1
0
Fork 0

cleanup, add traefik dashboard ingress

This commit is contained in:
Massaki Archambault 2021-08-27 15:57:29 -04:00
parent bc434ff3b5
commit 2aa9ed4eff
20 changed files with 71 additions and 50 deletions

View File

@ -20,8 +20,12 @@ spec:
- name: drone
image: drone/drone-runner-kube
env:
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: DRONE_RPC_HOST
value: drone.gitea.svc.cluster.local
value: drone.$(NAMESPACE).svc.cluster.local
- name: DRONE_RPC_PROTO
value: http
- name: DRONE_RPC_SECRET

View File

@ -4,14 +4,7 @@ metadata:
name: drone
labels:
app.kubernetes.io/name: drone
annotations:
# nginx.ingress.kubernetes.io/rewrite-target: /
# cert-manager.io/cluster-issuer: letsencrypt
spec:
# tls:
# - hosts:
# - ${GITEA_EXTERNAL_HOST}
# secretName: letsencrypt-cert
rules:
- host: ${DRONE_EXTERNAL_HOST}
http:

View File

@ -4,14 +4,7 @@ metadata:
name: gitea
labels:
app.kubernetes.io/name: gitea
annotations:
# nginx.ingress.kubernetes.io/rewrite-target: /
# cert-manager.io/cluster-issuer: letsencrypt
spec:
# tls:
# - hosts:
# - ${GITEA_EXTERNAL_HOST}
# secretName: letsencrypt-cert
rules:
- host: ${GITEA_EXTERNAL_HOST}
http:

View File

@ -4,14 +4,7 @@ metadata:
name: grafana
labels:
app.kubernetes.io/name: grafana
annotations:
# nginx.ingress.kubernetes.io/rewrite-target: /
# cert-manager.io/cluster-issuer: letsencrypt
spec:
# tls:
# - hosts:
# - ${GRAFANA_EXTERNAL_HOST}
# secretName: letsencrypt-cert
rules:
- host: ${GRAFANA_EXTERNAL_HOST}
http:

View File

@ -4,16 +4,7 @@ metadata:
name: kubernetes-dashboard
labels:
app.kubernetes.io/name: kubernetes-dashboard
annotations:
# nginx.ingress.kubernetes.io/rewrite-target: /
# nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
# ingress.kubernetes.io/protocol: https
# cert-manager.io/cluster-issuer: letsencrypt
spec:
# tls:
# - hosts:
# - ${GITEA_EXTERNAL_HOST}
# secretName: letsencrypt-cert
rules:
- host: ${KUBERNETES_DASHBOARD_EXTERNAL_HOST}
http:

View File

@ -19,7 +19,7 @@ spec:
hostPID: true
containers:
- name: node-exporter
image: prom/node-exporter:v0.18.1
image: prom/node-exporter
args:
- "--path.procfs=/host/proc"
- "--path.sysfs=/host/sys"

View File

@ -1,4 +1,3 @@
# PostgreSQL StatefulSet
apiVersion: apps/v1
kind: StatefulSet
metadata:
@ -50,7 +49,6 @@ spec:
volumeMounts:
- name: postgres-pvc
mountPath: /data
# Volume Claim
volumeClaimTemplates:
- metadata:
name: postgres-pvc
@ -58,7 +56,7 @@ spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 5Gi
storage: 3Gi
---
apiVersion: v1
kind: Service

View File

@ -4,14 +4,7 @@ metadata:
name: prometheus
labels:
app.kubernetes.io/name: prometheus
annotations:
# nginx.ingress.kubernetes.io/rewrite-target: /
# cert-manager.io/cluster-issuer: letsencrypt
spec:
# tls:
# - hosts:
# - ${prometheus_EXTERNAL_HOST}
# secretName: letsencrypt-cert
rules:
- host: ${PROMETHEUS_EXTERNAL_HOST}
http:

View File

@ -1,4 +1,4 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: prometheus
@ -15,6 +15,11 @@ rules:
resources:
- configmaps
verbs: ["get"]
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs: ["get", "list", "watch"]
- nonResourceURLs: ["/metrics"]
verbs: ["get"]
---
@ -23,7 +28,7 @@ kind: ServiceAccount
metadata:
name: prometheus
---
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: prometheus

View File

@ -1,2 +1,4 @@
# http://localhost:8001/api/v1/namespaces/kube-system/services/traefik:traefik
resources:
- traefik-helmchartconfig.yaml

View File

@ -7,6 +7,9 @@ spec:
additionalArguments:
- '--serversTransport.insecureSkipVerify=true'
- '--metrics.prometheus=true'
ports:
traefik:
expose: true
# ports:
# web:
# redirectTo: websecure

View File

@ -0,0 +1,18 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: traefik
labels:
app.kubernetes.io/name: traefik
spec:
rules:
- host: ${TRAEFIK_EXTERNAL_HOST}
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: traefik
port:
name: traefik

View File

@ -5,3 +5,6 @@ bases:
# allow "kubectl apply -l managed-by=cluster --prune ..."
commonlabels:
managed-by: kustomize-cluster
transformers:
- transformers/placeholders.yaml

View File

@ -0,0 +1 @@
TRAEFIK_EXTERNAL_HOST=traefik.localhost

View File

@ -0,0 +1,5 @@
apiVersion: badjware/v1
kind: PlaceholderTransformer
metadata:
name: placeholders
placeholdersFile: placeholders.txt

View File

@ -10,6 +10,8 @@ images:
newtag: 1.15.0
- name: grafana
newtag: 8.1.2
- name: prom/node-exporter
newtag: v0.18.1
- name: drone/drone
newtag: 2.0.6
- name: drone/drone-runner-kube
@ -36,6 +38,7 @@ secretGenerator:
- client_secret=Q78VsgyfgTzKrvQEmokEMj84g7epKrlBpmDjcbhKXCIh
- name: postgres-credentials-secret
type: Opaque
namespace: nextcloud
behavior: replace
literals:
- database=nextcloud

View File

@ -1,7 +1,7 @@
GITEA_EXTERNAL_HOST=gitea.localhost
DRONE_EXTERNAL_HOST=drone.localhost
NEXTCLOUD_EXTERNAL_HOST=nextcloud.localhost
DRONE_EXTERNAL_HOST=drone.localhost
GRAFANA_EXTERNAL_HOST=grafana.localhost
KUBERNETES_DASHBOARD_EXTERNAL_HOST=kubernetes-dashboard.localhost
PROMETHEUS_EXTERNAL_HOST=prometheus.localhost

View File

@ -1 +1,2 @@
LONGHORN_EXTERNAL_HOST=longhorn.badjnet.local
TRAEFIK_EXTERNAL_HOST=traefik.badjnet.home
LONGHORN_EXTERNAL_HOST=longhorn.badjnet.home

View File

@ -3,16 +3,23 @@ bases:
- ../../namespaces/gitea
- ../../namespaces/grafana
- ../../namespaces/monitoring
- ../../namespaces/nextcloud
images:
- name: gitea/gitea
newtag: 1.15.0
- name: grafana
newtag: 8.1.2
- name: prom/node-exporter
newtag: v0.18.1
- name: drone/drone
newtag: 2.0.6
- name: drone/drone-runner-kube
newtag: 1.0.0-beta.9
- name: nextcloud
newtag: 22.1.0
- name: postgres
newtag: 9.6.23
secretGenerator:
- name: drone-secret
@ -29,6 +36,14 @@ secretGenerator:
literals:
- client_id=${ssm:/k3s/prod/drone/gitea/client_id}
- client_secret=${ssm:/k3s/prod/drone/gitea/client_secret}
- name: postgres-credentials-secret
type: Opaque
namespace: nextcloud
behavior: replace
literals:
- database=nextcloud
- username=nextcloud
- password=${ssm:/k3s/prod/nextcloud/postgres/password}
# allow "kubectl apply -l managed-by=kustomize --prune ..."
commonlabels:

View File

@ -2,6 +2,6 @@ GITEA_EXTERNAL_HOST=code.badjware.dev
DRONE_EXTERNAL_HOST=drone.badjware.dev
NEXTCLOUD_EXTERNAL_HOST=cloud.badjware.dev
GRAFANA_EXTERNAL_HOST=grafana.badjnet.local
KUBERNETES_DASHBOARD_EXTERNAL_HOST=kubernetes-dashboard.badjnet.local
PROMETHEUS_EXTERNAL_HOST=prometheus.badjnet.local
GRAFANA_EXTERNAL_HOST=grafana.badjnet.home
KUBERNETES_DASHBOARD_EXTERNAL_HOST=kubernetes-dashboard.badjnet.home
PROMETHEUS_EXTERNAL_HOST=prometheus.badjnet.home