-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Example of AWS CodeCommit as a repository for ArgoCD workloads #1509
Conversation
…repository for ArgoCD workloads
Fix typos
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good start, see the feedback provided
@@ -0,0 +1,170 @@ | |||
# EKS Cluster with ArgoCD and Workloads in private AWS CodeCommit repository | |||
|
|||
This example shows how to provision an EKS cluster with: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Lets add in why this pattern is useful to users - what would be the primary motivation to use CodeCommit, why any additional steps are necessary to integrate with CodeCommit, etc.
#--------------------------------------------------------------- | ||
# ARGOCD WORKLOAD APPLICATION | ||
#--------------------------------------------------------------- | ||
# workload_repo = "https://github.com/aws-samples/eks-blueprints-workloads.git" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't quite follow what is happening here - what should users do, what sequence of events, etc.
workload_repo = aws_codecommit_repository.workloads_repo_cc.clone_url_http | ||
``` | ||
|
||
Update main.tf and enable workloads and addons (if not enabled yet). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why do they need to change this, shouldn't this just be set in the pattern/example?
- Configure kubectl using output | ||
|
||
```sh | ||
terraform output configure_kubectl |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Copy boiler plate text from other examples - this looks a bit different here
- Clone [EKS Blueprints Workloads Repo](https://github.com/aws-samples/eks-blueprints-workloads) from Github to AWS CodeCommit (clone2cc.sh) | ||
|
||
```sh | ||
pushd ../../../.. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- Why do we need to go up to root?
- We should ensure any local copies are cleaned up
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- Why only copy over the workloads repo? What about the repository where the Terraform code is defined (i.e. - eks-blueprints), and the repository where the ArgoCD manifests are located (i.e. - eks-addons)?
user_name = aws_iam_user.argocd_user.name | ||
} | ||
|
||
resource "aws_iam_user_policy" "argocd_user_codecommit_ro" { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
switch this to create an standalone policy and not an inline policy
] | ||
} | ||
|
||
resource "kubectl_manifest" "repo_creds_platform_https" { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Lets switch this to create a secret in SecretManager and use external secrets to pull
trigger { | ||
name = "all" | ||
events = ["all"] | ||
custom_data = var.argocd_url |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
map output here to replace variable which will map an implicit dependency (i.e. - can then remove the depends_on)
}) | ||
} | ||
|
||
resource "aws_iam_role" "iam_for_lambda" { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All of the lambda resources can be removed - not required for this example, ArgoCD will sync
@@ -0,0 +1,98 @@ | |||
resource "aws_codecommit_repository" "workloads_repo_cc" { | |||
repository_name = "eks-blueprints-workloads-cc" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this would be a good local variable
This PR has been automatically marked as stale because it has been open 30 days |
Pull request closed due to inactivity. |
What does this PR do?
Create AWS Codecommit repository
Copy sample workloads repository from Github and push to AWS Codecommit
Create AWS Codecommit credentials and configure ArgoCD to use them via Secret to access AWS Codecommit repository
Create AWS Codecommit trigger to execute AWS Lambda function to call ArgoCD webhook
Motivation
More
pre-commit run -a
with this PRFor Moderators
Additional Notes