Cluster

• Cluster Repository for GitOps Deploy of Infrastructure
• It will deploy:
  • ArgoCD
  • Traefik
  • Traefik SSO for Google
  • Cert Manager
  • Bitnami sealed-secrets

Initial Setup

• Install direnv if you don't have

Google GKE Cluster (WIP!)

• Using a private cluster on Google Cloud GKE
• Code taken from Neutrollized/free-tier-gke for almost free cluster
• cd gke && direnv allow will create a project in GKE

Terraform (WIP!)

• Check terraform.tfvars for default
• cd terraform && direnv allow will create cluster

Bootstrap GitOps Cluster

• Execute bootstrap.sh to install ArgoCD
• After initial Bootstrap app-of-apps will be synced by ArgoCD as well
• ArgoCD will also manage itself after bootstrap
• Note:
  • Please update ArgoCD admin password or disable the user
  • Traefik Dashboard has "admin/admin" by default:

   echo $(htpasswd -n admin) | kubectl create secret generic traefik-basic-auth -n traefik --dry-run=client \
   --from-file=users=/dev/stdin -o yaml \
   | kubeseal --controller-namespace infrastructure --controller-name sealed-secrets -o yaml \
   >! infrastructure/ingress/traefik-basic-auth-sealed.yaml 

ArgoCD

App	Status
app-of-apps
argocd
projects
apps
infrastructure

Upgrade ArgoCD

• argocd can be upgraded by changing the helm chart versions in Chart.yml

Debug

• If you messed up Traefik or ArgoCD config, you can always port-forward:
  • kubectl port-forward $(kubectl get pods --selector "app.kubernetes.io/name=traefik" --output=name -n traefik) 9000:9000 -n traefik
  • kubectl port-forward svc/argocd-server -n argocd 8080:443

TODOs

• Infrastructure is not templated
• Google SSO for ArgoCD