From 7aa58298e168eb35d95539793091bf408229f361 Mon Sep 17 00:00:00 2001 From: Massaki Archambault Date: Sat, 1 Aug 2020 23:40:27 -0400 Subject: [PATCH] use placeholder to manage hosts --- .../bases/gitea/drone-server-deployment.yaml | 4 +- kustomize/bases/gitea/gitea-deployment.yaml | 27 +---------- kustomize/bases/gitea/ingress.yaml | 22 +++++++++ kustomize/bases/gitea/kustomization.yaml | 17 +------ .../bases/grafana/grafana-deployment.yaml | 25 +---------- kustomize/bases/grafana/ingress.yaml | 22 +++++++++ kustomize/bases/grafana/kustomization.yaml | 1 + ...es-dashboard-ingress.yaml => ingress.yaml} | 4 +- .../kubernetes-dashboard/kustomization.yaml | 5 +-- kustomize/bases/monitoring/kustomization.yaml | 10 ----- kustomize/bases/monitoring/namespace.yaml | 4 -- kustomize/bases/nextcloud/ingress.yaml | 22 +++++++++ kustomize/bases/nextcloud/kustomization.yaml | 4 +- .../bases/nextcloud/nextcloud-deployment.yaml | 25 +---------- .../dev-auto-deploy/kustomization.yaml | 2 +- kustomize/overlays/dev/kustomization.yaml | 45 +------------------ kustomize/overlays/dev/placeholders.txt | 5 +++ kustomize/overlays/dev/placeholders.yaml | 5 +++ kustomize/overlays/dev/ssm-secrets.yaml | 4 +- 19 files changed, 93 insertions(+), 160 deletions(-) create mode 100644 kustomize/bases/gitea/ingress.yaml create mode 100644 kustomize/bases/grafana/ingress.yaml rename kustomize/bases/kubernetes-dashboard/{kubernetes-dashboard-ingress.yaml => ingress.yaml} (79%) delete mode 100644 kustomize/bases/monitoring/kustomization.yaml delete mode 100644 kustomize/bases/monitoring/namespace.yaml create mode 100644 kustomize/bases/nextcloud/ingress.yaml create mode 100644 kustomize/overlays/dev/placeholders.txt create mode 100644 kustomize/overlays/dev/placeholders.yaml diff --git a/kustomize/bases/gitea/drone-server-deployment.yaml b/kustomize/bases/gitea/drone-server-deployment.yaml index 6104689..da7f9c1 100644 --- a/kustomize/bases/gitea/drone-server-deployment.yaml +++ b/kustomize/bases/gitea/drone-server-deployment.yaml @@ -21,9 +21,9 @@ spec: image: drone/drone:1.7.0 env: - name: DRONE_SERVER_HOST - value: $(DRONE_EXTERNAL_HOST) + value: ${DRONE_EXTERNAL_HOST} - name: DRONE_GITEA_SERVER - value: https://$(GITEA_EXTERNAL_HOST) + value: https://${GITEA_EXTERNAL_HOST} - name: DRONE_GITEA_CLIENT_ID valueFrom: secretKeyRef: diff --git a/kustomize/bases/gitea/gitea-deployment.yaml b/kustomize/bases/gitea/gitea-deployment.yaml index 8071034..e5f6b6e 100644 --- a/kustomize/bases/gitea/gitea-deployment.yaml +++ b/kustomize/bases/gitea/gitea-deployment.yaml @@ -26,9 +26,9 @@ spec: - name: RUN_MODE value: prod - name: ROOT_URL - value: https://$(GITEA_EXTERNAL_HOST) + value: https://${GITEA_EXTERNAL_HOST} - name: SSH_DOMAIN - value: $(GITEA_EXTERNAL_HOST) + value: ${GITEA_EXTERNAL_HOST} - name: DB_TYPE value: mysql - name: DB_HOST @@ -109,26 +109,3 @@ spec: protocol: TCP port: 22 targetPort: ssh ---- -apiVersion: networking.k8s.io/v1beta1 -kind: Ingress -metadata: - name: gitea - labels: - app: gitea - annotations: - nginx.ingress.kubernetes.io/rewrite-target: / - cert-manager.io/cluster-issuer: letsencrypt -spec: - tls: - - hosts: - - gitea.127.0.0.1.nip.io - secretName: letsencrypt-cert - rules: - - host: gitea.127.0.0.1.nip.io - http: - paths: - - path: / - backend: - serviceName: gitea-http - servicePort: http \ No newline at end of file diff --git a/kustomize/bases/gitea/ingress.yaml b/kustomize/bases/gitea/ingress.yaml new file mode 100644 index 0000000..5eabee4 --- /dev/null +++ b/kustomize/bases/gitea/ingress.yaml @@ -0,0 +1,22 @@ +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: gitea + labels: + app: gitea + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / + cert-manager.io/cluster-issuer: letsencrypt +spec: + tls: + - hosts: + - ${GITEA_EXTERNAL_HOST} + secretName: letsencrypt-cert + rules: + - host: ${GITEA_EXTERNAL_HOST} + http: + paths: + - path: / + backend: + serviceName: gitea-http + servicePort: http \ No newline at end of file diff --git a/kustomize/bases/gitea/kustomization.yaml b/kustomize/bases/gitea/kustomization.yaml index 5d0e8c0..2879b94 100644 --- a/kustomize/bases/gitea/kustomization.yaml +++ b/kustomize/bases/gitea/kustomization.yaml @@ -2,6 +2,7 @@ resources: - gitea-deployment.yaml - drone-server-deployment.yaml - drone-runner-deployment.yaml + - ingress.yaml secretGenerator: - name: mariadb-credentials-secret @@ -20,19 +21,3 @@ secretGenerator: literals: - client_id=replaceme - client_secret=replaceme - -vars: - - name: GITEA_EXTERNAL_HOST - objref: - apiVersion: networking.k8s.io/v1beta1 - kind: Ingress - name: gitea - fieldref: - fieldpath: spec.rules[0].host - - name: DRONE_EXTERNAL_HOST - objref: - apiVersion: networking.k8s.io/v1beta1 - kind: Ingress - name: drone - fieldref: - fieldpath: spec.rules[0].host \ No newline at end of file diff --git a/kustomize/bases/grafana/grafana-deployment.yaml b/kustomize/bases/grafana/grafana-deployment.yaml index f71e012..8bce1ef 100644 --- a/kustomize/bases/grafana/grafana-deployment.yaml +++ b/kustomize/bases/grafana/grafana-deployment.yaml @@ -65,27 +65,4 @@ spec: - name: http protocol: TCP port: 3000 - targetPort: http ---- -apiVersion: networking.k8s.io/v1beta1 -kind: Ingress -metadata: - name: grafana - labels: - app: grafana - annotations: - nginx.ingress.kubernetes.io/rewrite-target: / - cert-manager.io/cluster-issuer: letsencrypt -spec: - tls: - - hosts: - - grafana.127.0.0.1.nip.io - secretName: letsencrypt-cert - rules: - - host: grafana.127.0.0.1.nip.io - http: - paths: - - path: / - backend: - serviceName: grafana - servicePort: http \ No newline at end of file + targetPort: http \ No newline at end of file diff --git a/kustomize/bases/grafana/ingress.yaml b/kustomize/bases/grafana/ingress.yaml new file mode 100644 index 0000000..f259f9d --- /dev/null +++ b/kustomize/bases/grafana/ingress.yaml @@ -0,0 +1,22 @@ +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: grafana + labels: + app: grafana + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / + cert-manager.io/cluster-issuer: letsencrypt +spec: + tls: + - hosts: + - ${GRAFANA_EXTERNAL_HOST} + secretName: letsencrypt-cert + rules: + - host: ${GRAFANA_EXTERNAL_HOST} + http: + paths: + - path: / + backend: + serviceName: grafana + servicePort: http \ No newline at end of file diff --git a/kustomize/bases/grafana/kustomization.yaml b/kustomize/bases/grafana/kustomization.yaml index b19d2af..e65e400 100644 --- a/kustomize/bases/grafana/kustomization.yaml +++ b/kustomize/bases/grafana/kustomization.yaml @@ -1,5 +1,6 @@ resources: - grafana-deployment.yaml + - ingress.yaml configMapGenerator: - name: grafana-datasources diff --git a/kustomize/bases/kubernetes-dashboard/kubernetes-dashboard-ingress.yaml b/kustomize/bases/kubernetes-dashboard/ingress.yaml similarity index 79% rename from kustomize/bases/kubernetes-dashboard/kubernetes-dashboard-ingress.yaml rename to kustomize/bases/kubernetes-dashboard/ingress.yaml index 50929fa..587545f 100644 --- a/kustomize/bases/kubernetes-dashboard/kubernetes-dashboard-ingress.yaml +++ b/kustomize/bases/kubernetes-dashboard/ingress.yaml @@ -11,10 +11,10 @@ metadata: spec: tls: - hosts: - - kubernetes-dashboard.127.0.0.1.nip.io + - ${KUBERNETES_DASHBOARD_EXTERNAL_HOST} secretName: letsencrypt-cert rules: - - host: kubernetes-dashboard.127.0.0.1.nip.io + - host: ${KUBERNETES_DASHBOARD_EXTERNAL_HOST} http: paths: - path: / diff --git a/kustomize/bases/kubernetes-dashboard/kustomization.yaml b/kustomize/bases/kubernetes-dashboard/kustomization.yaml index f7709fc..1db9fd6 100644 --- a/kustomize/bases/kubernetes-dashboard/kustomization.yaml +++ b/kustomize/bases/kubernetes-dashboard/kustomization.yaml @@ -1,11 +1,8 @@ resources: - kubernetes-dashboard-admin-user.yaml - - kubernetes-dashboard-ingress.yaml + - ingress.yaml generators: - kubernetes-dashboard.yaml namespace: kubernetes-dashboard - -commonlabels: - app: kubernetes-dashboard \ No newline at end of file diff --git a/kustomize/bases/monitoring/kustomization.yaml b/kustomize/bases/monitoring/kustomization.yaml deleted file mode 100644 index 300ae7a..0000000 --- a/kustomize/bases/monitoring/kustomization.yaml +++ /dev/null @@ -1,10 +0,0 @@ -bases: - - kube-state-metrics - - node-exporter - - prometheus - - prometheus-operator - -resources: - - namespace.yaml - -namespace: monitoring \ No newline at end of file diff --git a/kustomize/bases/monitoring/namespace.yaml b/kustomize/bases/monitoring/namespace.yaml deleted file mode 100644 index 3335b6a..0000000 --- a/kustomize/bases/monitoring/namespace.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: monitoring \ No newline at end of file diff --git a/kustomize/bases/nextcloud/ingress.yaml b/kustomize/bases/nextcloud/ingress.yaml new file mode 100644 index 0000000..9f164d8 --- /dev/null +++ b/kustomize/bases/nextcloud/ingress.yaml @@ -0,0 +1,22 @@ +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: nextcloud + labels: + app: nextcloud + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / + cert-manager.io/cluster-issuer: letsencrypt +spec: + tls: + - hosts: + - ${NEXTCLOUD_EXTERNAL_HOST} + secretName: letsencrypt-cert + rules: + - host: ${NEXTCLOUD_EXTERNAL_HOST} + http: + paths: + - path: / + backend: + serviceName: nextcloud + servicePort: http \ No newline at end of file diff --git a/kustomize/bases/nextcloud/kustomization.yaml b/kustomize/bases/nextcloud/kustomization.yaml index 216aa74..510b389 100644 --- a/kustomize/bases/nextcloud/kustomization.yaml +++ b/kustomize/bases/nextcloud/kustomization.yaml @@ -1,6 +1,7 @@ resources: - nextcloud-deployment.yaml - nextcloud-cronjob.yaml + - ingress.yaml secretGenerator: - name: mariadb-credentials-secret @@ -10,6 +11,3 @@ secretGenerator: - database=nextcloud - username=nextcloud - password=replaceme - -commonlabels: - app: nextcloud \ No newline at end of file diff --git a/kustomize/bases/nextcloud/nextcloud-deployment.yaml b/kustomize/bases/nextcloud/nextcloud-deployment.yaml index 8c2927b..658e723 100644 --- a/kustomize/bases/nextcloud/nextcloud-deployment.yaml +++ b/kustomize/bases/nextcloud/nextcloud-deployment.yaml @@ -73,27 +73,4 @@ spec: - name: http protocol: TCP port: 80 - targetPort: http ---- -apiVersion: networking.k8s.io/v1beta1 -kind: Ingress -metadata: - name: nextcloud - labels: - app: nextcloud - annotations: - nginx.ingress.kubernetes.io/rewrite-target: / - cert-manager.io/cluster-issuer: letsencrypt -spec: - tls: - - hosts: - - nextcloud.127.0.0.1.nip.io - secretName: letsencrypt-cert - rules: - - host: nextcloud.127.0.0.1.nip.io - http: - paths: - - path: / - backend: - serviceName: nextcloud - servicePort: http \ No newline at end of file + targetPort: http \ No newline at end of file diff --git a/kustomize/overlays/dev-auto-deploy/kustomization.yaml b/kustomize/overlays/dev-auto-deploy/kustomization.yaml index db42d52..8b703f1 100644 --- a/kustomize/overlays/dev-auto-deploy/kustomization.yaml +++ b/kustomize/overlays/dev-auto-deploy/kustomization.yaml @@ -2,6 +2,6 @@ bases: - ../../namespaces/cert-manager - ../../namespaces/ingress-nginx -# allow "kubectl apply -l managed-by=k3s --prune ..." +# allow "kubectl apply -l managed-by=auto-deploy --prune ..." commonlabels: managed-by: auto-deploy diff --git a/kustomize/overlays/dev/kustomization.yaml b/kustomize/overlays/dev/kustomization.yaml index c302b62..d650bfc 100644 --- a/kustomize/overlays/dev/kustomization.yaml +++ b/kustomize/overlays/dev/kustomization.yaml @@ -21,55 +21,12 @@ secretGenerator: # - client_id=749cde98-9b3b-4e19-8933-2937e12625f2 # - client_secret=12wTErChjQQW3CGEzbDMiSxEt08i-abeB0pbRbXEKKg= -patchesJson6902: - - target: &ingress_target - group: networking.k8s.io - version: v1beta1 - kind: Ingress - name: gitea - patch: |- - - op: replace - path: /spec/tls/0/hosts/0 - value: gitea.staging.badjware.dev - - op: replace - path: /spec/rules/0/host - value: gitea.staging.badjware.dev - - target: - <<: *ingress_target - name: grafana - patch: |- - - op: replace - path: /spec/tls/0/hosts/0 - value: grafana.staging.badjware.dev - - op: replace - path: /spec/rules/0/host - value: grafana.staging.badjware.dev - - target: - <<: *ingress_target - name: nextcloud - patch: |- - - op: replace - path: /spec/tls/0/hosts/0 - value: nextcloud.staging.badjware.dev - - op: replace - path: /spec/rules/0/host - value: nextcloud.staging.badjware.dev - - target: - <<: *ingress_target - name: drone - patch: |- - - op: replace - path: /spec/tls/0/hosts/0 - value: drone.staging.badjware.dev - - op: replace - path: /spec/rules/0/host - value: drone.staging.badjware.dev - # allow "kubectl apply -l managed-by=kustomize --prune ..." commonlabels: managed-by: kustomize transformers: + - placeholders.yaml - ssm-secrets.yaml configurations: diff --git a/kustomize/overlays/dev/placeholders.txt b/kustomize/overlays/dev/placeholders.txt new file mode 100644 index 0000000..2cb8da5 --- /dev/null +++ b/kustomize/overlays/dev/placeholders.txt @@ -0,0 +1,5 @@ +DRONE_EXTERNAL_HOST=drone.localhost +GITEA_EXTERNAL_HOST=gitea.localhost +GRAFANA_EXTERNAL_HOST=grafana.localhost +KUBERNETES_DASHBOARD_EXTERNAL_HOST=kubernetes-dashboard.localhost +NEXTCLOUD_EXTERNAL_HOST=nextcloud.localhost diff --git a/kustomize/overlays/dev/placeholders.yaml b/kustomize/overlays/dev/placeholders.yaml new file mode 100644 index 0000000..e3e18dd --- /dev/null +++ b/kustomize/overlays/dev/placeholders.yaml @@ -0,0 +1,5 @@ +apiVersion: badjware/v1 +kind: PlaceholderTransformer +metadata: + name: placeholders +placeholdersFile: placeholders.txt \ No newline at end of file diff --git a/kustomize/overlays/dev/ssm-secrets.yaml b/kustomize/overlays/dev/ssm-secrets.yaml index 00c605e..cc35d89 100644 --- a/kustomize/overlays/dev/ssm-secrets.yaml +++ b/kustomize/overlays/dev/ssm-secrets.yaml @@ -1,4 +1,6 @@ apiVersion: badjware/v1 kind: SSMParameterPlaceholderTransformer metadata: - name: ssm-parameter \ No newline at end of file + name: ssm-parameter +resourceSelectors: + - kind: Secret \ No newline at end of file