Skip to content

Commit

Permalink
docs: demo/dev guide - add running argocd agent components in cluster…
Browse files Browse the repository at this point in the history 
…s using open cluster management

Signed-off-by: Mike Ng <[email protected]>
  • Loading branch information
@mikeshng
mikeshng committed Oct 25, 2024
1 parent d123d41 commit 1b4a52a
Show file tree
Hide file tree
Showing 21 changed files with 836 additions and 5 deletions.
7 changes: 6 additions & 1 deletion hack/demo-env/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ The author uses [microk8s](https://microk8s.io/) as the host Kubernetes cluster.
After installing microk8s, you want to enable metallb and hostpath storage in that cluster. metallb gives your cluster load balancer capabilities, and the hostpath storage will allow vcluster to persist its configuration:

```shell
sudo microk8s.enable metallb
sudo microk8s.enable metallb:192.168.56.200-192.168.56.254 # Adjust the range as needed. Currently set to values used in the steps below
sudo microk8s.enable hostpath-storage
```

Expand Down Expand Up @@ -109,3 +109,8 @@ There is a vscode launch configuration to assist with debugging components in `h
### Running in a cluster

To be written.

### Running in a cluster using Open Cluster Management

For running in a cluster using [Open Cluster Management (OCM)](https://open-cluster-management.io/),
see the [demo environment with OCM](./ocm/README.md) for more information.
4 changes: 1 addition & 3 deletions hack/demo-env/apps/autonomous-guestbook.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,6 @@ kind: Application
metadata:
name: guestbook
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
Expand All @@ -16,4 +14,4 @@ spec:
namespace: guestbook
syncPolicy:
syncOptions:
- "CreateNamespace=true"
- CreateNamespace=true
2 changes: 1 addition & 1 deletion hack/demo-env/apps/managed-guestbook.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,4 +14,4 @@ spec:
namespace: guestbook
syncPolicy:
syncOptions:
- "CreateNamespace=true"
- CreateNamespace=true
112 changes: 112 additions & 0 deletions hack/demo-env/ocm/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,112 @@
## Running the agent components in clusters using the Open Cluster Management (OCM) setup

[Open Cluster Management (OCM)](https://open-cluster-management.io/) is a robust, modular,
and extensible platform for orchestrating multiple Kubernetes clusters.
It features an addon framework that allows other projects to develop extensions for managing clusters in custom scenarios.

The following instructions will setup the `vcluster-control-plane` as the OCM hub cluster,
with the `vcluster-agent-managed` and `vcluster-agent-autonomous` clusters joining as managed clusters.

The Argo CD agent principal component will be installed on the hub cluster directly,
while the Argo CD agent agents will be deployed to the managed clusters as OCM addons.

## Set up OCM

### Install clusteradm CLI tool

Run the following command to download and install the latest OCM `clusteradm` tool:

```shell
curl -L https://raw.githubusercontent.com/open-cluster-management-io/clusteradm/main/install.sh | bash
```
### Setup the hub cluster

Setup the `vcluster-control-plane` as the OCM hub cluster:

```shell
kubectl config use-context vcluster-control-plane
joincmd=$(clusteradm init --wait | grep clusteradm)
```

### Request to join as managed clusters

Request `vcluster-agent-managed` and `vcluster-agent-autonomous` to join the hub as managed clusters:

```shell
kubectl config use-context vcluster-agent-managed
$(echo ${joincmd} --wait | sed "s/<cluster_name>/agent-managed/g")

kubectl config use-context vcluster-agent-autonomous
$(echo ${joincmd} --wait | sed "s/<cluster_name>/agent-autonomous/g")
```

### Accept the managed clusters join requests

Accept the join requests on the hub cluster:

```shell
kubectl config use-context vcluster-control-plane
clusteradm accept --clusters agent-managed
clusteradm accept --clusters agent-autonomous
```

### Verify

Verify that the managed clusters have successfully joined the hub cluster:

```shell
kubectl get managedclusters
NAME HUB ACCEPTED MANAGED CLUSTER URLS JOINED AVAILABLE AGE
agent-autonomous true True True 2m57s
agent-managed true True True 2m57s
```

## Deploy the Argo CD agent components

### Deploy and verify the Argo CD agent principal component

Deploy the principal component:

```shell
kubectl config use-context vcluster-control-plane
kubectl create -n argocd secret generic argocd-agent-principal-userpass --from-literal=passwd="$(cat hack/demo-env/creds/users.control-plane)"
kubectl apply -n argocd -k hack/demo-env/ocm/principal
```

Verify the principal deployment:

```shell
kubectl -n argocd get deploy argocd-agent-principal
NAME READY UP-TO-DATE AVAILABLE AGE
argocd-agent-principal 1/1 1 1 46s
```

### Deploy and verify the Argo CD agent agent component

Deploy the agent component:

```shell
kubectl config use-context vcluster-agent-managed
kubectl create -n agent-managed secret generic argocd-agent-managed-userpass --from-literal=credentials="$(cat hack/demo-env/creds/creds.agent-managed)"
kubectl config use-context vcluster-control-plane
kubectl apply -k hack/demo-env/ocm/agent-managed

kubectl config use-context vcluster-agent-autonomous
kubectl create ns agent-autonomous
kubectl create -n agent-autonomous secret generic argocd-agent-auto-userpass --from-literal=credentials="$(cat hack/demo-env/creds/creds.agent-autonomous)"
kubectl config use-context vcluster-control-plane
kubectl apply -k hack/demo-env/ocm/agent-autonomous
```

Verify the agents deployment:

```shell
kubectl config use-context vcluster-control-plane
kubectl -n agent-managed get managedclusteraddon
NAME AVAILABLE DEGRADED PROGRESSING
argocd-agent-managed True False

kubectl -n agent-autonomous get managedclusteraddon
NAME AVAILABLE DEGRADED PROGRESSING
argocd-agent-auto True False
```
4 changes: 4 additions & 0 deletions hack/demo-env/ocm/agent-autonomous/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
resources:
- ocm-agent-auto-addontemplate.yaml
- ocm-agent-auto-cmaddon.yaml
- ocm-agent-auto-maddon.yaml
173 changes: 173 additions & 0 deletions hack/demo-env/ocm/agent-autonomous/ocm-agent-auto-addontemplate.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,173 @@
apiVersion: addon.open-cluster-management.io/v1alpha1
kind: AddOnTemplate
metadata:
name: argocd-agent-auto-template
spec:
addonName: argocd-agent-auto
agentSpec:
workload:
manifests:
- kind: ServiceAccount
apiVersion: v1
metadata:
labels:
app.kubernetes.io/name: argocd-agent-auto
app.kubernetes.io/part-of: argocd-agent
app.kubernetes.io/component: agent
name: argocd-agent-auto
namespace: argocd
- kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels:
app.kubernetes.io/name: argocd-agent-auto
app.kubernetes.io/part-of: argocd-agent
app.kubernetes.io/component: agent
name: argocd-agent-auto
rules:
- apiGroups: [argoproj.io]
resources: [applications, appprojects, applicationsets]
verbs: [create, get, list, watch, update, delete, patch]
- apiGroups: [""]
resources: [secrets, configmaps]
verbs: [create, get, list, watch, update, patch, delete]
- apiGroups: [""]
resources: [events]
verbs: [create, list]
- kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels:
app.kubernetes.io/name: argocd-agent-auto
app.kubernetes.io/part-of: argocd-agent
app.kubernetes.io/component: agent
name: argocd-agent-auto-binding
subjects:
- kind: ServiceAccount
name: argocd-agent-auto
namespace: argocd
roleRef:
kind: ClusterRole
name: argocd-agent-auto
apiGroup: rbac.authorization.k8s.io
- kind: Deployment
apiVersion: apps/v1
metadata:
labels:
app.kubernetes.io/name: argocd-agent-auto
name: argocd-agent-auto
namespace: argocd
spec:
selector:
matchLabels:
app.kubernetes.io/name: argocd-agent-auto
app.kubernetes.io/part-of: argocd-agent
app.kubernetes.io/component: agent
template:
metadata:
labels:
app.kubernetes.io/name: argocd-agent-auto
app.kubernetes.io/part-of: argocd-agent
app.kubernetes.io/component: agent
spec:
serviceAccountName: argocd-agent-auto
containers:
- name: argocd-agent-auto
image: ghcr.io/argoproj-labs/argocd-agent/argocd-agent-agent:latest
imagePullPolicy: Always
args: [/usr/local/bin/argocd-agent-agent]
env:
- name: ARGOCD_AGENT_REMOTE_SERVER
valueFrom:
configMapKeyRef:
name: argocd-agent-params
key: agent.server.address
optional: true
- name: ARGOCD_AGENT_REMOTE_PORT
valueFrom:
configMapKeyRef:
name: argocd-agent-params
key: agent.server.port
optional: true
- name: ARGOCD_AGENT_LOG_LEVEL
valueFrom:
configMapKeyRef:
name: argocd-agent-params
key: agent.log.level
optional: true
- name: ARGOCD_AGENT_NAMESPACE
valueFrom:
configMapKeyRef:
name: argocd-agent-params
key: agent.namespace
optional: true
- name: ARGOCD_AGENT_TLS_CLIENT_CERT_PATH
valueFrom:
configMapKeyRef:
name: argocd-agent-params
key: agent.tls.client.cert-path
optional: true
- name: ARGOCD_AGENT_TLS_CLIENT_KEY_PATH
valueFrom:
configMapKeyRef:
name: argocd-agent-params
key: agent.tls.client.key-path
optional: true
- name: ARGOCD_AGENT_TLS_INSECURE
valueFrom:
configMapKeyRef:
name: argocd-agent-params
key: agent.tls.client.insecure
optional: true
- name: ARGOCD_AGENT_TLS_ROOT_CA_PATH
valueFrom:
configMapKeyRef:
name: argocd-agent-params
key: agent.tls.root-ca-path
optional: true
- name: ARGOCD_AGENT_MODE
valueFrom:
configMapKeyRef:
name: argocd-agent-params
key: agent.mode
optional: true
- name: ARGOCD_AGENT_CREDS
valueFrom:
configMapKeyRef:
name: argocd-agent-params
key: agent.creds.userpass.path
optional: true
ports:
- containerPort: 8000
name: metrics
securityContext:
capabilities:
drop: [ALL]
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
volumeMounts:
- name: userpass-passwd
mountPath: /app/config/creds
volumes:
- name: userpass-passwd
secret:
secretName: argocd-agent-auto-userpass
items:
- key: credentials
path: userpass.creds
- kind: ConfigMap
apiVersion: v1
metadata:
name: argocd-agent-params
namespace: argocd
data:
agent.mode: "autonomous"
agent.creds.userpass.path: "userpass:/app/config/creds/userpass.creds"
agent.tls.client.insecure: "true"
agent.log.level: "trace"
agent.namespace: "argocd"
agent.server.address: "192.168.56.103"
agent.server.port: "443"
15 changes: 15 additions & 0 deletions hack/demo-env/ocm/agent-autonomous/ocm-agent-auto-cmaddon.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
apiVersion: addon.open-cluster-management.io/v1alpha1
kind: ClusterManagementAddOn
metadata:
name: argocd-agent-auto
annotations:
addon.open-cluster-management.io/lifecycle: "addon-manager"
spec:
addOnMeta:
description: argocd-agent-auto is an OCM-io for ArgoCD agent autonomous mode
displayName: ArgoCD Agent Autonomous
supportedConfigs:
- group: addon.open-cluster-management.io
resource: addontemplates
defaultConfig:
name: argocd-agent-auto-template
7 changes: 7 additions & 0 deletions hack/demo-env/ocm/agent-autonomous/ocm-agent-auto-maddon.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
apiVersion: addon.open-cluster-management.io/v1alpha1
kind: ManagedClusterAddOn
metadata:
name: argocd-agent-auto
namespace: agent-autonomous
spec:
installNamespace: argocd
4 changes: 4 additions & 0 deletions hack/demo-env/ocm/agent-managed/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
resources:
- ocm-agent-managed-addontemplate.yaml
- ocm-agent-managed-cmaddon.yaml
- ocm-agent-managed-maddon.yaml
Loading

0 comments on commit 1b4a52a

Please sign in to comment.