k8s/baseline
k8s/baseline
3
0
Fork 0
Code Issues 1 Pull requests Releases Activity

Compare commits

base: k8s:e2c78fb69adf8629a85ff6e6f47be4be17dde5d3
Branches Tags
k8s:main
...
compare: k8s:f9147665fb3bf12a99752f5b15a10de2111cbf0a
Branches Tags
k8s:main

11 commits
e2c78fb69a ... f9147665fb

Author SHA1 Message Date
Renovate Bot
f9147665fb chore: update dependency k3s-io/k3s to v1.31.0+k3s1 2024-09-12 19:29:50 +02:00
Sebastian Mark
c6a3574332 doc: fix markdown syntax 2024-09-12 19:29:50 +02:00
Sebastian Mark
3c3cc604e6 feat(cert-manager): move LE issuer to later sync wave 2024-09-12 19:29:50 +02:00
Sebastian Mark
13cded188f break: migrate back to bare-metal (and ansible) 
- remove docker-compose.yml
- add ansible playbook for k3s and argocd deployment
- update renovate custom manager for k3s version
- update README.md with new instructions

🤖
 2024-09-12 19:29:50 +02:00
Sebastian Mark
8bc212d546 doc: add agent registration instructions 
- add section on how to get existing server token
- add steps to create a new token
- add instructions on how to register an agent/worker

🤖
 2024-09-12 19:29:50 +02:00
Sebastian Mark
de0fabd0b1 refactor(argocd): split bootstrap files 
- rename bootstrap files for clarification
- remove project and application from argocd-apps values
- add new YAML for project configuration
- add new YAML for application configuration
 2024-09-12 19:29:50 +02:00
Sebastian Mark
0794c89dba doc: add Zabbix Monitoring section 
- add new section for Zabbix Monitoring in README.md
- provide link to Zabbix Kubernetes Monitoring documentation

🤖
 2024-09-12 19:29:50 +02:00
Sebastian Mark
72f4403752 refactor(manifests): move _templates into manifests path 2024-09-12 19:29:50 +02:00
Sebastian Mark
3d1e3d3ae7 refactor(argocd): rename argocd-init -> argocd-bootstrap 2024-09-12 19:29:50 +02:00
Sebastian Mark
1f1681cd43 doc(argo-cd): describe sync via Kubectl 2024-09-12 19:29:50 +02:00
Sebastian Mark
5421b15d4e break: switch from k0s to k3s (in docker) 
- replace k0s with k3s in docker-compose.yml
- remove k0s-config.yaml
  - remove metallb-address-pool
- update .renovaterc.json to match new file structure
- add new argocd-init files for k3s
- update README to reflect changes

🤖
 2024-09-12 19:29:50 +02:00
19 changed files with 210 additions and 143 deletions
Show stats Expand all files Collapse all files

23
.renovaterc.json
View file

@ -6,18 +6,33 @@
"customManagers": [ "customManagers": [
{ {
"customType": "regex", "customType": "regex",
"description": "ArgoCD", "description": "k3s",
"fileMatch": [ "fileMatch": [
"k0s-config\\.yaml$" "playbook\\.yml"
], ],
"matchStrings": [ "matchStrings": [
"\\s+version:\\s(?<currentValue>.*)\\s+#\\s+depName=(?<depName>.*)\\s+repoUrl=(?<registryUrl>.*)" "\\s+k3s_version:\\s(?<currentValue>.*)"
], ],
"depNameTemplate": "k3s-io/k3s",
"datasourceTemplate": "github-releases"
},
{
"customType": "regex",
"description": "ArgoCD",
"fileMatch": [
"^argocd-bootstrap/.*\\.yml$"
],
"matchStrings": [
"\\s+chart:\\s(?<depName>.*)",
"\\s+repo:\\s(?<registryUrl>.*)",
"\\s+version:\\s(?<currentValue>.*)"
],
"matchStringsStrategy": "combination",
"datasourceTemplate": "helm" "datasourceTemplate": "helm"
}, },
{ {
"customType": "regex", "customType": "regex",
"description": "Baseline", "description": "Baseline Manifests",
"fileMatch": [ "fileMatch": [
"\\.jsonnet$" "\\.jsonnet$"
], ],

49
README.md
View file

@ -1,6 +1,6 @@
# k0s Kubernetes + Baseline # k3s Kubernetes + ArgoCD + Baseline
* [k0s](https://docs.k0sproject.io/stable/) * [k3s](https://docs.k3s.io/)
* [ArgoCD](https://argoproj.github.io/cd/) * [ArgoCD](https://argoproj.github.io/cd/)
* [NGINX Ingress Controller](https://kubernetes.github.io/ingress-nginx/) * [NGINX Ingress Controller](https://kubernetes.github.io/ingress-nginx/)
* [cert-manager](https://cert-manager.io/) * [cert-manager](https://cert-manager.io/)
@ -10,13 +10,36 @@
* [keel](https://keel.sh) * [keel](https://keel.sh)
* [reloader](https://github.com/stakater/Reloader) * [reloader](https://github.com/stakater/Reloader)
## Run (k0s + baseline) ## Run (Deploy k3s + ArgoCD + Baseline)
`docker compose up` `ansible-playbook k3s_boostrap.yml -i <host|ip>,`
### Get kubeconfig ### Get kubeconfig
`docker compose exec -it k0s k0s kubeconfig admin` `cat /etc/rancher/k3s/k3s.yml`
### Add Agents
#### Get Agent Token
> The secure token format (occasionally referred to as a "full" token) contains the following parts:
>
> \<prefix\>\<cluster CA hash\>::\<credentials\>
Get existing server token:
`cat /var/lib/docker/volumes/baseline_k3s-data/_data/server/token`
Create new token:
`docker compose exec -it k3s k3s token create`
#### Register Agent/Worker
```bash
export K3S_URL=https://<cpn.fqdn>:6443
export K3S_NODE_NAME=<node.fqdn>
export K3S_TOKEN=<full-token>
curl -sfL https://get.k3s.io | sh -s -
```
## Notes ## Notes
@ -27,6 +50,22 @@ To retrieve the initial admin password use
To change the password follow [Argocd account update password](https://argo-cd.readthedocs.io/en/stable/user-guide/commands/argocd_account_update-password/). To change the password follow [Argocd account update password](https://argo-cd.readthedocs.io/en/stable/user-guide/commands/argocd_account_update-password/).
#### Sync Applications with Kubectl
Add to application:
```yaml
operation:
sync:
syncStrategy:
hook: {}
```
### Zabbix Monitoring
See: [infrastructure/zabbix-config - Zabbix Kubernetes Monitoring](https://git.smsvc.net/infrastructure/zabbix-config/src/branch/master/Zabbix-Kubernetes.md)
## Cloud Setups
### Linode ### Linode
PROXY protocol needs to be enabled for ingress-nginx to see the clients IP in ingress log. PROXY protocol needs to be enabled for ingress-nginx to see the clients IP in ingress log.

5
argocd-bootstrap/000-namespace.yml Normal file
View file

@ -0,0 +1,5 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: argocd

19
argocd-bootstrap/001-helm-argocd.yml Normal file
View file

@ -0,0 +1,19 @@
---
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: argocd
namespace: kube-system
spec:
# do not change order! (needed for renovate)
chart: argo-cd
repo: https://argoproj.github.io/argo-helm
version: 7.5.2
targetNamespace: argocd
valuesContent: |-
applicationSet:
enabled: false
notifications:
enabled: false
dex:
enabled: false

12
argocd-bootstrap/002-helm-argocd-apps.yml Normal file
View file

@ -0,0 +1,12 @@
---
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: argocd-apps
namespace: kube-system
spec:
# do not change order! (needed for renovate)
chart: argocd-apps
repo: https://argoproj.github.io/argo-helm
version: 2.0.0
targetNamespace: argocd

17
argocd-bootstrap/003-baseline-project.yml Normal file
View file

@ -0,0 +1,17 @@
---
apiVersion: argoproj.io/v1alpha1
kind: AppProject
metadata:
name: baseline
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
sourceRepos:
- '*'
destinations:
- namespace: '*'
server: '*'
clusterResourceWhitelist:
- group: '*'
kind: '*'

25
argocd-bootstrap/004-baseline-app.yml Normal file
View file

@ -0,0 +1,25 @@
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: baseline
namespace: argocd
spec:
project: baseline
source:
repoURL: 'https://git.smsvc.net/k8s/baseline.git'
targetRevision: HEAD
path: manifests/
directory:
recurse: true
destination:
server: 'https://kubernetes.default.svc'
namespace: argocd
syncPolicy:
automated:
prune: true
selfHeal: true
retry:
backoff:
duration: 15s
maxDuration: 30m

22
docker-compose.yml
View file

@ -1,22 +0,0 @@
services:
k0s:
image: docker.io/k0sproject/k0s:v1.30.4-k0s.0
command: k0s controller --config=/etc/k0s/config.yaml --enable-worker --no-taints
restart: always
stop_grace_period: 15s
hostname: k8s.smsvc.net
privileged: true
cgroup: host
network_mode: host
volumes:
- k0s-data:/var/lib/k0s/
- k0s-run:/run/
- k0s-storage:/var/openebs/
- k0s-run-udev:/run/udev
- ./k0s-config.yaml:/etc/k0s/config.yaml
volumes:
k0s-data:
k0s-run:
k0s-storage:
k0s-run-udev:

97
k0s-config.yaml
View file

@ -1,97 +0,0 @@
---
apiVersion: k0s.k0sproject.io/v1beta1
kind: ClusterConfig
metadata:
name: k0s
spec:
api:
sans:
- k8s.smsvc.net
telemetry:
enabled: false
extensions:
helm:
repositories:
- name: argocd
url: https://argoproj.github.io/argo-helm
- name: metallb
url: https://metallb.github.io/metallb
- name: openebs-internal
url: https://openebs.github.io/charts
charts:
- name: openebs
chartname: openebs-internal/openebs
version: 3.10.0 # depName=openebs repoUrl=https://openebs.github.io/charts
namespace: openebs
order: 0
values: |
localprovisioner:
hostpathClass:
enabled: true
isDefaultClass: true
- name: metallb
chartname: metallb/metallb
version: 0.14.8 # depName=metallb repoUrl=https://metallb.github.io/metallb
namespace: metallb
order: 0
- name: argocd
chartname: argocd/argo-cd
version: 7.5.0 # depName=argo-cd repoUrl=https://argoproj.github.io/argo-helm
namespace: argocd
order: 1
values: |
applicationSet:
enabled: false
notifications:
enabled: false
dex:
enabled: false
- name: argocd-apps
chartname: argocd/argocd-apps
version: 2.0.0 # depName=argocd-apps repoUrl=https://argoproj.github.io/argo-helm
namespace: argocd
order: 2
values: |
projects:
baseline:
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
sourceRepos:
- '*'
destinations:
- namespace: '*'
server: '*'
clusterResourceWhitelist:
- group: '*'
kind: '*'
applications:
baseline:
project: baseline
finalizers:
- resources-finalizer.argocd.argoproj.io
source:
repoURL: 'https://git.smsvc.net/k8s/baseline.git'
targetRevision: HEAD
path: manifests/
directory:
recurse: true
destination:
server: 'https://kubernetes.default.svc'
namespace: argocd
syncPolicy:
automated:
prune: true
selfHeal: true
retry:
limit: 5
backoff:
duration: 5s
factor: 2
maxDuration: 5m

0
_templates/argocd_app.libsonnet → manifests/_templates/argocd_app.libsonnet
View file

2
manifests/cert-manager/cert-manager.jsonnet
View file

@ -1,4 +1,4 @@
local app = import "../_templates/argocd_app.libsonnet"; local app = import "_templates/argocd_app.libsonnet";
[ [
app + { app + {

2
manifests/cert-manager/letsencrypt-issuers.yml
View file

@ -6,6 +6,7 @@ metadata:
namespace: cert-manager namespace: cert-manager
annotations: annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "2"
spec: spec:
acme: acme:
server: https://acme-v02.api.letsencrypt.org/directory server: https://acme-v02.api.letsencrypt.org/directory
@ -23,6 +24,7 @@ metadata:
namespace: cert-manager namespace: cert-manager
annotations: annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "2"
spec: spec:
acme: acme:
server: https://acme-staging-v02.api.letsencrypt.org/directory server: https://acme-staging-v02.api.letsencrypt.org/directory

1
manifests/cert-manager/selfsigned-issuer.yaml
View file

@ -6,5 +6,6 @@ metadata:
namespace: cert-manager namespace: cert-manager
annotations: annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "2"
spec: spec:
selfSigned: {} selfSigned: {}

2
manifests/ingress-nginx.jsonnet
View file

@ -1,4 +1,4 @@
local app = import "../_templates/argocd_app.libsonnet"; local app = import "_templates/argocd_app.libsonnet";
[ [
app + { app + {

2
manifests/keel.jsonnet
View file

@ -1,4 +1,4 @@
local app = import "../_templates/argocd_app.libsonnet"; local app = import "_templates/argocd_app.libsonnet";
[ [
app + { app + {

10
manifests/metallb-address-pool.yml
View file

@ -1,10 +0,0 @@
---
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: metallb-address-pool
namespace: metallb
annotations:
spec:
addresses:
- 194.55.14.183/32

2
manifests/monitoring/zabbix-proxy.jsonnet
View file

@ -1,4 +1,4 @@
local app = import "../../_templates/argocd_app.libsonnet"; local app = import "../_templates/argocd_app.libsonnet";
[ [
app + { app + {

2
manifests/reloader.jsonnet
View file

@ -1,4 +1,4 @@
local app = import "../_templates/argocd_app.libsonnet"; local app = import "_templates/argocd_app.libsonnet";
[ [
app + { app + {

61
playbook.yml Normal file
View file

@ -0,0 +1,61 @@
# vim: set ft=yaml.ansible:
---
- name: Install k3s server
hosts: all
gather_facts: false
tags: k3s-server
vars:
k3s_version: v1.31.0+k3s1
tasks:
- name: Get k3s installed version
ansible.builtin.command: k3s --version
register: k3s_version_output
check_mode: false
changed_when: false
ignore_errors: true
- name: Set k3s installed version
when: k3s_version_output.rc == 0
ansible.builtin.set_fact:
installed_k3s_version: "{{ k3s_version_output.stdout_lines[0].split(' ')[2] }}"
- name: Download and install/update k3s
when: (k3s_version_output.rc != 0) or (installed_k3s_version != k3s_version)
block:
- name: Download K3s install script
ansible.builtin.get_url:
url: https://get.k3s.io
dest: /usr/local/bin/k3s_install.sh
mode: "755"
- name: Install k3s server
ansible.builtin.command: "k3s_install.sh"
environment:
K3S_NODE_NAME: "{{ inventory_hostname }}"
INSTALL_K3S_CHANNEL: "{{ k3s_version }}"
INSTALL_K3S_EXEC: "--disable=traefik --tls-san {{ inventory_hostname }}"
changed_when: false
- name: Start and enable k3s server
ansible.builtin.service:
name: k3s.service
state: started
enabled: true
- name: Add restart cronjob
ansible.builtin.cron:
name: "restart k3s (and regenerate certs if necessary)"
special_time: monthly
job: "systemctl restart k3s"
- name: Deploy ArgoCD
hosts: all
gather_facts: false
tags: baseline
tasks:
- name: Copy manifest
ansible.builtin.copy:
src: argocd-bootstrap/
dest: /var/lib/rancher/k3s/server/manifests/argocd-bootstrap/
mode: "0755"