use placeholder to manage hosts

kustomize/bases/gitea/drone-server-deployment.yaml

@@ -21,9 +21,9 @@ spec:
           image: drone/drone:1.7.0
           env:
             - name: DRONE_SERVER_HOST
-              value: $(DRONE_EXTERNAL_HOST)
+              value: ${DRONE_EXTERNAL_HOST}
             - name: DRONE_GITEA_SERVER
-              value: https://$(GITEA_EXTERNAL_HOST)
+              value: https://${GITEA_EXTERNAL_HOST}
             - name: DRONE_GITEA_CLIENT_ID
               valueFrom:
                 secretKeyRef:

kustomize/bases/gitea/gitea-deployment.yaml

@@ -26,9 +26,9 @@ spec:
             - name: RUN_MODE
               value: prod
             - name: ROOT_URL
-              value: https://$(GITEA_EXTERNAL_HOST)
+              value: https://${GITEA_EXTERNAL_HOST}
             - name: SSH_DOMAIN
-              value: $(GITEA_EXTERNAL_HOST)
+              value: ${GITEA_EXTERNAL_HOST}
             - name: DB_TYPE
               value: mysql
             - name: DB_HOST
@@ -109,26 +109,3 @@ spec:
       protocol: TCP
       port: 22
       targetPort: ssh
----
-apiVersion: networking.k8s.io/v1beta1
-kind: Ingress
-metadata:
-  name: gitea
-  labels:
-    app: gitea
-  annotations:
-    nginx.ingress.kubernetes.io/rewrite-target: /
-    cert-manager.io/cluster-issuer: letsencrypt
-spec:
-  tls:
-    - hosts:
-        - gitea.127.0.0.1.nip.io
-      secretName: letsencrypt-cert
-  rules:
-  - host: gitea.127.0.0.1.nip.io
-    http:
-      paths:
-      - path: /
-        backend:
-          serviceName: gitea-http
-          servicePort: http

kustomize/bases/gitea/ingress.yaml

@@ -0,0 +1,22 @@
+apiVersion: networking.k8s.io/v1beta1
+kind: Ingress
+metadata:
+  name: gitea
+  labels:
+    app: gitea
+  annotations:
+    nginx.ingress.kubernetes.io/rewrite-target: /
+    cert-manager.io/cluster-issuer: letsencrypt
+spec:
+  tls:
+    - hosts:
+        - ${GITEA_EXTERNAL_HOST}
+      secretName: letsencrypt-cert
+  rules:
+  - host: ${GITEA_EXTERNAL_HOST}
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: gitea-http
+          servicePort: http

kustomize/bases/gitea/kustomization.yaml

@@ -2,6 +2,7 @@ resources:
   - gitea-deployment.yaml
   - drone-server-deployment.yaml
   - drone-runner-deployment.yaml
+  - ingress.yaml
 
 secretGenerator:
   - name: mariadb-credentials-secret
@@ -20,19 +21,3 @@ secretGenerator:
     literals:
       - client_id=replaceme
       - client_secret=replaceme
-
-vars:
-  - name: GITEA_EXTERNAL_HOST
-    objref:
-      apiVersion: networking.k8s.io/v1beta1
-      kind: Ingress
-      name: gitea
-    fieldref:
-      fieldpath: spec.rules[0].host
-  - name: DRONE_EXTERNAL_HOST
-    objref:
-      apiVersion: networking.k8s.io/v1beta1
-      kind: Ingress
-      name: drone
-    fieldref:
-      fieldpath: spec.rules[0].host

kustomize/bases/grafana/grafana-deployment.yaml

@@ -65,27 +65,4 @@ spec:
     - name: http
       protocol: TCP
       port: 3000
-      targetPort: http
----
-apiVersion: networking.k8s.io/v1beta1
-kind: Ingress
-metadata:
-  name: grafana
-  labels:
-    app: grafana
-  annotations:
-    nginx.ingress.kubernetes.io/rewrite-target: /
-    cert-manager.io/cluster-issuer: letsencrypt
-spec:
-  tls:
-    - hosts:
-        - grafana.127.0.0.1.nip.io
-      secretName: letsencrypt-cert
-  rules:
-  - host: grafana.127.0.0.1.nip.io
-    http:
-      paths:
-      - path: /
-        backend:
-          serviceName: grafana
-          servicePort: http
+      targetPort: http

kustomize/bases/grafana/ingress.yaml

@@ -0,0 +1,22 @@
+apiVersion: networking.k8s.io/v1beta1
+kind: Ingress
+metadata:
+  name: grafana
+  labels:
+    app: grafana
+  annotations:
+    nginx.ingress.kubernetes.io/rewrite-target: /
+    cert-manager.io/cluster-issuer: letsencrypt
+spec:
+  tls:
+    - hosts:
+        - ${GRAFANA_EXTERNAL_HOST}
+      secretName: letsencrypt-cert
+  rules:
+  - host: ${GRAFANA_EXTERNAL_HOST}
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: grafana
+          servicePort: http

kustomize/bases/grafana/kustomization.yaml

@@ -1,5 +1,6 @@
 resources:
   - grafana-deployment.yaml
+  - ingress.yaml
 
 configMapGenerator:
   - name: grafana-datasources

kustomize/bases/kubernetes-dashboard/ingress.yaml

@@ -11,10 +11,10 @@ metadata:
 spec:
   tls:
     - hosts:
-        - kubernetes-dashboard.127.0.0.1.nip.io
+        - ${KUBERNETES_DASHBOARD_EXTERNAL_HOST}
       secretName: letsencrypt-cert
   rules:
-    - host: kubernetes-dashboard.127.0.0.1.nip.io
+    - host: ${KUBERNETES_DASHBOARD_EXTERNAL_HOST}
       http:
         paths:
         - path: /

kustomize/bases/kubernetes-dashboard/kustomization.yaml

@@ -1,11 +1,8 @@
 resources:
   - kubernetes-dashboard-admin-user.yaml
-  - kubernetes-dashboard-ingress.yaml
+  - ingress.yaml
 
 generators:
   - kubernetes-dashboard.yaml
 
 namespace: kubernetes-dashboard
-
-commonlabels:
-  app: kubernetes-dashboard

kustomize/bases/monitoring/kustomization.yaml

@@ -1,10 +0,0 @@
-bases:
-  - kube-state-metrics
-  - node-exporter
-  - prometheus
-  - prometheus-operator
-
-resources:
-  - namespace.yaml
-
-namespace: monitoring

kustomize/bases/monitoring/namespace.yaml

@@ -1,4 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: monitoring

kustomize/bases/nextcloud/ingress.yaml

@@ -0,0 +1,22 @@
+apiVersion: networking.k8s.io/v1beta1
+kind: Ingress
+metadata:
+  name: nextcloud
+  labels:
+    app: nextcloud
+  annotations:
+    nginx.ingress.kubernetes.io/rewrite-target: /
+    cert-manager.io/cluster-issuer: letsencrypt
+spec:
+  tls:
+    - hosts:
+        - ${NEXTCLOUD_EXTERNAL_HOST}
+      secretName: letsencrypt-cert
+  rules:
+  - host: ${NEXTCLOUD_EXTERNAL_HOST}
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: nextcloud
+          servicePort: http

kustomize/bases/nextcloud/kustomization.yaml

@@ -1,6 +1,7 @@
 resources:
   - nextcloud-deployment.yaml
   - nextcloud-cronjob.yaml
+  - ingress.yaml
 
 secretGenerator:
   - name: mariadb-credentials-secret
@@ -10,6 +11,3 @@ secretGenerator:
       - database=nextcloud
       - username=nextcloud
       - password=replaceme
-
-commonlabels:
-  app: nextcloud

kustomize/bases/nextcloud/nextcloud-deployment.yaml

@@ -73,27 +73,4 @@ spec:
     - name: http
       protocol: TCP
       port: 80
-      targetPort: http
----
-apiVersion: networking.k8s.io/v1beta1
-kind: Ingress
-metadata:
-  name: nextcloud
-  labels:
-    app: nextcloud
-  annotations:
-    nginx.ingress.kubernetes.io/rewrite-target: /
-    cert-manager.io/cluster-issuer: letsencrypt
-spec:
-  tls:
-    - hosts:
-        - nextcloud.127.0.0.1.nip.io
-      secretName: letsencrypt-cert
-  rules:
-  - host: nextcloud.127.0.0.1.nip.io
-    http:
-      paths:
-      - path: /
-        backend:
-          serviceName: nextcloud
-          servicePort: http
+      targetPort: http

kustomize/overlays/dev-auto-deploy/kustomization.yaml

@@ -2,6 +2,6 @@ bases:
   - ../../namespaces/cert-manager
   - ../../namespaces/ingress-nginx
 
-# allow "kubectl apply -l managed-by=k3s --prune ..."
+# allow "kubectl apply -l managed-by=auto-deploy --prune ..."
 commonlabels:
   managed-by: auto-deploy

kustomize/overlays/dev/kustomization.yaml

@@ -21,55 +21,12 @@ secretGenerator:
 #       - client_id=749cde98-9b3b-4e19-8933-2937e12625f2
 #       - client_secret=12wTErChjQQW3CGEzbDMiSxEt08i-abeB0pbRbXEKKg=
 
-patchesJson6902:
-  - target: &ingress_target
-      group: networking.k8s.io
-      version: v1beta1
-      kind: Ingress
-      name: gitea
-    patch: |-
-      - op: replace
-        path: /spec/tls/0/hosts/0
-        value: gitea.staging.badjware.dev
-      - op: replace
-        path: /spec/rules/0/host
-        value: gitea.staging.badjware.dev
-  - target:
-      <<: *ingress_target
-      name: grafana
-    patch: |-
-      - op: replace
-        path: /spec/tls/0/hosts/0
-        value: grafana.staging.badjware.dev
-      - op: replace
-        path: /spec/rules/0/host
-        value: grafana.staging.badjware.dev
-  - target:
-      <<: *ingress_target
-      name: nextcloud
-    patch: |-
-      - op: replace
-        path: /spec/tls/0/hosts/0
-        value: nextcloud.staging.badjware.dev
-      - op: replace
-        path: /spec/rules/0/host
-        value: nextcloud.staging.badjware.dev
-  - target:
-      <<: *ingress_target
-      name: drone
-    patch: |-
-      - op: replace
-        path: /spec/tls/0/hosts/0
-        value: drone.staging.badjware.dev
-      - op: replace
-        path: /spec/rules/0/host
-        value: drone.staging.badjware.dev
-
 # allow "kubectl apply -l managed-by=kustomize --prune ..."
 commonlabels:
   managed-by: kustomize
 
 transformers:
+  - placeholders.yaml
   - ssm-secrets.yaml
 
 configurations:

kustomize/overlays/dev/placeholders.txt

@@ -0,0 +1,5 @@
+DRONE_EXTERNAL_HOST=drone.localhost
+GITEA_EXTERNAL_HOST=gitea.localhost
+GRAFANA_EXTERNAL_HOST=grafana.localhost
+KUBERNETES_DASHBOARD_EXTERNAL_HOST=kubernetes-dashboard.localhost
+NEXTCLOUD_EXTERNAL_HOST=nextcloud.localhost

kustomize/overlays/dev/placeholders.yaml

@@ -0,0 +1,5 @@
+apiVersion: badjware/v1
+kind: PlaceholderTransformer
+metadata:
+  name: placeholders
+placeholdersFile: placeholders.txt

kustomize/overlays/dev/ssm-secrets.yaml

@@ -1,4 +1,6 @@
 apiVersion: badjware/v1
 kind: SSMParameterPlaceholderTransformer
 metadata:
-  name: ssm-parameter
+  name: ssm-parameter
+resourceSelectors:
+  - kind: Secret