ArgoCD - Canary

AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query "Account" --output text) AWS_DEFAULT_REGION=ap-northeast-2

kubectl create ns app

public_a=$(aws ec2 describe-subnets --filters "Name=tag:Name,Values=skills-public-subnet-a" --query "Subnets[].SubnetId[]" --output text) public_b=$(aws ec2 describe-subnets --filters "Name=tag:Name,Values=skills-public-subnet-b" --query "Subnets[].SubnetId[]" --output text) private_a=$(aws ec2 describe-subnets --filters "Name=tag:Name,Values=skills-private-subnet-a" --query "Subnets[].SubnetId[]" --output text) private_b=$(aws ec2 describe-subnets --filters "Name=tag:Name,Values=skills-private-subnet-b" --query "Subnets[].SubnetId[]" --output text) public_subnet_name=("$public_a" "$public_b") private_subnet_name=("$private_a" "$private_b") for name in "${public_subnet_name[@]}" do aws ec2 create-tags --resources $name --tags Key=kubernetes.io/role/elb,Value=1 done for name in "${private_subnet_name[@]}" do aws ec2 create-tags --resources $name --tags Key=kubernetes.io/role/internal-elb,Value=1 done

helm repo add eks https://aws.github.io/eks-charts helm repo update eks helm install aws-load-balancer-controller eks/aws-load-balancer-controller \ -n kube-system \ --set clusterName=skills-eks-cluster \ --set serviceAccount.create=false \ --set serviceAccount.name=aws-load-balancer-controller

kubectl create ns argocd helm repo add argo https://argoproj.github.io/argo-helm helm repo update argo

cat <<\EOF> argocd-value.yaml configs: cm: accounts.image-updater: apiKey timeout.reconciliation: 60s rbac: policy.csv: | p, role:image-updater, applications, get, */*, allow p, role:image-updater, applications, update, */*, allow g, image-updater, role:image-updater policy.default: role.readonly params: server.insecure: true EOF

helm install argocd argo/argo-cd \ --create-namespace \ --namespace argocd \ --values argocd-value.yaml

sudo curl --silent --location -o /usr/local/bin/argocd https://github.com/argoproj/argo-cd/releases/download/v2.13.1/argocd-linux-amd64 sudo chmod 755 /usr/local/bin/argocd

sudo dnf install -y expect kubectl port-forward svc/argocd-server -n argocd --address=0.0.0.0 8080:443 > /dev/null & ARGO_PW=(`kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d`) echo y | argocd login --insecure --username admin --password $ARGO_PW 127.0.0.1:8080 # ID : admin expect -c " spawn argocd account update-password expect -re \".*Enter.*\" send \"$ARGO_PW\r\" expect -re \".*Enter.*\" send \"Skill53##\r\" expect -re \".*Confirm.*\" send \"Skill53##\r\" interact "

eksctl create iamserviceaccount \ --cluster skills-eks-cluster \ --name argocd-image-updater \ --namespace argocd \ --attach-policy-arn arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly \ --approve

cat <<\EOF> argocd-image-updater-values.yaml config: argocd: grpcWeb: true serverAddress: "http://argocd-server.argocd" insecure: true plaintext: true logLevel: debug registries: - name: ECR api_url: "https://ACCOUNT_ID.dkr.ecr.REGION_CODE.amazonaws.com" prefix: "ACCOUNT_ID.dkr.ecr.REGION_CODE.amazonaws.com" ping: true insecure: false credentials: "ext:/scripts/auth1.sh" credsexpire: 10h authScripts: enabled: true scripts: auth1.sh: | #!/bin/sh aws ecr --region REGION_CODE get-authorization-token --output text --query 'authorizationData[].authorizationToken' | base64 -d EOF

sed -i "s|ACCOUNT_ID|$AWS_ACCOUNT_ID|g" argocd-image-updater-values.yaml sed -i "s|REGION_CODE|$AWS_DEFAULT_REGION|g" argocd-image-updater-values.yaml

helm install argocd-image-updater argo/argocd-image-updater \ --namespace argocd \ --set serviceAccount.create=false \ --values argocd-image-updater-values.yaml

kubectl create namespace argo-rollouts kubectl apply -n argo-rollouts -f https://github.com/argoproj/argo-rollouts/releases/latest/download/install.yaml curl -LO https://github.com/argoproj/argo-rollouts/releases/latest/download/kubectl-argo-rollouts-linux-amd64 sudo install -o root -g root -m 0755 kubectl-argo-rollouts-linux-amd64 /usr/local/bin/kubectl-argo-rollouts kubectl argo rollouts version

apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: argocd-ingress namespace: argocd annotations: alb.ingress.kubernetes.io/load-balancer-name: argocd-alb alb.ingress.kubernetes.io/group.name: argocd-tg alb.ingress.kubernetes.io/scheme: internet-facing alb.ingress.kubernetes.io/target-type: ip alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}]' alb.ingress.kubernetes.io/healthcheck-path: / alb.ingress.kubernetes.io/healthcheck-interval-seconds: '5' alb.ingress.kubernetes.io/healthcheck-timeout-seconds: '3' alb.ingress.kubernetes.io/healthy-threshold-count: '3' alb.ingress.kubernetes.io/unhealthy-threshold-count: '2' alb.ingress.kubernetes.io/target-group-attributes: deregistration_delay.timeout_seconds=30 spec: ingressClassName: alb rules: - http: paths: - path: / pathType: Prefix backend: service: name: argocd-server port: number: 80

kubectl apply -f ingress.yaml

GITHUB_USERNAME="wlstmd" GITHUB_TOKEN="<TOKEN>"

argocd repo add $GITHUB_REPO_URL --username $GITHUB_USERNAME --password $GITHUB_TOKEN

EKS_CLUSTER_ARN=$(aws eks describe-cluster --name skills-eks-cluster --query "cluster.arn" --output text) ECR_REPO_URI=$(aws ecr describe-repositories --query "repositories[?repositoryName=='skills-repo'].repositoryUri" --output text)

argocd app create py-app \ --repo $GITHUB_REPO_URL \ --path . \ --self-heal \ --sync-policy automated \ --dest-server https://kubernetes.default.svc \ --dest-namespace app \ --annotations argocd-image-updater.argoproj.io/image-list=org/app=$ECR_REPO_URI \ --annotations argocd-image-updater.argoproj.io/org_app.pull-secret=ext:/scripts/auth1.sh \ --annotations argocd-image-updater.argoproj.io/org_app.update-strategy=latest \ --upsert

kubectl argo rollouts get rollout canary-app -n app