Compare commits
11 commits
f9147665fb
...
e2c78fb69a
Author | SHA1 | Date | |
---|---|---|---|
e2c78fb69a | |||
6694527236 | |||
4e81b3dc8f | |||
caa10cc8fa | |||
6e5423ffb4 | |||
24e08ab096 | |||
1e3c674e89 | |||
566c55aaee | |||
de60e45171 | |||
d034522a43 | |||
8b7b24f840 |
19 changed files with 210 additions and 143 deletions
|
@ -6,18 +6,33 @@
|
||||||
"customManagers": [
|
"customManagers": [
|
||||||
{
|
{
|
||||||
"customType": "regex",
|
"customType": "regex",
|
||||||
"description": "ArgoCD",
|
"description": "k3s",
|
||||||
"fileMatch": [
|
"fileMatch": [
|
||||||
"k0s-config\\.yaml$"
|
"playbook\\.yml"
|
||||||
],
|
],
|
||||||
"matchStrings": [
|
"matchStrings": [
|
||||||
"\\s+version:\\s(?<currentValue>.*)\\s+#\\s+depName=(?<depName>.*)\\s+repoUrl=(?<registryUrl>.*)"
|
"\\s+k3s_version:\\s(?<currentValue>.*)"
|
||||||
],
|
],
|
||||||
|
"depNameTemplate": "k3s-io/k3s",
|
||||||
|
"datasourceTemplate": "github-releases"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"customType": "regex",
|
||||||
|
"description": "ArgoCD",
|
||||||
|
"fileMatch": [
|
||||||
|
"^argocd-init/.*\\.yml$"
|
||||||
|
],
|
||||||
|
"matchStrings": [
|
||||||
|
"\\s+chart:\\s(?<depName>.*)",
|
||||||
|
"\\s+repo:\\s(?<registryUrl>.*)",
|
||||||
|
"\\s+version:\\s(?<currentValue>.*)"
|
||||||
|
],
|
||||||
|
"matchStringsStrategy": "combination",
|
||||||
"datasourceTemplate": "helm"
|
"datasourceTemplate": "helm"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"customType": "regex",
|
"customType": "regex",
|
||||||
"description": "Baseline",
|
"description": "Baseline Manifests",
|
||||||
"fileMatch": [
|
"fileMatch": [
|
||||||
"\\.jsonnet$"
|
"\\.jsonnet$"
|
||||||
],
|
],
|
||||||
|
|
49
README.md
49
README.md
|
@ -1,6 +1,6 @@
|
||||||
# k0s Kubernetes + Baseline
|
# k3s Kubernetes + ArgoCD + Baseline
|
||||||
|
|
||||||
* [k0s](https://docs.k0sproject.io/stable/)
|
* [k3s](https://docs.k3s.io/)
|
||||||
* [ArgoCD](https://argoproj.github.io/cd/)
|
* [ArgoCD](https://argoproj.github.io/cd/)
|
||||||
* [NGINX Ingress Controller](https://kubernetes.github.io/ingress-nginx/)
|
* [NGINX Ingress Controller](https://kubernetes.github.io/ingress-nginx/)
|
||||||
* [cert-manager](https://cert-manager.io/)
|
* [cert-manager](https://cert-manager.io/)
|
||||||
|
@ -10,13 +10,36 @@
|
||||||
* [keel](https://keel.sh)
|
* [keel](https://keel.sh)
|
||||||
* [reloader](https://github.com/stakater/Reloader)
|
* [reloader](https://github.com/stakater/Reloader)
|
||||||
|
|
||||||
## Run (k0s + baseline)
|
## Run (Deploy k3s + ArgoCD + Baseline)
|
||||||
|
|
||||||
`docker compose up`
|
`ansible-playbook k3s_boostrap.yml -i <host|ip>,`
|
||||||
|
|
||||||
### Get kubeconfig
|
### Get kubeconfig
|
||||||
|
|
||||||
`docker compose exec -it k0s k0s kubeconfig admin`
|
`cat /etc/rancher/k3s/k3s.yml`
|
||||||
|
|
||||||
|
### Add Agents
|
||||||
|
|
||||||
|
#### Get Agent Token
|
||||||
|
|
||||||
|
> The secure token format (occasionally referred to as a "full" token) contains the following parts:
|
||||||
|
>
|
||||||
|
> \<prefix\>\<cluster CA hash\>::\<credentials\>
|
||||||
|
|
||||||
|
Get existing server token:
|
||||||
|
`cat /var/lib/docker/volumes/baseline_k3s-data/_data/server/token`
|
||||||
|
|
||||||
|
Create new token:
|
||||||
|
`docker compose exec -it k3s k3s token create`
|
||||||
|
|
||||||
|
#### Register Agent/Worker
|
||||||
|
|
||||||
|
```bash
|
||||||
|
export K3S_URL=https://<cpn.fqdn>:6443
|
||||||
|
export K3S_NODE_NAME=<node.fqdn>
|
||||||
|
export K3S_TOKEN=<full-token>
|
||||||
|
curl -sfL https://get.k3s.io | sh -s -
|
||||||
|
```
|
||||||
|
|
||||||
## Notes
|
## Notes
|
||||||
|
|
||||||
|
@ -27,6 +50,22 @@ To retrieve the initial admin password use
|
||||||
|
|
||||||
To change the password follow [Argocd account update password](https://argo-cd.readthedocs.io/en/stable/user-guide/commands/argocd_account_update-password/).
|
To change the password follow [Argocd account update password](https://argo-cd.readthedocs.io/en/stable/user-guide/commands/argocd_account_update-password/).
|
||||||
|
|
||||||
|
#### Sync Applications with Kubectl
|
||||||
|
|
||||||
|
Add to application:
|
||||||
|
```yaml
|
||||||
|
operation:
|
||||||
|
sync:
|
||||||
|
syncStrategy:
|
||||||
|
hook: {}
|
||||||
|
```
|
||||||
|
|
||||||
|
### Zabbix Monitoring
|
||||||
|
|
||||||
|
See: [infrastructure/zabbix-config - Zabbix Kubernetes Monitoring](https://git.smsvc.net/infrastructure/zabbix-config/src/branch/master/Zabbix-Kubernetes.md)
|
||||||
|
|
||||||
|
## Cloud Setups
|
||||||
|
|
||||||
### Linode
|
### Linode
|
||||||
|
|
||||||
PROXY protocol needs to be enabled for ingress-nginx to see the clients IP in ingress log.
|
PROXY protocol needs to be enabled for ingress-nginx to see the clients IP in ingress log.
|
||||||
|
|
5
argocd-bootstrap/000-namespace.yml
Normal file
5
argocd-bootstrap/000-namespace.yml
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: argocd
|
19
argocd-bootstrap/001-helm-argocd.yml
Normal file
19
argocd-bootstrap/001-helm-argocd.yml
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
---
|
||||||
|
apiVersion: helm.cattle.io/v1
|
||||||
|
kind: HelmChart
|
||||||
|
metadata:
|
||||||
|
name: argocd
|
||||||
|
namespace: kube-system
|
||||||
|
spec:
|
||||||
|
# do not change order! (needed for renovate)
|
||||||
|
chart: argo-cd
|
||||||
|
repo: https://argoproj.github.io/argo-helm
|
||||||
|
version: 7.5.2
|
||||||
|
targetNamespace: argocd
|
||||||
|
valuesContent: |-
|
||||||
|
applicationSet:
|
||||||
|
enabled: false
|
||||||
|
notifications:
|
||||||
|
enabled: false
|
||||||
|
dex:
|
||||||
|
enabled: false
|
12
argocd-bootstrap/002-helm-argocd-apps.yml
Normal file
12
argocd-bootstrap/002-helm-argocd-apps.yml
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
---
|
||||||
|
apiVersion: helm.cattle.io/v1
|
||||||
|
kind: HelmChart
|
||||||
|
metadata:
|
||||||
|
name: argocd-apps
|
||||||
|
namespace: kube-system
|
||||||
|
spec:
|
||||||
|
# do not change order! (needed for renovate)
|
||||||
|
chart: argocd-apps
|
||||||
|
repo: https://argoproj.github.io/argo-helm
|
||||||
|
version: 2.0.0
|
||||||
|
targetNamespace: argocd
|
17
argocd-bootstrap/003-baseline-project.yml
Normal file
17
argocd-bootstrap/003-baseline-project.yml
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
---
|
||||||
|
apiVersion: argoproj.io/v1alpha1
|
||||||
|
kind: AppProject
|
||||||
|
metadata:
|
||||||
|
name: baseline
|
||||||
|
namespace: argocd
|
||||||
|
finalizers:
|
||||||
|
- resources-finalizer.argocd.argoproj.io
|
||||||
|
spec:
|
||||||
|
sourceRepos:
|
||||||
|
- '*'
|
||||||
|
destinations:
|
||||||
|
- namespace: '*'
|
||||||
|
server: '*'
|
||||||
|
clusterResourceWhitelist:
|
||||||
|
- group: '*'
|
||||||
|
kind: '*'
|
25
argocd-bootstrap/004-baseline-app.yml
Normal file
25
argocd-bootstrap/004-baseline-app.yml
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
---
|
||||||
|
apiVersion: argoproj.io/v1alpha1
|
||||||
|
kind: Application
|
||||||
|
metadata:
|
||||||
|
name: baseline
|
||||||
|
namespace: argocd
|
||||||
|
spec:
|
||||||
|
project: baseline
|
||||||
|
source:
|
||||||
|
repoURL: 'https://git.smsvc.net/k8s/baseline.git'
|
||||||
|
targetRevision: HEAD
|
||||||
|
path: manifests/
|
||||||
|
directory:
|
||||||
|
recurse: true
|
||||||
|
destination:
|
||||||
|
server: 'https://kubernetes.default.svc'
|
||||||
|
namespace: argocd
|
||||||
|
syncPolicy:
|
||||||
|
automated:
|
||||||
|
prune: true
|
||||||
|
selfHeal: true
|
||||||
|
retry:
|
||||||
|
backoff:
|
||||||
|
duration: 15s
|
||||||
|
maxDuration: 30m
|
|
@ -1,22 +0,0 @@
|
||||||
services:
|
|
||||||
k0s:
|
|
||||||
image: docker.io/k0sproject/k0s:v1.30.4-k0s.0
|
|
||||||
command: k0s controller --config=/etc/k0s/config.yaml --enable-worker --no-taints
|
|
||||||
restart: always
|
|
||||||
stop_grace_period: 15s
|
|
||||||
hostname: k8s.smsvc.net
|
|
||||||
privileged: true
|
|
||||||
cgroup: host
|
|
||||||
network_mode: host
|
|
||||||
volumes:
|
|
||||||
- k0s-data:/var/lib/k0s/
|
|
||||||
- k0s-run:/run/
|
|
||||||
- k0s-storage:/var/openebs/
|
|
||||||
- k0s-run-udev:/run/udev
|
|
||||||
- ./k0s-config.yaml:/etc/k0s/config.yaml
|
|
||||||
|
|
||||||
volumes:
|
|
||||||
k0s-data:
|
|
||||||
k0s-run:
|
|
||||||
k0s-storage:
|
|
||||||
k0s-run-udev:
|
|
|
@ -1,97 +0,0 @@
|
||||||
---
|
|
||||||
apiVersion: k0s.k0sproject.io/v1beta1
|
|
||||||
kind: ClusterConfig
|
|
||||||
metadata:
|
|
||||||
name: k0s
|
|
||||||
spec:
|
|
||||||
|
|
||||||
api:
|
|
||||||
sans:
|
|
||||||
- k8s.smsvc.net
|
|
||||||
|
|
||||||
telemetry:
|
|
||||||
enabled: false
|
|
||||||
|
|
||||||
extensions:
|
|
||||||
helm:
|
|
||||||
repositories:
|
|
||||||
- name: argocd
|
|
||||||
url: https://argoproj.github.io/argo-helm
|
|
||||||
- name: metallb
|
|
||||||
url: https://metallb.github.io/metallb
|
|
||||||
- name: openebs-internal
|
|
||||||
url: https://openebs.github.io/charts
|
|
||||||
|
|
||||||
charts:
|
|
||||||
- name: openebs
|
|
||||||
chartname: openebs-internal/openebs
|
|
||||||
version: 3.10.0 # depName=openebs repoUrl=https://openebs.github.io/charts
|
|
||||||
namespace: openebs
|
|
||||||
order: 0
|
|
||||||
values: |
|
|
||||||
localprovisioner:
|
|
||||||
hostpathClass:
|
|
||||||
enabled: true
|
|
||||||
isDefaultClass: true
|
|
||||||
|
|
||||||
- name: metallb
|
|
||||||
chartname: metallb/metallb
|
|
||||||
version: 0.14.8 # depName=metallb repoUrl=https://metallb.github.io/metallb
|
|
||||||
namespace: metallb
|
|
||||||
order: 0
|
|
||||||
|
|
||||||
- name: argocd
|
|
||||||
chartname: argocd/argo-cd
|
|
||||||
version: 7.5.0 # depName=argo-cd repoUrl=https://argoproj.github.io/argo-helm
|
|
||||||
namespace: argocd
|
|
||||||
order: 1
|
|
||||||
values: |
|
|
||||||
applicationSet:
|
|
||||||
enabled: false
|
|
||||||
notifications:
|
|
||||||
enabled: false
|
|
||||||
dex:
|
|
||||||
enabled: false
|
|
||||||
- name: argocd-apps
|
|
||||||
chartname: argocd/argocd-apps
|
|
||||||
version: 2.0.0 # depName=argocd-apps repoUrl=https://argoproj.github.io/argo-helm
|
|
||||||
namespace: argocd
|
|
||||||
order: 2
|
|
||||||
values: |
|
|
||||||
projects:
|
|
||||||
baseline:
|
|
||||||
namespace: argocd
|
|
||||||
finalizers:
|
|
||||||
- resources-finalizer.argocd.argoproj.io
|
|
||||||
sourceRepos:
|
|
||||||
- '*'
|
|
||||||
destinations:
|
|
||||||
- namespace: '*'
|
|
||||||
server: '*'
|
|
||||||
clusterResourceWhitelist:
|
|
||||||
- group: '*'
|
|
||||||
kind: '*'
|
|
||||||
applications:
|
|
||||||
baseline:
|
|
||||||
project: baseline
|
|
||||||
finalizers:
|
|
||||||
- resources-finalizer.argocd.argoproj.io
|
|
||||||
source:
|
|
||||||
repoURL: 'https://git.smsvc.net/k8s/baseline.git'
|
|
||||||
targetRevision: HEAD
|
|
||||||
path: manifests/
|
|
||||||
directory:
|
|
||||||
recurse: true
|
|
||||||
destination:
|
|
||||||
server: 'https://kubernetes.default.svc'
|
|
||||||
namespace: argocd
|
|
||||||
syncPolicy:
|
|
||||||
automated:
|
|
||||||
prune: true
|
|
||||||
selfHeal: true
|
|
||||||
retry:
|
|
||||||
limit: 5
|
|
||||||
backoff:
|
|
||||||
duration: 5s
|
|
||||||
factor: 2
|
|
||||||
maxDuration: 5m
|
|
|
@ -1,4 +1,4 @@
|
||||||
local app = import "../_templates/argocd_app.libsonnet";
|
local app = import "_templates/argocd_app.libsonnet";
|
||||||
|
|
||||||
[
|
[
|
||||||
app + {
|
app + {
|
||||||
|
|
|
@ -6,6 +6,7 @@ metadata:
|
||||||
namespace: cert-manager
|
namespace: cert-manager
|
||||||
annotations:
|
annotations:
|
||||||
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
|
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
|
||||||
|
argocd.argoproj.io/sync-wave: "2"
|
||||||
spec:
|
spec:
|
||||||
acme:
|
acme:
|
||||||
server: https://acme-v02.api.letsencrypt.org/directory
|
server: https://acme-v02.api.letsencrypt.org/directory
|
||||||
|
@ -23,6 +24,7 @@ metadata:
|
||||||
namespace: cert-manager
|
namespace: cert-manager
|
||||||
annotations:
|
annotations:
|
||||||
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
|
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
|
||||||
|
argocd.argoproj.io/sync-wave: "2"
|
||||||
spec:
|
spec:
|
||||||
acme:
|
acme:
|
||||||
server: https://acme-staging-v02.api.letsencrypt.org/directory
|
server: https://acme-staging-v02.api.letsencrypt.org/directory
|
||||||
|
|
|
@ -6,5 +6,6 @@ metadata:
|
||||||
namespace: cert-manager
|
namespace: cert-manager
|
||||||
annotations:
|
annotations:
|
||||||
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
|
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
|
||||||
|
argocd.argoproj.io/sync-wave: "2"
|
||||||
spec:
|
spec:
|
||||||
selfSigned: {}
|
selfSigned: {}
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
local app = import "../_templates/argocd_app.libsonnet";
|
local app = import "_templates/argocd_app.libsonnet";
|
||||||
|
|
||||||
[
|
[
|
||||||
app + {
|
app + {
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
local app = import "../_templates/argocd_app.libsonnet";
|
local app = import "_templates/argocd_app.libsonnet";
|
||||||
|
|
||||||
[
|
[
|
||||||
app + {
|
app + {
|
||||||
|
|
|
@ -1,10 +0,0 @@
|
||||||
---
|
|
||||||
apiVersion: metallb.io/v1beta1
|
|
||||||
kind: IPAddressPool
|
|
||||||
metadata:
|
|
||||||
name: metallb-address-pool
|
|
||||||
namespace: metallb
|
|
||||||
annotations:
|
|
||||||
spec:
|
|
||||||
addresses:
|
|
||||||
- 194.55.14.183/32
|
|
|
@ -1,4 +1,4 @@
|
||||||
local app = import "../../_templates/argocd_app.libsonnet";
|
local app = import "../_templates/argocd_app.libsonnet";
|
||||||
|
|
||||||
[
|
[
|
||||||
app + {
|
app + {
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
local app = import "../_templates/argocd_app.libsonnet";
|
local app = import "_templates/argocd_app.libsonnet";
|
||||||
|
|
||||||
[
|
[
|
||||||
app + {
|
app + {
|
||||||
|
|
61
playbook.yml
Normal file
61
playbook.yml
Normal file
|
@ -0,0 +1,61 @@
|
||||||
|
# vim: set ft=yaml.ansible:
|
||||||
|
---
|
||||||
|
- name: Install k3s server
|
||||||
|
hosts: all
|
||||||
|
gather_facts: false
|
||||||
|
tags: k3s-server
|
||||||
|
|
||||||
|
vars:
|
||||||
|
k3s_version: v1.31.0+k3s1
|
||||||
|
|
||||||
|
tasks:
|
||||||
|
- name: Get k3s installed version
|
||||||
|
ansible.builtin.command: k3s --version
|
||||||
|
register: k3s_version_output
|
||||||
|
check_mode: false
|
||||||
|
changed_when: false
|
||||||
|
ignore_errors: true
|
||||||
|
|
||||||
|
- name: Set k3s installed version
|
||||||
|
when: k3s_version_output.rc == 0
|
||||||
|
ansible.builtin.set_fact:
|
||||||
|
installed_k3s_version: "{{ k3s_version_output.stdout_lines[0].split(' ')[2] }}"
|
||||||
|
|
||||||
|
- name: Download and install/update k3s
|
||||||
|
when: (k3s_version_output.rc != 0) or (installed_k3s_version != k3s_version)
|
||||||
|
block:
|
||||||
|
- name: Download K3s install script
|
||||||
|
ansible.builtin.get_url:
|
||||||
|
url: https://get.k3s.io
|
||||||
|
dest: /usr/local/bin/k3s_install.sh
|
||||||
|
mode: "755"
|
||||||
|
- name: Install k3s server
|
||||||
|
ansible.builtin.command: "k3s_install.sh"
|
||||||
|
environment:
|
||||||
|
K3S_NODE_NAME: "{{ inventory_hostname }}"
|
||||||
|
INSTALL_K3S_CHANNEL: "{{ k3s_version }}"
|
||||||
|
INSTALL_K3S_EXEC: "--disable=traefik --tls-san {{ inventory_hostname }}"
|
||||||
|
changed_when: false
|
||||||
|
|
||||||
|
- name: Start and enable k3s server
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: k3s.service
|
||||||
|
state: started
|
||||||
|
enabled: true
|
||||||
|
|
||||||
|
- name: Add restart cronjob
|
||||||
|
ansible.builtin.cron:
|
||||||
|
name: "restart k3s (and regenerate certs if necessary)"
|
||||||
|
special_time: monthly
|
||||||
|
job: "systemctl restart k3s"
|
||||||
|
|
||||||
|
- name: Deploy ArgoCD
|
||||||
|
hosts: all
|
||||||
|
gather_facts: false
|
||||||
|
tags: baseline
|
||||||
|
tasks:
|
||||||
|
- name: Copy manifest
|
||||||
|
ansible.builtin.copy:
|
||||||
|
src: argocd-bootstrap/
|
||||||
|
dest: /var/lib/rancher/k3s/server/manifests/argocd-bootstrap/
|
||||||
|
mode: "0755"
|
Loading…
Reference in a new issue