remoll/k3s-infra
0
0
Fork 0
Code Issues 1 Pull Requests 3 Packages Projects Releases Wiki Activity

steps towards a completely managed cluster

Browse Source
This commit is contained in:
Remy Moll
2024-03-20 23:45:08 +01:00
parent 84a47b15b6
commit 443da20ff9
19 changed files with 223 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.gitignore vendored
View File

@@ -1,2 +1,6 @@
# Kubernetes secrets
*.secret.yaml *.secret.yaml
main.key
# Helm Chart files
charts/ charts/

17
README.md
View File

@@ -1,7 +1,6 @@
# Kluster setup and IaaC using argoCD # Kluster setup and IaaC using argoCD
### Initial setup ### Initial setup
#### Requirements: #### Requirements:
- A running k3s instance - A running k3s instance
@@ -28,5 +27,21 @@ The app-of-apps will bootstrap a fully featured cluster with the following compo
- immich - immich
- ... - ...
#### Recap
- install sealedsecrets see [README](./infrastructure/sealedsecrets/README.md)
```bash
kubectl apply -k infrastructure/sealedsecrets
kubectl apply -f infrastructure/sealedsecrets/main.key
kubectl delete pod -n kube-system -l name=sealed-secrets-controller
```
- install argocd
```bash
kubectl apply -k infrastructure/argocd
```
- wait...
### Adding an application ### Adding an application
todo

48
apps/ocis/deployment.yaml Normal file
View File

@@ -0,0 +1,48 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: ocis-statefulset
spec:
selector:
matchLabels:
app: ocis
serviceName: ocis-web
replicas: 1
template:
metadata:
labels:
app: ocis
spec:
containers:
- name: ocis
image: ocis
resources:
limits:
memory: "1Gi"
cpu: "1000m"
env:
- name: OCIS_INSECURE
value: "true"
- name: OCIS_URL
value: "https://ocis.kluster.moll.re"
- name: OCIS_LOG_LEVEL
value: "debug"
ports:
- containerPort: 9200
volumeMounts:
- name: ocis-config
mountPath: /etc/ocis
# - name: ocis-config-file
# mountPath: /etc/ocis/config.yaml
- name: ocis-data
mountPath: /var/lib/ocis
volumes:
# - name: ocis-config
# persistentVolumeClaim:
# claimName: ocis-config
- name: ocis-config
secret:
secretName: ocis-config
- name: ocis-data
persistentVolumeClaim:
claimName: ocis-data

18
apps/ocis/ingress.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: ocis-ingressroute
spec:
entryPoints:
- websecure
routes:
- match: Host(`ocis.kluster.moll.re`)
kind: Rule
services:
- name: ocis-web
port: 9200
scheme: https
tls:
certResolver: default-tls

16
apps/ocis/kustomization.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
- ingress.yaml
- service.yaml
- pvc.yaml
- deployment.yaml
- ocis-config.sealedsecret.yaml
namespace: ocis
images:
- name: ocis
newName: owncloud/ocis
newTag: "5.0"

4
apps/ocis/namespace.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: placeholder

17
apps/ocis/ocis-config.sealedsecret.yaml Normal file
View File

File diff suppressed because one or more lines are too long

11
apps/ocis/pvc.yaml Normal file
View File

@@ -0,0 +1,11 @@
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: ocis-data
spec:
storageClassName: nfs-client
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Gi

10
apps/ocis/service.yaml Normal file
View File

@@ -0,0 +1,10 @@
apiVersion: v1
kind: Service
metadata:
name: ocis-web
spec:
selector:
app: ocis
ports:
- port: 9200
targetPort: 9200

10
infrastructure/external/kustomization.yaml vendored Normal file
View File

@@ -0,0 +1,10 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: external
resources:
- omv-s3.ingress.yaml
- openmediavault.ingress.yaml
- proxmox.ingress.yaml

3
infrastructure/external/omv-s3.ingress.yaml vendored
View File

@@ -2,7 +2,6 @@ apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute kind: IngressRoute
metadata: metadata:
name: omv-s3-ingressroute name: omv-s3-ingressroute
namespace: external
spec: spec:
entryPoints: entryPoints:
- websecure - websecure
@@ -20,7 +19,6 @@ apiVersion: v1
kind: Endpoints kind: Endpoints
metadata: metadata:
name: omv-s3 name: omv-s3
namespace: external
subsets: subsets:
- addresses: - addresses:
- ip: 192.168.1.157 - ip: 192.168.1.157
@@ -31,7 +29,6 @@ apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: omv-s3 name: omv-s3
namespace: external
spec: spec:
ports: ports:
- port: 9000 - port: 9000

2
infrastructure/nfs/kustomization.yaml
View File

@@ -3,8 +3,6 @@ kind: Kustomization
namespace: nfs-provisioner namespace: nfs-provisioner
bases:
resources: resources:
- github.com/kubernetes-sigs/nfs-subdir-external-provisioner//deploy - github.com/kubernetes-sigs/nfs-subdir-external-provisioner//deploy
- namespace.yaml - namespace.yaml

9
infrastructure/sealedsecrets/README.md Normal file
View File

@@ -0,0 +1,9 @@
### Restoring sealed secrets
```bash
# install the sealed secrets controller
kubectl kustomize . | kubectl apply -f -
# restore the sealed secrets
kubectl apply -f main.key
# restart pod
kubectl delete pod -n kube-system -l name=sealed-secrets-controller
```

11
infrastructure/sealedsecrets/controller.yaml
View File

@@ -6,7 +6,6 @@ metadata:
labels: labels:
name: sealed-secrets-service-proxier name: sealed-secrets-service-proxier
name: sealed-secrets-service-proxier name: sealed-secrets-service-proxier
namespace: kube-system
rules: rules:
- apiGroups: - apiGroups:
- "" - ""
@@ -35,7 +34,6 @@ metadata:
labels: labels:
name: sealed-secrets-controller name: sealed-secrets-controller
name: sealed-secrets-controller name: sealed-secrets-controller
namespace: kube-system
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: Role kind: Role
@@ -43,7 +41,6 @@ roleRef:
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: sealed-secrets-controller name: sealed-secrets-controller
namespace: kube-system
--- ---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: Role kind: Role
@@ -52,7 +49,6 @@ metadata:
labels: labels:
name: sealed-secrets-key-admin name: sealed-secrets-key-admin
name: sealed-secrets-key-admin name: sealed-secrets-key-admin
namespace: kube-system
rules: rules:
- apiGroups: - apiGroups:
- "" - ""
@@ -116,7 +112,6 @@ metadata:
labels: labels:
name: sealed-secrets-service-proxier name: sealed-secrets-service-proxier
name: sealed-secrets-service-proxier name: sealed-secrets-service-proxier
namespace: kube-system
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: Role kind: Role
@@ -133,7 +128,6 @@ metadata:
labels: labels:
name: sealed-secrets-controller name: sealed-secrets-controller
name: sealed-secrets-controller name: sealed-secrets-controller
namespace: kube-system
spec: spec:
minReadySeconds: 30 minReadySeconds: 30
replicas: 1 replicas: 1
@@ -157,7 +151,7 @@ spec:
command: command:
- controller - controller
env: [] env: []
image: docker.io/bitnami/sealed-secrets-controller:v0.23.1 image: controller
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
livenessProbe: livenessProbe:
httpGet: httpGet:
@@ -342,7 +336,6 @@ metadata:
labels: labels:
name: sealed-secrets-controller name: sealed-secrets-controller
name: sealed-secrets-controller name: sealed-secrets-controller
namespace: kube-system
spec: spec:
ports: ports:
- port: 8080 - port: 8080
@@ -365,7 +358,6 @@ roleRef:
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: sealed-secrets-controller name: sealed-secrets-controller
namespace: kube-system
--- ---
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
@@ -374,4 +366,3 @@ metadata:
labels: labels:
name: sealed-secrets-controller name: sealed-secrets-controller
name: sealed-secrets-controller name: sealed-secrets-controller
namespace: kube-system

12
infrastructure/sealedsecrets/kustomization.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: kube-system
resources:
- controller.yaml
images:
- name: controller
newName: docker.io/bitnami/sealed-secrets-controller
newTag: v0.23.1

19
kluster-deployments/external-services/application.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: external-application
namespace: argocd
spec:
project: infrastructure
source:
repoURL: ssh://git@git.kluster.moll.re:2222/remoll/k3s-infra.git
targetRevision: main
path: infrastructure/external
destination:
server: https://kubernetes.default.svc
namespace: external
syncPolicy:
automated:
prune: true
selfHeal: true

4
kluster-deployments/external-services/kustomization.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- application.yaml

19
kluster-deployments/ocis/application.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: ocis-application
namespace: argocd
spec:
project: apps
source:
repoURL: ssh://git@git.kluster.moll.re:2222/remoll/k3s-infra.git
targetRevision: main
path: apps/ocis
destination:
server: https://kubernetes.default.svc
namespace: ocis
syncPolicy:
automated:
prune: true
selfHeal: true

4
kluster-deployments/ocis/kustomization.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- application.yaml