cleanup, add traefik dashboard ingress

2021-08-27 15:57:29 -04:00 · 2021-08-27 15:57:29 -04:00 · 2aa9ed4eff
parent bc434ff3b5
commit 2aa9ed4eff
20 changed files with 71 additions and 50 deletions
--- a/kustomize/bases/drone/drone-runner-deployment.yaml
+++ b/kustomize/bases/drone/drone-runner-deployment.yaml
@ -20,8 +20,12 @@ spec:
        - name: drone
          image: drone/drone-runner-kube
          env:
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
            - name: DRONE_RPC_HOST
-              value: drone.gitea.svc.cluster.local
+              value: drone.$(NAMESPACE).svc.cluster.local
            - name: DRONE_RPC_PROTO
              value: http
            - name: DRONE_RPC_SECRET
--- a/kustomize/bases/drone/drone-server-ingress.yaml
+++ b/kustomize/bases/drone/drone-server-ingress.yaml
@ -4,14 +4,7 @@ metadata:
  name: drone
  labels:
    app.kubernetes.io/name: drone
-  annotations:
-    # nginx.ingress.kubernetes.io/rewrite-target: /
-    # cert-manager.io/cluster-issuer: letsencrypt
 spec:
-  # tls:
-  #   - hosts:
-  #       - ${GITEA_EXTERNAL_HOST}
-  #     secretName: letsencrypt-cert
  rules:
  - host: ${DRONE_EXTERNAL_HOST}
    http:
--- a/kustomize/bases/gitea/gitea-ingress.yaml
+++ b/kustomize/bases/gitea/gitea-ingress.yaml
@ -4,14 +4,7 @@ metadata:
  name: gitea
  labels:
    app.kubernetes.io/name: gitea
-  annotations:
-    # nginx.ingress.kubernetes.io/rewrite-target: /
-    # cert-manager.io/cluster-issuer: letsencrypt
 spec:
-  # tls:
-  #   - hosts:
-  #       - ${GITEA_EXTERNAL_HOST}
-  #     secretName: letsencrypt-cert
  rules:
  - host: ${GITEA_EXTERNAL_HOST}
    http:
--- a/kustomize/bases/grafana/grafana-ingress.yaml
+++ b/kustomize/bases/grafana/grafana-ingress.yaml
@ -4,14 +4,7 @@ metadata:
  name: grafana
  labels:
    app.kubernetes.io/name: grafana
-  annotations:
-    # nginx.ingress.kubernetes.io/rewrite-target: /
-    # cert-manager.io/cluster-issuer: letsencrypt
 spec:
-  # tls:
-  #   - hosts:
-  #       - ${GRAFANA_EXTERNAL_HOST}
-  #     secretName: letsencrypt-cert
  rules:
  - host: ${GRAFANA_EXTERNAL_HOST}
    http:
--- a/kustomize/bases/kubernetes-dashboard/dashboard-ingress.yaml
+++ b/kustomize/bases/kubernetes-dashboard/dashboard-ingress.yaml
@ -4,16 +4,7 @@ metadata:
  name: kubernetes-dashboard
  labels:
    app.kubernetes.io/name: kubernetes-dashboard
-  annotations:
-    # nginx.ingress.kubernetes.io/rewrite-target: /
-    # nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
-    # ingress.kubernetes.io/protocol: https
-    # cert-manager.io/cluster-issuer: letsencrypt
 spec:
-  # tls:
-  #   - hosts:
-  #       - ${GITEA_EXTERNAL_HOST}
-  #     secretName: letsencrypt-cert
  rules:
  - host: ${KUBERNETES_DASHBOARD_EXTERNAL_HOST}
    http:
--- a/kustomize/bases/node-exporter/node-exporter-daemonset.yaml
+++ b/kustomize/bases/node-exporter/node-exporter-daemonset.yaml
@ -19,7 +19,7 @@ spec:
      hostPID: true
      containers:
      - name: node-exporter
-        image: prom/node-exporter:v0.18.1
+        image: prom/node-exporter
        args:
        - "--path.procfs=/host/proc"
        - "--path.sysfs=/host/sys"
--- a/kustomize/bases/postgres/postgres-statefulset.yaml
+++ b/kustomize/bases/postgres/postgres-statefulset.yaml
@ -1,4 +1,3 @@
-# PostgreSQL StatefulSet
 apiVersion: apps/v1
 kind: StatefulSet
 metadata:
@ -50,7 +49,6 @@ spec:
          volumeMounts:
            - name: postgres-pvc
              mountPath: /data
-  # Volume Claim
  volumeClaimTemplates:
    - metadata:
        name: postgres-pvc
@ -58,7 +56,7 @@ spec:
        accessModes: ["ReadWriteOnce"]
        resources:
          requests:
-            storage: 5Gi
+            storage: 3Gi
 ---
 apiVersion: v1
 kind: Service
--- a/kustomize/bases/prometheus/prometheus-ingress.yaml
+++ b/kustomize/bases/prometheus/prometheus-ingress.yaml
@ -4,14 +4,7 @@ metadata:
  name: prometheus
  labels:
    app.kubernetes.io/name: prometheus
-  annotations:
-    # nginx.ingress.kubernetes.io/rewrite-target: /
-    # cert-manager.io/cluster-issuer: letsencrypt
 spec:
-  # tls:
-  #   - hosts:
-  #       - ${prometheus_EXTERNAL_HOST}
-  #     secretName: letsencrypt-cert
  rules:
  - host: ${PROMETHEUS_EXTERNAL_HOST}
    http:
--- a/kustomize/bases/prometheus/prometheus-rbac.yaml
+++ b/kustomize/bases/prometheus/prometheus-rbac.yaml
@ -1,4 +1,4 @@
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: prometheus
@ -15,6 +15,11 @@ rules:
  resources:
  - configmaps
  verbs: ["get"]
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - ingresses
+  verbs: ["get", "list", "watch"]
 - nonResourceURLs: ["/metrics"]
  verbs: ["get"]
 ---
@ -23,7 +28,7 @@ kind: ServiceAccount
 metadata:
  name: prometheus
 ---
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: prometheus
--- a/kustomize/bases/traefik/kustomization.yaml
+++ b/kustomize/bases/traefik/kustomization.yaml
@ -1,2 +1,4 @@
+# http://localhost:8001/api/v1/namespaces/kube-system/services/traefik:traefik
+
 resources:
  - traefik-helmchartconfig.yaml
--- a/kustomize/bases/traefik/traefik-helmchartconfig.yaml
+++ b/kustomize/bases/traefik/traefik-helmchartconfig.yaml
@ -7,6 +7,9 @@ spec:
    additionalArguments:
      - '--serversTransport.insecureSkipVerify=true'
      - '--metrics.prometheus=true'
+    ports:
+      traefik:
+        expose: true
    # ports:
    #   web:
    #     redirectTo: websecure
--- a/kustomize/bases/traefik/traefik-ingress.yaml
+++ b/kustomize/bases/traefik/traefik-ingress.yaml
@ -0,0 +1,18 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: traefik
+  labels:
+    app.kubernetes.io/name: traefik
+spec:
+  rules:
+  - host: ${TRAEFIK_EXTERNAL_HOST}
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: traefik
+            port:
+              name: traefik
--- a/kustomize/overlays/dev-cluster/kustomization.yaml
+++ b/kustomize/overlays/dev-cluster/kustomization.yaml
@ -5,3 +5,6 @@ bases:
 # allow "kubectl apply -l managed-by=cluster --prune ..."
 commonlabels:
  managed-by: kustomize-cluster
+
+transformers:
+  - transformers/placeholders.yaml
--- a/kustomize/overlays/dev-cluster/placeholders.txt
+++ b/kustomize/overlays/dev-cluster/placeholders.txt
@ -0,0 +1 @@
+TRAEFIK_EXTERNAL_HOST=traefik.localhost
--- a/kustomize/overlays/dev-cluster/transformers/placeholders.yaml
+++ b/kustomize/overlays/dev-cluster/transformers/placeholders.yaml
@ -0,0 +1,5 @@
+apiVersion: badjware/v1
+kind: PlaceholderTransformer
+metadata:
+  name: placeholders
+placeholdersFile: placeholders.txt
--- a/kustomize/overlays/dev/kustomization.yaml
+++ b/kustomize/overlays/dev/kustomization.yaml
@ -10,6 +10,8 @@ images:
    newtag: 1.15.0
  - name: grafana
    newtag: 8.1.2
+  - name: prom/node-exporter
+    newtag: v0.18.1
  - name: drone/drone
    newtag: 2.0.6
  - name: drone/drone-runner-kube
@ -36,6 +38,7 @@ secretGenerator:
      - client_secret=Q78VsgyfgTzKrvQEmokEMj84g7epKrlBpmDjcbhKXCIh
  - name: postgres-credentials-secret
    type: Opaque
+    namespace: nextcloud
    behavior: replace
    literals:
      - database=nextcloud
--- a/kustomize/overlays/dev/placeholders.txt
+++ b/kustomize/overlays/dev/placeholders.txt
@ -1,7 +1,7 @@
 GITEA_EXTERNAL_HOST=gitea.localhost
+DRONE_EXTERNAL_HOST=drone.localhost
 NEXTCLOUD_EXTERNAL_HOST=nextcloud.localhost

-DRONE_EXTERNAL_HOST=drone.localhost
 GRAFANA_EXTERNAL_HOST=grafana.localhost
 KUBERNETES_DASHBOARD_EXTERNAL_HOST=kubernetes-dashboard.localhost
 PROMETHEUS_EXTERNAL_HOST=prometheus.localhost
--- a/kustomize/overlays/prod-cluster/placeholders.txt
+++ b/kustomize/overlays/prod-cluster/placeholders.txt
@ -1 +1,2 @@
-LONGHORN_EXTERNAL_HOST=longhorn.badjnet.local
+TRAEFIK_EXTERNAL_HOST=traefik.badjnet.home
+LONGHORN_EXTERNAL_HOST=longhorn.badjnet.home
--- a/kustomize/overlays/prod/kustomization.yaml
+++ b/kustomize/overlays/prod/kustomization.yaml
@ -3,16 +3,23 @@ bases:
  - ../../namespaces/gitea
  - ../../namespaces/grafana
  - ../../namespaces/monitoring
+  - ../../namespaces/nextcloud

 images:
  - name: gitea/gitea
    newtag: 1.15.0
  - name: grafana
    newtag: 8.1.2
+  - name: prom/node-exporter
+    newtag: v0.18.1
  - name: drone/drone
    newtag: 2.0.6
  - name: drone/drone-runner-kube
    newtag: 1.0.0-beta.9
+  - name: nextcloud
+    newtag: 22.1.0
+  - name: postgres
+    newtag: 9.6.23

 secretGenerator:
  - name: drone-secret
@ -29,6 +36,14 @@ secretGenerator:
    literals:
      - client_id=${ssm:/k3s/prod/drone/gitea/client_id}
      - client_secret=${ssm:/k3s/prod/drone/gitea/client_secret}
+  - name: postgres-credentials-secret
+    type: Opaque
+    namespace: nextcloud
+    behavior: replace
+    literals:
+      - database=nextcloud
+      - username=nextcloud
+      - password=${ssm:/k3s/prod/nextcloud/postgres/password}

 # allow "kubectl apply -l managed-by=kustomize --prune ..."
 commonlabels:
--- a/kustomize/overlays/prod/placeholders.txt
+++ b/kustomize/overlays/prod/placeholders.txt
@ -2,6 +2,6 @@ GITEA_EXTERNAL_HOST=code.badjware.dev
 DRONE_EXTERNAL_HOST=drone.badjware.dev
 NEXTCLOUD_EXTERNAL_HOST=cloud.badjware.dev

-GRAFANA_EXTERNAL_HOST=grafana.badjnet.local
-KUBERNETES_DASHBOARD_EXTERNAL_HOST=kubernetes-dashboard.badjnet.local
-PROMETHEUS_EXTERNAL_HOST=prometheus.badjnet.local
+GRAFANA_EXTERNAL_HOST=grafana.badjnet.home
+KUBERNETES_DASHBOARD_EXTERNAL_HOST=kubernetes-dashboard.badjnet.home
+PROMETHEUS_EXTERNAL_HOST=prometheus.badjnet.home