{"id":19154315,"url":"https://github.com/baloise/kikkers","last_synced_at":"2026-02-07T22:31:32.849Z","repository":{"id":259882922,"uuid":"879714420","full_name":"baloise/kikkers","owner":"baloise","description":"Argo Events playground (Code Camp 2024)","archived":false,"fork":false,"pushed_at":"2024-11-21T11:40:58.000Z","size":1635,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":5,"default_branch":"main","last_synced_at":"2025-08-01T20:52:54.631Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/baloise.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-10-28T12:25:50.000Z","updated_at":"2024-11-21T11:41:01.000Z","dependencies_parsed_at":"2024-10-28T16:22:21.313Z","dependency_job_id":"d5ff01dd-d78a-41e6-9231-62b81dee378f","html_url":"https://github.com/baloise/kikkers","commit_stats":null,"previous_names":["baloise/kikkers"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/baloise/kikkers","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/baloise%2Fkikkers","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/baloise%2Fkikkers/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/baloise%2Fkikkers/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/baloise%2Fkikkers/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/baloise","download_url":"https://codeload.github.com/baloise/kikkers/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/baloise%2Fkikkers/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29211127,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-07T22:22:11.602Z","status":"ssl_error","status_checked_at":"2026-02-07T22:22:10.684Z","response_time":63,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-09T08:26:24.560Z","updated_at":"2026-02-07T22:31:32.834Z","avatar_url":"https://github.com/baloise.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# kikkers\n\nArgo Events playground (Code Camp 2024)\n\n## MinIO Use Case\n\n![minio](minio.drawio.png \"minio\")\n\n### Setup\n\n#### Deploy MinIO instance\n\n* Expose minio and minio-console svc\n* Add generated ca to destinationCA in Routes\n* Define MINIO_ROOT_USER and MINIO_ROOT_PASSWORD storage-configuration config.env\n* [tenant](https://github.com/baloise-incubator/code-camp-apps/blob/master/argo-events-playground-test/minio-tenant.yaml)\n* Create bucket with name `test` and generate Access and Secret Keys\n\nCreate [native NATs eventbus](https://github.com/baloise-incubator/code-camp-apps/blob/master/argo-events-playground-test/kustomization.yaml#L9)\n\n* Stan(NATS Streaming / deprecated), Jetstream (NATS JetStream) and Kafka\n  * [Stan: create 3 replicas with token authentication (stan)](https://argoproj.github.io/argo-events/eventbus/stan/)\n  * [Jetstream: create 3 replicas with /set password authentication (TLS is turned on, the password is encrypted)](https://argoproj.github.io/argo-events/eventbus/jetstream/)\n  * [When using a Kafka EventBus you must already have a Kafka cluster set up](https://argoproj.github.io/argo-events/eventbus/kafka/)\n* token strategy will generate a token and store it in K8s secrets (one for client, one for server), EventSource and Sensor automatically use the secret\n* EventBus is namespaced; an EventBus object is required in a namespace to make EventSource and Sensor work.\n* EventBus named default\n* Stan\n  * Max Age of existing messages (defaults to 72h)\n  * Max number of messages before expiring the oldest messages (Defaults to 1000000)\n  * Total size of messages before expiring the oldest messages (Defaults to 1GB)\n  * Maximum number of subscriptions (Defaults to 1000)\n  * Maximum number of bytes in a message payload (Defaults to 1MB)\n  * https://argoproj.github.io/argo-events/eventbus/stan/#more-about-native-nats-eventbus\n\n#### Create RBAC needed to run workflows\n\n* [sensor-rbac.yaml](https://github.com/baloise-incubator/code-camp-apps/blob/master/argo-events-playground-test/sensor-rbac.yaml)\n* [workflow-rbac.yaml](https://github.com/baloise-incubator/code-camp-apps/blob/master/argo-events-playground-test/workflow-rbac.yaml)\n\n#### Create EventSource\n\n* [eventsource.yaml](https://github.com/baloise-incubator/code-camp-apps/blob/master/argo-events-playground-test/eventsource.yaml)\n* Watch for `s3:ObjectCreated:Put` in bucket `test` using Access and Secret Keys provided in `artifacts-minio` secret and create `sudoku` event\n* Filter to `prefix: \"input\"` and `suffix: \".txt\"`\n* Point to Route to trust certificate (Route re-encrypt using MinIO destination certificate)\n\n#### Create Sensor\n\n* [sensor.yaml](https://github.com/baloise-incubator/code-camp-apps/blob/master/argo-events-playground-test/sensor.yaml)\n* Create workflow that References a workflowTemplate as soon as event is created on the eventbus\n* Reference event `sudoku` event from eventSource `minio`\n* test-dep provide metadata from event to parameters to the created workflow\n* Argo Sensor k8s trigger create Argo Workflow resource\n  * Created Argo Workflows resource references Argo Workflow Template\n* use event metadata to provide path to local s3 downloaded file\n\n#### Create workflowTemplate\n\n* [sudoku-wft.yaml](https://github.com/baloise-incubator/code-camp-apps/blob/master/argo-events-playground-test/sudoku-wft.yaml)\n* s3 input (get files from MinIO using Access and Secret Keys provided in `artifacts-minio` secret)\n* s3 output (put files to MinIO using Access and Secret Keys provided in `artifacts-minio` secret)\n* set archive to {} to keep plain files when put to s3\n* ghcr.io/luechtdiode/sudoku:0.0.2 [Sudoku Solver Repo](https://github.com/luechtdiode/sudoku)\n\n\n#### Make use of extended handling of event-metadata\n\nCapture more context-data from Minio Sudoku Event and try to identify Sudoku File Uploader for further notification purposes\n  \nSample Event Payload (see pricipalId: Sudoku Requester):\n```json\n[{\n  eventVersion:2.0,\n  eventSource:minio:s3,\n  awsRegion:,\n  eventTime:2024-10-30T13:02:09.050Z,\n  eventName:s3:ObjectCreated:Put,\n  userIdentity:{\n    principalId:Sudoku Requester\n  },\n  requestParameters:{\n    principalId:Sudoku Requester,\n    region:,\n    sourceIPAddress:redacted minio host ip\n  },\n  responseElements:{\n    x-amz-id-2:912a0631cecf761f73c7401d71bc819e9fd4b007e66fba8f36cc12235413475e,\n    x-amz-request-id:18033C9D81E3DDB9,\n    x-minio-deployment-id:358cb810-c0cc-4d30-9e86-e5bfbdf8cd0f,\n    x-minio-origin-endpoint:https://minio.redacted.svc.cluster.local\n  },\n  s3:{\n    s3SchemaVersion:1.0,\n    configurationId:Config,\n    bucket:{\n      name:test,\n      ownerIdentity:{\n        principalId:Sudoku Requester\n      },\n      arn:arn:aws:s3:::test\n    },\n    object:{\n      key:input/sudoku.txt,\n      size:2591,\n      eTag:5824476e697ce635d1eae18057131aab,contentType:text/plain,\n      userMetadata:{content-type:text/plain},\n      sequencer:18033C9D81FB2313\n    }\n  },\n  source:{\n    host:redacted minio host ip,\n    port:,\n    userAgent:MinIO (linux; amd64) minio-go/v7.0.70 MinIO Console/(dev)\n  }\n}]\n```\n\nUse username of file-uploader to define outputfolder. See separate [workflow-implmentation](https://github.com/luechtdiode/mk8-argo/tree/mk8-128/argo-events-playground-test)\n\n\u003cimg width=\"275\" alt=\"image\" src=\"https://github.com/user-attachments/assets/e5a3b90a-cb9e-406b-b285-628e93cd50e0\"\u003e\n\n\n## Argo Rollouts\n\n* Application need to be able to scale horizontally (more than one replica possible to run at the same time)\n\n![rollouts](rollouts.png \"rollouts\")\n\n\n* Deploy using OLM, as OpenShift [Argo Rollout plugin](https://argo-rollouts.readthedocs.io/en/stable/plugins/) is needed for HAProxy traffic-splitting/routing integration on Argo Rollout Controller deployment.\n\n```yaml\n      trafficRouting:\n        plugins:\n          argoproj-labs/openshift:\n            routes:\n              - ...\n```\n\nIgnore weight in ArgoCD\n\n```bash\n  resource.customizations: |\n    route.openshift.io/Route:\n      ignoreDifferences: |\n        jsonPointers:\n        - /spec/to/weight\n        jqPathExpressions:\n        - '.spec.alternateBackends[]?.weight'\n```\n\n\u003chttps://docs.openshift.com/gitops/1.14/argo_rollouts/routing-traffic-by-using-argo-rollouts.html\u003e\n\n### Setup\n\nRollout\n\n* [Stable Service](https://github.com/baloise-incubator/code-camp-apps/blob/master/argo-rollouts-playground-test/haproxy-stable-svc.yaml)\n* [Canary Service](https://github.com/baloise-incubator/code-camp-apps/blob/master/argo-rollouts-playground-test/haproxy-canary-svc.yaml)\n* [Route](https://github.com/baloise-incubator/code-camp-apps/blob/master/argo-rollouts-playground-test/haproxy-route.yaml)\n  * Define alternateBackends to point to canary service using weight managed by Argo Rollouts\n* [Rollout Resource](https://github.com/baloise-incubator/code-camp-apps/blob/master/argo-rollouts-playground-test/haproxy-rollout.yaml)\n  * Defines Pod spec\n  * Differs from deployment in strategy section\n    * Split traffic between canary service and stable service using the alternateBackends defintion in Route\n    * Use OpenShift traffic routing plugin\n    * Add Criteria in steps to proceed with rollouts using an AnalysisTemplate\n    * Pass route name to rerfence it in HAproxy metrics in analysis\n\nAnalysis\n\n* [AnalysisTemplate](https://github.com/baloise-incubator/code-camp-apps/blob/master/argo-rollouts-playground-test/haproxy-analysistemplate.yaml)\n  * Use success rate of request to rollout or rollback\n    * Run analysis every 10s / 10 times\n    * failureLimit: 3 # Fixme\n    * success rate above 90% required to proceed\n    * Use OpenShift Monitoring provided metrics `haproxy_backend_http_responses_total`\n    * Authenticate using serviceAccount against Thanos Querier API\n\nProvide openshift-monitoring metrics (Do not use this in producation!)\n\n* [ServiceMonitor](https://github.com/baloise-incubator/code-camp-apps/blob/master/argo-rollouts-playground-test/servicemonitor.yaml)\n  * For demonstation purpose only. Do not add serviceMonitors to RH provided openshift-monitoring stack\n  * Make sure you have 1s scrape interval\n* [Thanos Querier SA](https://github.com/baloise-incubator/code-camp-apps/blob/master/argo-rollouts-playground-test/haproxy-thanos-querier-reader-sa.yaml)\n  * Provide SA that can access openshift-monitoring using a bearer token\n* [Thanos Querier CRB](https://github.com/baloise-incubator/code-camp-apps/blob/master/argo-rollouts-playground-test/haproxy-thanos-querier-reader-crb.yaml)\n  * openshift-monitoring uses oauth proxy / openshift-delegate-urls to gran access to serviceAccounts that can `get` `namespace`\n\n\nCreate short-live token for Demo\n\n```bash\nTOKEN=$(kubectl create token thanos-querier-reader --namespace argo-rollouts-playground-test --duration 6000m)\nkubectl create secret generic token --from-literal=token=\"Bearer $TOKEN\"\n```\n\n### Trivial Demo\n\nCreate some requests\n\n```bash\nkubectl delete rollout rollouts-haproxy-demo\nwhile true; do sleep 0.1 \u0026\u0026 curl https://rollouts-demo-route-argo-rollouts-playground-test.apps.baloise.dev -s -I | grep -i \"HTTP/1.1\" -A1; done\n```\n\n[Metrics](https://console.baloise.dev/monitoring/query-browser?query0=sum%28%0A++++++++++++rate%28%0A++++++++++++++haproxy_backend_http_responses_total%7Broute%3D%22rollouts-demo-route%22%2Ccode%21%7E%22%5B4-5%5D.*%22%7D%5B10s%5D%0A++++++++++++%29%0A++++++++++%29%0A++++++++++%2F%0A++++++++++sum%28%0A++++++++++++rate%28%0A++++++++++++++haproxy_backend_http_responses_total%7Broute%3D%22rollouts-demo-route%22%7D%5B10s%5D%0A++++++++++++%29%0A++++++++++%29)\n\nGenerate some 403\n\n```bash\n        volumeMounts:\n        - mountPath: /usr/share/nginx/html\n          name: nginx\n```\n\n[kubectl argo rollouts dashboard](https://argocd.baloise.dev/applications/argocd/argo-rollouts-playground-test?view=tree\u0026resource=\u0026node=argoproj.io%2FRollout%2Fargo-rollouts-playground-test%2Frollouts-haproxy-demo%2F0\u0026tab=extension-0)\n\n\n![alt text](rollout-ui.png)\n\nStart TUI\n\n```bash\nkubectl argo rollouts -n argo-rollouts-playground-test get rollout rollouts-haproxy-demo --watch\n```\n\n![alt text](rollout-tui.png)\n\nProceed with rollout\n\n```bash\nkubectl argo rollouts -n argo-rollouts-playground-test get rollout rollouts-haproxy-demo --watch\nkubectl get analysisruns.argoproj.io\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbaloise%2Fkikkers","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbaloise%2Fkikkers","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbaloise%2Fkikkers/lists"}