aws-samples · allamand · May 6, 2025 · Nov 27, 2024 · Nov 27, 2024 · Nov 27, 2024
diff --git a/.gitignore b/.gitignore
@@ -7,3 +7,7 @@ cdk
 .venv
 .pytest_cache
 .terraform.lock.hcl
+terraform/fleet-dashboard/terraform.tfstate
+terraform/fleet-dashboard/terraform.tfstate.backup
+.vscode
+terraform/spokes/custom_domain.tf
diff --git a/gitops/addons/charts/gitops-bridge/templates/applicationsets.yaml b/gitops/addons/charts/gitops-bridge/templates/applicationsets.yaml
@@ -31,7 +31,7 @@
 {{- with $addon -}}
 {{- $nameNormalize := printf "%s" $name | replace "_" "-" | trunc 63 | trimSuffix "-"  -}}
 {{- $addonhasapplyNestedSelectors := hasKey $addon "applyNestedSelectors" -}}
-{{- $version := $addon.targetRevision -}}
+{{- $version := default "v1.0.0" $addon.targetRevision | toString -}}
 {{- $versionWithoutV := regexReplaceAll "^v" $version "" -}}
 {{- $majorMinor := regexReplaceAll "\\.\\d+$" $versionWithoutV "" }}
 apiVersion: argoproj.io/v1alpha1

diff --git a/gitops/addons/charts/gitops-bridge/values.yaml b/gitops/addons/charts/gitops-bridge/values.yaml
diff --git a/gitops/addons/clusters/fleet-hub-cluster/addons/argocd/values.yaml b/gitops/addons/clusters/fleet-hub-cluster/addons/argocd/values.yaml
@@ -1,3 +1,4 @@
 configs:
   cm:
     ui.bannerurl: "https://us-west-2.console.aws.amazon.com/eks/home?region=us-west-2#/clusters/fleet-hub-cluster"
+
diff --git a/gitops/addons/clusters/fleet-hub-cluster/addons/gitops-bridge/values.yaml b/gitops/addons/clusters/fleet-hub-cluster/addons/gitops-bridge/values.yaml
@@ -1,43 +1,51 @@
-# values for the addon
 addons:
-  aws_load_balancer_controller:
+  ack_ec2:
+    enabled: false
+  ack_eks:
+    enabled: false
+  ack_iam:
+    enabled: false
+  ack_s3:
+    enabled: false
+  ack_secretsmanager:
+    enabled: false
+  adot_collector:
     enabled: true
+  argocd:
+    enabled: true # ArgoCD is enabled to replace the argocd installed at bootstrap time via terraform helm provider
   aws_ebs_csi_resources:
     enabled: true
-  metrics_server:
-    enabled: true
-  karpenter:
-    enabled: true
-  kyverno:
+  aws_load_balancer_controller:
     enabled: true
-  external_secrets:
+  cert_manager:
     enabled: true
   cni_metrics_helper:
     enabled: true
   cw_prometheus:
     enabled: true
-  grafana_operator:
-    enabled: true
-  argocd:
-    enabled: true # ArgoCD is enabled to replace the argocd installed at bootstrap time via terraform helm provider
-  prometheus_node_exporter:
-    enabled: true
-  kube_state_metrics:
+  eks_upgrade_insights_demo:
     enabled: true
-  adot_collector:
+  external_dns:
+    enabled: false
+  external_secrets:
     enabled: true
-  opentelemetry_operator:
+  grafana_operator:
     enabled: true
-  cert_manager:
+  karpenter:
     enabled: true
-  eks_upgrade_insights_demo:
+  kube_state_metrics:
     enabled: true
   kro:
+    enabled: false
+  kyverno:
     enabled: true
-  ack_eks:
+  kyverno_policies:
     enabled: true
-  ack_s3:
+  kyverno_policy_reporter:
     enabled: true
-  ack_secretsmanager:
+  metrics_server:
+    enabled: true
+  opentelemetry_operator:
     enabled: true
-
+  prometheus_node_exporter:
+    enabled: true
diff --git a/gitops/addons/clusters/fleet-spoke-staging/addons/gitops-bridge/values.yaml b/gitops/addons/clusters/fleet-spoke-staging/addons/gitops-bridge/values.yaml
@@ -1,34 +1,51 @@
-# values for the addon
 addons:
-  aws_load_balancer_controller:
+  ack_ec2:
+    enabled: false
+  ack_eks:
+    enabled: false
+  ack_iam:
+    enabled: false
+  ack_s3:
+    enabled: false
+  ack_secretsmanager:
+    enabled: false
+  adot_collector:
     enabled: true
+  argocd:
+    enabled: false # Disabled because is not deployed by the gitops-bridge helm chart and instead is deployed by the fleet-spoke-argocd ApplicationSet from the Hub Cluster https://github.com/aws-samples/fleet-management-on-amazon-eks-workshop/blob/riv24/gitops/fleet/bootstrap/control-plane/members-init/addons-argo-cd-appset.yaml
   aws_ebs_csi_resources:
     enabled: true
-  metrics_server:
-    enabled: true
-  karpenter:
-    enabled: true
-  kyverno:
-    enabled: true
-  kyverno_policies:
+  aws_load_balancer_controller:
     enabled: true
-  kyverno_policy_reporter:
+  cert_manager:
     enabled: true
   cni_metrics_helper:
     enabled: true
   cw_prometheus:
     enabled: true
-  prometheus_node_exporter:
-    enabled: true
-  kube_state_metrics:
+  eks_upgrade_insights_demo:
     enabled: true
-  argocd:
-    enabled: false # Disabled because is not deployed by the gitops-bridge helm chart and instead is deployed by the fleet-spoke-argocd ApplicationSet from the Hub Cluster https://github.com/aws-samples/fleet-management-on-amazon-eks-workshop/blob/riv24/gitops/fleet/bootstrap/control-plane/members-init/addons-argo-cd-appset.yaml
+  external_dns:
+    enabled: false
   external_secrets:
     enabled: false # Disabled because is not deployed by the gitops-bridge helm chart and instead is deployed by the fleet-spoke-external-secrets ApplicationSet the Hub Cluster https://github.com/aws-samples/fleet-management-on-amazon-eks-workshop/blob/riv24/gitops/fleet/bootstrap/control-plane/members-init/addons-aws-oss-external-secrets-appset.yaml
-  adot_collector:
+  grafana_operator:
+    enabled: true
+  karpenter:
+    enabled: true
+  kube_state_metrics:
+    enabled: true
+  kro:
+    enabled: false
+  kyverno:
+    enabled: true
+  kyverno_policies:
+    enabled: true
+  kyverno_policy_reporter:
+    enabled: true
+  metrics_server:
     enabled: true
   opentelemetry_operator:
     enabled: true
-  cert_manager:
+  prometheus_node_exporter:
     enabled: true
diff --git a/gitops/addons/clusters/workload-cluster1/addons/argocd/values.yaml b/gitops/addons/clusters/workload-cluster1/addons/argocd/values.yaml
@@ -0,0 +1,10 @@
+configs:
+  cm:
+    ui.bannerurl: "https://us-west-2.console.aws.amazon.com/eks/home?region=us-west-2#/clusters/workload-cluster1"
+
+server:
+  service:
+   type: LoadBalancer
+   annotations:
+     service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip
+     service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
diff --git a/gitops/addons/clusters/workload-cluster1/addons/gitops-bridge/values.yaml b/gitops/addons/clusters/workload-cluster1/addons/gitops-bridge/values.yaml
@@ -0,0 +1,38 @@
+# values for the addon
+addons:
+  aws_load_balancer_controller:
+    enabled: true
+  aws_ebs_csi_resources:
+    enabled: true
+  metrics_server:
+    enabled: true
+  karpenter:
+    enabled: true
+  kyverno:
+    enabled: true
+  kyverno_policies:
+    enabled: true
+  kyverno_policy_reporter:
+    enabled: true
+  cni_metrics_helper:
+    enabled: true
+  cw_prometheus:
+    enabled: true
+  prometheus_node_exporter:
+    enabled: true
+  kube_state_metrics:
+    enabled: true
+  argocd:
+    enabled: false # Disabled because is not deployed by the gitops-bridge helm chart and instead is deployed by the fleet-spoke-argocd ApplicationSet from the Hub Cluster https://github.com/aws-samples/fleet-management-on-amazon-eks-workshop/blob/riv24/gitops/fleet/bootstrap/control-plane/members-init/addons-argo-cd-appset.yaml
+  external_secrets:
+    enabled: false # Disabled because is not deployed by the gitops-bridge helm chart and instead is deployed by the fleet-spoke-external-secrets ApplicationSet the Hub Cluster https://github.com/aws-samples/fleet-management-on-amazon-eks-workshop/blob/riv24/gitops/fleet/bootstrap/control-plane/members-init/addons-aws-oss-external-secrets-appset.yaml
+  adot_collector:
+    enabled: true
+  opentelemetry_operator:
+    enabled: true
+  cert_manager:
+    enabled: true
+  external_dns:
+    enabled: true
+  aws_argocd_ingress:
+    enabled: false
diff --git a/gitops/addons/default/addons/external-dns/values.yaml b/gitops/addons/default/addons/external-dns/values.yaml
@@ -0,0 +1,4 @@
+global:
+  tolerations:
+  - key: CriticalAddonsOnly
+    operator: Exists
diff --git a/gitops/addons/tenants/tenant1/default/addons/gitops-bridge/values.yaml b/gitops/addons/tenants/tenant1/default/addons/gitops-bridge/values.yaml
@@ -1,17 +1,2 @@
 # values for the addon
-addons:
-  external_secrets:
-    values:
-      serviceAccount:
-        annotations:
-          eks.amazonaws.com/role-arn: '' # override with empty string because we are using pod identity not IRSA
-  karpenter:
-    values:
-      serviceAccount:
-        annotations:
-          eks.amazonaws.com/role-arn: '' # override with empty string because we are using pod identity not IRSA
-  aws_load_balancer_controller:
-    values:
-      serviceAccount:
-        annotations:
-          eks.amazonaws.com/role-arn: '' # override with empty string because we are using pod identity not IRSA
+useSelector: false # use true if you only have argo cd in hub cluster, false if you also have argocd in spoke
diff --git a/gitops/fleet/bootstrap/control-plane/members-init/addons-argo-cd-appset.yaml b/gitops/fleet/bootstrap/control-plane/members-init/addons-argo-cd-appset.yaml
@@ -12,6 +12,7 @@ spec:
         selector:
           matchLabels:
             fleet_member: spoke
+            install_argocd: "true"
         values:
           addonChart: argo-cd
           addonChartVersion: "7.5.2"

diff --git a/...ps/fleet/bootstrap/control-plane/members-init/addons-aws-oss-external-secrets-appset.yaml b/...ps/fleet/bootstrap/control-plane/members-init/addons-aws-oss-external-secrets-appset.yaml
@@ -12,6 +12,7 @@ spec:
         selector:
           matchLabels:
             fleet_member: spoke
+            install_argocd: "true"
         values:
           addonChart: external-secrets
           addonChartVersion: "0.10.0"

diff --git a/gitops/fleet/bootstrap/control-plane/members-init/fleet-members-manifests-appset.yaml b/gitops/fleet/bootstrap/control-plane/members-init/fleet-members-manifests-appset.yaml
@@ -13,7 +13,7 @@ spec:
     - clusters:
         selector:
           matchLabels:
-            fleet_member: spoke
+            fleet_member: spoke # control-plane # SEB TODO: hub-spoke centralized vs distributed
         values:
           bootstrap: bootstrap/members-manifests
   template:

diff --git a/gitops/fleet/bootstrap/control-plane/members-init/fleet-spoke-secrets-appset.yaml b/gitops/fleet/bootstrap/control-plane/members-init/fleet-spoke-secrets-appset.yaml
@@ -12,6 +12,7 @@ spec:
         selector:
           matchLabels:
             fleet_member: spoke
+            install_argocd: "true"
         values:
           addonChart: fleet-secret
   template:

diff --git a/gitops/fleet/bootstrap/members-manifests/fleet-cluster-addons-gitops-bridge-appset.yaml b/gitops/fleet/bootstrap/members-manifests/fleet-cluster-addons-gitops-bridge-appset.yaml
@@ -13,7 +13,7 @@ spec:
     - clusters:
         selector:
           matchLabels:
-            fleet_member: spoke
+            fleet_member: spoke # control-plane # SEB TODO: hub-spoke centralized vs distributed
         values:
           addonChart: gitops-bridge
   template:

diff --git a/gitops/fleet/bootstrap/members-manifests/fleet-cluster-platform-appset.yaml b/gitops/fleet/bootstrap/members-manifests/fleet-cluster-platform-appset.yaml
@@ -13,7 +13,7 @@ spec:
     - clusters:
         selector:
           matchLabels:
-            fleet_member: spoke
+            fleet_member: spoke # control-plane # SEB TODO: hub-spoke centralized vs distributed
         values:
           addonChart: gitops-bridge
   template:

diff --git a/gitops/platform/teams/backend/argoproject-prod-values.yaml b/gitops/platform/teams/backend/argoproject-prod-values.yaml
diff --git a/gitops/platform/teams/frontend/argoproject-prod-values.yaml b/gitops/platform/teams/frontend/argoproject-prod-values.yaml
@@ -49,3 +49,5 @@ projects:
     kind: Table
   - group: 'autoscaling'
     kind: HorizontalPodAutoscaler
+  - group: 'networking.k8s.io'
+    kind: Ingress
diff --git a/gitops/platform/teams/frontend/argoproject-staging-values.yaml b/gitops/platform/teams/frontend/argoproject-staging-values.yaml
@@ -49,3 +49,5 @@ projects:
     kind: Table
   - group: 'autoscaling'
     kind: HorizontalPodAutoscaler
+  - group: 'networking.k8s.io'
+    kind: Ingress