initial commit

.github/workflows/action.yml

@@ -0,0 +1 @@
+# action.yml

.local/argo/ingress.yaml

@@ -0,0 +1,20 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: argocd-server-ingress
+  labels:
+    app.kubernetes.io/name: argocd-server-ingress
+    app.kubernetes.io/component: server-ingress
+    app.kubernetes.io/part-of: argocd
+spec:
+  rules:
+  - host: argocd.localhost
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: argocd-server
+            port:
+              number: 80

.local/argo/kustomization.yaml

@@ -0,0 +1,16 @@
+resources:
+  - https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
+  - namespace.yaml
+  - ingress.yaml
+
+namespace: argocd
+
+patches:
+  - patch: |
+      apiVersion: v1
+      kind: ConfigMap
+      metadata:
+        name: argocd-cmd-params-cm
+      data:
+        server.insecure: "true"
+        server.basehref: "/" # must match the ingress path prefix

.local/argo/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: argocd

.local/install.sh

@@ -0,0 +1,88 @@
+#!/bin/bash
+
+export MINIKUBE=false
+
+BLUE=$(tput setaf 4)
+NORMAL=$(tput sgr0)
+BRIGHT=$(tput bold)
+COLOR=$BLUE
+STAR='🌟 '
+
+printf "\n%s%s%s\n" "$STAR" "$COLOR" "checking for kind or minikube..."
+if ! command -v kind &> /dev/null
+then
+  echo "kind could not be found, checking for minikube..."
+  if ! command -v minikube &> /dev/null
+  then
+    echo "minikube could not be found. Please install minikube or kind and try again."
+    exit 1
+  else
+    export MINIKUBE=true
+  fi
+fi
+
+if [ $MINIKUBE == true ]
+then
+  echo "creating cluster with minikube..."
+  if ! minikube start --addons ingress
+  then
+    echo "Failed to create minikube cluster. Exiting..."
+    exit 1
+  fi
+else
+  echo "creating cluster with kind..."
+  if ! kind create cluster --name my-cluster --config .local/kind-config.yaml
+  then
+    echo "Failed to create kind cluster. Exiting..."
+    exit 1
+  fi
+fi
+
+if [[ $(kubectl config current-context) != "kind-my-cluster" ]] && [[ $(kubectl config current-context) != "minikube"  ]]
+then
+  echo "Current context is not kind-my-cluster. Please switch to the correct context and try again."
+  exit 1
+fi
+
+if [[ $MINIKUBE == false ]]
+then
+  printf "\n%s%s%s\n" "$STAR" "$COLOR" "installing nginx ingress controller..."
+  kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml || exit 1
+
+fi
+
+printf "\n%s%s%s\n" "$STAR" "$COLOR" "waiting for ingress controller to get ready..."
+kubectl wait --namespace ingress-nginx \
+  --for=condition=ready pod \
+  --selector=app.kubernetes.io/component=controller \
+  --timeout=90s
+
+printf "\n%s%s%s\n" "$STAR" "$COLOR" "sleep for 10 seconds to allow ingress controller to get ready..."
+sleep 10
+printf "\n%s%s%s\n" "$STAR" "$COLOR" "installing argocd..."
+kubectl apply -k .local/argo || exit 1
+
+printf "\n%s%s%s\n" "$STAR" "$COLOR" "waiting for argocd to get ready..."
+kubectl wait -n argocd \
+  --for=condition=ready pod \
+  --timeout=90s \
+  --selector=app.kubernetes.io/name=argocd-server
+
+argo_password=$(kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d)
+argo_host=$(kubectl -n argocd get ingress argocd-server-ingress -o jsonpath="{.spec.rules[0].host}")
+argo_path=$(kubectl get ingress -n argocd argocd-server-ingress -o jsonpath="{.spec.rules[0].http.paths[0].path}")
+printf "\nArgoCD now available at http://%s%s" "${argo_host:=localhost}" "$argo_path"
+printf "\nusername: %sadmin%s" "${BRIGHT}" "${NORMAL}"
+printf "\npassword: %s%s%s\n" "${BRIGHT}" "$argo_password" "${NORMAL}"
+
+kubectl apply -f iac/appset.yaml
+
+# echo ""
+# echo "You can now create a bootstrap app by running 'kubectl apply -f .bootstrap/dev.yaml'"
+
+# if [[ $MINIKUBE == true ]]
+# then
+#   echo ""
+#   printf "\n%s%s%s\n" "$STAR" "$COLOR" "starting minkube tunnel... Use a new terminal to run 'kubectl apply -f .bootstrap/dev.yaml'"
+#   minikube tunnel
+# fi

.local/kind-config.yaml

@@ -0,0 +1,19 @@
+kind: Cluster
+apiVersion: kind.x-k8s.io/v1alpha4
+nodes:
+  - role: control-plane
+    kubeadmConfigPatches:
+      - |
+        kind: InitConfiguration
+        nodeRegistration:
+          kubeletExtraArgs:
+            node-labels: "ingress-ready=true"        
+    extraPortMappings:
+      - containerPort: 80
+        hostPort: 80
+        protocol: TCP
+      - containerPort: 443
+        hostPort: 443
+        protocol: TCP
+  - role: worker
+  - role: worker

go.work

@@ -0,0 +1,6 @@
+go 1.21.1
+
+use (
+	./src/app1
+	./src/app2
+)

iac/appset.yaml

@@ -0,0 +1,24 @@
+# alt under src/<appname>
+apiVersion: argoproj.io/v1alpha1
+kind: ApplicationSet
+metadata:
+  name: example-appset
+  namespace: openshift-gitops
+spec:
+  generators:
+  - git:
+      repoURL: https://github.com/stianfro/gitops-monorepo.git
+      revision: HEAD
+      directories:
+      - path: src/*
+  template:
+    metadata:
+      name: '{{path.basename}}'
+    spec:
+      project: "example"
+      source:
+        repoURL: https://github.com/stianfro/gitops-monorepo.git
+        targetRevision: HEAD
+        path: '{{path}}'
+      destination:
+        server: https://kubernetes.default.svc

iac/kubernetes/base/deployment.yaml

@@ -0,0 +1,19 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: deployment
+spec:
+  selector:
+    matchLabels:
+      app: application
+  template:
+    spec:
+      containers:
+      - name: app
+        image: registry.example.io
+        resources:
+          limits:
+            memory: "128Mi"
+            cpu: "500m"
+        ports:
+        - containerPort: 8080

iac/kubernetes/base/kustomization.yaml

@@ -0,0 +1,6 @@
+resources:
+  - deployment.yaml
+  - service.yaml
+
+commonAnnotations:
+  kubernetes.example.io/system: example

iac/kubernetes/base/service.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: service
+spec:
+  selector:
+    app: application
+  ports:
+  - port: 8080
+    targetPort: 8080

mkdocs.yaml

@@ -0,0 +1 @@
+# mkdocs.yaml

src/app1/Dockerfile

@@ -0,0 +1,38 @@
+##
+## Build
+##
+FROM golang:1.21-bullseye as base
+
+RUN adduser \
+  --disabled-password \
+  --gecos "" \
+  --home "/nonexistent" \
+  --shell "/sbin/nologin" \
+  --no-create-home \
+  --uid 65532 \
+  small-user
+
+WORKDIR $GOPATH/src/app/
+
+COPY . .
+
+RUN go mod download
+RUN go mod verify
+
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o /main .
+
+##
+## Deploy
+##
+FROM scratch
+
+COPY --from=base /usr/share/zoneinfo /usr/share/zoneinfo
+COPY --from=base /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
+COPY --from=base /etc/passwd /etc/passwd
+COPY --from=base /etc/group /etc/group
+COPY --from=base /main .
+
+USER small-user:small-user
+
+CMD ["./main"]
+

src/app1/go.mod

@@ -0,0 +1,3 @@
+module app1
+
+go 1.21.1

src/app1/kustomization.yaml

@@ -0,0 +1,30 @@
+resources:
+  - ../../iac/kubernetes/base
+
+namespace: hes-extensions
+namePrefix: app1-
+
+images:
+- name: registry.example.io
+  newName: ghcr.io/nkzk/example-go-image
+  newTag: release
+
+labels:
+- pairs:
+    app: app1
+  includeSelectors: true
+
+patches:
+- patch: |
+    apiVersion: apps/v1
+    kind: Deployment
+    metadata:
+      name: deployment
+    spec:
+      template:
+        spec:
+          containers:
+          - name: app
+            env:
+            - name: ENVIRONMENT
+              value: production

src/app1/main.go

@@ -0,0 +1,15 @@
+package main
+
+import (
+	"fmt"
+	"net/http"
+)
+
+func helloWorldHandler(w http.ResponseWriter, r *http.Request) {
+	fmt.Fprintf(w, "Hello, app1!")
+}
+
+func main() {
+	http.HandleFunc("/", helloWorldHandler)
+	http.ListenAndServe(":8080", nil)
+}

src/app2/Dockerfile

@@ -0,0 +1,38 @@
+##
+## Build
+##
+FROM golang:1.21-bullseye as base
+
+RUN adduser \
+  --disabled-password \
+  --gecos "" \
+  --home "/nonexistent" \
+  --shell "/sbin/nologin" \
+  --no-create-home \
+  --uid 65532 \
+  small-user
+
+WORKDIR $GOPATH/src/app/
+
+COPY . .
+
+RUN go mod download
+RUN go mod verify
+
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o /main .
+
+##
+## Deploy
+##
+FROM scratch
+
+COPY --from=base /usr/share/zoneinfo /usr/share/zoneinfo
+COPY --from=base /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
+COPY --from=base /etc/passwd /etc/passwd
+COPY --from=base /etc/group /etc/group
+COPY --from=base /main .
+
+USER small-user:small-user
+
+CMD ["./main"]
+

src/app2/go.mod

@@ -0,0 +1,3 @@
+module app2
+
+go 1.21.1

src/app2/kustomization.yaml

@@ -0,0 +1,31 @@
+resources:
+  - ../../iac/kubernetes/base
+
+namespace: hes-extensions
+namePrefix: app2-
+
+images:
+- name: registry.example.io
+  newName: ghcr.io/nkzk/example-go-image
+  newTag: release
+
+labels:
+- pairs:
+    app: app2
+  includeSelectors: true
+
+patches:
+- patch: |
+    apiVersion: apps/v1
+    kind: Deployment
+    metadata:
+      name: deployment
+    spec:
+      template:
+        spec:
+          containers:
+          - name: app
+            resources:
+              limits:
+                memory: "2Gi"
+                cpu: "50m"