Skip to content
Snippets Groups Projects
Verified Commit 280074fb authored by Antoine R. Dumont's avatar Antoine R. Dumont
Browse files

deployment/argocd: Migrate forge.s.o url to gitlab.s.o

parent c345bf6b
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
sysadm/deployment/argocd.rst
+ 73
47
View file @ 280074fb
......@@ -15,50 +15,59 @@ The repositories
To manage the kubernetes clusters and ArgoCD, 2 git repositories are used:
- `k8s-clusters-conf <https://forge.softwareheritage.org/source/k8s-clusters-conf/>`__ :
Kubernetes yaml files deployed on the clusters, it contains the configurations to apply
directly on the clusters. The ArgoCD configuration is also committed in this repository.
- `k8s-private data <https://forge.softwareheritage.org/source/k8s-swh-private-data/>`__ :
private repository with the yaml files to configure the secrets per cluster
- `k8s-clusters-conf
<https://gitlab.softwareheritage.org/infra/ci-cd/k8s-clusters-conf>`_: Kubernetes
yaml files deployed on the clusters, it contains the configurations to apply directly
on the clusters. The ArgoCD configuration is also committed in this repository.
- `k8s-private data
<https://gitlab.softwareheritage.org/infra/ci-cd/k8s-swh-private-data/>`_: private
repository with the yaml files to configure the secrets per cluster
**Except during the bootstrap phase, the configuration files are automatically applied on the clusters
by ArgoCD.**
**Except during the bootstrap phase, the configuration files are automatically applied
on the clusters by ArgoCD.**
2 others deployment services related are indirectly related to deployments:
- `swh-apps <https://forge.softwareheritage.org/source/swh-apps/>`__ :
- `swh-apps <https://gitlab.softwareheritage.org/infra/swh-apps>`_:
Image definitions (version and dependencies, docker images definitions)
- `swh-charts <https://forge.softwareheritage.org/source/swh-charts/>`__
- `swh-charts <https://gitlab.softwareheritage.org/infra/ci-cd/swh-charts>`_:
Application definitions, mostly helm charts defining the way to deploy an application.
The public configurations per environment are also in this repository due to an argocd constraints.
The deployment of these applications is done by ArgoCD.
The public configurations per environment are also in this repository due to argocd
constraints. The deployment of these applications is done by ArgoCD.
Bootstrap ArgoCD
----------------
Prerequisite: A working kubernetes cluster sized to your needs. At SoftwareHeritage, we chose to
deploy a small cluster of 2 nodes which looks enough for our dozen of applications.
Prerequisite: A working kubernetes cluster sized to your needs. At SoftwareHeritage, we
chose to deploy a small cluster of 2 nodes which looks enough for our dozen of
applications.
Install ArgoCD
~~~~~~~~~~~~~~
TODO: Detail how it was done in the swh environment
Some working notes are available in a `Readme.md in the k8s-clusters-conf repository <https://archive.softwareheritage.org/swh:1:cnt:f3594c8ccfe1f00abf09d49ffa640ea8f22a1440;origin=https://forge.softwareheritage.org/source/k8s-clusters-conf.git;visit=swh:1:snp:66a35583e901a1a5a62b4097fcd64e822316e80e;anchor=swh:1:rev:f0c609c40c463d39bd12f912570c34eebe0f217d;path=/README.md>`__.
It's based on the official `ArgoCD documentation <https://argo-cd.readthedocs.io/en/stable/cli_installation/>`__
Some working notes are available in a `Readme.md in the k8s-clusters-conf repository
<https://gitlab.softwareheritage.org/infra/ci-cd/k8s-clusters-conf/-/blob/master/Readme.md>`_.
It's based on the official `ArgoCD documentation
<https://argo-cd.readthedocs.io/en/stable/cli_installation/>`_
Upgrade ArgoCD
~~~~~~~~~~~~~~
Follow the `official ArgoCD document procedure <https://argo-cd.readthedocs.io/en/stable/operator-manual/upgrading/overview/>`__
Follow the `official ArgoCD document procedure
<https://argo-cd.readthedocs.io/en/stable/operator-manual/upgrading/overview/>`_
Bootstrap the self configuration management
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ArgoCD is able to manage its own configuration.
To do so some manual installation steps are needed:
To do so, some manual installation steps are needed:
- Clone the ``k8s-private-data`` and ``k8s-clusters-conf`` repositories locally (or directly the `sysadm-environment repository <https://forge.softwareheritage.org/source/sysadm-environment/>`__)
- Clone the ``k8s-private-data`` and ``k8s-clusters-conf`` repositories locally (or
directly the `sysadm-environment repository
<https://gitlab.softwareheritage.org/infra/sysadm-environment>`_)
- Configure the ``k8s-private-data`` repository credentials in ArgoCD:
.. code:: bash
......@@ -73,52 +82,57 @@ To do so some manual installation steps are needed:
cd k8s-clusters-conf/argocd/applications
kubectl apply -f argocd-applications.yaml
After that, ArgoCD will populate itself with all the applications in charge of the clusters configuration
and service deployments.
After that, ArgoCD will populate itself with all the applications in charge of the
clusters configuration and service deployments.
Manage a new kubernetes cluster
-------------------------------
As we saw, ArgoCD can take care of automatically applying and synchronizing the cluster configurations
and secrets based on what is committed in the ``k8s-clusters-conf`` and ``k8s-private-data`` repositories.
As we saw, ArgoCD can take care of automatically applying and synchronizing the cluster
configurations and secrets based on what is committed in the ``k8s-clusters-conf`` and
``k8s-private-data`` repositories.
A couple of steps are needed to add a new cluster and its associated management applications:
A couple of steps are needed to add a new cluster and its associated management
applications:
- Declare the cluster in ``k8s-private-data/argocd/clusters``
- Copy an existing cluster file and adapt to use the new cluster credentials
- If this cluster has some secrets, create a directory matching the cluster name at the root of the ``k8s-private-data`` repository too
- If this cluster has some secrets, create a directory matching the cluster name at the
root of the ``k8s-private-data`` repository too
- Put the secret configurations in the directory in kubernetes yaml files.
.. warning:: Only the secrets and private data must be put in this repository
- In the ``k8s-clusters-conf`` repository, create a new application in the ``argocd/applications/cluster-secrets``
named ``<cluster-name>.yaml`` to manage the new cluster secrets
under ``argocd/applications``
- In the ``k8s-clusters-conf`` repository, create a new application in the
``argocd/applications/cluster-secrets`` named ``<cluster-name>.yaml`` to manage the
new cluster secrets under ``argocd/applications``
Check other applications in this directory and adapt the following properties:
- metadata.name: change to <cluster-name>-secrets
- spec.source.path: change to <cluster-name>, it must match the directory created in the ``k8s-private-data`` repository
- spec.destination.server: change to the server url, it must match the ``stringData.server`` value in the
cluster configuration created in ``k8s-private-data/argocd/clusters/<cluster-name>.yaml``
- Create a new directory ``k8s-clusters-conf/<cluster-name>`` and add the yaml for the static
configurations of the cluster (namespace, crd, ...)
- spec.source.path: change to <cluster-name>, it must match the directory created in
the ``k8s-private-data`` repository
- spec.destination.server: change to the server url, it must match the
``stringData.server`` value in the cluster configuration created in
``k8s-private-data/argocd/clusters/<cluster-name>.yaml``
- Create a new directory ``k8s-clusters-conf/<cluster-name>`` and add the yaml for the
static configurations of the cluster (namespace, crd, ...)
- Create a new directory ``argocd/<cluster-name>``
- Create a new ``configuration-application.yaml`` to manage the static
configurations
- Create a new ``configuration-application.yaml`` to manage the static configurations
Copy another configuration application and adapt the following properties:
- metadata.name: Change to ``<cluster-name>-configuration``
- spec.source.path: Change to ``<cluster-name>``, it must match the directory name created earlier
- spec.destination.server: Change to the url of the server as declared in the cluster configuration
created in ``k8s-private-data``
- spec.source.path: Change to ``<cluster-name>``, it must match the directory name
created earlier
- spec.destination.server: Change to the url of the server as declared in the cluster
configuration created in ``k8s-private-data``
Commit and push, ArgoCD will apply all the configurations and will keep it in sync
Commit and push, ArgoCD will apply all the configurations and will keep it in sync.
Deploy a new service
--------------------
......@@ -127,18 +141,24 @@ The deployments of the services with kubernetes are also managed by ArgoCD.
To create a new application:
- Identify the cluster on which the service will be deployed
- Declare a new ArgoCD application in ``k8s-clusters-conf/argocd/application/<cluster-name>/<application>-application.yaml``
- Declare a new ArgoCD application in
``k8s-clusters-conf/argocd/application/<cluster-name>/<application>-application.yaml``
.. warning:: We are trying when it's possible to always use helm charts to deploy a service.
.. warning:: When possible, we try to use helm charts to deploy service.
You can find some other applications used to deploy helm based services in the repository.
You can find some other applications used to deploy helm based services in the
repository.
More information about the application configuration can also be found in the `official ArgoCD documentation <https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/>`__
More information about the application configuration can also be found in the `official
ArgoCD documentation
<https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/>`_
Manage users
------------
This documentation is based on the `official user management documentation <https://archive.softwareheritage.org/swh:1:cnt:c0a70eae47429de31f5eb3eb707ad2a498bee0ab;origin=https://github.com/argoproj/argo-cd;visit=swh:1:snp:2ea44c7c86241d081851907e778a41260304d898;anchor=swh:1:rev:a773b1effb6f59be14176c6402a9a69c4b480275;path=/docs/operator-manual/user-management/index.md>`__ (archived link)
This documentation is based on the `official user management documentation
<https://archive.softwareheritage.org/swh:1:cnt:c0a70eae47429de31f5eb3eb707ad2a498bee0ab;origin=https://github.com/argoproj/argo-cd;visit=swh:1:snp:2ea44c7c86241d081851907e778a41260304d898;anchor=swh:1:rev:a773b1effb6f59be14176c6402a9a69c4b480275;path=/docs/operator-manual/user-management/index.md>`_
(archived link)
Prerequisite
~~~~~~~~~~~~
......@@ -148,8 +168,12 @@ The argocd cli will be necessary to perform some action relative to the user man
Add a user
~~~~~~~~~~
- Add the user on the `argo-cm.yaml <https://gitlab.softwareheritage.org/infra/ci-cd/k8s-clusters-conf/-/blob/87aa53624d61601b31697d312254aa3c57a6227d/argocd/configmaps/argocd-cm.yaml>`__ file
- Add the user role on the `argocd-rbac-cm.yaml <https://gitlab.softwareheritage.org/infra/ci-cd/k8s-clusters-conf/-/blob/87aa53624d61601b31697d312254aa3c57a6227d/argocd/configmaps/argocd-rbac-cm.yaml>`__ file
- Add the user on the `argo-cm.yaml
<https://gitlab.softwareheritage.org/infra/ci-cd/k8s-clusters-conf/-/blob/87aa53624d61601b31697d312254aa3c57a6227d/argocd/configmaps/argocd-cm.yaml>`_
file
- Add the user role on the `argocd-rbac-cm.yaml
<https://gitlab.softwareheritage.org/infra/ci-cd/k8s-clusters-conf/-/blob/87aa53624d61601b31697d312254aa3c57a6227d/argocd/configmaps/argocd-rbac-cm.yaml>`_
file
If no role is specified, the user will only have a read-only access
.. code:: yaml
......@@ -176,7 +200,9 @@ Add a user
Disable a user
~~~~~~~~~~~~~~
- Add the following line in the `argocd-cm.yaml <https://gitlab.softwareheritage.org/infra/ci-cd/k8s-clusters-conf/-/blob/87aa53624d61601b31697d312254aa3c57a6227d/argocd/configmaps/argocd-cm.yaml>`__ file
- Add the following line in the `argocd-cm.yaml
<https://gitlab.softwareheritage.org/infra/ci-cd/k8s-clusters-conf/-/blob/87aa53624d61601b31697d312254aa3c57a6227d/argocd/configmaps/argocd-cm.yaml>`_
file
.. code:: yaml
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment