Feature/argocd gitops

argocd-monitor/alert-manager-configuration.yaml

@@ -0,0 +1,27 @@
+apiVersion: monitoring.coreos.com/v1alpha1
+kind: AlertmanagerConfig
+metadata:
+  name: main-rules-alert-config
+  namespace: argocd
+spec:
+  route:
+    receiver: 'email'
+    repeatInterval: 30m
+    routes:
+    - matchers:
+      - name: alertname
+        value: ArgocdServiceNotSynced
+      - name: alertname
+        value: ArgocdServiceUnhealthy
+      repeatInterval: 10m 
+  receivers:
+  - name: 'email'
+    emailConfigs:
+    - to: 'chinmayapradhan10000@gmail.com'
+      from: 'chinmayapradhan10000@gmail.com'
+      smarthost: 'smtp.gmail.com:587'
+      authUsername: 'chinmayapradhan10000@gmail.com'
+      authIdentity: 'chinmayapradhan10000@gmail.com'
+      authPassword:
+        name: gmail-auth
+        key: password

argocd-monitor/argocd-alert-rules.yaml

@@ -0,0 +1,31 @@
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+  name: main-rules
+  namespace: argocd
+  labels:
+    app: kube-prometheus-stack
+    release: my-kube-prometheus-stack
+spec:
+  groups:
+  - name: argocd.rules
+    rules:
+    - alert: ArgocdServiceNotSynced
+      expr: argocd_app_info{sync_status!="Synced"} != 0
+      for: 15m
+      labels:
+        severity: warning
+      annotations:
+        summary: ArgoCD service not synced (instance {{ $labels.instance }})
+        description: "Service {{ $labels.name }} run by argo is currently not in sync.\n  VALUE = {{ $value }}\n  LABELS = {{ $labels }}"
+    - alert: ArgocdServiceUnhealthy
+      expr: argocd_app_info{health_status!="Healthy"} != 0
+      for: 15m
+      labels:
+        severity: warning
+      annotations:
+        summary: ArgoCD service unhealthy (instance {{ $labels.instance }})
+        description: "Service {{ $labels.name }} run by argo is currently not healthy.\n  VALUE = {{ $value }}\n  LABELS = {{ $labels }}"
+
+
+

argocd-monitor/argocd-service-monitor.yaml

@@ -0,0 +1,103 @@
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: argocd-metrics
+  labels:
+    release: my-kube-prometheus-stack
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: argocd-metrics
+  endpoints:
+  - port: metrics
+--- 
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: argocd-server-metrics
+  labels:
+    release: my-kube-prometheus-stack
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: argocd-server-metrics
+  endpoints:
+  - port: metrics
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: argocd-repo-server-metrics
+  labels:
+    release: my-kube-prometheus-stack
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: argocd-repo-server
+  endpoints:
+  - port: metrics
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: argocd-applicationset-controller-metrics
+  labels:
+    release: my-kube-prometheus-stack
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: argocd-applicationset-controller
+  endpoints:
+  - port: metrics
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: argocd-dex-server
+  labels:
+    release: my-kube-prometheus-stack
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: argocd-dex-server
+  endpoints:
+    - port: metrics
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: argocd-redis-haproxy-metrics
+  labels:
+    release: my-kube-prometheus-stack
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: argocd-redis-ha-haproxy
+  endpoints:
+  - port: http-exporter-port
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: argocd-notifications-controller
+  labels:
+    release: my-kube-prometheus-stack
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: argocd-notifications-controller-metrics
+  endpoints:
+    - port: metrics
+
+
+
+
+# kubectl apply -f argocd-service-monitor.yaml -n argocd
+# kubectl get servicemonitors -n argocd
+
+# kubectl -n monitoring get prometheuses.monitoring.coreos.com -o yaml | grep -i serviceMonitorSelector -A5
+
+
+# kubectl create ns monitoring
+# helm repo add prometheus-community https://prometheus-community.github.io/helm-charts -n monitoring
+# helm install my-kube-prometheus-stack prometheus-community/kube-prometheus-stack --version 62.7.0 -n monitoring

argocd-monitor/email-secret.yaml

@@ -0,0 +1,46 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  annotations:
+    sealedsecrets.bitnami.com/cluster-wide: "true"
+  creationTimestamp: null
+  name: gmail-auth
+  namespace: argocd
+spec:
+  encryptedData:
+    password: AgAdN5Iy73lTcQbQePOntWY/ITKUd5aVsqxsjbPg0SPvIaI5zYWz8lxQ0frUYfFN4hF02DeAiC19kxiBXI468wYz3GDPu9kOqXxhlxQnPQitQg5kuNvqZ27ElAnSMbOamzin5ItMhEPmt48uFsykogHXXM0AjHDFUWvkjJGmaLZL/aHOQ6YU6bF6LldGGH9r/iC2VS5TVrqU9Rgmr8qvKOMkNUBK8BKft+0eKOCtTuDYwbtEFF6MEPlqvVtv+LMWWN+0GUgTxguab7mwpTIJjnl13yMTFlVa7Ef/FdL8yTCtYAkBj0O+blOtFOj4omRrmZSwvsEttWjh+uCj5pTYk8nKwseSKAIt+pQNH4xS+MzC9bKf+oUE56N0qaThMtRGj4JZ2wpEHNGFsomDzYKgRoUjOMRtpCBcR+VmfjjclImulefErBrzkH+oNoTB3C4gpWWEL8Z74VXd54l/1qSYUkYphUOeBULUNKUrzagSFuk8AK50kDD6PV1f3oneXKQAJC7uM8tH5hiqjla0UOQkW8GrOZaeE/M7s4+mgKjPHff9xM4UT9QtcfM0KzhlskFSRY1trP30hYaLOrbWPcCSiNq1uB/dVTcxlyawHATqESN+ydbalS+hUHke/ZGKDO3RDMQ9/TyQID5uSqw5DLqbMafV0xs/oeZVTixGVRm8yyQ497EBiV4h299u3TmJxrVVOR/9zg9xnekPFpzKimHJfX0nCtr4
+  template:
+    metadata:
+      annotations:
+        sealedsecrets.bitnami.com/cluster-wide: "true"
+      creationTimestamp: null
+      name: gmail-auth
+      namespace: argocd
+    type: Opaque
+
+
+# helm repo add sealed-secrets https://bitnami-labs.github.io/sealed-secrets
+# helm install sealed-secrets -n kube-system --set-string fullnameOverride=sealed-secrets-controller sealed-secrets/sealed-secrets
+
+# kubectl get all -n kube-system | grep -i sealed
+# kubectl get secret -n kube-system | grep -i sealed
+
+# Install kubeseal
+# curl -OL "https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.23.0/kubeseal-0.23.0-linux-amd64.tar.gz"
+# tar -xvzf kubeseal-0.23.0-linux-amd64.tar.gz kubeseal
+# sudo install -m 755 kubeseal /usr/local/bin/kubeseal
+
+# Create secret file
+# sudo vim email-secret.yaml
+
+# kubectl -n kube-system get secrets
+# kubectl -n kube-system get secrets <Secret-name> -o yaml
+# kubectl -n kube-system get secrets sealed-secrets-keyd5dvq -o json | jq .data'."tls.crt"'
+# kubectl -n kube-system get secrets sealed-secrets-keyd5dvq -o json | jq .data'."tls.crt"' -r
+# kubectl -n kube-system get secrets sealed-secrets-keyd5dvq -o json | jq .data'."tls.crt"' -r | base64 -d
+# kubectl -n kube-system get secrets sealed-secrets-keyd5dvq -o json | jq .data'."tls.crt"' -r | base64 -d > sealedSecret.crt
+# cat sealedSecret.crt
+# kubeseal --cert sealedSecret.crt --scope cluster-wide < email-secret.yaml
+# kubeseal -o yaml --cert sealedSecret.crt --scope cluster-wide < email-secret.yaml > secret.yaml
+# cat secret.yaml
+# kubectl get secrets

bankapp/db-config.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: db-config
+  namespace: bankapp
+data:
+  db_server: jdbc:mysql://mysql-release-primary.bankapp.svc.cluster.local:3306/bankappdb?useSSL=false&allowPublicKeyRetrieval=true&serverTimezone=UTC

bankapp/db-secret.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: db-secret
+  namespace: bankapp
+  annotations:
+    avp.kubernetes.io/path: "credentials/data/app"
+type: Opaque
+stringData:
+  db_root_pwd: <db-root-pwd>     # Test@123
+  db_name: <db-name>             # bankappdb
+  db_user: <db-user>             # root
+

bankapp/hpa.yaml

@@ -0,0 +1,25 @@
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: java-app-hpa
+  namespace: bankapp
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: java-app-deployment
+  minReplicas: 2
+  maxReplicas: 10
+  metrics:
+  - type: Resource
+    resource:
+      name: cpu
+      target:
+        type: Utilization
+        averageUtilization: 50
+  - type: Resource
+    resource:
+      name: memory
+      target:
+        type: Utilization
+        averageUtilization: 70

bankapp/java-app-ingress.yaml

@@ -0,0 +1,18 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: java-app-ingress
+  namespace: bankapp
+spec:
+  ingressClassName: external-nginx
+  rules:
+  - host: k8s-ingress-external-cd564c2ff7-28c937f418df22b9.elb.us-east-2.amazonaws.com
+    http:
+      paths:
+      - pathType: Prefix
+        path: "/"
+        backend:
+          service:
+            name: java-app-service
+            port: 
+              number: 80

bankapp/java-app.yaml

@@ -0,0 +1,61 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: java-app-deployment
+  namespace: bankapp
+  labels:
+    app: java-app
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: java-app
+  template:
+    metadata:
+      labels:
+        app: java-app
+    spec:
+      imagePullSecrets:
+      - name: my-ecr-registry-key
+      containers:
+      - name: java-app
+        image: 156041433917.dkr.ecr.us-east-2.amazonaws.com/bank-app:1.0-2
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 8080
+        env: 
+        - name: SPRING_DATASOURCE_URL
+          valueFrom:
+            configMapKeyRef:
+              name: db-config
+              key: db_server
+        - name: SPRING_DATASOURCE_USERNAME
+          valueFrom:
+            secretKeyRef:
+              key: db_user
+              name: db-secret
+        - name: SPRING_DATASOURCE_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              key: db_root_pwd
+              name: db-secret
+        resources:
+          requests:
+            memory: "512Mi"
+            cpu: "250m"
+          limits:
+            memory: "1Gi"
+            cpu: "500m"
+--- 
+apiVersion: v1
+kind: Service
+metadata:
+  name: java-app-service
+  namespace: bankapp
+spec:
+  selector:
+    app: java-app
+  ports:
+  - port: 80
+    targetPort: 8080
+

bankapp/mysql-chart-values-eks.yaml

@@ -0,0 +1,33 @@
+# architecture: replication
+# auth:
+#   rootPassword: Test@123
+#   database: bankappdb
+
+# # Enable init container that changes the owner and group of the persistent volume mountpoint to runAsUser:fsGroup
+# volumePermissions:
+#   enabled: true
+
+# primary:
+#   persistence:
+#     enabled: false
+
+# secondary:
+#   # 1 primary and 2 secondary replicas
+#   replicaCount: 2
+#   persistence:
+#     enabled: true # Must be true to persist data across pods
+#     size: 8Gi # Specify the volume size
+#     storageClass: gp2 # Storage class for EKS volumes
+#     accessModes:
+#       - ReadWriteOnce # Correct access mode for gp2 volumes
+
+# metrics:
+#   enabled: true
+#   serviceMonitor:
+#     enabled: true
+#     additionalLabels:
+#       release: my-kube-prometheus-stack
+
+
+
+# # helm install mysql-release bitnami/mysql -f mysql-chart-values-eks.yaml -n bankapp