cleanup, separate some apps
This commit is contained in:
parent
65d826b87e
commit
68e250b918
10
Makefile
10
Makefile
|
@ -9,16 +9,20 @@ KUBECTLAPPLYFLAGS = -l managed-by=kustomize --prune
|
|||
SRC := $(shell find kustomize/ -type f)
|
||||
OUTDIR = build
|
||||
|
||||
# all environments
|
||||
KUSTOMIZEDIRALL = kustomize/environment/all
|
||||
KUSTOMIZEOUTALL = $(OUTDIR)/all/manifest.yaml
|
||||
|
||||
ifeq ($(environment),prod)
|
||||
# prod
|
||||
KUSTOMIZEDIR = kustomize/environment/prod
|
||||
KUSTOMIZEOUT = $(OUTDIR)/prod/out.yaml
|
||||
KUSTOMIZEOUT = $(OUTDIR)/prod/manifest.yaml
|
||||
else
|
||||
# dev
|
||||
environment = dev
|
||||
KUBECTLFLAGS += --kubeconfig kubectl/kubeconfig.yaml
|
||||
KUSTOMIZEDIR = kustomize/environment/dev
|
||||
KUSTOMIZEOUT = $(OUTDIR)/dev/out.yaml
|
||||
KUSTOMIZEOUT = $(OUTDIR)/dev/manifest.yaml
|
||||
endif
|
||||
|
||||
.PHONY: info clean diff apply
|
||||
|
@ -32,7 +36,9 @@ clean:
|
|||
rm -r $(OUTDIR)
|
||||
|
||||
$(KUSTOMIZEOUT): $(SRC)
|
||||
@mkdir -p $(dir $(KUSTOMIZEOUTALL))
|
||||
@mkdir -p $(dir $(KUSTOMIZEOUT))
|
||||
$(KUSTOMIZE) build $(KUSTOMIZEFLAGS) $(KUSTOMIZEDIRALL) >$(KUSTOMIZEOUTALL) || (rm $(KUSTOMIZEOUTALL); exit 1)
|
||||
$(KUSTOMIZE) build $(KUSTOMIZEFLAGS) $(KUSTOMIZEDIR) >$(KUSTOMIZEOUT) || (rm $(KUSTOMIZEOUT); exit 1)
|
||||
|
||||
diff: $(KUSTOMIZEOUT)
|
||||
|
|
|
@ -1,39 +1,50 @@
|
|||
version: '3'
|
||||
services:
|
||||
# startup:
|
||||
# image: bash:5
|
||||
# command: -xe /host/startup.sh
|
||||
# volumes:
|
||||
# - manifests:/manifests
|
||||
# - .:/host:ro
|
||||
server:
|
||||
image: "rancher/k3s"
|
||||
image: rancher/k3s
|
||||
restart: always
|
||||
command: server --disable traefik --disable local-storage --kubelet-arg authentication-token-webhook --kubelet-arg authorization-mode=Webhook
|
||||
tmpfs:
|
||||
- /run
|
||||
- /var/run
|
||||
- /run
|
||||
- /var/run
|
||||
privileged: true
|
||||
environment:
|
||||
- K3S_CLUSTER_SECRET=${K3S_CLUSTER_SECRET:-replaceme}
|
||||
- K3S_KUBECONFIG_OUTPUT=/host/kubectl/kubeconfig.yaml
|
||||
- K3S_KUBECONFIG_MODE=666
|
||||
- K3S_CLUSTER_SECRET=${K3S_CLUSTER_SECRET:-replaceme}
|
||||
- K3S_KUBECONFIG_OUTPUT=/host/kubectl/kubeconfig.yaml
|
||||
- K3S_KUBECONFIG_MODE=666
|
||||
volumes:
|
||||
- k3s_data:/var/lib/rancher/k3s
|
||||
- nfs_data:/srv/nfs
|
||||
- .:/host
|
||||
- k3s_data:/var/lib/rancher/k3s
|
||||
- nfs_data:/srv/nfs
|
||||
- manifests:/var/lib/rancher/k3s/server/manifests/manifests:ro
|
||||
- .:/host
|
||||
ports:
|
||||
- 80:30080
|
||||
- 443:30443
|
||||
- 6443:6443
|
||||
agent:
|
||||
image: "rancher/k3s"
|
||||
image: rancher/k3s
|
||||
restart: always
|
||||
command: agent --kubelet-arg authentication-token-webhook --kubelet-arg authorization-mode=Webhook
|
||||
tmpfs:
|
||||
- /run
|
||||
- /var/run
|
||||
- /run
|
||||
- /var/run
|
||||
privileged: true
|
||||
environment:
|
||||
- K3S_URL=https://server:6443
|
||||
- K3S_CLUSTER_SECRET=${K3S_CLUSTER_SECRET:-replaceme}
|
||||
- K3S_URL=https://server:6443
|
||||
- K3S_CLUSTER_SECRET=${K3S_CLUSTER_SECRET:-replaceme}
|
||||
volumes:
|
||||
- nfs_data:/srv/nfs
|
||||
|
||||
volumes:
|
||||
k3s_data:
|
||||
nfs_data:
|
||||
nfs_data:
|
||||
manifests:
|
||||
driver_opts:
|
||||
type: tmpfs
|
||||
device: tmpfs
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: drone-runner-deployment
|
||||
name: drone-runner
|
||||
labels:
|
||||
app: drone
|
||||
component: runner
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: drone-server-deployment
|
||||
name: drone-server
|
||||
labels:
|
||||
app: drone
|
||||
component: server
|
||||
|
@ -62,7 +62,7 @@ spec:
|
|||
apiVersion: networking.k8s.io/v1beta1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: drone-ingress
|
||||
name: drone
|
||||
labels:
|
||||
app: drone
|
||||
annotations:
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: gitea-deployment
|
||||
name: gitea
|
||||
labels:
|
||||
app: gitea
|
||||
spec:
|
||||
|
@ -113,7 +113,7 @@ spec:
|
|||
apiVersion: networking.k8s.io/v1beta1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: gitea-ingress
|
||||
name: gitea
|
||||
labels:
|
||||
app: gitea
|
||||
annotations:
|
||||
|
|
|
@ -32,13 +32,13 @@ vars:
|
|||
objref:
|
||||
apiVersion: networking.k8s.io/v1beta1
|
||||
kind: Ingress
|
||||
name: gitea-ingress
|
||||
name: gitea
|
||||
fieldref:
|
||||
fieldpath: spec.rules[0].host
|
||||
- name: DRONE_EXTERNAL_HOST
|
||||
objref:
|
||||
apiVersion: networking.k8s.io/v1beta1
|
||||
kind: Ingress
|
||||
name: drone-ingress
|
||||
name: drone
|
||||
fieldref:
|
||||
fieldpath: spec.rules[0].host
|
|
@ -2,8 +2,8 @@ generators:
|
|||
- nginx-ingress-controller.yaml
|
||||
|
||||
patchesStrategicMerge:
|
||||
- nodeselector-patch.yaml
|
||||
- nodeport-patch.yaml
|
||||
- nginx-ingress-controller-nodeselector-patch.yaml
|
||||
- nginx-ingress-controller-nodeport-patch.yaml
|
||||
|
||||
namespace: ingress-nginx
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
apiVersion: networking.k8s.io/v1beta1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: kubernetes-dashboard-ingress
|
||||
name: kubernetes-dashboard
|
||||
labels:
|
||||
app: kubernetes-dashboard
|
||||
annotations:
|
|
@ -1,6 +1,6 @@
|
|||
resources:
|
||||
- admin-user.yaml
|
||||
- ingress.yaml
|
||||
- kubernetes-dashboard-admin-user.yaml
|
||||
- kubernetes-dashboard-ingress.yaml
|
||||
|
||||
generators:
|
||||
- kubernetes-dashboard.yaml
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
metadata:
|
||||
name: mariadb-statefulset
|
||||
name: mariadb
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: grafana-deployment
|
||||
name: grafana
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
|
@ -65,7 +65,7 @@ spec:
|
|||
apiVersion: networking.k8s.io/v1beta1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: grafana-ingress
|
||||
name: grafana
|
||||
annotations:
|
||||
nginx.ingress.kubernetes.io/rewrite-target: /
|
||||
cert-manager.io/cluster-issuer: letsencrypt
|
||||
|
|
|
@ -32,7 +32,7 @@ spec:
|
|||
apiVersion: networking.k8s.io/v1beta1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: prometheus-ingress
|
||||
name: prometheus
|
||||
annotations:
|
||||
nginx.ingress.kubernetes.io/rewrite-target: /
|
||||
cert-manager.io/cluster-issuer: letsencrypt
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: nextcloud-deployment
|
||||
name: nextcloud
|
||||
labels:
|
||||
app: nextcloud
|
||||
spec:
|
||||
|
@ -78,7 +78,7 @@ spec:
|
|||
apiVersion: networking.k8s.io/v1beta1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: nextcloud-ingress
|
||||
name: nextcloud
|
||||
labels:
|
||||
app: nextcloud
|
||||
annotations:
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
resources:
|
||||
- storageclass.yaml
|
||||
- nfs-provisionner-storageclass.yaml
|
||||
|
||||
generators:
|
||||
- nfs-provisionner.yaml
|
||||
|
@ -7,4 +7,4 @@ generators:
|
|||
namespace: kube-system
|
||||
|
||||
patchesStrategicMerge:
|
||||
- deployment-patch.yaml
|
||||
- nfs-provisionner-deployment-patch.yaml
|
|
@ -0,0 +1,8 @@
|
|||
bases:
|
||||
- ../../base/nfs-provisionner
|
||||
- ../../base/ingress-nginx
|
||||
- ../../base/cert-manager
|
||||
|
||||
# allow "kubectl apply -l managed-by=k3s --prune ..."
|
||||
commonlabels:
|
||||
managed-by: k3s
|
|
@ -1,7 +1,4 @@
|
|||
bases:
|
||||
- ../../base/nfs-provisionner
|
||||
- ../../base/ingress-nginx
|
||||
- ../../base/cert-manager
|
||||
- ../../base/kubernetes-dashboard
|
||||
- ../../base/gitea
|
||||
- ../../base/nextcloud
|
||||
|
@ -30,7 +27,7 @@ patchesJson6902:
|
|||
group: networking.k8s.io
|
||||
version: v1beta1
|
||||
kind: Ingress
|
||||
name: kubernetes-dashboard-ingress
|
||||
name: kubernetes-dashboard
|
||||
patch: |-
|
||||
- op: replace
|
||||
path: /spec/tls/0/hosts/0
|
||||
|
@ -40,7 +37,7 @@ patchesJson6902:
|
|||
value: kubernetes-dashboard.staging.badjware.dev
|
||||
- target:
|
||||
<<: *ingress_target
|
||||
name: prometheus-ingress
|
||||
name: prometheus
|
||||
patch: |-
|
||||
- op: replace
|
||||
path: /spec/tls/0/hosts/0
|
||||
|
@ -50,7 +47,7 @@ patchesJson6902:
|
|||
value: prometheus.staging.badjware.dev
|
||||
- target:
|
||||
<<: *ingress_target
|
||||
name: grafana-ingress
|
||||
name: grafana
|
||||
patch: |-
|
||||
- op: replace
|
||||
path: /spec/tls/0/hosts/0
|
||||
|
@ -60,7 +57,7 @@ patchesJson6902:
|
|||
value: grafana.staging.badjware.dev
|
||||
- target:
|
||||
<<: *ingress_target
|
||||
name: nextcloud-ingress
|
||||
name: nextcloud
|
||||
patch: |-
|
||||
- op: replace
|
||||
path: /spec/tls/0/hosts/0
|
||||
|
@ -70,7 +67,7 @@ patchesJson6902:
|
|||
value: nextcloud.staging.badjware.dev
|
||||
- target:
|
||||
<<: *ingress_target
|
||||
name: gitea-ingress
|
||||
name: gitea
|
||||
patch: |-
|
||||
- op: replace
|
||||
path: /spec/tls/0/hosts/0
|
||||
|
@ -80,7 +77,7 @@ patchesJson6902:
|
|||
value: gitea.staging.badjware.dev
|
||||
- target:
|
||||
<<: *ingress_target
|
||||
name: drone-ingress
|
||||
name: drone
|
||||
patch: |-
|
||||
- op: replace
|
||||
path: /spec/tls/0/hosts/0
|
||||
|
|
|
@ -0,0 +1,25 @@
|
|||
apiVersion: cert-manager.io/v1alpha2
|
||||
kind: ClusterIssuer
|
||||
metadata:
|
||||
name: letsencrypt
|
||||
namespace: cert-manager
|
||||
spec:
|
||||
acme:
|
||||
# You must replace this email address with your own.
|
||||
# Let's Encrypt will use this to contact you about expiring
|
||||
# certificates, and issues related to your account.
|
||||
email: marchambault@badjware.dev
|
||||
server: https://acme-v02.api.letsencrypt.org/directory
|
||||
privateKeySecretRef:
|
||||
# Secret resource that will be used to store the account's private key.
|
||||
name: letsencrypt-cert
|
||||
solvers:
|
||||
- selector:
|
||||
dnsZones:
|
||||
- badjware.dev
|
||||
dns01:
|
||||
cnameStrategy: Follow
|
||||
digitalocean:
|
||||
tokenSecretRef:
|
||||
name: digitalocean-api-key
|
||||
key: access-token
|
|
@ -0,0 +1,6 @@
|
|||
nameReference:
|
||||
- version: v1
|
||||
kind: Secret
|
||||
fieldSpecs:
|
||||
- kind: ClusterIssuer
|
||||
path: spec/acme/solvers/dns01/digitalocean/tokenSecretRef/name
|
|
@ -0,0 +1,2 @@
|
|||
#/bin/bash
|
||||
cp /host/build/all/* /manifests
|
Loading…
Reference in New Issue