From 8b7b24f8408a1e0fb72f1d87d17495e402994a76 Mon Sep 17 00:00:00 2001 From: Sebastian Mark Date: Mon, 2 Sep 2024 22:10:32 +0200 Subject: [PATCH 01/22] break: switch from k0s to k3s (in docker) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - replace k0s with k3s in docker-compose.yml - remove k0s-config.yaml - remove metallb-address-pool - update .renovaterc.json to match new file structure - add new argocd-init files for k3s - update README to reflect changes 🤖 --- .renovaterc.json | 9 ++- README.md | 8 +-- argocd-init/000-namespace.yml | 5 ++ argocd-init/001-argocd.yml | 21 +++++++ argocd-init/002-argocd-apps.yml | 50 +++++++++++++++ docker-compose.yml | 26 ++++---- k0s-config.yaml | 97 ------------------------------ manifests/metallb-address-pool.yml | 10 --- 8 files changed, 98 insertions(+), 128 deletions(-) create mode 100644 argocd-init/000-namespace.yml create mode 100644 argocd-init/001-argocd.yml create mode 100644 argocd-init/002-argocd-apps.yml delete mode 100644 k0s-config.yaml delete mode 100644 manifests/metallb-address-pool.yml diff --git a/.renovaterc.json b/.renovaterc.json index 9c73c8b..6c37c70 100644 --- a/.renovaterc.json +++ b/.renovaterc.json @@ -8,16 +8,19 @@ "customType": "regex", "description": "ArgoCD", "fileMatch": [ - "k0s-config\\.yaml$" + "^argocd-init/.*\\.yml$" ], "matchStrings": [ - "\\s+version:\\s(?.*)\\s+#\\s+depName=(?.*)\\s+repoUrl=(?.*)" + "\\s+chart:\\s(?.*)", + "\\s+repo:\\s(?.*)", + "\\s+version:\\s(?.*)" ], + "matchStringsStrategy": "combination", "datasourceTemplate": "helm" }, { "customType": "regex", - "description": "Baseline", + "description": "Baseline Manifests", "fileMatch": [ "\\.jsonnet$" ], diff --git a/README.md b/README.md index bf0f36f..d719d1e 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ -# k0s Kubernetes + Baseline +# k3s Kubernetes + Baseline -* [k0s](https://docs.k0sproject.io/stable/) +* [k3s](https://docs.k3s.io/) * [ArgoCD](https://argoproj.github.io/cd/) * [NGINX Ingress Controller](https://kubernetes.github.io/ingress-nginx/) * [cert-manager](https://cert-manager.io/) @@ -10,13 +10,13 @@ * [keel](https://keel.sh) * [reloader](https://github.com/stakater/Reloader) -## Run (k0s + baseline) +## Run (k3s + baseline) `docker compose up` ### Get kubeconfig -`docker compose exec -it k0s k0s kubeconfig admin` +`docker compose exec -it k3s kubectl config view --flatten` ## Notes diff --git a/argocd-init/000-namespace.yml b/argocd-init/000-namespace.yml new file mode 100644 index 0000000..42add95 --- /dev/null +++ b/argocd-init/000-namespace.yml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: argocd diff --git a/argocd-init/001-argocd.yml b/argocd-init/001-argocd.yml new file mode 100644 index 0000000..9897a0d --- /dev/null +++ b/argocd-init/001-argocd.yml @@ -0,0 +1,21 @@ +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: argocd + namespace: kube-system +spec: + # do not change order! (needed for renovate) + chart: argo-cd + repo: https://argoproj.github.io/argo-helm + version: 7.5.2 + targetNamespace: argocd + valuesContent: |- + server: + replicas: 1 + applicationSet: + enabled: false + notifications: + enabled: false + dex: + enabled: false diff --git a/argocd-init/002-argocd-apps.yml b/argocd-init/002-argocd-apps.yml new file mode 100644 index 0000000..e88b761 --- /dev/null +++ b/argocd-init/002-argocd-apps.yml @@ -0,0 +1,50 @@ +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: argocd-apps + namespace: kube-system +spec: + # do not change order! (needed for renovate) + chart: argocd-apps + repo: https://argoproj.github.io/argo-helm + version: 2.0.0 + targetNamespace: argocd + valuesContent: |- + projects: + baseline: + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io + sourceRepos: + - '*' + destinations: + - namespace: '*' + server: '*' + clusterResourceWhitelist: + - group: '*' + kind: '*' + applications: + baseline: + project: baseline + finalizers: + - resources-finalizer.argocd.argoproj.io + source: + repoURL: 'https://git.smsvc.net/k8s/baseline.git' + targetRevision: HEAD + path: manifests/ + directory: + recurse: true + destination: + server: 'https://kubernetes.default.svc' + namespace: argocd + syncPolicy: + automated: + prune: true + selfHeal: true + retry: + limit: 5 + backoff: + duration: 5s + factor: 2 + maxDuration: 5m diff --git a/docker-compose.yml b/docker-compose.yml index 3fae818..7b7b411 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,22 +1,20 @@ services: - k0s: - image: docker.io/k0sproject/k0s:v1.30.4-k0s.0 - command: k0s controller --config=/etc/k0s/config.yaml --enable-worker --no-taints - restart: always - stop_grace_period: 15s + k3s: + image: rancher/k3s:v1.30.4-k3s1 + command: + - server + - --disable=traefik + - --tls-san=k8s.smsvc.net hostname: k8s.smsvc.net + restart: always privileged: true cgroup: host network_mode: host volumes: - - k0s-data:/var/lib/k0s/ - - k0s-run:/run/ - - k0s-storage:/var/openebs/ - - k0s-run-udev:/run/udev - - ./k0s-config.yaml:/etc/k0s/config.yaml + - k3s-data:/var/lib/rancher/k3s/ + - k3s-run:/run/ + - ./argocd-init/:/var/lib/rancher/k3s/server/manifests/argocd-init/ volumes: - k0s-data: - k0s-run: - k0s-storage: - k0s-run-udev: + k3s-data: + k3s-run: diff --git a/k0s-config.yaml b/k0s-config.yaml deleted file mode 100644 index 6e15ae1..0000000 --- a/k0s-config.yaml +++ /dev/null @@ -1,97 +0,0 @@ ---- -apiVersion: k0s.k0sproject.io/v1beta1 -kind: ClusterConfig -metadata: - name: k0s -spec: - - api: - sans: - - k8s.smsvc.net - - telemetry: - enabled: false - - extensions: - helm: - repositories: - - name: argocd - url: https://argoproj.github.io/argo-helm - - name: metallb - url: https://metallb.github.io/metallb - - name: openebs-internal - url: https://openebs.github.io/charts - - charts: - - name: openebs - chartname: openebs-internal/openebs - version: 3.10.0 # depName=openebs repoUrl=https://openebs.github.io/charts - namespace: openebs - order: 0 - values: | - localprovisioner: - hostpathClass: - enabled: true - isDefaultClass: true - - - name: metallb - chartname: metallb/metallb - version: 0.14.8 # depName=metallb repoUrl=https://metallb.github.io/metallb - namespace: metallb - order: 0 - - - name: argocd - chartname: argocd/argo-cd - version: 7.5.0 # depName=argo-cd repoUrl=https://argoproj.github.io/argo-helm - namespace: argocd - order: 1 - values: | - applicationSet: - enabled: false - notifications: - enabled: false - dex: - enabled: false - - name: argocd-apps - chartname: argocd/argocd-apps - version: 2.0.0 # depName=argocd-apps repoUrl=https://argoproj.github.io/argo-helm - namespace: argocd - order: 2 - values: | - projects: - baseline: - namespace: argocd - finalizers: - - resources-finalizer.argocd.argoproj.io - sourceRepos: - - '*' - destinations: - - namespace: '*' - server: '*' - clusterResourceWhitelist: - - group: '*' - kind: '*' - applications: - baseline: - project: baseline - finalizers: - - resources-finalizer.argocd.argoproj.io - source: - repoURL: 'https://git.smsvc.net/k8s/baseline.git' - targetRevision: HEAD - path: manifests/ - directory: - recurse: true - destination: - server: 'https://kubernetes.default.svc' - namespace: argocd - syncPolicy: - automated: - prune: true - selfHeal: true - retry: - limit: 5 - backoff: - duration: 5s - factor: 2 - maxDuration: 5m diff --git a/manifests/metallb-address-pool.yml b/manifests/metallb-address-pool.yml deleted file mode 100644 index f23110a..0000000 --- a/manifests/metallb-address-pool.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -apiVersion: metallb.io/v1beta1 -kind: IPAddressPool -metadata: - name: metallb-address-pool - namespace: metallb - annotations: -spec: - addresses: - - 194.55.14.183/32 From d034522a439af40e2c6813e6a4ea28b41b65b9ba Mon Sep 17 00:00:00 2001 From: Sebastian Mark Date: Tue, 3 Sep 2024 13:24:07 +0200 Subject: [PATCH 02/22] doc(argo-cd): describe sync via Kubectl --- README.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/README.md b/README.md index d719d1e..b5f81a4 100644 --- a/README.md +++ b/README.md @@ -27,6 +27,16 @@ To retrieve the initial admin password use To change the password follow [Argocd account update password](https://argo-cd.readthedocs.io/en/stable/user-guide/commands/argocd_account_update-password/). +#### Sync Applications with Kubectl + +Add to application: +```yaml +operation: + sync: + syncStrategy: + hook: {} +``` + ### Linode PROXY protocol needs to be enabled for ingress-nginx to see the clients IP in ingress log. From de60e45171a646dc40c0ccd22c6ad30ab6bec337 Mon Sep 17 00:00:00 2001 From: Sebastian Mark Date: Tue, 3 Sep 2024 17:52:20 +0200 Subject: [PATCH 03/22] refactor(argocd): rename `argocd-init` -> `argocd-bootstrap` --- {argocd-init => argocd-bootstrap}/000-namespace.yml | 0 {argocd-init => argocd-bootstrap}/001-argocd.yml | 2 -- {argocd-init => argocd-bootstrap}/002-argocd-apps.yml | 0 docker-compose.yml | 2 +- 4 files changed, 1 insertion(+), 3 deletions(-) rename {argocd-init => argocd-bootstrap}/000-namespace.yml (100%) rename {argocd-init => argocd-bootstrap}/001-argocd.yml (92%) rename {argocd-init => argocd-bootstrap}/002-argocd-apps.yml (100%) diff --git a/argocd-init/000-namespace.yml b/argocd-bootstrap/000-namespace.yml similarity index 100% rename from argocd-init/000-namespace.yml rename to argocd-bootstrap/000-namespace.yml diff --git a/argocd-init/001-argocd.yml b/argocd-bootstrap/001-argocd.yml similarity index 92% rename from argocd-init/001-argocd.yml rename to argocd-bootstrap/001-argocd.yml index 9897a0d..3d13f8c 100644 --- a/argocd-init/001-argocd.yml +++ b/argocd-bootstrap/001-argocd.yml @@ -11,8 +11,6 @@ spec: version: 7.5.2 targetNamespace: argocd valuesContent: |- - server: - replicas: 1 applicationSet: enabled: false notifications: diff --git a/argocd-init/002-argocd-apps.yml b/argocd-bootstrap/002-argocd-apps.yml similarity index 100% rename from argocd-init/002-argocd-apps.yml rename to argocd-bootstrap/002-argocd-apps.yml diff --git a/docker-compose.yml b/docker-compose.yml index 7b7b411..6d22520 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -13,7 +13,7 @@ services: volumes: - k3s-data:/var/lib/rancher/k3s/ - k3s-run:/run/ - - ./argocd-init/:/var/lib/rancher/k3s/server/manifests/argocd-init/ + - ./argocd-bootstrap/:/var/lib/rancher/k3s/server/manifests/argocd-bootstrap/ volumes: k3s-data: From 566c55aaeeacfc5b3edb763e390b49eacd67d8b4 Mon Sep 17 00:00:00 2001 From: Sebastian Mark Date: Tue, 3 Sep 2024 17:55:33 +0200 Subject: [PATCH 04/22] refactor(manifests): move _templates into manifests path --- {_templates => manifests/_templates}/argocd_app.libsonnet | 0 manifests/cert-manager/cert-manager.jsonnet | 2 +- manifests/ingress-nginx.jsonnet | 2 +- manifests/keel.jsonnet | 2 +- manifests/monitoring/zabbix-proxy.jsonnet | 2 +- manifests/reloader.jsonnet | 2 +- 6 files changed, 5 insertions(+), 5 deletions(-) rename {_templates => manifests/_templates}/argocd_app.libsonnet (100%) diff --git a/_templates/argocd_app.libsonnet b/manifests/_templates/argocd_app.libsonnet similarity index 100% rename from _templates/argocd_app.libsonnet rename to manifests/_templates/argocd_app.libsonnet diff --git a/manifests/cert-manager/cert-manager.jsonnet b/manifests/cert-manager/cert-manager.jsonnet index 6ea4824..83cf208 100644 --- a/manifests/cert-manager/cert-manager.jsonnet +++ b/manifests/cert-manager/cert-manager.jsonnet @@ -1,4 +1,4 @@ -local app = import "../_templates/argocd_app.libsonnet"; +local app = import "_templates/argocd_app.libsonnet"; [ app + { diff --git a/manifests/ingress-nginx.jsonnet b/manifests/ingress-nginx.jsonnet index 8c6b088..372ae54 100644 --- a/manifests/ingress-nginx.jsonnet +++ b/manifests/ingress-nginx.jsonnet @@ -1,4 +1,4 @@ -local app = import "../_templates/argocd_app.libsonnet"; +local app = import "_templates/argocd_app.libsonnet"; [ app + { diff --git a/manifests/keel.jsonnet b/manifests/keel.jsonnet index bbdbd8a..0b78f8a 100644 --- a/manifests/keel.jsonnet +++ b/manifests/keel.jsonnet @@ -1,4 +1,4 @@ -local app = import "../_templates/argocd_app.libsonnet"; +local app = import "_templates/argocd_app.libsonnet"; [ app + { diff --git a/manifests/monitoring/zabbix-proxy.jsonnet b/manifests/monitoring/zabbix-proxy.jsonnet index 124c7aa..790ba1f 100644 --- a/manifests/monitoring/zabbix-proxy.jsonnet +++ b/manifests/monitoring/zabbix-proxy.jsonnet @@ -1,4 +1,4 @@ -local app = import "../../_templates/argocd_app.libsonnet"; +local app = import "../_templates/argocd_app.libsonnet"; [ app + { diff --git a/manifests/reloader.jsonnet b/manifests/reloader.jsonnet index fdda29e..06471eb 100644 --- a/manifests/reloader.jsonnet +++ b/manifests/reloader.jsonnet @@ -1,4 +1,4 @@ -local app = import "../_templates/argocd_app.libsonnet"; +local app = import "_templates/argocd_app.libsonnet"; [ app + { From 1e3c674e8965a3e292fd4fcedba9eb6e684b492c Mon Sep 17 00:00:00 2001 From: Sebastian Mark Date: Tue, 3 Sep 2024 20:14:09 +0200 Subject: [PATCH 05/22] doc: add Zabbix Monitoring section MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - add new section for Zabbix Monitoring in README.md - provide link to Zabbix Kubernetes Monitoring documentation 🤖 --- README.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/README.md b/README.md index b5f81a4..41080b4 100644 --- a/README.md +++ b/README.md @@ -37,6 +37,13 @@ operation: hook: {} ``` +### Zabbix Monitoring + +See: [infrastructure/zabbix-config - Zabbix Kubernetes Monitoring](https://git.smsvc.net/infrastructure/zabbix-config/src/branch/master/Zabbix-Kubernetes.md) + + +## Cloud Setups + ### Linode PROXY protocol needs to be enabled for ingress-nginx to see the clients IP in ingress log. From 24e08ab096539cbd2665ba070b7495044c4b0561 Mon Sep 17 00:00:00 2001 From: Sebastian Mark Date: Tue, 3 Sep 2024 21:31:40 +0200 Subject: [PATCH 06/22] refactor(argocd): split bootstrap files - rename bootstrap files for clarification - remove project and application from argocd-apps values - add new YAML for project configuration - add new YAML for application configuration --- .../{001-argocd.yml => 001-helm-argocd.yml} | 0 argocd-bootstrap/002-argocd-apps.yml | 50 ------------------- argocd-bootstrap/002-helm-argocd-apps.yml | 12 +++++ argocd-bootstrap/003-baseline-project.yml | 17 +++++++ argocd-bootstrap/004-baseline-app.yml | 25 ++++++++++ 5 files changed, 54 insertions(+), 50 deletions(-) rename argocd-bootstrap/{001-argocd.yml => 001-helm-argocd.yml} (100%) delete mode 100644 argocd-bootstrap/002-argocd-apps.yml create mode 100644 argocd-bootstrap/002-helm-argocd-apps.yml create mode 100644 argocd-bootstrap/003-baseline-project.yml create mode 100644 argocd-bootstrap/004-baseline-app.yml diff --git a/argocd-bootstrap/001-argocd.yml b/argocd-bootstrap/001-helm-argocd.yml similarity index 100% rename from argocd-bootstrap/001-argocd.yml rename to argocd-bootstrap/001-helm-argocd.yml diff --git a/argocd-bootstrap/002-argocd-apps.yml b/argocd-bootstrap/002-argocd-apps.yml deleted file mode 100644 index e88b761..0000000 --- a/argocd-bootstrap/002-argocd-apps.yml +++ /dev/null @@ -1,50 +0,0 @@ ---- -apiVersion: helm.cattle.io/v1 -kind: HelmChart -metadata: - name: argocd-apps - namespace: kube-system -spec: - # do not change order! (needed for renovate) - chart: argocd-apps - repo: https://argoproj.github.io/argo-helm - version: 2.0.0 - targetNamespace: argocd - valuesContent: |- - projects: - baseline: - namespace: argocd - finalizers: - - resources-finalizer.argocd.argoproj.io - sourceRepos: - - '*' - destinations: - - namespace: '*' - server: '*' - clusterResourceWhitelist: - - group: '*' - kind: '*' - applications: - baseline: - project: baseline - finalizers: - - resources-finalizer.argocd.argoproj.io - source: - repoURL: 'https://git.smsvc.net/k8s/baseline.git' - targetRevision: HEAD - path: manifests/ - directory: - recurse: true - destination: - server: 'https://kubernetes.default.svc' - namespace: argocd - syncPolicy: - automated: - prune: true - selfHeal: true - retry: - limit: 5 - backoff: - duration: 5s - factor: 2 - maxDuration: 5m diff --git a/argocd-bootstrap/002-helm-argocd-apps.yml b/argocd-bootstrap/002-helm-argocd-apps.yml new file mode 100644 index 0000000..236332b --- /dev/null +++ b/argocd-bootstrap/002-helm-argocd-apps.yml @@ -0,0 +1,12 @@ +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: argocd-apps + namespace: kube-system +spec: + # do not change order! (needed for renovate) + chart: argocd-apps + repo: https://argoproj.github.io/argo-helm + version: 2.0.0 + targetNamespace: argocd diff --git a/argocd-bootstrap/003-baseline-project.yml b/argocd-bootstrap/003-baseline-project.yml new file mode 100644 index 0000000..f8f2eb2 --- /dev/null +++ b/argocd-bootstrap/003-baseline-project.yml @@ -0,0 +1,17 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: AppProject +metadata: + name: baseline + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + sourceRepos: + - '*' + destinations: + - namespace: '*' + server: '*' + clusterResourceWhitelist: + - group: '*' + kind: '*' diff --git a/argocd-bootstrap/004-baseline-app.yml b/argocd-bootstrap/004-baseline-app.yml new file mode 100644 index 0000000..6380054 --- /dev/null +++ b/argocd-bootstrap/004-baseline-app.yml @@ -0,0 +1,25 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: baseline + namespace: argocd +spec: + project: baseline + source: + repoURL: 'https://git.smsvc.net/k8s/baseline.git' + targetRevision: HEAD + path: manifests/ + directory: + recurse: true + destination: + server: 'https://kubernetes.default.svc' + namespace: argocd + syncPolicy: + automated: + prune: true + selfHeal: true + retry: + backoff: + duration: 15s + maxDuration: 30m From 6e5423ffb40a0d1837770fa379a612330e396080 Mon Sep 17 00:00:00 2001 From: Sebastian Mark Date: Tue, 3 Sep 2024 22:31:56 +0200 Subject: [PATCH 07/22] doc: add agent registration instructions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - add section on how to get existing server token - add steps to create a new token - add instructions on how to register an agent/worker 🤖 --- README.md | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 41080b4..c774bf3 100644 --- a/README.md +++ b/README.md @@ -18,6 +18,29 @@ `docker compose exec -it k3s kubectl config view --flatten` +### Add Agents + +#### Get Agent Token + +> The secure token format (occasionally referred to as a "full" token) contains the following parts: +> +> :: + +Get existing server token: +`cat /var/lib/docker/volumes/baseline_k3s-data/_data/server/token` + +Create new token: +`docker compose exec -it k3s k3s token create` + +#### Register Agent/Worker + +```bash +export K3S_URL=https://:6443 +export K3S_NODE_NAME= +export K3S_TOKEN= +curl -sfL https://get.k3s.io | sh -s - +``` + ## Notes ### ArgoCD @@ -41,7 +64,6 @@ operation: See: [infrastructure/zabbix-config - Zabbix Kubernetes Monitoring](https://git.smsvc.net/infrastructure/zabbix-config/src/branch/master/Zabbix-Kubernetes.md) - ## Cloud Setups ### Linode From caa10cc8faa16f4b975380a5e5b13804bc8c35be Mon Sep 17 00:00:00 2001 From: Sebastian Mark Date: Wed, 4 Sep 2024 21:27:49 +0200 Subject: [PATCH 08/22] break: migrate back to bare-metal (and ansible) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - remove docker-compose.yml - add ansible playbook for k3s and argocd deployment - update renovate custom manager for k3s version - update README.md with new instructions 🤖 --- .renovaterc.json | 12 +++++++++ README.md | 8 +++--- docker-compose.yml | 20 --------------- playbook.yml | 61 ++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 77 insertions(+), 24 deletions(-) delete mode 100644 docker-compose.yml create mode 100644 playbook.yml diff --git a/.renovaterc.json b/.renovaterc.json index 6c37c70..32db98d 100644 --- a/.renovaterc.json +++ b/.renovaterc.json @@ -4,6 +4,18 @@ "local>infrastructure/renovate-config" ], "customManagers": [ + { + "customType": "regex", + "description": "k3s", + "fileMatch": [ + "playbook\\.yml" + ], + "matchStrings": [ + "\\s+k3s_version:\\s(?.*)" + ], + "depNameTemplate": "k3s-io/k3s", + "datasourceTemplate": "github-releases" + }, { "customType": "regex", "description": "ArgoCD", diff --git a/README.md b/README.md index c774bf3..e61d651 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# k3s Kubernetes + Baseline +# k3s Kubernetes + ArgoCD + Baseline * [k3s](https://docs.k3s.io/) * [ArgoCD](https://argoproj.github.io/cd/) @@ -10,13 +10,13 @@ * [keel](https://keel.sh) * [reloader](https://github.com/stakater/Reloader) -## Run (k3s + baseline) +## Run (Deploy k3s + ArgoCD + Baseline) -`docker compose up` +`ansible-playbook k3s_boostrap.yml -i ,` ### Get kubeconfig -`docker compose exec -it k3s kubectl config view --flatten` +`cat /etc/rancher/k3s/k3s.yml` ### Add Agents diff --git a/docker-compose.yml b/docker-compose.yml deleted file mode 100644 index 6d22520..0000000 --- a/docker-compose.yml +++ /dev/null @@ -1,20 +0,0 @@ -services: - k3s: - image: rancher/k3s:v1.30.4-k3s1 - command: - - server - - --disable=traefik - - --tls-san=k8s.smsvc.net - hostname: k8s.smsvc.net - restart: always - privileged: true - cgroup: host - network_mode: host - volumes: - - k3s-data:/var/lib/rancher/k3s/ - - k3s-run:/run/ - - ./argocd-bootstrap/:/var/lib/rancher/k3s/server/manifests/argocd-bootstrap/ - -volumes: - k3s-data: - k3s-run: diff --git a/playbook.yml b/playbook.yml new file mode 100644 index 0000000..ea49cd1 --- /dev/null +++ b/playbook.yml @@ -0,0 +1,61 @@ +# vim: set ft=yaml.ansible: +--- +- name: Install k3s server + hosts: all + gather_facts: false + tags: k3s-server + + vars: + k3s_version: v1.30.4+k3s1 + + tasks: + - name: Get k3s installed version + ansible.builtin.command: k3s --version + register: k3s_version_output + check_mode: false + changed_when: false + ignore_errors: true + + - name: Set k3s installed version + when: k3s_version_output.rc == 0 + ansible.builtin.set_fact: + installed_k3s_version: "{{ k3s_version_output.stdout_lines[0].split(' ')[2] }}" + + - name: Download and install/update k3s + when: (k3s_version_output.rc != 0) or (installed_k3s_version != k3s_version) + block: + - name: Download K3s install script + ansible.builtin.get_url: + url: https://get.k3s.io + dest: /usr/local/bin/k3s_install.sh + mode: "755" + - name: Install k3s server + ansible.builtin.command: "k3s_install.sh" + environment: + K3S_NODE_NAME: "{{ inventory_hostname }}" + INSTALL_K3S_CHANNEL: "{{ k3s_version }}" + INSTALL_K3S_EXEC: "--disable=traefik --tls-san {{ inventory_hostname }}" + changed_when: false + + - name: Start and enable k3s server + ansible.builtin.service: + name: k3s.service + state: started + enabled: true + + - name: Add restart cronjob + ansible.builtin.cron: + name: "restart k3s (and regenerate certs if necessary)" + special_time: monthly + job: "systemctl restart k3s" + +- name: Deploy ArgoCD + hosts: all + gather_facts: false + tags: baseline + tasks: + - name: Copy manifest + ansible.builtin.copy: + src: argocd-bootstrap/ + dest: /var/lib/rancher/k3s/server/manifests/argocd-bootstrap/ + mode: "0755" From 4e81b3dc8fb6f590a471511b8c5c4d004be0f074 Mon Sep 17 00:00:00 2001 From: Sebastian Mark Date: Wed, 4 Sep 2024 21:46:02 +0200 Subject: [PATCH 09/22] feat(cert-manager): move LE issuer to later sync wave --- manifests/cert-manager/letsencrypt-issuers.yml | 2 ++ manifests/cert-manager/selfsigned-issuer.yaml | 1 + 2 files changed, 3 insertions(+) diff --git a/manifests/cert-manager/letsencrypt-issuers.yml b/manifests/cert-manager/letsencrypt-issuers.yml index 6b6c468..bac1b8d 100644 --- a/manifests/cert-manager/letsencrypt-issuers.yml +++ b/manifests/cert-manager/letsencrypt-issuers.yml @@ -6,6 +6,7 @@ metadata: namespace: cert-manager annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + argocd.argoproj.io/sync-wave: "2" spec: acme: server: https://acme-v02.api.letsencrypt.org/directory @@ -23,6 +24,7 @@ metadata: namespace: cert-manager annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + argocd.argoproj.io/sync-wave: "2" spec: acme: server: https://acme-staging-v02.api.letsencrypt.org/directory diff --git a/manifests/cert-manager/selfsigned-issuer.yaml b/manifests/cert-manager/selfsigned-issuer.yaml index 2cc7761..3909d3f 100644 --- a/manifests/cert-manager/selfsigned-issuer.yaml +++ b/manifests/cert-manager/selfsigned-issuer.yaml @@ -6,5 +6,6 @@ metadata: namespace: cert-manager annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + argocd.argoproj.io/sync-wave: "2" spec: selfSigned: {} From 6694527236fec400709641650a71181c54cb74b9 Mon Sep 17 00:00:00 2001 From: Sebastian Mark Date: Thu, 5 Sep 2024 20:23:14 +0200 Subject: [PATCH 10/22] doc: fix markdown syntax --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e61d651..97cd48c 100644 --- a/README.md +++ b/README.md @@ -24,7 +24,7 @@ > The secure token format (occasionally referred to as a "full" token) contains the following parts: > -> :: +> \\::\ Get existing server token: `cat /var/lib/docker/volumes/baseline_k3s-data/_data/server/token` From e2c78fb69adf8629a85ff6e6f47be4be17dde5d3 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 5 Sep 2024 18:29:44 +0000 Subject: [PATCH 11/22] chore: update dependency k3s-io/k3s to v1.31.0+k3s1 --- playbook.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playbook.yml b/playbook.yml index ea49cd1..e6adae8 100644 --- a/playbook.yml +++ b/playbook.yml @@ -6,7 +6,7 @@ tags: k3s-server vars: - k3s_version: v1.30.4+k3s1 + k3s_version: v1.31.0+k3s1 tasks: - name: Get k3s installed version From 5421b15d4e60a8b575c251a29001ac681bcc5f89 Mon Sep 17 00:00:00 2001 From: Sebastian Mark Date: Mon, 2 Sep 2024 22:10:32 +0200 Subject: [PATCH 12/22] break: switch from k0s to k3s (in docker) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - replace k0s with k3s in docker-compose.yml - remove k0s-config.yaml - remove metallb-address-pool - update .renovaterc.json to match new file structure - add new argocd-init files for k3s - update README to reflect changes 🤖 --- .renovaterc.json | 9 ++- README.md | 8 +-- argocd-init/000-namespace.yml | 5 ++ argocd-init/001-argocd.yml | 21 +++++++ argocd-init/002-argocd-apps.yml | 50 +++++++++++++++ docker-compose.yml | 26 ++++---- k0s-config.yaml | 97 ------------------------------ manifests/metallb-address-pool.yml | 10 --- 8 files changed, 98 insertions(+), 128 deletions(-) create mode 100644 argocd-init/000-namespace.yml create mode 100644 argocd-init/001-argocd.yml create mode 100644 argocd-init/002-argocd-apps.yml delete mode 100644 k0s-config.yaml delete mode 100644 manifests/metallb-address-pool.yml diff --git a/.renovaterc.json b/.renovaterc.json index 9c73c8b..5e8645f 100644 --- a/.renovaterc.json +++ b/.renovaterc.json @@ -8,16 +8,19 @@ "customType": "regex", "description": "ArgoCD", "fileMatch": [ - "k0s-config\\.yaml$" + "^argocd-bootstrap/.*\\.yml$" ], "matchStrings": [ - "\\s+version:\\s(?.*)\\s+#\\s+depName=(?.*)\\s+repoUrl=(?.*)" + "\\s+chart:\\s(?.*)", + "\\s+repo:\\s(?.*)", + "\\s+version:\\s(?.*)" ], + "matchStringsStrategy": "combination", "datasourceTemplate": "helm" }, { "customType": "regex", - "description": "Baseline", + "description": "Baseline Manifests", "fileMatch": [ "\\.jsonnet$" ], diff --git a/README.md b/README.md index bf0f36f..d719d1e 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ -# k0s Kubernetes + Baseline +# k3s Kubernetes + Baseline -* [k0s](https://docs.k0sproject.io/stable/) +* [k3s](https://docs.k3s.io/) * [ArgoCD](https://argoproj.github.io/cd/) * [NGINX Ingress Controller](https://kubernetes.github.io/ingress-nginx/) * [cert-manager](https://cert-manager.io/) @@ -10,13 +10,13 @@ * [keel](https://keel.sh) * [reloader](https://github.com/stakater/Reloader) -## Run (k0s + baseline) +## Run (k3s + baseline) `docker compose up` ### Get kubeconfig -`docker compose exec -it k0s k0s kubeconfig admin` +`docker compose exec -it k3s kubectl config view --flatten` ## Notes diff --git a/argocd-init/000-namespace.yml b/argocd-init/000-namespace.yml new file mode 100644 index 0000000..42add95 --- /dev/null +++ b/argocd-init/000-namespace.yml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: argocd diff --git a/argocd-init/001-argocd.yml b/argocd-init/001-argocd.yml new file mode 100644 index 0000000..9897a0d --- /dev/null +++ b/argocd-init/001-argocd.yml @@ -0,0 +1,21 @@ +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: argocd + namespace: kube-system +spec: + # do not change order! (needed for renovate) + chart: argo-cd + repo: https://argoproj.github.io/argo-helm + version: 7.5.2 + targetNamespace: argocd + valuesContent: |- + server: + replicas: 1 + applicationSet: + enabled: false + notifications: + enabled: false + dex: + enabled: false diff --git a/argocd-init/002-argocd-apps.yml b/argocd-init/002-argocd-apps.yml new file mode 100644 index 0000000..e88b761 --- /dev/null +++ b/argocd-init/002-argocd-apps.yml @@ -0,0 +1,50 @@ +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: argocd-apps + namespace: kube-system +spec: + # do not change order! (needed for renovate) + chart: argocd-apps + repo: https://argoproj.github.io/argo-helm + version: 2.0.0 + targetNamespace: argocd + valuesContent: |- + projects: + baseline: + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io + sourceRepos: + - '*' + destinations: + - namespace: '*' + server: '*' + clusterResourceWhitelist: + - group: '*' + kind: '*' + applications: + baseline: + project: baseline + finalizers: + - resources-finalizer.argocd.argoproj.io + source: + repoURL: 'https://git.smsvc.net/k8s/baseline.git' + targetRevision: HEAD + path: manifests/ + directory: + recurse: true + destination: + server: 'https://kubernetes.default.svc' + namespace: argocd + syncPolicy: + automated: + prune: true + selfHeal: true + retry: + limit: 5 + backoff: + duration: 5s + factor: 2 + maxDuration: 5m diff --git a/docker-compose.yml b/docker-compose.yml index 3fae818..7b7b411 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,22 +1,20 @@ services: - k0s: - image: docker.io/k0sproject/k0s:v1.30.4-k0s.0 - command: k0s controller --config=/etc/k0s/config.yaml --enable-worker --no-taints - restart: always - stop_grace_period: 15s + k3s: + image: rancher/k3s:v1.30.4-k3s1 + command: + - server + - --disable=traefik + - --tls-san=k8s.smsvc.net hostname: k8s.smsvc.net + restart: always privileged: true cgroup: host network_mode: host volumes: - - k0s-data:/var/lib/k0s/ - - k0s-run:/run/ - - k0s-storage:/var/openebs/ - - k0s-run-udev:/run/udev - - ./k0s-config.yaml:/etc/k0s/config.yaml + - k3s-data:/var/lib/rancher/k3s/ + - k3s-run:/run/ + - ./argocd-init/:/var/lib/rancher/k3s/server/manifests/argocd-init/ volumes: - k0s-data: - k0s-run: - k0s-storage: - k0s-run-udev: + k3s-data: + k3s-run: diff --git a/k0s-config.yaml b/k0s-config.yaml deleted file mode 100644 index 6e15ae1..0000000 --- a/k0s-config.yaml +++ /dev/null @@ -1,97 +0,0 @@ ---- -apiVersion: k0s.k0sproject.io/v1beta1 -kind: ClusterConfig -metadata: - name: k0s -spec: - - api: - sans: - - k8s.smsvc.net - - telemetry: - enabled: false - - extensions: - helm: - repositories: - - name: argocd - url: https://argoproj.github.io/argo-helm - - name: metallb - url: https://metallb.github.io/metallb - - name: openebs-internal - url: https://openebs.github.io/charts - - charts: - - name: openebs - chartname: openebs-internal/openebs - version: 3.10.0 # depName=openebs repoUrl=https://openebs.github.io/charts - namespace: openebs - order: 0 - values: | - localprovisioner: - hostpathClass: - enabled: true - isDefaultClass: true - - - name: metallb - chartname: metallb/metallb - version: 0.14.8 # depName=metallb repoUrl=https://metallb.github.io/metallb - namespace: metallb - order: 0 - - - name: argocd - chartname: argocd/argo-cd - version: 7.5.0 # depName=argo-cd repoUrl=https://argoproj.github.io/argo-helm - namespace: argocd - order: 1 - values: | - applicationSet: - enabled: false - notifications: - enabled: false - dex: - enabled: false - - name: argocd-apps - chartname: argocd/argocd-apps - version: 2.0.0 # depName=argocd-apps repoUrl=https://argoproj.github.io/argo-helm - namespace: argocd - order: 2 - values: | - projects: - baseline: - namespace: argocd - finalizers: - - resources-finalizer.argocd.argoproj.io - sourceRepos: - - '*' - destinations: - - namespace: '*' - server: '*' - clusterResourceWhitelist: - - group: '*' - kind: '*' - applications: - baseline: - project: baseline - finalizers: - - resources-finalizer.argocd.argoproj.io - source: - repoURL: 'https://git.smsvc.net/k8s/baseline.git' - targetRevision: HEAD - path: manifests/ - directory: - recurse: true - destination: - server: 'https://kubernetes.default.svc' - namespace: argocd - syncPolicy: - automated: - prune: true - selfHeal: true - retry: - limit: 5 - backoff: - duration: 5s - factor: 2 - maxDuration: 5m diff --git a/manifests/metallb-address-pool.yml b/manifests/metallb-address-pool.yml deleted file mode 100644 index f23110a..0000000 --- a/manifests/metallb-address-pool.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -apiVersion: metallb.io/v1beta1 -kind: IPAddressPool -metadata: - name: metallb-address-pool - namespace: metallb - annotations: -spec: - addresses: - - 194.55.14.183/32 From 1f1681cd434784557f3d7607dd1749daeba6594a Mon Sep 17 00:00:00 2001 From: Sebastian Mark Date: Tue, 3 Sep 2024 13:24:07 +0200 Subject: [PATCH 13/22] doc(argo-cd): describe sync via Kubectl --- README.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/README.md b/README.md index d719d1e..b5f81a4 100644 --- a/README.md +++ b/README.md @@ -27,6 +27,16 @@ To retrieve the initial admin password use To change the password follow [Argocd account update password](https://argo-cd.readthedocs.io/en/stable/user-guide/commands/argocd_account_update-password/). +#### Sync Applications with Kubectl + +Add to application: +```yaml +operation: + sync: + syncStrategy: + hook: {} +``` + ### Linode PROXY protocol needs to be enabled for ingress-nginx to see the clients IP in ingress log. From 3d1e3d3ae716133c4e3c607041697063786f1ca9 Mon Sep 17 00:00:00 2001 From: Sebastian Mark Date: Tue, 3 Sep 2024 17:52:20 +0200 Subject: [PATCH 14/22] refactor(argocd): rename `argocd-init` -> `argocd-bootstrap` --- {argocd-init => argocd-bootstrap}/000-namespace.yml | 0 {argocd-init => argocd-bootstrap}/001-argocd.yml | 2 -- {argocd-init => argocd-bootstrap}/002-argocd-apps.yml | 0 docker-compose.yml | 2 +- 4 files changed, 1 insertion(+), 3 deletions(-) rename {argocd-init => argocd-bootstrap}/000-namespace.yml (100%) rename {argocd-init => argocd-bootstrap}/001-argocd.yml (92%) rename {argocd-init => argocd-bootstrap}/002-argocd-apps.yml (100%) diff --git a/argocd-init/000-namespace.yml b/argocd-bootstrap/000-namespace.yml similarity index 100% rename from argocd-init/000-namespace.yml rename to argocd-bootstrap/000-namespace.yml diff --git a/argocd-init/001-argocd.yml b/argocd-bootstrap/001-argocd.yml similarity index 92% rename from argocd-init/001-argocd.yml rename to argocd-bootstrap/001-argocd.yml index 9897a0d..3d13f8c 100644 --- a/argocd-init/001-argocd.yml +++ b/argocd-bootstrap/001-argocd.yml @@ -11,8 +11,6 @@ spec: version: 7.5.2 targetNamespace: argocd valuesContent: |- - server: - replicas: 1 applicationSet: enabled: false notifications: diff --git a/argocd-init/002-argocd-apps.yml b/argocd-bootstrap/002-argocd-apps.yml similarity index 100% rename from argocd-init/002-argocd-apps.yml rename to argocd-bootstrap/002-argocd-apps.yml diff --git a/docker-compose.yml b/docker-compose.yml index 7b7b411..6d22520 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -13,7 +13,7 @@ services: volumes: - k3s-data:/var/lib/rancher/k3s/ - k3s-run:/run/ - - ./argocd-init/:/var/lib/rancher/k3s/server/manifests/argocd-init/ + - ./argocd-bootstrap/:/var/lib/rancher/k3s/server/manifests/argocd-bootstrap/ volumes: k3s-data: From 72f44037526c32746e61a39614e817d49ca2cced Mon Sep 17 00:00:00 2001 From: Sebastian Mark Date: Tue, 3 Sep 2024 17:55:33 +0200 Subject: [PATCH 15/22] refactor(manifests): move _templates into manifests path --- {_templates => manifests/_templates}/argocd_app.libsonnet | 0 manifests/cert-manager/cert-manager.jsonnet | 2 +- manifests/ingress-nginx.jsonnet | 2 +- manifests/keel.jsonnet | 2 +- manifests/monitoring/zabbix-proxy.jsonnet | 2 +- manifests/reloader.jsonnet | 2 +- 6 files changed, 5 insertions(+), 5 deletions(-) rename {_templates => manifests/_templates}/argocd_app.libsonnet (100%) diff --git a/_templates/argocd_app.libsonnet b/manifests/_templates/argocd_app.libsonnet similarity index 100% rename from _templates/argocd_app.libsonnet rename to manifests/_templates/argocd_app.libsonnet diff --git a/manifests/cert-manager/cert-manager.jsonnet b/manifests/cert-manager/cert-manager.jsonnet index 6ea4824..83cf208 100644 --- a/manifests/cert-manager/cert-manager.jsonnet +++ b/manifests/cert-manager/cert-manager.jsonnet @@ -1,4 +1,4 @@ -local app = import "../_templates/argocd_app.libsonnet"; +local app = import "_templates/argocd_app.libsonnet"; [ app + { diff --git a/manifests/ingress-nginx.jsonnet b/manifests/ingress-nginx.jsonnet index 8c6b088..372ae54 100644 --- a/manifests/ingress-nginx.jsonnet +++ b/manifests/ingress-nginx.jsonnet @@ -1,4 +1,4 @@ -local app = import "../_templates/argocd_app.libsonnet"; +local app = import "_templates/argocd_app.libsonnet"; [ app + { diff --git a/manifests/keel.jsonnet b/manifests/keel.jsonnet index bbdbd8a..0b78f8a 100644 --- a/manifests/keel.jsonnet +++ b/manifests/keel.jsonnet @@ -1,4 +1,4 @@ -local app = import "../_templates/argocd_app.libsonnet"; +local app = import "_templates/argocd_app.libsonnet"; [ app + { diff --git a/manifests/monitoring/zabbix-proxy.jsonnet b/manifests/monitoring/zabbix-proxy.jsonnet index 124c7aa..790ba1f 100644 --- a/manifests/monitoring/zabbix-proxy.jsonnet +++ b/manifests/monitoring/zabbix-proxy.jsonnet @@ -1,4 +1,4 @@ -local app = import "../../_templates/argocd_app.libsonnet"; +local app = import "../_templates/argocd_app.libsonnet"; [ app + { diff --git a/manifests/reloader.jsonnet b/manifests/reloader.jsonnet index fdda29e..06471eb 100644 --- a/manifests/reloader.jsonnet +++ b/manifests/reloader.jsonnet @@ -1,4 +1,4 @@ -local app = import "../_templates/argocd_app.libsonnet"; +local app = import "_templates/argocd_app.libsonnet"; [ app + { From 0794c89dba39dcc37f01017f95b3240188c53120 Mon Sep 17 00:00:00 2001 From: Sebastian Mark Date: Tue, 3 Sep 2024 20:14:09 +0200 Subject: [PATCH 16/22] doc: add Zabbix Monitoring section MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - add new section for Zabbix Monitoring in README.md - provide link to Zabbix Kubernetes Monitoring documentation 🤖 --- README.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/README.md b/README.md index b5f81a4..41080b4 100644 --- a/README.md +++ b/README.md @@ -37,6 +37,13 @@ operation: hook: {} ``` +### Zabbix Monitoring + +See: [infrastructure/zabbix-config - Zabbix Kubernetes Monitoring](https://git.smsvc.net/infrastructure/zabbix-config/src/branch/master/Zabbix-Kubernetes.md) + + +## Cloud Setups + ### Linode PROXY protocol needs to be enabled for ingress-nginx to see the clients IP in ingress log. From de0fabd0b1f1d36153e7dd0121a2f98dc352e742 Mon Sep 17 00:00:00 2001 From: Sebastian Mark Date: Tue, 3 Sep 2024 21:31:40 +0200 Subject: [PATCH 17/22] refactor(argocd): split bootstrap files - rename bootstrap files for clarification - remove project and application from argocd-apps values - add new YAML for project configuration - add new YAML for application configuration --- .../{001-argocd.yml => 001-helm-argocd.yml} | 0 argocd-bootstrap/002-argocd-apps.yml | 50 ------------------- argocd-bootstrap/002-helm-argocd-apps.yml | 12 +++++ argocd-bootstrap/003-baseline-project.yml | 17 +++++++ argocd-bootstrap/004-baseline-app.yml | 25 ++++++++++ 5 files changed, 54 insertions(+), 50 deletions(-) rename argocd-bootstrap/{001-argocd.yml => 001-helm-argocd.yml} (100%) delete mode 100644 argocd-bootstrap/002-argocd-apps.yml create mode 100644 argocd-bootstrap/002-helm-argocd-apps.yml create mode 100644 argocd-bootstrap/003-baseline-project.yml create mode 100644 argocd-bootstrap/004-baseline-app.yml diff --git a/argocd-bootstrap/001-argocd.yml b/argocd-bootstrap/001-helm-argocd.yml similarity index 100% rename from argocd-bootstrap/001-argocd.yml rename to argocd-bootstrap/001-helm-argocd.yml diff --git a/argocd-bootstrap/002-argocd-apps.yml b/argocd-bootstrap/002-argocd-apps.yml deleted file mode 100644 index e88b761..0000000 --- a/argocd-bootstrap/002-argocd-apps.yml +++ /dev/null @@ -1,50 +0,0 @@ ---- -apiVersion: helm.cattle.io/v1 -kind: HelmChart -metadata: - name: argocd-apps - namespace: kube-system -spec: - # do not change order! (needed for renovate) - chart: argocd-apps - repo: https://argoproj.github.io/argo-helm - version: 2.0.0 - targetNamespace: argocd - valuesContent: |- - projects: - baseline: - namespace: argocd - finalizers: - - resources-finalizer.argocd.argoproj.io - sourceRepos: - - '*' - destinations: - - namespace: '*' - server: '*' - clusterResourceWhitelist: - - group: '*' - kind: '*' - applications: - baseline: - project: baseline - finalizers: - - resources-finalizer.argocd.argoproj.io - source: - repoURL: 'https://git.smsvc.net/k8s/baseline.git' - targetRevision: HEAD - path: manifests/ - directory: - recurse: true - destination: - server: 'https://kubernetes.default.svc' - namespace: argocd - syncPolicy: - automated: - prune: true - selfHeal: true - retry: - limit: 5 - backoff: - duration: 5s - factor: 2 - maxDuration: 5m diff --git a/argocd-bootstrap/002-helm-argocd-apps.yml b/argocd-bootstrap/002-helm-argocd-apps.yml new file mode 100644 index 0000000..236332b --- /dev/null +++ b/argocd-bootstrap/002-helm-argocd-apps.yml @@ -0,0 +1,12 @@ +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: argocd-apps + namespace: kube-system +spec: + # do not change order! (needed for renovate) + chart: argocd-apps + repo: https://argoproj.github.io/argo-helm + version: 2.0.0 + targetNamespace: argocd diff --git a/argocd-bootstrap/003-baseline-project.yml b/argocd-bootstrap/003-baseline-project.yml new file mode 100644 index 0000000..f8f2eb2 --- /dev/null +++ b/argocd-bootstrap/003-baseline-project.yml @@ -0,0 +1,17 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: AppProject +metadata: + name: baseline + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + sourceRepos: + - '*' + destinations: + - namespace: '*' + server: '*' + clusterResourceWhitelist: + - group: '*' + kind: '*' diff --git a/argocd-bootstrap/004-baseline-app.yml b/argocd-bootstrap/004-baseline-app.yml new file mode 100644 index 0000000..6380054 --- /dev/null +++ b/argocd-bootstrap/004-baseline-app.yml @@ -0,0 +1,25 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: baseline + namespace: argocd +spec: + project: baseline + source: + repoURL: 'https://git.smsvc.net/k8s/baseline.git' + targetRevision: HEAD + path: manifests/ + directory: + recurse: true + destination: + server: 'https://kubernetes.default.svc' + namespace: argocd + syncPolicy: + automated: + prune: true + selfHeal: true + retry: + backoff: + duration: 15s + maxDuration: 30m From 8bc212d5468904be0bdca79243cc163dee52245b Mon Sep 17 00:00:00 2001 From: Sebastian Mark Date: Tue, 3 Sep 2024 22:31:56 +0200 Subject: [PATCH 18/22] doc: add agent registration instructions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - add section on how to get existing server token - add steps to create a new token - add instructions on how to register an agent/worker 🤖 --- README.md | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 41080b4..c774bf3 100644 --- a/README.md +++ b/README.md @@ -18,6 +18,29 @@ `docker compose exec -it k3s kubectl config view --flatten` +### Add Agents + +#### Get Agent Token + +> The secure token format (occasionally referred to as a "full" token) contains the following parts: +> +> :: + +Get existing server token: +`cat /var/lib/docker/volumes/baseline_k3s-data/_data/server/token` + +Create new token: +`docker compose exec -it k3s k3s token create` + +#### Register Agent/Worker + +```bash +export K3S_URL=https://:6443 +export K3S_NODE_NAME= +export K3S_TOKEN= +curl -sfL https://get.k3s.io | sh -s - +``` + ## Notes ### ArgoCD @@ -41,7 +64,6 @@ operation: See: [infrastructure/zabbix-config - Zabbix Kubernetes Monitoring](https://git.smsvc.net/infrastructure/zabbix-config/src/branch/master/Zabbix-Kubernetes.md) - ## Cloud Setups ### Linode From 13cded188f00669103ab8e34dd7691c8c49db86b Mon Sep 17 00:00:00 2001 From: Sebastian Mark Date: Wed, 4 Sep 2024 21:27:49 +0200 Subject: [PATCH 19/22] break: migrate back to bare-metal (and ansible) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - remove docker-compose.yml - add ansible playbook for k3s and argocd deployment - update renovate custom manager for k3s version - update README.md with new instructions 🤖 --- .renovaterc.json | 12 +++++++++ README.md | 8 +++--- docker-compose.yml | 20 --------------- playbook.yml | 61 ++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 77 insertions(+), 24 deletions(-) delete mode 100644 docker-compose.yml create mode 100644 playbook.yml diff --git a/.renovaterc.json b/.renovaterc.json index 5e8645f..05025e2 100644 --- a/.renovaterc.json +++ b/.renovaterc.json @@ -4,6 +4,18 @@ "local>infrastructure/renovate-config" ], "customManagers": [ + { + "customType": "regex", + "description": "k3s", + "fileMatch": [ + "playbook\\.yml" + ], + "matchStrings": [ + "\\s+k3s_version:\\s(?.*)" + ], + "depNameTemplate": "k3s-io/k3s", + "datasourceTemplate": "github-releases" + }, { "customType": "regex", "description": "ArgoCD", diff --git a/README.md b/README.md index c774bf3..e61d651 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# k3s Kubernetes + Baseline +# k3s Kubernetes + ArgoCD + Baseline * [k3s](https://docs.k3s.io/) * [ArgoCD](https://argoproj.github.io/cd/) @@ -10,13 +10,13 @@ * [keel](https://keel.sh) * [reloader](https://github.com/stakater/Reloader) -## Run (k3s + baseline) +## Run (Deploy k3s + ArgoCD + Baseline) -`docker compose up` +`ansible-playbook k3s_boostrap.yml -i ,` ### Get kubeconfig -`docker compose exec -it k3s kubectl config view --flatten` +`cat /etc/rancher/k3s/k3s.yml` ### Add Agents diff --git a/docker-compose.yml b/docker-compose.yml deleted file mode 100644 index 6d22520..0000000 --- a/docker-compose.yml +++ /dev/null @@ -1,20 +0,0 @@ -services: - k3s: - image: rancher/k3s:v1.30.4-k3s1 - command: - - server - - --disable=traefik - - --tls-san=k8s.smsvc.net - hostname: k8s.smsvc.net - restart: always - privileged: true - cgroup: host - network_mode: host - volumes: - - k3s-data:/var/lib/rancher/k3s/ - - k3s-run:/run/ - - ./argocd-bootstrap/:/var/lib/rancher/k3s/server/manifests/argocd-bootstrap/ - -volumes: - k3s-data: - k3s-run: diff --git a/playbook.yml b/playbook.yml new file mode 100644 index 0000000..ea49cd1 --- /dev/null +++ b/playbook.yml @@ -0,0 +1,61 @@ +# vim: set ft=yaml.ansible: +--- +- name: Install k3s server + hosts: all + gather_facts: false + tags: k3s-server + + vars: + k3s_version: v1.30.4+k3s1 + + tasks: + - name: Get k3s installed version + ansible.builtin.command: k3s --version + register: k3s_version_output + check_mode: false + changed_when: false + ignore_errors: true + + - name: Set k3s installed version + when: k3s_version_output.rc == 0 + ansible.builtin.set_fact: + installed_k3s_version: "{{ k3s_version_output.stdout_lines[0].split(' ')[2] }}" + + - name: Download and install/update k3s + when: (k3s_version_output.rc != 0) or (installed_k3s_version != k3s_version) + block: + - name: Download K3s install script + ansible.builtin.get_url: + url: https://get.k3s.io + dest: /usr/local/bin/k3s_install.sh + mode: "755" + - name: Install k3s server + ansible.builtin.command: "k3s_install.sh" + environment: + K3S_NODE_NAME: "{{ inventory_hostname }}" + INSTALL_K3S_CHANNEL: "{{ k3s_version }}" + INSTALL_K3S_EXEC: "--disable=traefik --tls-san {{ inventory_hostname }}" + changed_when: false + + - name: Start and enable k3s server + ansible.builtin.service: + name: k3s.service + state: started + enabled: true + + - name: Add restart cronjob + ansible.builtin.cron: + name: "restart k3s (and regenerate certs if necessary)" + special_time: monthly + job: "systemctl restart k3s" + +- name: Deploy ArgoCD + hosts: all + gather_facts: false + tags: baseline + tasks: + - name: Copy manifest + ansible.builtin.copy: + src: argocd-bootstrap/ + dest: /var/lib/rancher/k3s/server/manifests/argocd-bootstrap/ + mode: "0755" From 3c3cc604e64262f627a0cc9ed18dad809c28c984 Mon Sep 17 00:00:00 2001 From: Sebastian Mark Date: Wed, 4 Sep 2024 21:46:02 +0200 Subject: [PATCH 20/22] feat(cert-manager): move LE issuer to later sync wave --- manifests/cert-manager/letsencrypt-issuers.yml | 2 ++ manifests/cert-manager/selfsigned-issuer.yaml | 1 + 2 files changed, 3 insertions(+) diff --git a/manifests/cert-manager/letsencrypt-issuers.yml b/manifests/cert-manager/letsencrypt-issuers.yml index 6b6c468..bac1b8d 100644 --- a/manifests/cert-manager/letsencrypt-issuers.yml +++ b/manifests/cert-manager/letsencrypt-issuers.yml @@ -6,6 +6,7 @@ metadata: namespace: cert-manager annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + argocd.argoproj.io/sync-wave: "2" spec: acme: server: https://acme-v02.api.letsencrypt.org/directory @@ -23,6 +24,7 @@ metadata: namespace: cert-manager annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + argocd.argoproj.io/sync-wave: "2" spec: acme: server: https://acme-staging-v02.api.letsencrypt.org/directory diff --git a/manifests/cert-manager/selfsigned-issuer.yaml b/manifests/cert-manager/selfsigned-issuer.yaml index 2cc7761..3909d3f 100644 --- a/manifests/cert-manager/selfsigned-issuer.yaml +++ b/manifests/cert-manager/selfsigned-issuer.yaml @@ -6,5 +6,6 @@ metadata: namespace: cert-manager annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + argocd.argoproj.io/sync-wave: "2" spec: selfSigned: {} From c6a3574332bcc8ef7a46ebd752f0af0bd126d31a Mon Sep 17 00:00:00 2001 From: Sebastian Mark Date: Thu, 5 Sep 2024 20:23:14 +0200 Subject: [PATCH 21/22] doc: fix markdown syntax --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e61d651..97cd48c 100644 --- a/README.md +++ b/README.md @@ -24,7 +24,7 @@ > The secure token format (occasionally referred to as a "full" token) contains the following parts: > -> :: +> \\::\ Get existing server token: `cat /var/lib/docker/volumes/baseline_k3s-data/_data/server/token` From f9147665fb3bf12a99752f5b15a10de2111cbf0a Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 5 Sep 2024 18:29:44 +0000 Subject: [PATCH 22/22] chore: update dependency k3s-io/k3s to v1.31.0+k3s1 --- playbook.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playbook.yml b/playbook.yml index ea49cd1..e6adae8 100644 --- a/playbook.yml +++ b/playbook.yml @@ -6,7 +6,7 @@ tags: k3s-server vars: - k3s_version: v1.30.4+k3s1 + k3s_version: v1.31.0+k3s1 tasks: - name: Get k3s installed version