1
0
Fork 0

use placeholder to manage hosts

This commit is contained in:
Massaki Archambault 2020-08-01 23:40:27 -04:00
parent a3938f492b
commit 7aa58298e1
19 changed files with 93 additions and 160 deletions

View File

@ -21,9 +21,9 @@ spec:
image: drone/drone:1.7.0 image: drone/drone:1.7.0
env: env:
- name: DRONE_SERVER_HOST - name: DRONE_SERVER_HOST
value: $(DRONE_EXTERNAL_HOST) value: ${DRONE_EXTERNAL_HOST}
- name: DRONE_GITEA_SERVER - name: DRONE_GITEA_SERVER
value: https://$(GITEA_EXTERNAL_HOST) value: https://${GITEA_EXTERNAL_HOST}
- name: DRONE_GITEA_CLIENT_ID - name: DRONE_GITEA_CLIENT_ID
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:

View File

@ -26,9 +26,9 @@ spec:
- name: RUN_MODE - name: RUN_MODE
value: prod value: prod
- name: ROOT_URL - name: ROOT_URL
value: https://$(GITEA_EXTERNAL_HOST) value: https://${GITEA_EXTERNAL_HOST}
- name: SSH_DOMAIN - name: SSH_DOMAIN
value: $(GITEA_EXTERNAL_HOST) value: ${GITEA_EXTERNAL_HOST}
- name: DB_TYPE - name: DB_TYPE
value: mysql value: mysql
- name: DB_HOST - name: DB_HOST
@ -109,26 +109,3 @@ spec:
protocol: TCP protocol: TCP
port: 22 port: 22
targetPort: ssh targetPort: ssh
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: gitea
labels:
app: gitea
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
cert-manager.io/cluster-issuer: letsencrypt
spec:
tls:
- hosts:
- gitea.127.0.0.1.nip.io
secretName: letsencrypt-cert
rules:
- host: gitea.127.0.0.1.nip.io
http:
paths:
- path: /
backend:
serviceName: gitea-http
servicePort: http

View File

@ -0,0 +1,22 @@
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: gitea
labels:
app: gitea
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
cert-manager.io/cluster-issuer: letsencrypt
spec:
tls:
- hosts:
- ${GITEA_EXTERNAL_HOST}
secretName: letsencrypt-cert
rules:
- host: ${GITEA_EXTERNAL_HOST}
http:
paths:
- path: /
backend:
serviceName: gitea-http
servicePort: http

View File

@ -2,6 +2,7 @@ resources:
- gitea-deployment.yaml - gitea-deployment.yaml
- drone-server-deployment.yaml - drone-server-deployment.yaml
- drone-runner-deployment.yaml - drone-runner-deployment.yaml
- ingress.yaml
secretGenerator: secretGenerator:
- name: mariadb-credentials-secret - name: mariadb-credentials-secret
@ -20,19 +21,3 @@ secretGenerator:
literals: literals:
- client_id=replaceme - client_id=replaceme
- client_secret=replaceme - client_secret=replaceme
vars:
- name: GITEA_EXTERNAL_HOST
objref:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
name: gitea
fieldref:
fieldpath: spec.rules[0].host
- name: DRONE_EXTERNAL_HOST
objref:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
name: drone
fieldref:
fieldpath: spec.rules[0].host

View File

@ -65,27 +65,4 @@ spec:
- name: http - name: http
protocol: TCP protocol: TCP
port: 3000 port: 3000
targetPort: http targetPort: http
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: grafana
labels:
app: grafana
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
cert-manager.io/cluster-issuer: letsencrypt
spec:
tls:
- hosts:
- grafana.127.0.0.1.nip.io
secretName: letsencrypt-cert
rules:
- host: grafana.127.0.0.1.nip.io
http:
paths:
- path: /
backend:
serviceName: grafana
servicePort: http

View File

@ -0,0 +1,22 @@
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: grafana
labels:
app: grafana
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
cert-manager.io/cluster-issuer: letsencrypt
spec:
tls:
- hosts:
- ${GRAFANA_EXTERNAL_HOST}
secretName: letsencrypt-cert
rules:
- host: ${GRAFANA_EXTERNAL_HOST}
http:
paths:
- path: /
backend:
serviceName: grafana
servicePort: http

View File

@ -1,5 +1,6 @@
resources: resources:
- grafana-deployment.yaml - grafana-deployment.yaml
- ingress.yaml
configMapGenerator: configMapGenerator:
- name: grafana-datasources - name: grafana-datasources

View File

@ -11,10 +11,10 @@ metadata:
spec: spec:
tls: tls:
- hosts: - hosts:
- kubernetes-dashboard.127.0.0.1.nip.io - ${KUBERNETES_DASHBOARD_EXTERNAL_HOST}
secretName: letsencrypt-cert secretName: letsencrypt-cert
rules: rules:
- host: kubernetes-dashboard.127.0.0.1.nip.io - host: ${KUBERNETES_DASHBOARD_EXTERNAL_HOST}
http: http:
paths: paths:
- path: / - path: /

View File

@ -1,11 +1,8 @@
resources: resources:
- kubernetes-dashboard-admin-user.yaml - kubernetes-dashboard-admin-user.yaml
- kubernetes-dashboard-ingress.yaml - ingress.yaml
generators: generators:
- kubernetes-dashboard.yaml - kubernetes-dashboard.yaml
namespace: kubernetes-dashboard namespace: kubernetes-dashboard
commonlabels:
app: kubernetes-dashboard

View File

@ -1,10 +0,0 @@
bases:
- kube-state-metrics
- node-exporter
- prometheus
- prometheus-operator
resources:
- namespace.yaml
namespace: monitoring

View File

@ -1,4 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: monitoring

View File

@ -0,0 +1,22 @@
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: nextcloud
labels:
app: nextcloud
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
cert-manager.io/cluster-issuer: letsencrypt
spec:
tls:
- hosts:
- ${NEXTCLOUD_EXTERNAL_HOST}
secretName: letsencrypt-cert
rules:
- host: ${NEXTCLOUD_EXTERNAL_HOST}
http:
paths:
- path: /
backend:
serviceName: nextcloud
servicePort: http

View File

@ -1,6 +1,7 @@
resources: resources:
- nextcloud-deployment.yaml - nextcloud-deployment.yaml
- nextcloud-cronjob.yaml - nextcloud-cronjob.yaml
- ingress.yaml
secretGenerator: secretGenerator:
- name: mariadb-credentials-secret - name: mariadb-credentials-secret
@ -10,6 +11,3 @@ secretGenerator:
- database=nextcloud - database=nextcloud
- username=nextcloud - username=nextcloud
- password=replaceme - password=replaceme
commonlabels:
app: nextcloud

View File

@ -73,27 +73,4 @@ spec:
- name: http - name: http
protocol: TCP protocol: TCP
port: 80 port: 80
targetPort: http targetPort: http
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: nextcloud
labels:
app: nextcloud
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
cert-manager.io/cluster-issuer: letsencrypt
spec:
tls:
- hosts:
- nextcloud.127.0.0.1.nip.io
secretName: letsencrypt-cert
rules:
- host: nextcloud.127.0.0.1.nip.io
http:
paths:
- path: /
backend:
serviceName: nextcloud
servicePort: http

View File

@ -2,6 +2,6 @@ bases:
- ../../namespaces/cert-manager - ../../namespaces/cert-manager
- ../../namespaces/ingress-nginx - ../../namespaces/ingress-nginx
# allow "kubectl apply -l managed-by=k3s --prune ..." # allow "kubectl apply -l managed-by=auto-deploy --prune ..."
commonlabels: commonlabels:
managed-by: auto-deploy managed-by: auto-deploy

View File

@ -21,55 +21,12 @@ secretGenerator:
# - client_id=749cde98-9b3b-4e19-8933-2937e12625f2 # - client_id=749cde98-9b3b-4e19-8933-2937e12625f2
# - client_secret=12wTErChjQQW3CGEzbDMiSxEt08i-abeB0pbRbXEKKg= # - client_secret=12wTErChjQQW3CGEzbDMiSxEt08i-abeB0pbRbXEKKg=
patchesJson6902:
- target: &ingress_target
group: networking.k8s.io
version: v1beta1
kind: Ingress
name: gitea
patch: |-
- op: replace
path: /spec/tls/0/hosts/0
value: gitea.staging.badjware.dev
- op: replace
path: /spec/rules/0/host
value: gitea.staging.badjware.dev
- target:
<<: *ingress_target
name: grafana
patch: |-
- op: replace
path: /spec/tls/0/hosts/0
value: grafana.staging.badjware.dev
- op: replace
path: /spec/rules/0/host
value: grafana.staging.badjware.dev
- target:
<<: *ingress_target
name: nextcloud
patch: |-
- op: replace
path: /spec/tls/0/hosts/0
value: nextcloud.staging.badjware.dev
- op: replace
path: /spec/rules/0/host
value: nextcloud.staging.badjware.dev
- target:
<<: *ingress_target
name: drone
patch: |-
- op: replace
path: /spec/tls/0/hosts/0
value: drone.staging.badjware.dev
- op: replace
path: /spec/rules/0/host
value: drone.staging.badjware.dev
# allow "kubectl apply -l managed-by=kustomize --prune ..." # allow "kubectl apply -l managed-by=kustomize --prune ..."
commonlabels: commonlabels:
managed-by: kustomize managed-by: kustomize
transformers: transformers:
- placeholders.yaml
- ssm-secrets.yaml - ssm-secrets.yaml
configurations: configurations:

View File

@ -0,0 +1,5 @@
DRONE_EXTERNAL_HOST=drone.localhost
GITEA_EXTERNAL_HOST=gitea.localhost
GRAFANA_EXTERNAL_HOST=grafana.localhost
KUBERNETES_DASHBOARD_EXTERNAL_HOST=kubernetes-dashboard.localhost
NEXTCLOUD_EXTERNAL_HOST=nextcloud.localhost

View File

@ -0,0 +1,5 @@
apiVersion: badjware/v1
kind: PlaceholderTransformer
metadata:
name: placeholders
placeholdersFile: placeholders.txt

View File

@ -1,4 +1,6 @@
apiVersion: badjware/v1 apiVersion: badjware/v1
kind: SSMParameterPlaceholderTransformer kind: SSMParameterPlaceholderTransformer
metadata: metadata:
name: ssm-parameter name: ssm-parameter
resourceSelectors:
- kind: Secret