@sylix/coworker 2.0.11 → 2.0.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/commands/slash/config.d.ts.map +1 -1
- package/dist/commands/slash/config.js +22 -4
- package/dist/commands/slash/config.js.map +1 -1
- package/dist/core/CoWorkerAgent.d.ts.map +1 -1
- package/dist/core/CoWorkerAgent.js +6 -3
- package/dist/core/CoWorkerAgent.js.map +1 -1
- package/dist/skills/defaults/accessibility/screen-reader-testing.md +545 -0
- package/dist/skills/defaults/accessibility/wcag-audit-patterns.md +555 -0
- package/dist/skills/defaults/ai-ml/rag.md +276 -0
- package/dist/skills/defaults/backend-development/api-design-principles.md +528 -0
- package/dist/skills/defaults/backend-development/api-design.md +285 -0
- package/dist/skills/defaults/backend-development/architecture-patterns.md +494 -0
- package/dist/skills/defaults/backend-development/async-python.md +237 -0
- package/dist/skills/defaults/backend-development/auth-implementation-patterns.md +638 -0
- package/dist/skills/defaults/backend-development/bazel-build-optimization.md +387 -0
- package/dist/skills/defaults/backend-development/billing-automation/SKILL.md +566 -0
- package/dist/skills/defaults/backend-development/code-review-excellence.md +538 -0
- package/dist/skills/defaults/backend-development/cqrs-implementation.md +554 -0
- package/dist/skills/defaults/backend-development/database-design.md +305 -0
- package/dist/skills/defaults/backend-development/debugging-strategies.md +536 -0
- package/dist/skills/defaults/backend-development/e2e-testing-patterns.md +544 -0
- package/dist/skills/defaults/backend-development/error-handling-patterns.md +641 -0
- package/dist/skills/defaults/backend-development/fastapi-templates.md +559 -0
- package/dist/skills/defaults/backend-development/fastapi.md +309 -0
- package/dist/skills/defaults/backend-development/git-advanced-workflows.md +405 -0
- package/dist/skills/defaults/backend-development/microservices-patterns.md +595 -0
- package/dist/skills/defaults/backend-development/microservices.md +284 -0
- package/dist/skills/defaults/backend-development/monorepo-management.md +623 -0
- package/dist/skills/defaults/backend-development/nodejs-backend-patterns.md +1048 -0
- package/dist/skills/defaults/backend-development/nx-workspace-patterns.md +457 -0
- package/dist/skills/defaults/backend-development/paypal-integration/SKILL.md +478 -0
- package/dist/skills/defaults/backend-development/pci-compliance/SKILL.md +480 -0
- package/dist/skills/defaults/backend-development/python-anti-patterns.md +349 -0
- package/dist/skills/defaults/backend-development/python-background-jobs.md +364 -0
- package/dist/skills/defaults/backend-development/python-code-style.md +360 -0
- package/dist/skills/defaults/backend-development/python-configuration.md +368 -0
- package/dist/skills/defaults/backend-development/python-design-patterns.md +296 -0
- package/dist/skills/defaults/backend-development/python-error-handling.md +323 -0
- package/dist/skills/defaults/backend-development/python-packaging.md +887 -0
- package/dist/skills/defaults/backend-development/python-performance-optimization.md +874 -0
- package/dist/skills/defaults/backend-development/python-project-structure.md +252 -0
- package/dist/skills/defaults/backend-development/python-resilience.md +376 -0
- package/dist/skills/defaults/backend-development/python-resource-management.md +421 -0
- package/dist/skills/defaults/backend-development/python-type-safety.md +428 -0
- package/dist/skills/defaults/backend-development/sql-optimization-patterns.md +509 -0
- package/dist/skills/defaults/backend-development/stripe-integration/SKILL.md +522 -0
- package/dist/skills/defaults/backend-development/turborepo-caching.md +376 -0
- package/dist/skills/defaults/blockchain/defi-protocol-templates.md +430 -0
- package/dist/skills/defaults/blockchain/nft-standards.md +364 -0
- package/dist/skills/defaults/blockchain/solidity-security.md +514 -0
- package/dist/skills/defaults/blockchain/web3-testing.md +360 -0
- package/dist/skills/defaults/business/competitive-landscape/SKILL.md +527 -0
- package/dist/skills/defaults/business/market-sizing-analysis/SKILL.md +451 -0
- package/dist/skills/defaults/business/startup-financial-modeling/SKILL.md +494 -0
- package/dist/skills/defaults/business/startup-metrics-framework/SKILL.md +564 -0
- package/dist/skills/defaults/business/team-composition-analysis.md +437 -0
- package/dist/skills/defaults/compliance/employment-contract-templates/SKILL.md +527 -0
- package/dist/skills/defaults/compliance/gdpr-data-handling/SKILL.md +630 -0
- package/dist/skills/defaults/data-engineering/airflow-dag-patterns.md +436 -0
- package/dist/skills/defaults/data-engineering/airflow.md +519 -0
- package/dist/skills/defaults/data-engineering/data-quality.md +583 -0
- package/dist/skills/defaults/data-engineering/dbt-transformation-patterns.md +482 -0
- package/dist/skills/defaults/data-engineering/dbt.md +556 -0
- package/dist/skills/defaults/data-engineering/ml-pipeline-workflow/SKILL.md +247 -0
- package/dist/skills/defaults/data-engineering/spark-optimization.md +348 -0
- package/dist/skills/defaults/data-engineering/spark.md +411 -0
- package/dist/skills/defaults/database/postgresql.md +202 -0
- package/dist/skills/defaults/debugging/systematic-debugging.md +249 -0
- package/dist/skills/defaults/devops/architecture-decision-records.md +448 -0
- package/dist/skills/defaults/devops/changelog-automation.md +580 -0
- package/dist/skills/defaults/devops/cicd.md +314 -0
- package/dist/skills/defaults/devops/cloud.md +263 -0
- package/dist/skills/defaults/devops/code-review-excellence.md +299 -0
- package/dist/skills/defaults/devops/cost-optimization.md +295 -0
- package/dist/skills/defaults/devops/deployment-pipeline-design.md +356 -0
- package/dist/skills/defaults/devops/docker.md +281 -0
- package/dist/skills/defaults/devops/git-workflows.md +205 -0
- package/dist/skills/defaults/devops/github-actions.md +311 -0
- package/dist/skills/defaults/devops/gitlab-ci-patterns.md +266 -0
- package/dist/skills/defaults/devops/hybrid-cloud-networking.md +241 -0
- package/dist/skills/defaults/devops/istio-traffic-management.md +327 -0
- package/dist/skills/defaults/devops/kubernetes.md +339 -0
- package/dist/skills/defaults/devops/linkerd-patterns.md +311 -0
- package/dist/skills/defaults/devops/multi-cloud-architecture.md +181 -0
- package/dist/skills/defaults/devops/observability.md +243 -0
- package/dist/skills/defaults/devops/openapi-spec-generation.md +1024 -0
- package/dist/skills/defaults/devops/postmortem-writing.md +396 -0
- package/dist/skills/defaults/devops/prometheus-configuration.md +265 -0
- package/dist/skills/defaults/devops/secrets-management.md +341 -0
- package/dist/skills/defaults/devops/service-mesh-observability.md +385 -0
- package/dist/skills/defaults/devops/terraform-module-library.md +244 -0
- package/dist/skills/defaults/finance/backtesting-frameworks/SKILL.md +663 -0
- package/dist/skills/defaults/finance/risk-metrics-calculation/SKILL.md +557 -0
- package/dist/skills/defaults/frontend/accessibility-compliance.md +420 -0
- package/dist/skills/defaults/frontend/design-system-patterns.md +337 -0
- package/dist/skills/defaults/frontend/interaction-design.md +327 -0
- package/dist/skills/defaults/frontend/javascript.md +311 -0
- package/dist/skills/defaults/frontend/modern-javascript-patterns.md +927 -0
- package/dist/skills/defaults/frontend/react-native-design.md +440 -0
- package/dist/skills/defaults/frontend/react.md +345 -0
- package/dist/skills/defaults/frontend/responsive-design.md +472 -0
- package/dist/skills/defaults/frontend/tailwind-design-system.md +337 -0
- package/dist/skills/defaults/frontend/typescript-advanced-types.md +724 -0
- package/dist/skills/defaults/frontend/typescript.md +334 -0
- package/dist/skills/defaults/frontend/visual-design-foundations.md +326 -0
- package/dist/skills/defaults/frontend/web-component-design.md +279 -0
- package/dist/skills/defaults/game-development/godot-gdscript-patterns.md +188 -0
- package/dist/skills/defaults/game-development/unity-ecs-patterns.md +594 -0
- package/dist/skills/defaults/kubernetes/gitops-workflow.md +285 -0
- package/dist/skills/defaults/kubernetes/gitops.md +280 -0
- package/dist/skills/defaults/kubernetes/helm-chart-scaffolding.md +553 -0
- package/dist/skills/defaults/kubernetes/helm.md +343 -0
- package/dist/skills/defaults/kubernetes/k8s-manifest-generator.md +501 -0
- package/dist/skills/defaults/kubernetes/k8s-security-policies.md +342 -0
- package/dist/skills/defaults/kubernetes/manifests.md +330 -0
- package/dist/skills/defaults/kubernetes/security.md +337 -0
- package/dist/skills/defaults/llm-application/embedding-strategies.md +608 -0
- package/dist/skills/defaults/llm-application/hybrid-search-implementation.md +570 -0
- package/dist/skills/defaults/llm-application/hybrid-search.md +570 -0
- package/dist/skills/defaults/llm-application/langchain-architecture.md +666 -0
- package/dist/skills/defaults/llm-application/langchain.md +259 -0
- package/dist/skills/defaults/llm-application/llm-evaluation.md +695 -0
- package/dist/skills/defaults/llm-application/prompt-engineering-patterns.md +449 -0
- package/dist/skills/defaults/llm-application/prompt-engineering.md +219 -0
- package/dist/skills/defaults/llm-application/rag-implementation.md +434 -0
- package/dist/skills/defaults/llm-application/similarity-search-patterns.md +560 -0
- package/dist/skills/defaults/llm-application/similarity-search.md +560 -0
- package/dist/skills/defaults/llm-application/vector-index-tuning.md +523 -0
- package/dist/skills/defaults/mobile/mobile-android-design.md +440 -0
- package/dist/skills/defaults/mobile/mobile-ios-design.md +266 -0
- package/dist/skills/defaults/monitoring/distributed-tracing.md +436 -0
- package/dist/skills/defaults/monitoring/grafana-dashboards.md +370 -0
- package/dist/skills/defaults/monitoring/prometheus-configuration.md +379 -0
- package/dist/skills/defaults/monitoring/slo-implementation.md +323 -0
- package/dist/skills/defaults/refactoring/code-refactoring.md +349 -0
- package/dist/skills/defaults/security/anti-reversing-techniques/SKILL.md +559 -0
- package/dist/skills/defaults/security/auditor.md +168 -0
- package/dist/skills/defaults/security/binary-analysis-patterns/SKILL.md +438 -0
- package/dist/skills/defaults/security/memory-forensics/SKILL.md +483 -0
- package/dist/skills/defaults/security/mtls-configuration.md +349 -0
- package/dist/skills/defaults/security/protocol-reverse-engineering/SKILL.md +520 -0
- package/dist/skills/defaults/security/sast-configuration.md +182 -0
- package/dist/skills/defaults/security/security.md +313 -0
- package/dist/skills/defaults/security/stride-analysis.md +273 -0
- package/dist/skills/defaults/security/threat-mitigation-mapping.md +290 -0
- package/dist/skills/defaults/systems/bash-defensive-patterns/SKILL.md +539 -0
- package/dist/skills/defaults/systems/bats-testing-patterns/SKILL.md +631 -0
- package/dist/skills/defaults/systems/go-concurrency-patterns.md +657 -0
- package/dist/skills/defaults/systems/memory-safety-patterns.md +605 -0
- package/dist/skills/defaults/systems/rust-async-patterns.md +519 -0
- package/dist/skills/defaults/systems/shellcheck-configuration/SKILL.md +456 -0
- package/dist/skills/defaults/team-collaboration/multi-reviewer-patterns.md +126 -0
- package/dist/skills/defaults/team-collaboration/parallel-feature-development.md +151 -0
- package/dist/skills/defaults/testing/javascript-testing-patterns.md +1021 -0
- package/dist/skills/defaults/testing/python-testing-patterns.md +351 -0
- package/dist/skills/defaults/testing/testing.md +332 -0
- package/dist/skills/defaults/workflows/context-driven-development.md +384 -0
- package/dist/skills/defaults/workflows/track-management.md +592 -0
- package/dist/skills/defaults/workflows/workflow-patterns.md +622 -0
- package/dist/skills/index.d.ts +11 -0
- package/dist/skills/index.d.ts.map +1 -0
- package/dist/skills/index.js +129 -0
- package/dist/skills/index.js.map +1 -0
- package/dist/utils/character.js +4 -4
- package/dist/utils/character.js.map +1 -1
- package/dist/utils/inputbar.d.ts.map +1 -1
- package/dist/utils/inputbar.js +7 -0
- package/dist/utils/inputbar.js.map +1 -1
- package/package.json +1 -1
|
@@ -0,0 +1,285 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: gitops-workflow
|
|
3
|
+
description: Implement GitOps workflows with ArgoCD and Flux for automated, declarative Kubernetes deployments with continuous reconciliation. Use when implementing GitOps practices, automating Kubernetes deployments, or setting up declarative infrastructure management.
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# GitOps Workflow
|
|
7
|
+
|
|
8
|
+
Complete guide to implementing GitOps workflows with ArgoCD and Flux for automated Kubernetes deployments.
|
|
9
|
+
|
|
10
|
+
## Purpose
|
|
11
|
+
|
|
12
|
+
Implement declarative, Git-based continuous delivery for Kubernetes using ArgoCD or Flux CD, following OpenGitOps principles.
|
|
13
|
+
|
|
14
|
+
## When to Use This Skill
|
|
15
|
+
|
|
16
|
+
- Set up GitOps for Kubernetes clusters
|
|
17
|
+
- Automate application deployments from Git
|
|
18
|
+
- Implement progressive delivery strategies
|
|
19
|
+
- Manage multi-cluster deployments
|
|
20
|
+
- Configure automated sync policies
|
|
21
|
+
- Set up secret management in GitOps
|
|
22
|
+
|
|
23
|
+
## OpenGitOps Principles
|
|
24
|
+
|
|
25
|
+
1. **Declarative** - Entire system described declaratively
|
|
26
|
+
2. **Versioned and Immutable** - Desired state stored in Git
|
|
27
|
+
3. **Pulled Automatically** - Software agents pull desired state
|
|
28
|
+
4. **Continuously Reconciled** - Agents reconcile actual vs desired state
|
|
29
|
+
|
|
30
|
+
## ArgoCD Setup
|
|
31
|
+
|
|
32
|
+
### 1. Installation
|
|
33
|
+
|
|
34
|
+
```bash
|
|
35
|
+
# Create namespace
|
|
36
|
+
kubectl create namespace argocd
|
|
37
|
+
|
|
38
|
+
# Install ArgoCD
|
|
39
|
+
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
|
|
40
|
+
|
|
41
|
+
# Get admin password
|
|
42
|
+
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
|
|
43
|
+
```
|
|
44
|
+
|
|
45
|
+
### 2. Repository Structure
|
|
46
|
+
|
|
47
|
+
```
|
|
48
|
+
gitops-repo/
|
|
49
|
+
├── apps/
|
|
50
|
+
│ ├── production/
|
|
51
|
+
│ │ ├── app1/
|
|
52
|
+
│ │ │ ├── kustomization.yaml
|
|
53
|
+
│ │ │ └── deployment.yaml
|
|
54
|
+
│ │ └── app2/
|
|
55
|
+
│ └── staging/
|
|
56
|
+
├── infrastructure/
|
|
57
|
+
│ ├── ingress-nginx/
|
|
58
|
+
│ ├── cert-manager/
|
|
59
|
+
│ └── monitoring/
|
|
60
|
+
└── argocd/
|
|
61
|
+
├── applications/
|
|
62
|
+
└── projects/
|
|
63
|
+
```
|
|
64
|
+
|
|
65
|
+
### 3. Create Application
|
|
66
|
+
|
|
67
|
+
```yaml
|
|
68
|
+
# argocd/applications/my-app.yaml
|
|
69
|
+
apiVersion: argoproj.io/v1alpha1
|
|
70
|
+
kind: Application
|
|
71
|
+
metadata:
|
|
72
|
+
name: my-app
|
|
73
|
+
namespace: argocd
|
|
74
|
+
spec:
|
|
75
|
+
project: default
|
|
76
|
+
source:
|
|
77
|
+
repoURL: https://github.com/org/gitops-repo
|
|
78
|
+
targetRevision: main
|
|
79
|
+
path: apps/production/my-app
|
|
80
|
+
destination:
|
|
81
|
+
server: https://kubernetes.default.svc
|
|
82
|
+
namespace: production
|
|
83
|
+
syncPolicy:
|
|
84
|
+
automated:
|
|
85
|
+
prune: true
|
|
86
|
+
selfHeal: true
|
|
87
|
+
syncOptions:
|
|
88
|
+
- CreateNamespace=true
|
|
89
|
+
```
|
|
90
|
+
|
|
91
|
+
### 4. App of Apps Pattern
|
|
92
|
+
|
|
93
|
+
```yaml
|
|
94
|
+
apiVersion: argoproj.io/v1alpha1
|
|
95
|
+
kind: Application
|
|
96
|
+
metadata:
|
|
97
|
+
name: applications
|
|
98
|
+
namespace: argocd
|
|
99
|
+
spec:
|
|
100
|
+
project: default
|
|
101
|
+
source:
|
|
102
|
+
repoURL: https://github.com/org/gitops-repo
|
|
103
|
+
targetRevision: main
|
|
104
|
+
path: argocd/applications
|
|
105
|
+
destination:
|
|
106
|
+
server: https://kubernetes.default.svc
|
|
107
|
+
namespace: argocd
|
|
108
|
+
syncPolicy:
|
|
109
|
+
automated: {}
|
|
110
|
+
```
|
|
111
|
+
|
|
112
|
+
## Flux CD Setup
|
|
113
|
+
|
|
114
|
+
### 1. Installation
|
|
115
|
+
|
|
116
|
+
```bash
|
|
117
|
+
# Install Flux CLI
|
|
118
|
+
curl -s https://fluxcd.io/install.sh | sudo bash
|
|
119
|
+
|
|
120
|
+
# Bootstrap Flux
|
|
121
|
+
flux bootstrap github \
|
|
122
|
+
--owner=org \
|
|
123
|
+
--repository=gitops-repo \
|
|
124
|
+
--branch=main \
|
|
125
|
+
--path=clusters/production \
|
|
126
|
+
--personal
|
|
127
|
+
```
|
|
128
|
+
|
|
129
|
+
### 2. Create GitRepository
|
|
130
|
+
|
|
131
|
+
```yaml
|
|
132
|
+
apiVersion: source.toolkit.fluxcd.io/v1
|
|
133
|
+
kind: GitRepository
|
|
134
|
+
metadata:
|
|
135
|
+
name: my-app
|
|
136
|
+
namespace: flux-system
|
|
137
|
+
spec:
|
|
138
|
+
interval: 1m
|
|
139
|
+
url: https://github.com/org/my-app
|
|
140
|
+
ref:
|
|
141
|
+
branch: main
|
|
142
|
+
```
|
|
143
|
+
|
|
144
|
+
### 3. Create Kustomization
|
|
145
|
+
|
|
146
|
+
```yaml
|
|
147
|
+
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
|
148
|
+
kind: Kustomization
|
|
149
|
+
metadata:
|
|
150
|
+
name: my-app
|
|
151
|
+
namespace: flux-system
|
|
152
|
+
spec:
|
|
153
|
+
interval: 5m
|
|
154
|
+
path: ./deploy
|
|
155
|
+
prune: true
|
|
156
|
+
sourceRef:
|
|
157
|
+
kind: GitRepository
|
|
158
|
+
name: my-app
|
|
159
|
+
```
|
|
160
|
+
|
|
161
|
+
## Sync Policies
|
|
162
|
+
|
|
163
|
+
### Auto-Sync Configuration
|
|
164
|
+
|
|
165
|
+
**ArgoCD:**
|
|
166
|
+
|
|
167
|
+
```yaml
|
|
168
|
+
syncPolicy:
|
|
169
|
+
automated:
|
|
170
|
+
prune: true # Delete resources not in Git
|
|
171
|
+
selfHeal: true # Reconcile manual changes
|
|
172
|
+
allowEmpty: false
|
|
173
|
+
retry:
|
|
174
|
+
limit: 5
|
|
175
|
+
backoff:
|
|
176
|
+
duration: 5s
|
|
177
|
+
factor: 2
|
|
178
|
+
maxDuration: 3m
|
|
179
|
+
```
|
|
180
|
+
|
|
181
|
+
**Flux:**
|
|
182
|
+
|
|
183
|
+
```yaml
|
|
184
|
+
spec:
|
|
185
|
+
interval: 1m
|
|
186
|
+
prune: true
|
|
187
|
+
wait: true
|
|
188
|
+
timeout: 5m
|
|
189
|
+
```
|
|
190
|
+
|
|
191
|
+
## Progressive Delivery
|
|
192
|
+
|
|
193
|
+
### Canary Deployment with ArgoCD Rollouts
|
|
194
|
+
|
|
195
|
+
```yaml
|
|
196
|
+
apiVersion: argoproj.io/v1alpha1
|
|
197
|
+
kind: Rollout
|
|
198
|
+
metadata:
|
|
199
|
+
name: my-app
|
|
200
|
+
spec:
|
|
201
|
+
replicas: 5
|
|
202
|
+
strategy:
|
|
203
|
+
canary:
|
|
204
|
+
steps:
|
|
205
|
+
- setWeight: 20
|
|
206
|
+
- pause: { duration: 1m }
|
|
207
|
+
- setWeight: 50
|
|
208
|
+
- pause: { duration: 2m }
|
|
209
|
+
- setWeight: 100
|
|
210
|
+
```
|
|
211
|
+
|
|
212
|
+
### Blue-Green Deployment
|
|
213
|
+
|
|
214
|
+
```yaml
|
|
215
|
+
strategy:
|
|
216
|
+
blueGreen:
|
|
217
|
+
activeService: my-app
|
|
218
|
+
previewService: my-app-preview
|
|
219
|
+
autoPromotionEnabled: false
|
|
220
|
+
```
|
|
221
|
+
|
|
222
|
+
## Secret Management
|
|
223
|
+
|
|
224
|
+
### External Secrets Operator
|
|
225
|
+
|
|
226
|
+
```yaml
|
|
227
|
+
apiVersion: external-secrets.io/v1beta1
|
|
228
|
+
kind: ExternalSecret
|
|
229
|
+
metadata:
|
|
230
|
+
name: db-credentials
|
|
231
|
+
spec:
|
|
232
|
+
refreshInterval: 1h
|
|
233
|
+
secretStoreRef:
|
|
234
|
+
name: aws-secrets-manager
|
|
235
|
+
kind: SecretStore
|
|
236
|
+
target:
|
|
237
|
+
name: db-credentials
|
|
238
|
+
data:
|
|
239
|
+
- secretKey: password
|
|
240
|
+
remoteRef:
|
|
241
|
+
key: prod/db/password
|
|
242
|
+
```
|
|
243
|
+
|
|
244
|
+
### Sealed Secrets
|
|
245
|
+
|
|
246
|
+
```bash
|
|
247
|
+
# Encrypt secret
|
|
248
|
+
kubeseal --format yaml < secret.yaml > sealed-secret.yaml
|
|
249
|
+
|
|
250
|
+
# Commit sealed-secret.yaml to Git
|
|
251
|
+
```
|
|
252
|
+
|
|
253
|
+
## Best Practices
|
|
254
|
+
|
|
255
|
+
1. **Use separate repos or branches** for different environments
|
|
256
|
+
2. **Implement RBAC** for Git repositories
|
|
257
|
+
3. **Enable notifications** for sync failures
|
|
258
|
+
4. **Use health checks** for custom resources
|
|
259
|
+
5. **Implement approval gates** for production
|
|
260
|
+
6. **Keep secrets out of Git** (use External Secrets)
|
|
261
|
+
7. **Use App of Apps pattern** for organization
|
|
262
|
+
8. **Tag releases** for easy rollback
|
|
263
|
+
9. **Monitor sync status** with alerts
|
|
264
|
+
10. **Test changes** in staging first
|
|
265
|
+
|
|
266
|
+
## Troubleshooting
|
|
267
|
+
|
|
268
|
+
**Sync failures:**
|
|
269
|
+
|
|
270
|
+
```bash
|
|
271
|
+
argocd app get my-app
|
|
272
|
+
argocd app sync my-app --prune
|
|
273
|
+
```
|
|
274
|
+
|
|
275
|
+
**Out of sync status:**
|
|
276
|
+
|
|
277
|
+
```bash
|
|
278
|
+
argocd app diff my-app
|
|
279
|
+
argocd app sync my-app --force
|
|
280
|
+
```
|
|
281
|
+
|
|
282
|
+
## Related Skills
|
|
283
|
+
|
|
284
|
+
- `k8s-manifest-generator` - For creating manifests
|
|
285
|
+
- `helm-chart-scaffolding` - For packaging applications
|
|
@@ -0,0 +1,280 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: gitops-workflow
|
|
3
|
+
description: Implement GitOps workflows with ArgoCD and Flux for automated, declarative Kubernetes deployments with continuous reconciliation. Use when implementing GitOps practices, automating Kubernetes deployments, or setting up declarative infrastructure management.
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# GitOps Workflow
|
|
7
|
+
|
|
8
|
+
Complete guide to implementing GitOps workflows with ArgoCD and Flux for automated Kubernetes deployments.
|
|
9
|
+
|
|
10
|
+
## Purpose
|
|
11
|
+
|
|
12
|
+
Implement declarative, Git-based continuous delivery for Kubernetes using ArgoCD or Flux CD, following OpenGitOps principles.
|
|
13
|
+
|
|
14
|
+
## When to Use This Skill
|
|
15
|
+
|
|
16
|
+
- Set up GitOps for Kubernetes clusters
|
|
17
|
+
- Automate application deployments from Git
|
|
18
|
+
- Implement progressive delivery strategies
|
|
19
|
+
- Manage multi-cluster deployments
|
|
20
|
+
- Configure automated sync policies
|
|
21
|
+
- Set up secret management in GitOps
|
|
22
|
+
|
|
23
|
+
## OpenGitOps Principles
|
|
24
|
+
|
|
25
|
+
1. **Declarative** - Entire system described declaratively
|
|
26
|
+
2. **Versioned and Immutable** - Desired state stored in Git
|
|
27
|
+
3. **Pulled Automatically** - Software agents pull desired state
|
|
28
|
+
4. **Continuously Reconciled** - Agents reconcile actual vs desired state
|
|
29
|
+
|
|
30
|
+
## ArgoCD Setup
|
|
31
|
+
|
|
32
|
+
### 1. Installation
|
|
33
|
+
|
|
34
|
+
```bash
|
|
35
|
+
# Create namespace
|
|
36
|
+
kubectl create namespace argocd
|
|
37
|
+
|
|
38
|
+
# Install ArgoCD
|
|
39
|
+
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
|
|
40
|
+
|
|
41
|
+
# Get admin password
|
|
42
|
+
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
|
|
43
|
+
```
|
|
44
|
+
|
|
45
|
+
### 2. Repository Structure
|
|
46
|
+
|
|
47
|
+
```
|
|
48
|
+
gitops-repo/
|
|
49
|
+
├── apps/
|
|
50
|
+
│ ├── production/
|
|
51
|
+
│ │ ├── app1/
|
|
52
|
+
│ │ │ ├── kustomization.yaml
|
|
53
|
+
│ │ │ └── deployment.yaml
|
|
54
|
+
│ │ └── app2/
|
|
55
|
+
│ └── staging/
|
|
56
|
+
├── infrastructure/
|
|
57
|
+
│ ├── ingress-nginx/
|
|
58
|
+
│ ├── cert-manager/
|
|
59
|
+
│ └── monitoring/
|
|
60
|
+
└── argocd/
|
|
61
|
+
├── applications/
|
|
62
|
+
└── projects/
|
|
63
|
+
```
|
|
64
|
+
|
|
65
|
+
### 3. Create Application
|
|
66
|
+
|
|
67
|
+
```yaml
|
|
68
|
+
# argocd/applications/my-app.yaml
|
|
69
|
+
apiVersion: argoproj.io/v1alpha1
|
|
70
|
+
kind: Application
|
|
71
|
+
metadata:
|
|
72
|
+
name: my-app
|
|
73
|
+
namespace: argocd
|
|
74
|
+
spec:
|
|
75
|
+
project: default
|
|
76
|
+
source:
|
|
77
|
+
repoURL: https://github.com/org/gitops-repo
|
|
78
|
+
targetRevision: main
|
|
79
|
+
path: apps/production/my-app
|
|
80
|
+
destination:
|
|
81
|
+
server: https://kubernetes.default.svc
|
|
82
|
+
namespace: production
|
|
83
|
+
syncPolicy:
|
|
84
|
+
automated:
|
|
85
|
+
prune: true
|
|
86
|
+
selfHeal: true
|
|
87
|
+
syncOptions:
|
|
88
|
+
- CreateNamespace=true
|
|
89
|
+
```
|
|
90
|
+
|
|
91
|
+
### 4. App of Apps Pattern
|
|
92
|
+
|
|
93
|
+
```yaml
|
|
94
|
+
apiVersion: argoproj.io/v1alpha1
|
|
95
|
+
kind: Application
|
|
96
|
+
metadata:
|
|
97
|
+
name: applications
|
|
98
|
+
namespace: argocd
|
|
99
|
+
spec:
|
|
100
|
+
project: default
|
|
101
|
+
source:
|
|
102
|
+
repoURL: https://github.com/org/gitops-repo
|
|
103
|
+
targetRevision: main
|
|
104
|
+
path: argocd/applications
|
|
105
|
+
destination:
|
|
106
|
+
server: https://kubernetes.default.svc
|
|
107
|
+
namespace: argocd
|
|
108
|
+
syncPolicy:
|
|
109
|
+
automated: {}
|
|
110
|
+
```
|
|
111
|
+
|
|
112
|
+
## Flux CD Setup
|
|
113
|
+
|
|
114
|
+
### 1. Installation
|
|
115
|
+
|
|
116
|
+
```bash
|
|
117
|
+
# Install Flux CLI
|
|
118
|
+
curl -s https://fluxcd.io/install.sh | sudo bash
|
|
119
|
+
|
|
120
|
+
# Bootstrap Flux
|
|
121
|
+
flux bootstrap github \
|
|
122
|
+
--owner=org \
|
|
123
|
+
--repository=gitops-repo \
|
|
124
|
+
--branch=main \
|
|
125
|
+
--path=clusters/production \
|
|
126
|
+
--personal
|
|
127
|
+
```
|
|
128
|
+
|
|
129
|
+
### 2. Create GitRepository
|
|
130
|
+
|
|
131
|
+
```yaml
|
|
132
|
+
apiVersion: source.toolkit.fluxcd.io/v1
|
|
133
|
+
kind: GitRepository
|
|
134
|
+
metadata:
|
|
135
|
+
name: my-app
|
|
136
|
+
namespace: flux-system
|
|
137
|
+
spec:
|
|
138
|
+
interval: 1m
|
|
139
|
+
url: https://github.com/org/my-app
|
|
140
|
+
ref:
|
|
141
|
+
branch: main
|
|
142
|
+
```
|
|
143
|
+
|
|
144
|
+
### 3. Create Kustomization
|
|
145
|
+
|
|
146
|
+
```yaml
|
|
147
|
+
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
|
148
|
+
kind: Kustomization
|
|
149
|
+
metadata:
|
|
150
|
+
name: my-app
|
|
151
|
+
namespace: flux-system
|
|
152
|
+
spec:
|
|
153
|
+
interval: 5m
|
|
154
|
+
path: ./deploy
|
|
155
|
+
prune: true
|
|
156
|
+
sourceRef:
|
|
157
|
+
kind: GitRepository
|
|
158
|
+
name: my-app
|
|
159
|
+
```
|
|
160
|
+
|
|
161
|
+
## Sync Policies
|
|
162
|
+
|
|
163
|
+
### Auto-Sync Configuration
|
|
164
|
+
|
|
165
|
+
**ArgoCD:**
|
|
166
|
+
|
|
167
|
+
```yaml
|
|
168
|
+
syncPolicy:
|
|
169
|
+
automated:
|
|
170
|
+
prune: true
|
|
171
|
+
selfHeal: true
|
|
172
|
+
allowEmpty: false
|
|
173
|
+
retry:
|
|
174
|
+
limit: 5
|
|
175
|
+
backoff:
|
|
176
|
+
duration: 5s
|
|
177
|
+
factor: 2
|
|
178
|
+
maxDuration: 3m
|
|
179
|
+
```
|
|
180
|
+
|
|
181
|
+
**Flux:**
|
|
182
|
+
|
|
183
|
+
```yaml
|
|
184
|
+
spec:
|
|
185
|
+
interval: 1m
|
|
186
|
+
prune: true
|
|
187
|
+
wait: true
|
|
188
|
+
timeout: 5m
|
|
189
|
+
```
|
|
190
|
+
|
|
191
|
+
## Progressive Delivery
|
|
192
|
+
|
|
193
|
+
### Canary Deployment with ArgoCD Rollouts
|
|
194
|
+
|
|
195
|
+
```yaml
|
|
196
|
+
apiVersion: argoproj.io/v1alpha1
|
|
197
|
+
kind: Rollout
|
|
198
|
+
metadata:
|
|
199
|
+
name: my-app
|
|
200
|
+
spec:
|
|
201
|
+
replicas: 5
|
|
202
|
+
strategy:
|
|
203
|
+
canary:
|
|
204
|
+
steps:
|
|
205
|
+
- setWeight: 20
|
|
206
|
+
- pause: { duration: 1m }
|
|
207
|
+
- setWeight: 50
|
|
208
|
+
- pause: { duration: 2m }
|
|
209
|
+
- setWeight: 100
|
|
210
|
+
```
|
|
211
|
+
|
|
212
|
+
### Blue-Green Deployment
|
|
213
|
+
|
|
214
|
+
```yaml
|
|
215
|
+
strategy:
|
|
216
|
+
blueGreen:
|
|
217
|
+
activeService: my-app
|
|
218
|
+
previewService: my-app-preview
|
|
219
|
+
autoPromotionEnabled: false
|
|
220
|
+
```
|
|
221
|
+
|
|
222
|
+
## Secret Management
|
|
223
|
+
|
|
224
|
+
### External Secrets Operator
|
|
225
|
+
|
|
226
|
+
```yaml
|
|
227
|
+
apiVersion: external-secrets.io/v1beta1
|
|
228
|
+
kind: ExternalSecret
|
|
229
|
+
metadata:
|
|
230
|
+
name: db-credentials
|
|
231
|
+
spec:
|
|
232
|
+
refreshInterval: 1h
|
|
233
|
+
secretStoreRef:
|
|
234
|
+
name: aws-secrets-manager
|
|
235
|
+
kind: SecretStore
|
|
236
|
+
target:
|
|
237
|
+
name: db-credentials
|
|
238
|
+
data:
|
|
239
|
+
- secretKey: password
|
|
240
|
+
remoteRef:
|
|
241
|
+
key: prod/db/password
|
|
242
|
+
```
|
|
243
|
+
|
|
244
|
+
### Sealed Secrets
|
|
245
|
+
|
|
246
|
+
```bash
|
|
247
|
+
# Encrypt secret
|
|
248
|
+
kubeseal --format yaml < secret.yaml > sealed-secret.yaml
|
|
249
|
+
|
|
250
|
+
# Commit sealed-secret.yaml to Git
|
|
251
|
+
```
|
|
252
|
+
|
|
253
|
+
## Best Practices
|
|
254
|
+
|
|
255
|
+
1. **Use separate repos or branches** for different environments
|
|
256
|
+
2. **Implement RBAC** for Git repositories
|
|
257
|
+
3. **Enable notifications** for sync failures
|
|
258
|
+
4. **Use health checks** for custom resources
|
|
259
|
+
5. **Implement approval gates** for production
|
|
260
|
+
6. **Keep secrets out of Git** (use External Secrets)
|
|
261
|
+
7. **Use App of Apps pattern** for organization
|
|
262
|
+
8. **Tag releases** for easy rollback
|
|
263
|
+
9. **Monitor sync status** with alerts
|
|
264
|
+
10. **Test changes** in staging first
|
|
265
|
+
|
|
266
|
+
## Troubleshooting
|
|
267
|
+
|
|
268
|
+
**Sync failures:**
|
|
269
|
+
|
|
270
|
+
```bash
|
|
271
|
+
argocd app get my-app
|
|
272
|
+
argocd app sync my-app --prune
|
|
273
|
+
```
|
|
274
|
+
|
|
275
|
+
**Out of sync status:**
|
|
276
|
+
|
|
277
|
+
```bash
|
|
278
|
+
argocd app diff my-app
|
|
279
|
+
argocd app sync my-app --force
|
|
280
|
+
```
|