tl;dr, you'll need
- Docker secrets
- Github API token (read/write)
- A digital ocean API token
doctl,terraform,terragrunt,task
. See tools.
The module currently requires the following secrets
export TF_VAR_do_token=$(pass digital-ocean-doctl-token)
export TF_VAR_registry_read_token=$(pass dockerhub-k8s-read)
export TF_VAR_registry_write_token=$(pass dockerhub-k8s-write)
export TF_VAR_github_read_token=$(pass github-api-read)
export TF_VAR_github_deploy_token=$(pass github-deploy-key-gen)
Along with the following variables:
# terraform.tfvars
cluster_name = "liatrio-demo"
domain_name = "happylittlecloud.xyz"
github_username = "blairdrummond"
github_repo = "terragrunt-experiment-manifests"
registry_server = "https://index.docker.io/v1/"
registry_username = "blairdrummond"
If you change the github username and docker username, you will also need to replace them in the ArgoCD Manifests repository.
If you deploy without docker secrets, most things will work. You just won't be building images.
The git credentials are to read the private repositories, and argo events uses a credential to auto-configure a github webhook. If the repos become public, these would also be unnecessary.
I pointed happylittlecloud.xyz
to the digitalocean nameservers in advance so that I can use the domain for the purpose of this demo. If you want to do this too, take a look at digitalocean's docs on dns-registrars.
After configuring your DNS registrar, you need to modify the environments/prod/dns
domain variable, and unfortunately you also will need to modify the annotation on the ingress controller in the manifests repo and all Ingress objects there.
Example Ingress object needing edits
- doctl
- terragrunt
- terraform
- task
Optional:
- k3d (Note, the metallb configuration might be Linux Only?)
- Pray to the demo gods
- Configure secrets (either as env vars or with secrets.env)
. ./secrets.env
(to source the secrets)- Run
task prod
(ortask all
if you're on linux and havek3d
1) - If you configured a domain, wait a few minutes2 and run
task prod:dns:apply
Note, you may first want to run task login:doctl
to log into digitalocean.
Once your clusters are up, switch to the context you'd like to see (either the k3d or prod cluster), and run task login:argo-cd
. You'll see
➜ terragrunt-experiment-infra git:(main) ✗ task login:argo-cd
=== kube context ========
k3d-liatrio-demo
=== ArgoCD Login ========
username: admin
password: XXXXXXXXXXXXXXXX
=========================
Forwarding from 127.0.0.1:8000 -> 8080
Forwarding from [::1]:8000 -> 8080
This will print credentials for you, which you can use at http://localhost:8000
. You'll be able to see most of the services deployed to the cluster in the UI.
- Run
task destroy
Footnotes
-
It's linux only, I think, because the metallb tool requires a path to a docker socket. ↩
-
This is because ArgoCD deploys the ingress gateway and loadbalancer, and you need to wait for that load balancer to get initialized to get the IP address. It's possible to get this automatically, but it's a pain. ↩