k8s/baseline
k8s/baseline
3
0
Fork 0
Code Issues 1 Pull requests Releases Activity

break: switch from k3s to k0s (in docker)

Browse source 
- replace k3s with k0s
  - remove argocd-init.yml
  - remove pb_install.yml
  - add docker-compose.yml for k0s setup
  - add k0s-config.yaml for k0s configuration
  - add metallb loadbalancer
    - add metallb ip pool
  - add openebs local storage
- update README

🤖
This commit is contained in:
Sebastian Mark 2024-08-31 00:22:48 +02:00
parent e6a1e45cbd
commit 818b504fd5
7 changed files with 139 additions and 153 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
.renovaterc.json
View file

@ -4,26 +4,14 @@
"local>infrastructure/renovate-config"
],
"customManagers": [
{
"customType": "regex",
"description": "k3s",
"fileMatch": [
"pb_install\\.yml"
],
"matchStrings": [
"\\s+INSTALL_K3S_CHANNEL:\\s(?<currentValue>.*)"
],
"depNameTemplate": "k3s-io/k3s",
"datasourceTemplate": "github-releases"
},
{
"customType": "regex",
"description": "ArgoCD",
"fileMatch": [
"argocd-init\\.yml$"
"k0s-config\\.yaml$"
],
"matchStrings": [
"\\s+chart:\\s(?<depName>.*)\\n\\s+repo:\\s(?<registryUrl>.*)\\n\\s+version:\\s(?<currentValue>.*)\\n"
"\\s+version:\\s(?<currentValue>.*)\\s+#\\s+depName=(?<depName>.*)\\s+repoUrl=(?<registryUrl>.*)"
],
"datasourceTemplate": "helm"
},
@ -41,18 +29,5 @@
"matchStringsStrategy": "combination",
"datasourceTemplate": "helm"
}
],
"packageRules": [
{
"description": "Merged updates not applied by gitops",
"matchPackageNames": [
"k3s-io/k3s",
"argo-cd",
"argocd-apps"
],
"prBodyNotes": [
":warning: **Manual Intervention**: This update needs manual deployment. Please review and take appropriate action."
]
}
]
}

18
README.md
View file

@ -1,5 +1,6 @@
# Kubernetes Baseline
# k0s Kubernetes + Baseline
* [k0s](https://docs.k0sproject.io/stable/)
* [ArgoCD](https://argoproj.github.io/cd/)
* [NGINX Ingress Controller](https://kubernetes.github.io/ingress-nginx/)
* [cert-manager](https://cert-manager.io/)
@ -9,18 +10,21 @@
* [keel](https://keel.sh)
* [reloader](https://github.com/stakater/Reloader)
## Installation (k3s + baseline)
## Run (k0s + baseline)
`ansible-playbook -i <host|ip>, pb_install.yml`
`docker compose up`
## Installation (baseline only)
### Get kubeconfig
make sure kubectl is configure to reach the destination cluster, then:
`kubectl apply -f argocd-init.yml`
`docker compose exec -it k0s k0s kubeconfig admin`
## Notes
### openebs
When running in docker `/run/udev/` does not exist, but is required by `openebs`.
Simple fix is `docker compose exec -it k0s mkdir /run/udev/`
### ArgoCD
To retrieve the initial admin password use

76
argocd-init.yml
View file

@ -1,76 +0,0 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: argocd
---
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: argocd
namespace: kube-system
spec:
# do not change order! (needed for renovate)
chart: argo-cd
repo: https://argoproj.github.io/argo-helm
version: 7.5.0
targetNamespace: argocd
valuesContent: |-
server:
replicas: 1
applicationSet:
enabled: false
notifications:
enabled: false
dex:
enabled: false
---
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: argocd-apps
namespace: kube-system
spec:
# do not change order! (needed for renovate)
chart: argocd-apps
repo: https://argoproj.github.io/argo-helm
version: 2.0.0
targetNamespace: argocd
valuesContent: |-
projects:
baseline:
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
sourceRepos:
- '*'
destinations:
- namespace: '*'
server: '*'
clusterResourceWhitelist:
- group: '*'
kind: '*'
applications:
baseline:
project: baseline
finalizers:
- resources-finalizer.argocd.argoproj.io
source:
repoURL: 'https://git.smsvc.net/k8s/baseline.git'
targetRevision: HEAD
path: manifests/
directory:
recurse: true
destination:
server: 'https://kubernetes.default.svc'
namespace: argocd
syncPolicy:
automated:
prune: true
selfHeal: true
retry:
limit: 5
backoff:
duration: 5s
factor: 2
maxDuration: 5m

19
docker-compose.yml Normal file
View file

@ -0,0 +1,19 @@
services:
k0s:
image: docker.io/k0sproject/k0s:v1.30.4-k0s.0
command: k0s controller --config=/etc/k0s/config.yaml --enable-worker --no-taints
stop_grace_period: 15s
hostname: k8s.smsvc.net
privileged: true
cgroup: host
network_mode: host
volumes:
- k0s-data:/var/lib/k0s/
- k0s-storage:/var/openebs/
- k0s-run:/run/
- ./k0s-config.yaml:/etc/k0s/config.yaml
volumes:
k0s-data:
k0s-storage:
k0s-run:

97
k0s-config.yaml Normal file
View file

@ -0,0 +1,97 @@
---
apiVersion: k0s.k0sproject.io/v1beta1
kind: ClusterConfig
metadata:
name: k0s
spec:
api:
sans:
- k8s.smsvc.net
telemetry:
enabled: false
extensions:
helm:
repositories:
- name: argocd
url: https://argoproj.github.io/argo-helm
- name: metallb
url: https://metallb.github.io/metallb
- name: openebs-internal
url: https://openebs.github.io/charts
charts:
- name: openebs
chartname: openebs-internal/openebs
version: 3.10.0 # depName=openebs repoUrl=https://openebs.github.io/charts
namespace: openebs
order: 0
values: |
localprovisioner:
hostpathClass:
enabled: true
isDefaultClass: true
- name: metallb
chartname: metallb/metallb
version: 0.14.8 # depName=metallb repoUrl=https://metallb.github.io/metallb
namespace: metallb
order: 0
- name: argocd
chartname: argocd/argo-cd
version: 7.5.0 # depName=argo-cd repoUrl=https://argoproj.github.io/argo-helm
namespace: argocd
order: 1
values: |
applicationSet:
enabled: false
notifications:
enabled: false
dex:
enabled: false
- name: argocd-apps
chartname: argocd/argocd-apps
version: 2.0.0 # depName=argocd-apps repoUrl=https://argoproj.github.io/argo-helm
namespace: argocd
order: 2
values: |
projects:
baseline:
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
sourceRepos:
- '*'
destinations:
- namespace: '*'
server: '*'
clusterResourceWhitelist:
- group: '*'
kind: '*'
applications:
baseline:
project: baseline
finalizers:
- resources-finalizer.argocd.argoproj.io
source:
repoURL: 'https://git.smsvc.net/k8s/baseline.git'
targetRevision: HEAD
path: manifests/
directory:
recurse: true
destination:
server: 'https://kubernetes.default.svc'
namespace: argocd
syncPolicy:
automated:
prune: true
selfHeal: true
retry:
limit: 5
backoff:
duration: 5s
factor: 2
maxDuration: 5m

10
manifests/metallb-address-pool.yml Normal file
View file

@ -0,0 +1,10 @@
---
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: metallb-address-pool
namespace: metallb
annotations:
spec:
addresses:
- 194.55.14.183/32

43
pb_install.yml
View file

@ -1,43 +0,0 @@
---
- name: Install k3s server
hosts: all
gather_facts: false
tags: k3s-server
tasks:
- name: Download k3s install script
ansible.builtin.get_url:
url: https://get.k3s.io
dest: /usr/local/bin/k3s_install.sh
mode: "755"
- name: Install k3s server
ansible.builtin.command: "k3s_install.sh"
environment:
INSTALL_K3S_CHANNEL: v1.30.4+k3s1
INSTALL_K3S_EXEC: "--disable=traefik --tls-san {{ inventory_hostname }}"
changed_when: false
- name: Start and enable k3s server
ansible.builtin.service:
name: k3s
state: started
enabled: true
- name: Add restart cronjob
ansible.builtin.cron:
name: "restart k3s (and regenerate certs if necessary)"
special_time: monthly
job: "systemctl restart k3s"
- name: Get kubeconfig
ansible.builtin.fetch:
src: /etc/rancher/k3s/k3s.yaml
dest: kubeconfig_{{ ansible_host }}.yml
flat: true
- name: Deploy baseline
hosts: all
gather_facts: false
tags: baseline
tasks:
- name: Copy manifest
ansible.builtin.copy:
src: argocd-init.yml
dest: /var/lib/rancher/k3s/server/manifests/argocd-init.yml
mode: "644"