/code4ro-k8s

Mozilla Public License 2.0MPL-2.0

Code4ro k8s manifests

License: MPL 2.0

This repository contains the k8s manifest for all the applications in the Code4ro platform.

ArgoCD

The k8s cluster is using ArgoCD to automatically deploy manifests when a new change is detected.

The flow is as follow:

  1. User adds a new tag in application git repository
  2. CI kicks in in that repository and builds the new image
  3. The image is pushed to docker hub with that specific tag
  4. A new commit is made by the CI/user on this repo in which we change the image version in the manifest (wait for the GHA that pushes the image to DockerHub to end successfuly)
  5. ArgoCD will detect the change in this repo and apply the manifests to the k8s cluster

ArgoCD projects:

  • infra: knative, cert-manager, sealed-secrets and argocd. infra/argo-apps-infra.yaml is the root ArgoCD Application for infra/argo-apps. infra/argo-apps store the ArgoCD Applications.
  • default: all applications manifests. apps/argo-apps-default.yaml is the root ArgoCD Application for infra/argo-apps. apps/argo-apps store the ArgoCD Applications.

Sealed Secrets

Encrypt secrets and store them on git. Below is an example of how to create secrets with kubeseal.

# Create a yaml-encoded Secret somehow:
# (note use of `--dry-run` - this is just a local file!)
echo -n bar | kubectl create secret generic mysecret --dry-run=client --from-file=foo=/dev/stdin -o yaml >secret.yaml

# This is the important bit:
kubeseal --controller-namespace sealed-secrets --controller-name sealed-secrets --format yaml <secret.yaml >sealed-secret.yaml

# At this point sealed-secret.yaml is safe to upload to Github

# Test it
kubectl get secret my-secret

Cert Manager

For automatically regenerating certificates with Lets Encrypt using Route53 integration.

Contributing

This project is built by amazing volunteers and you can be one of them! Here's a list of ways in which you can contribute to this project. If you want to make any change to this repository, please make a fork first.

Feedback

  • Request a new feature on GitHub.
  • Vote for popular feature requests.
  • File a bug in GitHub Issues.
  • Email us with other feedback contact@code4.ro

License

This project is licensed under the MPL 2.0 License - see the LICENSE file for details

About Code for Romania

Started in 2016, Code for Romania is a civic tech NGO, official member of the Code for All network. We have a community of around 2.000 volunteers (developers, ux/ui, communications, data scientists, graphic designers, devops, it security and more) who work pro-bono for developing digital solutions to solve social problems. #techforsocialgood. If you want to learn more details about our projects visit our site or if you want to talk to one of our staff members, please e-mail us at contact@code4.ro.

Last, but not least, we rely on donations to ensure the infrastructure, logistics and management of our community that is widely spread across 11 timezones, coding for social change to make Romania and the world a better place. If you want to support us, you can do it here.