sander/ops-demo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Split host/vm scripts and fix Argo tunnel workflow

Browse source
This commit is contained in:
Paul Harkink 2026-02-28 20:04:01 +01:00
parent 4d77c82012
commit cb912cfed6
15 changed files with 115 additions and 81 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
README.md
View file

@ -40,21 +40,21 @@ vagrant up
``` ```
3. Run bootstrap vanaf je host (script voert bootstrap in de VM uit). 3. Run bootstrap vanaf je host (script voert bootstrap in de VM uit).
```bash ```bash
./scripts/bootstrap-from-host.sh ./scripts/host/bootstrap-from-host.sh
``` ```
```powershell ```powershell
./scripts/bootstrap-from-host.ps1 ./scripts/host/bootstrap-from-host.ps1
``` ```
4. Open ArgoCD UI via tunnel. 4. Open ArgoCD UI via tunnel.
```bash ```bash
./scripts/argocd-ui-tunnel.sh ./scripts/host/argocd-ui-tunnel.sh
``` ```
```powershell ```powershell
./scripts/argocd-ui-tunnel.ps1 ./scripts/host/argocd-ui-tunnel.ps1
``` ```
5. Open in je browser: 5. Open in je browser:
```text ```text
https://localhost:8080 http://localhost:8080
``` ```
Volg daarna de oefeningen in volgorde. Zie [docs/vm-setup.md](docs/vm-setup.md) als er iets misgaat bij de VM. Volg daarna de oefeningen in volgorde. Zie [docs/vm-setup.md](docs/vm-setup.md) als er iets misgaat bij de VM.

2
Vagrantfile vendored
View file

@ -110,7 +110,7 @@ $provision = <<-SHELL
echo " VM provisioned successfully!" echo " VM provisioned successfully!"
echo " SSH: vagrant ssh" echo " SSH: vagrant ssh"
echo " Next step: follow docs/vm-setup.md to verify, then" echo " Next step: follow docs/vm-setup.md to verify, then"
echo " run scripts/bootstrap.sh to install ArgoCD" echo " run ./scripts/host/bootstrap-from-host.sh to install ArgoCD"
echo "════════════════════════════════════════════════════════" echo "════════════════════════════════════════════════════════"
SHELL SHELL

2
docs/01-argocd-bootstrap.md
View file

@ -32,7 +32,7 @@ kubectl get nodes
### 1. Bootstrap-script uitvoeren ### 1. Bootstrap-script uitvoeren
```bash ```bash
./scripts/bootstrap.sh ./scripts/vm/bootstrap.sh
``` ```
Het script doet het volgende: Het script doet het volgende:

4
docs/04-tekton-pipeline.md
View file

@ -185,7 +185,7 @@ git push
De pipeline moet kunnen pushen naar jouw fork. Maak een GitHub PAT aan met `repo`-scope en voer dan uit: De pipeline moet kunnen pushen naar jouw fork. Maak een GitHub PAT aan met `repo`-scope en voer dan uit:
```bash ```bash
./scripts/set-git-credentials.sh <jouw-github-gebruikersnaam> <jouw-pat> ./scripts/vm/set-git-credentials.sh <jouw-github-gebruikersnaam> <jouw-pat>
``` ```
Dit maakt een Kubernetes Secret aan in de cluster — **het PAT komt niet in Git**. Dit maakt een Kubernetes Secret aan in de cluster — **het PAT komt niet in Git**.
@ -261,7 +261,7 @@ kubectl apply -f manifests/ci/pipeline/pipelinerun.yaml
| Symptoom | Oplossing | | Symptoom | Oplossing |
|----------|-----------| |----------|-----------|
| PipelineRun blijft "Running" | `kubectl describe pipelinerun -n tekton-pipelines bump-podinfo-to-670` | | PipelineRun blijft "Running" | `kubectl describe pipelinerun -n tekton-pipelines bump-podinfo-to-670` |
| Secret `git-credentials` niet gevonden | Voer `./scripts/set-git-credentials.sh` uit | | Secret `git-credentials` niet gevonden | Voer `./scripts/vm/set-git-credentials.sh` uit |
| Push mislukt: 403 Forbidden | PAT heeft onvoldoende rechten — `repo`-scope vereist | | Push mislukt: 403 Forbidden | PAT heeft onvoldoende rechten — `repo`-scope vereist |
| ArgoCD synchroniseert niet | Klik **Refresh** in de UI | | ArgoCD synchroniseert niet | Klik **Refresh** in de UI |

2
docs/presentation/final-talk.md
View file

@ -89,7 +89,7 @@ PR: "bump API naar v2.3.1-hotfix"
**Drift detection**: Als iemand direct `kubectl apply` doet, ziet ArgoCD drift en kan het automatisch terugdraaien. De cluster convergeert altijd terug naar wat in Git staat. **Drift detection**: Als iemand direct `kubectl apply` doet, ziet ArgoCD drift en kan het automatisch terugdraaien. De cluster convergeert altijd terug naar wat in Git staat.
**Disaster recovery**: Cluster weg? `vagrant up` + `./scripts/bootstrap.sh` + `kubectl apply -f apps/root.yaml` en ArgoCD bouwt alles opnieuw op. Git is je backup. **Disaster recovery**: Cluster weg? `vagrant up` + `./scripts/vm/bootstrap.sh` + `kubectl apply -f apps/root.yaml` en ArgoCD bouwt alles opnieuw op. Git is je backup.
**Samenwerking tussen teams**: Developers openen PR's voor deploys. Ops reviewt manifest-wijzigingen. Geen SSH-sleutels op productie nodig. **Samenwerking tussen teams**: Developers openen PR's voor deploys. Ops reviewt manifest-wijzigingen. Geen SSH-sleutels op productie nodig.

18
scripts/argocd-ui-tunnel.ps1
View file

@ -1,18 +0,0 @@
Set-StrictMode -Version Latest
$ErrorActionPreference = 'Stop'
$RepoRoot = Split-Path -Parent $PSScriptRoot
Set-Location $RepoRoot
$status = vagrant status --machine-readable | Out-String
if ($status -notmatch ',state,running') {
Write-Host '[ops-demo] VM is not running; starting with vagrant up...'
vagrant up
}
Write-Host '[ops-demo] Ensuring VM-side port-forward is running...'
vagrant ssh -c "export KUBECONFIG=/home/vagrant/.kube/config; pgrep -f 'kubectl -n argocd port-forward svc/argocd-server 8080:443' >/dev/null || nohup kubectl -n argocd port-forward svc/argocd-server 8080:443 >/tmp/argocd-port-forward.log 2>&1 &" | Out-Null
Write-Host '[ops-demo] Opening SSH tunnel localhost:8080 -> VM:8080'
Write-Host '[ops-demo] Keep this terminal open while using https://localhost:8080'
vagrant ssh -- -L 8080:127.0.0.1:8080

24
scripts/argocd-ui-tunnel.sh
View file

@ -1,24 +0,0 @@
#!/usr/bin/env bash
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
REPO_ROOT="$(cd "${SCRIPT_DIR}/.." && pwd)"
cd "${REPO_ROOT}"
command -v vagrant >/dev/null 2>&1 || {
echo "ERROR: required command not found: vagrant" >&2
exit 1
}
echo "[ops-demo] Checking VM status..."
if ! vagrant status --machine-readable | rg -q ',state,running'; then
echo "[ops-demo] VM is not running; starting with vagrant up..."
vagrant up
fi
echo "[ops-demo] Ensuring VM-side port-forward is running..."
vagrant ssh -c "export KUBECONFIG=/home/vagrant/.kube/config; pgrep -f 'kubectl -n argocd port-forward svc/argocd-server 8080:443' >/dev/null || nohup kubectl -n argocd port-forward svc/argocd-server 8080:443 >/tmp/argocd-port-forward.log 2>&1 &" >/dev/null
echo "[ops-demo] Opening SSH tunnel localhost:8080 -> VM:8080"
echo "[ops-demo] Keep this terminal open while using https://localhost:8080"
vagrant ssh -- -L 8080:127.0.0.1:8080

24
scripts/host/argocd-ui-tunnel.ps1 Normal file
View file

@ -0,0 +1,24 @@
Set-StrictMode -Version Latest
$ErrorActionPreference = 'Stop'
$RepoRoot = Split-Path -Parent (Split-Path -Parent $PSScriptRoot)
Set-Location $RepoRoot
$status = vagrant status --machine-readable | Out-String
if ($status -notmatch ',state,running') {
Write-Host '[ops-demo] VM is not running; starting with vagrant up...'
vagrant up
}
$check = netstat -ano | Select-String ':8080'
if ($check) {
throw 'localhost:8080 is already in use. Stop that process first.'
}
Write-Host '[ops-demo] Starting VM-side ArgoCD port-forward...'
vagrant ssh -c "cd /vagrant && ./scripts/vm/start-argocd-port-forward.sh" | Out-Null
Write-Host '[ops-demo] Starting SSH tunnel localhost:8080 -> VM:8080'
Write-Host '[ops-demo] Tunnel actief. Open: http://localhost:8080'
Write-Host '[ops-demo] Stoppen met Ctrl+C.'
vagrant ssh -- -N -o ExitOnForwardFailure=yes -o ServerAliveInterval=30 -L 8080:127.0.0.1:8080

30
scripts/host/argocd-ui-tunnel.sh Executable file
View file

@ -0,0 +1,30 @@
#!/usr/bin/env bash
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
REPO_ROOT="$(cd "${SCRIPT_DIR}/../.." && pwd)"
cd "${REPO_ROOT}"
command -v vagrant >/dev/null 2>&1 || {
echo "ERROR: required command not found: vagrant" >&2
exit 1
}
echo "[ops-demo] Checking VM status..."
if ! vagrant status --machine-readable | rg -q ',state,running'; then
echo "[ops-demo] VM is not running; starting with vagrant up..."
vagrant up
fi
if command -v lsof >/dev/null 2>&1 && lsof -nP -iTCP:8080 -sTCP:LISTEN >/dev/null 2>&1; then
echo "ERROR: localhost:8080 is already in use. Stop that process first."
exit 1
fi
echo "[ops-demo] Starting VM-side ArgoCD port-forward..."
vagrant ssh -c "cd /vagrant && ./scripts/vm/start-argocd-port-forward.sh"
echo "[ops-demo] Starting SSH tunnel localhost:8080 -> VM:8080"
echo "[ops-demo] Tunnel actief. Open: http://localhost:8080"
echo "[ops-demo] Stoppen met Ctrl+C."
exec vagrant ssh -- -N -o ExitOnForwardFailure=yes -o ServerAliveInterval=30 -L 8080:127.0.0.1:8080

21
scripts/bootstrap-from-host.ps1 → scripts/host/bootstrap-from-host.ps1
View file

@ -1,22 +1,17 @@
Set-StrictMode -Version Latest Set-StrictMode -Version Latest
$ErrorActionPreference = 'Stop' $ErrorActionPreference = 'Stop'
$RepoRoot = Split-Path -Parent $PSScriptRoot $RepoRoot = Split-Path -Parent (Split-Path -Parent $PSScriptRoot)
Set-Location $RepoRoot Set-Location $RepoRoot
function Ensure-VagrantRunning { $status = vagrant status --machine-readable | Out-String
$status = vagrant status --machine-readable | Out-String if ($status -notmatch ',state,running') {
if ($status -notmatch ',state,running') { Write-Host '[ops-demo] VM is not running; starting with vagrant up...'
Write-Host '[ops-demo] VM is not running; starting with vagrant up...' vagrant up
vagrant up
}
} }
Write-Host '[ops-demo] Checking VM status...'
Ensure-VagrantRunning
Write-Host '[ops-demo] Running bootstrap in VM...' Write-Host '[ops-demo] Running bootstrap in VM...'
$output = vagrant ssh -c "export KUBECONFIG=/home/vagrant/.kube/config; cd /vagrant && ./scripts/bootstrap.sh" | Out-String $output = vagrant ssh -c "cd /vagrant && ./scripts/vm/bootstrap.sh" | Out-String
Write-Host $output Write-Host $output
$password = $null $password = $null
@ -39,5 +34,5 @@ if ($password) {
Write-Host '' Write-Host ''
Write-Host 'Next step to open ArgoCD UI from host:' Write-Host 'Next step to open ArgoCD UI from host:'
Write-Host ' ./scripts/argocd-ui-tunnel.ps1' Write-Host ' ./scripts/host/argocd-ui-tunnel.ps1'
Write-Host 'Then browse: https://localhost:8080' Write-Host 'Then browse: http://localhost:8080'

18
scripts/bootstrap-from-host.sh → scripts/host/bootstrap-from-host.sh
View file

@ -2,18 +2,14 @@
set -euo pipefail set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
REPO_ROOT="$(cd "${SCRIPT_DIR}/.." && pwd)" REPO_ROOT="$(cd "${SCRIPT_DIR}/../.." && pwd)"
cd "${REPO_ROOT}" cd "${REPO_ROOT}"
require_cmd() { command -v vagrant >/dev/null 2>&1 || {
command -v "$1" >/dev/null 2>&1 || { echo "ERROR: required command not found: vagrant" >&2
echo "ERROR: required command not found: $1" >&2 exit 1
exit 1
}
} }
require_cmd vagrant
echo "[ops-demo] Checking VM status..." echo "[ops-demo] Checking VM status..."
if ! vagrant status --machine-readable | rg -q ',state,running'; then if ! vagrant status --machine-readable | rg -q ',state,running'; then
echo "[ops-demo] VM is not running; starting with vagrant up..." echo "[ops-demo] VM is not running; starting with vagrant up..."
@ -24,7 +20,7 @@ log_file="$(mktemp)"
trap 'rm -f "${log_file}"' EXIT trap 'rm -f "${log_file}"' EXIT
echo "[ops-demo] Running bootstrap in VM..." echo "[ops-demo] Running bootstrap in VM..."
vagrant ssh -c "export KUBECONFIG=/home/vagrant/.kube/config; cd /vagrant && ./scripts/bootstrap.sh" | tee "${log_file}" vagrant ssh -c "cd /vagrant && ./scripts/vm/bootstrap.sh" | tee "${log_file}"
password="$(sed -n 's/.*ArgoCD admin-wachtwoord: //p' "${log_file}" | tail -n 1 | tr -d '\r')" password="$(sed -n 's/.*ArgoCD admin-wachtwoord: //p' "${log_file}" | tail -n 1 | tr -d '\r')"
if [[ -z "${password}" ]]; then if [[ -z "${password}" ]]; then
@ -41,5 +37,5 @@ fi
echo "" echo ""
echo "Next step to open ArgoCD UI from host:" echo "Next step to open ArgoCD UI from host:"
echo " ./scripts/argocd-ui-tunnel.sh" echo " ./scripts/host/argocd-ui-tunnel.sh"
echo "Then browse: https://localhost:8080" echo "Then browse: http://localhost:8080"

5
scripts/vm/argocd-port-forward.sh Executable file
View file

@ -0,0 +1,5 @@
#!/usr/bin/env bash
set -euo pipefail
export KUBECONFIG=/home/vagrant/.kube/config
exec kubectl -n argocd port-forward svc/argocd-server 8080:443 --address 127.0.0.1

8
scripts/bootstrap.sh → scripts/vm/bootstrap.sh
View file

@ -4,7 +4,7 @@
# #
# Gebruik: # Gebruik:
# cd /vagrant # cd /vagrant
# ./scripts/bootstrap.sh # ./scripts/vm/bootstrap.sh
# #
# Wat het doet: # Wat het doet:
# 1. Detecteert de URL van jouw fork op basis van de git remote # 1. Detecteert de URL van jouw fork op basis van de git remote
@ -19,7 +19,7 @@ set -euo pipefail
ARGOCD_NAMESPACE="argocd" ARGOCD_NAMESPACE="argocd"
ARGOCD_CHART_VERSION="7.7.11" ARGOCD_CHART_VERSION="7.7.11"
REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
EXPECTED_NODE_NAME="ops-demo" EXPECTED_NODE_NAME="ops-demo"
EXPECTED_HOST_ONLY_IP="$(awk -F'"' '/^HOST_ONLY_IP = "/ {print $2; exit}' "${REPO_ROOT}/Vagrantfile" 2>/dev/null || true)" EXPECTED_HOST_ONLY_IP="$(awk -F'"' '/^HOST_ONLY_IP = "/ {print $2; exit}' "${REPO_ROOT}/Vagrantfile" 2>/dev/null || true)"
EXPECTED_HOST_ONLY_IP="${EXPECTED_HOST_ONLY_IP:-192.168.56.10}" EXPECTED_HOST_ONLY_IP="${EXPECTED_HOST_ONLY_IP:-192.168.56.10}"
@ -153,11 +153,11 @@ if [[ -n "${SSH_CONNECTION:-}" ]]; then
echo " Je draait via SSH (headless VM). Gebruik deze flow:" echo " Je draait via SSH (headless VM). Gebruik deze flow:"
echo " 1) Op je laptop: vagrant ssh -- -L 8080:127.0.0.1:8080" echo " 1) Op je laptop: vagrant ssh -- -L 8080:127.0.0.1:8080"
echo " 2) In die VM-shell: kubectl port-forward svc/argocd-server -n argocd 8080:443" echo " 2) In die VM-shell: kubectl port-forward svc/argocd-server -n argocd 8080:443"
echo " 3) Open op je laptop: https://localhost:8080 (login: admin / ${ARGOCD_PASSWORD})" echo " 3) Open op je laptop: http://localhost:8080 (login: admin / ${ARGOCD_PASSWORD})"
else else
echo " Open de ArgoCD UI — voer dit uit in een nieuw terminal:" echo " Open de ArgoCD UI — voer dit uit in een nieuw terminal:"
echo " kubectl port-forward svc/argocd-server -n argocd 8080:443" echo " kubectl port-forward svc/argocd-server -n argocd 8080:443"
echo " Dan: https://localhost:8080 (login: admin / ${ARGOCD_PASSWORD})" echo " Dan: http://localhost:8080 (login: admin / ${ARGOCD_PASSWORD})"
fi fi
echo "" echo ""
echo " apps/root.yaml is aangemaakt met jouw fork-URL." echo " apps/root.yaml is aangemaakt met jouw fork-URL."

2
scripts/set-git-credentials.sh → scripts/vm/set-git-credentials.sh
View file

@ -2,7 +2,7 @@
# set-git-credentials.sh — Create the git-credentials Secret for the Tekton pipeline. # set-git-credentials.sh — Create the git-credentials Secret for the Tekton pipeline.
# #
# Usage: # Usage:
# ./scripts/set-git-credentials.sh <github-username> <github-pat> # ./scripts/vm/set-git-credentials.sh <github-username> <github-pat>
# #
# The PAT needs: repo (read + write) scope. # The PAT needs: repo (read + write) scope.
# The Secret is NOT stored in git — it lives only in the cluster. # The Secret is NOT stored in git — it lives only in the cluster.

26
scripts/vm/start-argocd-port-forward.sh Executable file
View file

@ -0,0 +1,26 @@
#!/usr/bin/env bash
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
LOG_FILE="/tmp/argocd-port-forward.log"
PID_FILE="/tmp/argocd-port-forward.pid"
# Kill any process currently listening on VM localhost:8080.
# We intentionally target the listener port, not a command pattern.
if command -v lsof >/dev/null 2>&1; then
pids="$(lsof -t -iTCP:8080 -sTCP:LISTEN 2>/dev/null || true)"
if [[ -n "${pids}" ]]; then
kill ${pids} >/dev/null 2>&1 || true
sleep 1
fi
fi
nohup "${SCRIPT_DIR}/argocd-port-forward.sh" >"${LOG_FILE}" 2>&1 </dev/null &
echo $! >"${PID_FILE}"
sleep 1
if ! kill -0 "$(cat "${PID_FILE}")" >/dev/null 2>&1; then
echo "ERROR: failed to start VM-side ArgoCD port-forward." >&2
tail -n 40 "${LOG_FILE}" >&2 || true
exit 1
fi