openfun / kubic Goto Github PK
View Code? Open in Web Editor NEWA Kubernetes deployment as code to OVH or Scaleway, with Prometheus, ArgoCD and Hashicorp Vault
Home Page: https://openfun.github.io/kubic/
License: MIT License
A Kubernetes deployment as code to OVH or Scaleway, with Prometheus, ArgoCD and Hashicorp Vault
Home Page: https://openfun.github.io/kubic/
License: MIT License
I've been trying to understand why ArgoCD is not working with Vault for the second day already. I followed all the instructions. On the last step, I set up the infrastructure using bin/terraform-apply.sh scaleway. I successfully obtained the load balancer's IP and linked it to the domains. Next, I followed the Vault setup instructions. I generated cluster-keys.json and was able to access the Vault admin interface using the root_token from this file. However, I still see an error on the ArgoCD admin page:
rpc error: code = Unknown desc = Manifest generation error (cached): plugin sidecar failed. error generating manifests in cmp: rpc error: code = Unknown desc = error generating manifests: sh -c "helm template $ARGOCD_APP_NAME -n $ARGOCD_APP_NAMESPACE ${ARGOCD_ENV_HELM_ARGS} --include-crds . |\nargocd-vault-plugin generate - -s ${ARGOCD_ENV_AVP_SECRET}\n"
failed exit status 1: Error: Error making API request. URL: PUT https://vault-st.my_site.io/v1/auth/kubernetes/login Code: 403. Errors: * service account name not authorized Usage: argocd-vault-plugin generate [flags] Flags: -c, --config-path string path to a file containing Vault configuration (YAML, JSON, envfile) to use -h, --help help for generate -s, --secret-name string name of a Kubernetes Secret in the argocd namespace containing Vault configuration data in the argocd namespace of your ArgoCD host (Only available when used in ArgoCD). The namespace can be overridden by using the format : --verbose-sensitive-output enable verbose mode for detailed info to help with debugging. Includes sensitive data (credentials), logged to stderr
I tried reinstalling ArgoCD with Vault already configured (commented out the contents of argocd.tf, did a plan and apply, and then uncommented and did a plan and apply), but it didn't help. I keep seeing this error. What am I doing wrong? Are there any additional steps that may be required?
Check this piece of code
resource "scaleway_lb_ip" "nginx_ip" {
zone = "fr-par-1"
project_id = scaleway_k8s_cluster.joys.project_id
}
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
These updates have all been created already. Click a checkbox below to force a retry/rebase of any.
docker-compose.yaml
hashicorp/terraform 1.5.7
hashicorp/terraform 1.5.7
hashicorp/terraform 1.5.7
hashicorp/terraform 1.5.7
argoproj/argocd v2.6.15
bitnami/kubectl 1.29.2
.github/workflows/ci.yml
actions/checkout v4
actions/setup-python v5
actions/cache v4
common/argocd.tf
common/cert-manager.tf
cert-manager v1.14.2
common/hashicorp-vault.tf
common/prometheus-grafana.tf
common/velero.tf
ovh/ingress-nginx.tf
ovh/terraform.tf
helm ~> 2.12.0
kubectl ~> 1.14.0
kubernetes ~> 2.26.0
ovh ~> 0.37.0
scaleway/ingress-nginx.tf
scaleway/terraform.tf
helm ~> 2.12.0
kubectl ~> 1.14.0
kubernetes ~> 2.26.0
scaleway ~> 2.37.0
standalone/terraform.tf
helm ~> 2.12.0
kubectl ~> 1.14.0
kubernetes ~> 2.26.0
state_bucket/terraform.tf
aws ~> 5.0
ovh ~> 0.37.0
vault/terraform.tf
vault 3.25.0
Scaleway will deprecate the full public cluster and require to put K8S cluster in a private network. This will remove the public IP attached to the node to access to internet. See more information here
This will required to add the attribute private_network_id
in the Scaleway's resource scaleway_k8s_cluster
We use this resource here.
Private network are created in a VPC (Virtual private Cloud) by Scaleway.
resource "scaleway_vpc_private_network" "kapsule" {
name = "pn_kapsule"
}
resource "scaleway_k8s_cluster" "k8s_cluster" {
private_network_id = scaleway_vpc_private_network.kapsule.id
}
Before to change this in Kubic will need to answer to this questions:
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.