feat: Demo env scripts (#54)

Signed-off-by: jannfis <[email protected]>
argoproj-labs · Apr 5, 2024 · 51134d6 · 51134d6
1 parent 9bfa360
commit 51134d6
Show file tree

Hide file tree

Showing 20 changed files with 243 additions and 0 deletions.
diff --git a/hack/demo-env/.gitignore b/hack/demo-env/.gitignore
@@ -0,0 +1 @@
+creds
diff --git a/hack/demo-env/README.md b/hack/demo-env/README.md
@@ -0,0 +1,51 @@
+# There are dragons beyond this point
+
+**WARNING:*** The scripts in this directory are not supposed to be used anywhere except for development or demo purposes. 
+
+## Description
+
+This directory and sub-directories contain scripts, kustomize manifests and other stuff that allow you to set-up a development and demo environment for `argocd-agent`. It comes without warranty. Running any of these scripts can fiddle with your connected cluster up to the point of no return, could break things on your local system, etc etc.
+
+The scripts are targeting the author's development system. Do not run them against yours or be prepared to dive into undocumented configuration and to clean up after yourself.
+
+It uses `vcluster` to create three virtual clusters:
+
+* vcluster-control-plane - For hosting the control plane and principal
+* vcluster-agent-managed - A cluster with agent in managed mode
+* vcluster-agent-autonomous - A cluster with agent in autonomous mode
+
+It will install Argo CD to each of those vclusters, in varying degrees of completeness.
+
+Both, vclusters and Argo CD installations, will require that LoadBalancer functionality is available on the host cluster (metalllb will be totally ok).
+
+## Set up
+
+To setup, run
+
+```
+./hack/demo-env/setup-vcluster-env.sh create
+```
+
+This will create three vclusters on your current cluster, and install opinionated Argo CD into each of them.
+
+You will need `vcluster` in your `$PATH`, and the current kubeconfig context must be configured to connect to your cluster as a cluster admin.
+
+## Details
+
+### Endpoints
+
+Your LoadBalancer (e.g. metallb) is supposed to issue IP addresses in the range `192.168.56.200-254` and to accept requests for particular IPs. If it's not, you're going to have to modify some of the manifests, patches and other stuff to adapt to your particular environment.
+
+By default, the scripts in this directory will configure:
+
+* The Argo CD UI on the control plane to be available at `https://192.168.56.220`
+* The redis server on the control plane to be exposed to `192.168.56.222`
+* The repository server on the control plane to be exposed to `192.168.56.222`
+
+### Credentials
+
+This is a local development environment. It comes with pre-configured credentials for the sake of simplicity.
+
+You can authenticate to the the Argo CD UI or API server with user `admin` and password `adminadmin`. Creative, isn't it.
+
+You will need to generate credentials for the agents. Run the `gen-creds.sh` script before you start any of the agent or principal components.
diff --git a/hack/demo-env/agent-autonomous/argocd-secret.yaml b/hack/demo-env/agent-autonomous/argocd-secret.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+data:
+  server.secretkey: WDlYWm5WY3FYZFRDUEVFYmtybFhmbk5NMHFlTXFEME42ZUhMRkN0KytORT0=
+kind: Secret
+metadata:
+  name: argocd-secret
diff --git a/hack/demo-env/agent-autonomous/kustomization.yaml b/hack/demo-env/agent-autonomous/kustomization.yaml
@@ -0,0 +1,10 @@
+resources:
+- https://github.com/argoproj/argo-cd/manifests/crds?ref=stable
+- https://github.com/argoproj/argo-cd/manifests/base/config?ref=stable
+- https://github.com/argoproj/argo-cd/manifests/base/redis?ref=stable
+- https://github.com/argoproj/argo-cd/manifests/base/repo-server?ref=stable
+- https://github.com/argoproj/argo-cd/manifests/base/application-controller?ref=stable
+- https://github.com/argoproj/argo-cd/manifests/cluster-rbac/application-controller?ref=stable
+
+patches:
+- argocd-secret.yaml
diff --git a/hack/demo-env/agent-managed/appproject-default.yaml b/hack/demo-env/agent-managed/appproject-default.yaml
@@ -0,0 +1,15 @@
+apiVersion: argoproj.io/v1alpha1
+kind: AppProject
+metadata:
+  name: default
+spec:
+  clusterResourceWhitelist:
+  - group: '*'
+    kind: '*'
+  destinations:
+  - namespace: '*'
+    server: '*'
+  sourceNamespaces:
+  - '*'
+  sourceRepos:
+  - '*'
diff --git a/hack/demo-env/agent-managed/argocd-cmd-params-cm.yaml b/hack/demo-env/agent-managed/argocd-cmd-params-cm.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: argocd-cmd-params-cm
+data:
+  repo.server: 192.168.56.222:8081
+  redis.server: 192.168.56.221:6379
diff --git a/hack/demo-env/agent-managed/argocd-secret.yaml b/hack/demo-env/agent-managed/argocd-secret.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+data:
+  server.secretkey: WDlYWm5WY3FYZFRDUEVFYmtybFhmbk5NMHFlTXFEME42ZUhMRkN0KytORT0=
+kind: Secret
+metadata:
+  name: argocd-secret
diff --git a/hack/demo-env/agent-managed/kustomization.yaml b/hack/demo-env/agent-managed/kustomization.yaml
@@ -0,0 +1,11 @@
+resources:
+- https://github.com/argoproj/argo-cd/manifests/crds?ref=stable
+- https://github.com/argoproj/argo-cd/manifests/base/config?ref=stable
+- https://github.com/argoproj/argo-cd/manifests/base/redis?ref=stable
+- https://github.com/argoproj/argo-cd/manifests/base/repo-server?ref=stable
+- https://github.com/argoproj/argo-cd/manifests/base/application-controller?ref=stable
+- https://github.com/argoproj/argo-cd/manifests/cluster-rbac/application-controller?ref=stable
+
+patches:
+- path: argocd-cmd-params-cm.yaml
+- path: argocd-secret.yaml
diff --git a/hack/demo-env/apps/managed-guestbook.yaml b/hack/demo-env/apps/managed-guestbook.yaml
@@ -0,0 +1,17 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: guestbook
+  namespace: agent-managed
+spec:
+  project: default
+  source:
+    repoURL: https://github.com/argoproj/argocd-example-apps
+    targetRevision: HEAD
+    path: kustomize-guestbook
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: guestbook
+  syncPolicy:
+    syncOptions:
+      - "CreateNamespace=true"
diff --git a/hack/demo-env/control-plane/argocd-cmd-params-cm.yaml b/hack/demo-env/control-plane/argocd-cmd-params-cm.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: argocd-cmd-params-cm
+data:
+  application.namespaces: "*"
diff --git a/hack/demo-env/control-plane/argocd-secret.yaml b/hack/demo-env/control-plane/argocd-secret.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+data:
+  admin.password: JDJhJDEwJGcyZ0pUMHcuTEppaVYuVjFvOFlHS09ZdnViTVY5aGgzSGNTVDdPVHB0eXRKOXczU1lYb0tP
+  admin.passwordMtime: MjAyNC0wMy0yNlQyMDo1MDowNVo=
+kind: Secret
+metadata:
+  name: argocd-secret
diff --git a/hack/demo-env/control-plane/kustomization.yaml b/hack/demo-env/control-plane/kustomization.yaml
@@ -0,0 +1,16 @@
+resources:
+- https://github.com/argoproj/argo-cd/manifests/crds?ref=stable
+- https://github.com/argoproj/argo-cd/manifests/base/config?ref=stable
+- https://github.com/argoproj/argo-cd/manifests/base/dex?ref=stable
+- https://github.com/argoproj/argo-cd/manifests/base/redis?ref=stable
+- https://github.com/argoproj/argo-cd/manifests/base/repo-server?ref=stable
+- https://github.com/argoproj/argo-cd/manifests/base/server?ref=stable
+- https://github.com/argoproj/argo-cd/manifests/cluster-rbac/server?ref=stable
+- https://github.com/argoproj/argo-cd/examples/k8s-rbac/argocd-server-applications?ref=stable
+
+patches:
+- path: argocd-cmd-params-cm.yaml
+- path: argocd-secret.yaml
+- path: server-service.yaml
+- path: repo-server-service.yaml
+- path: redis-service.yaml
diff --git a/hack/demo-env/control-plane/redis-service.yaml b/hack/demo-env/control-plane/redis-service.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: argocd-redis
+spec:
+  type: LoadBalancer
+  loadBalancerIP: 192.168.56.221
diff --git a/hack/demo-env/control-plane/repo-server-service.yaml b/hack/demo-env/control-plane/repo-server-service.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: argocd-repo-server
+spec:
+  type: LoadBalancer
+  loadBalancerIP: 192.168.56.222
diff --git a/hack/demo-env/control-plane/server-service.yaml b/hack/demo-env/control-plane/server-service.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: argocd-server
+spec:
+  type: LoadBalancer
+  loadBalancerIP: 192.168.56.220
diff --git a/hack/demo-env/gen-creds.sh b/hack/demo-env/gen-creds.sh
@@ -0,0 +1,28 @@
+#!/bin/sh
+##############################################################################
+# Script to generate credentials for development/e2e-tests of argocd-agent.
+#
+# WARNING: Development script. Do not use to produce production credentials.
+# This script comes without any promises. It should only be used to generate
+# credentials for your dev or demo environments. The passwords produced are
+# weak.
+##############################################################################
+set -ex -o pipefail
+
+SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )"
+htpasswd=$(which htpasswd)
+pwmake=$(which pwmake)
+creds_path=${SCRIPTPATH}/creds
+test -d ${creds_path} || mkdir ${creds_path}
+
+if test -f "${creds_path}/users.control-plane"; then
+	echo "Truncating existing creds"
+	rm -f "${creds_path}/users.control-plane"
+fi
+touch "${creds_path}/users.control-plane"
+
+for ag in agent-managed agent-autonomous; do
+	password=$(pwmake 56)
+	htpasswd -b -B "${creds_path}/users.control-plane" "${ag}" "${password}"
+	echo "${ag}:${password}" > "${creds_path}/creds.${ag}"
+done
diff --git a/hack/demo-env/setup-vcluster-env.sh b/hack/demo-env/setup-vcluster-env.sh
@@ -0,0 +1,26 @@
+#!/bin/sh
+set -e
+set -o pipefail
+VCLUSTERS="control-plane agent-managed agent-autonomous"
+action="$1"
+
+case "$action" in
+create)
+	for cluster in $VCLUSTERS; do
+		vcluster create --context=default -n vcluster-${cluster} --expose --kube-config-context-name vcluster-${cluster} vcluster-${cluster}
+		kubectl --context vcluster-${cluster} create ns argocd
+		kubectl --context vcluster-${cluster} apply -n argocd -k ${cluster}
+	done
+	kubectx default
+	;;
+delete)
+	for cluster in $VCLUSTERS; do
+		vcluster delete --context=default vcluster-${cluster}
+	done
+	kubectx default
+	;;
+*)
+	echo "$0 (create|delete)" >&2
+	exit 1
+esac
+
diff --git a/hack/demo-env/start-agent-autonomous.sh b/hack/demo-env/start-agent-autonomous.sh
@@ -0,0 +1,5 @@
+#!/bin/sh
+set -ex -o pipefail
+SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )"
+test -f cmd/agent/main.go || (echo "Script should be run from argocd-agent's root path" >&2; exit 1)
+go run ./cmd/agent/main.go --agent-mode autonomous --creds userpass:${SCRIPTPATH}/creds/creds.agent-autonomous --server-address 127.0.0.1 --server-port 8443 --insecure-tls --kubecontext vcluster-agent-autonomous --namespace agent-autonomous
diff --git a/hack/demo-env/start-agent-managed.sh b/hack/demo-env/start-agent-managed.sh
@@ -0,0 +1,5 @@
+#!/bin/sh
+set -ex -o pipefail
+SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )"
+test -f cmd/agent/main.go || (echo "Script should be run from argocd-agent's root path" >&2; exit 1)
+go run ./cmd/agent/main.go --agent-mode managed --creds userpass:${SCRIPTPATH}/creds/creds.agent-managed --server-address 127.0.0.1 --server-port 8443 --insecure-tls --kubecontext vcluster-agent-managed --namespace agent-managed
diff --git a/hack/demo-env/start-principal.sh b/hack/demo-env/start-principal.sh
@@ -0,0 +1,5 @@
+#!/bin/sh
+set -ex -o pipefail
+SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )"
+test -f cmd/principal/main.go || (echo "Script should be run from argocd-agent's root path" >&2; exit 1)
+go run ./cmd/principal --allowed-namespaces '*' --insecure-tls-generate --insecure-jwt-generate --kubecontext vcluster-control-plane --log-level trace --passwd ${SCRIPTPATH}/creds/users.control-plane