diff --git a/kustomize/bases/drone/drone-runner-deployment.yaml b/kustomize/bases/drone/drone-runner-deployment.yaml index 477c4e7..245d3ab 100644 --- a/kustomize/bases/drone/drone-runner-deployment.yaml +++ b/kustomize/bases/drone/drone-runner-deployment.yaml @@ -20,8 +20,12 @@ spec: - name: drone image: drone/drone-runner-kube env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace - name: DRONE_RPC_HOST - value: drone.gitea.svc.cluster.local + value: drone.$(NAMESPACE).svc.cluster.local - name: DRONE_RPC_PROTO value: http - name: DRONE_RPC_SECRET diff --git a/kustomize/bases/drone/drone-server-ingress.yaml b/kustomize/bases/drone/drone-server-ingress.yaml index a9b8de9..144ddc8 100644 --- a/kustomize/bases/drone/drone-server-ingress.yaml +++ b/kustomize/bases/drone/drone-server-ingress.yaml @@ -4,14 +4,7 @@ metadata: name: drone labels: app.kubernetes.io/name: drone - annotations: - # nginx.ingress.kubernetes.io/rewrite-target: / - # cert-manager.io/cluster-issuer: letsencrypt spec: - # tls: - # - hosts: - # - ${GITEA_EXTERNAL_HOST} - # secretName: letsencrypt-cert rules: - host: ${DRONE_EXTERNAL_HOST} http: diff --git a/kustomize/bases/gitea/gitea-ingress.yaml b/kustomize/bases/gitea/gitea-ingress.yaml index 4fd8310..c1ce0bf 100644 --- a/kustomize/bases/gitea/gitea-ingress.yaml +++ b/kustomize/bases/gitea/gitea-ingress.yaml @@ -4,14 +4,7 @@ metadata: name: gitea labels: app.kubernetes.io/name: gitea - annotations: - # nginx.ingress.kubernetes.io/rewrite-target: / - # cert-manager.io/cluster-issuer: letsencrypt spec: - # tls: - # - hosts: - # - ${GITEA_EXTERNAL_HOST} - # secretName: letsencrypt-cert rules: - host: ${GITEA_EXTERNAL_HOST} http: diff --git a/kustomize/bases/grafana/grafana-ingress.yaml b/kustomize/bases/grafana/grafana-ingress.yaml index 2315f25..c13a83f 100644 --- a/kustomize/bases/grafana/grafana-ingress.yaml +++ b/kustomize/bases/grafana/grafana-ingress.yaml @@ -4,14 +4,7 @@ metadata: name: grafana labels: app.kubernetes.io/name: grafana - annotations: - # nginx.ingress.kubernetes.io/rewrite-target: / - # cert-manager.io/cluster-issuer: letsencrypt spec: - # tls: - # - hosts: - # - ${GRAFANA_EXTERNAL_HOST} - # secretName: letsencrypt-cert rules: - host: ${GRAFANA_EXTERNAL_HOST} http: diff --git a/kustomize/bases/kubernetes-dashboard/dashboard-ingress.yaml b/kustomize/bases/kubernetes-dashboard/dashboard-ingress.yaml index 1570f2c..d4e849a 100644 --- a/kustomize/bases/kubernetes-dashboard/dashboard-ingress.yaml +++ b/kustomize/bases/kubernetes-dashboard/dashboard-ingress.yaml @@ -4,16 +4,7 @@ metadata: name: kubernetes-dashboard labels: app.kubernetes.io/name: kubernetes-dashboard - annotations: - # nginx.ingress.kubernetes.io/rewrite-target: / - # nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - # ingress.kubernetes.io/protocol: https - # cert-manager.io/cluster-issuer: letsencrypt spec: - # tls: - # - hosts: - # - ${GITEA_EXTERNAL_HOST} - # secretName: letsencrypt-cert rules: - host: ${KUBERNETES_DASHBOARD_EXTERNAL_HOST} http: diff --git a/kustomize/bases/node-exporter/node-exporter-daemonset.yaml b/kustomize/bases/node-exporter/node-exporter-daemonset.yaml index 001d783..8f2ad75 100644 --- a/kustomize/bases/node-exporter/node-exporter-daemonset.yaml +++ b/kustomize/bases/node-exporter/node-exporter-daemonset.yaml @@ -19,7 +19,7 @@ spec: hostPID: true containers: - name: node-exporter - image: prom/node-exporter:v0.18.1 + image: prom/node-exporter args: - "--path.procfs=/host/proc" - "--path.sysfs=/host/sys" diff --git a/kustomize/bases/postgres/postgres-statefulset.yaml b/kustomize/bases/postgres/postgres-statefulset.yaml index cdbf1c0..fe02b3b 100644 --- a/kustomize/bases/postgres/postgres-statefulset.yaml +++ b/kustomize/bases/postgres/postgres-statefulset.yaml @@ -1,4 +1,3 @@ -# PostgreSQL StatefulSet apiVersion: apps/v1 kind: StatefulSet metadata: @@ -50,7 +49,6 @@ spec: volumeMounts: - name: postgres-pvc mountPath: /data - # Volume Claim volumeClaimTemplates: - metadata: name: postgres-pvc @@ -58,7 +56,7 @@ spec: accessModes: ["ReadWriteOnce"] resources: requests: - storage: 5Gi + storage: 3Gi --- apiVersion: v1 kind: Service diff --git a/kustomize/bases/prometheus/prometheus-ingress.yaml b/kustomize/bases/prometheus/prometheus-ingress.yaml index 4bc6652..fc18f8c 100644 --- a/kustomize/bases/prometheus/prometheus-ingress.yaml +++ b/kustomize/bases/prometheus/prometheus-ingress.yaml @@ -4,14 +4,7 @@ metadata: name: prometheus labels: app.kubernetes.io/name: prometheus - annotations: - # nginx.ingress.kubernetes.io/rewrite-target: / - # cert-manager.io/cluster-issuer: letsencrypt spec: - # tls: - # - hosts: - # - ${prometheus_EXTERNAL_HOST} - # secretName: letsencrypt-cert rules: - host: ${PROMETHEUS_EXTERNAL_HOST} http: diff --git a/kustomize/bases/prometheus/prometheus-rbac.yaml b/kustomize/bases/prometheus/prometheus-rbac.yaml index e1b98a6..a83d648 100644 --- a/kustomize/bases/prometheus/prometheus-rbac.yaml +++ b/kustomize/bases/prometheus/prometheus-rbac.yaml @@ -1,4 +1,4 @@ -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: prometheus @@ -15,6 +15,11 @@ rules: resources: - configmaps verbs: ["get"] +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: ["get", "list", "watch"] - nonResourceURLs: ["/metrics"] verbs: ["get"] --- @@ -23,7 +28,7 @@ kind: ServiceAccount metadata: name: prometheus --- -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: prometheus diff --git a/kustomize/bases/traefik/kustomization.yaml b/kustomize/bases/traefik/kustomization.yaml index 787bb6a..7ba7492 100644 --- a/kustomize/bases/traefik/kustomization.yaml +++ b/kustomize/bases/traefik/kustomization.yaml @@ -1,2 +1,4 @@ +# http://localhost:8001/api/v1/namespaces/kube-system/services/traefik:traefik + resources: - - traefik-helmchartconfig.yaml + - traefik-helmchartconfig.yaml \ No newline at end of file diff --git a/kustomize/bases/traefik/traefik-helmchartconfig.yaml b/kustomize/bases/traefik/traefik-helmchartconfig.yaml index b31e4a1..0071e7f 100644 --- a/kustomize/bases/traefik/traefik-helmchartconfig.yaml +++ b/kustomize/bases/traefik/traefik-helmchartconfig.yaml @@ -7,6 +7,9 @@ spec: additionalArguments: - '--serversTransport.insecureSkipVerify=true' - '--metrics.prometheus=true' + ports: + traefik: + expose: true # ports: # web: # redirectTo: websecure \ No newline at end of file diff --git a/kustomize/bases/traefik/traefik-ingress.yaml b/kustomize/bases/traefik/traefik-ingress.yaml new file mode 100644 index 0000000..7737b7e --- /dev/null +++ b/kustomize/bases/traefik/traefik-ingress.yaml @@ -0,0 +1,18 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: traefik + labels: + app.kubernetes.io/name: traefik +spec: + rules: + - host: ${TRAEFIK_EXTERNAL_HOST} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: traefik + port: + name: traefik diff --git a/kustomize/overlays/dev-cluster/kustomization.yaml b/kustomize/overlays/dev-cluster/kustomization.yaml index 8b01f9a..9028d37 100644 --- a/kustomize/overlays/dev-cluster/kustomization.yaml +++ b/kustomize/overlays/dev-cluster/kustomization.yaml @@ -5,3 +5,6 @@ bases: # allow "kubectl apply -l managed-by=cluster --prune ..." commonlabels: managed-by: kustomize-cluster + +transformers: + - transformers/placeholders.yaml \ No newline at end of file diff --git a/kustomize/overlays/dev-cluster/placeholders.txt b/kustomize/overlays/dev-cluster/placeholders.txt new file mode 100644 index 0000000..b81346a --- /dev/null +++ b/kustomize/overlays/dev-cluster/placeholders.txt @@ -0,0 +1 @@ +TRAEFIK_EXTERNAL_HOST=traefik.localhost \ No newline at end of file diff --git a/kustomize/overlays/dev-cluster/transformers/placeholders.yaml b/kustomize/overlays/dev-cluster/transformers/placeholders.yaml new file mode 100644 index 0000000..e3e18dd --- /dev/null +++ b/kustomize/overlays/dev-cluster/transformers/placeholders.yaml @@ -0,0 +1,5 @@ +apiVersion: badjware/v1 +kind: PlaceholderTransformer +metadata: + name: placeholders +placeholdersFile: placeholders.txt \ No newline at end of file diff --git a/kustomize/overlays/dev/kustomization.yaml b/kustomize/overlays/dev/kustomization.yaml index fbc2d7c..5992f97 100644 --- a/kustomize/overlays/dev/kustomization.yaml +++ b/kustomize/overlays/dev/kustomization.yaml @@ -10,6 +10,8 @@ images: newtag: 1.15.0 - name: grafana newtag: 8.1.2 + - name: prom/node-exporter + newtag: v0.18.1 - name: drone/drone newtag: 2.0.6 - name: drone/drone-runner-kube @@ -36,6 +38,7 @@ secretGenerator: - client_secret=Q78VsgyfgTzKrvQEmokEMj84g7epKrlBpmDjcbhKXCIh - name: postgres-credentials-secret type: Opaque + namespace: nextcloud behavior: replace literals: - database=nextcloud diff --git a/kustomize/overlays/dev/placeholders.txt b/kustomize/overlays/dev/placeholders.txt index 292e9b0..9770037 100644 --- a/kustomize/overlays/dev/placeholders.txt +++ b/kustomize/overlays/dev/placeholders.txt @@ -1,7 +1,7 @@ GITEA_EXTERNAL_HOST=gitea.localhost +DRONE_EXTERNAL_HOST=drone.localhost NEXTCLOUD_EXTERNAL_HOST=nextcloud.localhost -DRONE_EXTERNAL_HOST=drone.localhost GRAFANA_EXTERNAL_HOST=grafana.localhost KUBERNETES_DASHBOARD_EXTERNAL_HOST=kubernetes-dashboard.localhost PROMETHEUS_EXTERNAL_HOST=prometheus.localhost diff --git a/kustomize/overlays/prod-cluster/placeholders.txt b/kustomize/overlays/prod-cluster/placeholders.txt index 5c5dc44..64830a1 100644 --- a/kustomize/overlays/prod-cluster/placeholders.txt +++ b/kustomize/overlays/prod-cluster/placeholders.txt @@ -1 +1,2 @@ -LONGHORN_EXTERNAL_HOST=longhorn.badjnet.local \ No newline at end of file +TRAEFIK_EXTERNAL_HOST=traefik.badjnet.home +LONGHORN_EXTERNAL_HOST=longhorn.badjnet.home \ No newline at end of file diff --git a/kustomize/overlays/prod/kustomization.yaml b/kustomize/overlays/prod/kustomization.yaml index cf7612d..e54405d 100644 --- a/kustomize/overlays/prod/kustomization.yaml +++ b/kustomize/overlays/prod/kustomization.yaml @@ -3,16 +3,23 @@ bases: - ../../namespaces/gitea - ../../namespaces/grafana - ../../namespaces/monitoring + - ../../namespaces/nextcloud images: - name: gitea/gitea newtag: 1.15.0 - name: grafana newtag: 8.1.2 + - name: prom/node-exporter + newtag: v0.18.1 - name: drone/drone newtag: 2.0.6 - name: drone/drone-runner-kube newtag: 1.0.0-beta.9 + - name: nextcloud + newtag: 22.1.0 + - name: postgres + newtag: 9.6.23 secretGenerator: - name: drone-secret @@ -29,6 +36,14 @@ secretGenerator: literals: - client_id=${ssm:/k3s/prod/drone/gitea/client_id} - client_secret=${ssm:/k3s/prod/drone/gitea/client_secret} + - name: postgres-credentials-secret + type: Opaque + namespace: nextcloud + behavior: replace + literals: + - database=nextcloud + - username=nextcloud + - password=${ssm:/k3s/prod/nextcloud/postgres/password} # allow "kubectl apply -l managed-by=kustomize --prune ..." commonlabels: diff --git a/kustomize/overlays/prod/placeholders.txt b/kustomize/overlays/prod/placeholders.txt index bf41747..e8f0506 100644 --- a/kustomize/overlays/prod/placeholders.txt +++ b/kustomize/overlays/prod/placeholders.txt @@ -2,6 +2,6 @@ GITEA_EXTERNAL_HOST=code.badjware.dev DRONE_EXTERNAL_HOST=drone.badjware.dev NEXTCLOUD_EXTERNAL_HOST=cloud.badjware.dev -GRAFANA_EXTERNAL_HOST=grafana.badjnet.local -KUBERNETES_DASHBOARD_EXTERNAL_HOST=kubernetes-dashboard.badjnet.local -PROMETHEUS_EXTERNAL_HOST=prometheus.badjnet.local +GRAFANA_EXTERNAL_HOST=grafana.badjnet.home +KUBERNETES_DASHBOARD_EXTERNAL_HOST=kubernetes-dashboard.badjnet.home +PROMETHEUS_EXTERNAL_HOST=prometheus.badjnet.home