Skip to content

Commit

Permalink
Redoing my setup after many years
Browse files Browse the repository at this point in the history
  • Loading branch information
genebean committed Aug 2, 2024
1 parent 490013d commit 36e62db
Show file tree
Hide file tree
Showing 19 changed files with 428 additions and 3 deletions.
2 changes: 2 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
.vagrant/
*/**/charts/
*/**/requirements.lock
*.key
argocd-pw
ca.crt
gateway-password.txt
kubeconfig
notes
Expand Down
4 changes: 2 additions & 2 deletions apps/Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
apiVersion: v1
appVersion: "1.0"
description: Applications
name: applications
description: Cluster infrastructure Stage 1
name: cluster-infra-stage-1
version: 0.1.0
3 changes: 2 additions & 1 deletion apps/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,4 +3,5 @@ spec:
server: https://kubernetes.default.svc
source:
repoURL: https://github.com/genebean/kubebag
targetRevision: HEAD
# targetRevision: HEAD
targetRevision: redo
80 changes: 80 additions & 0 deletions bootstrap.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,80 @@
IPADDRESS=192.168.122.118
ssh -o UserKnownHostsFile=/dev/null $IPADDRESS cat /etc/rancher/k3s/k3s.yaml |sed 's/default/k3s/g' |sed "s/127\.0\.0\.1/$IPADDRESS/" > ~/.kube/config

# If not already installed.....
#
# CILIUM_CLI_VERSION=$(curl -s https://raw.githubusercontent.com/cilium/cilium-cli/main/stable.txt)
# CLI_ARCH=amd64
# if [ "$(uname -m)" = "aarch64" ]; then CLI_ARCH=arm64; fi
# curl -L --fail --remote-name-all https://github.com/cilium/cilium-cli/releases/download/${CILIUM_CLI_VERSION}/cilium-linux-${CLI_ARCH}.tar.gz{,.sha256sum}
# sha256sum --check cilium-linux-${CLI_ARCH}.tar.gz.sha256sum
# sudo tar xzvfC cilium-linux-${CLI_ARCH}.tar.gz /usr/local/bin
# rm cilium-linux-${CLI_ARCH}.tar.gz{,.sha256sum}

helm repo add argo https://argoproj.github.io/argo-helm
helm repo add cilium https://helm.cilium.io/

helm repo update

helm upgrade --install cilium cilium/cilium --version 1.16.0 \
--namespace kube-system \
--set bpf.datapathMode=netkit \
--set cni.exclusive=false \
--set envoy.enabled=false \
--set ipam.operator.clusterPoolIPv4PodCIDRList="10.42.0.0/16" \
--set k8sServiceHost=127.0.0.1 \
--set k8sServicePort=6443 \
--set kubeProxyReplacement=true \
--set operator.replicas=1 \
--set securityContext.privileged=true \
--set securityContext.privileged=true

cilium status --wait

sleep 5

kubectl get pods --all-namespaces -o custom-columns=NAMESPACE:.metadata.namespace,NAME:.metadata.name,HOSTNETWORK:.spec.hostNetwork --no-headers=true | grep '<none>' | awk '{print "-n "$1" "$2}' | xargs -L 1 -r kubectl delete pod

sleep 30

helm upgrade --install --namespace argocd --create-namespace argocd argo/argo-cd --set configs.params."server.insecure"=true

helm template ./infra-stage-1 |kubectl apply -f -

# Generate trust anchor
step certificate create root.linkerd.cluster.local ca.crt ca.key \
--profile root-ca --no-password --insecure --not-after=87600h

# create, save, and apply sealed secret for trust anchor
kubectl -n linkerd create secret tls \
linkerd-trust-anchor \
--cert=ca.crt \
--key=ca.key \
--dry-run=client -o yaml | \
kubeseal --controller-name=sealed-secrets \
--controller-namespace=kubeseal -o yaml > infra-stage-2/templates/linkerd/sealed-linkerd-trust-anchor.yaml

####################################################################
# update ca cert in linkerd-control-plane with one generated above #
# commit to git and push #
####################################################################

helm template ./infra-stage-2 |kubectl apply -f -

# In another terminal
kubectl port-forward service/argocd-server -n argocd 8080:443

# In original terminal
ARGOCD_PW=$(kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d)

~/argocd login localhost:8080 --insecure --username admin --password $ARGOCD_PW
~/argocd account update-password --current-password $ARGOCD_PW

# checked out viz dashboard via laptop
# will need to enforce the that the following annotation is on everything but cert-manager
# linkerd.io/inject: enabled
#
# Will need to setup LB IPAM like what is talked about in
# https://blog.stonegarden.dev/articles/2024/02/bootstrapping-k3s-with-cilium/#enable-ssh-server-optional
#
#
5 changes: 5 additions & 0 deletions infra-stage-1/Chart.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
apiVersion: v1
appVersion: "1.0"
description: Cluster infrastructure Stage 1
name: infra-stage-1
version: 0.1.0
19 changes: 19 additions & 0 deletions infra-stage-1/templates/app-infra-stage-1.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: infra-stage-1
namespace: argocd
spec:
destination:
namespace: argocd
server: https://kubernetes.default.svc
project: infra
source:
helm:
path: infra-stage-1
repoURL: https://github.com/genebean/kubebag.git
targetRevision: redo
syncPolicy:
automated:
prune: true
selfHeal: true
27 changes: 27 additions & 0 deletions infra-stage-1/templates/apps/app-argocd.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: argocd
namespace: argocd
annotations:
argocd.argoproj.io/sync-wave: "-100"
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
destination:
namespace: argocd
server: "https://kubernetes.default.svc"
project: infra
source:
chart: argo-cd
repoURL: https://argoproj.github.io/argo-helm
targetRevision: 7.3.11
helm:
valuesObject:
configs:
params:
"server.insecure": true
syncPolicy:
automated:
prune: true
selfHeal: true
27 changes: 27 additions & 0 deletions infra-stage-1/templates/apps/app-cert-manager.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: cert-manager
namespace: argocd
annotations:
argocd.argoproj.io/sync-wave: "-90"
spec:
project: infra
source:
chart: cert-manager
repoURL: https://charts.jetstack.io
targetRevision: v1.15.2
helm:
valuesObject:
installCRDs: "true"
extraArgs:
- '--enable-gateway-api'
destination:
namespace: cert-manager
server: https://kubernetes.default.svc
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
25 changes: 25 additions & 0 deletions infra-stage-1/templates/apps/app-linkerd-cni.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: linkerd-cni
namespace: argocd
annotations:
argocd.argoproj.io/sync-wave: "-90"
spec:
project: infra
source:
chart: linkerd2-cni
repoURL: https://helm.linkerd.io/edge
targetRevision: 2024.7.5
helm:
valuesObject:
privileged: "true"
destination:
namespace: linkerd-cni
server: https://kubernetes.default.svc
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
25 changes: 25 additions & 0 deletions infra-stage-1/templates/apps/app-linkerd-crds.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: linkerd-crds
namespace: argocd
annotations:
argocd.argoproj.io/sync-wave: "-90"
spec:
project: infra
source:
chart: linkerd-crds
repoURL: https://helm.linkerd.io/edge
targetRevision: 2024.7.5
helm:
valuesObject:
enableHttpRoutes: false
destination:
namespace: linkerd
server: https://kubernetes.default.svc
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
24 changes: 24 additions & 0 deletions infra-stage-1/templates/apps/app-sealed-secrets.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: sealed-secrets
namespace: argocd
annotations:
argocd.argoproj.io/sync-wave: "-90"
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: infra
source:
chart: sealed-secrets
repoURL: https://bitnami-labs.github.io/sealed-secrets
targetRevision: 2.16.1
destination:
server: "https://kubernetes.default.svc"
namespace: kubeseal
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
31 changes: 31 additions & 0 deletions infra-stage-1/templates/apps/app-traefik.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: traefik-v3
namespace: argocd
annotations:
argocd.argoproj.io/sync-wave: "-90"
spec:
project: infra
source:
chart: traefik
repoURL: https://traefik.github.io/charts
targetRevision: 30.0.2
helm:
valuesObject:
ingressClass:
name: traefik
providers:
kubernetesCRD:
ingressClass: traefik
kubernetesIngress:
ingressClass: traefik
destination:
namespace: traefik-v3
server: https://kubernetes.default.svc
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
14 changes: 14 additions & 0 deletions infra-stage-1/templates/project-infra.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
apiVersion: argoproj.io/v1alpha1
kind: AppProject
metadata:
name: infra
namespace: argocd
spec:
sourceRepos:
- '*'
destinations:
- namespace: '*'
server: '*'
clusterResourceWhitelist:
- group: '*'
kind: '*'
5 changes: 5 additions & 0 deletions infra-stage-2/Chart.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
apiVersion: v1
appVersion: "1.0"
description: Cluster infrastructure Stage 2
name: infra-stage-2
version: 0.1.0
19 changes: 19 additions & 0 deletions infra-stage-2/templates/app-infra-stage-2.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: infra-stage-2
namespace: argocd
spec:
destination:
namespace: argocd
server: https://kubernetes.default.svc
project: infra
source:
helm:
path: infra-stage-2
repoURL: https://github.com/genebean/kubebag
targetRevision: redo
syncPolicy:
automated:
prune: true
selfHeal: true
Loading

0 comments on commit 36e62db

Please sign in to comment.