chore: add argocd lab (#4884)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

scripts/labs/argocd/README.md

@@ -0,0 +1,16 @@
+# ArgoCD lab
+
+This lab sets up the following components:
+- A kind cluster
+- nginx-ingress
+- ArgoCD
+- ArgoCD application to deploy kyverno
+- ArgoCD application to deploy kyverno-policies
+
+## Accessing ArgoCD
+
+ArgoCD should be available at http://localhost/argocd.
+
+Login credentials:
+- User name: `admin`
+- Password: `kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d`

scripts/labs/argocd/kind-argo.sh

@@ -0,0 +1,132 @@
+#!/usr/bin/env bash
+
+set -e
+
+# CONSTANTS
+
+readonly KIND_IMAGE=kindest/node:v1.24.4
+readonly NAME=argo
+
+# CREATE CLUSTER
+
+kind create cluster --name $NAME --image $KIND_IMAGE --config - <<EOF
+kind: Cluster
+apiVersion: kind.x-k8s.io/v1alpha4
+nodes:
+  - role: control-plane
+    kubeadmConfigPatches:
+      - |
+        kind: InitConfiguration
+        nodeRegistration:
+          kubeletExtraArgs:
+            node-labels: "ingress-ready=true"
+    extraPortMappings:
+      - containerPort: 80
+        hostPort: 80
+        protocol: TCP
+      - containerPort: 443
+        hostPort: 443
+        protocol: TCP
+EOF
+
+# DEPLOY INGRESS-NGINX
+
+kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml
+
+sleep 15
+
+kubectl wait --namespace ingress-nginx \
+  --for=condition=ready pod \
+  --selector=app.kubernetes.io/component=controller \
+  --timeout=90s
+
+# DEPLOY ARGOCD
+
+helm upgrade --install --wait --timeout 15m --atomic --namespace argocd --create-namespace \
+  --repo https://argoproj.github.io/argo-helm argocd argo-cd --values - <<EOF
+dex:
+  enabled: false
+redis:
+  enabled: true
+redis-ha:
+  enabled: false
+repoServer:
+  serviceAccount:
+    create: true
+server:
+  config:
+    resource.compareoptions: |
+      ignoreAggregatedRoles: true
+      ignoreResourceStatusField: all
+    url: http://localhost/argocd
+    application.instanceLabelKey: argocd.argoproj.io/instance
+  extraArgs:
+    - --insecure
+    - --rootpath
+    - /argocd
+  ingress:
+    annotations:
+      kubernetes.io/ingress.class: nginx
+      cert-manager.io/cluster-issuer: ca-issuer
+    enabled: true
+    paths:
+      - /argocd
+EOF
+
+# CREATE KYVERNO APP
+
+kubectl apply -f - <<EOF
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: kyverno
+  namespace: argocd
+spec:
+  destination:
+    namespace: kyverno
+    server: https://kubernetes.default.svc
+  project: default
+  source:
+    chart: kyverno
+    repoURL: https://kyverno.github.io/kyverno
+    targetRevision: 2.6.0
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+      - Replace=true
+EOF
+
+# CREATE KYVERNO-POLICIES APP
+
+kubectl apply -f - <<EOF
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: kyverno-policies
+  namespace: argocd
+spec:
+  destination:
+    namespace: kyverno
+    server: https://kubernetes.default.svc
+  project: default
+  source:
+    chart: kyverno-policies
+    repoURL: https://kyverno.github.io/kyverno
+    targetRevision: 2.6.0
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+      - Replace=true
+EOF
+
+ARGOCD_PASSWORD=$(kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d)
+
+echo "---------------------------------------------------------------------------------"
+echo "ArgoCD is running and available at http://localhost/argocd"
+echo "- log in with admin / $ARGOCD_PASSWORD"