Path to GitOps Talk

Path to GitOps – Migrating to Workflows

The following lab material goes with the Path to GitOps – Migrating to Workflows presentation. The goal of this presentation is to discuss migrating from existing monolithic CI/CD piplines for applications and migrate them to Workflows.

Lab Material

This lab uses Digital Ocean Managed Kubernetes to host this topic. Please follow these in-order as you follow the presentation.

Initial Prep

  1. Install Terraform
  2. Install doctl the DigitalOcean CLI (Optional)
  3. Install Argo CLI

Create Kubernetes Cluster

cd terraform-cluster
terraform init
terraform apply

Kubernetes Cluster Setup

mkdir -p ~/.kube
jq --raw-output '.resources[] | select(.type=="digitalocean_kubernetes_cluster")  | .instances[0] | .attributes | .kube_config[0] | .raw_config' terraform.tfstate > ~/.kube/config
cd ..

helm repo add stable


kubectl create namespace kube-monitoring
helm install metrics-server stable/metrics-server --namespace kube-monitoring --values config/metrics-server-values.yaml

Ingress Controller - Deploy

kubectl create namespace ingress
helm install nginx-ingress stable/nginx-ingress --namespace ingress --set controller.publishService.enabled=true
kubectl -n ingress get svc nginx-ingress-controller

Cert Manager - Deploy

helm repo add jetstack
kubectl apply --validate=false -f

kubectl create namespace cert-manager
helm install cert-manager jetstack/cert-manager --namespace cert-manager
watch -n 2 'kubectl get pods -n cert-manager'

Cert Manager - Setup Let's Encrypt Certificate ClusterIssuer

sed "s/EMAIL_ADDRESS/$ACME_EMAIL/" config/letsencrypt-prod-issuer.yaml | kubectl create -f -
sed "s/EMAIL_ADDRESS/$ACME_EMAIL/" config/letsencrypt-staging-issuer.yaml | kubectl create -f -

Ingress Controller - DNS Settings

kubectl -n ingress get svc nginx-ingress-controller
export KUBE_INGRESS_IP=$(kubectl -n ingress get svc nginx-ingress-controller -o=jsonpath='{.status.loadBalancer.ingress[0].ip}')
cd terraform-dns
terraform init
terraform apply -var="ipv4_address=$KUBE_INGRESS_IP"
cd ..

Argo - Deploy

kubectl create namespace argo
kubectl apply -n argo -f

Argo - Ingress

# Deploying Test Service for deubgging
kubectl create -f config/echo-service.yaml
kubectl create -f config/echo-ingress.yaml

kubectl create -f config/argo-server-ingress.yaml

Workflow Demos


kubectl create namespace workflows
kubectl -n workflows create rolebinding default-admin --clusterrole=admin --serviceaccount=workflows:default

WF1 - Hello World

kubectl create -f workflows/hello-world.yaml
kubectl -n workflows get wf
export WF=$(kubectl -n workflows get wf | grep '^hello-world' | head -1 | awk '{ print $1 }')
kubectl -n workflows get wf $WF
kubectl -n workflows get pod$WF
kubectl -n workflows logs $WF -c main

WF2 - Coinflip

argo -n workflows submit --watch workflows/coinflip.yaml
argo -n workflows list
export WF=$(kubectl -n workflows get wf | grep '^coinflip' | head -1 | awk '{ print $1 }')
argo -n workflows get $WF

You can always see the pods logs using argo -n workflows logs

WF3 - Coinflip Recursive

argo -n workflows submit --watch workflows/coinflip-recursive.yaml

WF4 - Maps and Loops

argo -n workflows submit --watch workflows/loops-maps.yaml

WF5 - Nest Workflows and Parallelism

argo -n workflows submit --watch workflows/parallelism-nested-workflow-serial.yaml
argo -n workflows submit --watch workflows/parallelism-nested-workflow.yaml

WF6 - DAG Diamond

argo -n workflows submit --watch workflows/dag-diamond-steps.yaml

Lab Clean-up

cd terraform-cluster
terraform destroy -auto-approve
cd ..

cd terraform-dns
terraform destroy -auto-approve -var="ipv4_address=$KUBE_INGRESS_IP"
cd ..

for lb in $(doctl compute load-balancer list -o json | jq --raw-output '.[] | .id'); do doctl compute load-balancer delete --force $lb; done

find . -name "terraform.tfstate*" -exec rm {} \;


