Compare commits

...

11 commits

Author SHA1 Message Date
e2c78fb69a chore: update dependency k3s-io/k3s to v1.31.0+k3s1 2024-09-05 18:29:44 +00:00
6694527236 doc: fix markdown syntax 2024-09-05 20:24:16 +02:00
4e81b3dc8f feat(cert-manager): move LE issuer to later sync wave 2024-09-05 20:24:08 +02:00
caa10cc8fa break: migrate back to bare-metal (and ansible)
- remove docker-compose.yml
- add ansible playbook for k3s and argocd deployment
- update renovate custom manager for k3s version
- update README.md with new instructions

🤖
2024-09-05 20:24:01 +02:00
6e5423ffb4 doc: add agent registration instructions
- add section on how to get existing server token
- add steps to create a new token
- add instructions on how to register an agent/worker

🤖
2024-09-04 14:08:33 +02:00
24e08ab096 refactor(argocd): split bootstrap files
- rename bootstrap files for clarification
- remove project and application from argocd-apps values
- add new YAML for project configuration
- add new YAML for application configuration
2024-09-04 14:08:33 +02:00
1e3c674e89 doc: add Zabbix Monitoring section
- add new section for Zabbix Monitoring in README.md
- provide link to Zabbix Kubernetes Monitoring documentation

🤖
2024-09-04 14:08:33 +02:00
566c55aaee refactor(manifests): move _templates into manifests path 2024-09-04 14:08:33 +02:00
de60e45171 refactor(argocd): rename argocd-init -> argocd-bootstrap 2024-09-04 14:08:33 +02:00
d034522a43 doc(argo-cd): describe sync via Kubectl 2024-09-04 14:08:33 +02:00
8b7b24f840 break: switch from k0s to k3s (in docker)
- replace k0s with k3s in docker-compose.yml
- remove k0s-config.yaml
  - remove metallb-address-pool
- update .renovaterc.json to match new file structure
- add new argocd-init files for k3s
- update README to reflect changes

🤖
2024-09-04 14:08:28 +02:00
19 changed files with 210 additions and 143 deletions

View file

@ -6,18 +6,33 @@
"customManagers": [ "customManagers": [
{ {
"customType": "regex", "customType": "regex",
"description": "ArgoCD", "description": "k3s",
"fileMatch": [ "fileMatch": [
"k0s-config\\.yaml$" "playbook\\.yml"
], ],
"matchStrings": [ "matchStrings": [
"\\s+version:\\s(?<currentValue>.*)\\s+#\\s+depName=(?<depName>.*)\\s+repoUrl=(?<registryUrl>.*)" "\\s+k3s_version:\\s(?<currentValue>.*)"
], ],
"depNameTemplate": "k3s-io/k3s",
"datasourceTemplate": "github-releases"
},
{
"customType": "regex",
"description": "ArgoCD",
"fileMatch": [
"^argocd-init/.*\\.yml$"
],
"matchStrings": [
"\\s+chart:\\s(?<depName>.*)",
"\\s+repo:\\s(?<registryUrl>.*)",
"\\s+version:\\s(?<currentValue>.*)"
],
"matchStringsStrategy": "combination",
"datasourceTemplate": "helm" "datasourceTemplate": "helm"
}, },
{ {
"customType": "regex", "customType": "regex",
"description": "Baseline", "description": "Baseline Manifests",
"fileMatch": [ "fileMatch": [
"\\.jsonnet$" "\\.jsonnet$"
], ],

View file

@ -1,6 +1,6 @@
# k0s Kubernetes + Baseline # k3s Kubernetes + ArgoCD + Baseline
* [k0s](https://docs.k0sproject.io/stable/) * [k3s](https://docs.k3s.io/)
* [ArgoCD](https://argoproj.github.io/cd/) * [ArgoCD](https://argoproj.github.io/cd/)
* [NGINX Ingress Controller](https://kubernetes.github.io/ingress-nginx/) * [NGINX Ingress Controller](https://kubernetes.github.io/ingress-nginx/)
* [cert-manager](https://cert-manager.io/) * [cert-manager](https://cert-manager.io/)
@ -10,13 +10,36 @@
* [keel](https://keel.sh) * [keel](https://keel.sh)
* [reloader](https://github.com/stakater/Reloader) * [reloader](https://github.com/stakater/Reloader)
## Run (k0s + baseline) ## Run (Deploy k3s + ArgoCD + Baseline)
`docker compose up` `ansible-playbook k3s_boostrap.yml -i <host|ip>,`
### Get kubeconfig ### Get kubeconfig
`docker compose exec -it k0s k0s kubeconfig admin` `cat /etc/rancher/k3s/k3s.yml`
### Add Agents
#### Get Agent Token
> The secure token format (occasionally referred to as a "full" token) contains the following parts:
>
> \<prefix\>\<cluster CA hash\>::\<credentials\>
Get existing server token:
`cat /var/lib/docker/volumes/baseline_k3s-data/_data/server/token`
Create new token:
`docker compose exec -it k3s k3s token create`
#### Register Agent/Worker
```bash
export K3S_URL=https://<cpn.fqdn>:6443
export K3S_NODE_NAME=<node.fqdn>
export K3S_TOKEN=<full-token>
curl -sfL https://get.k3s.io | sh -s -
```
## Notes ## Notes
@ -27,6 +50,22 @@ To retrieve the initial admin password use
To change the password follow [Argocd account update password](https://argo-cd.readthedocs.io/en/stable/user-guide/commands/argocd_account_update-password/). To change the password follow [Argocd account update password](https://argo-cd.readthedocs.io/en/stable/user-guide/commands/argocd_account_update-password/).
#### Sync Applications with Kubectl
Add to application:
```yaml
operation:
sync:
syncStrategy:
hook: {}
```
### Zabbix Monitoring
See: [infrastructure/zabbix-config - Zabbix Kubernetes Monitoring](https://git.smsvc.net/infrastructure/zabbix-config/src/branch/master/Zabbix-Kubernetes.md)
## Cloud Setups
### Linode ### Linode
PROXY protocol needs to be enabled for ingress-nginx to see the clients IP in ingress log. PROXY protocol needs to be enabled for ingress-nginx to see the clients IP in ingress log.

View file

@ -0,0 +1,5 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: argocd

View file

@ -0,0 +1,19 @@
---
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: argocd
namespace: kube-system
spec:
# do not change order! (needed for renovate)
chart: argo-cd
repo: https://argoproj.github.io/argo-helm
version: 7.5.2
targetNamespace: argocd
valuesContent: |-
applicationSet:
enabled: false
notifications:
enabled: false
dex:
enabled: false

View file

@ -0,0 +1,12 @@
---
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: argocd-apps
namespace: kube-system
spec:
# do not change order! (needed for renovate)
chart: argocd-apps
repo: https://argoproj.github.io/argo-helm
version: 2.0.0
targetNamespace: argocd

View file

@ -0,0 +1,17 @@
---
apiVersion: argoproj.io/v1alpha1
kind: AppProject
metadata:
name: baseline
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
sourceRepos:
- '*'
destinations:
- namespace: '*'
server: '*'
clusterResourceWhitelist:
- group: '*'
kind: '*'

View file

@ -0,0 +1,25 @@
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: baseline
namespace: argocd
spec:
project: baseline
source:
repoURL: 'https://git.smsvc.net/k8s/baseline.git'
targetRevision: HEAD
path: manifests/
directory:
recurse: true
destination:
server: 'https://kubernetes.default.svc'
namespace: argocd
syncPolicy:
automated:
prune: true
selfHeal: true
retry:
backoff:
duration: 15s
maxDuration: 30m

View file

@ -1,22 +0,0 @@
services:
k0s:
image: docker.io/k0sproject/k0s:v1.30.4-k0s.0
command: k0s controller --config=/etc/k0s/config.yaml --enable-worker --no-taints
restart: always
stop_grace_period: 15s
hostname: k8s.smsvc.net
privileged: true
cgroup: host
network_mode: host
volumes:
- k0s-data:/var/lib/k0s/
- k0s-run:/run/
- k0s-storage:/var/openebs/
- k0s-run-udev:/run/udev
- ./k0s-config.yaml:/etc/k0s/config.yaml
volumes:
k0s-data:
k0s-run:
k0s-storage:
k0s-run-udev:

View file

@ -1,97 +0,0 @@
---
apiVersion: k0s.k0sproject.io/v1beta1
kind: ClusterConfig
metadata:
name: k0s
spec:
api:
sans:
- k8s.smsvc.net
telemetry:
enabled: false
extensions:
helm:
repositories:
- name: argocd
url: https://argoproj.github.io/argo-helm
- name: metallb
url: https://metallb.github.io/metallb
- name: openebs-internal
url: https://openebs.github.io/charts
charts:
- name: openebs
chartname: openebs-internal/openebs
version: 3.10.0 # depName=openebs repoUrl=https://openebs.github.io/charts
namespace: openebs
order: 0
values: |
localprovisioner:
hostpathClass:
enabled: true
isDefaultClass: true
- name: metallb
chartname: metallb/metallb
version: 0.14.8 # depName=metallb repoUrl=https://metallb.github.io/metallb
namespace: metallb
order: 0
- name: argocd
chartname: argocd/argo-cd
version: 7.5.0 # depName=argo-cd repoUrl=https://argoproj.github.io/argo-helm
namespace: argocd
order: 1
values: |
applicationSet:
enabled: false
notifications:
enabled: false
dex:
enabled: false
- name: argocd-apps
chartname: argocd/argocd-apps
version: 2.0.0 # depName=argocd-apps repoUrl=https://argoproj.github.io/argo-helm
namespace: argocd
order: 2
values: |
projects:
baseline:
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
sourceRepos:
- '*'
destinations:
- namespace: '*'
server: '*'
clusterResourceWhitelist:
- group: '*'
kind: '*'
applications:
baseline:
project: baseline
finalizers:
- resources-finalizer.argocd.argoproj.io
source:
repoURL: 'https://git.smsvc.net/k8s/baseline.git'
targetRevision: HEAD
path: manifests/
directory:
recurse: true
destination:
server: 'https://kubernetes.default.svc'
namespace: argocd
syncPolicy:
automated:
prune: true
selfHeal: true
retry:
limit: 5
backoff:
duration: 5s
factor: 2
maxDuration: 5m

View file

@ -1,4 +1,4 @@
local app = import "../_templates/argocd_app.libsonnet"; local app = import "_templates/argocd_app.libsonnet";
[ [
app + { app + {

View file

@ -6,6 +6,7 @@ metadata:
namespace: cert-manager namespace: cert-manager
annotations: annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "2"
spec: spec:
acme: acme:
server: https://acme-v02.api.letsencrypt.org/directory server: https://acme-v02.api.letsencrypt.org/directory
@ -23,6 +24,7 @@ metadata:
namespace: cert-manager namespace: cert-manager
annotations: annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "2"
spec: spec:
acme: acme:
server: https://acme-staging-v02.api.letsencrypt.org/directory server: https://acme-staging-v02.api.letsencrypt.org/directory

View file

@ -6,5 +6,6 @@ metadata:
namespace: cert-manager namespace: cert-manager
annotations: annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "2"
spec: spec:
selfSigned: {} selfSigned: {}

View file

@ -1,4 +1,4 @@
local app = import "../_templates/argocd_app.libsonnet"; local app = import "_templates/argocd_app.libsonnet";
[ [
app + { app + {

View file

@ -1,4 +1,4 @@
local app = import "../_templates/argocd_app.libsonnet"; local app = import "_templates/argocd_app.libsonnet";
[ [
app + { app + {

View file

@ -1,10 +0,0 @@
---
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: metallb-address-pool
namespace: metallb
annotations:
spec:
addresses:
- 194.55.14.183/32

View file

@ -1,4 +1,4 @@
local app = import "../../_templates/argocd_app.libsonnet"; local app = import "../_templates/argocd_app.libsonnet";
[ [
app + { app + {

View file

@ -1,4 +1,4 @@
local app = import "../_templates/argocd_app.libsonnet"; local app = import "_templates/argocd_app.libsonnet";
[ [
app + { app + {

61
playbook.yml Normal file
View file

@ -0,0 +1,61 @@
# vim: set ft=yaml.ansible:
---
- name: Install k3s server
hosts: all
gather_facts: false
tags: k3s-server
vars:
k3s_version: v1.31.0+k3s1
tasks:
- name: Get k3s installed version
ansible.builtin.command: k3s --version
register: k3s_version_output
check_mode: false
changed_when: false
ignore_errors: true
- name: Set k3s installed version
when: k3s_version_output.rc == 0
ansible.builtin.set_fact:
installed_k3s_version: "{{ k3s_version_output.stdout_lines[0].split(' ')[2] }}"
- name: Download and install/update k3s
when: (k3s_version_output.rc != 0) or (installed_k3s_version != k3s_version)
block:
- name: Download K3s install script
ansible.builtin.get_url:
url: https://get.k3s.io
dest: /usr/local/bin/k3s_install.sh
mode: "755"
- name: Install k3s server
ansible.builtin.command: "k3s_install.sh"
environment:
K3S_NODE_NAME: "{{ inventory_hostname }}"
INSTALL_K3S_CHANNEL: "{{ k3s_version }}"
INSTALL_K3S_EXEC: "--disable=traefik --tls-san {{ inventory_hostname }}"
changed_when: false
- name: Start and enable k3s server
ansible.builtin.service:
name: k3s.service
state: started
enabled: true
- name: Add restart cronjob
ansible.builtin.cron:
name: "restart k3s (and regenerate certs if necessary)"
special_time: monthly
job: "systemctl restart k3s"
- name: Deploy ArgoCD
hosts: all
gather_facts: false
tags: baseline
tasks:
- name: Copy manifest
ansible.builtin.copy:
src: argocd-bootstrap/
dest: /var/lib/rancher/k3s/server/manifests/argocd-bootstrap/
mode: "0755"