Check that all the APIs are enabled
$ gcloud services list --enabled
NAME TITLE
appengine.googleapis.com App Engine Admin API
appenginereporting.googleapis.com App Engine
autoscaling.googleapis.com Cloud Autoscaling API
bigquerystorage.googleapis.com BigQuery Storage API
certificatemanager.googleapis.com Certificate Manager API
cloudapis.googleapis.com Google Cloud APIs
cloudbuild.googleapis.com Cloud Build API
cloudresourcemanager.googleapis.com Cloud Resource Manager API
cloudscheduler.googleapis.com Cloud Scheduler API
cloudtrace.googleapis.com Cloud Trace API
compute.googleapis.com Compute Engine API
container.googleapis.com Kubernetes Engine API
containerregistry.googleapis.com Container Registry API
datastore.googleapis.com Cloud Datastore API
deploymentmanager.googleapis.com Cloud Deployment Manager V2 API
iam.googleapis.com Identity and Access Management (IAM) API
iamcredentials.googleapis.com IAM Service Account Credentials API
logging.googleapis.com Cloud Logging API
monitoring.googleapis.com Cloud Monitoring API
oslogin.googleapis.com Cloud OS Login API
secretmanager.googleapis.com Secret Manager API
servicemanagement.googleapis.com Service Management API
serviceusage.googleapis.com Service Usage API
Create a tofu.tfvars file containing something similar to the following:
credentials_file = "wibbly-flibble-stuff-morestuff.json"
project = "wibble-flibble-numbers"
region = "europe-west2"
Create the service account keys which will be used for tofu wibbly-flibble-stuff-morestuff.json using:
$ gcloud iam service-accounts keys create gcp_deployment_creds.json \
--iam-account=tofu-deployer@wibble-flibble-123456.iam.gserviceaccount.com
created key [123456abcdef1234] of type [json] as [gcp_deployment_creds.json] for [[email protected]]
Run the standard terraform deployment:
$ tofu init
$ tofu plan
$ tofu apply
$ export KUBECONFIG=~/.kube/config
This will create everything except the kubectl_manifests which must be created after getting the cluster credentials These will be generated on a second tofu apply once the kubernetes cluster credentials have been found. Run the below command to populate the ~/.kube/config:
$ gcloud container clusters get-credentials <project_name>-gke --region europe-west2
Set the kubeconfig for Helm
$ export KUBE_CONFIGFILE=$KUBECONFIG
Run tofu apply again which should output:
helm_release.argocd: Still creating... [3m20s elapsed]
helm_release.argocd: Creation complete after 3m24s [id=argocd]
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
Outputs:
kubernetes_cluster_host = "1.2.3.4"
kubernetes_cluster_name = "wibbly-bibbly-12235-gke"
project = "wibbly-bibbly-12235"
region = "europe-west2"
Enable ArgoCD
$ echo "argocd_enabled = true" >> terraform.tfvars
$ tofu apply
$ kubectl port-forward svc/argocd-server -n argocd 8080:443
$ kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d; echo
Enable Argo workflows by editing the terraform.tfvars so that is looks like the below:
argocd_enabled = false
argoworkflows_enabled = true
Re-run the tofu
$ tofu apply
Port forward to the workflows server
$ kubectl -n argo port-forward deployment/argo-workflows-server 2746:2746
$ kubectl create rolebinding default-admin --clusterrole=admin --serviceaccount=argo:default -n argo
rolebinding.rbac.authorization.k8s.io/default-admin created
$ kubectl create -f workflows/dag-workflow-template.yaml
workflowtemplate.argoproj.io/whalesay-template created
$ kubectl create -f workflows/dag-workflow.yaml
workflow.argoproj.io/dag-diamond-zrwsl created
$ kubectl get workflowtemplates
No resources found in default namespace.
$ kubectl get workflowtemplates -n argo
NAME AGE
whalesay-template 12s
$ kubectl get workflows -n argo
NAME STATUS AGE MESSAGE
dag-diamond-zrwsl Running 13s
$ kubectl get workflows -n argo
NAME STATUS AGE MESSAGE
dag-diamond-zrwsl Running 15s
Enable Argo Rollouts by editing the terraform.tfvars so that is looks like the below:
argocd_enabled = false
argoworkflows_enabled = false
argorollouts_enabled = true
Re-run the tofu
#$ kubectl create -f events/install.yaml
$ kubectl create -f events/install-validating-webhook.yaml
$ kubectl create -f -n argo-events events/native.yaml
$ kubectl create -f -n argo-events events/webhook.yaml
$ kubectl create -f -n argo-events events/sensor-rbac.yaml
$ kubectl create -f -n argo-events events/workflow-rbac.yaml
$ kubectl create -f -n argo-events events/webhook-sensors.yaml
$ ./events/expose-webhook.sh