merge prod and prod-cluster, update Makefile, readme

Makefile

@@ -1,81 +1,36 @@
-KUSTOMIZE = KUSTOMIZE_PLUGIN_HOME=$(PWD)/plugins kustomize
-KUSTOMIZEFLAGS = --enable-alpha-plugins
+KUSTOMIZE = kustomize
+KUSTOMIZEFLAGS =
 
 KUBECTL = kubectl
 KUBECTLFLAGS = 
-KUBECTLDIFFFLAGS =
+KUBECTLDIFFFLAGS = --server-side=true --force-conflicts
 KUBECTLAPPLYFLAGS = --server-side=true --force-conflicts --prune
 
 SRC := $(shell find kustomize/ -type f)
-OUTDIR = build
+OUT  = build
 
-# DEVOUT = $(OUTDIR)/dev
-# DEVMANIFESTSRC = kustomize/overlays/dev
-# DEVMANIFESTOUT = $(DEVOUT)/manifest.yaml
-# DEVCLUSTERSRC = kustomize/overlays/dev-cluster
-# DEVCLUSTEROUT = $(DEVOUT)/cluster.yaml
+PRODOUT = $(OUT)/prod.yaml
+PRODSRC = kustomize/env/prod
 
-PRODOUT = $(OUTDIR)/prod
-PRODMANIFESTOUT = $(PRODOUT)/manifest.yaml
-PRODMANIFESTSRC = kustomize/overlays/prod
-PRODCLUSTEROUT = $(PRODOUT)/cluster.yaml
-PRODCLUSTERSRC = kustomize/overlays/prod-cluster
-
-# ifeq ($(environment),prod)
-# 	environment = prod
-
-# 	ENVOUTDIR  = $(PRODOUT)
-# 	ENVOUTFILE = $(PRODMANIFESTOUT) $(PRODCLUSTEROUT)
-# else
-# 	environment = dev
-
-# 	ENVOUTDIR  = $(DEVOUT)
-# 	ENVOUTFILE = $(DEVMANIFESTOUT) $(DEVCLUSTERTOUT)
-# endif
-
-environment=prod
-ENVOUTDIR  = $(PRODOUT)
-ENVOUTFILE = $(PRODMANIFESTOUT) $(PRODCLUSTEROUT)
+.PHONY: prod
+prod: prod-diff
 
 .PHONY: diff
-diff: $(environment)
-	$(KUBECTL) $(KUBECTLFLAGS) diff $(KUBECTLDIFFFLAGS) -f $(ENVOUTDIR) | highlight --out-format xterm256 --syntax diff
+prod-diff: $(PRODOUT)
+	$(KUBECTL) $(KUBECTLFLAGS) diff $(KUBECTLDIFFFLAGS) -f $(PRODOUT) | highlight --out-format xterm256 --syntax diff
 
 .PHONY: apply
-apply: $(environment)
-	$(KUBECTL) $(KUBECTLFLAGS) apply $(KUBECTLAPPLYFLAGS) -l app.kubernetes.io/managed-by=kustomize-cluster -f $(ENVOUTDIR)
-	$(KUBECTL) $(KUBECTLFLAGS) apply $(KUBECTLAPPLYFLAGS) -l app.kubernetes.io/managed-by=kustomize -f $(ENVOUTDIR)
+prod-apply: $(PRODOUT)
+	$(KUBECTL) $(KUBECTLFLAGS) apply $(KUBECTLAPPLYFLAGS) -l app.kubernetes.io/managed-by=kustomize -f $(PRODOUT)
 
-.PHONY: all dev prod
-all: dev prod
-# dev: $(DEVMANIFESTOUT) $(DEVCLUSTEROUT)
-prod: $(PRODMANIFESTOUT) $(PRODCLUSTEROUT)
-
-# $(DEVMANIFESTOUT): $(SRC)
-# 	mkdir -p $(DEVOUT)
-# 	$(KUSTOMIZE) build $(KUSTOMIZEFLAGS) $(DEVMANIFESTSRC) >$(DEVMANIFESTOUT) || (rm $(DEVMANIFESTOUT); exit 1)
-
-# $(DEVCLUSTEROUT): $(SRC)
-# 	mkdir -p $(DEVOUT)
-# 	$(KUSTOMIZE) build $(KUSTOMIZEFLAGS) $(DEVCLUSTERSRC) >$(DEVCLUSTEROUT) || (rm $(DEVCLUSTEROUT); exit 1)
-
-$(PRODMANIFESTOUT): $(SRC)
-	mkdir -p $(PRODOUT)
-	$(KUSTOMIZE) build $(KUSTOMIZEFLAGS) $(PRODMANIFESTSRC) >$(PRODMANIFESTOUT) || (rm $(PRODMANIFESTOUT); exit 1)
-
-$(PRODCLUSTEROUT): $(SRC)
-	mkdir -p $(PRODOUT)
-	$(KUSTOMIZE) build $(KUSTOMIZEFLAGS) $(PRODCLUSTERSRC) >$(PRODCLUSTEROUT) || (rm $(PRODCLUSTEROUT); exit 1)
+$(PRODOUT): $(SRC)
+	mkdir -p $(OUT)
+	$(KUSTOMIZE) build $(KUSTOMIZEFLAGS) $(PRODSRC) >$(PRODOUT) || (rm $(PRODOUT); exit 1)
 
 .PHONY: clean
 clean:
-	rm -r $(OUTDIR)
-
-# $(KUSTOMIZEOUTALL): $(SRC)
-# 	@mkdir -p $(dir $(KUSTOMIZEOUTALL))
-# 	$(KUSTOMIZE) build $(KUSTOMIZEFLAGS) $(KUSTOMIZEDIRALL) >$(KUSTOMIZEOUTALL) || (rm $(KUSTOMIZEOUTALL); exit 1)
-
-# $(KUSTOMIZEOUT): $(SRC)
-# 	@mkdir -p $(dir $(KUSTOMIZEOUT))
-# 	$(KUSTOMIZE) build $(KUSTOMIZEFLAGS) $(KUSTOMIZEDIR) >$(KUSTOMIZEOUT) || (rm $(KUSTOMIZEOUT); exit 1)
+	rm -r $(OUT)
 
+.PHONY: infra
+infra:
+	terraform -chdir=terraform apply

README.md

@@ -4,27 +4,45 @@ Kubernetes deployment for home cluster.
 
 ## Deploying
 
+Deployments are done through a `Makefile`.
+
 Prerequisites:
 * make
-* docker
+* terraform
+* kustomize
 * kubectl
-
-For local deployment:
-* k3d
-
-### Local deployment
-``` sh
-./setup-local-cluster.sh
-make
-make apply
-```
+* highlight (for prettying `diff`)
 
 ### Prod deployment
+#### infra
 ``` sh
-make environment=prod
-make environment=prod apply
+make infra
 ```
 
+This will:
+1. Configure external-secret to be able to sync kubernetes secrets with the secret store in AWS.
+2. Configure the DNS entries in DigitalOcean
+
+#### diff
+``` sh
+make 
+```
+*or*
+``` sh
+make prod-diff
+```
+
+Generated kubernetes manifest will be in [./build/prod.yaml](./build/prod.yaml).
+
+#### apply
+``` sh
+make prod-apply
+```
+
+Generated kubernetes manifest will be in [./build/prod.yaml](./build/prod.yaml).
+
+Server-side resources that are not declared in the manifest will be pruned.
+
 ## Services
 
 | service                                                                  | local                                 | prod                                      |

kustomize/env/prod/kustomization.yaml

@@ -1,8 +1,10 @@
 resources:
+  - ../../overlays/system
+
   # - ../../namespaces/kubernetes-dashboard
-  - ../../namespaces/gitea
-  - ../../namespaces/monitoring
-  - ../../namespaces/nextcloud
+  - ../../overlays/gitea
+  - ../../overlays/monitoring
+  - ../../overlays/nextcloud
 
 # resources:
 #   - probes/external-services-bobcat-miner.yaml
@@ -36,6 +38,9 @@ configMapGenerator:
   - name: replacements
     namespace: default
     literals:
+      - TRAEFIK_EXTERNAL_HOST=traefik.badjnet.home
+      - LONGHORN_EXTERNAL_HOST=longhorn.badjnet.home
+
       - GITEA_EXTERNAL_HOST=code.badjware.dev
       - GITEA_EXTERNAL_URL=https://code.badjware.dev
 
@@ -79,6 +84,32 @@ patches:
 #   - patches/blackbox-exporter-probe-patch.yaml
 
 replacements:
+  - source:
+      kind: ConfigMap
+      name: replacements
+      namespace: default
+      fieldPath: data.TRAEFIK_EXTERNAL_HOST
+    targets:
+      - select:
+          kind: Ingress
+          name: traefik
+          namespace: kube-system
+        fieldPaths:
+          - spec.rules.0.host
+  - source:
+      kind: ConfigMap
+      name: replacements
+      namespace: default
+      fieldPath: data.LONGHORN_EXTERNAL_HOST
+    targets:
+      - select:
+          kind: HelmChart
+          name: longhorn
+          namespace: kube-system
+        fieldPaths:
+          - spec.set.[ingress.host]
+        options:
+            create: true
   - source:
       kind: ConfigMap
       name: replacements
@@ -192,4 +223,4 @@ replacements:
           name: prometheus
           namespace: monitoring
         fieldPaths:
-          - spec.rules.0.host
+          - spec.rules.0.host

kustomize/overlays/prod-cluster/kustomization.yaml

@@ -1,44 +0,0 @@
-resources:
-  - ../../namespaces/kube-system
-  - ../../bases/longhorn
-
-buildMetadata:
-  - originAnnotations
-
-commonLabels:
-  app.kubernetes.io/managed-by: kustomize-cluster
-
-configMapGenerator:
-  - name: cluster-replacements
-    namespace: default
-    literals:
-      - TRAEFIK_EXTERNAL_HOST=traefik.badjnet.home
-      - LONGHORN_EXTERNAL_HOST=longhorn.badjnet.home
-
-replacements:
-  - source:
-      kind: ConfigMap
-      name: cluster-replacements
-      namespace: default
-      fieldPath: data.TRAEFIK_EXTERNAL_HOST
-    targets:
-      - select:
-          kind: Ingress
-          name: traefik
-          namespace: kube-system
-        fieldPaths:
-          - spec.rules.0.host
-  - source:
-      kind: ConfigMap
-      name: cluster-replacements
-      namespace: default
-      fieldPath: data.LONGHORN_EXTERNAL_HOST
-    targets:
-      - select:
-          kind: HelmChart
-          name: longhorn
-          namespace: kube-system
-        fieldPaths:
-          - spec.set.[ingress.host]
-        options:
-            create: true

kustomize/overlays/prod-cluster/transformers/ssm-secrets.yaml

@@ -1,6 +0,0 @@
-apiVersion: badjware/v1
-kind: SSMParameterPlaceholderTransformer
-metadata:
-  name: ssm-parameter
-resourceSelectors:
-  - kind: Secret

kustomize/overlays/system/kustomization.yaml

@@ -1,4 +1,5 @@
 resources:
+  - ../../bases/longhorn
   - ../../bases/traefik
   - ../../bases/prometheus-operator
   - ../../bases/external-secrets