badjware
/
home-stack-kustomize
1
0
Fork 0
Code Releases Activity

gitea dev config

This commit is contained in:
Massaki Archambault 2021-08-26 12:42:21 -04:00
parent 0678bbd56d
commit 89c09df7bf
27 changed files with 280 additions and 234 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

84
Makefile
View File

@ -4,58 +4,74 @@ KUSTOMIZEFLAGS = --enable_alpha_plugins
KUBECTL = kubectl
KUBECTLFLAGS =
KUBECTLDIFFFLAGS =
KUBECTLAPPLYFLAGS = -l managed-by=kustomize --prune
KUBECTLAPPLYFLAGS = --prune
SRC := $(shell find kustomize/ -type f)
OUTDIR = build
DEVOUT = $(OUTDIR)/dev
DEVMANIFESTSRC = kustomize/overlays/dev
DEVMANIFESTOUT = $(DEVOUT)/manifest.yaml
DEVCLUSTERSRC = kustomize/overlays/dev-cluster
DEVCLUSTEROUT = $(DEVOUT)/cluster.yaml
PRODOUT = $(OUTDIR)/prod
PRODMANIFESTOUT = $(PRODOUT)/manifest.yaml
PRODMANIFESTSRC = kustomize/overlays/prod
PRODCLUSTERTOUT = $(PRODOUT)/cluster.yaml
PRODCLUSTERTSRC = kustomize/overlays/prod-cluster
ifeq ($(environment),prod)
environment = prod
# prod
KUSTOMIZEDIR = kustomize/overlays/prod
KUSTOMIZEOUT = $(OUTDIR)/$(environment)/manifest.yaml
# auto-deploy
KUSTOMIZEDIRALL = kustomize/overlays/prod-auto-deploy
KUSTOMIZEOUTALL = $(OUTDIR)/$(environment)/auto-deploy.yaml
ENVOUTDIR = $(PRODOUT)
ENVOUTFILE = $(PRODMANIFESTOUT) $(PRODCLUSTERTOUT)
else
environment = dev
# dev
#KUBECTLFLAGS += --kubeconfig kubectl/kubeconfig.yaml
KUSTOMIZEDIR = kustomize/overlays/dev
KUSTOMIZEOUT = $(OUTDIR)/$(environment)/manifest.yaml
# auto-deploy
KUSTOMIZEDIRALL = kustomize/overlays/dev-auto-deploy
KUSTOMIZEOUTALL = $(OUTDIR)/$(environment)/auto-deploy.yaml
ENVOUTDIR = $(DEVOUT)
ENVOUTFILE = $(DEVMANIFESTOUT) $(DEVCLUSTERTOUT)
endif
.PHONY: all info auto-deploy clean diff apply
.PHONY: diff
diff: $(environment)
$(KUBECTL) $(KUBECTLFLAGS) diff $(KUBECTLDIFFFLAGS) -f $(ENVOUTDIR) | highlight --out-format xterm256 --syntax diff
all: info $(KUSTOMIZEOUTALL) $(KUSTOMIZEOUT)
.PHONY: apply
apply: $(environment)
$(KUBECTL) $(KUBECTLFLAGS) apply -l managed-by=kustomize-cluster -f $(ENVOUTDIR)
$(KUBECTL) $(KUBECTLFLAGS) apply -l managed-by=kustomize -f $(ENVOUTDIR)
info:
@echo "Building for" $(environment)
$(KUSTOMIZE) version
.PHONY: all dev prod
all: dev prod
dev: $(DEVMANIFESTOUT) $(DEVCLUSTEROUT)
prod: $(PRODMANIFESTOUT) $(PRODCLUSTEROUT)
$(DEVMANIFESTOUT): $(SRC)
mkdir -p $(DEVOUT)
$(KUSTOMIZE) build $(KUSTOMIZEFLAGS) $(DEVMANIFESTSRC) >$(DEVMANIFESTOUT) || (rm $(DEVMANIFESTOUT); exit 1)
$(DEVCLUSTEROUT): $(SRC)
mkdir -p $(DEVOUT)
$(KUSTOMIZE) build $(KUSTOMIZEFLAGS) $(DEVCLUSTERSRC) >$(DEVCLUSTEROUT) || (rm $(DEVCLUSTEROUT); exit 1)
$(PRODMANIFESTOUT): $(SRC)
mkdir -p $(PRODOUT)
$(KUSTOMIZE) build $(KUSTOMIZEFLAGS) $(PRODMANIFESTSRC) >$(PRODMANIFESTOUT) || (rm $(PRODMANIFESTOUT); exit 1)
$(PRODCLUSTEROUT): $(SRC)
mkdir -p $(PRODOUT)
$(KUSTOMIZE) build $(KUSTOMIZEFLAGS) $(PRODCLUSTERSRC) >$(PRODCLUSTEROUT) || (rm $(PRODCLUSTEROUT); exit 1)
.PHONY: clean
clean:
rm -r $(OUTDIR)
auto-deploy: $(KUSTOMIZEOUTALL)
# $(KUSTOMIZEOUTALL): $(SRC)
# @mkdir -p $(dir $(KUSTOMIZEOUTALL))
# $(KUSTOMIZE) build $(KUSTOMIZEFLAGS) $(KUSTOMIZEDIRALL) >$(KUSTOMIZEOUTALL) || (rm $(KUSTOMIZEOUTALL); exit 1)
$(KUSTOMIZEOUTALL): $(SRC)
@mkdir -p $(dir $(KUSTOMIZEOUTALL))
$(KUSTOMIZE) build $(KUSTOMIZEFLAGS) $(KUSTOMIZEDIRALL) >$(KUSTOMIZEOUTALL) || (rm $(KUSTOMIZEOUTALL); exit 1)
# $(KUSTOMIZEOUT): $(SRC)
# @mkdir -p $(dir $(KUSTOMIZEOUT))
# $(KUSTOMIZE) build $(KUSTOMIZEFLAGS) $(KUSTOMIZEDIR) >$(KUSTOMIZEOUT) || (rm $(KUSTOMIZEOUT); exit 1)
$(KUSTOMIZEOUT): $(SRC)
@mkdir -p $(dir $(KUSTOMIZEOUT))
$(KUSTOMIZE) build $(KUSTOMIZEFLAGS) $(KUSTOMIZEDIR) >$(KUSTOMIZEOUT) || (rm $(KUSTOMIZEOUT); exit 1)
diff: $(KUSTOMIZEOUT)
$(KUBECTL) $(KUBECTLFLAGS) diff $(KUBECTLDIFFFLAGS) -f $(KUSTOMIZEOUT)
apply: $(KUSTOMIZEOUT)
$(KUBECTL) $(KUBECTLFLAGS) apply $(KUBECTLAPPLYFLAGS) -f $(KUSTOMIZEOUT)

2
kustomize/bases/drone/drone-runner-deployment.yaml
View File

@ -18,7 +18,7 @@ spec:
spec:
containers:
- name: drone
image: drone/drone-runner-kube:1.0.0-beta.3
image: drone/drone-runner-kube
env:
- name: DRONE_RPC_HOST
value: drone.gitea.svc

29
kustomize/bases/drone/drone-server-deployment.yaml
View File

@ -18,10 +18,12 @@ spec:
spec:
containers:
- name: drone
image: drone/drone:1.7.0
image: drone/drone
env:
- name: DRONE_SERVER_HOST
value: ${DRONE_EXTERNAL_HOST}
- name: DRONE_SERVER_PROTO
value: https
- name: DRONE_GITEA_SERVER
value: https://${GITEA_EXTERNAL_HOST}
- name: DRONE_GITEA_CLIENT_ID
@ -57,27 +59,4 @@ spec:
- name: http
protocol: TCP
port: 80
targetPort: http
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: drone
labels:
app: drone
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
cert-manager.io/cluster-issuer: letsencrypt
spec:
tls:
- hosts:
- drone.127.0.0.1.nip.io
secretName: letsencrypt-cert
rules:
- host: drone.127.0.0.1.nip.io
http:
paths:
- path: /
backend:
serviceName: drone
servicePort: http
targetPort: http

25
kustomize/bases/drone/drone-server-ingress.yaml Normal file
View File

@ -0,0 +1,25 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: drone
labels:
app: drone
annotations:
# nginx.ingress.kubernetes.io/rewrite-target: /
# cert-manager.io/cluster-issuer: letsencrypt
spec:
# tls:
# - hosts:
# - ${GITEA_EXTERNAL_HOST}
# secretName: letsencrypt-cert
rules:
- host: ${DRONE_EXTERNAL_HOST}
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: drone
port:
name: http

14
kustomize/bases/drone/kustomization.yaml
View File

@ -1,3 +1,15 @@
resources:
- drone-runner-deployment.yaml
- drone-server-deployment.yaml
- drone-runner-deployment.yaml
- drone-server-ingress.yaml
secretGenerator:
- name: drone-secret
type: Opaque
literals:
- rpc_secret=changeme
- name: drone-gitea-oauth-secret
type: Opaque
literals:
- client_id=changeme
- client_secret=changeme

108
kustomize/bases/gitea/gitea-deployment.yaml
View File

@ -5,6 +5,7 @@ metadata:
labels:
app: gitea
spec:
replicas: 1 # replica count must be set to 1 in database is sqlite
selector:
matchLabels:
app: gitea
@ -15,10 +16,10 @@ spec:
spec:
containers:
- name: gitea
image: gitea/gitea:1.11.4
image: gitea/gitea
env:
- name: INSTALL_LOCK
value: "yes"
# - name: INSTALL_LOCK
# value: "yes"
- name: DISABLE_REGISTRATION
value: "yes"
- name: APP_NAME
@ -29,28 +30,28 @@ spec:
value: https://${GITEA_EXTERNAL_HOST}
- name: SSH_DOMAIN
value: ${GITEA_EXTERNAL_HOST}
- name: DB_TYPE
value: postgres
- name: DB_HOST
valueFrom:
secretKeyRef:
name: postgres-credentials-secret
key: host
- name: DB_NAME
valueFrom:
secretKeyRef:
name: postgres-credentials-secret
key: database
- name: DB_USER
valueFrom:
secretKeyRef:
name: postgres-credentials-secret
key: username
- name: DB_PASSWD
valueFrom:
secretKeyRef:
name: postgres-credentials-secret
key: password
# - name: DB_TYPE
# value: postgres
# - name: DB_HOST
# valueFrom:
# secretKeyRef:
# name: postgres-credentials-secret
# key: host
# - name: DB_NAME
# valueFrom:
# secretKeyRef:
# name: postgres-credentials-secret
# key: database
# - name: DB_USER
# valueFrom:
# secretKeyRef:
# name: postgres-credentials-secret
# key: username
# - name: DB_PASSWD
# valueFrom:
# secretKeyRef:
# name: postgres-credentials-secret
# key: password
ports:
- name: http
containerPort: 3000
@ -63,22 +64,22 @@ spec:
- name: gitea-data
persistentVolumeClaim:
claimName: gitea-data
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: gitea-data-nfs
labels:
app: gitea
spec:
accessModes:
- ReadWriteMany
capacity:
storage: 100Mi
nfs:
server: nfs-localhost
path: /gitea
mountOptions: ["vers=4"]
# ---
# apiVersion: v1
# kind: PersistentVolume
# metadata:
# name: gitea-data-nfs
# labels:
# app: gitea
# spec:
# accessModes:
# - ReadWriteMany
# capacity:
# storage: 100Mi
# nfs:
# server: nfs-localhost
# path: /gitea
# mountOptions: ["vers=4"]
---
apiVersion: v1
kind: PersistentVolumeClaim
@ -87,20 +88,20 @@ metadata:
labels:
app: gitea
spec:
storageClassName: ""
# storageClassName: ""
accessModes:
- ReadWriteMany
- ReadWriteOnce
resources:
requests:
storage: 100Mi
selector:
matchLabels:
app: gitea
# selector:
# matchLabels:
# app: gitea
---
apiVersion: v1
kind: Service
metadata:
name: gitea-http
name: gitea
labels:
app: gitea
spec:
@ -111,18 +112,7 @@ spec:
protocol: TCP
port: 80
targetPort: http
---
apiVersion: v1
kind: Service
metadata:
name: gitea-ssh
labels:
app: gitea
spec:
selector:
app: gitea
ports:
- name: ssh
protocol: TCP
port: 22
targetPort: ssh
targetPort: ssh

25
kustomize/bases/gitea/gitea-ingress.yaml Normal file
View File

@ -0,0 +1,25 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: gitea
labels:
app: gitea
annotations:
# nginx.ingress.kubernetes.io/rewrite-target: /
# cert-manager.io/cluster-issuer: letsencrypt
spec:
# tls:
# - hosts:
# - ${GITEA_EXTERNAL_HOST}
# secretName: letsencrypt-cert
rules:
- host: ${GITEA_EXTERNAL_HOST}
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: gitea
port:
name: http

22
kustomize/bases/gitea/ingress.yaml
View File

@ -1,22 +0,0 @@
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: gitea
labels:
app: gitea
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
cert-manager.io/cluster-issuer: letsencrypt
spec:
tls:
- hosts:
- ${GITEA_EXTERNAL_HOST}
secretName: letsencrypt-cert
rules:
- host: ${GITEA_EXTERNAL_HOST}
http:
paths:
- path: /
backend:
serviceName: gitea-http
servicePort: http

29
kustomize/bases/gitea/kustomization.yaml
View File

@ -1,22 +1,13 @@
resources:
- gitea-deployment.yaml
- ingress.yaml
- gitea-ingress.yaml
secretGenerator:
- name: postgres-credentials-secret
type: Opaque
behavior: create
literals:
- host=172.18.1.2:5432
- database=gitea
- username=gitea
- password=changeme
- name: drone-secret
type: Opaque
literals:
- rpc_secret=changeme
- name: drone-gitea-oauth-secret
type: Opaque
literals:
- client_id=changeme
- client_secret=changeme
# secretGenerator:
# - name: postgres-credentials-secret
# type: Opaque
# behavior: create
# literals:
# - host=172.18.1.2:5432
# - database=gitea
# - username=gitea
# - password=changeme

0
kustomize/bases/kubernetes-dashboard/kubernetes-dashboard-admin-user.yaml → kustomize/bases/kubernetes-dashboard/dashboard-admin-user.yaml
View File

27
kustomize/bases/kubernetes-dashboard/dashboard-ingress.yaml Normal file
View File

@ -0,0 +1,27 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: kubernetes-dashboard
labels:
app: kubernetes-dashboard
annotations:
# nginx.ingress.kubernetes.io/rewrite-target: /
# nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
# ingress.kubernetes.io/protocol: https
# cert-manager.io/cluster-issuer: letsencrypt
spec:
# tls:
# - hosts:
# - ${GITEA_EXTERNAL_HOST}
# secretName: letsencrypt-cert
rules:
- host: ${KUBERNETES_DASHBOARD_EXTERNAL_HOST}
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: kubernetes-dashboard
port:
number: 443

23
kustomize/bases/kubernetes-dashboard/ingress.yaml
View File

@ -1,23 +0,0 @@
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: kubernetes-dashboard
labels:
app: kubernetes-dashboard
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
cert-manager.io/cluster-issuer: letsencrypt
spec:
tls:
- hosts:
- ${KUBERNETES_DASHBOARD_EXTERNAL_HOST}
secretName: letsencrypt-cert
rules:
- host: ${KUBERNETES_DASHBOARD_EXTERNAL_HOST}
http:
paths:
- path: /
backend:
serviceName: kubernetes-dashboard
servicePort: 443

7
kustomize/bases/kubernetes-dashboard/kubernetes-dashboard.yaml
View File

@ -1,7 +0,0 @@
apiVersion: badjware/v1
kind: RemoteResources
metadata:
name: kubernetes-dashboard
resources:
- url: https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml
sha256: d8b96dfa27da511d5116fc3583281dd1da709c3c6e07b033e4f3424bc2ab64c8

8
kustomize/bases/kubernetes-dashboard/kustomization.yaml
View File

@ -1,8 +1,6 @@
resources:
- kubernetes-dashboard-admin-user.yaml
- ingress.yaml
generators:
- kubernetes-dashboard.yaml
- https://raw.githubusercontent.com/kubernetes/dashboard/v2.3.1/aio/deploy/recommended.yaml
- dashboard-admin-user.yaml
- dashboard-ingress.yaml
namespace: kubernetes-dashboard

2
kustomize/bases/traefik/kustomization.yaml Normal file
View File

@ -0,0 +1,2 @@
resources:
- traefik-helmchartconfig.yaml

11
kustomize/bases/traefik/traefik-helmchartconfig.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
name: traefik
spec:
valuesContent: |-
additionalArguments:
- '--serversTransport.insecureSkipVerify=true'
ports:
web:
redirectTo: websecure

2
kustomize/namespaces/cert-manager/kustomization.yaml
View File

@ -1,4 +1,4 @@
bases:
- ../../bases/cert-manager
# namespace: cert-manager
namespace: cert-manager

1
kustomize/namespaces/gitea/kustomization.yaml
View File

@ -1,5 +1,6 @@
bases:
- ../../bases/gitea
- ../../bases/drone
# - ../../base/postgres
resources:

3
kustomize/namespaces/kube-system/kustomization.yaml
View File

@ -1,4 +1,5 @@
bases:
- ../../bases/ingress-nginx
- ../../bases/traefik
# - ../../bases/ingress-nginx
namespace: kube-system

4
kustomize/namespaces/kubernetes-dashboard/kustomization.yaml Normal file
View File

@ -0,0 +1,4 @@
bases:
- ../../bases/kubernetes-dashboard
namespace: kubernetes-dashboard

7
kustomize/overlays/dev-auto-deploy/kustomization.yaml
View File

@ -1,7 +0,0 @@
bases:
- ../../namespaces/kube-system
- ../../namespaces/cert-manager
# allow "kubectl apply -l managed-by=auto-deploy --prune ..."
commonlabels:
managed-by: auto-deploy

7
kustomize/overlays/dev-cluster/kustomization.yaml Normal file
View File

@ -0,0 +1,7 @@
bases:
- ../../namespaces/kube-system
# - ../../namespaces/cert-manager
# allow "kubectl apply -l managed-by=cluster --prune ..."
commonlabels:
managed-by: kustomize-cluster

52
kustomize/overlays/dev/kustomization.yaml
View File

@ -1,33 +1,49 @@
bases:
- ../../namespaces/kubernetes-dashboard
- ../../namespaces/gitea
# - ../../namespaces/grafana
- ../../namespaces/nextcloud
# - ../../namespaces/nextcloud
# resources:
# - cert-manager/clusterissuer.yaml
images:
- name: gitea/gitea
newtag: 1.15.0
- name: drone/drone
newtag: 2.0.6
- name: drone/drone-runner-kube
newtag: 1.0.0-beta.9
resources:
- cert-manager/clusterissuer.yaml
secretGenerator:
- name: digitalocean-api-key
type: Opaque
namespace: cert-manager
literals:
- access-token=${ssm:/prod/digitalocean/api_token}
# - name: drone-gitea-oauth-secret
# - name: digitalocean-api-key
# type: Opaque
# namespace: gitea
# behavior: replace
# namespace: cert-manager
# literals:
# - client_id=749cde98-9b3b-4e19-8933-2937e12625f2
# - client_secret=12wTErChjQQW3CGEzbDMiSxEt08i-abeB0pbRbXEKKg=
# - access-token=${ssm:/prod/digitalocean/api_token}
- name: drone-secret
type: Opaque
namespace: gitea
behavior: replace
literals:
- rpc_secret=9128146e66f104873df80dad3ef12cf0
# https://docs.drone.io/server/provider/gitea/
- name: drone-gitea-oauth-secret
type: Opaque
namespace: gitea
behavior: replace
literals:
- client_id=6c0c6878-baf1-4648-b0cf-69eeae69e692
- client_secret=Q78VsgyfgTzKrvQEmokEMj84g7epKrlBpmDjcbhKXCIh
# allow "kubectl apply -l managed-by=kustomize --prune ..."
commonlabels:
managed-by: kustomize
transformers:
- placeholders.yaml
- ssm-secrets.yaml
- transformers/placeholders.yaml
- transformers/ssm-secrets.yaml
configurations:
- cert-manager/kustomizeconfig.yaml
# configurations:
# - cert-manager/kustomizeconfig.yaml

10
kustomize/overlays/dev/placeholders.txt
View File

@ -1,5 +1,5 @@
DRONE_EXTERNAL_HOST=drone.local.badjware.dev
GITEA_EXTERNAL_HOST=gitea.local.badjware.dev
GRAFANA_EXTERNAL_HOST=grafana.local.badjware.dev
KUBERNETES_DASHBOARD_EXTERNAL_HOST=kubernetes-dashboard.local.badjware.dev
NEXTCLOUD_EXTERNAL_HOST=nextcloud.local.badjware.dev
DRONE_EXTERNAL_HOST=drone.localhost
GITEA_EXTERNAL_HOST=gitea.localhost
GRAFANA_EXTERNAL_HOST=grafana.localhost
KUBERNETES_DASHBOARD_EXTERNAL_HOST=kubernetes-dashboard.localhost
NEXTCLOUD_EXTERNAL_HOST=nextcloud.localhost

0
kustomize/overlays/dev/placeholders.yaml → kustomize/overlays/dev/transformers/placeholders.yaml
View File

0
kustomize/overlays/dev/ssm-secrets.yaml → kustomize/overlays/dev/transformers/ssm-secrets.yaml
View File

12
setup-dev-cluster.sh
View File

@ -4,8 +4,8 @@ cluster_name='local'
k3s_registry_config="$HOME/.config/k3d/registries.yaml"
# generate manifest to be deployed on boot
make auto-deploy
auto_deploy_manifest="$(dirname "$(readlink -f "$0")")/build/dev/auto-deploy.yaml"
# make cluster
# auto_deploy_manifest="$(dirname "$(readlink -f "$0")")/build/dev/cluster.yaml"
# cluster registry configuration
if [[ ! -f "$k3s_registry_cofing" ]]; then
@ -25,13 +25,12 @@ if ! k3d cluster list "$cluster_name" &>/dev/null; then
k3d cluster create "$cluster_name" \
--servers 1 \
--agents 3 \
--k3s-server-arg '--no-deploy=traefik' \
--volume "$k3s_registry_config:/etc/rancher/k3s/registries.yaml" \
-p 80:80@loadbalancer \
-p 443:443@loadbalancer
sleep 10
fi
# --volume ":/var/lib/rancher/k3s/server/manifests/auto-deploy.yaml" \
# --volume ":/var/lib/rancher/k3s/server/manifests/cluster.yaml" \
# local docker registry
if ! docker ps -a | grep registry-localhost &>/dev/null; then
@ -82,6 +81,7 @@ if ! docker ps -a | grep nfs-localhost &>/dev/null; then
sleep 10
fi
k3d kubeconfig merge "$cluster_name" --switch-context >/dev/null
kubectl apply -f "$auto_deploy_manifest"
# k3d kubeconfig merge "$cluster_name" --switch-context >/dev/null
# kubectl apply -f "$auto_deploy_manifest"
kubectl config use-context "k3d-$cluster_name"
kubectl get nodes