badjware
/
home-stack-kustomize
1
0
Fork 0
Code Releases Activity

cleanup, separate some apps

This commit is contained in:
Massaki Archambault 2020-05-18 16:18:39 -04:00
parent 65d826b87e
commit 68e250b918
24 changed files with 101 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Makefile
View File

@ -9,16 +9,20 @@ KUBECTLAPPLYFLAGS = -l managed-by=kustomize --prune
SRC := $(shell find kustomize/ -type f) SRC := $(shell find kustomize/ -type f)
OUTDIR = build OUTDIR = build
# all environments
KUSTOMIZEDIRALL = kustomize/environment/all
KUSTOMIZEOUTALL = $(OUTDIR)/all/manifest.yaml
ifeq ($(environment),prod) ifeq ($(environment),prod)
# prod # prod
KUSTOMIZEDIR = kustomize/environment/prod KUSTOMIZEDIR = kustomize/environment/prod
KUSTOMIZEOUT = $(OUTDIR)/prod/out.yaml KUSTOMIZEOUT = $(OUTDIR)/prod/manifest.yaml
else else
# dev # dev
environment = dev environment = dev
KUBECTLFLAGS += --kubeconfig kubectl/kubeconfig.yaml KUBECTLFLAGS += --kubeconfig kubectl/kubeconfig.yaml
KUSTOMIZEDIR = kustomize/environment/dev KUSTOMIZEDIR = kustomize/environment/dev
KUSTOMIZEOUT = $(OUTDIR)/dev/out.yaml KUSTOMIZEOUT = $(OUTDIR)/dev/manifest.yaml
endif endif
.PHONY: info clean diff apply .PHONY: info clean diff apply
@ -32,7 +36,9 @@ clean:
rm -r $(OUTDIR) rm -r $(OUTDIR)
$(KUSTOMIZEOUT): $(SRC) $(KUSTOMIZEOUT): $(SRC)
@mkdir -p $(dir $(KUSTOMIZEOUTALL))
@mkdir -p $(dir $(KUSTOMIZEOUT)) @mkdir -p $(dir $(KUSTOMIZEOUT))
$(KUSTOMIZE) build $(KUSTOMIZEFLAGS) $(KUSTOMIZEDIRALL) >$(KUSTOMIZEOUTALL) || (rm $(KUSTOMIZEOUTALL); exit 1)
$(KUSTOMIZE) build $(KUSTOMIZEFLAGS) $(KUSTOMIZEDIR) >$(KUSTOMIZEOUT) || (rm $(KUSTOMIZEOUT); exit 1) $(KUSTOMIZE) build $(KUSTOMIZEFLAGS) $(KUSTOMIZEDIR) >$(KUSTOMIZEOUT) || (rm $(KUSTOMIZEOUT); exit 1)
diff: $(KUSTOMIZEOUT) diff: $(KUSTOMIZEOUT)

41
docker-compose.yml
View File

@ -1,39 +1,50 @@
version: '3' version: '3'
services: services:
# startup:
# image: bash:5
# command: -xe /host/startup.sh
# volumes:
# - manifests:/manifests
# - .:/host:ro
server: server:
image: "rancher/k3s" image: rancher/k3s
restart: always restart: always
command: server --disable traefik --disable local-storage --kubelet-arg authentication-token-webhook --kubelet-arg authorization-mode=Webhook command: server --disable traefik --disable local-storage --kubelet-arg authentication-token-webhook --kubelet-arg authorization-mode=Webhook
tmpfs: tmpfs:
- /run - /run
- /var/run - /var/run
privileged: true privileged: true
environment: environment:
- K3S_CLUSTER_SECRET=${K3S_CLUSTER_SECRET:-replaceme} - K3S_CLUSTER_SECRET=${K3S_CLUSTER_SECRET:-replaceme}
- K3S_KUBECONFIG_OUTPUT=/host/kubectl/kubeconfig.yaml - K3S_KUBECONFIG_OUTPUT=/host/kubectl/kubeconfig.yaml
- K3S_KUBECONFIG_MODE=666 - K3S_KUBECONFIG_MODE=666
volumes: volumes:
- k3s_data:/var/lib/rancher/k3s - k3s_data:/var/lib/rancher/k3s
- nfs_data:/srv/nfs - nfs_data:/srv/nfs
- .:/host - manifests:/var/lib/rancher/k3s/server/manifests/manifests:ro
- .:/host
ports: ports:
- 80:30080 - 80:30080
- 443:30443 - 443:30443
- 6443:6443 - 6443:6443
agent: agent:
image: "rancher/k3s" image: rancher/k3s
restart: always restart: always
command: agent --kubelet-arg authentication-token-webhook --kubelet-arg authorization-mode=Webhook command: agent --kubelet-arg authentication-token-webhook --kubelet-arg authorization-mode=Webhook
tmpfs: tmpfs:
- /run - /run
- /var/run - /var/run
privileged: true privileged: true
environment: environment:
- K3S_URL=https://server:6443 - K3S_URL=https://server:6443
- K3S_CLUSTER_SECRET=${K3S_CLUSTER_SECRET:-replaceme} - K3S_CLUSTER_SECRET=${K3S_CLUSTER_SECRET:-replaceme}
volumes: volumes:
- nfs_data:/srv/nfs - nfs_data:/srv/nfs
volumes: volumes:
k3s_data: k3s_data:
nfs_data: nfs_data:
manifests:
driver_opts:
type: tmpfs
device: tmpfs

2
kustomize/base/gitea/drone-runner-deployment.yaml
View File

@ -1,7 +1,7 @@
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: drone-runner-deployment name: drone-runner
labels: labels:
app: drone app: drone
component: runner component: runner

4
kustomize/base/gitea/drone-server-deployment.yaml
View File

@ -1,7 +1,7 @@
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: drone-server-deployment name: drone-server
labels: labels:
app: drone app: drone
component: server component: server
@ -62,7 +62,7 @@ spec:
apiVersion: networking.k8s.io/v1beta1 apiVersion: networking.k8s.io/v1beta1
kind: Ingress kind: Ingress
metadata: metadata:
name: drone-ingress name: drone
labels: labels:
app: drone app: drone
annotations: annotations:

4
kustomize/base/gitea/gitea-deployment.yaml
View File

@ -1,7 +1,7 @@
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: gitea-deployment name: gitea
labels: labels:
app: gitea app: gitea
spec: spec:
@ -113,7 +113,7 @@ spec:
apiVersion: networking.k8s.io/v1beta1 apiVersion: networking.k8s.io/v1beta1
kind: Ingress kind: Ingress
metadata: metadata:
name: gitea-ingress name: gitea
labels: labels:
app: gitea app: gitea
annotations: annotations:

4
kustomize/base/gitea/kustomization.yaml
View File

@ -32,13 +32,13 @@ vars:
objref: objref:
apiVersion: networking.k8s.io/v1beta1 apiVersion: networking.k8s.io/v1beta1
kind: Ingress kind: Ingress
name: gitea-ingress name: gitea
fieldref: fieldref:
fieldpath: spec.rules[0].host fieldpath: spec.rules[0].host
- name: DRONE_EXTERNAL_HOST - name: DRONE_EXTERNAL_HOST
objref: objref:
apiVersion: networking.k8s.io/v1beta1 apiVersion: networking.k8s.io/v1beta1
kind: Ingress kind: Ingress
name: drone-ingress name: drone
fieldref: fieldref:
fieldpath: spec.rules[0].host fieldpath: spec.rules[0].host

4
kustomize/base/ingress-nginx/kustomization.yaml
View File

@ -2,8 +2,8 @@ generators:
- nginx-ingress-controller.yaml - nginx-ingress-controller.yaml
patchesStrategicMerge: patchesStrategicMerge:
- nodeselector-patch.yaml - nginx-ingress-controller-nodeselector-patch.yaml
- nodeport-patch.yaml - nginx-ingress-controller-nodeport-patch.yaml
namespace: ingress-nginx namespace: ingress-nginx

0
kustomize/base/ingress-nginx/nodeport-patch.yaml → kustomize/base/ingress-nginx/nginx-ingress-controller-nodeport-patch.yaml
View File

0
kustomize/base/ingress-nginx/nodeselector-patch.yaml → kustomize/base/ingress-nginx/nginx-ingress-controller-nodeselector-patch.yaml
View File

0
kustomize/base/kubernetes-dashboard/admin-user.yaml → kustomize/base/kubernetes-dashboard/kubernetes-dashboard-admin-user.yaml
View File

2
kustomize/base/kubernetes-dashboard/ingress.yaml → kustomize/base/kubernetes-dashboard/kubernetes-dashboard-ingress.yaml
View File

@ -1,7 +1,7 @@
apiVersion: networking.k8s.io/v1beta1 apiVersion: networking.k8s.io/v1beta1
kind: Ingress kind: Ingress
metadata: metadata:
name: kubernetes-dashboard-ingress name: kubernetes-dashboard
labels: labels:
app: kubernetes-dashboard app: kubernetes-dashboard
annotations: annotations:

4
kustomize/base/kubernetes-dashboard/kustomization.yaml
View File

@ -1,6 +1,6 @@
resources: resources:
- admin-user.yaml - kubernetes-dashboard-admin-user.yaml
- ingress.yaml - kubernetes-dashboard-ingress.yaml
generators: generators:
- kubernetes-dashboard.yaml - kubernetes-dashboard.yaml

2
kustomize/base/mariadb/mariadb-statefulset.yaml
View File

@ -1,7 +1,7 @@
apiVersion: apps/v1 apiVersion: apps/v1
kind: StatefulSet kind: StatefulSet
metadata: metadata:
name: mariadb-statefulset name: mariadb
spec: spec:
selector: selector:
matchLabels: matchLabels:

4
kustomize/base/monitoring/grafana/grafana-deployment.yaml
View File

@ -1,7 +1,7 @@
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: grafana-deployment name: grafana
spec: spec:
selector: selector:
matchLabels: matchLabels:
@ -65,7 +65,7 @@ spec:
apiVersion: networking.k8s.io/v1beta1 apiVersion: networking.k8s.io/v1beta1
kind: Ingress kind: Ingress
metadata: metadata:
name: grafana-ingress name: grafana
annotations: annotations:
nginx.ingress.kubernetes.io/rewrite-target: / nginx.ingress.kubernetes.io/rewrite-target: /
cert-manager.io/cluster-issuer: letsencrypt cert-manager.io/cluster-issuer: letsencrypt

2
kustomize/base/monitoring/prometheus/prometheus-crd.yaml
View File

@ -32,7 +32,7 @@ spec:
apiVersion: networking.k8s.io/v1beta1 apiVersion: networking.k8s.io/v1beta1
kind: Ingress kind: Ingress
metadata: metadata:
name: prometheus-ingress name: prometheus
annotations: annotations:
nginx.ingress.kubernetes.io/rewrite-target: / nginx.ingress.kubernetes.io/rewrite-target: /
cert-manager.io/cluster-issuer: letsencrypt cert-manager.io/cluster-issuer: letsencrypt

4
kustomize/base/nextcloud/nextcloud-deployment.yaml
View File

@ -1,7 +1,7 @@
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: nextcloud-deployment name: nextcloud
labels: labels:
app: nextcloud app: nextcloud
spec: spec:
@ -78,7 +78,7 @@ spec:
apiVersion: networking.k8s.io/v1beta1 apiVersion: networking.k8s.io/v1beta1
kind: Ingress kind: Ingress
metadata: metadata:
name: nextcloud-ingress name: nextcloud
labels: labels:
app: nextcloud app: nextcloud
annotations: annotations:

4
kustomize/base/nfs-provisionner/kustomization.yaml
View File

@ -1,5 +1,5 @@
resources: resources:
- storageclass.yaml - nfs-provisionner-storageclass.yaml
generators: generators:
- nfs-provisionner.yaml - nfs-provisionner.yaml
@ -7,4 +7,4 @@ generators:
namespace: kube-system namespace: kube-system
patchesStrategicMerge: patchesStrategicMerge:
- deployment-patch.yaml - nfs-provisionner-deployment-patch.yaml

0
kustomize/base/nfs-provisionner/deployment-patch.yaml → kustomize/base/nfs-provisionner/nfs-provisionner-deployment-patch.yaml
View File

0
kustomize/base/nfs-provisionner/storageclass.yaml → kustomize/base/nfs-provisionner/nfs-provisionner-storageclass.yaml
View File

8
kustomize/environment/all/kustomization.yaml Normal file
View File

@ -0,0 +1,8 @@
bases:
- ../../base/nfs-provisionner
- ../../base/ingress-nginx
- ../../base/cert-manager
# allow "kubectl apply -l managed-by=k3s --prune ..."
commonlabels:
managed-by: k3s

15
kustomize/environment/dev/kustomization.yaml
View File

@ -1,7 +1,4 @@
bases: bases:
- ../../base/nfs-provisionner
- ../../base/ingress-nginx
- ../../base/cert-manager
- ../../base/kubernetes-dashboard - ../../base/kubernetes-dashboard
- ../../base/gitea - ../../base/gitea
- ../../base/nextcloud - ../../base/nextcloud
@ -30,7 +27,7 @@ patchesJson6902:
group: networking.k8s.io group: networking.k8s.io
version: v1beta1 version: v1beta1
kind: Ingress kind: Ingress
name: kubernetes-dashboard-ingress name: kubernetes-dashboard
patch: |- patch: |-
- op: replace - op: replace
path: /spec/tls/0/hosts/0 path: /spec/tls/0/hosts/0
@ -40,7 +37,7 @@ patchesJson6902:
value: kubernetes-dashboard.staging.badjware.dev value: kubernetes-dashboard.staging.badjware.dev
- target: - target:
<<: *ingress_target <<: *ingress_target
name: prometheus-ingress name: prometheus
patch: |- patch: |-
- op: replace - op: replace
path: /spec/tls/0/hosts/0 path: /spec/tls/0/hosts/0
@ -50,7 +47,7 @@ patchesJson6902:
value: prometheus.staging.badjware.dev value: prometheus.staging.badjware.dev
- target: - target:
<<: *ingress_target <<: *ingress_target
name: grafana-ingress name: grafana
patch: |- patch: |-
- op: replace - op: replace
path: /spec/tls/0/hosts/0 path: /spec/tls/0/hosts/0
@ -60,7 +57,7 @@ patchesJson6902:
value: grafana.staging.badjware.dev value: grafana.staging.badjware.dev
- target: - target:
<<: *ingress_target <<: *ingress_target
name: nextcloud-ingress name: nextcloud
patch: |- patch: |-
- op: replace - op: replace
path: /spec/tls/0/hosts/0 path: /spec/tls/0/hosts/0
@ -70,7 +67,7 @@ patchesJson6902:
value: nextcloud.staging.badjware.dev value: nextcloud.staging.badjware.dev
- target: - target:
<<: *ingress_target <<: *ingress_target
name: gitea-ingress name: gitea
patch: |- patch: |-
- op: replace - op: replace
path: /spec/tls/0/hosts/0 path: /spec/tls/0/hosts/0
@ -80,7 +77,7 @@ patchesJson6902:
value: gitea.staging.badjware.dev value: gitea.staging.badjware.dev
- target: - target:
<<: *ingress_target <<: *ingress_target
name: drone-ingress name: drone
patch: |- patch: |-
- op: replace - op: replace
path: /spec/tls/0/hosts/0 path: /spec/tls/0/hosts/0

25
kustomize/environment/prod/cert-manager/clusterissuer.yaml Normal file
View File

@ -0,0 +1,25 @@
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
name: letsencrypt
namespace: cert-manager
spec:
acme:
# You must replace this email address with your own.
# Let's Encrypt will use this to contact you about expiring
# certificates, and issues related to your account.
email: marchambault@badjware.dev
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
# Secret resource that will be used to store the account's private key.
name: letsencrypt-cert
solvers:
- selector:
dnsZones:
- badjware.dev
dns01:
cnameStrategy: Follow
digitalocean:
tokenSecretRef:
name: digitalocean-api-key
key: access-token

6
kustomize/environment/prod/cert-manager/kustomizeconfig.yaml Normal file
View File

@ -0,0 +1,6 @@
nameReference:
- version: v1
kind: Secret
fieldSpecs:
- kind: ClusterIssuer
path: spec/acme/solvers/dns01/digitalocean/tokenSecretRef/name

2
startup.sh Executable file
View File

@ -0,0 +1,2 @@
#/bin/bash
cp /host/build/all/* /manifests