zhongwei/gh-ahmedasmar-devops-claude-skills-gitops-workflows
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Zhongwei Li
2025-11-29 17:51:15 +08:00
commit a91d4d5a1c
25 changed files with 4094 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
assets/applicationsets/cluster-generator.yaml Normal file
View File

@@ -0,0 +1,32 @@
# ApplicationSet with Cluster Generator
# Automatically deploys to all clusters matching label selector
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: cluster-apps
namespace: argocd
spec:
goTemplate: true
generators:
- cluster:
selector:
matchLabels:
environment: production
template:
metadata:
name: '{{.name}}-guestbook'
spec:
project: default
source:
repoURL: https://github.com/argoproj/argocd-example-apps
targetRevision: HEAD
path: guestbook
destination:
server: '{{.server}}'
namespace: guestbook
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

92
assets/argocd/install-argocd-3.x.yaml Normal file
View File

@@ -0,0 +1,92 @@
# ArgoCD 3.x Installation with best practices
# Updated for ArgoCD v3.1+
apiVersion: v1
kind: Namespace
metadata:
name: argocd
---
# Install ArgoCD using official manifests
# kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v3.1.9/manifests/install.yaml
# Configuration with ArgoCD 3.x best practices
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-cmd-params-cm
namespace: argocd
data:
# Enable fine-grained RBAC (ArgoCD 3.0+)
server.enable.gzip: "true"
# Resource exclusions (default in 3.x)
resource.exclusions: |
- apiGroups:
- ""
kinds:
- Endpoints
- EndpointSlice
clusters:
- "*"
---
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-cm
namespace: argocd
data:
# Annotation-based tracking (default in ArgoCD 3.x)
application.resourceTrackingMethod: annotation
# Resource exclusions for performance
resource.exclusions: |
- apiGroups:
- "*"
kinds:
- Lease
clusters:
- "*"
---
# Expose ArgoCD Server (choose one method)
# Option 1: LoadBalancer
apiVersion: v1
kind: Service
metadata:
name: argocd-server-lb
namespace: argocd
spec:
type: LoadBalancer
ports:
- port: 80
targetPort: 8080
protocol: TCP
selector:
app.kubernetes.io/name: argocd-server
# Option 2: Ingress (recommended)
# ---
# apiVersion: networking.k8s.io/v1
# kind: Ingress
# metadata:
# name: argocd-server-ingress
# namespace: argocd
# annotations:
# cert-manager.io/cluster-issuer: letsencrypt-prod
# nginx.ingress.kubernetes.io/ssl-passthrough: "true"
# nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
# spec:
# ingressClassName: nginx
# rules:
# - host: argocd.example.com
# http:
# paths:
# - path: /
# pathType: Prefix
# backend:
# service:
# name: argocd-server
# port:
# number: 443
# tls:
# - hosts:
# - argocd.example.com
# secretName: argocd-server-tls

49
assets/flux/flux-bootstrap-github.sh Normal file
View File

@@ -0,0 +1,49 @@
#!/bin/bash
# Flux 2.7+ Bootstrap Script for GitHub
set -e
# Configuration
GITHUB_USER="${GITHUB_USER:-your-org}"
GITHUB_REPO="${GITHUB_REPO:-fleet-infra}"
GITHUB_TOKEN="${GITHUB_TOKEN:-}"
CLUSTER_NAME="${CLUSTER_NAME:-production}"
CLUSTER_PATH="clusters/${CLUSTER_NAME}"
# Check prerequisites
command -v flux >/dev/null 2>&1 || { echo "flux CLI required"; exit 1; }
command -v kubectl >/dev/null 2>&1 || { echo "kubectl required"; exit 1; }
# Check GitHub token
if [ -z "$GITHUB_TOKEN" ]; then
echo "Error: GITHUB_TOKEN environment variable not set"
exit 1
fi
# Bootstrap Flux
echo "🚀 Bootstrapping Flux for cluster: $CLUSTER_NAME"
flux bootstrap github \
--owner="$GITHUB_USER" \
--repository="$GITHUB_REPO" \
--branch=main \
--path="$CLUSTER_PATH" \
--personal \
--token-auth
# Enable source-watcher (Flux 2.7+)
echo "✨ Enabling source-watcher component..."
flux install --components-extra=source-watcher
# Verify installation
echo "✅ Verifying Flux installation..."
flux check
echo "
✅ Flux bootstrapped successfully!
Next steps:
1. Add your applications to ${CLUSTER_PATH}/apps/
2. Commit and push to trigger Flux reconciliation
3. Monitor with: flux get all
"

38
assets/flux/oci-helmrelease.yaml Normal file
View File

@@ -0,0 +1,38 @@
# Flux OCI Repository + HelmRelease (Flux 2.6+)
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: OCIRepository
metadata:
name: podinfo-oci
namespace: flux-system
spec:
interval: 5m
url: oci://ghcr.io/stefanprodan/charts/podinfo
ref:
semver: ">=6.0.0"
verify:
provider: cosign
secretRef:
name: cosign-public-key
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: podinfo
namespace: default
spec:
interval: 10m
chart:
spec:
chart: podinfo
sourceRef:
kind: OCIRepository
name: podinfo-oci
namespace: flux-system
values:
replicaCount: 2
resources:
limits:
memory: 256Mi
requests:
cpu: 100m
memory: 64Mi

62
assets/progressive-delivery/argo-rollouts-canary.yaml Normal file
View File

@@ -0,0 +1,62 @@
# Argo Rollouts Canary Deployment with Analysis
apiVersion: argoproj.io/v1alpha1
kind: Rollout
metadata:
name: my-app
spec:
replicas: 5
strategy:
canary:
steps:
- setWeight: 20
- pause: {duration: 2m}
- setWeight: 40
- pause: {duration: 2m}
- setWeight: 60
- pause: {duration: 2m}
- setWeight: 80
- pause: {duration: 2m}
analysis:
templates:
- templateName: success-rate
startingStep: 2
args:
- name: service-name
value: my-app
selector:
matchLabels:
app: my-app
template:
metadata:
labels:
app: my-app
spec:
containers:
- name: my-app
image: myapp:v2.0.0
ports:
- containerPort: 8080
---
# Analysis Template using Prometheus
apiVersion: argoproj.io/v1alpha1
kind: AnalysisTemplate
metadata:
name: success-rate
spec:
args:
- name: service-name
metrics:
- name: success-rate
interval: 1m
successCondition: result[0] >= 0.95
failureLimit: 3
provider:
prometheus:
address: http://prometheus.monitoring:9090
query: |
sum(rate(
http_requests_total{job="{{args.service-name}}",status!~"5.."}[2m]
)) /
sum(rate(
http_requests_total{job="{{args.service-name}}"}[2m]
))