demo for using Crossplane with argo events, kyverno and Argo Workflows
Build a system for allowing creation of gatekeeped Github Repositories, with automated triggering of a Github Action
workflow in the new repository.
You will some local container tooling for kind to work, like docker desktop or orbstack.
Flox is used to make this demo simple to run.
Flox activate
If you are not into nix
or flox
you may get started by installing the following tools:
Optional:
Use this guide to create a token.
It will need permissions to be able to create repositories and trigger workflows.
Once you have the token, export it as an environment variable along with your Github username (or organization name):
export GITHUB_TOKEN=token-goes-here)
export GITHUB_USERNAME=github-username-or-org
export ARGO_GITHUB_TOKEN=$(echo -n "Bearer $GITHUB_TOKEN" | base64)
This demo subsitutes these values into the manifests using envsubst
.
task create <- creates the Kind cluster
task bootstrap <- Installs required tools and components
task post-bootstrap <- Configures the controllers
Optionally you may now setup some kyverno policies:
kubectl apply -f kyverno/repo-mutate-policy.yaml <- this will mutate the repository visibility to private
kubectl apply -f kyverno/repo-names-policy.yaml <- this will enforce a naming convention
Now you are ready to create a new repository using an example template repository:
kubectl apply -f crossplane/repo-no-validation.yaml
You can port forward the Argo Workflow UI to see the workflow in action:
Note that auth is disabled in the UI in this demo
kubectl -n argo-events port-forward deployment/argo-server 2746:2746
Open your browser to http://localhost:2746
and you should see the workflow running.
And in your new repository you should see the workflow running: