Initial commit for the sample gitops repository

Abhishek Choudhary · Abhishek Choudhary · commit 9521491f5db7 · 2025-01-26T02:26:19.000+05:30
diff --git a/.github/workflows/apply_on_merge.yaml b/.github/workflows/apply_on_merge.yaml
@@ -0,0 +1,89 @@
+name: Apply Cluster Configuration
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - 'clusters/**/*.yaml'
+
+jobs:
+  apply-cluster-config:
+    runs-on: ubuntu-latest
+    env:
+      TFY_API_KEY: ${{ secrets.TFY_API_KEY }}
+      TFY_HOST: ${{ secrets.TFY_HOST }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 2  # Need to fetch at least 2 commits to compare changes
+
+      - name: Get changed files
+        id: changed-files
+        run: |
+          # Get list of all changed yaml files (including deleted) in clusters directory
+          added_modified=$(git diff --name-status HEAD^ HEAD | grep "^[AM].*\.yaml$" | grep "^[AM].*clusters/.*/" | awk '{print $2}' | tr '\n' ' ')
+          deleted=$(git diff --name-status HEAD^ HEAD | grep "^D.*\.yaml$" | grep "^D.*clusters/.*/" | awk '{print $2}' | tr '\n' ' ')
+          echo "added_modified=${added_modified}" >> "$GITHUB_OUTPUT"
+          echo "deleted=${deleted}" >> "$GITHUB_OUTPUT"
+          echo "Changed files:"
+          echo "${added_modified}"
+          echo "Deleted files:"
+          echo "${deleted}"
+
+      - name: Install yq
+        run: |
+          wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/local/bin/yq
+          chmod +x /usr/local/bin/yq
+
+      - name: Validate YAML files
+        run: |
+          # Function to validate yaml name matches filename
+          validate_yaml_name() {
+            local file=$1
+            local filename=$(basename "$file" .yaml)
+            local yaml_name=$(yq '.name' "$file")
+            
+            if [[ "$yaml_name" != "$filename" ]]; then
+              echo "Error: YAML name field '$yaml_name' does not match filename '$filename' in $file"
+              exit 1
+            fi
+          }
+
+          # Split the space-separated string into array and validate each file
+          for file in ${{ steps.changed-files.outputs.added_modified }}; do
+            if [[ -n "$file" && -f "$file" ]]; then
+              echo "Validating $file"
+              validate_yaml_name "$file"
+            fi
+          done
+
+      - name: Setup TFY CLI
+        run: |
+          echo "Installing TFY CLI..."
+          pip install -U "truefoundry"
+
+      - name: Apply configurations
+        run: |
+          # Process deleted files first
+          for file in ${{ steps.changed-files.outputs.deleted }}; do
+            if [[ -n "$file" && -f "$file" ]]; then
+              echo "Deleting configuration for $file"
+              # tfy delete -f "$file"
+            fi
+          done
+
+          # Process added/modified files
+          for file in ${{ steps.changed-files.outputs.added_modified }}; do
+            if [[ -n "$file" && -f "$file" ]]; then
+              # Check if file is in applications folder
+              if [[ "$file" == *"/applications/"* ]]; then
+                echo "Applying application configuration for $file"
+                tfy deploy -f "$file"
+              else
+                echo "Applying non-application configuration for $file"
+                tfy apply -f "$file"
+              fi
+            fi
+          done
diff --git a/.github/workflows/dry_run_on_pr.yaml b/.github/workflows/dry_run_on_pr.yaml
@@ -0,0 +1,79 @@
+name: TFY Dry Run on PR
+
+on:
+  pull_request:
+    types: [opened, synchronize]
+    paths:
+      - 'clusters/**/*.yaml'
+
+jobs:
+  dry-run:
+    runs-on: ubuntu-latest
+    env:
+      TFY_API_KEY: ${{ secrets.TFY_API_KEY }}
+      TFY_HOST: ${{ secrets.TFY_HOST }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Get changed files
+        id: changed-files
+        uses: tj-actions/changed-files@v42
+        with:
+          files: |
+            clusters/**/*.yaml
+
+      - name: Install yq
+        run: |
+          wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/local/bin/yq
+          chmod +x /usr/local/bin/yq
+
+      - name: Validate YAML files
+        run: |
+          # Function to validate yaml name matches filename
+          validate_yaml_name() {
+            local file=$1
+            local filename=$(basename "$file" .yaml)
+            
+            # First check if the file is valid YAML
+            if ! yq eval '.' "$file" > /dev/null 2>&1; then
+              echo "Error: Invalid YAML syntax in file $file"
+              exit 1
+            fi
+            
+            local yaml_name=$(yq eval '.name' "$file")
+            
+            if [[ "$yaml_name" != "$filename" ]]; then
+              echo "Error: YAML name field '$yaml_name' does not match filename '$filename'"
+              echo "File: $file"
+              exit 1
+            fi
+          }
+
+          # Get the changed files as an array
+          IFS=' ' read -r -a changed_files <<< "${{ steps.changed-files.outputs.all_changed_files }}"
+
+          # Validate each changed file
+          for file in "${changed_files[@]}"; do
+            if [[ -n "$file" && -f "$file" ]]; then
+              echo "Validating $file"
+              validate_yaml_name "$file"
+            fi
+          done
+
+      - name: Setup TFY CLI
+        run: |
+          echo "Installing TFY CLI..."
+          pip install -U "truefoundry"
+
+      - name: Run TFY dry-run for changed files
+        run: |
+          for file in ${{ steps.changed-files.outputs.all_changed_files }}; do
+            if [[ $file == */applications/* ]]; then
+              echo "Running dry-run deploy for application file: $file"
+              # tfy deploy -f "$file" --dry-run
+            else
+              echo "Running dry-run apply for file: $file"
+              tfy apply -f "$file" --dry-run
+            fi
+          done
diff --git a/README.md b/README.md
@@ -0,0 +1,50 @@
+# Truefoundry Sample Gitops Repo
+
+This is a sample repo for Truefoundry's Gitops workflow. It comprises of the folder structure to keep the cluster, workspace and application configurations in a single repository. It also includes github actions to validate the configuration files on every PR and apply the changes on merge to the main branch.
+
+## Folder Structure
+
+The folder structure is as follows:
+
+```
+clusters/
+├── cluster1/
+│   ├── cluster1.yaml
+│   └── workspaces/
+│       └── workspace1/
+│           ├── workspace1.yaml
+│           └── applications/
+│               └── app1.yaml
+└── cluster2/
+    ├── cluster2.yaml
+    └── workspaces/
+        └── workspace1/
+            ├── workspace1.yaml
+            └── applications/
+                └── sample-app.yaml
+```
+
+We have a top level folder for each cluster. Inside the cluster folder, we have the cluster configuration file and a folder for workspaces. The workspaces folder contains the workspace configuration files and the applications folder which contains the application configuration files.
+
+## File Naming Convention
+
+Each file in the clusters folder should follow the naming convention of `<cluster-name>.yaml`. The cluster name should be the same as the folder name.
+
+The workspaces folder should contain a folder for each workspace. The folder name should be the same as the workspace name. The workspace configuration file should follow the naming convention of `<workspace-name>.yaml`.
+
+The applications folder contains the spec of all the applications. Each application should be in a separate file and follow the naming convention of `<application-name>.yaml`.
+
+## Github actions
+
+We will use Github actions to validate the configuration files and also apply them on every push. To set up the actions, we will need to create a Github repository secret with the name `TFY_API_KEY` and the value of the API key which you can generate from the Truefoundry dashboard.  
+
+Before running the actions, please 
+
+There are primarily 2 Github actions in the .github/workflows folder:
+
+1. **dry_run_on_pr.yaml** - This action is triggered on every pull request and subsequent changed to the PR. It validated the following things on every PR:
+
+ - The filename matches the name field in the yaml file
+ - It executes apply in dry-run mode for the changed file. 
+
+2. **apply_on_merge.yaml** - This action is triggered on every merge to the main branch. It applied all the changed filed in the commit and deleted the configurations for the deleted files.
diff --git a/clusters/cluster1/cluster1.yaml b/clusters/cluster1/cluster1.yaml
@@ -0,0 +1,27 @@
+name: cluster1
+cluster_type: gcp-gke-standard
+environment_names:
+  - dev
+  - prod
+  - staging
+collaborators:
+  - role_id: cluster-admin
+    subject: user:alice@example.com
+  - role_id: cluster-viewer
+    subject: user:bob@example.com
+  - role_id: cluster-member
+    subject: user:charlie@example.com
+  - role_id: cluster-admin
+    subject: user:dave@example.com
+type: cluster
+base_domains:
+  - '*.cluster1.dev.example.com'
+  - '*.internal.cluster1.dev.example.com'
+monitoring:
+  loki_url: http://loki.monitoring.svc.cluster.local:3100
+  prometheus_url: http://prometheus.monitoring.svc.cluster.local:9090
+default_registry_fqn: registry:example:docker-registry:dev-images
+workbench_config:
+  ssh_server_config:
+    base_domain: ssh.cluster1.dev.example.com
+    port: 80
diff --git a/clusters/cluster1/workspaces/workspace1/applications/app1.yaml b/clusters/cluster1/workspaces/workspace1/applications/app1.yaml
@@ -0,0 +1,36 @@
+type: service
+name: app1
+workspace_fqn: cluster1:workspace1
+image:
+  type: build
+  build_source:
+    type: git
+    branch_name: main
+    ref: abc123def456gh789ijklmnop0123456789abcd
+    repo_url: https://github.com/example/sample-fastapi-app
+  build_spec:
+    type: tfy-python-buildpack
+    build_context_path: ./
+    python_version: '3.10'
+    command: uvicorn app:app --host 0.0.0.0 --port 8000
+    requirements_path: requirements.txt
+ports:
+  - host: sample-app-service-8000.example-cluster.example.com
+    port: 8000
+    expose: true
+    protocol: TCP
+    app_protocol: http
+replicas: 1
+labels:
+  tfy_openapi_path: openapi.json
+allow_interception: false
+resources:
+  node:
+    type: node_selector
+    capacity_type: spot_fallback_on_demand
+  cpu_request: 0.5
+  cpu_limit: 0.5
+  memory_request: 1000
+  memory_limit: 1000
+  ephemeral_storage_request: 500
+  ephemeral_storage_limit: 500
diff --git a/clusters/cluster1/workspaces/workspace1/workspace1.yaml b/clusters/cluster1/workspaces/workspace1/workspace1.yaml
@@ -0,0 +1,7 @@
+cluster_fqn: cluster1
+name: workspace1
+environment_name: devtest
+collaborators:
+  - role_id: workspace-admin
+    subject: user:alice@example.com
+type: workspace
diff --git a/clusters/cluster2/cluster2.yaml b/clusters/cluster2/cluster2.yaml
@@ -0,0 +1,32 @@
+name: cluster2
+cluster_type: aws-eks
+environment_names:
+  - prod
+collaborators:
+  - role_id: cluster-admin
+    subject: user:alice@example.com
+  - role_id: cluster-admin
+    subject: user:bob@example.com
+  - role_id: cluster-viewer
+    subject: team:developers
+type: cluster
+base_domains:
+  - '*.example.com'
+  - '*.production.example.com'
+  - '*.cluster2-prod.production.example.com'
+  - '*.example.cloud'
+monitoring:
+  kubecost_url: http://kubecost-cost-analyzer.kubecost.svc.cluster.local:9090
+  loki_url: http://loki.loki.svc.cluster.local:3100
+  prometheus_url: >-
+    http://prometheus-kube-prometheus-prometheus.prometheus.svc.cluster.local:9090
+workbench_config:
+  notebook_config:
+    base_domain: nb.cluster2-prod.production.example.com
+  ssh_server_config:
+    base_domain: ssh.cluster2-prod.production.example.com
+    port: 80
+supported_nodepools:
+  - name: test-np
+  - name: test-np2
+default_registry_fqn: internal:registry:example-registry:docker-registry:internal-images
diff --git a/clusters/cluster2/workspaces/applications/sample-app.yaml b/clusters/cluster2/workspaces/applications/sample-app.yaml
@@ -0,0 +1,41 @@
+type: service
+workspace_fqn: cluster2:workspace1
+name: sample-app
+image:
+  type: build
+  build_source:
+    type: git
+    branch_name: main
+    ref: abc123def456gh789ijklmnop0123456789abcd
+    repo_url: https://github.com/example-org/sample-app
+  build_spec:
+    type: dockerfile
+    dockerfile_path: ./Dockerfile
+    build_context_path: ./
+ports:
+  - host: sample-app.example-domain.com
+    port: 8080
+    expose: true
+    protocol: TCP
+    app_protocol: http
+rollout_strategy:
+  type: rolling_update
+  max_surge_percentage: 0
+  max_unavailable_percentage: 25
+allow_interception: false
+replicas:
+  min_replicas: 1
+  max_replicas: 10
+  metrics:
+    type: cpu_utilization
+    value: 80
+resources:
+  node:
+    type: node_selector
+    capacity_type: spot_fallback_on_demand
+  cpu_request: 2
+  cpu_limit: 4
+  memory_request: 200
+  memory_limit: 500
+  ephemeral_storage_request: 1000
+  ephemeral_storage_limit: 2000
diff --git a/clusters/cluster2/workspaces/workspace1.yaml b/clusters/cluster2/workspaces/workspace1.yaml
@@ -0,0 +1,11 @@
+cluster_fqn: cluster2
+name: qa-test-ws
+environment_name: prod
+collaborators:
+  - role_id: workspace-admin
+    subject: user:bob@example.com
+  - role_id: workspace-viewer
+    subject: user:junaid@example.com
+  - role_id: workspace-editor
+    subject: user:hina@example.com
+type: workspace
