feat: Example of AWS CodeCommit as a repository for ArgoCD workloads #1509
Conversation
…repository for ArgoCD workloads
Fix typos
ybezsonov
had a problem deploying
to
EKS Blueprints Test
GitHub Actions
Error
ybezsonov
changed the title
ybezsonov
changed the title
ybezsonov
had a problem deploying
to
EKS Blueprints Test
GitHub Actions
Failure
| @@ -0,0 +1,170 @@ | |||
| # EKS Cluster with ArgoCD and Workloads in private AWS CodeCommit repository | |||
|
|
|||
| This example shows how to provision an EKS cluster with: | |||
There was a problem hiding this comment.
Lets add in why this pattern is useful to users - what would be the primary motivation to use CodeCommit, why any additional steps are necessary to integrate with CodeCommit, etc.
| #--------------------------------------------------------------- | ||
| # ARGOCD WORKLOAD APPLICATION | ||
| #--------------------------------------------------------------- | ||
| # workload_repo = "https://github.com/aws-samples/eks-blueprints-workloads.git" |
There was a problem hiding this comment.
I don't quite follow what is happening here - what should users do, what sequence of events, etc.
| workload_repo = aws_codecommit_repository.workloads_repo_cc.clone_url_http | ||
| ``` | ||
|
|
||
| Update main.tf and enable workloads and addons (if not enabled yet). |
There was a problem hiding this comment.
Why do they need to change this, shouldn't this just be set in the pattern/example?
| - Configure kubectl using output | ||
|
|
||
| ```sh | ||
| terraform output configure_kubectl |
There was a problem hiding this comment.
Copy boiler plate text from other examples - this looks a bit different here
| - Clone [EKS Blueprints Workloads Repo](https://github.com/aws-samples/eks-blueprints-workloads) from Github to AWS CodeCommit (clone2cc.sh) | ||
|
|
||
| ```sh | ||
| pushd ../../../.. |
There was a problem hiding this comment.
- Why do we need to go up to root?
- We should ensure any local copies are cleaned up
There was a problem hiding this comment.
- Why only copy over the workloads repo? What about the repository where the Terraform code is defined (i.e. - eks-blueprints), and the repository where the ArgoCD manifests are located (i.e. - eks-addons)?
| user_name = aws_iam_user.argocd_user.name | ||
| } | ||
|
|
||
| resource "aws_iam_user_policy" "argocd_user_codecommit_ro" { |
There was a problem hiding this comment.
switch this to create an standalone policy and not an inline policy
| ] | ||
| } | ||
|
|
||
| resource "kubectl_manifest" "repo_creds_platform_https" { |
There was a problem hiding this comment.
Lets switch this to create a secret in SecretManager and use external secrets to pull
| trigger { | ||
| name = "all" | ||
| events = ["all"] | ||
| custom_data = var.argocd_url |
There was a problem hiding this comment.
map output here to replace variable which will map an implicit dependency (i.e. - can then remove the depends_on)
| }) | ||
| } | ||
|
|
||
| resource "aws_iam_role" "iam_for_lambda" { |
There was a problem hiding this comment.
All of the lambda resources can be removed - not required for this example, ArgoCD will sync
| @@ -0,0 +1,98 @@ | |||
| resource "aws_codecommit_repository" "workloads_repo_cc" { | |||
| repository_name = "eks-blueprints-workloads-cc" | |||
There was a problem hiding this comment.
this would be a good local variable
|
This PR has been automatically marked as stale because it has been open 30 days |
|
Pull request closed due to inactivity. |
What does this PR do?
Create AWS Codecommit repository
Copy sample workloads repository from Github and push to AWS Codecommit
Create AWS Codecommit credentials and configure ArgoCD to use them via Secret to access AWS Codecommit repository
Create AWS Codecommit trigger to execute AWS Lambda function to call ArgoCD webhook
Motivation
More
pre-commit run -awith this PRFor Moderators
Additional Notes