Initial commit

commands/k8s-setup-gitops.md

@@ -0,0 +1,342 @@
+---
+description: Setup GitOps CI/CD with ArgoCD or Flux
+argument-hint: Optional GitOps tool preference
+---
+
+# GitOps CI/CD Setup
+
+You are setting up GitOps-based continuous deployment using the k8s-cicd-engineer agent.
+
+## Workflow
+
+### 1. Choose GitOps Tool
+
+If not specified, help user choose:
+
+**ArgoCD** - Best for:
+- UI-driven workflows
+- Multi-cluster management
+- RBAC and SSO integration
+- Helm and Kustomize support
+
+**Flux** - Best for:
+- Pure GitOps (no UI needed)
+- Kubernetes-native resources
+- Helm controller integration
+- Multi-tenancy
+
+### 2. Gather Requirements
+
+Ask for:
+- **Git repository**:
+  - Repository URL
+  - Branch strategy (main, env branches, or directories)
+  - Authentication method (SSH key, token)
+- **Applications**:
+  - List of applications to manage
+  - Manifest locations in repo
+  - Dependencies between apps
+- **Environments**:
+  - dev, staging, production
+  - Separate clusters or namespaces
+- **Sync policy**:
+  - Automatic or manual sync
+  - Auto-pruning resources
+  - Self-healing enabled
+- **Progressive delivery**:
+  - Canary deployments
+  - Blue-green deployments
+  - Flagger integration
+
+### 3. Install GitOps Tool
+
+Launch **k8s-cicd-engineer** to install:
+
+**For ArgoCD**:
+```bash
+kubectl create namespace argocd
+kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
+```
+
+**For Flux**:
+```bash
+flux bootstrap github \
+  --owner=[org] \
+  --repository=[repo] \
+  --branch=main \
+  --path=clusters/production \
+  --personal
+```
+
+### 4. Configure Git Repository Access
+
+**ArgoCD**:
+```bash
+argocd repo add https://github.com/org/repo \
+  --username [user] \
+  --password [token]
+```
+
+**Flux**:
+- Flux bootstrap automatically creates deploy key
+- Verify in GitHub Settings > Deploy keys
+
+### 5. Create Application Definitions
+
+**ArgoCD Application**:
+```yaml
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: myapp
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://github.com/org/repo
+    targetRevision: HEAD
+    path: k8s/overlays/production
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: production
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+```
+
+**Flux Kustomization**:
+```yaml
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: myapp
+  namespace: flux-system
+spec:
+  interval: 5m
+  path: ./k8s/overlays/production
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: myapp
+```
+
+### 6. Setup App-of-Apps Pattern (Optional)
+
+For managing multiple applications:
+
+**ArgoCD**:
+```yaml
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: apps
+  namespace: argocd
+spec:
+  source:
+    path: argocd/applications
+  destination:
+    namespace: argocd
+  syncPolicy:
+    automated: {}
+```
+
+**Flux**: Use hierarchical Kustomizations
+
+### 7. Configure Progressive Delivery (Optional)
+
+If requested, install and configure Flagger:
+
+```bash
+helm install flagger flagger/flagger \
+  --namespace flagger-system
+```
+
+Create Canary resource:
+```yaml
+apiVersion: flagger.app/v1beta1
+kind: Canary
+metadata:
+  name: myapp
+spec:
+  targetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: myapp
+  analysis:
+    interval: 1m
+    threshold: 5
+    maxWeight: 50
+    stepWeight: 10
+```
+
+### 8. Setup Notifications
+
+**ArgoCD**:
+- Configure Slack/Teams webhooks
+- Setup notification triggers
+
+**Flux**:
+- Configure notification-controller
+- Create Alerts for Git events
+
+### 9. Verify GitOps Workflow
+
+1. Make change in Git repository
+2. Commit and push
+3. Verify automatic sync
+4. Check application health
+
+## Output Format
+
+### GitOps Setup Summary
+
+**GitOps Tool**: [ArgoCD/Flux]
+**Version**: [version]
+**Installation**: [namespace]
+
+**Git Repository**:
+- URL: [repo-url]
+- Branch: [branch]
+- Path: [path]
+- Authentication: [Configured ✓]
+
+**Applications Configured**:
+1. [app-name]
+   - Source: [path]
+   - Destination: [namespace]
+   - Sync: [Auto/Manual]
+   - Status: [Synced/OutOfSync]
+
+2. [app-name]
+   - Source: [path]
+   - Destination: [namespace]
+   - Sync: [Auto/Manual]
+   - Status: [Synced/OutOfSync]
+
+**Access Information**:
+- **ArgoCD UI**: https://argocd.[domain]
+  - Username: admin
+  - Password: [Use `kubectl get secret` to retrieve]
+- **Flux**: `flux get all`
+
+### Next Steps
+
+**For ArgoCD**:
+```bash
+# Access UI
+kubectl port-forward svc/argocd-server -n argocd 8080:443
+
+# Get admin password
+kubectl -n argocd get secret argocd-initial-admin-secret \
+  -o jsonpath="{.data.password}" | base64 -d
+
+# Sync application
+argocd app sync myapp
+
+# Check status
+argocd app list
+```
+
+**For Flux**:
+```bash
+# Check GitOps status
+flux get all
+
+# Reconcile immediately
+flux reconcile source git myapp
+flux reconcile kustomization myapp
+
+# Check logs
+flux logs
+```
+
+### Testing GitOps Workflow
+
+1. **Make a change**:
+```bash
+git clone [repo]
+cd [repo]
+# Edit manifests
+git add .
+git commit -m "Update deployment replicas"
+git push
+```
+
+2. **Watch sync** (ArgoCD):
+```bash
+argocd app wait myapp --sync
+```
+
+2. **Watch sync** (Flux):
+```bash
+flux reconcile kustomization myapp --with-source
+watch flux get kustomizations
+```
+
+3. **Verify changes**:
+```bash
+kubectl get deployment myapp -n production
+```
+
+## Best Practices
+
+**Repository Structure**:
+```
+repo/
+├── base/              # Base manifests
+│   ├── deployment.yaml
+│   └── service.yaml
+├── overlays/
+│   ├── dev/          # Dev environment
+│   ├── staging/      # Staging environment
+│   └── production/   # Production environment
+└── argocd/           # Application definitions
+    └── applications/
+```
+
+**Security**:
+- Use SSH keys for Git access
+- Enable RBAC in ArgoCD
+- Encrypt secrets (Sealed Secrets, External Secrets)
+- Review before auto-sync in production
+
+**Workflow**:
+- Use pull requests for changes
+- Require code review
+- Test in dev/staging first
+- Enable auto-sync only after testing
+
+## Troubleshooting
+
+**Application not syncing (ArgoCD)**:
+```bash
+# Check application status
+argocd app get myapp
+
+# Force sync
+argocd app sync myapp --force
+
+# Check events
+kubectl get events -n argocd
+```
+
+**Kustomization failing (Flux)**:
+```bash
+# Check status
+flux get kustomizations
+
+# Check logs
+flux logs --kind=Kustomization --name=myapp
+
+# Force reconcile
+flux reconcile kustomization myapp --with-source
+```
+
+**Git authentication failing**:
+- Verify deploy key permissions (read/write)
+- Check token hasn't expired
+- Verify repository URL correct
+- Check network policies allow Git access