From 68e250b9187ab85940c6f69b737c8fdb1ea49c6e Mon Sep 17 00:00:00 2001 From: Massaki Archambault Date: Mon, 18 May 2020 16:18:39 -0400 Subject: [PATCH] cleanup, separate some apps --- Makefile | 10 ++++- docker-compose.yml | 41 ++++++++++++------- .../base/gitea/drone-runner-deployment.yaml | 2 +- .../base/gitea/drone-server-deployment.yaml | 4 +- kustomize/base/gitea/gitea-deployment.yaml | 4 +- kustomize/base/gitea/kustomization.yaml | 4 +- .../base/ingress-nginx/kustomization.yaml | 4 +- ...nx-ingress-controller-nodeport-patch.yaml} | 0 ...ngress-controller-nodeselector-patch.yaml} | 0 ...l => kubernetes-dashboard-admin-user.yaml} | 0 ...yaml => kubernetes-dashboard-ingress.yaml} | 2 +- .../kubernetes-dashboard/kustomization.yaml | 4 +- .../base/mariadb/mariadb-statefulset.yaml | 2 +- .../grafana/grafana-deployment.yaml | 4 +- .../monitoring/prometheus/prometheus-crd.yaml | 2 +- .../base/nextcloud/nextcloud-deployment.yaml | 4 +- .../base/nfs-provisionner/kustomization.yaml | 4 +- ...=> nfs-provisionner-deployment-patch.yaml} | 0 ...aml => nfs-provisionner-storageclass.yaml} | 0 kustomize/environment/all/kustomization.yaml | 8 ++++ kustomize/environment/dev/kustomization.yaml | 15 +++---- .../prod/cert-manager/clusterissuer.yaml | 25 +++++++++++ .../prod/cert-manager/kustomizeconfig.yaml | 6 +++ startup.sh | 2 + 24 files changed, 101 insertions(+), 46 deletions(-) rename kustomize/base/ingress-nginx/{nodeport-patch.yaml => nginx-ingress-controller-nodeport-patch.yaml} (100%) rename kustomize/base/ingress-nginx/{nodeselector-patch.yaml => nginx-ingress-controller-nodeselector-patch.yaml} (100%) rename kustomize/base/kubernetes-dashboard/{admin-user.yaml => kubernetes-dashboard-admin-user.yaml} (100%) rename kustomize/base/kubernetes-dashboard/{ingress.yaml => kubernetes-dashboard-ingress.yaml} (89%) rename kustomize/base/nfs-provisionner/{deployment-patch.yaml => nfs-provisionner-deployment-patch.yaml} (100%) rename kustomize/base/nfs-provisionner/{storageclass.yaml => nfs-provisionner-storageclass.yaml} (100%) create mode 100644 kustomize/environment/all/kustomization.yaml create mode 100644 kustomize/environment/prod/cert-manager/clusterissuer.yaml create mode 100644 kustomize/environment/prod/cert-manager/kustomizeconfig.yaml create mode 100755 startup.sh diff --git a/Makefile b/Makefile index 47362cf..72243ce 100644 --- a/Makefile +++ b/Makefile @@ -9,16 +9,20 @@ KUBECTLAPPLYFLAGS = -l managed-by=kustomize --prune SRC := $(shell find kustomize/ -type f) OUTDIR = build +# all environments +KUSTOMIZEDIRALL = kustomize/environment/all +KUSTOMIZEOUTALL = $(OUTDIR)/all/manifest.yaml + ifeq ($(environment),prod) # prod KUSTOMIZEDIR = kustomize/environment/prod - KUSTOMIZEOUT = $(OUTDIR)/prod/out.yaml + KUSTOMIZEOUT = $(OUTDIR)/prod/manifest.yaml else # dev environment = dev KUBECTLFLAGS += --kubeconfig kubectl/kubeconfig.yaml KUSTOMIZEDIR = kustomize/environment/dev - KUSTOMIZEOUT = $(OUTDIR)/dev/out.yaml + KUSTOMIZEOUT = $(OUTDIR)/dev/manifest.yaml endif .PHONY: info clean diff apply @@ -32,7 +36,9 @@ clean: rm -r $(OUTDIR) $(KUSTOMIZEOUT): $(SRC) + @mkdir -p $(dir $(KUSTOMIZEOUTALL)) @mkdir -p $(dir $(KUSTOMIZEOUT)) + $(KUSTOMIZE) build $(KUSTOMIZEFLAGS) $(KUSTOMIZEDIRALL) >$(KUSTOMIZEOUTALL) || (rm $(KUSTOMIZEOUTALL); exit 1) $(KUSTOMIZE) build $(KUSTOMIZEFLAGS) $(KUSTOMIZEDIR) >$(KUSTOMIZEOUT) || (rm $(KUSTOMIZEOUT); exit 1) diff: $(KUSTOMIZEOUT) diff --git a/docker-compose.yml b/docker-compose.yml index a93ee0d..ea144a4 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,39 +1,50 @@ version: '3' services: + # startup: + # image: bash:5 + # command: -xe /host/startup.sh + # volumes: + # - manifests:/manifests + # - .:/host:ro server: - image: "rancher/k3s" + image: rancher/k3s restart: always command: server --disable traefik --disable local-storage --kubelet-arg authentication-token-webhook --kubelet-arg authorization-mode=Webhook tmpfs: - - /run - - /var/run + - /run + - /var/run privileged: true environment: - - K3S_CLUSTER_SECRET=${K3S_CLUSTER_SECRET:-replaceme} - - K3S_KUBECONFIG_OUTPUT=/host/kubectl/kubeconfig.yaml - - K3S_KUBECONFIG_MODE=666 + - K3S_CLUSTER_SECRET=${K3S_CLUSTER_SECRET:-replaceme} + - K3S_KUBECONFIG_OUTPUT=/host/kubectl/kubeconfig.yaml + - K3S_KUBECONFIG_MODE=666 volumes: - - k3s_data:/var/lib/rancher/k3s - - nfs_data:/srv/nfs - - .:/host + - k3s_data:/var/lib/rancher/k3s + - nfs_data:/srv/nfs + - manifests:/var/lib/rancher/k3s/server/manifests/manifests:ro + - .:/host ports: - 80:30080 - 443:30443 - 6443:6443 agent: - image: "rancher/k3s" + image: rancher/k3s restart: always command: agent --kubelet-arg authentication-token-webhook --kubelet-arg authorization-mode=Webhook tmpfs: - - /run - - /var/run + - /run + - /var/run privileged: true environment: - - K3S_URL=https://server:6443 - - K3S_CLUSTER_SECRET=${K3S_CLUSTER_SECRET:-replaceme} + - K3S_URL=https://server:6443 + - K3S_CLUSTER_SECRET=${K3S_CLUSTER_SECRET:-replaceme} volumes: - nfs_data:/srv/nfs volumes: k3s_data: - nfs_data: \ No newline at end of file + nfs_data: + manifests: + driver_opts: + type: tmpfs + device: tmpfs diff --git a/kustomize/base/gitea/drone-runner-deployment.yaml b/kustomize/base/gitea/drone-runner-deployment.yaml index 353d937..a4793f1 100644 --- a/kustomize/base/gitea/drone-runner-deployment.yaml +++ b/kustomize/base/gitea/drone-runner-deployment.yaml @@ -1,7 +1,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: drone-runner-deployment + name: drone-runner labels: app: drone component: runner diff --git a/kustomize/base/gitea/drone-server-deployment.yaml b/kustomize/base/gitea/drone-server-deployment.yaml index be81ad3..6104689 100644 --- a/kustomize/base/gitea/drone-server-deployment.yaml +++ b/kustomize/base/gitea/drone-server-deployment.yaml @@ -1,7 +1,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: drone-server-deployment + name: drone-server labels: app: drone component: server @@ -62,7 +62,7 @@ spec: apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: - name: drone-ingress + name: drone labels: app: drone annotations: diff --git a/kustomize/base/gitea/gitea-deployment.yaml b/kustomize/base/gitea/gitea-deployment.yaml index 3adc33a..8071034 100644 --- a/kustomize/base/gitea/gitea-deployment.yaml +++ b/kustomize/base/gitea/gitea-deployment.yaml @@ -1,7 +1,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: gitea-deployment + name: gitea labels: app: gitea spec: @@ -113,7 +113,7 @@ spec: apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: - name: gitea-ingress + name: gitea labels: app: gitea annotations: diff --git a/kustomize/base/gitea/kustomization.yaml b/kustomize/base/gitea/kustomization.yaml index 108f0cd..2a83af0 100644 --- a/kustomize/base/gitea/kustomization.yaml +++ b/kustomize/base/gitea/kustomization.yaml @@ -32,13 +32,13 @@ vars: objref: apiVersion: networking.k8s.io/v1beta1 kind: Ingress - name: gitea-ingress + name: gitea fieldref: fieldpath: spec.rules[0].host - name: DRONE_EXTERNAL_HOST objref: apiVersion: networking.k8s.io/v1beta1 kind: Ingress - name: drone-ingress + name: drone fieldref: fieldpath: spec.rules[0].host \ No newline at end of file diff --git a/kustomize/base/ingress-nginx/kustomization.yaml b/kustomize/base/ingress-nginx/kustomization.yaml index d5bbbad..e0fee8c 100644 --- a/kustomize/base/ingress-nginx/kustomization.yaml +++ b/kustomize/base/ingress-nginx/kustomization.yaml @@ -2,8 +2,8 @@ generators: - nginx-ingress-controller.yaml patchesStrategicMerge: - - nodeselector-patch.yaml - - nodeport-patch.yaml + - nginx-ingress-controller-nodeselector-patch.yaml + - nginx-ingress-controller-nodeport-patch.yaml namespace: ingress-nginx diff --git a/kustomize/base/ingress-nginx/nodeport-patch.yaml b/kustomize/base/ingress-nginx/nginx-ingress-controller-nodeport-patch.yaml similarity index 100% rename from kustomize/base/ingress-nginx/nodeport-patch.yaml rename to kustomize/base/ingress-nginx/nginx-ingress-controller-nodeport-patch.yaml diff --git a/kustomize/base/ingress-nginx/nodeselector-patch.yaml b/kustomize/base/ingress-nginx/nginx-ingress-controller-nodeselector-patch.yaml similarity index 100% rename from kustomize/base/ingress-nginx/nodeselector-patch.yaml rename to kustomize/base/ingress-nginx/nginx-ingress-controller-nodeselector-patch.yaml diff --git a/kustomize/base/kubernetes-dashboard/admin-user.yaml b/kustomize/base/kubernetes-dashboard/kubernetes-dashboard-admin-user.yaml similarity index 100% rename from kustomize/base/kubernetes-dashboard/admin-user.yaml rename to kustomize/base/kubernetes-dashboard/kubernetes-dashboard-admin-user.yaml diff --git a/kustomize/base/kubernetes-dashboard/ingress.yaml b/kustomize/base/kubernetes-dashboard/kubernetes-dashboard-ingress.yaml similarity index 89% rename from kustomize/base/kubernetes-dashboard/ingress.yaml rename to kustomize/base/kubernetes-dashboard/kubernetes-dashboard-ingress.yaml index 641dc5c..50929fa 100644 --- a/kustomize/base/kubernetes-dashboard/ingress.yaml +++ b/kustomize/base/kubernetes-dashboard/kubernetes-dashboard-ingress.yaml @@ -1,7 +1,7 @@ apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: - name: kubernetes-dashboard-ingress + name: kubernetes-dashboard labels: app: kubernetes-dashboard annotations: diff --git a/kustomize/base/kubernetes-dashboard/kustomization.yaml b/kustomize/base/kubernetes-dashboard/kustomization.yaml index 26cda2f..f7709fc 100644 --- a/kustomize/base/kubernetes-dashboard/kustomization.yaml +++ b/kustomize/base/kubernetes-dashboard/kustomization.yaml @@ -1,6 +1,6 @@ resources: - - admin-user.yaml - - ingress.yaml + - kubernetes-dashboard-admin-user.yaml + - kubernetes-dashboard-ingress.yaml generators: - kubernetes-dashboard.yaml diff --git a/kustomize/base/mariadb/mariadb-statefulset.yaml b/kustomize/base/mariadb/mariadb-statefulset.yaml index 387fea9..6e1c223 100644 --- a/kustomize/base/mariadb/mariadb-statefulset.yaml +++ b/kustomize/base/mariadb/mariadb-statefulset.yaml @@ -1,7 +1,7 @@ apiVersion: apps/v1 kind: StatefulSet metadata: - name: mariadb-statefulset + name: mariadb spec: selector: matchLabels: diff --git a/kustomize/base/monitoring/grafana/grafana-deployment.yaml b/kustomize/base/monitoring/grafana/grafana-deployment.yaml index dc1eae6..3d7a7da 100644 --- a/kustomize/base/monitoring/grafana/grafana-deployment.yaml +++ b/kustomize/base/monitoring/grafana/grafana-deployment.yaml @@ -1,7 +1,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: grafana-deployment + name: grafana spec: selector: matchLabels: @@ -65,7 +65,7 @@ spec: apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: - name: grafana-ingress + name: grafana annotations: nginx.ingress.kubernetes.io/rewrite-target: / cert-manager.io/cluster-issuer: letsencrypt diff --git a/kustomize/base/monitoring/prometheus/prometheus-crd.yaml b/kustomize/base/monitoring/prometheus/prometheus-crd.yaml index 0d56512..2565ee6 100644 --- a/kustomize/base/monitoring/prometheus/prometheus-crd.yaml +++ b/kustomize/base/monitoring/prometheus/prometheus-crd.yaml @@ -32,7 +32,7 @@ spec: apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: - name: prometheus-ingress + name: prometheus annotations: nginx.ingress.kubernetes.io/rewrite-target: / cert-manager.io/cluster-issuer: letsencrypt diff --git a/kustomize/base/nextcloud/nextcloud-deployment.yaml b/kustomize/base/nextcloud/nextcloud-deployment.yaml index 0ac252d..8c2927b 100644 --- a/kustomize/base/nextcloud/nextcloud-deployment.yaml +++ b/kustomize/base/nextcloud/nextcloud-deployment.yaml @@ -1,7 +1,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: nextcloud-deployment + name: nextcloud labels: app: nextcloud spec: @@ -78,7 +78,7 @@ spec: apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: - name: nextcloud-ingress + name: nextcloud labels: app: nextcloud annotations: diff --git a/kustomize/base/nfs-provisionner/kustomization.yaml b/kustomize/base/nfs-provisionner/kustomization.yaml index e195ee9..50222fe 100644 --- a/kustomize/base/nfs-provisionner/kustomization.yaml +++ b/kustomize/base/nfs-provisionner/kustomization.yaml @@ -1,5 +1,5 @@ resources: - - storageclass.yaml + - nfs-provisionner-storageclass.yaml generators: - nfs-provisionner.yaml @@ -7,4 +7,4 @@ generators: namespace: kube-system patchesStrategicMerge: - - deployment-patch.yaml \ No newline at end of file + - nfs-provisionner-deployment-patch.yaml \ No newline at end of file diff --git a/kustomize/base/nfs-provisionner/deployment-patch.yaml b/kustomize/base/nfs-provisionner/nfs-provisionner-deployment-patch.yaml similarity index 100% rename from kustomize/base/nfs-provisionner/deployment-patch.yaml rename to kustomize/base/nfs-provisionner/nfs-provisionner-deployment-patch.yaml diff --git a/kustomize/base/nfs-provisionner/storageclass.yaml b/kustomize/base/nfs-provisionner/nfs-provisionner-storageclass.yaml similarity index 100% rename from kustomize/base/nfs-provisionner/storageclass.yaml rename to kustomize/base/nfs-provisionner/nfs-provisionner-storageclass.yaml diff --git a/kustomize/environment/all/kustomization.yaml b/kustomize/environment/all/kustomization.yaml new file mode 100644 index 0000000..72c5089 --- /dev/null +++ b/kustomize/environment/all/kustomization.yaml @@ -0,0 +1,8 @@ +bases: + - ../../base/nfs-provisionner + - ../../base/ingress-nginx + - ../../base/cert-manager + +# allow "kubectl apply -l managed-by=k3s --prune ..." +commonlabels: + managed-by: k3s diff --git a/kustomize/environment/dev/kustomization.yaml b/kustomize/environment/dev/kustomization.yaml index 854cb86..7876cf9 100644 --- a/kustomize/environment/dev/kustomization.yaml +++ b/kustomize/environment/dev/kustomization.yaml @@ -1,7 +1,4 @@ bases: - - ../../base/nfs-provisionner - - ../../base/ingress-nginx - - ../../base/cert-manager - ../../base/kubernetes-dashboard - ../../base/gitea - ../../base/nextcloud @@ -30,7 +27,7 @@ patchesJson6902: group: networking.k8s.io version: v1beta1 kind: Ingress - name: kubernetes-dashboard-ingress + name: kubernetes-dashboard patch: |- - op: replace path: /spec/tls/0/hosts/0 @@ -40,7 +37,7 @@ patchesJson6902: value: kubernetes-dashboard.staging.badjware.dev - target: <<: *ingress_target - name: prometheus-ingress + name: prometheus patch: |- - op: replace path: /spec/tls/0/hosts/0 @@ -50,7 +47,7 @@ patchesJson6902: value: prometheus.staging.badjware.dev - target: <<: *ingress_target - name: grafana-ingress + name: grafana patch: |- - op: replace path: /spec/tls/0/hosts/0 @@ -60,7 +57,7 @@ patchesJson6902: value: grafana.staging.badjware.dev - target: <<: *ingress_target - name: nextcloud-ingress + name: nextcloud patch: |- - op: replace path: /spec/tls/0/hosts/0 @@ -70,7 +67,7 @@ patchesJson6902: value: nextcloud.staging.badjware.dev - target: <<: *ingress_target - name: gitea-ingress + name: gitea patch: |- - op: replace path: /spec/tls/0/hosts/0 @@ -80,7 +77,7 @@ patchesJson6902: value: gitea.staging.badjware.dev - target: <<: *ingress_target - name: drone-ingress + name: drone patch: |- - op: replace path: /spec/tls/0/hosts/0 diff --git a/kustomize/environment/prod/cert-manager/clusterissuer.yaml b/kustomize/environment/prod/cert-manager/clusterissuer.yaml new file mode 100644 index 0000000..3793dc1 --- /dev/null +++ b/kustomize/environment/prod/cert-manager/clusterissuer.yaml @@ -0,0 +1,25 @@ +apiVersion: cert-manager.io/v1alpha2 +kind: ClusterIssuer +metadata: + name: letsencrypt + namespace: cert-manager +spec: + acme: + # You must replace this email address with your own. + # Let's Encrypt will use this to contact you about expiring + # certificates, and issues related to your account. + email: marchambault@badjware.dev + server: https://acme-v02.api.letsencrypt.org/directory + privateKeySecretRef: + # Secret resource that will be used to store the account's private key. + name: letsencrypt-cert + solvers: + - selector: + dnsZones: + - badjware.dev + dns01: + cnameStrategy: Follow + digitalocean: + tokenSecretRef: + name: digitalocean-api-key + key: access-token \ No newline at end of file diff --git a/kustomize/environment/prod/cert-manager/kustomizeconfig.yaml b/kustomize/environment/prod/cert-manager/kustomizeconfig.yaml new file mode 100644 index 0000000..e4c3acb --- /dev/null +++ b/kustomize/environment/prod/cert-manager/kustomizeconfig.yaml @@ -0,0 +1,6 @@ +nameReference: + - version: v1 + kind: Secret + fieldSpecs: + - kind: ClusterIssuer + path: spec/acme/solvers/dns01/digitalocean/tokenSecretRef/name diff --git a/startup.sh b/startup.sh new file mode 100755 index 0000000..1846e5b --- /dev/null +++ b/startup.sh @@ -0,0 +1,2 @@ +#/bin/bash +cp /host/build/all/* /manifests