badjware
/
home-stack-kustomize
1
0
Fork 0
Code Releases Activity

cleanup, add traefik dashboard ingress

This commit is contained in:
Massaki Archambault 2021-08-27 15:57:29 -04:00
parent bc434ff3b5
commit 2aa9ed4eff
20 changed files with 71 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
kustomize/bases/drone/drone-runner-deployment.yaml
View File

@ -20,8 +20,12 @@ spec:
- name: drone - name: drone
image: drone/drone-runner-kube image: drone/drone-runner-kube
env: env:
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: DRONE_RPC_HOST - name: DRONE_RPC_HOST
value: drone.gitea.svc.cluster.local value: drone.$(NAMESPACE).svc.cluster.local
- name: DRONE_RPC_PROTO - name: DRONE_RPC_PROTO
value: http value: http
- name: DRONE_RPC_SECRET - name: DRONE_RPC_SECRET

7
kustomize/bases/drone/drone-server-ingress.yaml
View File

@ -4,14 +4,7 @@ metadata:
name: drone name: drone
labels: labels:
app.kubernetes.io/name: drone app.kubernetes.io/name: drone
annotations:
# nginx.ingress.kubernetes.io/rewrite-target: /
# cert-manager.io/cluster-issuer: letsencrypt
spec: spec:
# tls:
# - hosts:
# - ${GITEA_EXTERNAL_HOST}
# secretName: letsencrypt-cert
rules: rules:
- host: ${DRONE_EXTERNAL_HOST} - host: ${DRONE_EXTERNAL_HOST}
http: http:

7
kustomize/bases/gitea/gitea-ingress.yaml
View File

@ -4,14 +4,7 @@ metadata:
name: gitea name: gitea
labels: labels:
app.kubernetes.io/name: gitea app.kubernetes.io/name: gitea
annotations:
# nginx.ingress.kubernetes.io/rewrite-target: /
# cert-manager.io/cluster-issuer: letsencrypt
spec: spec:
# tls:
# - hosts:
# - ${GITEA_EXTERNAL_HOST}
# secretName: letsencrypt-cert
rules: rules:
- host: ${GITEA_EXTERNAL_HOST} - host: ${GITEA_EXTERNAL_HOST}
http: http:

7
kustomize/bases/grafana/grafana-ingress.yaml
View File

@ -4,14 +4,7 @@ metadata:
name: grafana name: grafana
labels: labels:
app.kubernetes.io/name: grafana app.kubernetes.io/name: grafana
annotations:
# nginx.ingress.kubernetes.io/rewrite-target: /
# cert-manager.io/cluster-issuer: letsencrypt
spec: spec:
# tls:
# - hosts:
# - ${GRAFANA_EXTERNAL_HOST}
# secretName: letsencrypt-cert
rules: rules:
- host: ${GRAFANA_EXTERNAL_HOST} - host: ${GRAFANA_EXTERNAL_HOST}
http: http:

9
kustomize/bases/kubernetes-dashboard/dashboard-ingress.yaml
View File

@ -4,16 +4,7 @@ metadata:
name: kubernetes-dashboard name: kubernetes-dashboard
labels: labels:
app.kubernetes.io/name: kubernetes-dashboard app.kubernetes.io/name: kubernetes-dashboard
annotations:
# nginx.ingress.kubernetes.io/rewrite-target: /
# nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
# ingress.kubernetes.io/protocol: https
# cert-manager.io/cluster-issuer: letsencrypt
spec: spec:
# tls:
# - hosts:
# - ${GITEA_EXTERNAL_HOST}
# secretName: letsencrypt-cert
rules: rules:
- host: ${KUBERNETES_DASHBOARD_EXTERNAL_HOST} - host: ${KUBERNETES_DASHBOARD_EXTERNAL_HOST}
http: http:

2
kustomize/bases/node-exporter/node-exporter-daemonset.yaml
View File

@ -19,7 +19,7 @@ spec:
hostPID: true hostPID: true
containers: containers:
- name: node-exporter - name: node-exporter
image: prom/node-exporter:v0.18.1 image: prom/node-exporter
args: args:
- "--path.procfs=/host/proc" - "--path.procfs=/host/proc"
- "--path.sysfs=/host/sys" - "--path.sysfs=/host/sys"

4
kustomize/bases/postgres/postgres-statefulset.yaml
View File

@ -1,4 +1,3 @@
# PostgreSQL StatefulSet
apiVersion: apps/v1 apiVersion: apps/v1
kind: StatefulSet kind: StatefulSet
metadata: metadata:
@ -50,7 +49,6 @@ spec:
volumeMounts: volumeMounts:
- name: postgres-pvc - name: postgres-pvc
mountPath: /data mountPath: /data
# Volume Claim
volumeClaimTemplates: volumeClaimTemplates:
- metadata: - metadata:
name: postgres-pvc name: postgres-pvc
@ -58,7 +56,7 @@ spec:
accessModes: ["ReadWriteOnce"] accessModes: ["ReadWriteOnce"]
resources: resources:
requests: requests:
storage: 5Gi storage: 3Gi
--- ---
apiVersion: v1 apiVersion: v1
kind: Service kind: Service

7
kustomize/bases/prometheus/prometheus-ingress.yaml
View File

@ -4,14 +4,7 @@ metadata:
name: prometheus name: prometheus
labels: labels:
app.kubernetes.io/name: prometheus app.kubernetes.io/name: prometheus
annotations:
# nginx.ingress.kubernetes.io/rewrite-target: /
# cert-manager.io/cluster-issuer: letsencrypt
spec: spec:
# tls:
# - hosts:
# - ${prometheus_EXTERNAL_HOST}
# secretName: letsencrypt-cert
rules: rules:
- host: ${PROMETHEUS_EXTERNAL_HOST} - host: ${PROMETHEUS_EXTERNAL_HOST}
http: http:

9
kustomize/bases/prometheus/prometheus-rbac.yaml
View File

@ -1,4 +1,4 @@
apiVersion: rbac.authorization.k8s.io/v1beta1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: ClusterRole
metadata: metadata:
name: prometheus name: prometheus
@ -15,6 +15,11 @@ rules:
resources: resources:
- configmaps - configmaps
verbs: ["get"] verbs: ["get"]
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs: ["get", "list", "watch"]
- nonResourceURLs: ["/metrics"] - nonResourceURLs: ["/metrics"]
verbs: ["get"] verbs: ["get"]
--- ---
@ -23,7 +28,7 @@ kind: ServiceAccount
metadata: metadata:
name: prometheus name: prometheus
--- ---
apiVersion: rbac.authorization.k8s.io/v1beta1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding kind: ClusterRoleBinding
metadata: metadata:
name: prometheus name: prometheus

2
kustomize/bases/traefik/kustomization.yaml
View File

@ -1,2 +1,4 @@
# http://localhost:8001/api/v1/namespaces/kube-system/services/traefik:traefik
resources: resources:
- traefik-helmchartconfig.yaml - traefik-helmchartconfig.yaml

3
kustomize/bases/traefik/traefik-helmchartconfig.yaml
View File

@ -7,6 +7,9 @@ spec:
additionalArguments: additionalArguments:
- '--serversTransport.insecureSkipVerify=true' - '--serversTransport.insecureSkipVerify=true'
- '--metrics.prometheus=true' - '--metrics.prometheus=true'
ports:
traefik:
expose: true
# ports: # ports:
# web: # web:
# redirectTo: websecure # redirectTo: websecure

18
kustomize/bases/traefik/traefik-ingress.yaml Normal file
View File

@ -0,0 +1,18 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: traefik
labels:
app.kubernetes.io/name: traefik
spec:
rules:
- host: ${TRAEFIK_EXTERNAL_HOST}
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: traefik
port:
name: traefik

3
kustomize/overlays/dev-cluster/kustomization.yaml
View File

@ -5,3 +5,6 @@ bases:
# allow "kubectl apply -l managed-by=cluster --prune ..." # allow "kubectl apply -l managed-by=cluster --prune ..."
commonlabels: commonlabels:
managed-by: kustomize-cluster managed-by: kustomize-cluster
transformers:
- transformers/placeholders.yaml

1
kustomize/overlays/dev-cluster/placeholders.txt Normal file
View File

@ -0,0 +1 @@
TRAEFIK_EXTERNAL_HOST=traefik.localhost

5
kustomize/overlays/dev-cluster/transformers/placeholders.yaml Normal file
View File

@ -0,0 +1,5 @@
apiVersion: badjware/v1
kind: PlaceholderTransformer
metadata:
name: placeholders
placeholdersFile: placeholders.txt

3
kustomize/overlays/dev/kustomization.yaml
View File

@ -10,6 +10,8 @@ images:
newtag: 1.15.0 newtag: 1.15.0
- name: grafana - name: grafana
newtag: 8.1.2 newtag: 8.1.2
- name: prom/node-exporter
newtag: v0.18.1
- name: drone/drone - name: drone/drone
newtag: 2.0.6 newtag: 2.0.6
- name: drone/drone-runner-kube - name: drone/drone-runner-kube
@ -36,6 +38,7 @@ secretGenerator:
- client_secret=Q78VsgyfgTzKrvQEmokEMj84g7epKrlBpmDjcbhKXCIh - client_secret=Q78VsgyfgTzKrvQEmokEMj84g7epKrlBpmDjcbhKXCIh
- name: postgres-credentials-secret - name: postgres-credentials-secret
type: Opaque type: Opaque
namespace: nextcloud
behavior: replace behavior: replace
literals: literals:
- database=nextcloud - database=nextcloud

2
kustomize/overlays/dev/placeholders.txt
View File

@ -1,7 +1,7 @@
GITEA_EXTERNAL_HOST=gitea.localhost GITEA_EXTERNAL_HOST=gitea.localhost
DRONE_EXTERNAL_HOST=drone.localhost
NEXTCLOUD_EXTERNAL_HOST=nextcloud.localhost NEXTCLOUD_EXTERNAL_HOST=nextcloud.localhost
DRONE_EXTERNAL_HOST=drone.localhost
GRAFANA_EXTERNAL_HOST=grafana.localhost GRAFANA_EXTERNAL_HOST=grafana.localhost
KUBERNETES_DASHBOARD_EXTERNAL_HOST=kubernetes-dashboard.localhost KUBERNETES_DASHBOARD_EXTERNAL_HOST=kubernetes-dashboard.localhost
PROMETHEUS_EXTERNAL_HOST=prometheus.localhost PROMETHEUS_EXTERNAL_HOST=prometheus.localhost

3
kustomize/overlays/prod-cluster/placeholders.txt
View File

@ -1 +1,2 @@
LONGHORN_EXTERNAL_HOST=longhorn.badjnet.local TRAEFIK_EXTERNAL_HOST=traefik.badjnet.home
LONGHORN_EXTERNAL_HOST=longhorn.badjnet.home

15
kustomize/overlays/prod/kustomization.yaml
View File

@ -3,16 +3,23 @@ bases:
- ../../namespaces/gitea - ../../namespaces/gitea
- ../../namespaces/grafana - ../../namespaces/grafana
- ../../namespaces/monitoring - ../../namespaces/monitoring
- ../../namespaces/nextcloud
images: images:
- name: gitea/gitea - name: gitea/gitea
newtag: 1.15.0 newtag: 1.15.0
- name: grafana - name: grafana
newtag: 8.1.2 newtag: 8.1.2
- name: prom/node-exporter
newtag: v0.18.1
- name: drone/drone - name: drone/drone
newtag: 2.0.6 newtag: 2.0.6
- name: drone/drone-runner-kube - name: drone/drone-runner-kube
newtag: 1.0.0-beta.9 newtag: 1.0.0-beta.9
- name: nextcloud
newtag: 22.1.0
- name: postgres
newtag: 9.6.23
secretGenerator: secretGenerator:
- name: drone-secret - name: drone-secret
@ -29,6 +36,14 @@ secretGenerator:
literals: literals:
- client_id=${ssm:/k3s/prod/drone/gitea/client_id} - client_id=${ssm:/k3s/prod/drone/gitea/client_id}
- client_secret=${ssm:/k3s/prod/drone/gitea/client_secret} - client_secret=${ssm:/k3s/prod/drone/gitea/client_secret}
- name: postgres-credentials-secret
type: Opaque
namespace: nextcloud
behavior: replace
literals:
- database=nextcloud
- username=nextcloud
- password=${ssm:/k3s/prod/nextcloud/postgres/password}
# allow "kubectl apply -l managed-by=kustomize --prune ..." # allow "kubectl apply -l managed-by=kustomize --prune ..."
commonlabels: commonlabels:

6
kustomize/overlays/prod/placeholders.txt
View File

@ -2,6 +2,6 @@ GITEA_EXTERNAL_HOST=code.badjware.dev
DRONE_EXTERNAL_HOST=drone.badjware.dev DRONE_EXTERNAL_HOST=drone.badjware.dev
NEXTCLOUD_EXTERNAL_HOST=cloud.badjware.dev NEXTCLOUD_EXTERNAL_HOST=cloud.badjware.dev
GRAFANA_EXTERNAL_HOST=grafana.badjnet.local GRAFANA_EXTERNAL_HOST=grafana.badjnet.home
KUBERNETES_DASHBOARD_EXTERNAL_HOST=kubernetes-dashboard.badjnet.local KUBERNETES_DASHBOARD_EXTERNAL_HOST=kubernetes-dashboard.badjnet.home
PROMETHEUS_EXTERNAL_HOST=prometheus.badjnet.local PROMETHEUS_EXTERNAL_HOST=prometheus.badjnet.home