Skip to content
/ GitOpsProject Public

Reference repo demonstrating how to build an end-to-end GitOps platform on AKS: from infrastructure-as-code provisioning to CI quality gates and automated testing, then into controlled application delivery with canary rollouts and rapid rollback, with Git as the single source of truth for every change

License

Apache-2.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

am2998/GitOpsProject

BranchesTags

Repository files navigation

GitOps

Terraform Kubernetes Rancher Azure Jenkins SonarQube ArgoCD Actions Vault Helm Flux



This project demonstrates how to implement a GitOps architecture on a AKS cluster using ArgoCD, GitHub Actions and Jenkins. The primary focus is on creating an environment that is not only declaratively managed but also follows the Continuous Integration and Continuous Deployment (CI/CD) process. This ensures that changes are not only automatically applied but also thoroughly tested and deployed in a controlled manner.

Key Components

  • Terraform: Sets up the AKS cluster on Azure along with the Rancher VM.
  • Jenkins: Applies Terraform resources on Azure.
  • Sonarqube: Validates Terraform code before execution.
  • ArgoCD: Used for GitOps deployment, synchronizing the AKS cluster state with definitions in the repository.
  • Rancher: To monitor the AKS cluster.
  • Apisix Gateway: Used to route and secure traffic to Java service in k8s.
  • Prometheus: Used for monitoring and collecting metrics from Apisix.
  • Grafana: Provides a visual dashboard to visualize and analyze metrics collected by Prometheus.
  • GitHub Actions: Used to automatize the build/test flow.
  • Docker: Used for building the Java image.
  • Trivy: Tests the Java image for vulnerabilities.
  • Newman: Runs the Postman integration testing collection.
  • k6 by Grafana: Used for load testing the Java service.
  • External Secrets: Manages the secrets synchronization between HashiCorp Vault and Kubernetes.
  • Vault by HashiCorp: Stores secrets used in the cluster.
  • Kubeseal: Encrypts Vault token.
  • Helm: Used with ArgoCD to deploy the manifests taken from official repositories.

Flow

  1. A push is made first time for Terraform code containing AKS and Rancher resources

  2. Jenkins pipeline is triggered from GitHub Webhook

    • A SonarQube scan is executed.

    • Quality Gate is evaluated, if OK pipeline proceeds.

    • Terraform code is applied.

    • Rancher VM and AKS are ready on Azure.

  3. Java service is updated

    • GitHub Actions workflow is triggered. SonarQube is executed again and the new Java image is built and pushed to Docker Repository.

  4. Image delivery process in k8s cluster starts

    • Flux scan the repository and finds a new tag, java manifest in the repository is updated.

    • ArgoCD starts canary rollout for java image.

    • New java image rollout can be promoted or rollbacked.

    • After promotion:

    • Meanwhile image is tested with Newman and k6.

    • If tests are good canary is promoted to stable status.

    • Manifests in the cluster are synced with repository.

Code Quality

Change Log

Refer to the Change Log for changes history.

License

Apache 2.0

About

Reference repo demonstrating how to build an end-to-end GitOps platform on AKS: from infrastructure-as-code provisioning to CI quality gates and automated testing, then into controlled application delivery with canary rollouts and rapid rollback, with Git as the single source of truth for every change

Topics

java docker kubernetes jenkins vault terraform grafana sonarqube prometheus rancher gitops aks argocd github-actions apisix

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages