kubectl create ns app
Shell
복사
public_a=$(aws ec2 describe-subnets --filters "Name=tag:Name,Values=skills-public-a" --query "Subnets[].SubnetId[]" --output text)
public_b=$(aws ec2 describe-subnets --filters "Name=tag:Name,Values=skills-public-b" --query "Subnets[].SubnetId[]" --output text)
private_a=$(aws ec2 describe-subnets --filters "Name=tag:Name,Values=skills-private-a" --query "Subnets[].SubnetId[]" --output text)
private_b=$(aws ec2 describe-subnets --filters "Name=tag:Name,Values=skills-private-b" --query "Subnets[].SubnetId[]" --output text)
public_subnet_name=("$public_a" "$public_b")
private_subnet_name=("$private_a" "$private_b")
for name in "${public_subnet_name[@]}"
do
aws ec2 create-tags --resources $name --tags Key=kubernetes.io/role/elb,Value=1
done
for name in "${private_subnet_name[@]}"
do
aws ec2 create-tags --resources $name --tags Key=kubernetes.io/role/internal-elb,Value=1
done
Shell
복사
helm repo add eks https://aws.github.io/eks-charts
helm repo update eks
helm install aws-load-balancer-controller eks/aws-load-balancer-controller \
-n kube-system \
--set clusterName=skills-eks-cluster \
--set serviceAccount.create=false \
--set serviceAccount.name=aws-load-balancer-controller
Shell
복사
kubectl create ns argocd
Shell
복사
helm repo add argo https://argoproj.github.io/argo-helm
helm repo update argo
Shell
복사
cat <<\EOF> argocd-value.yaml
configs:
cm:
accounts.image-updater: apiKey
timeout.reconciliation: 60s
rbac:
policy.csv: |
p, role:image-updater, applications, get, */*, allow
p, role:image-updater, applications, update, */*, allow
g, image-updater, role:image-updater
policy.default: role.readonly
params:
server.insecure: true
EOF
Shell
복사
helm install argocd argo/argo-cd \
--create-namespace \
--namespace argocd \
--values argocd-value.yaml
Shell
복사
sudo curl --silent --location -o /usr/local/bin/argocd https://github.com/argoproj/argo-cd/releases/download/v2.13.1/argocd-linux-amd64
sudo chmod 755 /usr/local/bin/argocd
Shell
복사
sudo dnf install -y expect
kubectl port-forward svc/argocd-server -n argocd --address=0.0.0.0 8080:443 > /dev/null &
ARGO_PW=(`kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d`)
echo y | argocd login --insecure --username admin --password $ARGO_PW 127.0.0.1:8080 # ID : admin
expect -c "
spawn argocd account update-password
expect -re \".*Enter.*\"
send \"$ARGO_PW\r\"
expect -re \".*Enter.*\"
send \"Skill53##\r\"
expect -re \".*Confirm.*\"
send \"Skill53##\r\"
interact
"
Shell
복사
eksctl create iamserviceaccount \
--cluster skills-eks-cluster \
--name argocd-image-updater \
--namespace argocd \
--attach-policy-arn arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly \
--approve
Shell
복사
cat <<\EOF> argocd-image-updater-values.yaml
config:
argocd:
grpcWeb: true
serverAddress: "http://argocd-server.argocd"
insecure: true
plaintext: true
logLevel: debug
registries:
- name: ECR
api_url: "https://ACCOUNT_ID.dkr.ecr.REGION_CODE.amazonaws.com"
prefix: "ACCOUNT_ID.dkr.ecr.REGION_CODE.amazonaws.com"
ping: true
insecure: false
credentials: "ext:/scripts/auth1.sh"
credsexpire: 10h
authScripts:
enabled: true
scripts:
auth1.sh: |
#!/bin/sh
aws ecr --region REGION_CODE get-authorization-token --output text --query 'authorizationData[].authorizationToken' | base64 -d
EOF
Shell
복사
sed -i "s|ACCOUNT_ID|$AWS_ACCOUNT_ID|g" argocd-image-updater-values.yaml
sed -i "s|REGION_CODE|$AWS_DEFAULT_REGION|g" argocd-image-updater-values.yaml
Shell
복사
helm install argocd-image-updater argo/argocd-image-updater \
--namespace argocd \
--set serviceAccount.create=false \
--values argocd-image-updater-values.yaml
Shell
복사
kubectl create namespace argo-rollouts
kubectl apply -n argo-rollouts -f https://github.com/argoproj/argo-rollouts/releases/latest/download/install.yaml
curl -LO https://github.com/argoproj/argo-rollouts/releases/latest/download/kubectl-argo-rollouts-linux-amd64
sudo install -o root -g root -m 0755 kubectl-argo-rollouts-linux-amd64 /usr/local/bin/kubectl-argo-rollouts
kubectl argo rollouts version
Shell
복사
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: argocd-ing
namespace: argocd
annotations:
alb.ingress.kubernetes.io/load-balancer-name: argocd-alb
alb.ingress.kubernetes.io/group.name: argocd-tg
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}]'
alb.ingress.kubernetes.io/healthcheck-path: /
alb.ingress.kubernetes.io/healthcheck-interval-seconds: '5'
alb.ingress.kubernetes.io/healthcheck-timeout-seconds: '3'
alb.ingress.kubernetes.io/healthy-threshold-count: '3'
alb.ingress.kubernetes.io/unhealthy-threshold-count: '2'
alb.ingress.kubernetes.io/target-group-attributes: deregistration_delay.timeout_seconds=30
spec:
ingressClassName: alb
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: argocd-server
port:
number: 80
YAML
복사
kubectl apply -f ingress.yaml
Shell
복사
Github Repo
GITHUB_REPO_URL="https://github.com/wlstmd/skills-application-repo.git"
Shell
복사
GITHUB_USERNAME="wlstmd"
GITHUB_TOKEN="<TOKEN>"
Shell
복사
argocd repo add $GITHUB_REPO_URL --username $GITHUB_USERNAME --password $GITHUB_TOKEN
Shell
복사
EKS_CLUSTER_ARN=$(aws eks describe-cluster --name skills-eks-cluster --query "cluster.arn" --output text)
ECR_REPO_URI=$(aws ecr describe-repositories --query "repositories[?repositoryName=='skills-repo'].repositoryUri" --output text)
Shell
복사
argocd app create py-app \
--repo $GITHUB_REPO_URL \
--path . \
--self-heal \
--sync-policy automated \
--dest-server https://kubernetes.default.svc \
--dest-namespace app \
--annotations argocd-image-updater.argoproj.io/image-list=org/app=$ECR_REPO_URI \
--annotations argocd-image-updater.argoproj.io/org_app.pull-secret=ext:/scripts/auth1.sh \
--annotations argocd-image-updater.argoproj.io/org_app.update-strategy=latest \
--upsert
Shell
복사