3.4 KiB
3.4 KiB
Workshop Roadmap
Exercise Map
| # | Exercise | Type | Est. Time | Status |
|---|---|---|---|---|
| 01 | Bootstrap ArgoCD | Core | 30 min | ✅ Implemented |
| 02 | Deploy podinfo via GitOps | Core | 30 min | ✅ Implemented |
| 03 | MetalLB + Ingress-Nginx (LAN exposure) | Core | 45 min | ✅ Implemented |
| 03b | Cloudflare Tunnel voor webhooks | Bonus | 30–45 min | ✅ Implemented |
| 04 | Tekton pipeline (image tag bump → GitOps loop) | Core | 45 min | ✅ Implemented |
| 05 | App upgrade via GitOps | Core | 15 min | ✅ Implemented |
| 06 | Monitoring: Prometheus + Grafana | Bonus | 60 min | ✅ Implemented |
Total core: ~2.5–3h. Beginners may stop after Exercise 03 (~1h45m).
Solution Branches
Model: solution branches are standalone per exercise (not cumulative).
| Branch | State |
|---|---|
solution/01-argocd-bootstrap |
ArgoCD running, root app applied |
solution/02-deploy-podinfo |
podinfo synced via ArgoCD |
solution/03-metallb-ingress |
MetalLB + Ingress-Nginx + podinfo reachable on LAN; CRD caBundle drift handling included |
solution/03b-cloudflare-tunnel |
Cloudflared tunnel connector manifests met token placeholders |
solution/04-tekton-pipeline |
Full Tekton GitOps loop working |
solution/05-app-upgrade |
deployment.yaml bumped to 6.7.0 |
solution/06-monitoring |
Prometheus + Grafana running |
Verification Status
| Exercise | Smoke-tested |
|---|---|
| 01 | ✅ Validated (clean VM + bootstrap + root sync) |
| 02 | ✅ Validated (podinfo app deploy + healthy) |
| 03 | ✅ Validated (MetalLB + ingress + podinfo URL reachable) |
| 04 | ✅ Validated after hardening fixes (PSA patch + pipeline runtime fixes) |
| 05 | ✅ Validated (upgrade/drift workflow over working 04 stack) |
| 06 | ✅ Validated (Prometheus/Grafana app healthy + Grafana ingress reachable) |
Full end-to-end test: completed on ops-demo-tryout from clean baseline through 01–06.
Recent Changes (2026-03-01)
- End-to-end smoke test executed in clean tryout environment (
vagrant destroy && vagrant up). - Exercise 04 hardening to make tutorial reproducible:
- Tekton namespace PodSecurity patch (
pod-security.kubernetes.io/enforce=privileged) - pipeline validate step switched to pure client-side
kubectl create --dry-run=client - clone task now ensures workspace writeability for later task images (
chmod -R a+rwX .) - git clone/push switched to HTTP auth header flow (no URL credential embedding)
- Tekton namespace PodSecurity patch (
- Exercise 04 docs clarified with explicit PSA semantics and workshop trade-offs.
- Assignment clarity improvements across docs/01..06:
- every shell snippet clearly marked as
VMorHOST - removed large per-page top callout blocks; context now lives at snippet level
- every shell snippet clearly marked as
- Exercise 03 docs expanded with practical explanation around MetalLB manifests and key Kubernetes terms.
- Exercise 04 docs expanded with:
- explicit mandatory credential step before PipelineRun
- clear distinction between Argo wrapper manifest vs full Tekton pipeline manifest
- Tekton Dashboard + ingress walkthrough
scripts/vm/set-git-credentials.shnow prints a context-correct PipelineRun path (/vagrant/...fallback included).- Earlier branch-level fixes remain in place:
- root recursive discovery
- MetalLB CRD
caBundledrift handling - Tekton empty
kustomizedrift fix in solution flow