diff --git a/.renovaterc.json b/.renovaterc.json index 800e921..9c73c8b 100644 --- a/.renovaterc.json +++ b/.renovaterc.json @@ -4,26 +4,14 @@ "local>infrastructure/renovate-config" ], "customManagers": [ - { - "customType": "regex", - "description": "k3s", - "fileMatch": [ - "pb_install\\.yml" - ], - "matchStrings": [ - "\\s+INSTALL_K3S_CHANNEL:\\s(?.*)" - ], - "depNameTemplate": "k3s-io/k3s", - "datasourceTemplate": "github-releases" - }, { "customType": "regex", "description": "ArgoCD", "fileMatch": [ - "argocd-init\\.yml$" + "k0s-config\\.yaml$" ], "matchStrings": [ - "\\s+chart:\\s(?.*)\\n\\s+repo:\\s(?.*)\\n\\s+version:\\s(?.*)\\n" + "\\s+version:\\s(?.*)\\s+#\\s+depName=(?.*)\\s+repoUrl=(?.*)" ], "datasourceTemplate": "helm" }, @@ -41,18 +29,5 @@ "matchStringsStrategy": "combination", "datasourceTemplate": "helm" } - ], - "packageRules": [ - { - "description": "Merged updates not applied by gitops", - "matchPackageNames": [ - "k3s-io/k3s", - "argo-cd", - "argocd-apps" - ], - "prBodyNotes": [ - ":warning: **Manual Intervention**: This update needs manual deployment. Please review and take appropriate action." - ] - } ] } diff --git a/README.md b/README.md index c2b24b0..671030d 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,6 @@ -# Kubernetes Baseline +# k0s Kubernetes + Baseline +* [k0s](https://docs.k0sproject.io/stable/) * [ArgoCD](https://argoproj.github.io/cd/) * [NGINX Ingress Controller](https://kubernetes.github.io/ingress-nginx/) * [cert-manager](https://cert-manager.io/) @@ -9,18 +10,21 @@ * [keel](https://keel.sh) * [reloader](https://github.com/stakater/Reloader) -## Installation (k3s + baseline) +## Run (k0s + baseline) -`ansible-playbook -i , pb_install.yml` +`docker compose up` -## Installation (baseline only) +### Get kubeconfig -make sure kubectl is configure to reach the destination cluster, then: - -`kubectl apply -f argocd-init.yml` +`docker compose exec -it k0s k0s kubeconfig admin` ## Notes +### openebs + +When running in docker `/run/udev/` does not exist, but is required by `openebs`. +Simple fix is `docker compose exec -it k0s mkdir /run/udev/` + ### ArgoCD To retrieve the initial admin password use diff --git a/argocd-init.yml b/argocd-init.yml deleted file mode 100644 index e42a89b..0000000 --- a/argocd-init.yml +++ /dev/null @@ -1,76 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: argocd ---- -apiVersion: helm.cattle.io/v1 -kind: HelmChart -metadata: - name: argocd - namespace: kube-system -spec: - # do not change order! (needed for renovate) - chart: argo-cd - repo: https://argoproj.github.io/argo-helm - version: 7.5.0 - targetNamespace: argocd - valuesContent: |- - server: - replicas: 1 - applicationSet: - enabled: false - notifications: - enabled: false - dex: - enabled: false ---- -apiVersion: helm.cattle.io/v1 -kind: HelmChart -metadata: - name: argocd-apps - namespace: kube-system -spec: - # do not change order! (needed for renovate) - chart: argocd-apps - repo: https://argoproj.github.io/argo-helm - version: 2.0.0 - targetNamespace: argocd - valuesContent: |- - projects: - baseline: - namespace: argocd - finalizers: - - resources-finalizer.argocd.argoproj.io - sourceRepos: - - '*' - destinations: - - namespace: '*' - server: '*' - clusterResourceWhitelist: - - group: '*' - kind: '*' - applications: - baseline: - project: baseline - finalizers: - - resources-finalizer.argocd.argoproj.io - source: - repoURL: 'https://git.smsvc.net/k8s/baseline.git' - targetRevision: HEAD - path: manifests/ - directory: - recurse: true - destination: - server: 'https://kubernetes.default.svc' - namespace: argocd - syncPolicy: - automated: - prune: true - selfHeal: true - retry: - limit: 5 - backoff: - duration: 5s - factor: 2 - maxDuration: 5m diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..5f11fad --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,19 @@ +services: + k0s: + image: docker.io/k0sproject/k0s:v1.30.4-k0s.0 + command: k0s controller --config=/etc/k0s/config.yaml --enable-worker --no-taints + stop_grace_period: 15s + hostname: k8s.smsvc.net + privileged: true + cgroup: host + network_mode: host + volumes: + - k0s-data:/var/lib/k0s/ + - k0s-storage:/var/openebs/ + - k0s-run:/run/ + - ./k0s-config.yaml:/etc/k0s/config.yaml + +volumes: + k0s-data: + k0s-storage: + k0s-run: diff --git a/k0s-config.yaml b/k0s-config.yaml new file mode 100644 index 0000000..6e15ae1 --- /dev/null +++ b/k0s-config.yaml @@ -0,0 +1,97 @@ +--- +apiVersion: k0s.k0sproject.io/v1beta1 +kind: ClusterConfig +metadata: + name: k0s +spec: + + api: + sans: + - k8s.smsvc.net + + telemetry: + enabled: false + + extensions: + helm: + repositories: + - name: argocd + url: https://argoproj.github.io/argo-helm + - name: metallb + url: https://metallb.github.io/metallb + - name: openebs-internal + url: https://openebs.github.io/charts + + charts: + - name: openebs + chartname: openebs-internal/openebs + version: 3.10.0 # depName=openebs repoUrl=https://openebs.github.io/charts + namespace: openebs + order: 0 + values: | + localprovisioner: + hostpathClass: + enabled: true + isDefaultClass: true + + - name: metallb + chartname: metallb/metallb + version: 0.14.8 # depName=metallb repoUrl=https://metallb.github.io/metallb + namespace: metallb + order: 0 + + - name: argocd + chartname: argocd/argo-cd + version: 7.5.0 # depName=argo-cd repoUrl=https://argoproj.github.io/argo-helm + namespace: argocd + order: 1 + values: | + applicationSet: + enabled: false + notifications: + enabled: false + dex: + enabled: false + - name: argocd-apps + chartname: argocd/argocd-apps + version: 2.0.0 # depName=argocd-apps repoUrl=https://argoproj.github.io/argo-helm + namespace: argocd + order: 2 + values: | + projects: + baseline: + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io + sourceRepos: + - '*' + destinations: + - namespace: '*' + server: '*' + clusterResourceWhitelist: + - group: '*' + kind: '*' + applications: + baseline: + project: baseline + finalizers: + - resources-finalizer.argocd.argoproj.io + source: + repoURL: 'https://git.smsvc.net/k8s/baseline.git' + targetRevision: HEAD + path: manifests/ + directory: + recurse: true + destination: + server: 'https://kubernetes.default.svc' + namespace: argocd + syncPolicy: + automated: + prune: true + selfHeal: true + retry: + limit: 5 + backoff: + duration: 5s + factor: 2 + maxDuration: 5m diff --git a/manifests/metallb-address-pool.yml b/manifests/metallb-address-pool.yml new file mode 100644 index 0000000..f23110a --- /dev/null +++ b/manifests/metallb-address-pool.yml @@ -0,0 +1,10 @@ +--- +apiVersion: metallb.io/v1beta1 +kind: IPAddressPool +metadata: + name: metallb-address-pool + namespace: metallb + annotations: +spec: + addresses: + - 194.55.14.183/32 diff --git a/pb_install.yml b/pb_install.yml deleted file mode 100644 index 91d07d3..0000000 --- a/pb_install.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -- name: Install k3s server - hosts: all - gather_facts: false - tags: k3s-server - tasks: - - name: Download k3s install script - ansible.builtin.get_url: - url: https://get.k3s.io - dest: /usr/local/bin/k3s_install.sh - mode: "755" - - name: Install k3s server - ansible.builtin.command: "k3s_install.sh" - environment: - INSTALL_K3S_CHANNEL: v1.30.4+k3s1 - INSTALL_K3S_EXEC: "--disable=traefik --tls-san {{ inventory_hostname }}" - changed_when: false - - name: Start and enable k3s server - ansible.builtin.service: - name: k3s - state: started - enabled: true - - name: Add restart cronjob - ansible.builtin.cron: - name: "restart k3s (and regenerate certs if necessary)" - special_time: monthly - job: "systemctl restart k3s" - - name: Get kubeconfig - ansible.builtin.fetch: - src: /etc/rancher/k3s/k3s.yaml - dest: kubeconfig_{{ ansible_host }}.yml - flat: true - -- name: Deploy baseline - hosts: all - gather_facts: false - tags: baseline - tasks: - - name: Copy manifest - ansible.builtin.copy: - src: argocd-init.yml - dest: /var/lib/rancher/k3s/server/manifests/argocd-init.yml - mode: "644"