From 194be3e7ca507b82a55335af98df59f930b690f5 Mon Sep 17 00:00:00 2001 From: Sebastian Mark Date: Thu, 31 Mar 2022 17:42:55 +0200 Subject: [PATCH] FEAT!: move to GitOps * deploy ArgoCD via server-side Helm * deploy baseline via ArgoCD Application * define all baseline tools as Helm Application * omit ansible playbook * update README --- README.md | 14 +++-- baseline.yml | 33 ---------- baseline/cert-manager.yml | 24 ++++++++ .../grafana-ressources/nginx-dashboard.yml | 0 baseline/ingress-nginx.yml | 34 +++++++++++ baseline/keel.yml | 25 ++++++++ baseline/loki.yml | 46 ++++++++++++++ baseline/monitoring.yml | 61 +++++++++++++++++++ baseline/reloader.yml | 21 +++++++ init.yml | 52 ++++++++++++++++ vars/helm/000-monitoring.yml | 46 -------------- vars/helm/005-loki.yml | 30 --------- vars/helm/010-cert-manager.yml | 6 -- vars/helm/020-ingress-nginx.yml | 16 ----- vars/helm/030-argocd.yml | 13 ---- vars/helm/040-keel.yml | 7 --- vars/helm/050-reloader.yml | 4 -- 17 files changed, 271 insertions(+), 161 deletions(-) delete mode 100644 baseline.yml create mode 100644 baseline/cert-manager.yml rename files/grafana-provisioning.yml => baseline/grafana-ressources/nginx-dashboard.yml (100%) create mode 100644 baseline/ingress-nginx.yml create mode 100644 baseline/keel.yml create mode 100644 baseline/loki.yml create mode 100644 baseline/monitoring.yml create mode 100644 baseline/reloader.yml create mode 100644 init.yml delete mode 100644 vars/helm/000-monitoring.yml delete mode 100644 vars/helm/005-loki.yml delete mode 100644 vars/helm/010-cert-manager.yml delete mode 100644 vars/helm/020-ingress-nginx.yml delete mode 100644 vars/helm/030-argocd.yml delete mode 100644 vars/helm/040-keel.yml delete mode 100644 vars/helm/050-reloader.yml diff --git a/README.md b/README.md index 1461245..5376bbb 100644 --- a/README.md +++ b/README.md @@ -1,12 +1,14 @@ # Kubernetes Baseline -* [NGINX Ingress Controller](https://kubernetes.github.io/ingress-nginx/) -* [cert-manager](https://cert-manager.io/) -* [prometheus and grafana](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack) -* [loki](https://grafana.com/docs/loki/latest/) +Run `kubectl apply -f init.yml` to install: + * [ArgoCD](https://argoproj.github.io/cd/) -* [keel](https://keel.sh) -* [reloader](https://github.com/stakater/Reloader) + * [NGINX Ingress Controller](https://kubernetes.github.io/ingress-nginx/) + * [cert-manager](https://cert-manager.io/) + * [prometheus and grafana](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack) + * [loki](https://grafana.com/docs/loki/latest/) + * [keel](https://keel.sh) + * [reloader](https://github.com/stakater/Reloader) ## Notes diff --git a/baseline.yml b/baseline.yml deleted file mode 100644 index ef65c6a..0000000 --- a/baseline.yml +++ /dev/null @@ -1,33 +0,0 @@ -# vim: filetype=yaml.ansible ---- -- hosts: localhost - gather_facts: no - connection: local - tasks: - - name: load charts list and definition - include_vars: - dir: vars/helm/ - ignore_unknown_extensions: yes - name: helm_charts - - name: add chart repos - kubernetes.core.helm_repository: - name: "{{ item.value.chart.split('/')[0] }}" - repo_url: "{{ item.value.url }}" - loop: "{{ helm_charts | dict2items }}" - - name: update helm repos - command: helm repo update - changed_when: no - - name: install charts - kubernetes.core.helm: - name: "{{ item.key }}" - chart_ref: "{{ item.value.chart }}" - chart_version: "{{ item.value.version|default(omit) }}" - values: "{{ item.value.vals|default(omit) }}" - release_namespace: "{{ item.value.namespace | default(item.key) }}" - create_namespace: true - loop: "{{ helm_charts | dict2items }}" - - name: apply post-install manifests - k8s: - src: "{{ item }}" - with_fileglob: - - files/*.yml diff --git a/baseline/cert-manager.yml b/baseline/cert-manager.yml new file mode 100644 index 0000000..da8d225 --- /dev/null +++ b/baseline/cert-manager.yml @@ -0,0 +1,24 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: cert-manager + namespace: argocd +spec: + project: baseline + destination: + server: https://kubernetes.default.svc + namespace: cert-manager + syncPolicy: + automated: + selfHeal: true + prune: true + syncOptions: + - CreateNamespace=true + source: + repoURL: https://charts.jetstack.io + chart: cert-manager + targetRevision: v1.7.2 + helm: + values: | + installCRDs: true diff --git a/files/grafana-provisioning.yml b/baseline/grafana-ressources/nginx-dashboard.yml similarity index 100% rename from files/grafana-provisioning.yml rename to baseline/grafana-ressources/nginx-dashboard.yml diff --git a/baseline/ingress-nginx.yml b/baseline/ingress-nginx.yml new file mode 100644 index 0000000..233c03e --- /dev/null +++ b/baseline/ingress-nginx.yml @@ -0,0 +1,34 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: ingress-nginx + namespace: argocd +spec: + project: baseline + destination: + server: https://kubernetes.default.svc + namespace: ingress-nginx + syncPolicy: + automated: + selfHeal: true + prune: true + syncOptions: + - CreateNamespace=true + source: + repoURL: https://kubernetes.github.io/ingress-nginx + chart: ingress-nginx + targetRevision: 4.0.18 + helm: + values: | + controller: + image: + pullPolicy: Always + service: + externalTrafficPolicy: Local + metrics: + enabled: true + serviceMonitor: + enabled: true + additionalLabels: + release: monitoring # same as prometheus-community chart name diff --git a/baseline/keel.yml b/baseline/keel.yml new file mode 100644 index 0000000..6a0f1ca --- /dev/null +++ b/baseline/keel.yml @@ -0,0 +1,25 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: keel + namespace: argocd +spec: + project: baseline + destination: + server: https://kubernetes.default.svc + namespace: keel + syncPolicy: + automated: + selfHeal: true + prune: true + syncOptions: + - CreateNamespace=true + source: + repoURL: https://charts.keel.sh + chart: keel + targetRevision: 0.9.10 + helm: + values: | + helmProvider: + enabled: false diff --git a/baseline/loki.yml b/baseline/loki.yml new file mode 100644 index 0000000..d0b27f4 --- /dev/null +++ b/baseline/loki.yml @@ -0,0 +1,46 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: loki + namespace: argocd +spec: + project: baseline + destination: + server: https://kubernetes.default.svc + namespace: metrics + syncPolicy: + automated: + selfHeal: true + prune: true + syncOptions: + - CreateNamespace=true + source: + repoURL: https://grafana.github.io/helm-charts + chart: loki-stack + targetRevision: 2.6.1 + helm: + values: | + promtail: + extraScrapeConfigs: + - job_name: journal + journal: + path: /var/log/journal + max_age: 12h + labels: + job: systemd-journal + relabel_configs: + - source_labels: + - '__journal__systemd_unit' + target_label: 'unit' + - source_labels: + - '__journal__hostname' + target_label: 'hostname' + extraVolumes: + - name: journal + hostPath: + path: /var/log/journal + extraVolumeMounts: + - name: journal + mountPath: /var/log/journal + readOnly: true diff --git a/baseline/monitoring.yml b/baseline/monitoring.yml new file mode 100644 index 0000000..2ca31fc --- /dev/null +++ b/baseline/monitoring.yml @@ -0,0 +1,61 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: prometheus-grafana + namespace: argocd +spec: + project: baseline + destination: + server: https://kubernetes.default.svc + namespace: metrics + syncPolicy: + automated: + selfHeal: true + prune: true + syncOptions: + - CreateNamespace=true + source: + repoURL: https://prometheus-community.github.io/helm-charts + chart: kube-prometheus-stack + targetRevision: 34.6.0 + helm: + values: | + kubeProxy: + enabled: false + kubeScheduler: + enabled: false + kubeControllerManager: + enabled: false + alertmanager: + config: + global: + resolve_timeout: 5m + route: + group_by: ['alertname', 'cluster'] + group_wait: 30s + group_interval: 5m + repeat_interval: 12h + receiver: 'pushover' + routes: + - receiver: 'null' + matchers: + - alertname="Watchdog" + - receiver: 'null' + matchers: + - alertname="InfoInhibitor" + receivers: + - name: 'null' + - name: 'pushover' + pushover_configs: + - user_key: x9PipXt1zGOU31OJH9Osv18BFrlRhw + token: aqvce1uukerhxhayxdq85wgtdh2c5r + prometheus: + prometheusSpec: + storageSpec: + volumeClaimTemplate: + spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 10Gi diff --git a/baseline/reloader.yml b/baseline/reloader.yml new file mode 100644 index 0000000..d91654e --- /dev/null +++ b/baseline/reloader.yml @@ -0,0 +1,21 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: reloader + namespace: argocd +spec: + project: baseline + destination: + server: https://kubernetes.default.svc + namespace: reloader + syncPolicy: + automated: + selfHeal: true + prune: true + syncOptions: + - CreateNamespace=true + source: + repoURL: https://stakater.github.io/stakater-charts + chart: reloader + targetRevision: v0.0.110 diff --git a/init.yml b/init.yml new file mode 100644 index 0000000..3b26210 --- /dev/null +++ b/init.yml @@ -0,0 +1,52 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: argocd +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: argocd + namespace: kube-system +spec: + repo: https://argoproj.github.io/argo-helm + chart: argo-cd + targetNamespace: argocd + valuesContent: |- + applicationSet: + enabled: false + notifications: + enabled: false + dex: + enabled: false + server: + replicas: 0 + additionalProjects: + - name: baseline + namespace: argocd + sourceRepos: + - '*' + destinations: + - namespace: '*' + server: '*' + clusterResourceWhitelist: + - group: '*' + kind: '*' + additionalApplications: + - name: baseline + namespace: argocd + project: baseline + source: + repoURL: 'https://git.smsvc.net/k8s/pb_baseline.git' + targetRevision: HEAD + path: baseline/ + directory: + recurse: true + destination: + server: 'https://kubernetes.default.svc' + namespace: argocd + syncPolicy: + automated: + prune: true + selfHeal: true diff --git a/vars/helm/000-monitoring.yml b/vars/helm/000-monitoring.yml deleted file mode 100644 index cad35e8..0000000 --- a/vars/helm/000-monitoring.yml +++ /dev/null @@ -1,46 +0,0 @@ ---- -monitoring: - chart: prometheus-community/kube-prometheus-stack - url: https://prometheus-community.github.io/helm-charts - namespace: metrics - vals: - kubeProxy: - enabled: false - kubeScheduler: - enabled: false - kubeControllerManager: - enabled: false - alertmanager: - config: - global: - resolve_timeout: 5m - route: - group_by: ['alertname', 'cluster'] - group_wait: 30s - group_interval: 5m - repeat_interval: 12h - receiver: 'pushover' - routes: - - receiver: 'null' - matchers: - - alertname="Watchdog" - - receiver: 'null' - matchers: - - alertname="InfoInhibitor" - receivers: - - name: 'null' - - name: 'pushover' - pushover_configs: - - user_key: x9PipXt1zGOU31OJH9Osv18BFrlRhw - token: aqvce1uukerhxhayxdq85wgtdh2c5r - templates: - - '/etc/alertmanager/config/*.tmpl' - prometheus: - prometheusSpec: - storageSpec: - volumeClaimTemplate: - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: 10Gi diff --git a/vars/helm/005-loki.yml b/vars/helm/005-loki.yml deleted file mode 100644 index 2e7d6ab..0000000 --- a/vars/helm/005-loki.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -loki: - chart: grafana/loki-stack - url: https://grafana.github.io/helm-charts - namespace: metrics - vals: - promtail: - extraScrapeConfigs: - - job_name: journal - journal: - path: /var/log/journal - max_age: 12h - labels: - job: systemd-journal - relabel_configs: - - source_labels: - - '__journal__systemd_unit' - target_label: 'unit' - - source_labels: - - '__journal__hostname' - target_label: 'hostname' - extraVolumes: - - name: journal - hostPath: - path: /var/log/journal - - extraVolumeMounts: - - name: journal - mountPath: /var/log/journal - readOnly: true diff --git a/vars/helm/010-cert-manager.yml b/vars/helm/010-cert-manager.yml deleted file mode 100644 index a0dc657..0000000 --- a/vars/helm/010-cert-manager.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -cert-manager: - chart: jetstack/cert-manager - url: https://charts.jetstack.io - vals: - installCRDs: true diff --git a/vars/helm/020-ingress-nginx.yml b/vars/helm/020-ingress-nginx.yml deleted file mode 100644 index 947014d..0000000 --- a/vars/helm/020-ingress-nginx.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -ingress-nginx: - chart: ingress-nginx/ingress-nginx - url: https://kubernetes.github.io/ingress-nginx - vals: - controller: - image: - pullPolicy: Always - service: - externalTrafficPolicy: Local - metrics: - enabled: true - serviceMonitor: - enabled: true - additionalLabels: - release: monitoring # same as prometheus-community chart name diff --git a/vars/helm/030-argocd.yml b/vars/helm/030-argocd.yml deleted file mode 100644 index 407ee42..0000000 --- a/vars/helm/030-argocd.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -argocd: - chart: argocd/argo-cd - url: https://argoproj.github.io/argo-helm - vals: - server: - replicas: 0 - applicationSet: - enabled: false - notifications: - enabled: false - dex: - enabled: false diff --git a/vars/helm/040-keel.yml b/vars/helm/040-keel.yml deleted file mode 100644 index fc2e303..0000000 --- a/vars/helm/040-keel.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -keel: - chart: keel/keel - url: https://charts.keel.sh - vals: - helmProvider: - enabled: false diff --git a/vars/helm/050-reloader.yml b/vars/helm/050-reloader.yml deleted file mode 100644 index f7b87da..0000000 --- a/vars/helm/050-reloader.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -reloader: - chart: stakater/reloader - url: https://stakater.github.io/stakater-charts