Create new cluster

Author: AhmedSa-mir

eksctl-clusters/apps/core/core-kustomization.yaml-template eksctl-clusters/apps/common/common-kustomization.yaml-template

@@ -2,13 +2,13 @@
 apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
 kind: Kustomization
 metadata:
-  name: core
+  name: common
   namespace: flux-system
 spec:
   interval: 30s
   sourceRef:
     kind: GitRepository
     name: flux-system
-  path: ./eksctl-clusters/apps/core
+  path: ./eksctl-clusters/apps/common
   prune: true
   validation: client

eksctl-clusters/apps/core/dex/kustomization.yaml eksctl-clusters/apps/common/dex/kustomization.yaml

@@ -39,8 +39,8 @@ spec:
         # storageClassName: standard
 
       config:
-        accountId: "${CLUSTER_NAME}-user"
-        clusterId: "${CLUSTER_NAME}"
+        accountId: "cluster-user"
+        clusterId: "cluster"
 
         aupolicydit:
           # Disable audit functionality

eksctl-clusters/apps/core/dex/namespace.yaml eksctl-clusters/apps/common/dex/namespace.yaml

@@ -0,0 +1,14 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
+kind: Kustomization
+metadata:
+  name: flagger
+  namespace: flux-system
+spec:
+  interval: 30s
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  path: ./eksctl-clusters/apps/flagger
+  prune: true
+  validation: client

eksctl-clusters/apps/core/dex/rbac.yaml eksctl-clusters/apps/common/dex/rbac.yaml

@@ -0,0 +1,54 @@
+apiVersion: eksctl.io/v1alpha5
+kind: ClusterConfig
+
+metadata:
+  name: gaa
+  region: eu-north-1
+  version: "1.23"
+  tags:
+    environment: "gaa"
+    delete-after: "15"
+
+iam:
+  withOIDC: true
+  serviceRoleARN: "arn:aws:iam::894516026745:role/WeaveEksClusterRole"
+  serviceAccounts:
+  - metadata:
+      name: kustomize-controller
+      namespace: flux-system
+    attachPolicyARNs:
+    - "arn:aws:iam::894516026745:policy/WeaveSopsKmsDecrypt"
+    roleName: eksctl-gaa-sops-decrypt-role
+    roleOnly: true
+
+# Enable private access to the API server.
+vpc:
+  clusterEndpoints:
+    privateAccess: true
+    publicAccess: true
+
+nodeGroups:
+  - name: gaa-ng-1
+    instanceType: t3.large
+    minSize: 2
+    maxSize: 2
+    desiredCapacity: 2
+    volumeSize: 10
+    privateNetworking: true
+    tags:
+      environment: "gaa"
+      delete-after: "15"
+    propagateASGTags: true
+    iam:
+      instanceProfileARN: "arn:aws:iam::894516026745:instance-profile/WeaveEksWorkerNodeRole"
+
+gitops:
+  flux:
+    gitProvider: github
+    flags:
+      owner: "weaveworks"
+      repository: "clusters-config"
+      private: "true"
+      branch: "cluster-gaa"
+      namespace: "flux-system"
+      path: "eksctl-clusters/clusters/gaa"

eksctl-clusters/apps/core/dex/readonly-cluster-role.yaml eksctl-clusters/apps/common/dex/readonly-cluster-role.yaml

@@ -0,0 +1,14 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
+kind: Kustomization
+metadata:
+  name: common
+  namespace: flux-system
+spec:
+  interval: 30s
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  path: ./eksctl-clusters/apps/common
+  prune: true
+  validation: client

eksctl-clusters/apps/core/dex/release.yaml eksctl-clusters/apps/common/dex/release.yaml

@@ -0,0 +1,14 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
+kind: Kustomization
+metadata:
+  name: enterprise
+  namespace: flux-system
+spec:
+  interval: 30s
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  path: ./eksctl-clusters/apps/enterprise
+  prune: true
+  validation: client

eksctl-clusters/apps/core/podinfo/gitrepository.yaml eksctl-clusters/apps/common/podinfo/gitrepository.yaml

@@ -0,0 +1,14 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
+kind: Kustomization
+metadata:
+  name: flagger
+  namespace: flux-system
+spec:
+  interval: 30s
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  path: ./eksctl-clusters/apps/flagger
+  prune: true
+  validation: client

eksctl-clusters/apps/core/podinfo/kustomization.yaml eksctl-clusters/apps/common/podinfo/kustomization.yaml

@@ -0,0 +1,16 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - gotk-components.yaml
+  - gotk-sync.yaml
+patches:
+  - patch: |
+      apiVersion: v1
+      kind: ServiceAccount
+      metadata:
+        name: kustomize-controller
+        annotations:
+          eks.amazonaws.com/role-arn: arn:aws:iam::894516026745:role/eksctl-gaa-sops-decrypt-role
+    target:
+      kind: ServiceAccount
+      name: kustomize-controller

eksctl-clusters/apps/core/podinfo/namespace.yaml eksctl-clusters/apps/common/podinfo/namespace.yaml

@@ -0,0 +1,15 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: shared-secrets
+  namespace: flux-system
+spec:
+  interval: 10m0s
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  path: ./eksctl-clusters/shared-secrets
+  prune: true
+  validation: client
+  decryption:
+    provider: sops

eksctl-clusters/apps/core/podinfo/release.yaml eksctl-clusters/apps/common/podinfo/release.yaml

@@ -10,13 +10,15 @@ usage() {
   echo "Usage: $0 --cluster-name <CLUSTER_NAME> \\"
   echo "       $blnk [--cluster-version <CLUSTER_VERSION>] \\"
   echo "       $blnk [--weave-mode <enterprise|core|none> {default core}]"
+  echo "       $blnk [--enable-flagger]"
   echo "       $blnk [--delete-after {default 15}]"
   echo "       $blnk [-h|--help]"
 
   echo
   echo "  --cluster-name CLUSTER_NAME           -- Set cluster name"
   echo "  --cluster-version CLUSTER_VERSION     -- Set cluster version (default: 1.23)"
   echo "  --weave-mode <enterprise|core|none>   -- Select between installing WGE, WG-Core, or not install any (enterprise|core|none)"
+  echo "  --enable-flagger                      -- Flagger will be installed on the cluster"
   echo "  --delete-after                        -- Cluster will be auto deleted after this number of days (default: 15)"
   echo "  -h|--help                             -- Print this help message and exit"
 
@@ -26,6 +28,7 @@ usage() {
 defaults(){
   export CLUSTER_VERSION="1.23"
   export WW_MODE="core"
+  export ENABLE_FLAGGER="false"
   export DELETE_AFTER="15"
 }
 
@@ -50,13 +53,16 @@ flags(){
           exit 1
         fi
         ;;
+    --enable-flagger)
+        export ENABLE_FLAGGER="true"
+        ;;
     --delete-after)
         shift
         export DELETE_AFTER="$1"
         # Check that delete-after is only numbers
         if [[ ! "${DELETE_AFTER}" =~ ^[0-9]+$ ]]
         then
-            echo "Invalid value of --delete-after. It should containes only numbers"
+            echo -e "${ERROR} Invalid value of --delete-after. It should contain only numbers"
             exit 1
         fi
         ;;
@@ -132,9 +138,9 @@ ${SED_} 's/${BRANCH_NAME}/'"${BRANCH_NAME}"'/g' ${EKS_CLUSTER_CONFIG_FILE}
 ${SED_} 's/${DELETE_AFTER}/'"${DELETE_AFTER}"'/g' ${EKS_CLUSTER_CONFIG_FILE}
 echo -e "${SUCCESS} '${EKS_CLUSTER_CONFIG_FILE}' is created successfully."
 
-# Copy core apps to cluster dir
-echo "Copying apps-core templates..."
-cp -r ${PARENT_DIR}/apps/core/core-kustomization.yaml-template ${CLUSTER_DIR}/core-kustomization.yaml
+# Copy common apps to cluster dir
+echo "Copying apps-common templates..."
+cp -r ${PARENT_DIR}/apps/common/common-kustomization.yaml-template ${CLUSTER_DIR}/common-kustomization.yaml
 
 # Copy WGE/WG-Core files
 case $WW_MODE in
@@ -152,7 +158,10 @@ case $WW_MODE in
   enterprise)
     echo "Copying WGE templates..."
     cp -r ${PARENT_DIR}/apps/enterprise/enterprise-kustomization.yaml-template ${CLUSTER_DIR}/enterprise-kustomization.yaml
-    ${SED_} 's/${CLUSTER_NAME}/'"${CLUSTER_NAME}"'/g' ${PARENT_DIR}/apps/enterprise/policy-agent/policy-agent.yaml
+    if [ $ENABLE_FLAGGER == "true" ]
+    then
+      cp -r ${PARENT_DIR}/apps/flagger/flagger-kustomization.yaml-template ${CLUSTER_DIR}/flagger-kustomization.yaml
+    fi
     ;;
   none)
     echo -e "${WARNING} Neither WG-Core nor WGE will be installed. Cluster will be provisioned with Flux only!"