lifelog and tech

argocd를 helm 을 이용해 설치하고 다음 값을 설정해서 설치하였다.

USER-SUPPLIED VALUES:
rbacConfig:
  groups:
  - name: admin
    rules:
    - apiGroups:
      - '*'
      resources:
      - '*'
      verbs:
      - '*'
  users:
  - groups:
    - admin
    name: admin
server:
  extraArgs:
  - --insecure
  ingress:
    annotations:
      kubernetes.io/ingress.class: nginx
      nginx.ingres.kubernetes.io/affinity: cookie
      nginx.ingress.kubernetes.io/session-cookie-expires: "172800"
      nginx.ingress.kubernetes.io/session-cookie-max-age: "172800"
      nginx.ingress.kubernetes.io/session-cookie-name: route
      cert-manager.io/cluster-issuer: letsencrypt-prod
      acme.cert-manager.io/http01-edit-in-place: "true"
      meta.helm.sh/release-name: argocd
      meta.helm.sh/release-namespace: argocd
      
    enabled: true
    hosts:
    - argocd.yourdomain.com
    ingressClassName: nginx
  service:
    type: NodePort
        # -- Ingress TLS configuration
    tls: []
        # - secretName: argocd-applicationset-tls
        #   hosts:
        #     - argocd-applicationset.example.com

인증서를 쓰는 도메인을 사용할 경우 tls에 기술한다.

helm 설치 후 해당 네임스페이스에 기술한 시크릿이 생성되었는지 확인한다.

tls 설정 부분을 위한 annotation이 부족한 경우 정상적으로 시크릿이 생성되지 않고 사이트에 불완전한 커넥션 표시가 뜰 수 있다.

위 동작을 위해 cert-manager가 쿠버네티스 클러스터에 미리 설치되어 있어야 한다.

또한 인그레스를 활성화하는 값을 사용했으므로 해당 네임스페이스에 정의한 ingress가 생성되었는지 확인한다.

어플리케이션 배포에 앞서 test Project를 생성하고 테스트를 위해 권한이 있는 role을 부여했다.

Clusters엔 현재 argocd 를 올려놓은 Cluster 가 등록되어있는 상태다.

이후 Applications 에서 EDIT AS YAML을 선택하여 아래와 같이 기본적인 테스트를 위한 설정을 입력했다.

project: test
source:
  repoURL: 'https://github.com/argoproj/argocd-example-apps'
  path: guestbook
  targetRevision: HEAD
destination:
  server: 'https://kubernetes.default.svc'
  namespace: default

어플리케이션이 처음 등록에 성공하면 Out of sync 상태로 표시되어있고,

해당 어플리케이션을 sync 해주면 세부사항이 바뀌면서 실제로 해당 네임스페이스에 리소스가 배포된 것을 확인할 수 있다.

등록했던 어플리케이션을 Delete 선택하여 삭제하면 다음과 같이 배포되었던 리소스도 삭제되었다.

Error message:

│ Error: Failed to construct REST client
│
│   with module.kubernetes.kubernetes_manifest.eniconfig["xx-northeast-xx"],
│   on modules/kubernetes/xx_network.tf line 41, in resource "kubernetes_manifest" "eniconfig":
│   41: resource "kubernetes_manifest" "eniconfig" {
│
│ cannot create REST client: no client config

From the official document of Hashcorp:

This resource requires API access during planning time. This means the cluster has to be accessible at plan time and thus cannot be created in the same apply operation. We recommend only using this resource for custom resources or resources not yet fully supported by the provider.

tfvars를 -var-file= 로 지정하여 terraform plan 시, 특정 모듈의 kubernetes_manifest 리소스 부분과 관련해서 no client config 에러가 발생하였다.

해시코프 공식 문서에 따르면 지정한 리소스가 테라폼 플래닝 중에 api 접근이 필요하며, 즉 terraform plan이 실행될 때 해당 클러스터(eks cluster)가 접근 가능한 상태여야 한다고 한다. 클러스터가 아직 생성되지 않은 상태이므로  해당 eniconfig 에 대한 커스텀 네트워크 리소스 설정 부분을 배제한 다른 tfvars 를 이용하여 배포에 성공하였다.

What are the major leaders in infrastructure automation technologies?

• AWS CloudFormation: AWS CloudFormation is Amazon Web Services' (AWS) native IaC service that allows users to create and manage AWS resources using JSON or YAML templates.

• Google Cloud Deployment Manager: Similar to CloudFormation, Google Cloud Deployment Manager enables the creation and management of Google Cloud Platform (GCP) resources through configuration files.

• Azure Resource Manager (ARM) Templates: Microsoft Azure's ARM Templates provide IaC capabilities for defining and managing Azure resources.

• Ansible: Ansible is an open-source automation tool that supports IaC for provisioning, configuration management, and application deployment.

• Chef: Chef is another open-source automation platform that enables configuration management and infrastructure automation.

• Puppet: Puppet is a configuration management tool that helps manage the state of IT infrastructure through code.

• Jenkins: Jenkins is an open-source automation server that can be used for continuous integration and continuous deployment (CI/CD) pipelines.

• GitLab CI/CD: GitLab provides built-in CI/CD capabilities for automating the deployment and testing of applications using GitLab's infrastructure.

A brief description of some of HashiCorp key services

• Terraform: Terraform is an infrastructure as code (IaC) tool that enables users to define and manage cloud infrastructure using a declarative configuration language. With Terraform, you can create, modify, and destroy infrastructure resources across various cloud providers, data centers, and services, all in a version-controlled and repeatable manner.

• Consul: Consul is a service networking platform that provides features for service discovery, health checking, and key-value storage. It simplifies the management of distributed applications and microservices by enabling them to locate and communicate with each other reliably.

• Vault: Vault is a secrets management tool that securely stores, accesses, and manages sensitive data, such as passwords, tokens, and encryption keys. It ensures that applications and services can access secrets securely without hardcoding or exposing them.

• Nomad: Nomad is a lightweight and flexible job scheduler and orchestrator. It allows users to deploy and manage applications across various infrastructure platforms, including virtual machines, containers, and bare-metal servers.
  
  Packer: Packer is a tool for creating machine images for various platforms, such as Amazon EC2, Microsoft Azure, and Docker. It automates the process of creating consistent, ready-to-use machine images, ensuring that environments are reproducible and scalable.
  
  Vagrant: Vagrant is a development environment automation tool that simplifies the setup and configuration of virtual development environments. It allows developers to create and share reproducible development environments easily.