name: Set up Helm uses: azure/setup-helm@v4^ - - # configure kubeseal - - name: Install Kubeseal - shell: bash - run: | - set -eu - curl -sL https://github.com/bitnami-labs/sealed-secrets/releases/download/v${{ inputs.version }}/kubeseal-${{ inputs.version }}-linux-amd64.tar.gz \ - -o $GITHUB_WORKSPACE/kubeseal-${{ inputs.version }}-linux-amd64.tar.gz - tar xzvf $GITHUB_WORKSPACE/kubeseal-${{ inputs.version }}-linux-amd64.tar.gz - mkdir -p $GITHUB_WORKSPACE/bin - mv $GITHUB_WORKSPACE/{,bin/}kubeseal - chmod +x $GITHUB_WORKSPACE/bin/kubeseal - echo $GITHUB_WORKSPACE/bin >> $GITHUB_PATH - - # configure aws credentials - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v3 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: ${{ secrets.AWS_REGION }} diff --git a/.github/workflows/create-cluster.yaml b/.github/workflows/create-cluster.yaml index 2f7d05d..485f938 100644 --- a/.github/workflows/create-cluster.yaml +++ b/.github/workflows/create-cluster.yaml @@ -16,3 +16,11 @@ jobs: # - name: Decrypt secrets # uses: ./.github/actions/sops + + # configure aws credentials + # - name: Configure AWS credentials + # uses: aws-actions/configure-aws-credentials@v3 + # with: + # aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + # aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + # aws-region: ${{ secrets.AWS_REGION }} From 292506e2822bc0a11f161a1cf1e9edec5638a8d2 Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Mon, 9 Jun 2025 15:37:24 +0200 Subject: [PATCH 09/69] Removing wrong char --- .github/actions/setup-helm/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/setup-helm/action.yaml b/.github/actions/setup-helm/action.yaml index 0040b74..45beba5 100644 --- a/.github/actions/setup-helm/action.yaml +++ b/.github/actions/setup-helm/action.yaml @@ -10,4 +10,4 @@ runs: uses: azure/setup-kubectl@v4 - name: Set up Helm - uses: azure/setup-helm@v4^ + uses: azure/setup-helm@v4 From 42b6931f9a21f566942894c8ff2411367dd44dc6 Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Mon, 9 Jun 2025 15:43:53 +0200 Subject: [PATCH 10/69] Adding shell --- .github/actions/kind/action.yaml | 5 ++++- .github/actions/sops/action.yaml | 16 +++++++++------- 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/.github/actions/kind/action.yaml b/.github/actions/kind/action.yaml index d53f4e4..8e98940 100644 --- a/.github/actions/kind/action.yaml +++ b/.github/actions/kind/action.yaml @@ -1,19 +1,22 @@ name: Setup Kind -description: This action sets up Docker, kubectl, and Helm in the GitHub Actions environment. +description: This action sets up Kind and a Kind cluster in the GitHub Actions environment. runs: using: "composite" steps: - name: Install kind + shell: bash run: | curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.22.0/kind-linux-amd64 chmod +x ./kind sudo mv ./kind /usr/local/bin/kind - name: Create kind cluster + shell: bash run: | kind create cluster --wait 60s - name: Get Cluster status + shell: bash run: | kubectl wait --for=condition=ready pods --namespace=kube-system -l k8s-app=kube-dns kubectl get nodes -o wide diff --git a/.github/actions/sops/action.yaml b/.github/actions/sops/action.yaml index aa7df8e..335b8aa 100644 --- a/.github/actions/sops/action.yaml +++ b/.github/actions/sops/action.yaml @@ -1,19 +1,21 @@ -name: "Setup kubeseal" -description: "Sets up kubeseal CLI in your GitHub Actions workflow." +name: Setup SOPS +description: This action sets up Docker, kubectl, and Helm in the GitHub Actions environment. inputs: version: required: false - default: "0.23.0" - description: "kubeseal CLI version to install" + default: "3.10.2" + description: "SOPS version to install" runs: using: "composite" steps: - name: Set up SOPS + shell: bash run: |- - curl -O -L -C - https://github.com/mozilla/sops/releases/download/v3.7.3/sops-v3.7.3.linux - sudo mv sops-v3.7.3.linux /usr/bin/sops - sudo chmod +x /usr/bin/sops + curl -O -L -C - https://github.com/mozilla/sops/releases/download/v${{ inputs.version }}/sops-v${{ inputs.version }}.linux + sudo mv sops-v${{ inputs.version }}.linux /usr/bin/sops + sudo chmod +x /usr/bin/sops - name: Decrypt + shell: bash run: find . -type f -name *.enc.yaml -exec sops decrypt -i {} \; From d848a2ce885b56f198b9ff4f26ec61147297394d Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Mon, 9 Jun 2025 15:53:46 +0200 Subject: [PATCH 11/69] Converting syncWaves to string --- .github/workflows/create-cluster.yaml | 2 +- aws-eu1/crossplane/values.yaml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/create-cluster.yaml b/.github/workflows/create-cluster.yaml index 485f938..ae2007e 100644 --- a/.github/workflows/create-cluster.yaml +++ b/.github/workflows/create-cluster.yaml @@ -11,7 +11,7 @@ jobs: - name: Set up Helm uses: ./.github/actions/setup-helm - - name: Set up Kind + - name: Set up Kind cluster uses: ./.github/actions/kind # - name: Decrypt secrets diff --git a/aws-eu1/crossplane/values.yaml b/aws-eu1/crossplane/values.yaml index 38ce351..eacf44e 100644 --- a/aws-eu1/crossplane/values.yaml +++ b/aws-eu1/crossplane/values.yaml @@ -1,5 +1,5 @@ argoSyncWaves: crossplane: - providers: -10000 - providersConfigurations: -9990 - infrastructure: -9980 \ No newline at end of file + providers: "-10000" + providersConfigurations: "-9990" + infrastructure: "-9980" \ No newline at end of file From 31f9618d2cbe45c65aa5bb70f1bd525d51f94400 Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Mon, 9 Jun 2025 16:09:58 +0200 Subject: [PATCH 12/69] quoting syncwaves --- aws-eu1/crossplane/templates/buckets.yaml | 2 +- aws-eu1/crossplane/templates/provider-config.yaml | 2 +- aws-eu1/crossplane/templates/providers.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/aws-eu1/crossplane/templates/buckets.yaml b/aws-eu1/crossplane/templates/buckets.yaml index d242593..8225dd9 100644 --- a/aws-eu1/crossplane/templates/buckets.yaml +++ b/aws-eu1/crossplane/templates/buckets.yaml @@ -4,7 +4,7 @@ kind: Bucket metadata: generateName: crossplane-bucket- annotations: - argocd.argoproj.io/sync-wave: {{ .Values.argoSyncWaves.crossplane.infrastructure }} + argocd.argoproj.io/sync-wave: {{ .Values.argoSyncWaves.crossplane.infrastructure | quote }} spec: forProvider: region: us-east-2 diff --git a/aws-eu1/crossplane/templates/provider-config.yaml b/aws-eu1/crossplane/templates/provider-config.yaml index db57ab5..1ce968a 100644 --- a/aws-eu1/crossplane/templates/provider-config.yaml +++ b/aws-eu1/crossplane/templates/provider-config.yaml @@ -4,7 +4,7 @@ kind: ProviderConfig metadata: name: default annotations: - argocd.argoproj.io/sync-wave: {{ .Values.argoSyncWaves.crossplane.providersConfigurations }} + argocd.argoproj.io/sync-wave: {{ .Values.argoSyncWaves.crossplane.providersConfigurations | quote }} spec: credentials: source: Secret diff --git a/aws-eu1/crossplane/templates/providers.yaml b/aws-eu1/crossplane/templates/providers.yaml index 9ca3fd5..847de47 100644 --- a/aws-eu1/crossplane/templates/providers.yaml +++ b/aws-eu1/crossplane/templates/providers.yaml @@ -4,6 +4,6 @@ kind: Provider metadata: name: provider-aws-s3 annotations: - argocd.argoproj.io/sync-wave: {{ .Values.argoSyncWaves.crossplane.providers }} + argocd.argoproj.io/sync-wave: {{ .Values.argoSyncWaves.crossplane.providers | quote }} spec: package: xpkg.crossplane.io/crossplane-contrib/provider-aws-s3:v1.21.1 From 1b7b6397c8aedc7f7dcb995d530be9baa6252848 Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Mon, 9 Jun 2025 16:13:46 +0200 Subject: [PATCH 13/69] Reducing syncwave numbers --- aws-eu1/crossplane/values.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/aws-eu1/crossplane/values.yaml b/aws-eu1/crossplane/values.yaml index eacf44e..79df9b3 100644 --- a/aws-eu1/crossplane/values.yaml +++ b/aws-eu1/crossplane/values.yaml @@ -1,5 +1,5 @@ argoSyncWaves: crossplane: - providers: "-10000" - providersConfigurations: "-9990" - infrastructure: "-9980" \ No newline at end of file + providers: "-1000" + providersConfigurations: "-990" + infrastructure: "-980" \ No newline at end of file From a726f0ec20a4b1e87e51e77a3cf5b2ce7dcb43bc Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Mon, 9 Jun 2025 16:17:50 +0200 Subject: [PATCH 14/69] Adding syncwave to sops secret --- .../crossplane/templates/aws-creds.enc.yaml | 39 ++++++++++--------- 1 file changed, 21 insertions(+), 18 deletions(-) diff --git a/aws-eu1/crossplane/templates/aws-creds.enc.yaml b/aws-eu1/crossplane/templates/aws-creds.enc.yaml index 6763e13..fc352a9 100644 --- a/aws-eu1/crossplane/templates/aws-creds.enc.yaml +++ b/aws-eu1/crossplane/templates/aws-creds.enc.yaml @@ -3,30 +3,33 @@ kind: Secret metadata: name: aws-secret namespace: crossplane-system + annotations: + argocd.argoproj.io/sync-wave: {{ .Values.argoSyncWaves.crossplane.providers | quote }} data: - creds: ENC[AES256_GCM,data:yXrPQP9G8A/Cp+qDR+QCzy4JN02vZuAPPIwBt08PnU0J/gVjTergCLAuTob91XI5fhumxw80WYV6CFyd+2k0Q5b2U9zF1DkO3bspxb7UVKIRqulzy+hphkMTCQL5+562xAoBSsQZV4wZLG9exHkro5Yt5HJdc0Zhkovpoltc+J9DL/ta+gJsO5X872iy7EWxGFtEysUNRzHwLGoUqkEzxA==,iv:ZW0w/E+w74krLieZRoinxoI4KJgUoiDyGyJX4teWSvE=,tag:yGyo8LDAXNEvm9l12kYBgw==,type:str] + creds: ENC[AES256_GCM,data:BzU0VBkl3l8DRH5d15C1IrKMYQmcDCAmoBXvlPo6MOw+Yv9xGYMueIvdW/GrNLh/3+oAOabYeyit4tz8ADnWAFm4tmGUnWLuglNuEjAZT/Zf03TVMSpusXB0HwSQozLG+OJDvkJHJxrZbVKdTOIhIKrp2Me4AeZU7WAG/grAI4gT83FvbLasfCRzIyxHRqOQzgCq0tG6WR+trzLQ2YDZ2Q==,iv:/XTixHrTnuiZQRAmLYbZ+nWmaCrUp8CmbDBLly7bgo8=,tag:lPRlrzCYQ/rwQ+2aYnEcdQ==,type:str] sops: - lastmodified: "2025-06-09T13:29:11Z" - mac: ENC[AES256_GCM,data:U9G1fbkBLAj5TT4RGSxb4Qz7IsaGFZkPMYLzAWjMsGawwWNMj8sU1pvaYWpsOgQIN4vl1nRyZp30ZagNfXeFmebFYWCa5t9B5K4KAb0gfzFxB4UjSAofR0WvgnWoTrc+iYwDTKEPSeyAD/hjgYIWb6/Z3V9ddVY/K3nKMEY0V1Q=,iv:OW/xcYBfeTbbEOY9gR0mnrbxxke0/rypQiskqr5Bbak=,tag:rwbDiAZp6GF7FpjnlpA66A==,type:str] + lastmodified: "2025-06-09T14:17:13Z" + mac: ENC[AES256_GCM,data:lMxZVIrDvKrIyG73Jp04H5jL8antDyKd4NjJaoIc2eKkCw6///K8hqtx0wdOwbfB7Gwxxlm5Xp01lTfqySN+wSlLBSnOhhsJQ+sy7u++PNtYtqinCSLE7Cardi9U7UiqaLvBMA/scStAiXWv49fF8w29Lnc8Dqa+exHM3VB/bho=,iv:a0UG1KN580K22Xmsq+2LlUGFslR+xnxrnwpcWx8jPDY=,tag:kn1DpTRSoujjFP9T7vVPmQ==,type:str] pgp: - - created_at: "2025-06-09T13:29:11Z" + - created_at: "2025-06-09T14:17:13Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMA/b4SgaRrjB1ARAArpXXTLDcH8XlGyr345ga1I31DY09W0Ma8g5f7A2Qbqot - qDg/cf+4/Acy2egY0ohsiIyST7TTmlZ0rOeaKU7KvcYL7mSpjz9/TJ3cIVcxPzX6 - SjL3arY+tZ2OlLPaYIBZbO3pRJEyfZtcG41rZayV3gXtoC/MwyH9A6+CyUCQPOxX - Aw6Y1EohhDvXl0DDCWkC4ds5WakJi4aJbcU5qunRxGKh7JUUPSrPIe5WqdOfH0M2 - 2FNuPaXDNrlZX6VHRSXiI3lJlS4hydiT9eyWudNLSF1zmMqtwr6xZXptFVBf5MIY - wBmIWDlXGwGM6WiSQktIs95ll9JASDuJZWC9UV/Gmon+scM+nepuuCa/ksx+/ftY - y0QBs7K672sRWyx+0AEZ8sljZzVvdDG95merTi55OuK62GqgKJPxETKJCSWBYVNs - hS8UiX+zHjxrpL9NOXdzqjqqZKm0R+3LxWEKO04biic/aKheJ/SYRHrz372RmQIx - 1xPBuGitR1pEiBiIVnoJHdNkpYweE4g7Giq2ydVWBb0vC3MaaJc2eNTJQmHgqwJO - kF/qfHlQWGGXPJf7XSuUl3pxHcJ3nMhIFptEpnB14rX4gDovp0Ct/s0a0H0Vy+lB - D7pSuNjCSIdlBzk/jSP0ILfhsPUByH/ZvNKWTiQrqzCzl0AFdcZTcCeE047Dk2/U - WwEJAhAwrSoz1sbNiX89/Us19BQOTsk4/Q72ys6imoaem7gLtNouXadL8MutNjwD - BZ/ztfT12Qliefa8M7bntTueoySeq/NLtmd0CuWVQn/suFx/r50FANzHcpo= - =6BaZ + hQIMA/b4SgaRrjB1ARAAr2gpwWLrJCLbxxeHuFRT5Yawlv0MFihuWy134o2gkB0+ + iHFBSY8jytiRg7Kl+4WdeXGIuDEodei25GtPY8+dij6D/S9OT0+DH5x92LjuQ8mj + jg7qiDxlXtu/87zYSltiZewJD3TvqOBskj3nr3zSZrIwSa44+LqtpJFJPHrXhCur + eNZOvcnQuw7boQIBfNgUrJZhJpC1jSOrks2BFLhlaRUV/WMKgZlM/izLXjvLhtKJ + HmcUGmRfsD+pcibFiOWmh1kN5SRoosZQJSSjHonl9wCRzmyPlERTA6J5PWAJkOFo + 5tRW9TnC19n2e/FTKkhKY/KhFuQ+7wKjQx3JwxlEj09lRsGijJnsTG2y1B1waKHA + 7st4p3Z82uSstcP9RnUqQHqVy87KvsCHfovRs5uIpNmUuqic9Jq5k7ZZV+J4X3hH + 4yNnQnjVYpr2SedD3/dCglVKCOVf3fWhSTI3ETb2ON5ieRU0EsOCyYyS57RVBLoB + k6aRUYcPvuRxhEiD3TtH6YBENXjLPWBu/Yj3+AxaUKbFOerBnI8vXMS8fsHdD+jQ + 8P4ss6tOVSlVkeAxpZH6L3/NXJ4AD369Qgslt7UOWd14X+r39XmEZmzEVmJcSxjW + mm5HNIl5EfzmQpeBqnkaioZ6wSvFYXf0gugNhJJaqqnDLPaZDF/kwfexDfooql3U + aAEJAhDHtpNx7aVUBx/ktBo+eHq8he2Vdu80+h+iyAHAZZ2nDUWn/8sWKwWhRCLu + NrP63/IUuRzPIHzvHy7ydETGbJXTtJs0BHiaSk7SCd8lQFTj1tSrAEFr/EPIZB1V + XsdvYImd2XKt + =h9vz -----END PGP MESSAGE----- fp: F5F3E2B76838D78BBA5E40E0E87E041E1CF025EA encrypted_regex: ^(data|stringData)$ From 31c6967da7cc8f1c6961428ddf6b539173c401d1 Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Mon, 9 Jun 2025 17:45:36 +0200 Subject: [PATCH 15/69] Using sealed secrets --- .gitignore | 1 + aws-eu1/apps/Chart.yaml | 13 +++++++ .../apps/{ => templates}/infrastructure.yaml | 8 ++--- aws-eu1/apps/values.yaml | 2 ++ .../crossplane/templates/aws-creds.enc.yaml | 36 ------------------- .../{crossplane => infrastructure}/Chart.yaml | 0 .../infrastructure/templates/aws-creds.yaml | 15 ++++++++ .../templates/buckets.yaml | 0 .../templates/provider-config.yaml | 0 .../templates/providers.yaml | 0 .../values.yaml | 0 foundation/Chart.yaml | 19 ++++++++++ foundation/templates/aws-eu1-apps.yaml | 13 +++++++ foundation/templates/sealed-secrets.yaml | 12 +++++++ foundation/tls.crt | 28 +++++++++++++++ helmfile.yaml | 25 ------------- 16 files changed, 107 insertions(+), 65 deletions(-) create mode 100644 aws-eu1/apps/Chart.yaml rename aws-eu1/apps/{ => templates}/infrastructure.yaml (62%) create mode 100644 aws-eu1/apps/values.yaml delete mode 100644 aws-eu1/crossplane/templates/aws-creds.enc.yaml rename aws-eu1/{crossplane => infrastructure}/Chart.yaml (100%) create mode 100644 aws-eu1/infrastructure/templates/aws-creds.yaml rename aws-eu1/{crossplane => infrastructure}/templates/buckets.yaml (100%) rename aws-eu1/{crossplane => infrastructure}/templates/provider-config.yaml (100%) rename aws-eu1/{crossplane => infrastructure}/templates/providers.yaml (100%) rename aws-eu1/{crossplane => infrastructure}/values.yaml (100%) create mode 100644 foundation/Chart.yaml create mode 100644 foundation/templates/aws-eu1-apps.yaml create mode 100644 foundation/templates/sealed-secrets.yaml create mode 100644 foundation/tls.crt delete mode 100644 helmfile.yaml diff --git a/.gitignore b/.gitignore index c0d8840..069d5d9 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ .secrets/ *.tgz *.lock +*.pem \ No newline at end of file diff --git a/aws-eu1/apps/Chart.yaml b/aws-eu1/apps/Chart.yaml new file mode 100644 index 0000000..20c3035 --- /dev/null +++ b/aws-eu1/apps/Chart.yaml @@ -0,0 +1,13 @@ +apiVersion: v2 +name: base-cluster-application +description: A Helm chart for Kubernetes + +type: application +version: 0.1.0 +appVersion: "0.1.0" +icon: https://docs.crossplane.io/favicon-32x32.png + +# dependencies: +# - name: crossplane +# version: "1.20.0" +# repository: https://charts.crossplane.io/stable \ No newline at end of file diff --git a/aws-eu1/apps/infrastructure.yaml b/aws-eu1/apps/templates/infrastructure.yaml similarity index 62% rename from aws-eu1/apps/infrastructure.yaml rename to aws-eu1/apps/templates/infrastructure.yaml index 7b870b3..ad99828 100644 --- a/aws-eu1/apps/infrastructure.yaml +++ b/aws-eu1/apps/templates/infrastructure.yaml @@ -2,15 +2,15 @@ apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: infrastructure - namespace: argocd - finalizers: - - resources-finalizer.argocd.argoproj.io + namespace: platform-foundation + annotations: + argocd.argoproj.io/sync-wave: {{ .Values.argoSyncWaves.infrastructureApp | quote }} spec: project: default source: repoURL: https://github.com/diegopso/crossplane-example.git targetRevision: cluster-creation - path: aws-eu1/crossplane + path: aws-eu1/infrastructure destination: server: https://kubernetes.default.svc namespace: infrastructure diff --git a/aws-eu1/apps/values.yaml b/aws-eu1/apps/values.yaml new file mode 100644 index 0000000..d316ca5 --- /dev/null +++ b/aws-eu1/apps/values.yaml @@ -0,0 +1,2 @@ +argoSyncWaves: + infrastructureApp: "-10000" \ No newline at end of file diff --git a/aws-eu1/crossplane/templates/aws-creds.enc.yaml b/aws-eu1/crossplane/templates/aws-creds.enc.yaml deleted file mode 100644 index fc352a9..0000000 --- a/aws-eu1/crossplane/templates/aws-creds.enc.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: aws-secret - namespace: crossplane-system - annotations: - argocd.argoproj.io/sync-wave: {{ .Values.argoSyncWaves.crossplane.providers | quote }} -data: - creds: ENC[AES256_GCM,data:BzU0VBkl3l8DRH5d15C1IrKMYQmcDCAmoBXvlPo6MOw+Yv9xGYMueIvdW/GrNLh/3+oAOabYeyit4tz8ADnWAFm4tmGUnWLuglNuEjAZT/Zf03TVMSpusXB0HwSQozLG+OJDvkJHJxrZbVKdTOIhIKrp2Me4AeZU7WAG/grAI4gT83FvbLasfCRzIyxHRqOQzgCq0tG6WR+trzLQ2YDZ2Q==,iv:/XTixHrTnuiZQRAmLYbZ+nWmaCrUp8CmbDBLly7bgo8=,tag:lPRlrzCYQ/rwQ+2aYnEcdQ==,type:str] -sops: - lastmodified: "2025-06-09T14:17:13Z" - mac: ENC[AES256_GCM,data:lMxZVIrDvKrIyG73Jp04H5jL8antDyKd4NjJaoIc2eKkCw6///K8hqtx0wdOwbfB7Gwxxlm5Xp01lTfqySN+wSlLBSnOhhsJQ+sy7u++PNtYtqinCSLE7Cardi9U7UiqaLvBMA/scStAiXWv49fF8w29Lnc8Dqa+exHM3VB/bho=,iv:a0UG1KN580K22Xmsq+2LlUGFslR+xnxrnwpcWx8jPDY=,tag:kn1DpTRSoujjFP9T7vVPmQ==,type:str] - pgp: - - created_at: "2025-06-09T14:17:13Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - hQIMA/b4SgaRrjB1ARAAr2gpwWLrJCLbxxeHuFRT5Yawlv0MFihuWy134o2gkB0+ - iHFBSY8jytiRg7Kl+4WdeXGIuDEodei25GtPY8+dij6D/S9OT0+DH5x92LjuQ8mj - jg7qiDxlXtu/87zYSltiZewJD3TvqOBskj3nr3zSZrIwSa44+LqtpJFJPHrXhCur - eNZOvcnQuw7boQIBfNgUrJZhJpC1jSOrks2BFLhlaRUV/WMKgZlM/izLXjvLhtKJ - HmcUGmRfsD+pcibFiOWmh1kN5SRoosZQJSSjHonl9wCRzmyPlERTA6J5PWAJkOFo - 5tRW9TnC19n2e/FTKkhKY/KhFuQ+7wKjQx3JwxlEj09lRsGijJnsTG2y1B1waKHA - 7st4p3Z82uSstcP9RnUqQHqVy87KvsCHfovRs5uIpNmUuqic9Jq5k7ZZV+J4X3hH - 4yNnQnjVYpr2SedD3/dCglVKCOVf3fWhSTI3ETb2ON5ieRU0EsOCyYyS57RVBLoB - k6aRUYcPvuRxhEiD3TtH6YBENXjLPWBu/Yj3+AxaUKbFOerBnI8vXMS8fsHdD+jQ - 8P4ss6tOVSlVkeAxpZH6L3/NXJ4AD369Qgslt7UOWd14X+r39XmEZmzEVmJcSxjW - mm5HNIl5EfzmQpeBqnkaioZ6wSvFYXf0gugNhJJaqqnDLPaZDF/kwfexDfooql3U - aAEJAhDHtpNx7aVUBx/ktBo+eHq8he2Vdu80+h+iyAHAZZ2nDUWn/8sWKwWhRCLu - NrP63/IUuRzPIHzvHy7ydETGbJXTtJs0BHiaSk7SCd8lQFTj1tSrAEFr/EPIZB1V - XsdvYImd2XKt - =h9vz - -----END PGP MESSAGE----- - fp: F5F3E2B76838D78BBA5E40E0E87E041E1CF025EA - encrypted_regex: ^(data|stringData)$ - version: 3.10.2 diff --git a/aws-eu1/crossplane/Chart.yaml b/aws-eu1/infrastructure/Chart.yaml similarity index 100% rename from aws-eu1/crossplane/Chart.yaml rename to aws-eu1/infrastructure/Chart.yaml diff --git a/aws-eu1/infrastructure/templates/aws-creds.yaml b/aws-eu1/infrastructure/templates/aws-creds.yaml new file mode 100644 index 0000000..225a992 --- /dev/null +++ b/aws-eu1/infrastructure/templates/aws-creds.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: aws-secret + annotations: + argocd.argoproj.io/sync-wave: {{ .Values.argoSyncWaves.crossplane.providers | quote }} +spec: + encryptedData: + creds: AgA02o4v5gVdrxrJTB5WhV8XUMlLZZ/+apVn5YW8xMzFxWqDPGUI/J4KDvaWqcJpzckobC85fqNGfcnu0oq42q/m9b3ki1KNwqo1oO1zWF0pcrADetbs445p0kjr+ZnD77BBO6qXSYmp9Qm5bU/74FksEm12nHCvFEU/VIu/jCB/L8PaUDMNQEndOe6b0Iqs2BXZffBkK3h0Qh0k7gIUNnMG4laOTh+dKTfr0IHTOY+hOBCEMJMoH9JbVYtFYj3eOQ1vGcJ340yyhg8YiznFd1AnNgjdM3xFN4+QaHFCgUe+q2SuzsQxbcFlkPXwtJm8MMtANg7+JQvf/3xBtvgcGrngMx+WGkMCTNayqFBp/OWt7a+EGvfo9mhxDkL/MAoUpxwmJ1kpEpgkyu2DAfpn4EKzDZjLw2opJEpw1LL9L7g754hbV9O9yZS1pIsA0G5qYbw7+ic1ClIcUaeWKIdunllBnhc2RvWTImGNzyxJalGY8PeT3fFazVSiiGGxR/BOwAFA2ZVQ0OlVv+PD0CiwCrF0lRtsD9H/bvOwUWiqAWVAqnDlQjmcZU7tjWGdeHP6OUgrQedfli18StcJjC5tk3oC2rvPJQTSNcMC06rSC8cW2j32jDXf9hlZcbwnVMIIJ2M+tkm3zoZuF2neoXF3BiOfge6iDPSdZpl94Tob21/l5HSF6raWRkbl2AOummOUSoR2vVvJa3dLLX2wDNtgomSAStUkXyYeZdHbTkwZG3Gv800KVFeEWMuupI92NPz1olH9Kxl12wxPJWdlwbUOIG8PWW9v+E1Ica3J6ux2oTks/PHPGteG6iPDHSMAxnKT6o/Dfwb4uaENdjsFe/2/dpyeTr+FKYc8mA== + template: + metadata: + creationTimestamp: null + name: aws-secret diff --git a/aws-eu1/crossplane/templates/buckets.yaml b/aws-eu1/infrastructure/templates/buckets.yaml similarity index 100% rename from aws-eu1/crossplane/templates/buckets.yaml rename to aws-eu1/infrastructure/templates/buckets.yaml diff --git a/aws-eu1/crossplane/templates/provider-config.yaml b/aws-eu1/infrastructure/templates/provider-config.yaml similarity index 100% rename from aws-eu1/crossplane/templates/provider-config.yaml rename to aws-eu1/infrastructure/templates/provider-config.yaml diff --git a/aws-eu1/crossplane/templates/providers.yaml b/aws-eu1/infrastructure/templates/providers.yaml similarity index 100% rename from aws-eu1/crossplane/templates/providers.yaml rename to aws-eu1/infrastructure/templates/providers.yaml diff --git a/aws-eu1/crossplane/values.yaml b/aws-eu1/infrastructure/values.yaml similarity index 100% rename from aws-eu1/crossplane/values.yaml rename to aws-eu1/infrastructure/values.yaml diff --git a/foundation/Chart.yaml b/foundation/Chart.yaml new file mode 100644 index 0000000..17e7ae6 --- /dev/null +++ b/foundation/Chart.yaml @@ -0,0 +1,19 @@ +apiVersion: v2 +name: foundation +description: A foundation Helm chart for a cluster + +type: application +version: 0.1.0 +appVersion: "1.20.0" +icon: https://docs.crossplane.io/favicon-32x32.png + +# dependencies: +# - name: crossplane +# version: "1.20.0" +# repository: https://charts.crossplane.io/stable +# - name: argo-cd +# version: "8.0.16" +# repository: https://argoproj.github.io/argo-helm +# - name: sealed-secrets +# version: "2.17.2" +# repository: https://bitnami-labs.github.io/sealed-secrets diff --git a/foundation/templates/aws-eu1-apps.yaml b/foundation/templates/aws-eu1-apps.yaml new file mode 100644 index 0000000..4144af8 --- /dev/null +++ b/foundation/templates/aws-eu1-apps.yaml @@ -0,0 +1,13 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: aws-eu1 +spec: + project: default + source: + repoURL: https://github.com/diegopso/crossplane-example.git + path: aws-eu1/apps + targetRevision: cluster-creation + destination: + server: https://kubernetes.default.svc + namespace: {{ .Release.Namespace }} diff --git a/foundation/templates/sealed-secrets.yaml b/foundation/templates/sealed-secrets.yaml new file mode 100644 index 0000000..1fddbf5 --- /dev/null +++ b/foundation/templates/sealed-secrets.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Secret +metadata: + creationTimestamp: "2025-06-09T14:50:21Z" + labels: + sealedsecrets.bitnami.com/sealed-secrets-key: active + name: sealed-secrets-key + resourceVersion: "6054" +type: kubernetes.io/tls +data: + tls.crt: {{ .Files.Get "tls.crt" | b64enc }} + tls.key: {{ .Files.Get "tls.pem" | b64enc }} diff --git a/foundation/tls.crt b/foundation/tls.crt new file mode 100644 index 0000000..ef196ef --- /dev/null +++ b/foundation/tls.crt @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIEzDCCArSgAwIBAgIQA6lbx4ttfvqGnEfRUVkWjzANBgkqhkiG9w0BAQsFADAA +MB4XDTI1MDYwOTE0NTAyMVoXDTM1MDYwNzE0NTAyMVowADCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBAKdwNt/l5MHnHihkjkMvlrzxbKeEc7wZTM2u6Xje +RMTPF3+lvbTUbX+RIKF5TSc3zH/EA6r99m3zeRwqOpEBn8053c9SzXZbGtoCAJw9 +kvlnW+SRm9vbE6pceHFQkezUOW1S+sef3t7k7wbm323JikPdx/OAQCS9fdoVc5oc +ZlJXEca9iSqqgOK0jkP0tScuQK3EqHN3r8ZWwqMbkeTAFTo2XZ/NSxXYIY6qcHG+ +hmg5B3UKe9lc8Ew0KbvXMS2SMyOXyCikv3C9T1JSNT3h2Uh6O35pK2CeBs2tqwjr +I8qrIhLi+hbkLVk34N0oKX4X8icKXoSaPrKR3wFnEykWiJEjUoiqdm966qXIG/uc +/UFwIZtwVyeVMPjmxHsihGgB79BT3lYL+5R/JOLfzDhpm0JnFTvsIL8CovOY9J1H +nCXC5C6O1VQd2aReZdNaPvHVTnzh+cFFkpB32J4rmMUo2nFpOngE+/Fgjsu7801T +0sjl+3NwhK1sSbDu3PB1gXJBGRMhexcWBFIcCcKuo7SMDkRTXch14COCoeHVjv/k +sR6GjzJ/Su//1mFTQwRX8YLF+qBe+0jV4Q/1SpF9qxmLD0eqsx+0d6+hiW5Tu8tL +Ww5j5povmf9lmQyfaZMs52xO145+p8yPdB31APY+pCzQqSn9c48VfmY4OcdIegYs +ir9LAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIAATAPBgNVHRMBAf8EBTADAQH/MB0G +A1UdDgQWBBRLBiJf/MLhjsgrSRiGoqtLiNrr4DANBgkqhkiG9w0BAQsFAAOCAgEA +S6jCqd6eznHz8R0DvQLtxwG+VaU6c64JHJFD9iGJjrwdvSs8oOM6O2DBMmd3o9Wj +8xpKD/kStE4up8aw+gVGIvo/0W8dCWTEeY3kN2K5F2/hjaSrbUzg+7MiKXM9FqpS +9/F5YlRUv71wiGf2nOF8GUZVve3gFGRQ/sXDe3SC0/MRGpS8+K2cwuDNtfSijInv +5So0kHCvr8dDz4ChpMqQDGDOPIgQ+Rnx7Z3WeorwwNmOHAIf30wxXBLidoASLPzQ +cmufZKoDt178l73kI791og3g1+pc9TcOe2ZnGclxl0eq7WQzsAa4bD62zmlt3ejE +kbXhZc+ELDwdtfxLfeUM6L6l33TsqRH2SrKkHw+yViIPvW4QGJtJzX4NFHN+NHEZ +OtOYd6/F4yS9hoOzA3Cer7H44DmwZ+ltikTKl7r3jUd7Qetf9sNZgsL7SXicq/4h +Ygx171jVyzydCEvz8c3aPNoNBwPQPa8V3NdZ7OpNrmYoHe4n0DwZwiyKxDKFUk9k +LN7ARII3WT7HLLGI2kD9FWRq0sjBteSdvx9jc43UcCHmurKKA/+327mETU3E+Nug +Cz6ilzGovgw/fM6h07vLavv3AAd6woTR1UJ3gfHu9ptawJj1mosjLCQJBkXWmWso +cJ81syS41FPMfM00LpeasyurEVzOZFmqPzkY69+ix88= +-----END CERTIFICATE----- diff --git a/helmfile.yaml b/helmfile.yaml deleted file mode 100644 index d240ab6..0000000 --- a/helmfile.yaml +++ /dev/null @@ -1,25 +0,0 @@ -repositories: - - name: crossplane-stable - url: https://charts.crossplane.io/stable - - name: argo - url: https://argoproj.github.io/argo-helm - -releases: - - name: crossplane - namespace: crossplane-system - chart: crossplane-stable/crossplane - version: "1.20.0" - - name: argocd - namespace: argocd - chart: argo/argo-cd - version: "8.0.16" - # - name: crossplane - # namespace: crossplane-system - # chart: ./crossplane - # version: "0.1.0" - # - name: infrastructure - # namespace: crossplane-system - # chart: ./infrastructure - # version: "0.1.0" - # needs: - # - crossplane From 0a8175d54be413c427eb79ec5f9b9b3064e01e03 Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Mon, 9 Jun 2025 18:03:44 +0200 Subject: [PATCH 16/69] Allow creating namespace --- aws-eu1/apps/templates/infrastructure.yaml | 6 ++++++ .../templates/provider-config.yaml | 2 +- foundation/Chart.yaml | 20 +++++++++---------- 3 files changed, 17 insertions(+), 11 deletions(-) diff --git a/aws-eu1/apps/templates/infrastructure.yaml b/aws-eu1/apps/templates/infrastructure.yaml index ad99828..56f07da 100644 --- a/aws-eu1/apps/templates/infrastructure.yaml +++ b/aws-eu1/apps/templates/infrastructure.yaml @@ -7,6 +7,12 @@ metadata: argocd.argoproj.io/sync-wave: {{ .Values.argoSyncWaves.infrastructureApp | quote }} spec: project: default + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true source: repoURL: https://github.com/diegopso/crossplane-example.git targetRevision: cluster-creation diff --git a/aws-eu1/infrastructure/templates/provider-config.yaml b/aws-eu1/infrastructure/templates/provider-config.yaml index 1ce968a..b9243f8 100644 --- a/aws-eu1/infrastructure/templates/provider-config.yaml +++ b/aws-eu1/infrastructure/templates/provider-config.yaml @@ -9,6 +9,6 @@ spec: credentials: source: Secret secretRef: - namespace: crossplane-system + namespace: {{ .Release.Namespace }} name: aws-secret key: creds diff --git a/foundation/Chart.yaml b/foundation/Chart.yaml index 17e7ae6..43fa5cc 100644 --- a/foundation/Chart.yaml +++ b/foundation/Chart.yaml @@ -7,13 +7,13 @@ version: 0.1.0 appVersion: "1.20.0" icon: https://docs.crossplane.io/favicon-32x32.png -# dependencies: -# - name: crossplane -# version: "1.20.0" -# repository: https://charts.crossplane.io/stable -# - name: argo-cd -# version: "8.0.16" -# repository: https://argoproj.github.io/argo-helm -# - name: sealed-secrets -# version: "2.17.2" -# repository: https://bitnami-labs.github.io/sealed-secrets +dependencies: + - name: crossplane + version: "1.20.0" + repository: https://charts.crossplane.io/stable + - name: argo-cd + version: "8.0.16" + repository: https://argoproj.github.io/argo-helm + - name: sealed-secrets + version: "2.17.2" + repository: https://bitnami-labs.github.io/sealed-secrets From c4ba8268a1cc44802d1f73df6402c13bf24167b2 Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Mon, 9 Jun 2025 18:16:10 +0200 Subject: [PATCH 17/69] Changing namespace of secret --- aws-eu1/infrastructure/templates/aws-creds.yaml | 6 +++--- aws-eu1/infrastructure/templates/buckets.yaml | 2 +- foundation/templates/aws-eu1-apps.yaml | 4 ++++ foundation/templates/sealed-secrets.yaml | 12 +++++------- 4 files changed, 13 insertions(+), 11 deletions(-) diff --git a/aws-eu1/infrastructure/templates/aws-creds.yaml b/aws-eu1/infrastructure/templates/aws-creds.yaml index 225a992..63f0555 100644 --- a/aws-eu1/infrastructure/templates/aws-creds.yaml +++ b/aws-eu1/infrastructure/templates/aws-creds.yaml @@ -4,12 +4,12 @@ kind: SealedSecret metadata: creationTimestamp: null name: aws-secret - annotations: - argocd.argoproj.io/sync-wave: {{ .Values.argoSyncWaves.crossplane.providers | quote }} + namespace: infrastructure spec: encryptedData: - creds: AgA02o4v5gVdrxrJTB5WhV8XUMlLZZ/+apVn5YW8xMzFxWqDPGUI/J4KDvaWqcJpzckobC85fqNGfcnu0oq42q/m9b3ki1KNwqo1oO1zWF0pcrADetbs445p0kjr+ZnD77BBO6qXSYmp9Qm5bU/74FksEm12nHCvFEU/VIu/jCB/L8PaUDMNQEndOe6b0Iqs2BXZffBkK3h0Qh0k7gIUNnMG4laOTh+dKTfr0IHTOY+hOBCEMJMoH9JbVYtFYj3eOQ1vGcJ340yyhg8YiznFd1AnNgjdM3xFN4+QaHFCgUe+q2SuzsQxbcFlkPXwtJm8MMtANg7+JQvf/3xBtvgcGrngMx+WGkMCTNayqFBp/OWt7a+EGvfo9mhxDkL/MAoUpxwmJ1kpEpgkyu2DAfpn4EKzDZjLw2opJEpw1LL9L7g754hbV9O9yZS1pIsA0G5qYbw7+ic1ClIcUaeWKIdunllBnhc2RvWTImGNzyxJalGY8PeT3fFazVSiiGGxR/BOwAFA2ZVQ0OlVv+PD0CiwCrF0lRtsD9H/bvOwUWiqAWVAqnDlQjmcZU7tjWGdeHP6OUgrQedfli18StcJjC5tk3oC2rvPJQTSNcMC06rSC8cW2j32jDXf9hlZcbwnVMIIJ2M+tkm3zoZuF2neoXF3BiOfge6iDPSdZpl94Tob21/l5HSF6raWRkbl2AOummOUSoR2vVvJa3dLLX2wDNtgomSAStUkXyYeZdHbTkwZG3Gv800KVFeEWMuupI92NPz1olH9Kxl12wxPJWdlwbUOIG8PWW9v+E1Ica3J6ux2oTks/PHPGteG6iPDHSMAxnKT6o/Dfwb4uaENdjsFe/2/dpyeTr+FKYc8mA== + creds: AgAGghVmB6dNPtalix30S4z/YY3kiQp3QxdGoSbpM7/lg7D5Wd1RoPdbWccqwF36CY/fElhwJZ2l5eC5AneB2vVJabzAV8e9uhoHtZuRP74djCJSmcH/ouKIXHMrGCVow2RdWNT8d3GPT0RJCtLnzrp5WybEn8CcFwKXWefxN4w8G1e2qS/ezgJMUoSa3uZAFuNyiVcBXHX0BNlZJA8Ch17Xj/jg6CSJRO6YuDuCI3+cFSgp1PycUlETPh4M3JsW1G9CLGWfsWhHyCLVdSG7CgLVZaGuuM3q2IUI5vyQWL2+5Kgt/YEWCWJ0Gh/nixhcYTz1/JGko403EBm9zgTyTQrc9PWla7PVlXGYtvx926W+zej7bKn/pqTYIyhITdANPvStMSgXZeGvN0IFXng9AV7/GDeHbrA5ZzhFrHN6qfvggel2SulpvoGFvVxKpnrvT9zwY/HIeDVK9OdC12mOzOd13QRbCjTz/5xj5Tl6LY0qK78PjCw8sQG5ZG1JJ+cmPcFkScjM9Cu0Byc5CnfUZqi6cP/FKs2CFlyFOk/jz4UesReY4NhU15oOvjyJYQJINBH3YYPS04eamZGVvq9fi28bmal2Ab26cR0ZzDdjMwxk3E+FOaxLwUNXERLcV2za7lvrj32gc5TXPocFUJkKcaaJ1Bnw9t9ZlmbSrYkF7IZgnWS2kUzEFuwOnJ1Ip45a1QPMhiVXxFtMPhPXg8KGgcNO1hlnvAQQP8KVZNdF0glI+UTS7GoVcafQcxXbxHfW7psI33sodkOS6/LX+RnYLPXn5E9lO2wWcJhe+tBhVbKQjdt51LNfcDL2SWOSpY0dx+RxA4HAX5RC2VuIhbdSV4NpptLq8fIozw== template: metadata: creationTimestamp: null name: aws-secret + namespace: infrastructure diff --git a/aws-eu1/infrastructure/templates/buckets.yaml b/aws-eu1/infrastructure/templates/buckets.yaml index 8225dd9..b9f1134 100644 --- a/aws-eu1/infrastructure/templates/buckets.yaml +++ b/aws-eu1/infrastructure/templates/buckets.yaml @@ -2,7 +2,7 @@ apiVersion: s3.aws.upbound.io/v1beta1 kind: Bucket metadata: - generateName: crossplane-bucket- + name: crossplane-bucket-c5ffd8c0-63c2-4f80-9a1a-6b4e667250bd annotations: argocd.argoproj.io/sync-wave: {{ .Values.argoSyncWaves.crossplane.infrastructure | quote }} spec: diff --git a/foundation/templates/aws-eu1-apps.yaml b/foundation/templates/aws-eu1-apps.yaml index 4144af8..b1a8812 100644 --- a/foundation/templates/aws-eu1-apps.yaml +++ b/foundation/templates/aws-eu1-apps.yaml @@ -11,3 +11,7 @@ spec: destination: server: https://kubernetes.default.svc namespace: {{ .Release.Namespace }} + syncPolicy: + automated: + prune: true + selfHeal: true diff --git a/foundation/templates/sealed-secrets.yaml b/foundation/templates/sealed-secrets.yaml index 1fddbf5..d6967db 100644 --- a/foundation/templates/sealed-secrets.yaml +++ b/foundation/templates/sealed-secrets.yaml @@ -1,12 +1,10 @@ apiVersion: v1 kind: Secret metadata: - creationTimestamp: "2025-06-09T14:50:21Z" - labels: - sealedsecrets.bitnami.com/sealed-secrets-key: active - name: sealed-secrets-key - resourceVersion: "6054" + name: sealed-secrets-initial-key + labels: + sealedsecrets.bitnami.com/sealed-secrets-key: active type: kubernetes.io/tls data: - tls.crt: {{ .Files.Get "tls.crt" | b64enc }} - tls.key: {{ .Files.Get "tls.pem" | b64enc }} + tls.crt: {{ .Files.Get "tls.crt" | b64enc }} + tls.key: {{ .Files.Get "tls.pem" | b64enc }} From 298217a6f82964acb065414a28541f17e49a0d63 Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Mon, 9 Jun 2025 18:25:11 +0200 Subject: [PATCH 18/69] Adding finalizers --- aws-eu1/apps/templates/infrastructure.yaml | 2 ++ aws-eu1/infrastructure/templates/aws-creds.yaml | 4 ++-- foundation/templates/aws-eu1-apps.yaml | 2 ++ foundation/templates/sealed-secrets.yaml | 4 +++- 4 files changed, 9 insertions(+), 3 deletions(-) diff --git a/aws-eu1/apps/templates/infrastructure.yaml b/aws-eu1/apps/templates/infrastructure.yaml index 56f07da..0e9894c 100644 --- a/aws-eu1/apps/templates/infrastructure.yaml +++ b/aws-eu1/apps/templates/infrastructure.yaml @@ -3,6 +3,8 @@ kind: Application metadata: name: infrastructure namespace: platform-foundation + finalizers: + - resources-finalizer.argocd.argoproj.io annotations: argocd.argoproj.io/sync-wave: {{ .Values.argoSyncWaves.infrastructureApp | quote }} spec: diff --git a/aws-eu1/infrastructure/templates/aws-creds.yaml b/aws-eu1/infrastructure/templates/aws-creds.yaml index 63f0555..c8e3b07 100644 --- a/aws-eu1/infrastructure/templates/aws-creds.yaml +++ b/aws-eu1/infrastructure/templates/aws-creds.yaml @@ -4,7 +4,7 @@ kind: SealedSecret metadata: creationTimestamp: null name: aws-secret - namespace: infrastructure + namespace: {{ .Release.Namespace }} spec: encryptedData: creds: AgAGghVmB6dNPtalix30S4z/YY3kiQp3QxdGoSbpM7/lg7D5Wd1RoPdbWccqwF36CY/fElhwJZ2l5eC5AneB2vVJabzAV8e9uhoHtZuRP74djCJSmcH/ouKIXHMrGCVow2RdWNT8d3GPT0RJCtLnzrp5WybEn8CcFwKXWefxN4w8G1e2qS/ezgJMUoSa3uZAFuNyiVcBXHX0BNlZJA8Ch17Xj/jg6CSJRO6YuDuCI3+cFSgp1PycUlETPh4M3JsW1G9CLGWfsWhHyCLVdSG7CgLVZaGuuM3q2IUI5vyQWL2+5Kgt/YEWCWJ0Gh/nixhcYTz1/JGko403EBm9zgTyTQrc9PWla7PVlXGYtvx926W+zej7bKn/pqTYIyhITdANPvStMSgXZeGvN0IFXng9AV7/GDeHbrA5ZzhFrHN6qfvggel2SulpvoGFvVxKpnrvT9zwY/HIeDVK9OdC12mOzOd13QRbCjTz/5xj5Tl6LY0qK78PjCw8sQG5ZG1JJ+cmPcFkScjM9Cu0Byc5CnfUZqi6cP/FKs2CFlyFOk/jz4UesReY4NhU15oOvjyJYQJINBH3YYPS04eamZGVvq9fi28bmal2Ab26cR0ZzDdjMwxk3E+FOaxLwUNXERLcV2za7lvrj32gc5TXPocFUJkKcaaJ1Bnw9t9ZlmbSrYkF7IZgnWS2kUzEFuwOnJ1Ip45a1QPMhiVXxFtMPhPXg8KGgcNO1hlnvAQQP8KVZNdF0glI+UTS7GoVcafQcxXbxHfW7psI33sodkOS6/LX+RnYLPXn5E9lO2wWcJhe+tBhVbKQjdt51LNfcDL2SWOSpY0dx+RxA4HAX5RC2VuIhbdSV4NpptLq8fIozw== @@ -12,4 +12,4 @@ spec: metadata: creationTimestamp: null name: aws-secret - namespace: infrastructure + namespace: {{ .Release.Namespace }} diff --git a/foundation/templates/aws-eu1-apps.yaml b/foundation/templates/aws-eu1-apps.yaml index b1a8812..b739704 100644 --- a/foundation/templates/aws-eu1-apps.yaml +++ b/foundation/templates/aws-eu1-apps.yaml @@ -2,6 +2,8 @@ apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: aws-eu1 + finalizers: + - resources-finalizer.argocd.argoproj.io spec: project: default source: diff --git a/foundation/templates/sealed-secrets.yaml b/foundation/templates/sealed-secrets.yaml index d6967db..e1c726f 100644 --- a/foundation/templates/sealed-secrets.yaml +++ b/foundation/templates/sealed-secrets.yaml @@ -2,9 +2,11 @@ apiVersion: v1 kind: Secret metadata: name: sealed-secrets-initial-key + annotations: + argocd.argoproj.io/hook: PreSync labels: sealedsecrets.bitnami.com/sealed-secrets-key: active type: kubernetes.io/tls data: tls.crt: {{ .Files.Get "tls.crt" | b64enc }} - tls.key: {{ .Files.Get "tls.pem" | b64enc }} + tls.key: {{ .Files.Get "tls.pem" | b64enc }} \ No newline at end of file From 3bd3f9bc72602e65824910cea43f6ef5e20e2a73 Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Mon, 9 Jun 2025 22:16:33 +0200 Subject: [PATCH 19/69] Allow disable infrastructure --- aws-eu1/apps/templates/infrastructure.yaml | 3 +++ aws-eu1/apps/values.yaml | 5 ++++- aws-eu1/infrastructure/templates/aws-creds.yaml | 2 ++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/aws-eu1/apps/templates/infrastructure.yaml b/aws-eu1/apps/templates/infrastructure.yaml index 0e9894c..62bf120 100644 --- a/aws-eu1/apps/templates/infrastructure.yaml +++ b/aws-eu1/apps/templates/infrastructure.yaml @@ -1,3 +1,5 @@ +{{- if .Values.infrastructureApp.enabled -}} +--- apiVersion: argoproj.io/v1alpha1 kind: Application metadata: @@ -22,3 +24,4 @@ spec: destination: server: https://kubernetes.default.svc namespace: infrastructure +{{- end -}} \ No newline at end of file diff --git a/aws-eu1/apps/values.yaml b/aws-eu1/apps/values.yaml index d316ca5..2498c46 100644 --- a/aws-eu1/apps/values.yaml +++ b/aws-eu1/apps/values.yaml @@ -1,2 +1,5 @@ argoSyncWaves: - infrastructureApp: "-10000" \ No newline at end of file + infrastructureApp: "-10000" + +infrastructureApp: + enabled: true diff --git a/aws-eu1/infrastructure/templates/aws-creds.yaml b/aws-eu1/infrastructure/templates/aws-creds.yaml index c8e3b07..6017f33 100644 --- a/aws-eu1/infrastructure/templates/aws-creds.yaml +++ b/aws-eu1/infrastructure/templates/aws-creds.yaml @@ -5,6 +5,8 @@ metadata: creationTimestamp: null name: aws-secret namespace: {{ .Release.Namespace }} + annotations: + argocd.argoproj.io/sync-wave: {{ .Values.argoSyncWaves.crossplane.providers | quote }} spec: encryptedData: creds: AgAGghVmB6dNPtalix30S4z/YY3kiQp3QxdGoSbpM7/lg7D5Wd1RoPdbWccqwF36CY/fElhwJZ2l5eC5AneB2vVJabzAV8e9uhoHtZuRP74djCJSmcH/ouKIXHMrGCVow2RdWNT8d3GPT0RJCtLnzrp5WybEn8CcFwKXWefxN4w8G1e2qS/ezgJMUoSa3uZAFuNyiVcBXHX0BNlZJA8Ch17Xj/jg6CSJRO6YuDuCI3+cFSgp1PycUlETPh4M3JsW1G9CLGWfsWhHyCLVdSG7CgLVZaGuuM3q2IUI5vyQWL2+5Kgt/YEWCWJ0Gh/nixhcYTz1/JGko403EBm9zgTyTQrc9PWla7PVlXGYtvx926W+zej7bKn/pqTYIyhITdANPvStMSgXZeGvN0IFXng9AV7/GDeHbrA5ZzhFrHN6qfvggel2SulpvoGFvVxKpnrvT9zwY/HIeDVK9OdC12mOzOd13QRbCjTz/5xj5Tl6LY0qK78PjCw8sQG5ZG1JJ+cmPcFkScjM9Cu0Byc5CnfUZqi6cP/FKs2CFlyFOk/jz4UesReY4NhU15oOvjyJYQJINBH3YYPS04eamZGVvq9fi28bmal2Ab26cR0ZzDdjMwxk3E+FOaxLwUNXERLcV2za7lvrj32gc5TXPocFUJkKcaaJ1Bnw9t9ZlmbSrYkF7IZgnWS2kUzEFuwOnJ1Ip45a1QPMhiVXxFtMPhPXg8KGgcNO1hlnvAQQP8KVZNdF0glI+UTS7GoVcafQcxXbxHfW7psI33sodkOS6/LX+RnYLPXn5E9lO2wWcJhe+tBhVbKQjdt51LNfcDL2SWOSpY0dx+RxA4HAX5RC2VuIhbdSV4NpptLq8fIozw== From a27675c71f5ab0b61da8b5f677735089458a6ec3 Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Mon, 9 Jun 2025 22:18:42 +0200 Subject: [PATCH 20/69] Random bucket name --- aws-eu1/infrastructure/templates/buckets.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aws-eu1/infrastructure/templates/buckets.yaml b/aws-eu1/infrastructure/templates/buckets.yaml index b9f1134..68edbb0 100644 --- a/aws-eu1/infrastructure/templates/buckets.yaml +++ b/aws-eu1/infrastructure/templates/buckets.yaml @@ -2,7 +2,7 @@ apiVersion: s3.aws.upbound.io/v1beta1 kind: Bucket metadata: - name: crossplane-bucket-c5ffd8c0-63c2-4f80-9a1a-6b4e667250bd + name: crossplane-bucket-{{ uuidv4 }} annotations: argocd.argoproj.io/sync-wave: {{ .Values.argoSyncWaves.crossplane.infrastructure | quote }} spec: From 470b56efdf9b774a25b980af93e0402dbf6459dc Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Mon, 9 Jun 2025 22:34:27 +0200 Subject: [PATCH 21/69] Testing sync waves --- aws-eu1/infrastructure/values.yaml | 4 ++-- foundation/templates/aws-eu1-apps.yaml | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/aws-eu1/infrastructure/values.yaml b/aws-eu1/infrastructure/values.yaml index 79df9b3..e577e83 100644 --- a/aws-eu1/infrastructure/values.yaml +++ b/aws-eu1/infrastructure/values.yaml @@ -1,5 +1,5 @@ argoSyncWaves: crossplane: - providers: "-1000" + providers: "-980" providersConfigurations: "-990" - infrastructure: "-980" \ No newline at end of file + infrastructure: "-1000" \ No newline at end of file diff --git a/foundation/templates/aws-eu1-apps.yaml b/foundation/templates/aws-eu1-apps.yaml index b739704..20d3756 100644 --- a/foundation/templates/aws-eu1-apps.yaml +++ b/foundation/templates/aws-eu1-apps.yaml @@ -2,6 +2,8 @@ apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: aws-eu1 + annotations: + helm.sh/hook: post-install finalizers: - resources-finalizer.argocd.argoproj.io spec: From b65f8aa0083a80635e75ab7b93b90d906bd9cd27 Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Mon, 9 Jun 2025 22:36:48 +0200 Subject: [PATCH 22/69] Testing sync waves --- aws-eu1/infrastructure/templates/aws-creds.yaml | 2 +- aws-eu1/infrastructure/values.yaml | 7 ++++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/aws-eu1/infrastructure/templates/aws-creds.yaml b/aws-eu1/infrastructure/templates/aws-creds.yaml index 6017f33..d88b624 100644 --- a/aws-eu1/infrastructure/templates/aws-creds.yaml +++ b/aws-eu1/infrastructure/templates/aws-creds.yaml @@ -6,7 +6,7 @@ metadata: name: aws-secret namespace: {{ .Release.Namespace }} annotations: - argocd.argoproj.io/sync-wave: {{ .Values.argoSyncWaves.crossplane.providers | quote }} + argocd.argoproj.io/sync-wave: {{ .Values.argoSyncWaves.crossplane.secrets | quote }} spec: encryptedData: creds: AgAGghVmB6dNPtalix30S4z/YY3kiQp3QxdGoSbpM7/lg7D5Wd1RoPdbWccqwF36CY/fElhwJZ2l5eC5AneB2vVJabzAV8e9uhoHtZuRP74djCJSmcH/ouKIXHMrGCVow2RdWNT8d3GPT0RJCtLnzrp5WybEn8CcFwKXWefxN4w8G1e2qS/ezgJMUoSa3uZAFuNyiVcBXHX0BNlZJA8Ch17Xj/jg6CSJRO6YuDuCI3+cFSgp1PycUlETPh4M3JsW1G9CLGWfsWhHyCLVdSG7CgLVZaGuuM3q2IUI5vyQWL2+5Kgt/YEWCWJ0Gh/nixhcYTz1/JGko403EBm9zgTyTQrc9PWla7PVlXGYtvx926W+zej7bKn/pqTYIyhITdANPvStMSgXZeGvN0IFXng9AV7/GDeHbrA5ZzhFrHN6qfvggel2SulpvoGFvVxKpnrvT9zwY/HIeDVK9OdC12mOzOd13QRbCjTz/5xj5Tl6LY0qK78PjCw8sQG5ZG1JJ+cmPcFkScjM9Cu0Byc5CnfUZqi6cP/FKs2CFlyFOk/jz4UesReY4NhU15oOvjyJYQJINBH3YYPS04eamZGVvq9fi28bmal2Ab26cR0ZzDdjMwxk3E+FOaxLwUNXERLcV2za7lvrj32gc5TXPocFUJkKcaaJ1Bnw9t9ZlmbSrYkF7IZgnWS2kUzEFuwOnJ1Ip45a1QPMhiVXxFtMPhPXg8KGgcNO1hlnvAQQP8KVZNdF0glI+UTS7GoVcafQcxXbxHfW7psI33sodkOS6/LX+RnYLPXn5E9lO2wWcJhe+tBhVbKQjdt51LNfcDL2SWOSpY0dx+RxA4HAX5RC2VuIhbdSV4NpptLq8fIozw== diff --git a/aws-eu1/infrastructure/values.yaml b/aws-eu1/infrastructure/values.yaml index e577e83..d2275cc 100644 --- a/aws-eu1/infrastructure/values.yaml +++ b/aws-eu1/infrastructure/values.yaml @@ -1,5 +1,6 @@ argoSyncWaves: crossplane: - providers: "-980" - providersConfigurations: "-990" - infrastructure: "-1000" \ No newline at end of file + secrets: "-1000" + providers: "-990" + providersConfigurations: "-980" + infrastructure: "-970" \ No newline at end of file From 790eab69e11df28b39ad0f937b440a158c4b7087 Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Tue, 10 Jun 2025 07:45:13 +0200 Subject: [PATCH 23/69] Using argo hooks --- aws-eu1/infrastructure/templates/aws-creds.yaml | 2 +- aws-eu1/infrastructure/templates/provider-config.yaml | 2 +- aws-eu1/infrastructure/templates/providers.yaml | 2 +- aws-eu1/infrastructure/values.yaml | 6 ++---- 4 files changed, 5 insertions(+), 7 deletions(-) diff --git a/aws-eu1/infrastructure/templates/aws-creds.yaml b/aws-eu1/infrastructure/templates/aws-creds.yaml index d88b624..63e9c3a 100644 --- a/aws-eu1/infrastructure/templates/aws-creds.yaml +++ b/aws-eu1/infrastructure/templates/aws-creds.yaml @@ -6,7 +6,7 @@ metadata: name: aws-secret namespace: {{ .Release.Namespace }} annotations: - argocd.argoproj.io/sync-wave: {{ .Values.argoSyncWaves.crossplane.secrets | quote }} + argocd.argoproj.io/hook: PreSync spec: encryptedData: creds: AgAGghVmB6dNPtalix30S4z/YY3kiQp3QxdGoSbpM7/lg7D5Wd1RoPdbWccqwF36CY/fElhwJZ2l5eC5AneB2vVJabzAV8e9uhoHtZuRP74djCJSmcH/ouKIXHMrGCVow2RdWNT8d3GPT0RJCtLnzrp5WybEn8CcFwKXWefxN4w8G1e2qS/ezgJMUoSa3uZAFuNyiVcBXHX0BNlZJA8Ch17Xj/jg6CSJRO6YuDuCI3+cFSgp1PycUlETPh4M3JsW1G9CLGWfsWhHyCLVdSG7CgLVZaGuuM3q2IUI5vyQWL2+5Kgt/YEWCWJ0Gh/nixhcYTz1/JGko403EBm9zgTyTQrc9PWla7PVlXGYtvx926W+zej7bKn/pqTYIyhITdANPvStMSgXZeGvN0IFXng9AV7/GDeHbrA5ZzhFrHN6qfvggel2SulpvoGFvVxKpnrvT9zwY/HIeDVK9OdC12mOzOd13QRbCjTz/5xj5Tl6LY0qK78PjCw8sQG5ZG1JJ+cmPcFkScjM9Cu0Byc5CnfUZqi6cP/FKs2CFlyFOk/jz4UesReY4NhU15oOvjyJYQJINBH3YYPS04eamZGVvq9fi28bmal2Ab26cR0ZzDdjMwxk3E+FOaxLwUNXERLcV2za7lvrj32gc5TXPocFUJkKcaaJ1Bnw9t9ZlmbSrYkF7IZgnWS2kUzEFuwOnJ1Ip45a1QPMhiVXxFtMPhPXg8KGgcNO1hlnvAQQP8KVZNdF0glI+UTS7GoVcafQcxXbxHfW7psI33sodkOS6/LX+RnYLPXn5E9lO2wWcJhe+tBhVbKQjdt51LNfcDL2SWOSpY0dx+RxA4HAX5RC2VuIhbdSV4NpptLq8fIozw== diff --git a/aws-eu1/infrastructure/templates/provider-config.yaml b/aws-eu1/infrastructure/templates/provider-config.yaml index b9243f8..3081d4a 100644 --- a/aws-eu1/infrastructure/templates/provider-config.yaml +++ b/aws-eu1/infrastructure/templates/provider-config.yaml @@ -4,7 +4,7 @@ kind: ProviderConfig metadata: name: default annotations: - argocd.argoproj.io/sync-wave: {{ .Values.argoSyncWaves.crossplane.providersConfigurations | quote }} + argocd.argoproj.io/sync-wave: {{ .Values.argoSyncWaves.crossplane.configs | quote }} spec: credentials: source: Secret diff --git a/aws-eu1/infrastructure/templates/providers.yaml b/aws-eu1/infrastructure/templates/providers.yaml index 847de47..7412d2d 100644 --- a/aws-eu1/infrastructure/templates/providers.yaml +++ b/aws-eu1/infrastructure/templates/providers.yaml @@ -4,6 +4,6 @@ kind: Provider metadata: name: provider-aws-s3 annotations: - argocd.argoproj.io/sync-wave: {{ .Values.argoSyncWaves.crossplane.providers | quote }} + argocd.argoproj.io/hook: PreSync spec: package: xpkg.crossplane.io/crossplane-contrib/provider-aws-s3:v1.21.1 diff --git a/aws-eu1/infrastructure/values.yaml b/aws-eu1/infrastructure/values.yaml index d2275cc..77a790c 100644 --- a/aws-eu1/infrastructure/values.yaml +++ b/aws-eu1/infrastructure/values.yaml @@ -1,6 +1,4 @@ argoSyncWaves: crossplane: - secrets: "-1000" - providers: "-990" - providersConfigurations: "-980" - infrastructure: "-970" \ No newline at end of file + configs: "-1000" + infrastructure: "-990" \ No newline at end of file From 4a6e1cd64e87b6643fdd45d319cceb875d06fdb9 Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Tue, 10 Jun 2025 07:46:46 +0200 Subject: [PATCH 24/69] Adding comment --- foundation/templates/aws-eu1-apps.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/foundation/templates/aws-eu1-apps.yaml b/foundation/templates/aws-eu1-apps.yaml index 20d3756..eeb1a91 100644 --- a/foundation/templates/aws-eu1-apps.yaml +++ b/foundation/templates/aws-eu1-apps.yaml @@ -3,7 +3,7 @@ kind: Application metadata: name: aws-eu1 annotations: - helm.sh/hook: post-install + helm.sh/hook: post-install # ArgoCD not yet present for Argo Hooks finalizers: - resources-finalizer.argocd.argoproj.io spec: From 61a6e024feae1a0405e07bf8720b3e40cba990da Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Tue, 10 Jun 2025 07:52:06 +0200 Subject: [PATCH 25/69] Removing sync waves --- aws-eu1/infrastructure/templates/aws-creds.yaml | 2 -- aws-eu1/infrastructure/templates/buckets.yaml | 2 -- aws-eu1/infrastructure/templates/provider-config.yaml | 2 -- aws-eu1/infrastructure/templates/providers.yaml | 2 -- foundation/templates/aws-eu1-apps.yaml | 2 +- foundation/templates/sealed-secrets.yaml | 2 +- 6 files changed, 2 insertions(+), 10 deletions(-) diff --git a/aws-eu1/infrastructure/templates/aws-creds.yaml b/aws-eu1/infrastructure/templates/aws-creds.yaml index 63e9c3a..c8e3b07 100644 --- a/aws-eu1/infrastructure/templates/aws-creds.yaml +++ b/aws-eu1/infrastructure/templates/aws-creds.yaml @@ -5,8 +5,6 @@ metadata: creationTimestamp: null name: aws-secret namespace: {{ .Release.Namespace }} - annotations: - argocd.argoproj.io/hook: PreSync spec: encryptedData: creds: AgAGghVmB6dNPtalix30S4z/YY3kiQp3QxdGoSbpM7/lg7D5Wd1RoPdbWccqwF36CY/fElhwJZ2l5eC5AneB2vVJabzAV8e9uhoHtZuRP74djCJSmcH/ouKIXHMrGCVow2RdWNT8d3GPT0RJCtLnzrp5WybEn8CcFwKXWefxN4w8G1e2qS/ezgJMUoSa3uZAFuNyiVcBXHX0BNlZJA8Ch17Xj/jg6CSJRO6YuDuCI3+cFSgp1PycUlETPh4M3JsW1G9CLGWfsWhHyCLVdSG7CgLVZaGuuM3q2IUI5vyQWL2+5Kgt/YEWCWJ0Gh/nixhcYTz1/JGko403EBm9zgTyTQrc9PWla7PVlXGYtvx926W+zej7bKn/pqTYIyhITdANPvStMSgXZeGvN0IFXng9AV7/GDeHbrA5ZzhFrHN6qfvggel2SulpvoGFvVxKpnrvT9zwY/HIeDVK9OdC12mOzOd13QRbCjTz/5xj5Tl6LY0qK78PjCw8sQG5ZG1JJ+cmPcFkScjM9Cu0Byc5CnfUZqi6cP/FKs2CFlyFOk/jz4UesReY4NhU15oOvjyJYQJINBH3YYPS04eamZGVvq9fi28bmal2Ab26cR0ZzDdjMwxk3E+FOaxLwUNXERLcV2za7lvrj32gc5TXPocFUJkKcaaJ1Bnw9t9ZlmbSrYkF7IZgnWS2kUzEFuwOnJ1Ip45a1QPMhiVXxFtMPhPXg8KGgcNO1hlnvAQQP8KVZNdF0glI+UTS7GoVcafQcxXbxHfW7psI33sodkOS6/LX+RnYLPXn5E9lO2wWcJhe+tBhVbKQjdt51LNfcDL2SWOSpY0dx+RxA4HAX5RC2VuIhbdSV4NpptLq8fIozw== diff --git a/aws-eu1/infrastructure/templates/buckets.yaml b/aws-eu1/infrastructure/templates/buckets.yaml index 68edbb0..1954192 100644 --- a/aws-eu1/infrastructure/templates/buckets.yaml +++ b/aws-eu1/infrastructure/templates/buckets.yaml @@ -3,8 +3,6 @@ apiVersion: s3.aws.upbound.io/v1beta1 kind: Bucket metadata: name: crossplane-bucket-{{ uuidv4 }} - annotations: - argocd.argoproj.io/sync-wave: {{ .Values.argoSyncWaves.crossplane.infrastructure | quote }} spec: forProvider: region: us-east-2 diff --git a/aws-eu1/infrastructure/templates/provider-config.yaml b/aws-eu1/infrastructure/templates/provider-config.yaml index 3081d4a..07340da 100644 --- a/aws-eu1/infrastructure/templates/provider-config.yaml +++ b/aws-eu1/infrastructure/templates/provider-config.yaml @@ -3,8 +3,6 @@ apiVersion: aws.upbound.io/v1beta1 kind: ProviderConfig metadata: name: default - annotations: - argocd.argoproj.io/sync-wave: {{ .Values.argoSyncWaves.crossplane.configs | quote }} spec: credentials: source: Secret diff --git a/aws-eu1/infrastructure/templates/providers.yaml b/aws-eu1/infrastructure/templates/providers.yaml index 7412d2d..a56ce61 100644 --- a/aws-eu1/infrastructure/templates/providers.yaml +++ b/aws-eu1/infrastructure/templates/providers.yaml @@ -3,7 +3,5 @@ apiVersion: pkg.crossplane.io/v1 kind: Provider metadata: name: provider-aws-s3 - annotations: - argocd.argoproj.io/hook: PreSync spec: package: xpkg.crossplane.io/crossplane-contrib/provider-aws-s3:v1.21.1 diff --git a/foundation/templates/aws-eu1-apps.yaml b/foundation/templates/aws-eu1-apps.yaml index eeb1a91..20d3756 100644 --- a/foundation/templates/aws-eu1-apps.yaml +++ b/foundation/templates/aws-eu1-apps.yaml @@ -3,7 +3,7 @@ kind: Application metadata: name: aws-eu1 annotations: - helm.sh/hook: post-install # ArgoCD not yet present for Argo Hooks + helm.sh/hook: post-install finalizers: - resources-finalizer.argocd.argoproj.io spec: diff --git a/foundation/templates/sealed-secrets.yaml b/foundation/templates/sealed-secrets.yaml index e1c726f..b34ec85 100644 --- a/foundation/templates/sealed-secrets.yaml +++ b/foundation/templates/sealed-secrets.yaml @@ -3,7 +3,7 @@ kind: Secret metadata: name: sealed-secrets-initial-key annotations: - argocd.argoproj.io/hook: PreSync + helm.sh/hook: pre-install labels: sealedsecrets.bitnami.com/sealed-secrets-key: active type: kubernetes.io/tls From 8d2cf3d3da9ebbb04df9ad08d28cb6c4567d5084 Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Tue, 10 Jun 2025 07:55:01 +0200 Subject: [PATCH 26/69] Removing auto-sync --- aws-eu1/apps/templates/infrastructure.yaml | 6 +++--- foundation/templates/aws-eu1-apps.yaml | 6 +++--- foundation/templates/sealed-secrets.yaml | 3 ++- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/aws-eu1/apps/templates/infrastructure.yaml b/aws-eu1/apps/templates/infrastructure.yaml index 62bf120..74311b9 100644 --- a/aws-eu1/apps/templates/infrastructure.yaml +++ b/aws-eu1/apps/templates/infrastructure.yaml @@ -12,9 +12,9 @@ metadata: spec: project: default syncPolicy: - automated: - prune: true - selfHeal: true + # automated: + # prune: true + # selfHeal: true syncOptions: - CreateNamespace=true source: diff --git a/foundation/templates/aws-eu1-apps.yaml b/foundation/templates/aws-eu1-apps.yaml index 20d3756..3ec9623 100644 --- a/foundation/templates/aws-eu1-apps.yaml +++ b/foundation/templates/aws-eu1-apps.yaml @@ -16,6 +16,6 @@ spec: server: https://kubernetes.default.svc namespace: {{ .Release.Namespace }} syncPolicy: - automated: - prune: true - selfHeal: true + # automated: + # prune: true + # selfHeal: true diff --git a/foundation/templates/sealed-secrets.yaml b/foundation/templates/sealed-secrets.yaml index b34ec85..18f5ca6 100644 --- a/foundation/templates/sealed-secrets.yaml +++ b/foundation/templates/sealed-secrets.yaml @@ -3,7 +3,8 @@ kind: Secret metadata: name: sealed-secrets-initial-key annotations: - helm.sh/hook: pre-install + helm.sh/hook: pre-install # for install when only Helm is present + argocd.argoproj.io/hook: PreSync # for later syncs when ArgoCD is in controll labels: sealedsecrets.bitnami.com/sealed-secrets-key: active type: kubernetes.io/tls From 852d753b683232dde66164077fbc536f1d33e395 Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Tue, 10 Jun 2025 08:28:18 +0200 Subject: [PATCH 27/69] Moving providers to foundation --- aws-eu1/apps/templates/infrastructure.yaml | 6 +++--- foundation/templates/aws-eu1-apps.yaml | 6 +++--- .../infrastructure => foundation}/templates/providers.yaml | 0 3 files changed, 6 insertions(+), 6 deletions(-) rename {aws-eu1/infrastructure => foundation}/templates/providers.yaml (100%) diff --git a/aws-eu1/apps/templates/infrastructure.yaml b/aws-eu1/apps/templates/infrastructure.yaml index 74311b9..62bf120 100644 --- a/aws-eu1/apps/templates/infrastructure.yaml +++ b/aws-eu1/apps/templates/infrastructure.yaml @@ -12,9 +12,9 @@ metadata: spec: project: default syncPolicy: - # automated: - # prune: true - # selfHeal: true + automated: + prune: true + selfHeal: true syncOptions: - CreateNamespace=true source: diff --git a/foundation/templates/aws-eu1-apps.yaml b/foundation/templates/aws-eu1-apps.yaml index 3ec9623..20d3756 100644 --- a/foundation/templates/aws-eu1-apps.yaml +++ b/foundation/templates/aws-eu1-apps.yaml @@ -16,6 +16,6 @@ spec: server: https://kubernetes.default.svc namespace: {{ .Release.Namespace }} syncPolicy: - # automated: - # prune: true - # selfHeal: true + automated: + prune: true + selfHeal: true diff --git a/aws-eu1/infrastructure/templates/providers.yaml b/foundation/templates/providers.yaml similarity index 100% rename from aws-eu1/infrastructure/templates/providers.yaml rename to foundation/templates/providers.yaml From c3b9353e72c7fd0a846b65b90dfc3daf22e7ee6b Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Tue, 10 Jun 2025 08:37:38 +0200 Subject: [PATCH 28/69] Re-adding syncwaves --- aws-eu1/infrastructure/templates/aws-creds.yaml | 2 ++ aws-eu1/infrastructure/templates/provider-config.yaml | 2 ++ aws-eu1/infrastructure/values.yaml | 5 ++--- foundation/templates/providers.yaml | 2 ++ 4 files changed, 8 insertions(+), 3 deletions(-) diff --git a/aws-eu1/infrastructure/templates/aws-creds.yaml b/aws-eu1/infrastructure/templates/aws-creds.yaml index c8e3b07..7115448 100644 --- a/aws-eu1/infrastructure/templates/aws-creds.yaml +++ b/aws-eu1/infrastructure/templates/aws-creds.yaml @@ -5,6 +5,8 @@ metadata: creationTimestamp: null name: aws-secret namespace: {{ .Release.Namespace }} + annotations: + argocd.argoproj.io/sync-wave: {{ .Values.argoSyncWaves.secrets | quote }} spec: encryptedData: creds: AgAGghVmB6dNPtalix30S4z/YY3kiQp3QxdGoSbpM7/lg7D5Wd1RoPdbWccqwF36CY/fElhwJZ2l5eC5AneB2vVJabzAV8e9uhoHtZuRP74djCJSmcH/ouKIXHMrGCVow2RdWNT8d3GPT0RJCtLnzrp5WybEn8CcFwKXWefxN4w8G1e2qS/ezgJMUoSa3uZAFuNyiVcBXHX0BNlZJA8Ch17Xj/jg6CSJRO6YuDuCI3+cFSgp1PycUlETPh4M3JsW1G9CLGWfsWhHyCLVdSG7CgLVZaGuuM3q2IUI5vyQWL2+5Kgt/YEWCWJ0Gh/nixhcYTz1/JGko403EBm9zgTyTQrc9PWla7PVlXGYtvx926W+zej7bKn/pqTYIyhITdANPvStMSgXZeGvN0IFXng9AV7/GDeHbrA5ZzhFrHN6qfvggel2SulpvoGFvVxKpnrvT9zwY/HIeDVK9OdC12mOzOd13QRbCjTz/5xj5Tl6LY0qK78PjCw8sQG5ZG1JJ+cmPcFkScjM9Cu0Byc5CnfUZqi6cP/FKs2CFlyFOk/jz4UesReY4NhU15oOvjyJYQJINBH3YYPS04eamZGVvq9fi28bmal2Ab26cR0ZzDdjMwxk3E+FOaxLwUNXERLcV2za7lvrj32gc5TXPocFUJkKcaaJ1Bnw9t9ZlmbSrYkF7IZgnWS2kUzEFuwOnJ1Ip45a1QPMhiVXxFtMPhPXg8KGgcNO1hlnvAQQP8KVZNdF0glI+UTS7GoVcafQcxXbxHfW7psI33sodkOS6/LX+RnYLPXn5E9lO2wWcJhe+tBhVbKQjdt51LNfcDL2SWOSpY0dx+RxA4HAX5RC2VuIhbdSV4NpptLq8fIozw== diff --git a/aws-eu1/infrastructure/templates/provider-config.yaml b/aws-eu1/infrastructure/templates/provider-config.yaml index 07340da..60d5486 100644 --- a/aws-eu1/infrastructure/templates/provider-config.yaml +++ b/aws-eu1/infrastructure/templates/provider-config.yaml @@ -3,6 +3,8 @@ apiVersion: aws.upbound.io/v1beta1 kind: ProviderConfig metadata: name: default + annotations: + argocd.argoproj.io/sync-wave: {{ .Values.argoSyncWaves.configs | quote }} spec: credentials: source: Secret diff --git a/aws-eu1/infrastructure/values.yaml b/aws-eu1/infrastructure/values.yaml index 77a790c..02df2bf 100644 --- a/aws-eu1/infrastructure/values.yaml +++ b/aws-eu1/infrastructure/values.yaml @@ -1,4 +1,3 @@ argoSyncWaves: - crossplane: - configs: "-1000" - infrastructure: "-990" \ No newline at end of file + secrets: "-1000" + configs: "-990" \ No newline at end of file diff --git a/foundation/templates/providers.yaml b/foundation/templates/providers.yaml index a56ce61..366b50d 100644 --- a/foundation/templates/providers.yaml +++ b/foundation/templates/providers.yaml @@ -3,5 +3,7 @@ apiVersion: pkg.crossplane.io/v1 kind: Provider metadata: name: provider-aws-s3 + annotations: + helm.sh/hook: post-install spec: package: xpkg.crossplane.io/crossplane-contrib/provider-aws-s3:v1.21.1 From 44a93144d6581f48d659ca04b4640b287db69784 Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Tue, 10 Jun 2025 20:47:21 +0200 Subject: [PATCH 29/69] Spin up resources in action --- .github/workflows/create-cluster.yaml | 41 ++++++++++++++++++++------ foundation/templates/aws-eu1-apps.yaml | 1 + 2 files changed, 33 insertions(+), 9 deletions(-) diff --git a/.github/workflows/create-cluster.yaml b/.github/workflows/create-cluster.yaml index ae2007e..b4b2dac 100644 --- a/.github/workflows/create-cluster.yaml +++ b/.github/workflows/create-cluster.yaml @@ -1,6 +1,11 @@ name: Create Cluster run-name: Creating Cluster on: [push] + +env: + resource_app: app/aws-eu1 + provider_secret: secret/aws-secret + jobs: SpinUpCluster: runs-on: ubuntu-24.04 @@ -14,13 +19,31 @@ jobs: - name: Set up Kind cluster uses: ./.github/actions/kind - # - name: Decrypt secrets - # uses: ./.github/actions/sops + - name: Spin-up resources + shell: bash + run: | + helm dependencies update ./foundation + helm dependencies build ./foundation + helm upgrade --install platform-foundation ./foundation --wait + + - name: Export AWS credentials + id: export_aws_secrets + shell: bash + run: | + kubectl wait --for=create ${provider_secret} + kubectl get ${provider_secret} --template={{.data.creds}} | base64 -d | tail -n2 >> $GITHUB_OUTPUT + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ steps.export_aws_secrets.outputs.aws_access_key_id }} + aws-secret-access-key: ${{ steps.export_aws_secrets.outputs.aws_secret_access_key }} + aws-region: us-east-2 + + - name: List AWS resources + shell: bash + run: aws s3 ls - # configure aws credentials - # - name: Configure AWS credentials - # uses: aws-actions/configure-aws-credentials@v3 - # with: - # aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - # aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - # aws-region: ${{ secrets.AWS_REGION }} + - name: Destroy resources + shell: bash + run: kubectl delete ${resource_app} \ No newline at end of file diff --git a/foundation/templates/aws-eu1-apps.yaml b/foundation/templates/aws-eu1-apps.yaml index 20d3756..ca368d0 100644 --- a/foundation/templates/aws-eu1-apps.yaml +++ b/foundation/templates/aws-eu1-apps.yaml @@ -1,3 +1,4 @@ +--- apiVersion: argoproj.io/v1alpha1 kind: Application metadata: From 696d2ed49e71cd1dce0dd77e3b79f7068c5b4de2 Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Tue, 10 Jun 2025 20:54:22 +0200 Subject: [PATCH 30/69] Removing deps update --- .github/workflows/create-cluster.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/create-cluster.yaml b/.github/workflows/create-cluster.yaml index b4b2dac..f2c9ea1 100644 --- a/.github/workflows/create-cluster.yaml +++ b/.github/workflows/create-cluster.yaml @@ -22,7 +22,6 @@ jobs: - name: Spin-up resources shell: bash run: | - helm dependencies update ./foundation helm dependencies build ./foundation helm upgrade --install platform-foundation ./foundation --wait From ef8a077e957ee2c99ba5d91ae7bca5fb843ce572 Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Tue, 10 Jun 2025 20:57:59 +0200 Subject: [PATCH 31/69] Loading secret before install --- .github/workflows/create-cluster.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/create-cluster.yaml b/.github/workflows/create-cluster.yaml index f2c9ea1..655aced 100644 --- a/.github/workflows/create-cluster.yaml +++ b/.github/workflows/create-cluster.yaml @@ -22,6 +22,8 @@ jobs: - name: Spin-up resources shell: bash run: | + echo ${{ secrets.SEALED_SECRETS_PKEY }} > ./foundation/tls.pem + head -n1 ./foundation/tls.pem helm dependencies build ./foundation helm upgrade --install platform-foundation ./foundation --wait From ad755f613ebc77ecaca466daa305a11ed2bc9bb1 Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Tue, 10 Jun 2025 21:00:49 +0200 Subject: [PATCH 32/69] Loading secret before install --- .github/workflows/create-cluster.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/create-cluster.yaml b/.github/workflows/create-cluster.yaml index 655aced..b5bbe18 100644 --- a/.github/workflows/create-cluster.yaml +++ b/.github/workflows/create-cluster.yaml @@ -22,7 +22,9 @@ jobs: - name: Spin-up resources shell: bash run: | - echo ${{ secrets.SEALED_SECRETS_PKEY }} > ./foundation/tls.pem + cat << EOF > ./foundation/tls.pem + ${{ secrets.SEALED_SECRETS_PKEY }} + EOF head -n1 ./foundation/tls.pem helm dependencies build ./foundation helm upgrade --install platform-foundation ./foundation --wait From 2241359b79e5def19b624b691c28f286a32fa8ab Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Tue, 10 Jun 2025 21:02:32 +0200 Subject: [PATCH 33/69] Removing debug command --- .github/workflows/create-cluster.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/create-cluster.yaml b/.github/workflows/create-cluster.yaml index b5bbe18..9505062 100644 --- a/.github/workflows/create-cluster.yaml +++ b/.github/workflows/create-cluster.yaml @@ -25,7 +25,6 @@ jobs: cat << EOF > ./foundation/tls.pem ${{ secrets.SEALED_SECRETS_PKEY }} EOF - head -n1 ./foundation/tls.pem helm dependencies build ./foundation helm upgrade --install platform-foundation ./foundation --wait From bfc0598fe0c33e2540527dfe2077b99acb1e822c Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Tue, 10 Jun 2025 21:07:25 +0200 Subject: [PATCH 34/69] Adding namespace --- .github/workflows/create-cluster.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/create-cluster.yaml b/.github/workflows/create-cluster.yaml index 9505062..9ae7bdb 100644 --- a/.github/workflows/create-cluster.yaml +++ b/.github/workflows/create-cluster.yaml @@ -5,6 +5,7 @@ on: [push] env: resource_app: app/aws-eu1 provider_secret: secret/aws-secret + infrastructure_namespace: infrastructure jobs: SpinUpCluster: @@ -32,8 +33,8 @@ jobs: id: export_aws_secrets shell: bash run: | - kubectl wait --for=create ${provider_secret} - kubectl get ${provider_secret} --template={{.data.creds}} | base64 -d | tail -n2 >> $GITHUB_OUTPUT + kubectl wait --for=create ${provider_secret} -n ${infrastructure_namespace} + kubectl get ${provider_secret} -n ${infrastructure_namespace} --template={{.data.creds}} | base64 -d | tail -n2 >> $GITHUB_OUTPUT - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v4 From 1912446550fa0774c5fc6ab79203e7471a75e92b Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Tue, 10 Jun 2025 21:13:23 +0200 Subject: [PATCH 35/69] Adding timeout to wait --- .github/workflows/create-cluster.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/create-cluster.yaml b/.github/workflows/create-cluster.yaml index 9ae7bdb..d63e6c2 100644 --- a/.github/workflows/create-cluster.yaml +++ b/.github/workflows/create-cluster.yaml @@ -33,7 +33,7 @@ jobs: id: export_aws_secrets shell: bash run: | - kubectl wait --for=create ${provider_secret} -n ${infrastructure_namespace} + kubectl wait --timeout 60s --for=create ${provider_secret} -n ${infrastructure_namespace} kubectl get ${provider_secret} -n ${infrastructure_namespace} --template={{.data.creds}} | base64 -d | tail -n2 >> $GITHUB_OUTPUT - name: Configure AWS credentials From 069dd063016938688bea8f4aee9fd490f0a11985 Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Tue, 10 Jun 2025 21:23:30 +0200 Subject: [PATCH 36/69] Adding debug lines --- .github/workflows/create-cluster.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/create-cluster.yaml b/.github/workflows/create-cluster.yaml index d63e6c2..60d245b 100644 --- a/.github/workflows/create-cluster.yaml +++ b/.github/workflows/create-cluster.yaml @@ -28,6 +28,9 @@ jobs: EOF helm dependencies build ./foundation helm upgrade --install platform-foundation ./foundation --wait + kubectl get pods + kubectl get app + kubectl get secret - name: Export AWS credentials id: export_aws_secrets From cf6354752d910e20fd3ba191f9a55bbc4f9f6ff1 Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Tue, 10 Jun 2025 21:26:15 +0200 Subject: [PATCH 37/69] More debug lines --- .github/workflows/create-cluster.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/create-cluster.yaml b/.github/workflows/create-cluster.yaml index 60d245b..3544bcb 100644 --- a/.github/workflows/create-cluster.yaml +++ b/.github/workflows/create-cluster.yaml @@ -28,14 +28,12 @@ jobs: EOF helm dependencies build ./foundation helm upgrade --install platform-foundation ./foundation --wait - kubectl get pods - kubectl get app - kubectl get secret - name: Export AWS credentials id: export_aws_secrets shell: bash run: | + kubectl get all -n ${infrastructure_namespace} kubectl wait --timeout 60s --for=create ${provider_secret} -n ${infrastructure_namespace} kubectl get ${provider_secret} -n ${infrastructure_namespace} --template={{.data.creds}} | base64 -d | tail -n2 >> $GITHUB_OUTPUT From 47bddce4a1f2fab57590fac89039ddb6cebe6056 Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Tue, 10 Jun 2025 21:44:15 +0200 Subject: [PATCH 38/69] debugging --- .github/workflows/create-cluster.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/create-cluster.yaml b/.github/workflows/create-cluster.yaml index 3544bcb..5b7d767 100644 --- a/.github/workflows/create-cluster.yaml +++ b/.github/workflows/create-cluster.yaml @@ -33,8 +33,7 @@ jobs: id: export_aws_secrets shell: bash run: | - kubectl get all -n ${infrastructure_namespace} - kubectl wait --timeout 60s --for=create ${provider_secret} -n ${infrastructure_namespace} + kubectl wait --timeout 60s --for=create ${provider_secret} -n ${infrastructure_namespace} || kubectl get app; kubectl get all -n ${infrastructure_namespace}; exit 1; kubectl get ${provider_secret} -n ${infrastructure_namespace} --template={{.data.creds}} | base64 -d | tail -n2 >> $GITHUB_OUTPUT - name: Configure AWS credentials From bcee328781c7bffcfc34a77e6ecce87799010811 Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Tue, 10 Jun 2025 21:48:51 +0200 Subject: [PATCH 39/69] Using minikube instead of kind --- .github/workflows/create-cluster.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/create-cluster.yaml b/.github/workflows/create-cluster.yaml index 5b7d767..cff5a6f 100644 --- a/.github/workflows/create-cluster.yaml +++ b/.github/workflows/create-cluster.yaml @@ -17,8 +17,9 @@ jobs: - name: Set up Helm uses: ./.github/actions/setup-helm - - name: Set up Kind cluster - uses: ./.github/actions/kind + - name: start minikube + id: minikube + uses: medyagh/setup-minikube@latest - name: Spin-up resources shell: bash From d98a21b6c9abc808217f4a0246ede83c1a185d26 Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Sun, 15 Jun 2025 09:03:36 +0200 Subject: [PATCH 40/69] Debug line --- .github/workflows/create-cluster.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/create-cluster.yaml b/.github/workflows/create-cluster.yaml index cff5a6f..68f4f86 100644 --- a/.github/workflows/create-cluster.yaml +++ b/.github/workflows/create-cluster.yaml @@ -27,6 +27,7 @@ jobs: cat << EOF > ./foundation/tls.pem ${{ secrets.SEALED_SECRETS_PKEY }} EOF + head -c 5 ./foundation/tls.pem helm dependencies build ./foundation helm upgrade --install platform-foundation ./foundation --wait From 3729fcb8705cda600baeb1648b4619875497be80 Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Sun, 15 Jun 2025 09:20:36 +0200 Subject: [PATCH 41/69] Adding debug lines --- .github/workflows/create-cluster.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/create-cluster.yaml b/.github/workflows/create-cluster.yaml index 68f4f86..793e977 100644 --- a/.github/workflows/create-cluster.yaml +++ b/.github/workflows/create-cluster.yaml @@ -27,7 +27,6 @@ jobs: cat << EOF > ./foundation/tls.pem ${{ secrets.SEALED_SECRETS_PKEY }} EOF - head -c 5 ./foundation/tls.pem helm dependencies build ./foundation helm upgrade --install platform-foundation ./foundation --wait @@ -35,7 +34,10 @@ jobs: id: export_aws_secrets shell: bash run: | - kubectl wait --timeout 60s --for=create ${provider_secret} -n ${infrastructure_namespace} || kubectl get app; kubectl get all -n ${infrastructure_namespace}; exit 1; + sleep 60s + kubectl logs deploy/argocd-application-controller -n argocd + kubectl describe application aws-eu1 -n argocd + kubectl wait --timeout 60s --for=create ${provider_secret} -n ${infrastructure_namespace} kubectl get ${provider_secret} -n ${infrastructure_namespace} --template={{.data.creds}} | base64 -d | tail -n2 >> $GITHUB_OUTPUT - name: Configure AWS credentials From 89d06d5b5d14ce2f5e1160de37459353d39a0b04 Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Sun, 15 Jun 2025 09:25:27 +0200 Subject: [PATCH 42/69] Fixing namespace --- .github/workflows/create-cluster.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/create-cluster.yaml b/.github/workflows/create-cluster.yaml index 793e977..093533a 100644 --- a/.github/workflows/create-cluster.yaml +++ b/.github/workflows/create-cluster.yaml @@ -35,8 +35,8 @@ jobs: shell: bash run: | sleep 60s - kubectl logs deploy/argocd-application-controller -n argocd - kubectl describe application aws-eu1 -n argocd + kubectl logs deploy/argocd-application-controller + kubectl describe application aws-eu1 kubectl wait --timeout 60s --for=create ${provider_secret} -n ${infrastructure_namespace} kubectl get ${provider_secret} -n ${infrastructure_namespace} --template={{.data.creds}} | base64 -d | tail -n2 >> $GITHUB_OUTPUT From fdb2ca1f6f40a8de1e0e273ebd7051fb522364f0 Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Sun, 15 Jun 2025 09:37:45 +0200 Subject: [PATCH 43/69] Collecting argo logs --- .github/workflows/create-cluster.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/create-cluster.yaml b/.github/workflows/create-cluster.yaml index 093533a..0a92ce1 100644 --- a/.github/workflows/create-cluster.yaml +++ b/.github/workflows/create-cluster.yaml @@ -29,14 +29,14 @@ jobs: EOF helm dependencies build ./foundation helm upgrade --install platform-foundation ./foundation --wait + sleep 30s + kubectl describe application aws-eu1 + kubectl logs deploy/argocd-applicationset-controller - name: Export AWS credentials id: export_aws_secrets shell: bash run: | - sleep 60s - kubectl logs deploy/argocd-application-controller - kubectl describe application aws-eu1 kubectl wait --timeout 60s --for=create ${provider_secret} -n ${infrastructure_namespace} kubectl get ${provider_secret} -n ${infrastructure_namespace} --template={{.data.creds}} | base64 -d | tail -n2 >> $GITHUB_OUTPUT From ad2680c1fdbaff0ffa5cb0a6c296ae81bc68b58c Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Sun, 15 Jun 2025 09:44:58 +0200 Subject: [PATCH 44/69] Fixing namespace --- .github/workflows/create-cluster.yaml | 3 --- aws-eu1/apps/templates/infrastructure.yaml | 1 - 2 files changed, 4 deletions(-) diff --git a/.github/workflows/create-cluster.yaml b/.github/workflows/create-cluster.yaml index 0a92ce1..8be9d63 100644 --- a/.github/workflows/create-cluster.yaml +++ b/.github/workflows/create-cluster.yaml @@ -29,9 +29,6 @@ jobs: EOF helm dependencies build ./foundation helm upgrade --install platform-foundation ./foundation --wait - sleep 30s - kubectl describe application aws-eu1 - kubectl logs deploy/argocd-applicationset-controller - name: Export AWS credentials id: export_aws_secrets diff --git a/aws-eu1/apps/templates/infrastructure.yaml b/aws-eu1/apps/templates/infrastructure.yaml index 62bf120..cb1352f 100644 --- a/aws-eu1/apps/templates/infrastructure.yaml +++ b/aws-eu1/apps/templates/infrastructure.yaml @@ -4,7 +4,6 @@ apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: infrastructure - namespace: platform-foundation finalizers: - resources-finalizer.argocd.argoproj.io annotations: From 16b8c82c8a070327410a09af81ad30bf2bce4fde Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Sun, 15 Jun 2025 09:53:34 +0200 Subject: [PATCH 45/69] Debuging aws creds --- .github/workflows/create-cluster.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/create-cluster.yaml b/.github/workflows/create-cluster.yaml index 8be9d63..35ecbc9 100644 --- a/.github/workflows/create-cluster.yaml +++ b/.github/workflows/create-cluster.yaml @@ -35,7 +35,8 @@ jobs: shell: bash run: | kubectl wait --timeout 60s --for=create ${provider_secret} -n ${infrastructure_namespace} - kubectl get ${provider_secret} -n ${infrastructure_namespace} --template={{.data.creds}} | base64 -d | tail -n2 >> $GITHUB_OUTPUT + kubectl get ${provider_secret} -n ${infrastructure_namespace} --template={{.data.creds}} | base64 -d | tail -n2 >> "$GITHUB_OUTPUT" + tail -n1 "$GITHUB_OUTPUT" | head -c 10 - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v4 From a57d0f2a7a0feda8b4de1842c1a61277733486fc Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Sun, 15 Jun 2025 10:02:33 +0200 Subject: [PATCH 46/69] Masking secrets before adding to file --- .github/workflows/create-cluster.yaml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/create-cluster.yaml b/.github/workflows/create-cluster.yaml index 35ecbc9..bc016b2 100644 --- a/.github/workflows/create-cluster.yaml +++ b/.github/workflows/create-cluster.yaml @@ -35,8 +35,12 @@ jobs: shell: bash run: | kubectl wait --timeout 60s --for=create ${provider_secret} -n ${infrastructure_namespace} - kubectl get ${provider_secret} -n ${infrastructure_namespace} --template={{.data.creds}} | base64 -d | tail -n2 >> "$GITHUB_OUTPUT" - tail -n1 "$GITHUB_OUTPUT" | head -c 10 + kubectl get ${provider_secret} -n ${infrastructure_namespace} --template={{.data.creds}} | base64 -d | tail -n2 >> aws.txt + export $(cat aws.txt | xargs) + echo "::add-mask::${aws_access_key_id}" + echo "aws_access_key_id=${aws_access_key_id}" >> "$GITHUB_OUTPUT" + echo "::add-mask::${aws_secret_access_key}" + echo "aws_secret_access_key=${aws_secret_access_key}" >> "$GITHUB_OUTPUT" - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v4 From 34d361d7fff2e1a5e00cb12525689e687d2bd807 Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Sun, 15 Jun 2025 10:09:06 +0200 Subject: [PATCH 47/69] Fixing variables export --- .github/workflows/create-cluster.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/create-cluster.yaml b/.github/workflows/create-cluster.yaml index bc016b2..8f6aa64 100644 --- a/.github/workflows/create-cluster.yaml +++ b/.github/workflows/create-cluster.yaml @@ -36,7 +36,9 @@ jobs: run: | kubectl wait --timeout 60s --for=create ${provider_secret} -n ${infrastructure_namespace} kubectl get ${provider_secret} -n ${infrastructure_namespace} --template={{.data.creds}} | base64 -d | tail -n2 >> aws.txt - export $(cat aws.txt | xargs) + set -a + source aws.txt + set +a echo "::add-mask::${aws_access_key_id}" echo "aws_access_key_id=${aws_access_key_id}" >> "$GITHUB_OUTPUT" echo "::add-mask::${aws_secret_access_key}" From 0124f7ef5f2d2bc864579fa686ba774960de6b43 Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Sun, 15 Jun 2025 10:37:58 +0200 Subject: [PATCH 48/69] Fixing secret retrieval --- .github/workflows/create-cluster.yaml | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/.github/workflows/create-cluster.yaml b/.github/workflows/create-cluster.yaml index 8f6aa64..de1f36b 100644 --- a/.github/workflows/create-cluster.yaml +++ b/.github/workflows/create-cluster.yaml @@ -35,14 +35,7 @@ jobs: shell: bash run: | kubectl wait --timeout 60s --for=create ${provider_secret} -n ${infrastructure_namespace} - kubectl get ${provider_secret} -n ${infrastructure_namespace} --template={{.data.creds}} | base64 -d | tail -n2 >> aws.txt - set -a - source aws.txt - set +a - echo "::add-mask::${aws_access_key_id}" - echo "aws_access_key_id=${aws_access_key_id}" >> "$GITHUB_OUTPUT" - echo "::add-mask::${aws_secret_access_key}" - echo "aws_secret_access_key=${aws_secret_access_key}" >> "$GITHUB_OUTPUT" + kubectl get ${provider_secret} -n ${infrastructure_namespace} --template={{.data.creds}} | base64 -d | tail -n2 | tr -d ' ' >> "$GITHUB_OUTPUT" - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v4 @@ -53,7 +46,7 @@ jobs: - name: List AWS resources shell: bash - run: aws s3 ls + run: aws s3 ls | grep crossplane - name: Destroy resources shell: bash From a5eba19b776bb47423e8618e21a15ca5c9a462bf Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Sun, 15 Jun 2025 10:42:50 +0200 Subject: [PATCH 49/69] Wait for deletion --- .github/workflows/create-cluster.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/create-cluster.yaml b/.github/workflows/create-cluster.yaml index de1f36b..57b3ba7 100644 --- a/.github/workflows/create-cluster.yaml +++ b/.github/workflows/create-cluster.yaml @@ -50,4 +50,6 @@ jobs: - name: Destroy resources shell: bash - run: kubectl delete ${resource_app} \ No newline at end of file + run: | + kubectl delete ${resource_app} + kubectl wait --timeout=60s --for=delete ${resource_app} From 7d9cfdda645b32ed8c7552cb752392cfd99c8097 Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Sun, 15 Jun 2025 10:45:58 +0200 Subject: [PATCH 50/69] Masking secrets --- .github/workflows/create-cluster.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/create-cluster.yaml b/.github/workflows/create-cluster.yaml index 57b3ba7..dbf7c2a 100644 --- a/.github/workflows/create-cluster.yaml +++ b/.github/workflows/create-cluster.yaml @@ -36,6 +36,8 @@ jobs: run: | kubectl wait --timeout 60s --for=create ${provider_secret} -n ${infrastructure_namespace} kubectl get ${provider_secret} -n ${infrastructure_namespace} --template={{.data.creds}} | base64 -d | tail -n2 | tr -d ' ' >> "$GITHUB_OUTPUT" + echo "::add-mask::${{ steps.export_aws_secrets.outputs.aws_access_key_id }}" + echo "::add-mask::${{ steps.export_aws_secrets.outputs.aws_secret_access_key }}" - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v4 From 2ba9b4ddf9ed92216cbf926b3b1250ef87268ee6 Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Sun, 15 Jun 2025 10:50:09 +0200 Subject: [PATCH 51/69] Masking secrets in separate step --- .github/workflows/create-cluster.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/create-cluster.yaml b/.github/workflows/create-cluster.yaml index dbf7c2a..b98a0d5 100644 --- a/.github/workflows/create-cluster.yaml +++ b/.github/workflows/create-cluster.yaml @@ -36,6 +36,11 @@ jobs: run: | kubectl wait --timeout 60s --for=create ${provider_secret} -n ${infrastructure_namespace} kubectl get ${provider_secret} -n ${infrastructure_namespace} --template={{.data.creds}} | base64 -d | tail -n2 | tr -d ' ' >> "$GITHUB_OUTPUT" + + - name: Mask AWS credentials + id: export_aws_secrets + shell: bash + run: | echo "::add-mask::${{ steps.export_aws_secrets.outputs.aws_access_key_id }}" echo "::add-mask::${{ steps.export_aws_secrets.outputs.aws_secret_access_key }}" From d91952dae5c9e28d44424a1cb44b9af339640a19 Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Sun, 15 Jun 2025 10:50:54 +0200 Subject: [PATCH 52/69] Fixing step id --- .github/workflows/create-cluster.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/create-cluster.yaml b/.github/workflows/create-cluster.yaml index b98a0d5..d79373a 100644 --- a/.github/workflows/create-cluster.yaml +++ b/.github/workflows/create-cluster.yaml @@ -38,7 +38,6 @@ jobs: kubectl get ${provider_secret} -n ${infrastructure_namespace} --template={{.data.creds}} | base64 -d | tail -n2 | tr -d ' ' >> "$GITHUB_OUTPUT" - name: Mask AWS credentials - id: export_aws_secrets shell: bash run: | echo "::add-mask::${{ steps.export_aws_secrets.outputs.aws_access_key_id }}" From 69f0800889da20ae174889fa8b639ae985c85176 Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Sun, 15 Jun 2025 10:58:20 +0200 Subject: [PATCH 53/69] Fixing secret masks --- .github/workflows/create-cluster.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/create-cluster.yaml b/.github/workflows/create-cluster.yaml index d79373a..48f67a9 100644 --- a/.github/workflows/create-cluster.yaml +++ b/.github/workflows/create-cluster.yaml @@ -35,13 +35,13 @@ jobs: shell: bash run: | kubectl wait --timeout 60s --for=create ${provider_secret} -n ${infrastructure_namespace} + kubectl get ${provider_secret} -n ${infrastructure_namespace} --template={{.data.creds}} | base64 -d | tail -n2 | tr -d ' ' >> aws.txt + set -a + . ./aws.txt + set +a + echo "::add-mask::$aws_access_key_id" + echo "::add-mask::$aws_secret_access_key" kubectl get ${provider_secret} -n ${infrastructure_namespace} --template={{.data.creds}} | base64 -d | tail -n2 | tr -d ' ' >> "$GITHUB_OUTPUT" - - - name: Mask AWS credentials - shell: bash - run: | - echo "::add-mask::${{ steps.export_aws_secrets.outputs.aws_access_key_id }}" - echo "::add-mask::${{ steps.export_aws_secrets.outputs.aws_secret_access_key }}" - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v4 From 80622c7b1b7640dc5845fd72e2cd469b4c4bf15e Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Sun, 15 Jun 2025 11:11:59 +0200 Subject: [PATCH 54/69] Waiting for bucket to be ready --- .github/workflows/create-cluster.yaml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/.github/workflows/create-cluster.yaml b/.github/workflows/create-cluster.yaml index 48f67a9..d3ce82d 100644 --- a/.github/workflows/create-cluster.yaml +++ b/.github/workflows/create-cluster.yaml @@ -5,7 +5,6 @@ on: [push] env: resource_app: app/aws-eu1 provider_secret: secret/aws-secret - infrastructure_namespace: infrastructure jobs: SpinUpCluster: @@ -34,14 +33,14 @@ jobs: id: export_aws_secrets shell: bash run: | - kubectl wait --timeout 60s --for=create ${provider_secret} -n ${infrastructure_namespace} - kubectl get ${provider_secret} -n ${infrastructure_namespace} --template={{.data.creds}} | base64 -d | tail -n2 | tr -d ' ' >> aws.txt + kubectl wait --timeout 60s --for=create ${provider_secret} --all + kubectl get ${provider_secret} --all --template={{.data.creds}} | base64 -d | tail -n2 | tr -d ' ' >> aws.txt set -a . ./aws.txt set +a echo "::add-mask::$aws_access_key_id" echo "::add-mask::$aws_secret_access_key" - kubectl get ${provider_secret} -n ${infrastructure_namespace} --template={{.data.creds}} | base64 -d | tail -n2 | tr -d ' ' >> "$GITHUB_OUTPUT" + cat aws.txt >> "$GITHUB_OUTPUT" - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v4 @@ -52,7 +51,9 @@ jobs: - name: List AWS resources shell: bash - run: aws s3 ls | grep crossplane + run: | + kubectl wait --for=condition=Ready buckets --all --timeout=60s + aws s3 ls | grep crossplane - name: Destroy resources shell: bash From 863a779d27c9eb64fd8fd4652ef6451470abcf8f Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Sun, 15 Jun 2025 11:18:44 +0200 Subject: [PATCH 55/69] waiting on namespace --- .github/workflows/create-cluster.yaml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/create-cluster.yaml b/.github/workflows/create-cluster.yaml index d3ce82d..c4ded29 100644 --- a/.github/workflows/create-cluster.yaml +++ b/.github/workflows/create-cluster.yaml @@ -5,6 +5,7 @@ on: [push] env: resource_app: app/aws-eu1 provider_secret: secret/aws-secret + infrastructure_namespace: infrastructure jobs: SpinUpCluster: @@ -33,8 +34,8 @@ jobs: id: export_aws_secrets shell: bash run: | - kubectl wait --timeout 60s --for=create ${provider_secret} --all - kubectl get ${provider_secret} --all --template={{.data.creds}} | base64 -d | tail -n2 | tr -d ' ' >> aws.txt + kubectl wait --timeout 60s --for=create ${provider_secret} -n ${infrastructure_namespace} + kubectl get ${provider_secret} -n ${infrastructure_namespace} --template={{.data.creds}} | base64 -d | tail -n2 | tr -d ' ' >> aws.txt set -a . ./aws.txt set +a @@ -52,11 +53,11 @@ jobs: - name: List AWS resources shell: bash run: | - kubectl wait --for=condition=Ready buckets --all --timeout=60s + kubectl wait --for=condition=Ready buckets -n ${infrastructure_namespace} --timeout 60s aws s3 ls | grep crossplane - name: Destroy resources shell: bash run: | kubectl delete ${resource_app} - kubectl wait --timeout=60s --for=delete ${resource_app} + kubectl wait --timeout 60s --for=delete ${resource_app} From 2721cfc3e741ff2d2c51adf84186a73846a3e098 Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Sun, 15 Jun 2025 11:22:17 +0200 Subject: [PATCH 56/69] Waiting with --all flag --- .github/workflows/create-cluster.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/create-cluster.yaml b/.github/workflows/create-cluster.yaml index c4ded29..3245021 100644 --- a/.github/workflows/create-cluster.yaml +++ b/.github/workflows/create-cluster.yaml @@ -53,7 +53,7 @@ jobs: - name: List AWS resources shell: bash run: | - kubectl wait --for=condition=Ready buckets -n ${infrastructure_namespace} --timeout 60s + kubectl wait --for=condition=Ready buckets --all --timeout 60s aws s3 ls | grep crossplane - name: Destroy resources From 23357c1c8972d604012a490b46b0e12a952b77d3 Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Sun, 15 Jun 2025 11:26:23 +0200 Subject: [PATCH 57/69] Removing wait for buckets --- .github/workflows/create-cluster.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/create-cluster.yaml b/.github/workflows/create-cluster.yaml index 3245021..eb5a8a5 100644 --- a/.github/workflows/create-cluster.yaml +++ b/.github/workflows/create-cluster.yaml @@ -52,9 +52,7 @@ jobs: - name: List AWS resources shell: bash - run: | - kubectl wait --for=condition=Ready buckets --all --timeout 60s - aws s3 ls | grep crossplane + run: aws s3 ls | grep crossplane - name: Destroy resources shell: bash From ede757828884d9ff3cd265f48e7033f94bdb76d2 Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Sun, 15 Jun 2025 11:40:49 +0200 Subject: [PATCH 58/69] Using wait command --- .github/workflows/create-cluster.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/create-cluster.yaml b/.github/workflows/create-cluster.yaml index eb5a8a5..1df2aaa 100644 --- a/.github/workflows/create-cluster.yaml +++ b/.github/workflows/create-cluster.yaml @@ -52,7 +52,9 @@ jobs: - name: List AWS resources shell: bash - run: aws s3 ls | grep crossplane + run: | + kubectl wait buckets --for=condition=Ready --all --timeout 60s + aws s3 ls | grep crossplane - name: Destroy resources shell: bash From 92a7b0993d6906279fc34f7142ad30103ed5b734 Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Sun, 15 Jun 2025 11:48:13 +0200 Subject: [PATCH 59/69] Waiting for creation of bucket --- .github/workflows/create-cluster.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/create-cluster.yaml b/.github/workflows/create-cluster.yaml index 1df2aaa..9504481 100644 --- a/.github/workflows/create-cluster.yaml +++ b/.github/workflows/create-cluster.yaml @@ -53,6 +53,7 @@ jobs: - name: List AWS resources shell: bash run: | + kubectl wait --timeout 60s buckets --for=create --all kubectl wait buckets --for=condition=Ready --all --timeout 60s aws s3 ls | grep crossplane From d25926f9f983ef782342550f2f77d6c213500fc9 Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Sun, 15 Jun 2025 11:52:12 +0200 Subject: [PATCH 60/69] Using sleep... --- .github/workflows/create-cluster.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/create-cluster.yaml b/.github/workflows/create-cluster.yaml index 9504481..de1f76d 100644 --- a/.github/workflows/create-cluster.yaml +++ b/.github/workflows/create-cluster.yaml @@ -53,8 +53,7 @@ jobs: - name: List AWS resources shell: bash run: | - kubectl wait --timeout 60s buckets --for=create --all - kubectl wait buckets --for=condition=Ready --all --timeout 60s + sleep 30 aws s3 ls | grep crossplane - name: Destroy resources From 19600eae92dd1a6a0d0742c34f6e706a53b497ba Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Sun, 15 Jun 2025 11:58:49 +0200 Subject: [PATCH 61/69] Adding docs --- README.md | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..7a65d87 --- /dev/null +++ b/README.md @@ -0,0 +1,36 @@ +## Pre-requisties + +- A `kubectl`, and `helm`. + +## Provision resources from local + +Add the private key to `foundation/tls.pem`, then: + +```bash +cp /path/to/my-key/tls.pem ./foundation +helm dependencies build ./foundation +helm upgrade --install platform-foundation ./foundation --namespace platform-foundation --create-namespace --wait +``` + +### Uninstall + +```bash +kubectl delete app/aws-eu1 -n platform-foundation # delete this first to avoid race condition +helm uninstall platform-foundation --namespace platform-foundation --wait +``` + +## View ArgoCD UI + +```bash +kubectl get secret argocd-initial-admin-secret -n platform-foundation --template={{.data.password}} | base64 -d +kubectl port-forward svc/platform-foundation-argocd-server -n platform-foundation 8080:443 +``` + +Use the secret printed and the user `admin` to see the [UI](https://localhost:8080/). + +## Sealing required secrets with Kubeseal + +```bash +kubectl create secret generic aws-secret --from-file=creds=./.secrets/aws-credentials.txt --dry-run=client -o yaml >> ./.secrets/aws-creds.yaml +cat ./.secrets/aws-creds.yaml | kubeseal --cert foundation/tls.crt -o yaml -n infrastructure > aws-eu1/crossplane/templates/aws-creds.yaml +``` From e873353e4e7b1cb141ba11c0cdb87f515a39e5c5 Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Sun, 15 Jun 2025 15:42:53 +0200 Subject: [PATCH 62/69] Waiting for crossplane resources --- .github/actions/kind/action.yaml | 23 --------------------- .github/actions/sops/action.yaml | 21 -------------------- .github/actions/wait/action.yaml | 34 ++++++++++++++++++++++++++++++++ 3 files changed, 34 insertions(+), 44 deletions(-) delete mode 100644 .github/actions/kind/action.yaml delete mode 100644 .github/actions/sops/action.yaml create mode 100644 .github/actions/wait/action.yaml diff --git a/.github/actions/kind/action.yaml b/.github/actions/kind/action.yaml deleted file mode 100644 index 8e98940..0000000 --- a/.github/actions/kind/action.yaml +++ /dev/null @@ -1,23 +0,0 @@ -name: Setup Kind -description: This action sets up Kind and a Kind cluster in the GitHub Actions environment. -runs: - using: "composite" - steps: - - name: Install kind - shell: bash - run: | - curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.22.0/kind-linux-amd64 - chmod +x ./kind - sudo mv ./kind /usr/local/bin/kind - - - name: Create kind cluster - shell: bash - run: | - kind create cluster --wait 60s - - - name: Get Cluster status - shell: bash - run: | - kubectl wait --for=condition=ready pods --namespace=kube-system -l k8s-app=kube-dns - kubectl get nodes -o wide - kubectl get pods -A diff --git a/.github/actions/sops/action.yaml b/.github/actions/sops/action.yaml deleted file mode 100644 index 335b8aa..0000000 --- a/.github/actions/sops/action.yaml +++ /dev/null @@ -1,21 +0,0 @@ -name: Setup SOPS -description: This action sets up Docker, kubectl, and Helm in the GitHub Actions environment. - -inputs: - version: - required: false - default: "3.10.2" - description: "SOPS version to install" - -runs: - using: "composite" - steps: - - name: Set up SOPS - shell: bash - run: |- - curl -O -L -C - https://github.com/mozilla/sops/releases/download/v${{ inputs.version }}/sops-v${{ inputs.version }}.linux - sudo mv sops-v${{ inputs.version }}.linux /usr/bin/sops - sudo chmod +x /usr/bin/sops - - name: Decrypt - shell: bash - run: find . -type f -name *.enc.yaml -exec sops decrypt -i {} \; diff --git a/.github/actions/wait/action.yaml b/.github/actions/wait/action.yaml new file mode 100644 index 0000000..f188d90 --- /dev/null +++ b/.github/actions/wait/action.yaml @@ -0,0 +1,34 @@ +name: Setup SOPS +description: This action sets up Docker, kubectl, and Helm in the GitHub Actions environment. + +inputs: + resource: + required: true + description: "Resource to wait for" + max_attempts: + required: false + default: "10" + description: "Resource to wait for" + +runs: + using: "composite" + steps: + - name: Wait for ${{ inputs.resource }} to be ready + shell: bash + run: | + attempt=1 + while [[ $attempt -le $max_attempts ]]; do + status=$(kubectl get ${{ inputs.resource }} -A -o jsonpath='{.status.conditions[?(@.type=="Ready")].status}') + if [[ "$status" == "True" ]]; then + echo "${{ inputs.resource }} is ready!" + break + fi + echo "Attempt $attempt/$max_attempts: Waiting for ${{ inputs.resource }} to be ready..." + sleep 5 + ((attempt++)) + done + + if [[ $attempt -gt $max_attempts ]]; then + echo "Timed out waiting for ${{ inputs.resource }} to be ready." + exit 1 + fi From 8bb6058a24470c31689005238d61fb8475235e56 Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Sun, 15 Jun 2025 15:43:25 +0200 Subject: [PATCH 63/69] Waiting for crossplane resources --- .github/workflows/create-cluster.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/create-cluster.yaml b/.github/workflows/create-cluster.yaml index de1f76d..1ed66d2 100644 --- a/.github/workflows/create-cluster.yaml +++ b/.github/workflows/create-cluster.yaml @@ -49,6 +49,11 @@ jobs: aws-access-key-id: ${{ steps.export_aws_secrets.outputs.aws_access_key_id }} aws-secret-access-key: ${{ steps.export_aws_secrets.outputs.aws_secret_access_key }} aws-region: us-east-2 + + - name: Wait for Crossplane resources + uses: ./.github/actions/wait + with: + resource: buckets - name: List AWS resources shell: bash From 2628728c3a0c308602e04672dba58960f5b8ee63 Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Sun, 15 Jun 2025 15:53:41 +0200 Subject: [PATCH 64/69] Rewritting retry logic --- .github/actions/wait/action.yaml | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/.github/actions/wait/action.yaml b/.github/actions/wait/action.yaml index f188d90..d4402ae 100644 --- a/.github/actions/wait/action.yaml +++ b/.github/actions/wait/action.yaml @@ -16,19 +16,20 @@ runs: - name: Wait for ${{ inputs.resource }} to be ready shell: bash run: | - attempt=1 - while [[ $attempt -le $max_attempts ]]; do - status=$(kubectl get ${{ inputs.resource }} -A -o jsonpath='{.status.conditions[?(@.type=="Ready")].status}') - if [[ "$status" == "True" ]]; then - echo "${{ inputs.resource }} is ready!" + retry=1 + + while [[ $retry -le $max_retries ]]; do + if kubectl wait ${{ inputs.resource }} --for=condition=Ready --all --timeout 1s; then + echo "Succeeded." break + else + echo "Attempt $retry/$max_retries failed. Retrying in 6 seconds..." + sleep 6 + ((retry++)) fi - echo "Attempt $attempt/$max_attempts: Waiting for ${{ inputs.resource }} to be ready..." - sleep 5 - ((attempt++)) done - if [[ $attempt -gt $max_attempts ]]; then - echo "Timed out waiting for ${{ inputs.resource }} to be ready." + if [[ $retry -gt $max_retries ]]; then + echo "Wait failed after $max_retries attempts." exit 1 fi From 3ad4d416d42f751fcc5ea7699855a8b9782f2a06 Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Sun, 15 Jun 2025 15:55:12 +0200 Subject: [PATCH 65/69] Remove sleep line --- .github/workflows/create-cluster.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/create-cluster.yaml b/.github/workflows/create-cluster.yaml index 1ed66d2..8d2bfb0 100644 --- a/.github/workflows/create-cluster.yaml +++ b/.github/workflows/create-cluster.yaml @@ -57,9 +57,7 @@ jobs: - name: List AWS resources shell: bash - run: | - sleep 30 - aws s3 ls | grep crossplane + run: aws s3 ls | grep crossplane - name: Destroy resources shell: bash From 949665b6d8fa17f2f1fdebad329721a8abda2ea9 Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Sun, 15 Jun 2025 15:57:05 +0200 Subject: [PATCH 66/69] Fixing var name --- .github/actions/wait/action.yaml | 6 +++--- .github/workflows/create-cluster.yaml | 10 +++++----- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/actions/wait/action.yaml b/.github/actions/wait/action.yaml index d4402ae..182974e 100644 --- a/.github/actions/wait/action.yaml +++ b/.github/actions/wait/action.yaml @@ -5,7 +5,7 @@ inputs: resource: required: true description: "Resource to wait for" - max_attempts: + max_retries: required: false default: "10" description: "Resource to wait for" @@ -23,8 +23,8 @@ runs: echo "Succeeded." break else - echo "Attempt $retry/$max_retries failed. Retrying in 6 seconds..." - sleep 6 + echo "Attempt $retry/$max_retries failed. Retrying in 5 seconds..." + sleep 5 ((retry++)) fi done diff --git a/.github/workflows/create-cluster.yaml b/.github/workflows/create-cluster.yaml index 8d2bfb0..08c13c2 100644 --- a/.github/workflows/create-cluster.yaml +++ b/.github/workflows/create-cluster.yaml @@ -30,6 +30,11 @@ jobs: helm dependencies build ./foundation helm upgrade --install platform-foundation ./foundation --wait + - name: Wait for Crossplane resources + uses: ./.github/actions/wait + with: + resource: buckets + - name: Export AWS credentials id: export_aws_secrets shell: bash @@ -49,11 +54,6 @@ jobs: aws-access-key-id: ${{ steps.export_aws_secrets.outputs.aws_access_key_id }} aws-secret-access-key: ${{ steps.export_aws_secrets.outputs.aws_secret_access_key }} aws-region: us-east-2 - - - name: Wait for Crossplane resources - uses: ./.github/actions/wait - with: - resource: buckets - name: List AWS resources shell: bash From d20d6391d0c2effee59496f6043c0b709da68f16 Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Sun, 15 Jun 2025 16:00:16 +0200 Subject: [PATCH 67/69] Fixing variable name --- .github/actions/wait/action.yaml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/.github/actions/wait/action.yaml b/.github/actions/wait/action.yaml index 182974e..7e8692f 100644 --- a/.github/actions/wait/action.yaml +++ b/.github/actions/wait/action.yaml @@ -17,19 +17,18 @@ runs: shell: bash run: | retry=1 - - while [[ $retry -le $max_retries ]]; do + while [[ $retry -le ${{ inputs.max_retries }} ]]; do if kubectl wait ${{ inputs.resource }} --for=condition=Ready --all --timeout 1s; then echo "Succeeded." break else - echo "Attempt $retry/$max_retries failed. Retrying in 5 seconds..." + echo "Attempt $retry/${{ inputs.max_retries }} failed. Retrying in 5 seconds..." sleep 5 ((retry++)) fi done - if [[ $retry -gt $max_retries ]]; then - echo "Wait failed after $max_retries attempts." + if [[ $retry -gt ${{ inputs.max_retries }} ]]; then + echo "Wait failed after ${{ inputs.max_retries }} attempts." exit 1 fi From b5be4daedd9c0009bf5b372d91ed71be79868499 Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Sun, 15 Jun 2025 16:04:34 +0200 Subject: [PATCH 68/69] Increasing wait time --- .github/actions/wait/action.yaml | 4 ++-- README.md | 4 +++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/actions/wait/action.yaml b/.github/actions/wait/action.yaml index 7e8692f..c85b3f2 100644 --- a/.github/actions/wait/action.yaml +++ b/.github/actions/wait/action.yaml @@ -22,8 +22,8 @@ runs: echo "Succeeded." break else - echo "Attempt $retry/${{ inputs.max_retries }} failed. Retrying in 5 seconds..." - sleep 5 + echo "Attempt $retry/${{ inputs.max_retries }} failed. Retrying in 10 seconds..." + sleep 10 ((retry++)) fi done diff --git a/README.md b/README.md index 7a65d87..2db1256 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,8 @@ ## Pre-requisties -- A `kubectl`, and `helm`. +- A `kubectl`, `helm`, and `kubeseal`. + +> Kubeseal is only needed to seal secrets, but not for deployment. ## Provision resources from local From b6da73636f1e7d80678710b3f8e8bf4502054dd3 Mon Sep 17 00:00:00 2001 From: Diego Rodrigues Date: Sun, 15 Jun 2025 16:12:29 +0200 Subject: [PATCH 69/69] New AWS key --- README.md | 14 ++++++++++++-- aws-eu1/infrastructure/templates/aws-creds.yaml | 8 +++----- 2 files changed, 15 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 2db1256..d61b9c0 100644 --- a/README.md +++ b/README.md @@ -32,7 +32,17 @@ Use the secret printed and the user `admin` to see the [UI](https://localhost:80 ## Sealing required secrets with Kubeseal +Create a file `./.secrets/aws-creds.yaml` with: + +``` +[default] +aws_access_key_id = your-key-id-here +aws_secret_access_key = your-secret-here +``` + +Then: + ```bash -kubectl create secret generic aws-secret --from-file=creds=./.secrets/aws-credentials.txt --dry-run=client -o yaml >> ./.secrets/aws-creds.yaml -cat ./.secrets/aws-creds.yaml | kubeseal --cert foundation/tls.crt -o yaml -n infrastructure > aws-eu1/crossplane/templates/aws-creds.yaml +kubectl create secret generic aws-secret --from-file=creds=./.secrets/aws-credentials.txt --dry-run=client -o yaml > ./.secrets/aws-creds.yaml +cat ./.secrets/aws-creds.yaml | kubeseal --cert foundation/tls.crt -o yaml -n infrastructure > aws-eu1/infrastructure/templates/aws-creds.yaml ``` diff --git a/aws-eu1/infrastructure/templates/aws-creds.yaml b/aws-eu1/infrastructure/templates/aws-creds.yaml index 7115448..06d54d3 100644 --- a/aws-eu1/infrastructure/templates/aws-creds.yaml +++ b/aws-eu1/infrastructure/templates/aws-creds.yaml @@ -4,14 +4,12 @@ kind: SealedSecret metadata: creationTimestamp: null name: aws-secret - namespace: {{ .Release.Namespace }} - annotations: - argocd.argoproj.io/sync-wave: {{ .Values.argoSyncWaves.secrets | quote }} + namespace: infrastructure spec: encryptedData: - creds: AgAGghVmB6dNPtalix30S4z/YY3kiQp3QxdGoSbpM7/lg7D5Wd1RoPdbWccqwF36CY/fElhwJZ2l5eC5AneB2vVJabzAV8e9uhoHtZuRP74djCJSmcH/ouKIXHMrGCVow2RdWNT8d3GPT0RJCtLnzrp5WybEn8CcFwKXWefxN4w8G1e2qS/ezgJMUoSa3uZAFuNyiVcBXHX0BNlZJA8Ch17Xj/jg6CSJRO6YuDuCI3+cFSgp1PycUlETPh4M3JsW1G9CLGWfsWhHyCLVdSG7CgLVZaGuuM3q2IUI5vyQWL2+5Kgt/YEWCWJ0Gh/nixhcYTz1/JGko403EBm9zgTyTQrc9PWla7PVlXGYtvx926W+zej7bKn/pqTYIyhITdANPvStMSgXZeGvN0IFXng9AV7/GDeHbrA5ZzhFrHN6qfvggel2SulpvoGFvVxKpnrvT9zwY/HIeDVK9OdC12mOzOd13QRbCjTz/5xj5Tl6LY0qK78PjCw8sQG5ZG1JJ+cmPcFkScjM9Cu0Byc5CnfUZqi6cP/FKs2CFlyFOk/jz4UesReY4NhU15oOvjyJYQJINBH3YYPS04eamZGVvq9fi28bmal2Ab26cR0ZzDdjMwxk3E+FOaxLwUNXERLcV2za7lvrj32gc5TXPocFUJkKcaaJ1Bnw9t9ZlmbSrYkF7IZgnWS2kUzEFuwOnJ1Ip45a1QPMhiVXxFtMPhPXg8KGgcNO1hlnvAQQP8KVZNdF0glI+UTS7GoVcafQcxXbxHfW7psI33sodkOS6/LX+RnYLPXn5E9lO2wWcJhe+tBhVbKQjdt51LNfcDL2SWOSpY0dx+RxA4HAX5RC2VuIhbdSV4NpptLq8fIozw== + creds: AgAqzcrd2DmhzTKYzHG/AG4SrIHwYljieg+Tm9SsB9F4aYo3MZOd1BAcNBIExo1szuFJgTBtPpr8E369LFLLcp12Sc9Q1L2xVLjguS49qGPze69sF4q8SeyT7/fn5RNGbvr4QJ0/RMXh9Lt8+S+0eKWdLTdbE4/ldc0pwEHDSaClAxFgKYbLy+B/h6aVvguAznskHVSE0oCpCM3FFLtLuFkaUXTBwWhdtGRC9auJbisqcS6Vho7qwjdRDx5ZFeRcQ983t4+7KGy51IieDIE9IyW0OQno+H/7V9l5AoZXTt7dJ2FN2skBk9cJMOVPHEgJccosHj8znDPnYG2OROeQJ3bFv0d/gbh8FJSvbWl4jzP6PdXB11w4tXfHfTb6Xj8X86Qq5KqJH2Dm665yaRyHV+x9v6j2JUA9Ba2BaSZMhZd+kZTbf2+GcbB0UiodqZAW5YKUkY4nTugRoGbbjca24M0hu022yUErADjHJNWzdE4WGNr1cF6VTV4Ky5mJ/ACpRKsNLxJkl5KJKDXjpO/ny/B55IHNWCJnxkSyusMvH2J/072LURQZio5+GsWH48MzhS6HXXVqsv7vXZHm/P6XsMX43aL8wxlBGLebFWb8kI5yLP1DFxF8w4G+AJXNrksE9nddO+nFWvy4C4eNbjm3wibL77bkZ7RemvErbKylNj+qaSNjHRMcBtuNe7Tg+SGhALqPOcdY0w8tIZ9lUbrQak4sjX2v+Evx3e8tuRbJmKJRPMEV72cMVcYzxXbW+LGicrxtEgER3M87AfB30uc82w9JrHnoH0U1Jlnh/gB+4Lm8eiaERoIB70He+8SP/bMmy+K9nUH2VxwZBwC+Zz9cLesz3IJieW4piA== template: metadata: creationTimestamp: null name: aws-secret - namespace: {{ .Release.Namespace }} + namespace: infrastructure