Step by step tutorial

[exocode]

Hi @a1tan,

I wanna give your synchronizer a shot, but struggle a bit how to setup and use it correctly. I did the two commands in the readme but there are no secrets created.

Some information how my setup looks like:

• my cluster is located at Civo
• they offer Crossplane for cluster creation
• So I have a cluster called demo-cluster
• my kubeconfig is created automatically created and named kubeconfig-demo-cluster in the crossplane-system namepsace

that is my secret:

apiVersion: v1
kind: Secret
metadata:
  name: kubeconfig-demo-cluster
  namespace: default
  selfLink: /api/v1/namespaces/default/secrets/kubeconfig-demo-cluster
data:
  kubeconfig: >-
    Ci0gY2x1c3RlcjoKICAgIGNlcnRpZmljYXRlLWF1dGhvcml0eS1kYXRhOiUlZKVVNV6VDBSWmQxZFVRVlJDWBMUzB0TFMxQ1JVZEpUaUJEjJOe........GFHd=
type: Opaque

• Which changes do I have to make to get your code running properly?

This is my log:

2022-07-17T19:22:57.368Z    INFO    controller-runtime.metrics  metrics server is starting to listen    {"addr": "127.0.0.1:8080"}
2022-07-17T19:22:57.371Z    INFO    setup   starting manager
I0717 19:22:57.373494       1 leaderelection.go:248] attempting to acquire leader lease argocdsecretsynchronizer-system/e7ac29f6.a1tan...
2022-07-17T19:22:57.374Z    INFO    starting metrics server {"path": "/metrics"}
I0717 19:23:13.283446       1 leaderelection.go:258] successfully acquired lease argocdsecretsynchronizer-system/e7ac29f6.a1tan
2022-07-17T19:23:13.285Z    DEBUG   events  Normal  {"object": {"kind":"ConfigMap","namespace":"argocdsecretsynchronizer-system","name":"e7ac29f6.a1tan","uid":"e091e4d4-9127-4440-a4b8-b76bf9799871","apiVersion":"v1","resourceVersion":"507764"}, "reason": "LeaderElection", "message": "argocdsecretsynchronizer-controller-manager-698b6cc464-pdm99_21ac41d1-f5f8-4934-a240-7b6791693fd4 became leader"}
2022-07-17T19:23:13.288Z    DEBUG   events  Normal  {"object": {"kind":"Lease","namespace":"argocdsecretsynchronizer-system","name":"e7ac29f6.a1tan","uid":"c2d517b8-52d6-4dec-9195-6daa9eef1341","apiVersion":"coordination.k8s.io/v1","resourceVersion":"507765"}, "reason": "LeaderElection", "message": "argocdsecretsynchronizer-controller-manager-698b6cc464-pdm99_21ac41d1-f5f8-4934-a240-7b6791693fd4 became leader"}
2022-07-17T19:23:13.288Z    INFO    controller.secretsynchronizer   Starting EventSource    {"reconciler group": "synchronizer.a1tan", "reconciler kind": "SecretSynchronizer", "source": "kind source: /, Kind="}
2022-07-17T19:23:13.289Z    INFO    controller.secretsynchronizer   Starting EventSource    {"reconciler group": "synchronizer.a1tan", "reconciler kind": "SecretSynchronizer", "source": "kind source: /, Kind="}
2022-07-17T19:23:13.289Z    INFO    controller.secretsynchronizer   Starting EventSource    {"reconciler group": "synchronizer.a1tan", "reconciler kind": "SecretSynchronizer", "source": "kind source: /, Kind="}
2022-07-17T19:23:13.289Z    INFO    controller.secretsynchronizer   Starting Controller {"reconciler group": "synchronizer.a1tan", "reconciler kind": "SecretSynchronizer"}
2022-07-17T19:23:13.392Z    INFO    controller.secretsynchronizer   Starting workers    {"reconciler group": "synchronizer.a1tan", "reconciler kind": "SecretSynchronizer", "worker count": 1}
2022-07-17T19:23:13.392Z    INFO    controller.secretsynchronizer   Reconcile method has started    {"reconciler group": "synchronizer.a1tan", "reconciler kind": "SecretSynchronizer", "name": "kubeconfig-demo-cluster", "namespace": "default"}
2022-07-17T19:23:13.393Z    INFO    controller.secretsynchronizer   Secret  {"reconciler group": "synchronizer.a1tan", "reconciler kind": "SecretSynchronizer", "name": "kubeconfig-demo-cluster", "namespace": "default", "type": "Opaque", "name": "kubeconfig-demo-cluster"}
2022-07-17T19:23:13.393Z    INFO    controller.secretsynchronizer   Kubeconfig not found    {"reconciler group": "synchronizer.a1tan", "reconciler kind": "SecretSynchronizer", "name": "kubeconfig-demo-cluster", "namespace": "default", "data": ""}

Thank you very much in advance

[a1tan]

Hi @exocode, I guess the problem in this case is the change in the crossplane's created secret's type. I haven't tested this operator with latest crossplane version. I have limited access to my PC right now. I will fix this in the upcoming days and ping you. In addition to that some operator basics have to be handled to use this operator in production. Some changes are also needed for new service account secret updates coming with kubernetes 1.24. I will try to look at these issues too.

[exocode]

This sounds great :-) I faced the same problem which your code seems to solve (Synchronizing and creation of Secrets which can consumed by ArgoCD).

I must admit, that I am not a Kubernetes or Go dev. But I tried to solve that problem and came up with that solution (which is a modified Repo) https://github.com/exocode/crossargo-sync/blob/master/main.go

What it does:

• observes a Namespace for secrets containing a "kubeconfig"-key.
• parses it's content and creates a new secret in a namespace of your taste.
• That Secret can and will be consumed by provider-argo
• so new clusters created by Crossplane are picked and hooked up into Argo and are ready to use.

Although "name" keys in "provider-argo" and ArgoCD are intended to not have to enter IP addresses (you can apparently use the cluster name https://github.com/crossplane-contrib/provider-argocd/blob/e15ad2fe53ded2d60324f8ed4ecddd761062724a/package/crds/cluster.argocd.crossplane.io_clusters.yaml#L201 ) but this didn't worked for me, maybe because I dont know how to use it properly. Only pitfall (because I am not a Go/Kubernetes dev) if the cluster is recreated, the new kubeconfig is not picked up, so I simply have to delete my secret and pod "crossargo-sync"-pod.

The main problem I have with all that, "automation" tasks are, that all ArgoCD resources which uses the cluster, must get assigned with that new IP in their manifests. Anyways, adding IP works at least for my needs.

Maybe everything I wrote is nonsense, ony want to share my difficulties and problems :-D I do not understand why it's so hard to have such function "out-of-the-box". I miss this gap-filler in GitOPs world. All is automatable, only that one isn't.

I am full of hope and expectation on your outcome 😇

best regards

[a1tan]

Hi @exocode again, You can give it a try now. After your approval I will close this issue. There may be a problem on kubernetes v1.24(I will test this in an appropriate time). Except this, your problem has to be solved.

To be honest, I am not a go expert either. I am trying to learn more about go coding and kubernetes insights. You are totally right from the automation point. In this case problem is caused by the format of the secrets Argo CD expects for the cluster definition. Argo CD doesn't use raw kubeconfig so there has to be a conversion mechanism in between Argo CD and IaC tools like Crossplane. This can be added to Argo CD since this is a common use case. Keep in touch :)

[exocode]

@a1tan awesome. I will give a try at the end of the week. Maybe you can give me some instructions how to use your extension properly :-)

BTW: Here is my open issue at ArgoCD regarding the kubeconfig consumption: https://github.com/argoproj/argo-cd/issues/8107

[a1tan]

It is so simple right now. There are some customizations that can be added but they are not implemented yet, so it is not complicated. :) After running two mentioned kubectl commands it has to work for Crossplane. By the way, I have fixed the problem for Kubernetes 1.24 too.