Initial commit.

2025-04-27 14:14:58 +02:00 · 2025-04-27 14:14:58 +02:00 · 38c0b98fa8
commit 38c0b98fa8
8 changed files with 199 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+data
--- a/README.md
+++ b/README.md
@ -0,0 +1,6 @@
+# ArgoCD Autopilot
+
+This repository contains scripts and templates to test `argocd-autopilot` on a newly created `k3d` cluster.
+
+The documentation about how to use it is available on this
+[post](https://blogops.mixinet.net/posts/gitops/argocd-autopilot/).
--- a/bin/argocd-bootstrap.sh
+++ b/bin/argocd-bootstrap.sh
@ -0,0 +1,33 @@
+#!/bin/sh
+
+set -e
+
+# VARIABLES
+# Relative PATH to the workdir from the script directory
+WORK_DIR_RELPATH=".."
+
+# Compute WORKDIR
+SCRIPT="$(readlink -f "$0")"
+SCRIPT_DIR="$(dirname "$SCRIPT")"
+WORK_DIR="$(readlink -f "$SCRIPT_DIR/$WORK_DIR_RELPATH")"
+
+# Update the PATH to add the arkade bin directory
+# Add the arkade binary directory to the path if missing
+case ":${PATH}:" in
+  *:"${HOME}/.arkade/bin":*) ;;
+  *) export PATH="${PATH}:${HOME}/.arkade/bin" ;;
+esac
+
+# Go to the working directory
+cd "$WORK_DIR" || exit 1
+
+# Set GIT variables
+if [ -z "$GIT_REPO" ]; then
+  export GIT_REPO="https://forgejo.mixinet.net/blogops/argocd.git"
+fi
+if [ -z "$GIT_TOKEN" ]; then
+  GIT_TOKEN="$(pass mixinet.net/argocd@forgejo/repository-write)"
+  export GIT_TOKEN
+fi
+
+argocd-autopilot repo bootstrap --provider gitea
--- a/bin/arkade-install.sh
+++ b/bin/arkade-install.sh
@ -0,0 +1,37 @@
+#!/bin/sh
+
+# TOOLS LIST
+ARKADE_APPS="argocd argocd-autopilot k3d kubectl sops tofu"
+
+# Add the arkade binary directory to the path if missing
+case ":${PATH}:" in
+  *:"${HOME}/.arkade/bin":*) ;;
+  *) export PATH="${PATH}:${HOME}/.arkade/bin" ;;
+esac
+
+# Install or update arkade
+if command -v arkade >/dev/null; then
+  echo "Trying to update the arkade application"
+  sudo arkade update
+else
+  echo "Installing the arkade application"
+  curl -sLS https://get.arkade.dev | sudo sh
+fi
+
+echo ""
+echo "Installing tools with arkade"
+echo ""
+for app in $ARKADE_APPS; do
+  app_path="$(command -v $app)" || true
+  if [ "$app_path" ]; then
+    echo "The application '$app' already available on '$app_path'"
+  else
+    arkade get "$app"
+  fi
+done
+
+cat <<EOF
+
+Add the ~/.arkade/bin directory to your PATH if tools have been installed there
+
+EOF
--- a/bin/tofu-k3d-install.sh
+++ b/bin/tofu-k3d-install.sh
@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+# VARIABLES
+# Default token for the argocd cluster
+K3D_CLUSTER_TOKEN="argocdToken"
+# Relative PATH to install the k3d cluster using terr-iaform
+K3D_TF_RELPATH="k3d-tf"
+# Secrets yaml file
+SECRETS_YAML="secrets.yaml"
+# Relative PATH to the workdir from the script directory
+WORK_DIR_RELPATH=".."
+
+# Compute WORKDIR
+SCRIPT="$(readlink -f "$0")"
+SCRIPT_DIR="$(dirname "$SCRIPT")"
+WORK_DIR="$(readlink -f "$SCRIPT_DIR/$WORK_DIR_RELPATH")"
+
+# Update the PATH to add the arkade bin directory
+# Add the arkade binary directory to the path if missing
+case ":${PATH}:" in
+  *:"${HOME}/.arkade/bin":*) ;;
+  *) export PATH="${PATH}:${HOME}/.arkade/bin" ;;
+esac
+
+# Go to the k3d-tf dir
+cd "$WORK_DIR/$K3D_TF_RELPATH" || exit 1
+
+# Create secrets.yaml file and encode it with sops if missing
+if [ ! -f "$SECRETS_YAML" ]; then
+  echo "token: $K3D_CLUSTER_TOKEN" >"$SECRETS_YAML"
+  sops encrypt -i "$SECRETS_YAML"
+fi
+
+# Initialize terraform
+tofu init
+
+# Apply the configuration
+tofu apply
--- a/bin/traefik-cert.sh
+++ b/bin/traefik-cert.sh
@ -0,0 +1,31 @@
+#!/bin/sh
+# Script to update the
+secret="localhost-mixinet-net-ingress-cert"
+cert="${1:-localhost.mixinet.net.crt}"
+key="${2:-localhost.mixinet.net.key}"
+if [ -f "$cert" ] && [ -f "$key" ]; then
+  kubectl -n kube-system create secret tls $secret \
+    --key=$key \
+    --cert=$cert \
+    --dry-run=client --save-config -o yaml  | kubectl apply -f -
+  kubectl apply -f - << EOF
+apiVersion: traefik.containo.us/v1alpha1
+kind: TLSStore
+metadata:
+  name: default
+  namespace: kube-system
+
+spec:
+  defaultCertificate:
+    secretName: $secret
+EOF
+else
+  cat <<EOF
+To add or update the traefik TLS certificate the following files are needed:
+
+- cert: '$cert'
+- key: '$key'
+
+Note: you can pass the paths as arguments to this script.
+EOF
+fi
--- a/k3d-tf/.gitignore
+++ b/k3d-tf/.gitignore
@ -0,0 +1,3 @@
+.terraform*
+secrets.yaml
+terraform.tfstate*
--- a/k3d-tf/main.tf
+++ b/k3d-tf/main.tf
@ -0,0 +1,48 @@
+terraform {
+  required_providers {
+    k3d = {
+      source  = "moio/k3d"
+      version = "0.0.12"
+    }
+    sops = {
+      source = "carlpett/sops"
+      version = "1.2.0"
+    }
+  }
+}
+
+data "sops_file" "secrets" {
+    source_file = "secrets.yaml"
+}
+
+resource "k3d_cluster" "argocd_cluster" {
+  name    = "argocd"
+  servers = 1
+  agents  = 2
+
+  image   = "rancher/k3s:v1.31.5-k3s1"
+  network = "argocd"
+  token   = data.sops_file.secrets.data["token"]
+
+  port {
+    host_port      = 8443
+    container_port = 443
+    node_filters = [
+      "loadbalancer",
+    ]
+  }
+
+  k3d {
+    disable_load_balancer     = false
+    disable_image_volume      = false
+  }
+
+  kubeconfig {
+    update_default_kubeconfig = true
+    switch_current_context    = true
+  }
+
+  runtime {
+    gpu_request = "all"
+  }
+}