Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/faforever/gitops-stack

The gitops stack running faforever.com
https://github.com/faforever/gitops-stack

argocd gitops iac k8s

Last synced: 2 months ago
JSON representation

The gitops stack running faforever.com

Host: GitHub
URL: https://github.com/faforever/gitops-stack
Owner: FAForever
License: mit
Created: 2023-05-26T20:59:46.000Z (over 1 year ago)
Default Branch: main
Last Pushed: 2024-10-30T17:26:29.000Z (2 months ago)
Last Synced: 2024-10-30T18:30:32.340Z (2 months ago)
Topics: argocd, gitops, iac, k8s
Language: HTML
Homepage:
Size: 285 KB
Stars: 1
Watchers: 5
Forks: 2
Open Issues: 13
Metadata Files:
- Readme: README.MD

Awesome Lists containing this project

README

        # What is this?

The gitops stack is the deployment infrastructure of the FAForever project. Currently it only contains a subset of service, but in the long term, all services shall be migrate from faf-stack to here.

# Branching

* **main** branch = Production state

* **develop** branch = Testing state

Until things are settled the current workflow is:

* Test changes on develop

* Cherry pick working stuff on to main

* Rebase and force push develop afterwards

# Bootstrapping

First, we need to make the cluster gitops-ready by installing ArgoCD:

```sh

kubectl create namespace argocd

helm repo add argo https://argoproj.github.io/argo-helm

helm install argocd argo/argo-cd -n argocd

```

Then you can connect to argocd using the credentials generated:

```sh

PW=$(kubectl get secret -n argocd argocd-initial-admin-secret -o "jsonpath={.data.password}" | base64 -d)

echo "Access argocd via http://localhost:8080"

echo "User: admin, password: $PW"

kubectl port-forward -n argocd svc/argocd-server 8080:80

```

Now, we need to deploy the appsets via

```sh

kubectl apply -f app-set-test.yaml

```

Many apps will fail to start, because the lack the secrets that will be generated by infisical. But infiscal needs be setup too.

We use the cloud edition, but there is also a self hosted one we do not cover here.

For our stack you need to create a service token in the web ui and add this as a secret in all affected namespaces:

```sh

for namespace in "faf-apps faf-ops argocd"; do

kubectl create secret generic "infisical-service-token" \

    -n "$namespace" \

    --from-literal=infisicalToken=

done

```