Major refactor (Upgrade k3s v1.30)

.devcontainer/devcontainer.json

@@ -0,0 +1,39 @@
+// For format details, see https://aka.ms/devcontainer.json. For config options, see the
+// README at: https://github.com/devcontainers/templates/tree/main/src/docker-in-docker
+{
+	"name": "Docker in Docker",
+	// Or use a Dockerfile or Docker Compose file. More info: https://containers.dev/guide/dockerfile
+	"image": "mcr.microsoft.com/devcontainers/base:bullseye",
+
+	"features": {
+		"ghcr.io/devcontainers/features/docker-in-docker:2": {},
+		"ghcr.io/devcontainers/features/docker-outside-of-docker:1": {},
+		"ghcr.io/devcontainers-contrib/features/argo-cd:1": {},
+		"ghcr.io/eitsupi/devcontainer-features/go-task:1": {},
+		"ghcr.io/rio/features/k3d:1": {},
+		"ghcr.io/devcontainers-contrib/features/wget-apt-get:1": {}
+	},
+	"customizations": {
+		"vscode": {
+			"extensions": [
+				"task.vscode-task",
+				"kennylong.kubernetes-yaml-formatter",
+				"matt-rudge.auto-open-preview-panel",
+				"bierner.markdown-preview-github-styles",
+				"Phu1237.vs-browser"
+			]
+		}
+	},
+
+	// Use 'forwardPorts' to make a list of ports inside the container available locally.
+	"forwardPorts": ["8080:8080"],
+
+	// Use 'postCreateCommand' to run commands after the container is created.
+ "postCreateCommand": "task tools:install"
+
+	// Configure tool-specific properties.
+	// "customizations": {},
+
+	// Uncomment to connect as root instead. More info: https://aka.ms/dev-containers-non-root.
+	// "remoteUser": "root"
+}

.github/dependabot.yml

@@ -0,0 +1,12 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for more information:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+# https://containers.dev/guide/dependabot
+
+version: 2
+updates:
+ - package-ecosystem: "devcontainers"
+   directory: "/"
+   schedule:
+     interval: weekly

README.md

@@ -1,10 +1,9 @@
 # Local Gitops
 
-- [Local Gitops](#local-gitops)
-    - [Project Objective](#project-objective)
-  - [Resources versioning](#resources-versioning)
-    - [Avaliable Kubernetes services:](#avaliable-kubernetes-services)
-    - [Tools required locally](#tools-required-locally)
+  - [Project Objective](#project-objective)
+  - [Resource and tooling-related versioning](#resources-versioning)
+    - [Kubernetes services available](#avaliable-kubernetes-services)
+    - [Tools required locally to run this project](#tools-required-locally)
       - [Installing requirements (*optional*)](#installing-requirements-optional)
     - [**Initializing the repository**](#initializing-the-repository)
     - [In case you want to reset the environment](#in-case-you-want-to-reset-the-environment)
@@ -24,15 +23,14 @@
 ## Resources versioning
 
 ```bash
-- Kubernetes Version: v1.27.4-k3s1
+- Kubernetes Version: v1.30.2-k3s1
 - ArgoCD Version: v2.8.0
-- k3d tested using v5.6 with v1alpha5 config file
+- k3d tested using v5.6.3 with v1alpha5 config file
 ```
 ### Avaliable Kubernetes services:
 
 > - [ArgoCD][argocd-url] as the main GitOps tool | **Available at [argocd.k8s.localhost][argocd-localhost]**
 > - Access to the cluster using [Nginx Ingress][nginx-url].
-> - On-demand databases clusters with [Zalando Operator for PostgreSQL][postgres-url] | **UI available at [dbs.k8s.localhost][dbs-localhost]**
 > - Hot-Reload secrets and configmaps to pods using [Reloader][reloader-url].
 > - Mirror resources between namespaces using [Reflector][reflector-url].
 

Taskfile.yml

@@ -1,15 +1,6 @@
 version: '3'
+
 vars:
-  CYAN: tput setaf 6
-  RED: tput setaf 1
-  YELLOW: tput setaf 3
-  GREEN: tput setaf 2
-  BLUE: tput setaf 1
-  PURPLE: tput setaf 5
-  BG_B: tput setab 0
-  BOLD: tput bold
-  RESET: tput sgr0
-  CLEAR: tput reset
   INT_REGISTRY: registry.localhost
   PATH_ERROR: is not installed or correctly configured in PATH.
 
@@ -21,60 +12,39 @@ includes:
   argocd: ./tasks/argocd.yaml
   templates: ./tasks/templates.yaml
   tools: ./tasks/tools.yaml
+  cli: ./tasks/cli.yaml
 
 tasks:
-  clear:
-    cmds:
-      - sleep 0.1 && {{.CLEAR}}
-  highlight_bg:
-    cmds:
-      - |
-        sleep 0.1 && \
-        {{.CYAN}} && \
-        {{.BOLD}} && \
-        {{.BG_B}}
-  highlight_normal:
-    cmds:
-      - |
-        sleep 0.1 && \
-        {{.CYAN}} && \
-        {{.BOLD}}
-  reset:
-    cmds:
-      - |
-        sleep 0.1 && \
-        {{.RESET}}
-
   help:
     desc: Displays this message. Type 'task explain -- [command]' to have a in-depth explanation of each command
     cmds:
-      - task: highlight_bg
-      - echo -e "If you want to understand more abount a command, type task explain -- [command]"
-      - task: reset
-      - task --list
+    - task: cli:highlight_bg
+    - echo -e "If you want to understand more abount a command, type task explain -- [command]"
+    - task: cli:reset
+    - task --list
 
   default:
     cmds:
-      - task: dns
-      - task: templates:gen
-      - task: start
-      - task: argocd:install
-      - task: certs
-      - task: argocd:secret
-      - task: argocd:password
-      - task: argocd:bridge
+    - task: dns
+    - task: templates:gen
+    - task: start
+    - task: argocd:install
+    - task: certs
+    - task: argocd:secret
+    - task: argocd:password
+    - task: argocd:bridge
     ignore_error: true
 
   explain:
     desc: Explains a certain Task command more in-detail
     cmds:
-      - task {{.CLI_ARGS}} --summary
+    - task {{.CLI_ARGS}} --summary
 
   start:
     desc: Starts your local k3d cluster.
     preconditions:
-      - sh: "which k3d"
-        msg: "k3d {{.PATH_ERROR}}"
+    - sh: "which k3d"
+      msg: "k3d {{.PATH_ERROR}}"
     summary: |
       Creating a k3d cluster
 
@@ -88,20 +58,20 @@ tasks:
       name configured on the file ('k3d-demo'), as to avoid creating those
       resoures on non-local clusters that may be on KUBECONFIG file as well.
     cmds:
-      - task: clear
-      - k3d cluster delete demo
-      - k3d cluster create --config config/cluster.yaml
-      - task: highlight_normal
-      - echo -e "\nYour cluster has been created. Type 'k3d cluster list' to confirm."
-      - task: reset
+    - task: cli:clear
+    - k3d cluster delete demo
+    - k3d cluster create --config config/cluster.yaml
+    - task: cli:highlight_normal
+    - echo -e "\nYour cluster has been created. Type 'k3d cluster list' to confirm."
+    - task: cli:reset
     ignore_error: true
     interactive: true
 
   dns:
     desc: Creates the DNS entry required for the local domain to work.
     preconditions:
-      - sh: "which hostctl"
-        msg: "hostctl {{.PATH_ERROR}}"
+    - sh: "which hostctl"
+      msg: "hostctl {{.PATH_ERROR}}"
     summary: |
       Configuring Local DNS configuration through hostctl
 
@@ -112,74 +82,74 @@ tasks:
       user to reverse those changes, avoiding pollution on your hosts
       (or equivalent) file.
     cmds:
-      - task: clear
-      - sleep 0.01 && {{if eq OS "windows"}}hostctl add k8s -q < config/.etchosts{{else}}sudo hostctl add k8s -q < config/.etchosts{{end}}
-      - task: highlight_normal
-      - echo -e "Added 'k8s.localhost' and related domains to your hosts file!"
-      - task: reset
+    - task: cli:clear
+    - sleep 0.01 && {{if eq OS "windows"}}hostctl add k8s -q < config/.etchosts{{else}}sudo hostctl add k8s -q < config/.etchosts{{end}}
+    - task: cli:highlight_normal
+    - echo -e "Added 'k8s.localhost' and related domains to your hosts file!"
+    - task: cli:reset
 
   repos:
-    desc: Adds and updates all the required Helm repositories locally.
     preconditions:
-      - sh: "which helm"
-        msg: "helm {{.PATH_ERROR}}"
+    - sh: "which helm"
+      msg: "helm {{.PATH_ERROR}}"
+    internal: true
     cmds:
-      - task: clear
-      - task: highlight_bg
-      - echo -e "This will add new repositories to your local Helm\n"
-      - task: reset
-      - helm repo add chaos-mesh https://charts.chaos-mesh.org
-      - helm repo add hashicorp https://helm.releases.hashicorp.com
-      - helm repo add bitnami https://charts.bitnami.com/bitnami
-      - helm repo add external-dns https://kubernetes-sigs.github.io/external-dns/
-      - helm repo add nginx-stable https://helm.nginx.com/stable
-      - helm repo add hashicorp https://helm.releases.hashicorp.co
-      - helm repo add lwolf-charts http://charts.lwolf.org
-      - helm repo add emberstack https://emberstack.github.io/helm-charts
-      - helm repo add keyporttech https://keyporttech.github.io/helm-charts/
-      - helm repo add agones https://agones.dev/chart/stable
-      - helm repo add drone https://charts.drone.io
-      - helm repo add stakater https://stakater.github.io/stakater-charts
-      - helm repo add ananace-charts https://ananace.gitlab.io/charts
-      - helm repo add sealed-secrets https://bitnami-labs.github.io/sealed-secrets
-      - helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
-      - task: clear
-      - echo -e "This will add new repositories to your local Helm\n"
-      - task: highlight_normal
-      - echo -e "Finished adding repositories. Updating them now.\n"
-      - task: reset
-      - helm repo update
+    - task: cli:clear
+    - task: cli:highlight_bg
+    - echo -e "This will add new repositories to your local Helm\n"
+    - task: cli:reset
+    - helm repo add chaos-mesh https://charts.chaos-mesh.org
+    - helm repo add hashicorp https://helm.releases.hashicorp.com
+    - helm repo add bitnami https://charts.bitnami.com/bitnami
+    - helm repo add external-dns https://kubernetes-sigs.github.io/external-dns/
+    - helm repo add nginx-stable https://helm.nginx.com/stable
+    - helm repo add hashicorp https://helm.releases.hashicorp.co
+    - helm repo add lwolf-charts http://charts.lwolf.org
+    - helm repo add emberstack https://emberstack.github.io/helm-charts
+    - helm repo add keyporttech https://keyporttech.github.io/helm-charts/
+    - helm repo add agones https://agones.dev/chart/stable
+    - helm repo add drone https://charts.drone.io
+    - helm repo add stakater https://stakater.github.io/stakater-charts
+    - helm repo add ananace-charts https://ananace.gitlab.io/charts
+    - helm repo add sealed-secrets https://bitnami-labs.github.io/sealed-secrets
+    - helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
+    - task: cli:clear
+    - echo -e "This will add new repositories to your local Helm\n"
+    - task: cli:highlight_normal
+    - echo -e "Finished adding repositories. Updating them now.\n"
+    - task: cli:reset
+    - helm repo update
     ignore_error: true
 
   certs:
     desc: Creates and uploads local certificates to the cluster as tls secrets
     dir: config/tls
     preconditions:
-      - sh: "which mkcert"
-        msg: "mkcert {{.PATH_ERROR}}"
-      - sh: "which kubectl"
-        msg: "kubectl {{.PATH_ERROR}}"
+    - sh: "which mkcert"
+      msg: "mkcert {{.PATH_ERROR}}"
+    - sh: "which kubectl"
+      msg: "kubectl {{.PATH_ERROR}}"
     cmds:
-      - task: clear
-      - task: highlight_bg
-      - echo -e "Creating local certificates\n"
-      - task: reset
-      - rm cert.pem key.pem base/tls-secret.yaml ca.pem 2> /dev/null
-      - mkcert -install
-      - mkcert -cert-file cert.pem -key-file key.pem -p12-file p12.pem "*.k8s.localhost" k8s.localhost "*.localhost" ::1 127.0.0.1 localhost 127.0.0.1 "*.internal.localhost" "*.local" 2> /dev/null
-      - base64 {{if eq OS "darwin"}}-b{{else}}-w{{end}} 0 cert.pem > ca.pem
-      - task: highlight_bg
-      - echo -e "Creating certificate secrets on Kubernetes for local TLS enabled by default\n"
-      - task: reset
-      - kubectl config set-context --current --namespace=kube-system --cluster=k3d-demo
-      - kubectl create secret tls tls-secret --cert=cert.pem --key=key.pem --dry-run=client -o yaml >base/tls-secret.yaml
-      - kubectl apply -k ./
-      - task: highlight_bg
-      - echo -e "\nCertificate resources have been created.\n"
-      - task: reset
+    - task: cli:clear
+    - task: cli:highlight_bg
+    - echo -e "Creating local certificates\n"
+    - task: cli:reset
+    - rm cert.pem key.pem base/tls-secret.yaml ca.pem 2> /dev/null
+    - mkcert -install
+    - mkcert -cert-file cert.pem -key-file key.pem -p12-file p12.pem "*.k8s.localhost" k8s.localhost "*.localhost" ::1 127.0.0.1 localhost 127.0.0.1 "*.internal.localhost" "*.local" 2> /dev/null
+    - base64 {{if eq OS "darwin"}}-b{{else}}-w{{end}} 0 cert.pem > ca.pem
+    - task: cli:highlight_bg
+    - echo -e "Creating certificate secrets on Kubernetes for local TLS enabled by default\n"
+    - task: cli:reset
+    - kubectl config set-context --current --namespace=kube-system --cluster=k3d-demo
+    - kubectl create secret tls tls-secret --cert=cert.pem --key=key.pem --dry-run=client -o yaml >base/tls-secret.yaml
+    - kubectl apply -k ./
+    - task: cli:highlight_bg
+    - echo -e "\nCertificate resources have been created.\n"
+    - task: cli:reset
     ignore_error: true
 
   ns:system:
     cmds:
-      - kubectl config set-context --current --namespace=kube-system --cluster=k3d-demo
+    - kubectl config set-context --current --namespace=kube-system --cluster=k3d-demo
     ignore_error: true

apps/argocd/base/apps/example.yaml

@@ -2,14 +2,12 @@ apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
   name: example-app
-  finalizers:
-    - resources-finalizer.argocd.argoproj.io
 spec:
   project: apps
   source:
     repoURL: 'https://github.com/gruberdev/local-gitops.git'
     path: apps/example
-    targetRevision: main
+    targetRevision: feat/upgrade
   destination:
     namespace: example
     name: in-cluster

apps/argocd/base/apps/template.yaml

@@ -2,32 +2,26 @@ apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
   name: template-app
-  finalizers:
-    - resources-finalizer.argocd.argoproj.io
 spec:
   project: apps
   source:
     repoURL: 'https://github.com/gruberdev/local-gitops.git'
     path: apps/template
-    targetRevision: main
+    targetRevision: feat/upgrade
   destination:
     namespace: development
     name: in-cluster
   syncPolicy:
     automated:
       prune: true
       selfHeal: true
-      allowEmpty: true
     syncOptions:
-    - Validate=true
-    - CreateNamespace=true
-    - PrunePropagationPolicy=foreground
-    - PruneLast=true
-    - ApplyOutOfSyncOnly=false
     - Prune=true
+    - ServerSideApply=true
+    - CreateNamespace=true
     retry:
       limit: 5
       backoff:
-        duration: 35s
+        duration: 20s
         factor: 2
         maxDuration: 15m