Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: migrate GCP account and update cluster #28

Merged
merged 64 commits into from
Mar 4, 2024
Merged

feat: migrate GCP account and update cluster #28

merged 64 commits into from
Mar 4, 2024

Conversation

agaudreault
Copy link
Member

@agaudreault agaudreault commented Feb 27, 2024
edited
Loading

This PR migrates the stack the cluster to a new GCP account.

Current account owners: @leoluz and @agaudreault

Changes:

  • Add infrastructure as code for the GCP account
  • Update several apps
  • Remove jenkins app
  • Add external-dns to manage the new apps.argoproj.io zone.

Future work

  • Some configurations are added manually, mostly secrets (Manage secrets as code #29)
    • Use SealedSecrets to manage the secrets as code
  • argoproj.io DNS zones need to be migrated to the new GCP account and added to the infra as code. (Infra: Manage all DNS zones in argoproj.io #30)
    • Need to move all records outside of apps.argoproj.io, and ultimately infrastructure serving it.
    • The domain needs to be configured accordingly. This will require more sync with the CNCF
  • Current admin team config from argoproj is outdated so admin cannot login with the Github auth. (Cannot login as admin for CD and Workflow #31)
  • Applications are applied manually in the cluster. (Use Apps-of-Apps pattern to manage cluster #32)
    • The apps-of-apps pattern could be used
  • Infrastructure as code has a user-access module to explicitly define the permissions. This gives permissions to users based on their personal gmail. Some concerns have been raised about having this information in the code. (Infra: manage cluster access from an external data source #33)
    • Use a data source that will hold the users emails or use google groups
  • Migrate all other resources and delete old project (Migrate all resources out of old GCP account #34)
    • Before deleting the old GCP project, all resources needs to be migrated to the infra as code
  • CI pipeline to detect terraform change
  • Add more documentation on how to maintain/update the infrastructure and the different components
  • Need to update codeowners to review infrastructure changes
    • Create a github team?

@agaudreault
add gcp infra for remote-state and user access
4e424a8 
Signed-off-by: Alexandre Gaudreault <[email protected]>
@agaudreault
add gke and networking
61d44a2 
Signed-off-by: Alexandre Gaudreault <[email protected]>
@agaudreault
update cert-manager
2241150 
Signed-off-by: Alexandre Gaudreault <[email protected]>
@agaudreault
update ingress to use ingressClassName
23844a5 
Signed-off-by: Alexandre Gaudreault <[email protected]>
@agaudreault
kustomize fix
fc5d325 
Signed-off-by: Alexandre Gaudreault <[email protected]>
@agaudreault
add dns and external-dns
1b7b10d 
Signed-off-by: Alexandre Gaudreault <[email protected]>
@agaudreault
info logs
67b7702 
Signed-off-by: Alexandre Gaudreault <[email protected]>
@agaudreault
add external-dns to argo
1ab8075 
Signed-off-by: Alexandre Gaudreault <[email protected]>
@agaudreault
fix Jenkins sync
c8f0f81 
Signed-off-by: Alexandre Gaudreault <[email protected]>
@agaudreault
update jenkins to v2
699f93d 
Signed-off-by: Alexandre Gaudreault <[email protected]>
@agaudreault
update cert-manager resources
3b0846d 
Signed-off-by: Alexandre Gaudreault <[email protected]>
@agaudreault
missing one
926aec1 
Signed-off-by: Alexandre Gaudreault <[email protected]>
@agaudreault
update prometheus
d4d452f 
Signed-off-by: Alexandre Gaudreault <[email protected]>
@agaudreault
update upstream
91fe246 
Signed-off-by: Alexandre Gaudreault <[email protected]>
@agaudreault
fix prometheus sync crds
7e8242b 
Signed-off-by: Alexandre Gaudreault <[email protected]>
@agaudreault
update istio
746e47a 
Signed-off-by: Alexandre Gaudreault <[email protected]>
@agaudreault
fix governor
73ca49d 
Signed-off-by: Alexandre Gaudreault <[email protected]>
@agaudreault
fix cert-manager
e870b12 
Signed-off-by: Alexandre Gaudreault <[email protected]>
@agaudreault
update rollout
97ca9ae 
Signed-off-by: Alexandre Gaudreault <[email protected]>
@agaudreault
fix ingress and use less resources
8f6f1f7 
Signed-off-by: Alexandre Gaudreault <[email protected]>
@agaudreault
remove Jenkins
ac7a53d 
Signed-off-by: Alexandre Gaudreault <[email protected]>
@agaudreault
update governor image
ad21bd8 
Signed-off-by: Alexandre Gaudreault <[email protected]>
@agaudreault
refactor argo-events
ee1eef9 
Signed-off-by: Alexandre Gaudreault <[email protected]>
@agaudreault
update dex to newer version
448c8e6 
Signed-off-by: Alexandre Gaudreault <[email protected]>
@agaudreault
fix cert-manager wrong namespace
dfb57d6 
Signed-off-by: Alexandre Gaudreault <[email protected]>
@agaudreault
prometheus deployment doc
295a1b4 
Signed-off-by: Alexandre Gaudreault <[email protected]>
@agaudreault
update issuer email
2c56a52 
Signed-off-by: Alexandre Gaudreault <[email protected]>
@agaudreault
add dex config
b3fd23a 
Signed-off-by: Alexandre Gaudreault <[email protected]>
@agaudreault
dex docs
f94a408 
Signed-off-by: Alexandre Gaudreault <[email protected]>
@agaudreault
dns setup
4197a5a 
Signed-off-by: Alexandre Gaudreault <[email protected]>
@agaudreault
dex HA-er
c94542d 
Signed-off-by: Alexandre Gaudreault <[email protected]>
@agaudreault
add service account token for workflow
e67aa0d 
Signed-off-by: Alexandre Gaudreault <[email protected]>
@agaudreault
fix kustomize for workflow
fcf4647 
Signed-off-by: Alexandre Gaudreault <[email protected]>
@agaudreault
dex would need a shared state to be HA
0726ec6 
Signed-off-by: Alexandre Gaudreault <[email protected]>
@agaudreault
add missing default token for workflows rbac
f284089 
Signed-off-by: Alexandre Gaudreault <[email protected]>
@agaudreault
typo
865077b 
Signed-off-by: Alexandre Gaudreault <[email protected]>
@agaudreault
use another sa as default login
586429c 
Signed-off-by: Alexandre Gaudreault <[email protected]>
@agaudreault
workflow: add real read-only role
bb7d9f4 
Signed-off-by: Alexandre Gaudreault <[email protected]>
@agaudreault
split workflows in 2 folder to make it easier to follow
bc03601 
Signed-off-by: Alexandre Gaudreault <[email protected]>
@agaudreault
use proper namespace
ada757b 
Signed-off-by: Alexandre Gaudreault <[email protected]>
@agaudreault
fix
81515fd 
Signed-off-by: Alexandre Gaudreault <[email protected]>
@agaudreault
workflow split namespace
ac08bfb 
Signed-off-by: Alexandre Gaudreault <[email protected]>
@agaudreault
switch to clusterRole for multi-ns binding
e15683f 
Signed-off-by: Alexandre Gaudreault <[email protected]>
@agaudreault
move sa to playground ns
f383c14 
Signed-off-by: Alexandre Gaudreault <[email protected]>
@agaudreault
update binding
f5fae49 
Signed-off-by: Alexandre Gaudreault <[email protected]>
@agaudreault
workflow token not necessary
d3fbd92 
Signed-off-by: Alexandre Gaudreault <[email protected]>
@agaudreault
move artifact config in ns
254c712 
Signed-off-by: Alexandre Gaudreault <[email protected]>
@agaudreault
move auth to managed namespace... weird
2191faf 
Signed-off-by: Alexandre Gaudreault <[email protected]>
@agaudreault
move events to playground. does not seem to support split controller
8936788 
Signed-off-by: Alexandre Gaudreault <[email protected]>
@agaudreault
manifest have namespace hardcoded
a28e01f 
Signed-off-by: Alexandre Gaudreault <[email protected]>
@agaudreault
base apps
306872e 
Signed-off-by: Alexandre Gaudreault <[email protected]>
@agaudreault
reorder
8e05457 
Signed-off-by: Alexandre Gaudreault <[email protected]>
leoluz
leoluz requested changes Mar 1, 2024
View reviewed changes
Copy link
Contributor

@leoluz leoluz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please check my comments.

infrastructure/terraform/README.md Outdated Show resolved Hide resolved
.github/CODEOWNERS Outdated
Comment on lines 1 to 4
# Infrastructure
/infrastructure/ @agaudreault @leoluz
/argocd/overlays/production/argocd-rbac-cm.yaml @agaudreault @leoluz
/external-dns/values.yaml @agaudreault @leoluz
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should probably remove this for now until we decide how the ownership is going to be defined for the repo.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 I commented it for now to keep track of infrastructure related files.

infrastructure/terraform/README.md Outdated Show resolved Hide resolved
infrastructure/terraform/README.md Outdated Show resolved Hide resolved
infrastructure/terraform/README.md Outdated Show resolved Hide resolved
infrastructure/terraform/gcp/gke/README.md Outdated Show resolved Hide resolved
infrastructure/terraform/gcp/gke/README.md Outdated Show resolved Hide resolved
This was referenced Mar 1, 2024
Open
Open
@agaudreault
Update docs & code review
fdb1976 
Signed-off-by: Alexandre Gaudreault <[email protected]>
@agaudreault agaudreault requested a review from leoluz March 4, 2024 20:35
leoluz
leoluz approved these changes Mar 4, 2024
View reviewed changes
Copy link
Contributor

@leoluz leoluz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@leoluz leoluz merged commit f06dea5 into argoproj:master Mar 4, 2024
1 check passed
@tooptoop4
Copy link

@leoluz @agaudreault https://workflows.apps.argoproj.io/workflows/argo still no bueno

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@leoluz leoluz leoluz approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@agaudreault @tooptoop4 @leoluz