k8s/baseline
k8s/baseline
3
0
Fork 0
Code Issues 1 Pull requests Releases Activity

FEAT!: move to GitOps

Browse source 
* deploy ArgoCD via server-side Helm
* deploy baseline via ArgoCD Application
  * define all baseline tools as Helm Application
* omit ansible playbook
* update README
This commit is contained in:
Sebastian Mark 2022-03-31 17:42:55 +02:00
parent 669a27fff5
commit 194be3e7ca
17 changed files with 271 additions and 161 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
README.md
View file

@ -1,12 +1,14 @@
# Kubernetes Baseline
* [NGINX Ingress Controller](https://kubernetes.github.io/ingress-nginx/)
* [cert-manager](https://cert-manager.io/)
* [prometheus and grafana](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack)
* [loki](https://grafana.com/docs/loki/latest/)
Run `kubectl apply -f init.yml` to install:
* [ArgoCD](https://argoproj.github.io/cd/)
* [keel](https://keel.sh)
* [reloader](https://github.com/stakater/Reloader)
* [NGINX Ingress Controller](https://kubernetes.github.io/ingress-nginx/)
* [cert-manager](https://cert-manager.io/)
* [prometheus and grafana](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack)
* [loki](https://grafana.com/docs/loki/latest/)
* [keel](https://keel.sh)
* [reloader](https://github.com/stakater/Reloader)
## Notes

33
baseline.yml
View file

@ -1,33 +0,0 @@
# vim: filetype=yaml.ansible
---
- hosts: localhost
gather_facts: no
connection: local
tasks:
- name: load charts list and definition
include_vars:
dir: vars/helm/
ignore_unknown_extensions: yes
name: helm_charts
- name: add chart repos
kubernetes.core.helm_repository:
name: "{{ item.value.chart.split('/')[0] }}"
repo_url: "{{ item.value.url }}"
loop: "{{ helm_charts | dict2items }}"
- name: update helm repos
command: helm repo update
changed_when: no
- name: install charts
kubernetes.core.helm:
name: "{{ item.key }}"
chart_ref: "{{ item.value.chart }}"
chart_version: "{{ item.value.version|default(omit) }}"
values: "{{ item.value.vals|default(omit) }}"
release_namespace: "{{ item.value.namespace | default(item.key) }}"
create_namespace: true
loop: "{{ helm_charts | dict2items }}"
- name: apply post-install manifests
k8s:
src: "{{ item }}"
with_fileglob:
- files/*.yml

24
baseline/cert-manager.yml Normal file
View file

@ -0,0 +1,24 @@
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: cert-manager
namespace: argocd
spec:
project: baseline
destination:
server: https://kubernetes.default.svc
namespace: cert-manager
syncPolicy:
automated:
selfHeal: true
prune: true
syncOptions:
- CreateNamespace=true
source:
repoURL: https://charts.jetstack.io
chart: cert-manager
targetRevision: v1.7.2
helm:
values: |
installCRDs: true

0
files/grafana-provisioning.yml → baseline/grafana-ressources/nginx-dashboard.yml
View file

34
baseline/ingress-nginx.yml Normal file
View file

@ -0,0 +1,34 @@
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: ingress-nginx
namespace: argocd
spec:
project: baseline
destination:
server: https://kubernetes.default.svc
namespace: ingress-nginx
syncPolicy:
automated:
selfHeal: true
prune: true
syncOptions:
- CreateNamespace=true
source:
repoURL: https://kubernetes.github.io/ingress-nginx
chart: ingress-nginx
targetRevision: 4.0.18
helm:
values: |
controller:
image:
pullPolicy: Always
service:
externalTrafficPolicy: Local
metrics:
enabled: true
serviceMonitor:
enabled: true
additionalLabels:
release: monitoring # same as prometheus-community chart name

25
baseline/keel.yml Normal file
View file

@ -0,0 +1,25 @@
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: keel
namespace: argocd
spec:
project: baseline
destination:
server: https://kubernetes.default.svc
namespace: keel
syncPolicy:
automated:
selfHeal: true
prune: true
syncOptions:
- CreateNamespace=true
source:
repoURL: https://charts.keel.sh
chart: keel
targetRevision: 0.9.10
helm:
values: |
helmProvider:
enabled: false

46
baseline/loki.yml Normal file
View file

@ -0,0 +1,46 @@
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: loki
namespace: argocd
spec:
project: baseline
destination:
server: https://kubernetes.default.svc
namespace: metrics
syncPolicy:
automated:
selfHeal: true
prune: true
syncOptions:
- CreateNamespace=true
source:
repoURL: https://grafana.github.io/helm-charts
chart: loki-stack
targetRevision: 2.6.1
helm:
values: |
promtail:
extraScrapeConfigs:
- job_name: journal
journal:
path: /var/log/journal
max_age: 12h
labels:
job: systemd-journal
relabel_configs:
- source_labels:
- '__journal__systemd_unit'
target_label: 'unit'
- source_labels:
- '__journal__hostname'
target_label: 'hostname'
extraVolumes:
- name: journal
hostPath:
path: /var/log/journal
extraVolumeMounts:
- name: journal
mountPath: /var/log/journal
readOnly: true

61
baseline/monitoring.yml Normal file
View file

@ -0,0 +1,61 @@
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: prometheus-grafana
namespace: argocd
spec:
project: baseline
destination:
server: https://kubernetes.default.svc
namespace: metrics
syncPolicy:
automated:
selfHeal: true
prune: true
syncOptions:
- CreateNamespace=true
source:
repoURL: https://prometheus-community.github.io/helm-charts
chart: kube-prometheus-stack
targetRevision: 34.6.0
helm:
values: |
kubeProxy:
enabled: false
kubeScheduler:
enabled: false
kubeControllerManager:
enabled: false
alertmanager:
config:
global:
resolve_timeout: 5m
route:
group_by: ['alertname', 'cluster']
group_wait: 30s
group_interval: 5m
repeat_interval: 12h
receiver: 'pushover'
routes:
- receiver: 'null'
matchers:
- alertname="Watchdog"
- receiver: 'null'
matchers:
- alertname="InfoInhibitor"
receivers:
- name: 'null'
- name: 'pushover'
pushover_configs:
- user_key: x9PipXt1zGOU31OJH9Osv18BFrlRhw
token: aqvce1uukerhxhayxdq85wgtdh2c5r
prometheus:
prometheusSpec:
storageSpec:
volumeClaimTemplate:
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 10Gi

21
baseline/reloader.yml Normal file
View file

@ -0,0 +1,21 @@
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: reloader
namespace: argocd
spec:
project: baseline
destination:
server: https://kubernetes.default.svc
namespace: reloader
syncPolicy:
automated:
selfHeal: true
prune: true
syncOptions:
- CreateNamespace=true
source:
repoURL: https://stakater.github.io/stakater-charts
chart: reloader
targetRevision: v0.0.110

52
init.yml Normal file
View file

@ -0,0 +1,52 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: argocd
---
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: argocd
namespace: kube-system
spec:
repo: https://argoproj.github.io/argo-helm
chart: argo-cd
targetNamespace: argocd
valuesContent: |-
applicationSet:
enabled: false
notifications:
enabled: false
dex:
enabled: false
server:
replicas: 0
additionalProjects:
- name: baseline
namespace: argocd
sourceRepos:
- '*'
destinations:
- namespace: '*'
server: '*'
clusterResourceWhitelist:
- group: '*'
kind: '*'
additionalApplications:
- name: baseline
namespace: argocd
project: baseline
source:
repoURL: 'https://git.smsvc.net/k8s/pb_baseline.git'
targetRevision: HEAD
path: baseline/
directory:
recurse: true
destination:
server: 'https://kubernetes.default.svc'
namespace: argocd
syncPolicy:
automated:
prune: true
selfHeal: true

46
vars/helm/000-monitoring.yml
View file

@ -1,46 +0,0 @@
---
monitoring:
chart: prometheus-community/kube-prometheus-stack
url: https://prometheus-community.github.io/helm-charts
namespace: metrics
vals:
kubeProxy:
enabled: false
kubeScheduler:
enabled: false
kubeControllerManager:
enabled: false
alertmanager:
config:
global:
resolve_timeout: 5m
route:
group_by: ['alertname', 'cluster']
group_wait: 30s
group_interval: 5m
repeat_interval: 12h
receiver: 'pushover'
routes:
- receiver: 'null'
matchers:
- alertname="Watchdog"
- receiver: 'null'
matchers:
- alertname="InfoInhibitor"
receivers:
- name: 'null'
- name: 'pushover'
pushover_configs:
- user_key: x9PipXt1zGOU31OJH9Osv18BFrlRhw
token: aqvce1uukerhxhayxdq85wgtdh2c5r
templates:
- '/etc/alertmanager/config/*.tmpl'
prometheus:
prometheusSpec:
storageSpec:
volumeClaimTemplate:
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 10Gi

30
vars/helm/005-loki.yml
View file

@ -1,30 +0,0 @@
---
loki:
chart: grafana/loki-stack
url: https://grafana.github.io/helm-charts
namespace: metrics
vals:
promtail:
extraScrapeConfigs:
- job_name: journal
journal:
path: /var/log/journal
max_age: 12h
labels:
job: systemd-journal
relabel_configs:
- source_labels:
- '__journal__systemd_unit'
target_label: 'unit'
- source_labels:
- '__journal__hostname'
target_label: 'hostname'
extraVolumes:
- name: journal
hostPath:
path: /var/log/journal
extraVolumeMounts:
- name: journal
mountPath: /var/log/journal
readOnly: true

6
vars/helm/010-cert-manager.yml
View file

@ -1,6 +0,0 @@
---
cert-manager:
chart: jetstack/cert-manager
url: https://charts.jetstack.io
vals:
installCRDs: true

16
vars/helm/020-ingress-nginx.yml
View file

@ -1,16 +0,0 @@
---
ingress-nginx:
chart: ingress-nginx/ingress-nginx
url: https://kubernetes.github.io/ingress-nginx
vals:
controller:
image:
pullPolicy: Always
service:
externalTrafficPolicy: Local
metrics:
enabled: true
serviceMonitor:
enabled: true
additionalLabels:
release: monitoring # same as prometheus-community chart name

13
vars/helm/030-argocd.yml
View file

@ -1,13 +0,0 @@
---
argocd:
chart: argocd/argo-cd
url: https://argoproj.github.io/argo-helm
vals:
server:
replicas: 0
applicationSet:
enabled: false
notifications:
enabled: false
dex:
enabled: false

7
vars/helm/040-keel.yml
View file

@ -1,7 +0,0 @@
---
keel:
chart: keel/keel
url: https://charts.keel.sh
vals:
helmProvider:
enabled: false

4
vars/helm/050-reloader.yml
View file

@ -1,4 +0,0 @@
---
reloader:
chart: stakater/reloader
url: https://stakater.github.io/stakater-charts