### AWS ECR IAM Policy for Registry Access Source: https://edka.io/docs/integrations/container-registry This JSON policy grants necessary permissions for accessing AWS Elastic Container Registry (ECR). It allows actions such as getting authorization tokens, checking layer availability, getting download URLs, and getting image batches. This policy should be attached to an IAM user or role that Edka will use for ECR integration. ```json { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ecr:GetAuthorizationToken", "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage" ], "Resource": "*" } ] } ``` -------------------------------- ### Commit and Push Application Manifests (Bash) Source: https://edka.io/docs/gitops/deploy-a-sample-app-with-gitops This Bash script demonstrates the commands to stage, commit, and push the newly created Kustomization and HelmRelease manifest files to the GitOps repository. This action triggers Flux to detect the changes and initiate the deployment process. ```bash git add clusters/clusterone/startmeup-kustomization.yaml git add clusters/resources/clusterone/app/startmeup-helmrelease.yaml git commit -m "Deploy StartMeUp application" git push ``` -------------------------------- ### Check Application Ingress with kubectl (Bash) Source: https://edka.io/docs/gitops/deploy-a-sample-app-with-gitops This Bash command uses `kubectl` to retrieve ingress resources within the 'production' namespace. It displays details about the 'startmeup' ingress, including its host, address, and ports, confirming network accessibility. ```bash # Check the application ingress and access it $ kubectl get ing -n production NAME CLASS HOSTS ADDRESS PORTS AGE go.startmeup.dev nginx go.startmeup.dev 7d4bd02c-7f89-4898-a8da-8f6e69fc525d.fsn1.customers.edka.net 80, 443 4m13s ``` -------------------------------- ### Define Flux Kustomization for StartMeUp Application (YAML) Source: https://edka.io/docs/gitops/deploy-a-sample-app-with-gitops This Kustomization resource, written in YAML, instructs Flux to manage the HelmRelease for the StartMeUp application. It specifies dependencies on 'cluster-secrets-store' and 'postgres-cluster', sets reconciliation intervals and timeouts, and points to the application's manifest path in the Git repository. It ensures resources are pruned and waits for them to become ready. ```yaml apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: name: startmeup # Unique name for this Kustomization object namespace: flux-system # Namespace where this Kustomization object itself resides spec: dependsOn: # Ensures that the External Secrets Operator and its Doppler integration are ready - name: cluster-secrets-store # Ensures that PostgreSQL is set up and ready before attempting to deploy the app - name: postgres-cluster interval: 5m # How often Flux reconciles this Kustomization retryInterval: 2m timeout: 5m # Max time to wait for all resources to become ready wait: true # Wait for all resources defined in the path to be ready path: './clusters/resources/clusterone/app' # Path to the application's manifests prune: true # Delete resources removed from the Git repository path sourceRef: kind: GitRepository name: flux-system # Refers to the GitRepository object for your main GitOps repo ``` -------------------------------- ### Define HelmRelease for StartMeUp Application Source: https://edka.io/docs/gitops/deploy-a-sample-app-with-gitops Configures a FluxCD HelmRelease custom resource to deploy the StartMeUp application. It specifies the Helm chart details, reconciliation intervals, and upgrade/test behaviors. Requires a pre-configured HelmRepository. ```yaml apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: startmeup # Name of the HelmRelease object namespace: production # Namespace where the application will be deployed spec: interval: 5m # Reconciliation interval for the HelmRelease chart: spec: chart: startmeup # Name of the Helm chart version: '>=0.0.1' # Use the latest available version (or pin to a specific one) sourceRef: kind: HelmRepository name: edka # Assumes a HelmRepository named 'edka' exists namespace: flux-system # Namespace where the HelmRepository is located interval: 1m # How often to check for new chart versions upgrade: remediation: remediateLastFailure: true # Attempt to fix failed upgrades test: enable: true # Run Helm tests after deployment/upgrade ``` -------------------------------- ### Check Application Pods with kubectl (Bash) Source: https://edka.io/docs/gitops/deploy-a-sample-app-with-gitops This Bash command uses `kubectl` to list the pods belonging to the StartMeUp application in the 'production' namespace, filtered by the label `app=startmeup`. It allows verification of the application's running status and age. ```bash # Check the application pods $ kubectl get pods -n production -l app=startmeup NAME READY STATUS RESTARTS AGE startmeup-684dccb9fc-gm7j4 1/1 Running 0 2m34s startmeup-684dccb9fc-vg8g5 1/1 Running 0 2m34s ``` -------------------------------- ### Verify Kustomization Status with kubectl (Bash) Source: https://edka.io/docs/gitops/deploy-a-sample-app-with-gitops This Bash command uses `kubectl` to retrieve the status of all Kustomization resources across all namespaces in the cluster. It helps in verifying if the 'startmeup' Kustomization has been successfully applied and its current revision. ```bash # Verify the status of the Kustomizations in your cluster $ kubectl get kustomizations --all-namespaces NAMESPACE NAME AGE READY STATUS flux-system cluster-secrets-store 143m True Applied revision: refs/heads/main@sha1:9b7f9549a89e559efc4e98c743e8703cb52d47d4 flux-system flux-system 143m True Applied revision: refs/heads/main@sha1:9b7f9549a89e559efc4e98c743e8703cb52d47d4 flux-system postgres-cluster 143m True Applied revision: refs/heads/main@sha1:9b7f9549a89e559efc4e98c743e8703cb52d47d4 flux-system shared-components 143m True Applied revision: refs/heads/main@sha1:9b7f9549a89e559efc4e98c743e8703cb52d47d4 flux-system startmeup 2m7s True Applied revision: refs/heads/main@sha1:9b7f9549a89e559efc4e98c743e8703cb52d47d4 ``` -------------------------------- ### Create Application Manifest Directory Source: https://edka.io/docs/gitops/deploy-a-sample-app-with-gitops Creates a directory structure within a GitOps repository to store application-specific Kubernetes manifests. This follows a common pattern for organizing deployment configurations. ```bash mkdir -p clusters/resources/clusterone/app ``` -------------------------------- ### Generate Encryption Key with OpenSSL Source: https://edka.io/docs/gitops/deploy-a-sample-app-with-gitops Generates a secure, random hexadecimal string suitable for use as an encryption key. This is a common utility for security-sensitive applications. ```bash openssl rand -hex 32 ``` -------------------------------- ### Set KUBECONFIG Environment Variable Source: https://edka.io/docs/get-started/create-your-first-cluster This command sets the KUBECONFIG environment variable to the path of the downloaded kubeconfig file. This allows kubectl and other Kubernetes tools to connect to your cluster. Ensure you replace '/path/to/your/kubeconfig.yaml' with the actual path to your file. ```bash export KUBECONFIG=/path/to/your/kubeconfig.yaml ``` -------------------------------- ### Verify Kubernetes Cluster Connection Source: https://edka.io/docs/get-started/create-your-first-cluster This command uses kubectl to retrieve the status of nodes within your Kubernetes cluster. If the command returns a list of nodes with their status, it confirms that your connection to the cluster is successful. This is a fundamental step after configuring access. ```bash kubectl get nodes ``` -------------------------------- ### Enable Google Artifact Registry API and Create Repository Source: https://edka.io/docs/integrations/container-registry These gcloud commands enable the Artifact Registry API for your Google Cloud project and then create a new Docker repository. You need to specify the repository name, format ('docker'), location, and an optional description. Replace 'my-repo' and 'us-central1' with your desired values. ```bash # Enable API gcloud services enable artifactregistry.googleapis.com # Create repository gcloud artifacts repositories create my-repo \ --repository-format=docker \ --location=us-central1 \ --description="My container images" ``` -------------------------------- ### Configure Docker Authentication and Service Account for Google Artifact Registry Source: https://edka.io/docs/integrations/container-registry This set of gcloud commands configures Docker to authenticate with Google Artifact Registry, creates a dedicated service account for Edka, grants it necessary permissions to the specified repository, and generates a key file for authentication. Ensure you replace 'PROJECT_ID', 'my-repo', and 'us-central1' with your specific details. ```bash # Configure Docker gcloud auth configure-docker us-central1-docker.pkg.dev # Create service account gcloud iam service-accounts create edka-registry # Grant permissions gcloud artifacts repositories add-iam-policy-binding my-repo \ --location=us-central1 \ --member="serviceAccount:edka-registry@PROJECT_ID.iam.gserviceaccount.com" \ --role="roles/artifactregistry.reader" # Create key gcloud iam service-accounts keys create key.json \ --iam-account=edka-registry@PROJECT_ID.iam.gserviceaccount.com ``` -------------------------------- ### Create AWS ECR Repository and Login Source: https://edka.io/docs/integrations/container-registry These AWS CLI commands first create a new repository in AWS Elastic Container Registry (ECR) and then retrieve a login password to authenticate Docker with the ECR registry. Replace 'my-app' with your desired repository name and 'us-east-1' with your target AWS region. The ECR registry URL will be specific to your AWS account ID and region. ```bash # Create repository aws ecr create-repository --repository-name my-app --region us-east-1 # Get login token aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 123456789.dkr.ecr.us-east-1.amazonaws.com ``` -------------------------------- ### Create Kubernetes Secret for GitHub Container Registry Source: https://edka.io/docs/integrations/container-registry This command creates a Kubernetes secret of type 'docker-registry' to authenticate with GitHub Container Registry. It requires your GitHub username, a personal access token with package scopes, and your email address. The secret is created in the 'default' namespace. ```bash kubectl create secret docker-registry ghcr-secret \ --docker-server=ghcr.io \ --docker-username=YOUR_GITHUB_USERNAME \ --docker-password=YOUR_GITHUB_TOKEN \ --docker-email=YOUR_EMAIL \ -n default ``` -------------------------------- ### Uninstall Cilium CNI in Kubernetes Source: https://edka.io/docs/clusters/update This command uninstalls the Cilium CNI from the kube-system namespace in your Kubernetes cluster. Ensure you have a backup and are aware of the implications before execution. This is typically done when switching from Cilium to another CNI. ```bash helm del -n kube-system cilium ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.