diff options
Diffstat (limited to 'astroshop-platform')
| -rw-r--r-- | astroshop-platform/README.md | 397 | ||||
| -rw-r--r-- | astroshop-platform/argocd-applicationset.yaml | 270 |
2 files changed, 667 insertions, 0 deletions
diff --git a/astroshop-platform/README.md b/astroshop-platform/README.md new file mode 100644 index 0000000..e45e3c1 --- /dev/null +++ b/astroshop-platform/README.md @@ -0,0 +1,397 @@ +# Astroshop ArgoCD ApplicationSet + +This repository contains the ArgoCD ApplicationSet configuration for deploying the Astroshop microservices application across multiple environments (Dev, QA, and Production). + +## Overview + +The ApplicationSet automatically generates and manages ArgoCD Applications for all Astroshop services across three environments, creating a total of **57 applications** (19 services × 3 environments). + +### Services Deployed + +The following microservices are deployed: + +- `accounting` +- `ad` +- `cart` +- `checkout` +- `currency` +- `email` +- `flagd` +- `fraud-detection` +- `frontend` +- `frontendproxy` +- `imageprovider` +- `kafka` +- `loadgenerator` +- `payment` +- `productcatalog` +- `quote` +- `recommendation` +- `shipping` +- `valkey` + +## Architecture + +### Environment Configuration + +| Environment | Namespace | Values File | Sync Policy | Purpose | +|------------|-----------|-------------|-------------|---------| +| **Dev** | `astroshop-dev` | `values.yaml` | Automated | Development and testing | +| **QA** | `astroshop-qa` | `values-qa.yaml` | Automated | Quality assurance and staging | +| **Prod** | `astroshop-prod` | `values-prod.yaml` | Manual | Production workloads | + +### Repository Structure + +``` +astroshop-helm/ +├── accounting/ +│ ├── Chart.yaml +│ ├── values.yaml +│ ├── values-qa.yaml +│ ├── values-prod.yaml +│ └── templates/ +├── ad/ +│ ├── Chart.yaml +│ ├── values.yaml +│ ├── values-qa.yaml +│ └── values-prod.yaml +├── ... +└── [other services] +``` + +## Prerequisites + +- ArgoCD installed and running (v2.8+) +- Kubernetes cluster with appropriate RBAC permissions +- Access to GitOps repository: `https://git.draconyan.xyz/Astroshop-Gitops` +- kubectl CLI configured + +## Installation + +### 1. Apply the ApplicationSet + +```bash +kubectl apply -f argocd-applicationset.yaml +``` + +### 2. Verify ApplicationSet Creation + +```bash +# Check ApplicationSet +kubectl get applicationset -n argocd astroshop-services + +# View all generated applications +kubectl get applications -n argocd -l app.kubernetes.io/part-of=astroshop +``` + +### 3. Check Application Status + +```bash +# View applications by environment +kubectl get applications -n argocd -l environment=dev +kubectl get applications -n argocd -l environment=qa +kubectl get applications -n argocd -l environment=prod + +# Get detailed status of a specific application +kubectl describe application astroshop-productcatalog-dev -n argocd +``` + +## Configuration + +### AppProjects + +Three dedicated ArgoCD Projects are created: + +#### astroshop-dev +- **Purpose**: Development environment +- **Sync**: Fully automated +- **Allowed Resources**: All namespaced resources +- **Destination**: `astroshop-dev` namespace + +#### astroshop-qa +- **Purpose**: QA/Staging environment +- **Sync**: Fully automated +- **Allowed Resources**: All namespaced resources +- **Destination**: `astroshop-qa` namespace + +#### astroshop-prod +- **Purpose**: Production environment +- **Sync**: Manual approval required +- **Sync Window**: Weekdays 10:00-18:00 only +- **Allowed Resources**: All namespaced resources +- **Destination**: `astroshop-prod` namespace + +### Sync Policies + +#### Dev & QA Environments +```yaml +syncPolicy: + automated: + prune: true # Auto-delete resources not in Git + selfHeal: true # Auto-sync on drift detection + syncOptions: + - CreateNamespace=true + retry: + limit: 5 + backoff: + duration: 5s + factor: 2 + maxDuration: 3m +``` + +#### Production Environment +```yaml +syncPolicy: + automated: + prune: false # Manual deletion required + selfHeal: false # Manual sync required +``` + +## Operations + +### Viewing Applications in ArgoCD UI + +1. Access ArgoCD UI: `https://argocd.yourdomain.com` +2. Filter by labels: + - `environment=dev|qa|prod` + - `app.kubernetes.io/part-of=astroshop` + - `service=<service-name>` + +### Manual Sync (Production) + +```bash +# Sync a specific production application +argocd app sync astroshop-productcatalog-prod + +# Sync all production applications +argocd app sync -l environment=prod + +# Sync with dry-run +argocd app sync astroshop-productcatalog-prod --dry-run +``` + +### Refresh Applications + +```bash +# Hard refresh (force Git pull) +argocd app get astroshop-productcatalog-dev --hard-refresh + +# Refresh all dev applications +argocd app get -l environment=dev --refresh +``` + +### Rollback + +```bash +# List application history +argocd app history astroshop-productcatalog-prod + +# Rollback to specific revision +argocd app rollback astroshop-productcatalog-prod <revision-id> +``` + +## Customization + +### Adding a New Service + +1. Create Helm chart in `astroshop-helm/<service-name>/` +2. Add service to the ApplicationSet generator list: + +```yaml +- list: + elements: + - service: newservice + port: 8080 +``` + +3. Commit and push changes +4. ApplicationSet will automatically create 3 new applications + +### Modifying Environment Configuration + +Edit the environment generator in the ApplicationSet: + +```yaml +- list: + elements: + - env: dev + namespace: astroshop-dev + valuesFile: values.yaml + syncPolicy: automated + # ... modify settings +``` + +### Changing Sync Windows (Production) + +Edit the `astroshop-prod` AppProject: + +```yaml +syncWindows: + - kind: allow + schedule: '0 10-18 * * 1-5' # Cron format + duration: 8h + manualSync: true +``` + +## Monitoring and Notifications + +### Slack Notifications + +The ApplicationSet includes Slack notification annotations: + +```yaml +annotations: + notifications.argoproj.io/subscribe.on-sync-succeeded.slack: astroshop-deployments + notifications.argoproj.io/subscribe.on-sync-failed.slack: astroshop-alerts +``` + +**Setup Required:** +1. Configure ArgoCD Notifications controller +2. Update channel names in the ApplicationSet +3. Configure Slack integration in ArgoCD + +### Health Checks + +Applications inherit health checks from their Helm charts. Monitor via: + +```bash +# Check application health +argocd app get astroshop-productcatalog-prod + +# Check sync status +argocd app list -l environment=prod +``` + +## Troubleshooting + +### Application Not Syncing + +```bash +# Check application details +kubectl describe application astroshop-<service>-<env> -n argocd + +# Check sync status +argocd app get astroshop-<service>-<env> + +# View sync errors +argocd app sync astroshop-<service>-<env> --dry-run +``` + +### ApplicationSet Not Generating Apps + +```bash +# Check ApplicationSet logs +kubectl logs -n argocd -l app.kubernetes.io/name=argocd-applicationset-controller + +# Verify ApplicationSet status +kubectl get applicationset astroshop-services -n argocd -o yaml +``` + +### Git Repository Access Issues + +```bash +# Test repository connectivity +argocd repo get https://git.draconyan.xyz/Astroshop-Gitops + +# Add repository if missing +argocd repo add https://git.draconyan.xyz/Astroshop-Gitops \ + --username <username> \ + --password <token> +``` + +### Permission Issues + +```bash +# Check AppProject permissions +kubectl get appproject astroshop-dev -n argocd -o yaml + +# Verify RBAC +kubectl auth can-i create deployment --namespace=astroshop-dev +``` + +## Labels and Selectors + +All applications are labeled with: + +| Label | Description | Example | +|-------|-------------|---------| +| `app.kubernetes.io/name` | Service name | `productcatalog` | +| `app.kubernetes.io/instance` | Environment instance | `astroshop-dev` | +| `app.kubernetes.io/part-of` | Application suite | `astroshop` | +| `environment` | Environment name | `prod` | +| `service` | Service identifier | `productcatalog` | + +### Useful Label Selectors + +```bash +# Get all dev applications +kubectl get applications -n argocd -l environment=dev + +# Get specific service across all environments +kubectl get applications -n argocd -l service=productcatalog + +# Get all applications for a specific instance +kubectl get applications -n argocd -l app.kubernetes.io/instance=astroshop-prod +``` + +## Best Practices + +### Development Workflow + +1. **Make Changes**: Update Helm values or charts in feature branch +2. **Test in Dev**: Changes auto-sync to dev environment +3. **Promote to QA**: Merge to main, QA auto-syncs +4. **Deploy to Prod**: Manual sync after approval + +### Production Deployments + +1. **Review Changes**: Check Git diff before syncing +2. **Use Dry Run**: Verify changes with `--dry-run` flag +3. **Sync During Windows**: Deploy during business hours only +4. **Monitor Health**: Watch application health post-deployment +5. **Keep Rollback Ready**: Know the previous revision number + +### Security Considerations + +- Production requires manual sync approval +- Sync windows restrict deployment times +- RBAC controls access to each environment +- Git repository access via tokens (not passwords) +- Separate AppProjects per environment + +## Advanced Features + +### Ignore Differences + +The ApplicationSet ignores replica count differences (useful for HPA): + +```yaml +ignoreDifferences: + - group: apps + kind: Deployment + jsonPointers: + - /spec/replicas +``` + +### Orphaned Resources + +Orphaned resources are tracked but not automatically deleted: + +```yaml +orphanedResources: + warn: true # Warn but don't delete +``` + +### Revision History + +Limited to 3 revisions per application: + +```yaml +revisionHistoryLimit: 3 +``` + +## Resources + +- [ArgoCD Documentation](https://argo-cd.readthedocs.io/) +- [ApplicationSet Documentation](https://argo-cd.readthedocs.io/en/stable/user-guide/application-set/) +- [GitOps Best Practices](https://www.gitops.tech/) diff --git a/astroshop-platform/argocd-applicationset.yaml b/astroshop-platform/argocd-applicationset.yaml new file mode 100644 index 0000000..28ec579 --- /dev/null +++ b/astroshop-platform/argocd-applicationset.yaml @@ -0,0 +1,270 @@ +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: astroshop-services + namespace: argocd + labels: + app.kubernetes.io/name: astroshop + app.kubernetes.io/component: applicationset +spec: + goTemplate: true + goTemplateOptions: ["missingkey=error"] + generators: + - matrix: + generators: + # Environment generator + - list: + elements: + - env: dev + namespace: astroshop-dev + repoURL: https://git.draconyan.xyz/Astroshop-Gitops + targetRevision: main + valuesFile: values.yaml + syncPolicy: automated + project: astroshop-dev + clusterName: in-cluster + + - env: qa + namespace: astroshop-qa + repoURL: https://git.draconyan.xyz/Astroshop-Gitops + targetRevision: main + valuesFile: values-qa.yaml + syncPolicy: automated + project: astroshop-qa + clusterName: in-cluster + + - env: prod + namespace: astroshop-prod + repoURL: https://git.draconyan.xyz/Astroshop-Gitops + targetRevision: main + valuesFile: values-prod.yaml + syncPolicy: manual + project: astroshop-prod + clusterName: in-cluster + + # Services generator + - list: + elements: + - service: accounting + port: 8080 + - service: ad + port: 8080 + - service: cart + port: 8080 + - service: checkout + port: 8080 + - service: currency + port: 8080 + - service: email + port: 8080 + - service: flagd + port: 8013 + - service: fraud-detection + port: 8080 + - service: frontend + port: 8080 + - service: frontendproxy + port: 8080 + - service: imageprovider + port: 8080 + - service: kafka + port: 9092 + - service: loadgenerator + port: 8080 + - service: payment + port: 8080 + - service: productcatalog + port: 8080 + - service: quote + port: 8080 + - service: recommendation + port: 8080 + - service: shipping + port: 8080 + - service: valkey + port: 6379 + + template: + metadata: + name: 'astroshop-{{.service}}-{{.env}}' + labels: + app.kubernetes.io/name: '{{.service}}' + app.kubernetes.io/instance: 'astroshop-{{.env}}' + app.kubernetes.io/part-of: astroshop + app.kubernetes.io/managed-by: argocd + environment: '{{.env}}' + service: '{{.service}}' + annotations: + notifications.argoproj.io/subscribe.on-sync-succeeded.slack: astroshop-deployments + notifications.argoproj.io/subscribe.on-sync-failed.slack: astroshop-alerts + argocd.argoproj.io/manifest-generate-paths: . + spec: + project: '{{.project}}' + + source: + repoURL: '{{.repoURL}}' + targetRevision: '{{.targetRevision}}' + path: 'astroshop-helm/{{.service}}' + helm: + valueFiles: + - '{{.valuesFile}}' + parameters: + - name: namespace + value: '{{.namespace}}' + - name: environment + value: '{{.env}}' + + destination: + server: 'https://kubernetes.default.svc' + namespace: '{{.namespace}}' + + syncPolicy: + automated: + prune: '{{if eq .syncPolicy "automated"}}true{{else}}false{{end}}' + selfHeal: '{{if eq .syncPolicy "automated"}}true{{else}}false{{end}}' + allowEmpty: false + syncOptions: + - CreateNamespace=true + - PrunePropagationPolicy=foreground + - PruneLast=true + - RespectIgnoreDifferences=true + retry: + limit: 5 + backoff: + duration: 5s + factor: 2 + maxDuration: 3m + + revisionHistoryLimit: 3 + + ignoreDifferences: + - group: apps + kind: Deployment + jsonPointers: + - /spec/replicas + +--- +apiVersion: argoproj.io/v1alpha1 +kind: AppProject +metadata: + name: astroshop-dev + namespace: argocd + labels: + environment: dev +spec: + description: Astroshop Development Environment + sourceRepos: + - 'https://git.draconyan.xyz/Astroshop-Gitops' + destinations: + - namespace: 'astroshop-dev' + server: 'https://kubernetes.default.svc' + - namespace: 'opentelemetry-demo' + server: 'https://kubernetes.default.svc' + clusterResourceWhitelist: + - group: '' + kind: Namespace + - group: 'rbac.authorization.k8s.io' + kind: ClusterRole + - group: 'rbac.authorization.k8s.io' + kind: ClusterRoleBinding + namespaceResourceWhitelist: + - group: '*' + kind: '*' + orphanedResources: + warn: true + +--- +apiVersion: argoproj.io/v1alpha1 +kind: AppProject +metadata: + name: astroshop-qa + namespace: argocd + labels: + environment: qa +spec: + description: Astroshop QA Environment + sourceRepos: + - 'https://git.draconyan.xyz/Astroshop-Gitops' + destinations: + - namespace: 'astroshop-qa' + server: 'https://kubernetes.default.svc' + - namespace: 'opentelemetry-demo' + server: 'https://kubernetes.default.svc' + clusterResourceWhitelist: + - group: '' + kind: Namespace + - group: 'rbac.authorization.k8s.io' + kind: ClusterRole + - group: 'rbac.authorization.k8s.io' + kind: ClusterRoleBinding + namespaceResourceWhitelist: + - group: '*' + kind: '*' + orphanedResources: + warn: true + +--- +apiVersion: argoproj.io/v1alpha1 +kind: AppProject +metadata: + name: astroshop-prod + namespace: argocd + labels: + environment: prod +spec: + description: Astroshop Production Environment + sourceRepos: + - 'https://git.draconyan.xyz/Astroshop-Gitops' + destinations: + - namespace: 'astroshop-prod' + server: 'https://kubernetes.default.svc' + - namespace: 'opentelemetry-demo' + server: 'https://kubernetes.default.svc' + clusterResourceWhitelist: + - group: '' + kind: Namespace + - group: 'rbac.authorization.k8s.io' + kind: ClusterRole + - group: 'rbac.authorization.k8s.io' + kind: ClusterRoleBinding + namespaceResourceWhitelist: + - group: '*' + kind: '*' + orphanedResources: + warn: true + # Production requires manual approval + syncWindows: + - kind: allow + schedule: '0 10-18 * * 1-5' # Only allow sync during business hours on weekdays + duration: 8h + applications: + - '*' + manualSync: true + +--- +# Optional: Create namespaces beforehand or enable create-namespaces:true +apiVersion: v1 +kind: Namespace +metadata: + name: astroshop-dev + labels: + environment: dev + app.kubernetes.io/part-of: astroshop + +--- +apiVersion: v1 +kind: Namespace +metadata: + name: astroshop-qa + labels: + environment: qa + app.kubernetes.io/part-of: astroshop + +--- +apiVersion: v1 +kind: Namespace +metadata: + name: astroshop-prod + labels: + environment: prod + app.kubernetes.io/part-of: astroshop |