badjware
/
home-stack-kustomize
1
0
Fork 0
Code Releases Activity

Compare commits

base: badjware:e5a4272042d38153c6aad203c7c82e1b8339c678
Branches Tags
badjware:master
...
compare: badjware:251f012e9ae112fcc39b5b11f140faab3cf01ca6
Branches Tags
badjware:master

3 Commits
e5a4272042 ... 251f012e9a

Author SHA1 Message Date
Massaki Archambault 251f012e9a fix gitea configuration, install external-secrets 2023-02-07 00:02:13 -05:00
Massaki Archambault 77644f5240 remove placeholdertransformer 2023-02-06 10:31:21 -05:00
Massaki Archambault 17e553fce4 replace "bases" with "resources", add buildmetadata 2023-02-04 23:24:50 -05:00
21 changed files with 200 additions and 56 deletions
Show Stats Expand all files Collapse all files

2
kustomize/bases/drone-runner/drone-runner-deployment.yaml
View File

@ -25,7 +25,7 @@ spec:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
- name: DRONE_RPC_HOST - name: DRONE_RPC_HOST
value: drone-server.$(DRONE_NAMESPACE_DEFAULT).svc.cluster.local value: drone-server.gitea.svc.cluster.local # TODO: not hardcode
- name: DRONE_RPC_PROTO - name: DRONE_RPC_PROTO
value: http value: http
- name: DRONE_RPC_SECRET - name: DRONE_RPC_SECRET

4
kustomize/bases/drone-server/drone-server-deployment.yaml
View File

@ -23,14 +23,14 @@ spec:
- name: drone - name: drone
image: drone/drone image: drone/drone
env: env:
- name: DRONE_GITEA_SERVER
value: https://${GITEA_EXTERNAL_HOST}
- name: DRONE_SERVER_HOST - name: DRONE_SERVER_HOST
value: ${DRONE_EXTERNAL_HOST} value: ${DRONE_EXTERNAL_HOST}
- name: DRONE_SERVER_PORT - name: DRONE_SERVER_PORT
value: ":80" value: ":80"
- name: DRONE_SERVER_PROTO - name: DRONE_SERVER_PROTO
value: https value: https
- name: DRONE_GITEA_SERVER
value: https://${GITEA_EXTERNAL_HOST}
- name: DRONE_GITEA_CLIENT_ID - name: DRONE_GITEA_CLIENT_ID
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:

12
kustomize/bases/external-secrets/external-secrets-helmchart.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: external-secrets
namespace: kube-system
spec:
repo: https://charts.external-secrets.io
chart: external-secrets
version: 0.7.2
targetNamespace: external-secrets
set:
installCRDs: "true"

4
kustomize/bases/external-secrets/external-secrets-namespace.yaml Normal file
View File

@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: external-secrets

6
kustomize/bases/external-secrets/kustomization.yaml Normal file
View File

@ -0,0 +1,6 @@
resources:
- external-secrets-namespace.yaml
- external-secrets-helmchart.yaml
commonLabels:
app.kubernetes.io/name: external-secrets

8
kustomize/bases/gitea/gitea-deployment.yaml
View File

@ -20,12 +20,14 @@ spec:
- name: gitea - name: gitea
image: gitea/gitea image: gitea/gitea
env: env:
- name: GITEA__SERVER__ROOT_URL
value: https://${GITEA_EXTERNAL_HOST}
- name: GITEA__WEBHOOK_ALLOWED_HOST_LIST
value: ${DRONE_EXTERNAL_HOST}
- name: GITEA__DEFAULT__APP_NAME - name: GITEA__DEFAULT__APP_NAME
value: Badjware's code stash value: Badjware's code stash
- name: GITEA__SERVICE__DISABLE_REGISTRATION - name: GITEA__SERVICE__DISABLE_REGISTRATION
value: "yes" value: "yes"
- name: GITEA__SERVER__ROOT_URL
value: https://${GITEA_EXTERNAL_HOST}
- name: GITEA__SERVER__SSH_DOMAIN - name: GITEA__SERVER__SSH_DOMAIN
value: ${GITEA_EXTERNAL_HOST} value: ${GITEA_EXTERNAL_HOST}
- name: GITEA__SERVER__SSH_PORT - name: GITEA__SERVER__SSH_PORT
@ -36,8 +38,6 @@ spec:
value: repo.wiki value: repo.wiki
- name: GITEA__REPOSITORY__DEFAULT_REPO_UNITS - name: GITEA__REPOSITORY__DEFAULT_REPO_UNITS
value: repo.code,repo.releases value: repo.code,repo.releases
- name: GITEA__WEBHOOK_ALLOWED_HOST_LIST
value: ${DRONE_EXTERNAL_HOST}
ports: ports:
- name: http - name: http
containerPort: 3000 containerPort: 3000

2
kustomize/bases/longhorn/longhorn-helmchart.yaml
View File

@ -10,6 +10,7 @@ spec:
targetNamespace: longhorn-system targetNamespace: longhorn-system
set: set:
backupTargetCredentialSecret: s3-backupstore-credentials backupTargetCredentialSecret: s3-backupstore-credentials
ingress.host: ${LONGHORN_EXTERNAL_HOST}
valuesContent: |- valuesContent: |-
defaultSettings: defaultSettings:
backupTarget: s3://longhorn-backups@home/ backupTarget: s3://longhorn-backups@home/
@ -27,4 +28,3 @@ spec:
operator: Exists operator: Exists
ingress: ingress:
enabled: true enabled: true
host: ${LONGHORN_EXTERNAL_HOST}

4
kustomize/bases/nextcloud/kustomization.yaml
View File

@ -1,8 +1,6 @@
bases: resources:
- ../postgres - ../postgres
- ../redis - ../redis
resources:
- nextcloud-deployment.yaml - nextcloud-deployment.yaml
- nextcloud-ingress.yaml - nextcloud-ingress.yaml

2
kustomize/bases/prometheus-operator/kustomization.yaml
View File

@ -1,5 +1,7 @@
resources: resources:
- https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.50/bundle.yaml - https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.50/bundle.yaml
namespace: kube-system
commonLabels: commonLabels:
app.kubernetes.io/part-of: monitoring app.kubernetes.io/part-of: monitoring

2
kustomize/bases/traefik/kustomization.yaml
View File

@ -4,5 +4,7 @@ resources:
- traefik-helmchartconfig.yaml - traefik-helmchartconfig.yaml
- traefik-ingress.yaml - traefik-ingress.yaml
namespace: kube-system
commonLabels: commonLabels:
app.kubernetes.io/name: traefik app.kubernetes.io/name: traefik

6
kustomize/namespaces/gitea/kustomization.yaml
View File

@ -1,9 +1,7 @@
bases: resources:
- namespace.yaml
- ../../bases/gitea - ../../bases/gitea
- ../../bases/drone-server - ../../bases/drone-server
- ../../bases/drone-runner - ../../bases/drone-runner
resources:
- namespace.yaml
namespace: gitea namespace: gitea

5
kustomize/namespaces/kube-system/kustomization.yaml
View File

@ -1,5 +1,4 @@
bases: resources:
- ../../bases/traefik - ../../bases/traefik
- ../../bases/prometheus-operator - ../../bases/prometheus-operator
- ../../bases/external-secrets
namespace: kube-system

2
kustomize/namespaces/kubernetes-dashboard/kustomization.yaml
View File

@ -1,4 +1,4 @@
bases: resources:
- ../../bases/kubernetes-dashboard - ../../bases/kubernetes-dashboard
namespace: kubernetes-dashboard namespace: kubernetes-dashboard

8
kustomize/namespaces/monitoring/kustomization.yaml
View File

@ -1,8 +1,9 @@
bases: resources:
- namespace.yaml
- ../../bases/prometheus - ../../bases/prometheus
# - ../../bases/node-exporter # - ../../bases/node-exporter
- ../../bases/blackbox-exporter - ../../bases/blackbox-exporter
- ../../bases/ecommerce-exporter # - ../../bases/ecommerce-exporter
- ../../bases/kube-state-metrics - ../../bases/kube-state-metrics
- ../../bases/grafana-agent - ../../bases/grafana-agent
- ../../bases/grafana - ../../bases/grafana
@ -14,7 +15,4 @@ bases:
# - servicemonitors/node-exporter.yaml # - servicemonitors/node-exporter.yaml
- probes/blackbox-exporter.yaml - probes/blackbox-exporter.yaml
resources:
- namespace.yaml
namespace: monitoring namespace: monitoring

4
kustomize/namespaces/nextcloud/kustomization.yaml
View File

@ -1,7 +1,5 @@
bases:
- ../../bases/nextcloud
resources: resources:
- namespace.yaml - namespace.yaml
- ../../bases/nextcloud
namespace: nextcloud namespace: nextcloud

44
kustomize/overlays/prod-cluster/kustomization.yaml
View File

@ -1,15 +1,23 @@
bases: resources:
- ../../namespaces/kube-system - ../../namespaces/kube-system
- ../../bases/longhorn - ../../bases/longhorn
# allow "kubectl apply -l app.kubernetes.io/managed-by=cluster --prune ..." buildMetadata:
- originAnnotations
commonLabels: commonLabels:
app.kubernetes.io/managed-by: kustomize-cluster app.kubernetes.io/managed-by: kustomize-cluster
transformers: transformers:
- transformers/placeholders.yaml
- transformers/ssm-secrets.yaml - transformers/ssm-secrets.yaml
configMapGenerator:
- name: cluster-replacements
namespace: default
literals:
- TRAEFIK_EXTERNAL_HOST=traefik.badjnet.home
- LONGHORN_EXTERNAL_HOST=longhorn.badjnet.home
secretGenerator: secretGenerator:
- name: s3-backupstore-credentials - name: s3-backupstore-credentials
type: Opaque type: Opaque
@ -18,4 +26,32 @@ secretGenerator:
literals: literals:
- AWS_ACCESS_KEY_ID=${ssm:/k3s/prod/longhorn/s3_access_key_id} - AWS_ACCESS_KEY_ID=${ssm:/k3s/prod/longhorn/s3_access_key_id}
- AWS_SECRET_ACCESS_KEY=${ssm:/k3s/prod/longhorn/s3_secret_access_key} - AWS_SECRET_ACCESS_KEY=${ssm:/k3s/prod/longhorn/s3_secret_access_key}
- AWS_ENDPOINTS=https://s3.badjware.dev - AWS_ENDPOINTS=https://s3.badjware.dev
replacements:
- source:
kind: ConfigMap
name: cluster-replacements
namespace: default
fieldPath: data.TRAEFIK_EXTERNAL_HOST
targets:
- select:
kind: Ingress
name: traefik
namespace: kube-system
fieldPaths:
- spec.rules.0.host
- source:
kind: ConfigMap
name: cluster-replacements
namespace: default
fieldPath: data.LONGHORN_EXTERNAL_HOST
targets:
- select:
kind: HelmChart
name: longhorn
namespace: kube-system
fieldPaths:
- spec.set.[ingress.host]
options:
create: true

2
kustomize/overlays/prod-cluster/placeholders.txt
View File

@ -1,2 +0,0 @@
TRAEFIK_EXTERNAL_HOST=traefik.badjnet.home
LONGHORN_EXTERNAL_HOST=longhorn.badjnet.home

5
kustomize/overlays/prod-cluster/transformers/placeholders.yaml
View File

@ -1,5 +0,0 @@
apiVersion: badjware/v1
kind: PlaceholderTransformer
metadata:
name: placeholders
placeholdersFile: placeholders.txt

122
kustomize/overlays/prod/kustomization.yaml
View File

@ -7,6 +7,9 @@ resources:
# resources: # resources:
# - probes/external-services-bobcat-miner.yaml # - probes/external-services-bobcat-miner.yaml
buildMetadata:
- originAnnotations
images: images:
- name: gitea/gitea - name: gitea/gitea
newTag: 1.16.9 newTag: 1.16.9
@ -30,11 +33,21 @@ images:
newTag: 6.2.5 newTag: 6.2.5
configMapGenerator: configMapGenerator:
- name: ecommerce-exporter-config - name: replacements
namespace: monitoring namespace: default
behavior: replace literals:
files: - GITEA_EXTERNAL_HOST=code.badjware.dev
- ecommerce-exporter.yml=configurations/ecommerce-exporter/ecommerce-exporter.yml - GITEA_EXTERNAL_URL=https://code.badjware.dev
- DRONE_EXTERNAL_HOST=drone.badjware.dev
- NEXTCLOUD_EXTERNAL_HOST=cloud.badjware.dev
- GRAFANA_EXTERNAL_HOST=grafana.badjware.dev
- PROMETHEUS_EXTERNAL_HOST=prometheus.badjnet.home
# - name: ecommerce-exporter-config
# namespace: monitoring
# behavior: replace
# files:
# - ecommerce-exporter.yml=configurations/ecommerce-exporter/ecommerce-exporter.yml
secretGenerator: secretGenerator:
- name: drone-secret - name: drone-secret
@ -96,7 +109,6 @@ commonLabels:
app.kubernetes.io/managed-by: kustomize app.kubernetes.io/managed-by: kustomize
transformers: transformers:
- transformers/placeholders.yaml
- transformers/ssm-secrets.yaml - transformers/ssm-secrets.yaml
patchesJson6902: patchesJson6902:
@ -113,3 +125,101 @@ patchesJson6902:
# patchesStrategicMerge: # patchesStrategicMerge:
# - patches/blackbox-exporter-probe-patch.yaml # - patches/blackbox-exporter-probe-patch.yaml
replacements:
- source:
kind: ConfigMap
name: replacements
namespace: default
fieldPath: data.GITEA_EXTERNAL_HOST
targets:
- select:
kind: Ingress
name: gitea
namespace: gitea
fieldPaths:
- spec.rules.0.host
- source:
kind: ConfigMap
name: replacements
namespace: default
fieldPath: data.GITEA_EXTERNAL_URL
targets:
- select:
kind: Deployment
name: gitea
namespace: gitea
fieldPaths:
- spec.template.spec.containers.0.env.0.value
- select:
kind: Deployment
name: drone-server
namespace: gitea
fieldPaths:
- spec.template.spec.containers.0.env.0.value
- source:
kind: ConfigMap
name: replacements
namespace: default
fieldPath: data.DRONE_EXTERNAL_HOST
targets:
- select:
kind: Ingress
name: drone
namespace: gitea
fieldPaths:
- spec.rules.0.host
- select:
kind: Deployment
name: drone-server
namespace: gitea
fieldPaths:
- spec.template.spec.containers.0.env.1.value
- select:
kind: Deployment
name: gitea
namespace: gitea
fieldPaths:
- spec.template.spec.containers.0.env.1.value
- select:
kind: Deployment
name: drone-server
namespace: gitea
fieldPaths:
- spec.template.spec.containers.0.env.1.value
- source:
kind: ConfigMap
name: replacements
namespace: default
fieldPath: data.NEXTCLOUD_EXTERNAL_HOST
targets:
- select:
kind: Ingress
name: nextcloud
namespace: nextcloud
fieldPaths:
- spec.rules.0.host
- source:
kind: ConfigMap
name: replacements
namespace: default
fieldPath: data.GRAFANA_EXTERNAL_HOST
targets:
- select:
kind: Ingress
name: grafana
namespace: monitoring
fieldPaths:
- spec.rules.0.host
- source:
kind: ConfigMap
name: replacements
namespace: default
fieldPath: data.PROMETHEUS_EXTERNAL_HOST
targets:
- select:
kind: Ingress
name: prometheus
namespace: monitoring
fieldPaths:
- spec.rules.0.host

7
kustomize/overlays/prod/placeholders.txt
View File

@ -1,7 +0,0 @@
GITEA_EXTERNAL_HOST=code.badjware.dev
DRONE_EXTERNAL_HOST=drone.badjware.dev
NEXTCLOUD_EXTERNAL_HOST=cloud.badjware.dev
GRAFANA_EXTERNAL_HOST=grafana.badjware.dev
KUBERNETES_DASHBOARD_EXTERNAL_HOST=kubernetes-dashboard.badjnet.home
PROMETHEUS_EXTERNAL_HOST=prometheus.badjnet.home

5
kustomize/overlays/prod/transformers/placeholders.yaml
View File

@ -1,5 +0,0 @@
apiVersion: badjware/v1
kind: PlaceholderTransformer
metadata:
name: placeholders
placeholdersFile: placeholders.txt