diff --git a/.renovaterc.json b/.renovaterc.json index 9c73c8b..32db98d 100644 --- a/.renovaterc.json +++ b/.renovaterc.json @@ -6,18 +6,33 @@ "customManagers": [ { "customType": "regex", - "description": "ArgoCD", + "description": "k3s", "fileMatch": [ - "k0s-config\\.yaml$" + "playbook\\.yml" ], "matchStrings": [ - "\\s+version:\\s(?.*)\\s+#\\s+depName=(?.*)\\s+repoUrl=(?.*)" + "\\s+k3s_version:\\s(?.*)" ], + "depNameTemplate": "k3s-io/k3s", + "datasourceTemplate": "github-releases" + }, + { + "customType": "regex", + "description": "ArgoCD", + "fileMatch": [ + "^argocd-init/.*\\.yml$" + ], + "matchStrings": [ + "\\s+chart:\\s(?.*)", + "\\s+repo:\\s(?.*)", + "\\s+version:\\s(?.*)" + ], + "matchStringsStrategy": "combination", "datasourceTemplate": "helm" }, { "customType": "regex", - "description": "Baseline", + "description": "Baseline Manifests", "fileMatch": [ "\\.jsonnet$" ], diff --git a/README.md b/README.md index bf0f36f..97cd48c 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ -# k0s Kubernetes + Baseline +# k3s Kubernetes + ArgoCD + Baseline -* [k0s](https://docs.k0sproject.io/stable/) +* [k3s](https://docs.k3s.io/) * [ArgoCD](https://argoproj.github.io/cd/) * [NGINX Ingress Controller](https://kubernetes.github.io/ingress-nginx/) * [cert-manager](https://cert-manager.io/) @@ -10,13 +10,36 @@ * [keel](https://keel.sh) * [reloader](https://github.com/stakater/Reloader) -## Run (k0s + baseline) +## Run (Deploy k3s + ArgoCD + Baseline) -`docker compose up` +`ansible-playbook k3s_boostrap.yml -i ,` ### Get kubeconfig -`docker compose exec -it k0s k0s kubeconfig admin` +`cat /etc/rancher/k3s/k3s.yml` + +### Add Agents + +#### Get Agent Token + +> The secure token format (occasionally referred to as a "full" token) contains the following parts: +> +> \\::\ + +Get existing server token: +`cat /var/lib/docker/volumes/baseline_k3s-data/_data/server/token` + +Create new token: +`docker compose exec -it k3s k3s token create` + +#### Register Agent/Worker + +```bash +export K3S_URL=https://:6443 +export K3S_NODE_NAME= +export K3S_TOKEN= +curl -sfL https://get.k3s.io | sh -s - +``` ## Notes @@ -27,6 +50,22 @@ To retrieve the initial admin password use To change the password follow [Argocd account update password](https://argo-cd.readthedocs.io/en/stable/user-guide/commands/argocd_account_update-password/). +#### Sync Applications with Kubectl + +Add to application: +```yaml +operation: + sync: + syncStrategy: + hook: {} +``` + +### Zabbix Monitoring + +See: [infrastructure/zabbix-config - Zabbix Kubernetes Monitoring](https://git.smsvc.net/infrastructure/zabbix-config/src/branch/master/Zabbix-Kubernetes.md) + +## Cloud Setups + ### Linode PROXY protocol needs to be enabled for ingress-nginx to see the clients IP in ingress log. diff --git a/argocd-bootstrap/000-namespace.yml b/argocd-bootstrap/000-namespace.yml new file mode 100644 index 0000000..42add95 --- /dev/null +++ b/argocd-bootstrap/000-namespace.yml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: argocd diff --git a/argocd-bootstrap/001-helm-argocd.yml b/argocd-bootstrap/001-helm-argocd.yml new file mode 100644 index 0000000..3d13f8c --- /dev/null +++ b/argocd-bootstrap/001-helm-argocd.yml @@ -0,0 +1,19 @@ +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: argocd + namespace: kube-system +spec: + # do not change order! (needed for renovate) + chart: argo-cd + repo: https://argoproj.github.io/argo-helm + version: 7.5.2 + targetNamespace: argocd + valuesContent: |- + applicationSet: + enabled: false + notifications: + enabled: false + dex: + enabled: false diff --git a/argocd-bootstrap/002-helm-argocd-apps.yml b/argocd-bootstrap/002-helm-argocd-apps.yml new file mode 100644 index 0000000..236332b --- /dev/null +++ b/argocd-bootstrap/002-helm-argocd-apps.yml @@ -0,0 +1,12 @@ +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: argocd-apps + namespace: kube-system +spec: + # do not change order! (needed for renovate) + chart: argocd-apps + repo: https://argoproj.github.io/argo-helm + version: 2.0.0 + targetNamespace: argocd diff --git a/argocd-bootstrap/003-baseline-project.yml b/argocd-bootstrap/003-baseline-project.yml new file mode 100644 index 0000000..f8f2eb2 --- /dev/null +++ b/argocd-bootstrap/003-baseline-project.yml @@ -0,0 +1,17 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: AppProject +metadata: + name: baseline + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + sourceRepos: + - '*' + destinations: + - namespace: '*' + server: '*' + clusterResourceWhitelist: + - group: '*' + kind: '*' diff --git a/argocd-bootstrap/004-baseline-app.yml b/argocd-bootstrap/004-baseline-app.yml new file mode 100644 index 0000000..6380054 --- /dev/null +++ b/argocd-bootstrap/004-baseline-app.yml @@ -0,0 +1,25 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: baseline + namespace: argocd +spec: + project: baseline + source: + repoURL: 'https://git.smsvc.net/k8s/baseline.git' + targetRevision: HEAD + path: manifests/ + directory: + recurse: true + destination: + server: 'https://kubernetes.default.svc' + namespace: argocd + syncPolicy: + automated: + prune: true + selfHeal: true + retry: + backoff: + duration: 15s + maxDuration: 30m diff --git a/docker-compose.yml b/docker-compose.yml deleted file mode 100644 index 3fae818..0000000 --- a/docker-compose.yml +++ /dev/null @@ -1,22 +0,0 @@ -services: - k0s: - image: docker.io/k0sproject/k0s:v1.30.4-k0s.0 - command: k0s controller --config=/etc/k0s/config.yaml --enable-worker --no-taints - restart: always - stop_grace_period: 15s - hostname: k8s.smsvc.net - privileged: true - cgroup: host - network_mode: host - volumes: - - k0s-data:/var/lib/k0s/ - - k0s-run:/run/ - - k0s-storage:/var/openebs/ - - k0s-run-udev:/run/udev - - ./k0s-config.yaml:/etc/k0s/config.yaml - -volumes: - k0s-data: - k0s-run: - k0s-storage: - k0s-run-udev: diff --git a/k0s-config.yaml b/k0s-config.yaml deleted file mode 100644 index 6e15ae1..0000000 --- a/k0s-config.yaml +++ /dev/null @@ -1,97 +0,0 @@ ---- -apiVersion: k0s.k0sproject.io/v1beta1 -kind: ClusterConfig -metadata: - name: k0s -spec: - - api: - sans: - - k8s.smsvc.net - - telemetry: - enabled: false - - extensions: - helm: - repositories: - - name: argocd - url: https://argoproj.github.io/argo-helm - - name: metallb - url: https://metallb.github.io/metallb - - name: openebs-internal - url: https://openebs.github.io/charts - - charts: - - name: openebs - chartname: openebs-internal/openebs - version: 3.10.0 # depName=openebs repoUrl=https://openebs.github.io/charts - namespace: openebs - order: 0 - values: | - localprovisioner: - hostpathClass: - enabled: true - isDefaultClass: true - - - name: metallb - chartname: metallb/metallb - version: 0.14.8 # depName=metallb repoUrl=https://metallb.github.io/metallb - namespace: metallb - order: 0 - - - name: argocd - chartname: argocd/argo-cd - version: 7.5.0 # depName=argo-cd repoUrl=https://argoproj.github.io/argo-helm - namespace: argocd - order: 1 - values: | - applicationSet: - enabled: false - notifications: - enabled: false - dex: - enabled: false - - name: argocd-apps - chartname: argocd/argocd-apps - version: 2.0.0 # depName=argocd-apps repoUrl=https://argoproj.github.io/argo-helm - namespace: argocd - order: 2 - values: | - projects: - baseline: - namespace: argocd - finalizers: - - resources-finalizer.argocd.argoproj.io - sourceRepos: - - '*' - destinations: - - namespace: '*' - server: '*' - clusterResourceWhitelist: - - group: '*' - kind: '*' - applications: - baseline: - project: baseline - finalizers: - - resources-finalizer.argocd.argoproj.io - source: - repoURL: 'https://git.smsvc.net/k8s/baseline.git' - targetRevision: HEAD - path: manifests/ - directory: - recurse: true - destination: - server: 'https://kubernetes.default.svc' - namespace: argocd - syncPolicy: - automated: - prune: true - selfHeal: true - retry: - limit: 5 - backoff: - duration: 5s - factor: 2 - maxDuration: 5m diff --git a/_templates/argocd_app.libsonnet b/manifests/_templates/argocd_app.libsonnet similarity index 100% rename from _templates/argocd_app.libsonnet rename to manifests/_templates/argocd_app.libsonnet diff --git a/manifests/cert-manager/cert-manager.jsonnet b/manifests/cert-manager/cert-manager.jsonnet index 6ea4824..83cf208 100644 --- a/manifests/cert-manager/cert-manager.jsonnet +++ b/manifests/cert-manager/cert-manager.jsonnet @@ -1,4 +1,4 @@ -local app = import "../_templates/argocd_app.libsonnet"; +local app = import "_templates/argocd_app.libsonnet"; [ app + { diff --git a/manifests/cert-manager/letsencrypt-issuers.yml b/manifests/cert-manager/letsencrypt-issuers.yml index 6b6c468..bac1b8d 100644 --- a/manifests/cert-manager/letsencrypt-issuers.yml +++ b/manifests/cert-manager/letsencrypt-issuers.yml @@ -6,6 +6,7 @@ metadata: namespace: cert-manager annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + argocd.argoproj.io/sync-wave: "2" spec: acme: server: https://acme-v02.api.letsencrypt.org/directory @@ -23,6 +24,7 @@ metadata: namespace: cert-manager annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + argocd.argoproj.io/sync-wave: "2" spec: acme: server: https://acme-staging-v02.api.letsencrypt.org/directory diff --git a/manifests/cert-manager/selfsigned-issuer.yaml b/manifests/cert-manager/selfsigned-issuer.yaml index 2cc7761..3909d3f 100644 --- a/manifests/cert-manager/selfsigned-issuer.yaml +++ b/manifests/cert-manager/selfsigned-issuer.yaml @@ -6,5 +6,6 @@ metadata: namespace: cert-manager annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + argocd.argoproj.io/sync-wave: "2" spec: selfSigned: {} diff --git a/manifests/ingress-nginx.jsonnet b/manifests/ingress-nginx.jsonnet index 8c6b088..372ae54 100644 --- a/manifests/ingress-nginx.jsonnet +++ b/manifests/ingress-nginx.jsonnet @@ -1,4 +1,4 @@ -local app = import "../_templates/argocd_app.libsonnet"; +local app = import "_templates/argocd_app.libsonnet"; [ app + { diff --git a/manifests/keel.jsonnet b/manifests/keel.jsonnet index bbdbd8a..0b78f8a 100644 --- a/manifests/keel.jsonnet +++ b/manifests/keel.jsonnet @@ -1,4 +1,4 @@ -local app = import "../_templates/argocd_app.libsonnet"; +local app = import "_templates/argocd_app.libsonnet"; [ app + { diff --git a/manifests/metallb-address-pool.yml b/manifests/metallb-address-pool.yml deleted file mode 100644 index f23110a..0000000 --- a/manifests/metallb-address-pool.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -apiVersion: metallb.io/v1beta1 -kind: IPAddressPool -metadata: - name: metallb-address-pool - namespace: metallb - annotations: -spec: - addresses: - - 194.55.14.183/32 diff --git a/manifests/monitoring/zabbix-proxy.jsonnet b/manifests/monitoring/zabbix-proxy.jsonnet index 124c7aa..790ba1f 100644 --- a/manifests/monitoring/zabbix-proxy.jsonnet +++ b/manifests/monitoring/zabbix-proxy.jsonnet @@ -1,4 +1,4 @@ -local app = import "../../_templates/argocd_app.libsonnet"; +local app = import "../_templates/argocd_app.libsonnet"; [ app + { diff --git a/manifests/reloader.jsonnet b/manifests/reloader.jsonnet index fdda29e..06471eb 100644 --- a/manifests/reloader.jsonnet +++ b/manifests/reloader.jsonnet @@ -1,4 +1,4 @@ -local app = import "../_templates/argocd_app.libsonnet"; +local app = import "_templates/argocd_app.libsonnet"; [ app + { diff --git a/playbook.yml b/playbook.yml new file mode 100644 index 0000000..e6adae8 --- /dev/null +++ b/playbook.yml @@ -0,0 +1,61 @@ +# vim: set ft=yaml.ansible: +--- +- name: Install k3s server + hosts: all + gather_facts: false + tags: k3s-server + + vars: + k3s_version: v1.31.0+k3s1 + + tasks: + - name: Get k3s installed version + ansible.builtin.command: k3s --version + register: k3s_version_output + check_mode: false + changed_when: false + ignore_errors: true + + - name: Set k3s installed version + when: k3s_version_output.rc == 0 + ansible.builtin.set_fact: + installed_k3s_version: "{{ k3s_version_output.stdout_lines[0].split(' ')[2] }}" + + - name: Download and install/update k3s + when: (k3s_version_output.rc != 0) or (installed_k3s_version != k3s_version) + block: + - name: Download K3s install script + ansible.builtin.get_url: + url: https://get.k3s.io + dest: /usr/local/bin/k3s_install.sh + mode: "755" + - name: Install k3s server + ansible.builtin.command: "k3s_install.sh" + environment: + K3S_NODE_NAME: "{{ inventory_hostname }}" + INSTALL_K3S_CHANNEL: "{{ k3s_version }}" + INSTALL_K3S_EXEC: "--disable=traefik --tls-san {{ inventory_hostname }}" + changed_when: false + + - name: Start and enable k3s server + ansible.builtin.service: + name: k3s.service + state: started + enabled: true + + - name: Add restart cronjob + ansible.builtin.cron: + name: "restart k3s (and regenerate certs if necessary)" + special_time: monthly + job: "systemctl restart k3s" + +- name: Deploy ArgoCD + hosts: all + gather_facts: false + tags: baseline + tasks: + - name: Copy manifest + ansible.builtin.copy: + src: argocd-bootstrap/ + dest: /var/lib/rancher/k3s/server/manifests/argocd-bootstrap/ + mode: "0755"