diff --git a/clean-dev-cluster.sh b/clean-dev-cluster.sh new file mode 100755 index 0000000..f1f4e24 --- /dev/null +++ b/clean-dev-cluster.sh @@ -0,0 +1,7 @@ +#!/bin/bash -e + +k3d cluster delete local +# docker stop registry.localhost +# docker container rm registry.localhost +# docker stop mariadb.localhost +# docker container rm mariadb.localhost \ No newline at end of file diff --git a/kustomize/bases/cert-manager/cert-manager-namespace.patch b/kustomize/bases/cert-manager/cert-manager-namespace.patch index 0c56c90..837cd89 100644 --- a/kustomize/bases/cert-manager/cert-manager-namespace.patch +++ b/kustomize/bases/cert-manager/cert-manager-namespace.patch @@ -1,5 +1,5 @@ ---- a 2020-08-03 08:32:44.463589161 -0400 -+++ b 2020-08-03 08:34:06.230277210 -0400 +--- a 2020-08-10 23:13:10.083362050 -0400 ++++ b 2020-08-10 23:14:00.823784738 -0400 @@ -19,7 +19,7 @@ metadata: name: certificaterequests.cert-manager.io @@ -147,3 +147,12 @@ --- # Source: cert-manager/templates/service.yaml apiVersion: v1 +@@ -19338,7 +19333,7 @@ + - --secure-port=10250 + - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE) + - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca +- - --dynamic-serving-dns-names=cert-manager-webhook,cert-manager-webhook.cert-manager,cert-manager-webhook.cert-manager.svc ++ - --dynamic-serving-dns-names=cert-manager-webhook,cert-manager-webhook.cert-manager,cert-manager-webhook.kube-system.svc + ports: + - name: https + containerPort: 10250 diff --git a/kustomize/bases/cert-manager/cert-manager.yaml b/kustomize/bases/cert-manager/cert-manager.yaml index 35fd67e..f64aba1 100644 --- a/kustomize/bases/cert-manager/cert-manager.yaml +++ b/kustomize/bases/cert-manager/cert-manager.yaml @@ -3,7 +3,7 @@ kind: RemoteResources metadata: name: cert-manager resources: - - url: https://github.com/jetstack/cert-manager/releases/download/v0.16.0/cert-manager.yaml - sha256: 5770f5f01c10a902355b3522b8ce44508ebb6ec88955efde9a443afe5b3969d7 - patches: - - cert-manager-namespace.patch \ No newline at end of file + - url: https://github.com/jetstack/cert-manager/releases/download/v0.16.1/cert-manager.yaml + sha256: 75e7cc1fb42f759860ab896aaa404c0d8c8d5896274d3739eccb193ed1075dd9 + # patches: + # - cert-manager-namespace.patch \ No newline at end of file diff --git a/kustomize/bases/gitea/drone-runner-deployment.yaml b/kustomize/bases/drone/drone-runner-deployment.yaml similarity index 100% rename from kustomize/bases/gitea/drone-runner-deployment.yaml rename to kustomize/bases/drone/drone-runner-deployment.yaml diff --git a/kustomize/bases/gitea/drone-server-deployment.yaml b/kustomize/bases/drone/drone-server-deployment.yaml similarity index 100% rename from kustomize/bases/gitea/drone-server-deployment.yaml rename to kustomize/bases/drone/drone-server-deployment.yaml diff --git a/kustomize/bases/drone/kustomization.yaml b/kustomize/bases/drone/kustomization.yaml new file mode 100644 index 0000000..2c6e96f --- /dev/null +++ b/kustomize/bases/drone/kustomization.yaml @@ -0,0 +1,3 @@ +resources: + - drone-server-deployment.yaml + - drone-runner-deployment.yaml \ No newline at end of file diff --git a/kustomize/bases/gitea/gitea-deployment.yaml b/kustomize/bases/gitea/gitea-deployment.yaml index e5f6b6e..cac862f 100644 --- a/kustomize/bases/gitea/gitea-deployment.yaml +++ b/kustomize/bases/gitea/gitea-deployment.yaml @@ -32,7 +32,10 @@ spec: - name: DB_TYPE value: mysql - name: DB_HOST - value: mariadb.gitea.svc:3306 + valueFrom: + secretKeyRef: + name: mariadb-credentials-secret + key: host - name: DB_NAME valueFrom: secretKeyRef: diff --git a/kustomize/bases/gitea/ingress.yaml b/kustomize/bases/gitea/ingress.yaml index 5eabee4..5c36b94 100644 --- a/kustomize/bases/gitea/ingress.yaml +++ b/kustomize/bases/gitea/ingress.yaml @@ -19,4 +19,4 @@ spec: - path: / backend: serviceName: gitea-http - servicePort: http \ No newline at end of file + servicePort: http diff --git a/kustomize/bases/gitea/kustomization.yaml b/kustomize/bases/gitea/kustomization.yaml index 2879b94..4ed9f8e 100644 --- a/kustomize/bases/gitea/kustomization.yaml +++ b/kustomize/bases/gitea/kustomization.yaml @@ -1,7 +1,5 @@ resources: - gitea-deployment.yaml - - drone-server-deployment.yaml - - drone-runner-deployment.yaml - ingress.yaml secretGenerator: @@ -9,15 +7,16 @@ secretGenerator: type: Opaque behavior: create literals: + - host=mariadb.localhost:3306 - database=gitea - username=gitea - - password=replaceme + - password=changeme - name: drone-secret type: Opaque literals: - - rpc_secret=replaceme + - rpc_secret=changeme - name: drone-gitea-oauth-secret type: Opaque literals: - - client_id=replaceme - - client_secret=replaceme + - client_id=changeme + - client_secret=changeme diff --git a/kustomize/bases/grafana/grafana-deployment.yaml b/kustomize/bases/grafana/grafana-deployment.yaml index 8bce1ef..e72b298 100644 --- a/kustomize/bases/grafana/grafana-deployment.yaml +++ b/kustomize/bases/grafana/grafana-deployment.yaml @@ -24,7 +24,10 @@ spec: - name: GF_DATABASE_TYPE value: mysql - name: GF_DATABASE_HOST - value: mariadb.grafana.svc:3306 + valueFrom: + secretKeyRef: + name: mariadb-credentials-secret + key: host - name: GF_DATABASE_NAME valueFrom: secretKeyRef: diff --git a/kustomize/bases/grafana/kustomization.yaml b/kustomize/bases/grafana/kustomization.yaml index e65e400..657f36e 100644 --- a/kustomize/bases/grafana/kustomization.yaml +++ b/kustomize/bases/grafana/kustomization.yaml @@ -12,6 +12,7 @@ secretGenerator: type: Opaque behavior: create literals: + - host=mariadb.localhost:3306 - database=grafana - username=grafana - - password=replaceme + - password=changeme diff --git a/kustomize/bases/ingress-nginx/nginx-ingress-controller-namespace.patch b/kustomize/bases/ingress-nginx/nginx-ingress-controller-namespace.patch index 2e7e96d..a88efcb 100644 --- a/kustomize/bases/ingress-nginx/nginx-ingress-controller-namespace.patch +++ b/kustomize/bases/ingress-nginx/nginx-ingress-controller-namespace.patch @@ -1,5 +1,5 @@ ---- a 2020-08-03 08:27:39.420706235 -0400 -+++ b 2020-08-03 08:29:09.257135444 -0400 +--- a 2020-08-10 23:16:01.598069317 -0400 ++++ b 2020-08-10 23:16:35.401656793 -0400 @@ -1,14 +1,4 @@ - -apiVersion: v1 @@ -253,11 +253,13 @@ spec: template: metadata: -@@ -525,7 +515,7 @@ +@@ -524,8 +514,8 @@ + imagePullPolicy: IfNotPresent args: - create - - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.ingress-nginx.svc +- - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.ingress-nginx.svc - - --namespace=ingress-nginx ++ - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.kube-system.svc + - --namespace=kube-system - --secret-name=ingress-nginx-admission restartPolicy: OnFailure diff --git a/kustomize/bases/nextcloud/kustomization.yaml b/kustomize/bases/nextcloud/kustomization.yaml index 510b389..7f99a85 100644 --- a/kustomize/bases/nextcloud/kustomization.yaml +++ b/kustomize/bases/nextcloud/kustomization.yaml @@ -8,6 +8,7 @@ secretGenerator: type: Opaque behavior: create literals: + - host=mariadb.localhost:3306 - database=nextcloud - username=nextcloud - - password=replaceme + - password=changeme diff --git a/kustomize/bases/nextcloud/nextcloud-deployment.yaml b/kustomize/bases/nextcloud/nextcloud-deployment.yaml index 658e723..3a1694b 100644 --- a/kustomize/bases/nextcloud/nextcloud-deployment.yaml +++ b/kustomize/bases/nextcloud/nextcloud-deployment.yaml @@ -20,7 +20,10 @@ spec: - name: TRUSTED_PROXIES value: 10.0.0.0/8 - name: MYSQL_HOST - value: mariadb.nextcloud.svc:3306 + valueFrom: + secretKeyRef: + name: mariadb-credentials-secret + key: host - name: MYSQL_DATABASE valueFrom: secretKeyRef: diff --git a/kustomize/namespaces/cert-manager/kustomization.yaml b/kustomize/namespaces/cert-manager/kustomization.yaml new file mode 100644 index 0000000..642906a --- /dev/null +++ b/kustomize/namespaces/cert-manager/kustomization.yaml @@ -0,0 +1,4 @@ +bases: + - ../../bases/cert-manager + +# namespace: cert-manager diff --git a/kustomize/namespaces/kube-system/kustomization.yaml b/kustomize/namespaces/kube-system/kustomization.yaml index 23a1c19..580fcb3 100644 --- a/kustomize/namespaces/kube-system/kustomization.yaml +++ b/kustomize/namespaces/kube-system/kustomization.yaml @@ -1,5 +1,4 @@ bases: - ../../bases/ingress-nginx - - ../../bases/cert-manager namespace: kube-system diff --git a/kustomize/overlays/dev-auto-deploy/kustomization.yaml b/kustomize/overlays/dev-auto-deploy/kustomization.yaml index b504660..984db07 100644 --- a/kustomize/overlays/dev-auto-deploy/kustomization.yaml +++ b/kustomize/overlays/dev-auto-deploy/kustomization.yaml @@ -1,5 +1,6 @@ bases: - ../../namespaces/kube-system + - ../../namespaces/cert-manager # allow "kubectl apply -l managed-by=auto-deploy --prune ..." commonlabels: diff --git a/setup-dev-cluster.sh b/setup-dev-cluster.sh index 3ec9bc5..8157173 100755 --- a/setup-dev-cluster.sh +++ b/setup-dev-cluster.sh @@ -27,8 +27,9 @@ if ! k3d cluster list "$cluster_name" &>/dev/null; then --agents 3 \ --k3s-server-arg '--no-deploy=traefik' \ --volume "$k3s_registry_config:/etc/rancher/k3s/registries.yaml" \ - -p 8080:80@loadbalancer - sleep 1 + -p 80:80@loadbalancer \ + -p 443:443@loadbalancer + sleep 10 fi # --volume ":/var/lib/rancher/k3s/server/manifests/auto-deploy.yaml" \ @@ -44,6 +45,36 @@ if ! docker ps -a | grep registry.localhost &>/dev/null; then docker network connect "k3d-$cluster_name" registry.localhost fi +# local mariadb database +if ! docker ps -a | grep mariadb.localhost &>/dev/null; then + docker volume create local_mariadb + docker run -d \ + --name mariadb.localhost \ + --volume local_mariadb:/var/lib/mysql \ + --restart always \ + --env MYSQL_ROOT_PASSWORD=changeme \ + -p 3306:3306 \ + mariadb:10.5 + docker network connect "k3d-$cluster_name" mariadb.localhost + sleep 10 +fi + +docker exec mariadb.localhost mysql -vv -uroot -pchangeme -e " +CREATE DATABASE IF NOT EXISTS gitea; +CREATE USER IF NOT EXISTS 'gitea'@'%' IDENTIFIED BY 'changeme'; +GRANT ALL PRIVILEGES ON gitea.* TO 'gitea'@'%'; + +CREATE DATABASE IF NOT EXISTS grafana; +CREATE USER IF NOT EXISTS 'grafana'@'%' IDENTIFIED BY 'changeme'; +GRANT ALL PRIVILEGES ON grafana.* TO 'grafana'@'%'; + +CREATE DATABASE IF NOT EXISTS nextcloud; +CREATE USER IF NOT EXISTS 'nextcloud'@'%' IDENTIFIED BY 'changeme'; +GRANT ALL PRIVILEGES ON grafana.* TO 'nextcloud'@'%'; + +FLUSH PRIVILEGES; +" + k3d kubeconfig merge "$cluster_name" --switch-context >/dev/null kubectl apply -f "$auto_deploy_manifest" kubectl get nodes \ No newline at end of file