FEAT!: move to GitOps

* deploy ArgoCD via server-side Helm
* deploy baseline via ArgoCD Application
  * define all baseline tools as Helm Application
* omit ansible playbook
* update README
This commit is contained in:
Sebastian Mark 2022-03-31 17:42:55 +02:00
parent 669a27fff5
commit 194be3e7ca
17 changed files with 271 additions and 161 deletions

View file

@ -1,10 +1,12 @@
# Kubernetes Baseline # Kubernetes Baseline
Run `kubectl apply -f init.yml` to install:
* [ArgoCD](https://argoproj.github.io/cd/)
* [NGINX Ingress Controller](https://kubernetes.github.io/ingress-nginx/) * [NGINX Ingress Controller](https://kubernetes.github.io/ingress-nginx/)
* [cert-manager](https://cert-manager.io/) * [cert-manager](https://cert-manager.io/)
* [prometheus and grafana](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack) * [prometheus and grafana](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack)
* [loki](https://grafana.com/docs/loki/latest/) * [loki](https://grafana.com/docs/loki/latest/)
* [ArgoCD](https://argoproj.github.io/cd/)
* [keel](https://keel.sh) * [keel](https://keel.sh)
* [reloader](https://github.com/stakater/Reloader) * [reloader](https://github.com/stakater/Reloader)

View file

@ -1,33 +0,0 @@
# vim: filetype=yaml.ansible
---
- hosts: localhost
gather_facts: no
connection: local
tasks:
- name: load charts list and definition
include_vars:
dir: vars/helm/
ignore_unknown_extensions: yes
name: helm_charts
- name: add chart repos
kubernetes.core.helm_repository:
name: "{{ item.value.chart.split('/')[0] }}"
repo_url: "{{ item.value.url }}"
loop: "{{ helm_charts | dict2items }}"
- name: update helm repos
command: helm repo update
changed_when: no
- name: install charts
kubernetes.core.helm:
name: "{{ item.key }}"
chart_ref: "{{ item.value.chart }}"
chart_version: "{{ item.value.version|default(omit) }}"
values: "{{ item.value.vals|default(omit) }}"
release_namespace: "{{ item.value.namespace | default(item.key) }}"
create_namespace: true
loop: "{{ helm_charts | dict2items }}"
- name: apply post-install manifests
k8s:
src: "{{ item }}"
with_fileglob:
- files/*.yml

24
baseline/cert-manager.yml Normal file
View file

@ -0,0 +1,24 @@
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: cert-manager
namespace: argocd
spec:
project: baseline
destination:
server: https://kubernetes.default.svc
namespace: cert-manager
syncPolicy:
automated:
selfHeal: true
prune: true
syncOptions:
- CreateNamespace=true
source:
repoURL: https://charts.jetstack.io
chart: cert-manager
targetRevision: v1.7.2
helm:
values: |
installCRDs: true

View file

@ -0,0 +1,34 @@
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: ingress-nginx
namespace: argocd
spec:
project: baseline
destination:
server: https://kubernetes.default.svc
namespace: ingress-nginx
syncPolicy:
automated:
selfHeal: true
prune: true
syncOptions:
- CreateNamespace=true
source:
repoURL: https://kubernetes.github.io/ingress-nginx
chart: ingress-nginx
targetRevision: 4.0.18
helm:
values: |
controller:
image:
pullPolicy: Always
service:
externalTrafficPolicy: Local
metrics:
enabled: true
serviceMonitor:
enabled: true
additionalLabels:
release: monitoring # same as prometheus-community chart name

25
baseline/keel.yml Normal file
View file

@ -0,0 +1,25 @@
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: keel
namespace: argocd
spec:
project: baseline
destination:
server: https://kubernetes.default.svc
namespace: keel
syncPolicy:
automated:
selfHeal: true
prune: true
syncOptions:
- CreateNamespace=true
source:
repoURL: https://charts.keel.sh
chart: keel
targetRevision: 0.9.10
helm:
values: |
helmProvider:
enabled: false

46
baseline/loki.yml Normal file
View file

@ -0,0 +1,46 @@
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: loki
namespace: argocd
spec:
project: baseline
destination:
server: https://kubernetes.default.svc
namespace: metrics
syncPolicy:
automated:
selfHeal: true
prune: true
syncOptions:
- CreateNamespace=true
source:
repoURL: https://grafana.github.io/helm-charts
chart: loki-stack
targetRevision: 2.6.1
helm:
values: |
promtail:
extraScrapeConfigs:
- job_name: journal
journal:
path: /var/log/journal
max_age: 12h
labels:
job: systemd-journal
relabel_configs:
- source_labels:
- '__journal__systemd_unit'
target_label: 'unit'
- source_labels:
- '__journal__hostname'
target_label: 'hostname'
extraVolumes:
- name: journal
hostPath:
path: /var/log/journal
extraVolumeMounts:
- name: journal
mountPath: /var/log/journal
readOnly: true

61
baseline/monitoring.yml Normal file
View file

@ -0,0 +1,61 @@
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: prometheus-grafana
namespace: argocd
spec:
project: baseline
destination:
server: https://kubernetes.default.svc
namespace: metrics
syncPolicy:
automated:
selfHeal: true
prune: true
syncOptions:
- CreateNamespace=true
source:
repoURL: https://prometheus-community.github.io/helm-charts
chart: kube-prometheus-stack
targetRevision: 34.6.0
helm:
values: |
kubeProxy:
enabled: false
kubeScheduler:
enabled: false
kubeControllerManager:
enabled: false
alertmanager:
config:
global:
resolve_timeout: 5m
route:
group_by: ['alertname', 'cluster']
group_wait: 30s
group_interval: 5m
repeat_interval: 12h
receiver: 'pushover'
routes:
- receiver: 'null'
matchers:
- alertname="Watchdog"
- receiver: 'null'
matchers:
- alertname="InfoInhibitor"
receivers:
- name: 'null'
- name: 'pushover'
pushover_configs:
- user_key: x9PipXt1zGOU31OJH9Osv18BFrlRhw
token: aqvce1uukerhxhayxdq85wgtdh2c5r
prometheus:
prometheusSpec:
storageSpec:
volumeClaimTemplate:
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 10Gi

21
baseline/reloader.yml Normal file
View file

@ -0,0 +1,21 @@
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: reloader
namespace: argocd
spec:
project: baseline
destination:
server: https://kubernetes.default.svc
namespace: reloader
syncPolicy:
automated:
selfHeal: true
prune: true
syncOptions:
- CreateNamespace=true
source:
repoURL: https://stakater.github.io/stakater-charts
chart: reloader
targetRevision: v0.0.110

52
init.yml Normal file
View file

@ -0,0 +1,52 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: argocd
---
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: argocd
namespace: kube-system
spec:
repo: https://argoproj.github.io/argo-helm
chart: argo-cd
targetNamespace: argocd
valuesContent: |-
applicationSet:
enabled: false
notifications:
enabled: false
dex:
enabled: false
server:
replicas: 0
additionalProjects:
- name: baseline
namespace: argocd
sourceRepos:
- '*'
destinations:
- namespace: '*'
server: '*'
clusterResourceWhitelist:
- group: '*'
kind: '*'
additionalApplications:
- name: baseline
namespace: argocd
project: baseline
source:
repoURL: 'https://git.smsvc.net/k8s/pb_baseline.git'
targetRevision: HEAD
path: baseline/
directory:
recurse: true
destination:
server: 'https://kubernetes.default.svc'
namespace: argocd
syncPolicy:
automated:
prune: true
selfHeal: true

View file

@ -1,46 +0,0 @@
---
monitoring:
chart: prometheus-community/kube-prometheus-stack
url: https://prometheus-community.github.io/helm-charts
namespace: metrics
vals:
kubeProxy:
enabled: false
kubeScheduler:
enabled: false
kubeControllerManager:
enabled: false
alertmanager:
config:
global:
resolve_timeout: 5m
route:
group_by: ['alertname', 'cluster']
group_wait: 30s
group_interval: 5m
repeat_interval: 12h
receiver: 'pushover'
routes:
- receiver: 'null'
matchers:
- alertname="Watchdog"
- receiver: 'null'
matchers:
- alertname="InfoInhibitor"
receivers:
- name: 'null'
- name: 'pushover'
pushover_configs:
- user_key: x9PipXt1zGOU31OJH9Osv18BFrlRhw
token: aqvce1uukerhxhayxdq85wgtdh2c5r
templates:
- '/etc/alertmanager/config/*.tmpl'
prometheus:
prometheusSpec:
storageSpec:
volumeClaimTemplate:
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 10Gi

View file

@ -1,30 +0,0 @@
---
loki:
chart: grafana/loki-stack
url: https://grafana.github.io/helm-charts
namespace: metrics
vals:
promtail:
extraScrapeConfigs:
- job_name: journal
journal:
path: /var/log/journal
max_age: 12h
labels:
job: systemd-journal
relabel_configs:
- source_labels:
- '__journal__systemd_unit'
target_label: 'unit'
- source_labels:
- '__journal__hostname'
target_label: 'hostname'
extraVolumes:
- name: journal
hostPath:
path: /var/log/journal
extraVolumeMounts:
- name: journal
mountPath: /var/log/journal
readOnly: true

View file

@ -1,6 +0,0 @@
---
cert-manager:
chart: jetstack/cert-manager
url: https://charts.jetstack.io
vals:
installCRDs: true

View file

@ -1,16 +0,0 @@
---
ingress-nginx:
chart: ingress-nginx/ingress-nginx
url: https://kubernetes.github.io/ingress-nginx
vals:
controller:
image:
pullPolicy: Always
service:
externalTrafficPolicy: Local
metrics:
enabled: true
serviceMonitor:
enabled: true
additionalLabels:
release: monitoring # same as prometheus-community chart name

View file

@ -1,13 +0,0 @@
---
argocd:
chart: argocd/argo-cd
url: https://argoproj.github.io/argo-helm
vals:
server:
replicas: 0
applicationSet:
enabled: false
notifications:
enabled: false
dex:
enabled: false

View file

@ -1,7 +0,0 @@
---
keel:
chart: keel/keel
url: https://charts.keel.sh
vals:
helmProvider:
enabled: false

View file

@ -1,4 +0,0 @@
---
reloader:
chart: stakater/reloader
url: https://stakater.github.io/stakater-charts