Last active July 10, 2024 04:42
# Source:
# Combining Argo CD (GitOps), Crossplane (Control Plane), And Kubevela (OAM) #
# #
# Setup #
# Create a Kuberentes cluster with Ingress. It can be a local (e.g., KinD, minikube, etc.) or a remote cluster.
# Replace `[...]` with the external IP of the Ingress service
export INGRESS_HOST=[...]
# Replace `[...]` with the GitHub organization or user
export GITHUB_ORG=[...]
# Watch if you are not familiar with GitHub CLI
gh repo fork vfarcic/crossplane-kubevela-argocd-demo \
cd crossplane-kubevela-argocd-demo
# Install Crossplane CLI from
export REPO_URL=$GITHUB_ORG/crossplane-kubevela-argocd-demo
cat production/sealed-secrets.yaml \
| sed -e "s@repoURL: .*@repoURL: $REPO_URL@g" \
| tee production/sealed-secrets.yaml
cat production/crossplane.yaml \
| sed -e "s@repoURL:*@repoURL: $REPO_URL@g" \
| tee production/crossplane.yaml
cat production/team-a-infra.yaml \
| sed -e "s@repoURL: .*@repoURL: $REPO_URL@g" \
| tee production/team-a-infra.yaml
cat orig/team-app-reqs.yaml \
| sed -e "s@repoURL: .*@repoURL: $REPO_URL@g" \
| tee orig/team-app-reqs.yaml
cat orig/team-apps.yaml \
| sed -e "s@repoURL: .*@repoURL: $REPO_URL@g" \
| tee orig/team-apps.yaml
cat apps.yaml \
| sed -e "s@repoURL: .*@repoURL: $REPO_URL@g" \
| tee apps.yaml
kubectl apply --filename sealed-secrets
# Setup AWS #
# Replace `[...]` with your access key ID`
export AWS_ACCESS_KEY_ID=[...]
# Replace `[...]` with your secret access key
echo "[default]
aws_access_key_id = $AWS_ACCESS_KEY_ID
aws_secret_access_key = $AWS_SECRET_ACCESS_KEY
" | tee aws-creds.conf
kubectl --namespace crossplane-system \
create secret generic aws-creds \
--from-file creds=./aws-creds.conf \
--output json \
--dry-run=client \
| kubeseal --format yaml \
| tee crossplane-configs/aws-creds.yaml
# Setup Argo CD #
git add .
git commit -m "Personalization"
git push
helm repo add argo \
helm repo update
helm upgrade --install \
argocd argo/argo-cd \
--namespace argocd \
--create-namespace \
--set server.ingress.hosts="{argo-cd.$}" \
--set server.ingress.enabled=true \
--set server.extraArgs="{--insecure}" \
--set controller.args.appResyncPeriod=30 \
kubectl apply --filename project.yaml
kubectl apply --filename apps.yaml
export PASS=$(kubectl \
--namespace argocd \
get secret argocd-initial-admin-secret \
--output jsonpath="{.data.password}" \
| base64 --decode)
argocd login \
--insecure \
--username admin \
--password $PASS \
--grpc-web \
argocd account update-password \
--current-password $PASS \
--new-password admin123
echo http://argo-cd.$
# Open it in a browser
# Use `admin` as both the username and password
# Open a second terminal and go to the same directory as in the first
# GitOps #
# Observe the Argo CD UI and wait until the apps are rolled out
# Infrastructure #
cat orig/cluster.yaml
cp orig/cluster.yaml team-a-infra/.
git add .
git commit -m "Team A infra"
git push
# In the second terminal
kubectl get clusters,nodegroup,iamroles,iamrolepolicyattachments,vpcs,securitygroups,subnets,internetgateways,routetables,,releases
# It might take a while until Argo CD detects the changes and the resources appear.
# Wait until all the resources are ready and synced
chmod +x
./ team-a
# Applications #
cat orig/my-app.yaml
cp orig/my-app.yaml team-a-apps/.
git add .
git commit -m "Team A apps"
git push
# In the second terminal
export KUBECONFIG=$PWD/kubeconfig.yaml
# In the second terminal
kubectl --namespace production \
get all,hpa,ingress
# How did it all happen? #
# In the second terminal
cat apps.yaml
# In the second terminal
ls -1 production
# In the second terminal
cat production/team-a-infra.yaml
# In the second terminal
ls -1 team-a-infra
# In the second terminal
cat crossplane-compositions/definition.yaml
# In the second terminal
cat crossplane-compositions/cluster-aws.yaml
cat team-a-infra/cluster.yaml
# In the second terminal
cat team-a-app-reqs/kubevela.yaml
cat team-a-apps/my-app.yaml
# Show Argo CD
# Deleting infrastructure #
rm team-a-infra/cluster.yaml
git add .
git commit -m "Remove the cluster"
git push
# In the second terminal
# In the second terminal
kubectl get clusters,nodegroup,iamroles,iamrolepolicyattachments,vpcs,securitygroups,subnets,internetgateways,routetables,,releases
# Wait until all the resources are removed
# Destroy #
rm -rf team-a-apps
rm -rf team-a-app-reqs
rm production/team-a-apps.yaml
rm production/team-a-app-reqs.yaml
git add .
git commit -m "Revert"
git push
# Delete the cluster
