diff --git a/.gitignore b/.gitignore index f11b0d6..6d1a9ba 100644 --- a/.gitignore +++ b/.gitignore @@ -1,7 +1,9 @@ .vagrant/ */**/charts/ */**/requirements.lock +*.key argocd-pw +ca.crt gateway-password.txt kubeconfig notes diff --git a/apps/Chart.yaml b/apps/Chart.yaml index 3510e2a..f79be5c 100644 --- a/apps/Chart.yaml +++ b/apps/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 appVersion: "1.0" -description: Applications -name: applications +description: Cluster infrastructure Stage 1 +name: cluster-infra-stage-1 version: 0.1.0 diff --git a/apps/values.yaml b/apps/values.yaml index 9eccd30..3c77bef 100644 --- a/apps/values.yaml +++ b/apps/values.yaml @@ -3,4 +3,5 @@ spec: server: https://kubernetes.default.svc source: repoURL: https://github.com/genebean/kubebag - targetRevision: HEAD + # targetRevision: HEAD + targetRevision: redo diff --git a/bootstrap.sh b/bootstrap.sh new file mode 100644 index 0000000..13a80e5 --- /dev/null +++ b/bootstrap.sh @@ -0,0 +1,95 @@ +IPADDRESS=192.168.122.118 +ssh -o UserKnownHostsFile=/dev/null $IPADDRESS cat /etc/rancher/k3s/k3s.yaml |sed 's/default/k3s/g' |sed "s/127\.0\.0\.1/$IPADDRESS/" > ~/.kube/config + +# If not already installed..... +# +# CILIUM_CLI_VERSION=$(curl -s https://raw.githubusercontent.com/cilium/cilium-cli/main/stable.txt) +# CLI_ARCH=amd64 +# if [ "$(uname -m)" = "aarch64" ]; then CLI_ARCH=arm64; fi +# curl -L --fail --remote-name-all https://github.com/cilium/cilium-cli/releases/download/${CILIUM_CLI_VERSION}/cilium-linux-${CLI_ARCH}.tar.gz{,.sha256sum} +# sha256sum --check cilium-linux-${CLI_ARCH}.tar.gz.sha256sum +# sudo tar xzvfC cilium-linux-${CLI_ARCH}.tar.gz /usr/local/bin +# rm cilium-linux-${CLI_ARCH}.tar.gz{,.sha256sum} + +helm repo add argo https://argoproj.github.io/argo-helm +helm repo add cilium https://helm.cilium.io/ + +helm repo update + +helm upgrade --install cilium cilium/cilium --version 1.16.0 \ + --namespace kube-system \ + --set bpf.datapathMode=netkit \ + --set cni.exclusive=false \ + --set envoy.enabled=false \ + --set ipam.operator.clusterPoolIPv4PodCIDRList="10.42.0.0/16" \ + --set k8sServiceHost=127.0.0.1 \ + --set k8sServicePort=6443 \ + --set kubeProxyReplacement=true \ + --set operator.replicas=1 \ + --set securityContext.privileged=true \ + --set securityContext.privileged=true + +cilium status --wait + +sleep 5 + +kubectl get pods --all-namespaces -o custom-columns=NAMESPACE:.metadata.namespace,NAME:.metadata.name,HOSTNETWORK:.spec.hostNetwork --no-headers=true | grep '' | awk '{print "-n "$1" "$2}' | xargs -L 1 -r kubectl delete pod + +sleep 30 + +helm upgrade --install --namespace argocd --create-namespace argocd argo/argo-cd --set configs.params."server.insecure"=true + +# In another terminal +kubectl port-forward service/argocd-server -n argocd 8080:443 + +# In original terminal +ARGOCD_PW=$(kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d) + +~/argocd login localhost:8080 --insecure --username admin --password $ARGOCD_PW +~/argocd account update-password +~/argocd account update-password --help +~/argocd account update-password --current-password $ARGOCD_PW + +kubectl apply -n argocd -f redo/projects/infra.yaml +kubectl apply -n argocd -f redo/apps/argocd.yaml +kubectl apply -n argocd -f redo/apps/traefik.yaml +kubectl apply -n argocd -f redo/apps/cert-manager.yaml +kubectl apply -n argocd -f redo/apps/sealed-secrets.yaml +kubectl apply -n argocd -f redo/apps/linkerd-crds.yaml +kubectl apply -n argocd -f redo/apps/linkerd-cni.yaml + +# Generate trust anchor +step certificate create root.linkerd.cluster.local ca.crt ca.key \ +--profile root-ca --no-password --insecure --not-after=87600h + +# # Generate issuer +# step certificate create identity.linkerd.cluster.local issuer.crt issuer.key \ +# --profile intermediate-ca --not-after 8760h --no-password --insecure \ +# --ca ca.crt --ca-key ca.key + +# create, save, and apply sealed secret for trust anchor +kubectl -n linkerd create secret tls \ + linkerd-trust-anchor \ + --cert=ca.crt \ + --key=ca.key \ + --dry-run=client -o yaml | \ +kubeseal --controller-name=sealed-secrets --controller-namespace=kubeseal -o yaml | \ +tee redo/manifests/linkerd/sealed-linkerd-trust-anchor.yaml | \ +kubectl apply -f - + +kubectl apply -f redo/manifests/linkerd/cert-manager-issuer.yaml +kubectl apply -f redo/manifests/linkerd/certificate-identity.yaml + + +# update ca cert in linkerd-control-plane with one generated above +kubectl apply -n argocd redo/apps/linkerd-control-plane.yaml + + +# checked out viz dashboard via laptop +# will need to enforce the that the following annotation is on everything but cert-manager +# linkerd.io/inject: enabled +# +# Will need to setup LB IPAM like what is talked about in +# https://blog.stonegarden.dev/articles/2024/02/bootstrapping-k3s-with-cilium/#enable-ssh-server-optional +# +# diff --git a/infra-stage-1/Chart.yaml b/infra-stage-1/Chart.yaml new file mode 100644 index 0000000..c707191 --- /dev/null +++ b/infra-stage-1/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "1.0" +description: Cluster infrastructure Stage 1 +name: infra-stage-1 +version: 0.1.0 diff --git a/infra-stage-1/templates/app-infra-stage-1.yaml b/infra-stage-1/templates/app-infra-stage-1.yaml new file mode 100644 index 0000000..502bd23 --- /dev/null +++ b/infra-stage-1/templates/app-infra-stage-1.yaml @@ -0,0 +1,22 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: infra-stage-1 + namespace: argocd +spec: + destination: + namespace: argocd + server: https://kubernetes.default.svc + # server: {{ .Values.spec.destination.server }} + project: infra + source: + helm: + valueFiles: + - values.yaml + path: apps + repoURL: {{ .Values.spec.source.repoURL }} + targetRevision: {{ .Values.spec.source.targetRevision }} + syncPolicy: + automated: + prune: true + selfHeal: true diff --git a/infra-stage-1/templates/apps/app-argocd.yaml b/infra-stage-1/templates/apps/app-argocd.yaml new file mode 100644 index 0000000..d3a3461 --- /dev/null +++ b/infra-stage-1/templates/apps/app-argocd.yaml @@ -0,0 +1,27 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: argocd + namespace: argocd + annotations: + argocd.argoproj.io/sync-wave: "-100" + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + destination: + namespace: argocd + server: "https://kubernetes.default.svc" + project: infra + source: + chart: argo-cd + repoURL: https://argoproj.github.io/argo-helm + targetRevision: 7.3.11 + helm: + valuesObject: + configs: + params: + "server.insecure": true + syncPolicy: + automated: + prune: true + selfHeal: true \ No newline at end of file diff --git a/infra-stage-1/templates/apps/app-cert-manager.yaml b/infra-stage-1/templates/apps/app-cert-manager.yaml new file mode 100644 index 0000000..338650f --- /dev/null +++ b/infra-stage-1/templates/apps/app-cert-manager.yaml @@ -0,0 +1,27 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: cert-manager + namespace: argocd + annotations: + argocd.argoproj.io/sync-wave: "-90" +spec: + project: infra + source: + chart: cert-manager + repoURL: https://charts.jetstack.io + targetRevision: v1.15.2 + helm: + valuesObject: + installCRDs: "true" + extraArgs: + - '--enable-gateway-api' + destination: + namespace: cert-manager + server: https://kubernetes.default.svc + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/infra-stage-1/templates/apps/app-linkerd-cni.yaml b/infra-stage-1/templates/apps/app-linkerd-cni.yaml new file mode 100644 index 0000000..6a5a193 --- /dev/null +++ b/infra-stage-1/templates/apps/app-linkerd-cni.yaml @@ -0,0 +1,25 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: linkerd-cni + namespace: argocd + annotations: + argocd.argoproj.io/sync-wave: "-90" +spec: + project: infra + source: + chart: linkerd2-cni + repoURL: https://helm.linkerd.io/edge + targetRevision: 2024.7.5 + helm: + valuesObject: + privileged: "true" + destination: + namespace: linkerd-cni + server: https://kubernetes.default.svc + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/infra-stage-1/templates/apps/app-linkerd-crds.yaml b/infra-stage-1/templates/apps/app-linkerd-crds.yaml new file mode 100644 index 0000000..6eea7c4 --- /dev/null +++ b/infra-stage-1/templates/apps/app-linkerd-crds.yaml @@ -0,0 +1,25 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: linkerd-crds + namespace: argocd + annotations: + argocd.argoproj.io/sync-wave: "-90" +spec: + project: infra + source: + chart: linkerd-crds + repoURL: https://helm.linkerd.io/edge + targetRevision: 2024.7.5 + helm: + valuesObject: + enableHttpRoutes: false + destination: + namespace: linkerd + server: https://kubernetes.default.svc + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/infra-stage-1/templates/apps/app-sealed-secrets.yaml b/infra-stage-1/templates/apps/app-sealed-secrets.yaml new file mode 100644 index 0000000..0d1e79e --- /dev/null +++ b/infra-stage-1/templates/apps/app-sealed-secrets.yaml @@ -0,0 +1,24 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: sealed-secrets + namespace: argocd + annotations: + argocd.argoproj.io/sync-wave: "-90" + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: infra + source: + chart: sealed-secrets + repoURL: https://bitnami-labs.github.io/sealed-secrets + targetRevision: 2.16.1 + destination: + server: "https://kubernetes.default.svc" + namespace: kubeseal + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/infra-stage-1/templates/apps/app-traefik.yaml b/infra-stage-1/templates/apps/app-traefik.yaml new file mode 100644 index 0000000..8918e0d --- /dev/null +++ b/infra-stage-1/templates/apps/app-traefik.yaml @@ -0,0 +1,31 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: traefik-v3 + namespace: argocd + annotations: + argocd.argoproj.io/sync-wave: "-90" +spec: + project: infra + source: + chart: traefik + repoURL: https://traefik.github.io/charts + targetRevision: 30.0.2 + helm: + valuesObject: + ingressClass: + name: traefik + providers: + kubernetesCRD: + ingressClass: traefik + kubernetesIngress: + ingressClass: traefik + destination: + namespace: traefik-v3 + server: https://kubernetes.default.svc + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/infra-stage-1/templates/project-infra.yaml b/infra-stage-1/templates/project-infra.yaml new file mode 100644 index 0000000..88ff9dd --- /dev/null +++ b/infra-stage-1/templates/project-infra.yaml @@ -0,0 +1,14 @@ +apiVersion: argoproj.io/v1alpha1 +kind: AppProject +metadata: + name: infra + namespace: argocd +spec: + sourceRepos: + - '*' + destinations: + - namespace: '*' + server: '*' + clusterResourceWhitelist: + - group: '*' + kind: '*' diff --git a/infra-stage-1/values.yaml b/infra-stage-1/values.yaml new file mode 100644 index 0000000..3c77bef --- /dev/null +++ b/infra-stage-1/values.yaml @@ -0,0 +1,7 @@ +spec: + destination: + server: https://kubernetes.default.svc + source: + repoURL: https://github.com/genebean/kubebag + # targetRevision: HEAD + targetRevision: redo diff --git a/infra-stage-2/Chart.yaml b/infra-stage-2/Chart.yaml new file mode 100644 index 0000000..4baa56c --- /dev/null +++ b/infra-stage-2/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "1.0" +description: Cluster infrastructure Stage 2 +name: infra-stage-2 +version: 0.1.0 diff --git a/infra-stage-2/templates/app-infra-stage-2.yaml b/infra-stage-2/templates/app-infra-stage-2.yaml new file mode 100644 index 0000000..fe67207 --- /dev/null +++ b/infra-stage-2/templates/app-infra-stage-2.yaml @@ -0,0 +1,22 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: infra-stage-2 + namespace: argocd +spec: + destination: + namespace: argocd + server: https://kubernetes.default.svc + # server: {{ .Values.spec.destination.server }} + project: infra + source: + helm: + valueFiles: + - values.yaml + path: apps + repoURL: {{ .Values.spec.source.repoURL }} + targetRevision: {{ .Values.spec.source.targetRevision }} + syncPolicy: + automated: + prune: true + selfHeal: true diff --git a/infra-stage-2/templates/apps/app-linkerd-control-plane.yaml b/infra-stage-2/templates/apps/app-linkerd-control-plane.yaml new file mode 100644 index 0000000..f54efbd --- /dev/null +++ b/infra-stage-2/templates/apps/app-linkerd-control-plane.yaml @@ -0,0 +1,73 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: linkerd-control-plane + namespace: argocd + annotations: + argocd.argoproj.io/sync-wave: "-90" +spec: + project: infra + source: + chart: linkerd-control-plane + repoURL: https://helm.linkerd.io/edge + targetRevision: 2024.7.5 + helm: + parameters: + - name: cniEnabled + value: "true" + - name: identityTrustAnchorsPEM + value: | + -----BEGIN CERTIFICATE----- + MIIBjDCCATOgAwIBAgIQDkRT4nEi22SbxNgjbi6hjDAKBggqhkjOPQQDAjAlMSMw + IQYDVQQDExpyb290LmxpbmtlcmQuY2x1c3Rlci5sb2NhbDAeFw0yNDA4MDIxODEx + NDVaFw0zNDA3MzExODExNDVaMCUxIzAhBgNVBAMTGnJvb3QubGlua2VyZC5jbHVz + dGVyLmxvY2FsMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEojEBRndioam7i2w1 + CkoFmXNYBaZkmOOVm1dItKd5M3vM8c+W3V7pkZmAQxLUlJLiGYteRqjcC4cLKT+d + YZ6YfKNFMEMwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQEwHQYD + VR0OBBYEFGD7mfNyOQasacSOYXvBLUT0SblMMAoGCCqGSM49BAMCA0cAMEQCIBAS + t/QG+diMQEnjm6ZRofcmtfA2q4qB+d587SEizsHsAiAW8JJpGjam4XUw4eXjwSOo + d5xMY5OtZgO5oHTODcoipA== + -----END CERTIFICATE----- + - name: identity.issuer.scheme + value: kubernetes.io/tls + destination: + namespace: linkerd + server: https://kubernetes.default.svc + ignoreDifferences: + - group: "" + kind: Secret + name: linkerd-proxy-injector-k8s-tls + jsonPointers: + - /data/tls.crt + - /data/tls.key + - group: "" + kind: Secret + name: linkerd-sp-validator-k8s-tls + jsonPointers: + - /data/tls.crt + - /data/tls.key + - group: "" + kind: Secret + name: linkerd-policy-validator-k8s-tls + jsonPointers: + - /data/tls.crt + - /data/tls.key + - group: admissionregistration.k8s.io/v1 + kind: MutatingWebhookConfiguration + name: linkerd-proxy-injector-webhook-config + jsonPointers: + - /webhooks/0/clientConfig/caBundle + - group: admissionregistration.k8s.io/v1 + kind: ValidatingWebhookConfiguration + name: linkerd-sp-validator-webhook-config + jsonPointers: + - /webhooks/0/clientConfig/caBundle + - group: admissionregistration.k8s.io/v1 + kind: ValidatingWebhookConfiguration + name: linkerd-policy-validator-webhook-config + jsonPointers: + - /webhooks/0/clientConfig/caBundle + syncPolicy: + automated: + prune: true + selfHeal: true diff --git a/infra-stage-2/templates/linkerd/cert-manager-issuer.yaml b/infra-stage-2/templates/linkerd/cert-manager-issuer.yaml new file mode 100644 index 0000000..b6db898 --- /dev/null +++ b/infra-stage-2/templates/linkerd/cert-manager-issuer.yaml @@ -0,0 +1,8 @@ +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: linkerd-trust-anchor + namespace: linkerd +spec: + ca: + secretName: linkerd-trust-anchor diff --git a/infra-stage-2/templates/linkerd/certificate-identity.yaml b/infra-stage-2/templates/linkerd/certificate-identity.yaml new file mode 100644 index 0000000..8fd0bc3 --- /dev/null +++ b/infra-stage-2/templates/linkerd/certificate-identity.yaml @@ -0,0 +1,23 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: linkerd-identity-issuer + namespace: linkerd +spec: + secretName: linkerd-identity-issuer + duration: 48h + renewBefore: 25h + issuerRef: + name: linkerd-trust-anchor + kind: Issuer + commonName: identity.linkerd.cluster.local + dnsNames: + - identity.linkerd.cluster.local + isCA: true + privateKey: + algorithm: ECDSA + usages: + - cert sign + - crl sign + - server auth + - client auth diff --git a/infra-stage-2/templates/linkerd/sealed-linkerd-trust-anchor.yaml b/infra-stage-2/templates/linkerd/sealed-linkerd-trust-anchor.yaml new file mode 100644 index 0000000..30e9223 --- /dev/null +++ b/infra-stage-2/templates/linkerd/sealed-linkerd-trust-anchor.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: linkerd-trust-anchor + namespace: linkerd +spec: + encryptedData: + tls.crt: AgAjdKpNQSTEv/01flXd61rCTkl7OzcNIa1NyySfDgFpRTiUkD9iu4I3Z2r23xJTMrXIq5pmej6k+sruxoUFYf/BV0pjOBqUnEPsAOVvnxi4Eu4kMPjehtkZGBGMrGzZQOLuevDulYxReEeVnKrW9CEua2o9KdfGjkRKlAzc6NjgjREB84yNFVgDHVE3CCMQuOGUNFFUifhcedAyENhrbu7c419H/k4Y8bL/Ot6aSzThJwRNr9POUCCfYSRtBAi6C+4eh7WOyHhM8aSkNOrqyCMbF4wX7kWcCkSY8qq2NtfKKjsBrXVTDE2GO8DiHbRIDc5BW9vZDUxh6WTceJ4y5XX6rAS9xOM/VPEHlRzrbje54RSMk9xuIW5TBQoQ13dHQc61aeFJBasxep22dp3iuVQ36xKCVU55r6uaYQ7aPu2HgQyqSEc5g2x1oVjphUZh36/gEh8KegL8REoIaB/8oXGIjwOpNEC+C5IGAetafCfjvJ4ZougCClVLIgDVcitSvox/DM3bfgJLnywt7YwbajYdxKeA9MVmZXnNGteYvppTCbyZpEcgXQeJ2QsutPgcDihBZivz3d7XkWPq6Bxt5VrpzJPTm4TIF6hJtuFJnA/WxnYgMaIPQt5IMElPZY4z1ucgtejFnJbvSSTC1S6oDNRaIkRbuDgRpB4xu3RP76ADoNwvaiUVAAq3UTzp+2BHUPk3tr/p0TgLbMPZYb+fzWWLi1a89XhJ/7eQh/pEmaFUqaKE60NrQP1vTrVf5lukf4VdP+pf1rOo3oq6ji/xYsz8PG1aYn0/xh0fg0XIgF2SuaW/TXWrSiync4HhE8s2XuRU7zJjGaeSPiP5KB3mfCCLNdhmckjDRNiafC+TOg4babNf3TNNj1tJe/sZhwY3FeNrAbrNVHD+gU1EhVPwTafeNX5S3LVeKHSUkqyJvBZNvxiLeEgA3satVSy1OOxFfdptgS4e4D7D4SNPKK4Vyxyl/hg/tl4iKo2WrlrG+AMMSAdXSQFrrYWuC2ZAGKBPYt6S1nEPSylP+6+5AC5d0Gy1s8VuF3k7BbORkGoC//DzQb3eR3vW87kPzrh2mz6edx20wziyz2JD66x9WEd63sXCXt0Y4JDpiR5p+2xIkSD1khltIBMfta+Fagjd7jbi+FEBNuxxkxEHm/wA5lQsOGlUYOmM6eqn9qR9d30AGdqhKFYmnyrz7Rv0qNPxUoh8Qoyzm3rZnzhEkXNxP7oMXfPE00Px6BcuBY5AANRQgPBHom+dDayVcGDpym0Lzjp5F+mCNiKecCi05fR2uwnf2+KEy0FKsyTuvUkzBa7EDfVvVySdELdbHwmaKl/RsSHi5excRUij4uz0FxRo9yckXxmMopgvZ/8HSYA1k517v5j0e0hfjkH5uuw6h7sz+1OwvA5N4bzdaazzswb7JzXODZkJhQmZXrWFwn+RAMBVLvdPFgUsFOsBZsEeX4YKuvjfQyLQCfSXu8heHoJtbgJ1XF81vzardZGFpw== + tls.key: AgCvQfs1g8PvGpFVD/s1UAO5GpyEgEOGdq3swfzIxfPOEycuPbXGZAmr4LZBocoDiXRXHxct/re/NS7hlONCenzEuZ0II20YQ0Upp+ffatwUuKUxsrdC7pE05RSDK+KrnQIOzUjS9K+D3USHFaBuDfMICJRUxcS8TNfGgkBq6Tv8fl5xWzlox7ezkYBrmjEE2KMp8Cj+V6483dh+pZX2tqmT7bjyDhoJGO6xBnAXAnLASvsp/Q/68Y4QsYKqjJdh9JlchO0PYc/Wn+fVjOHGua/MHfyzTr2216yUygQWrxb808Vot0uMm+5D2qoozoYm4mqg4O1gpjRlax7zwzmO79B8V2YPzm64Ju4zk0ly9e5RSGBgfAI0a77TDu9RXHCbaGNeJZqusgGElBpH4SVU7jQ3S4x64364i/ImP+fT6bDX/qDdpLeIk9x8RDQ7cD11e4Id+3qu/84eirHmel5QMJeN0b6DVtE+jSGA8l18OiOm/MdKQ2zBddVcMIvsLLoYQH1KroCKiQFrhM0fNOqLA/cxLML2NMHTEuYejJkfB5drLjh4NZhQPYegR/CrVaod01+1Z2YKpdcmh5Z4H8yxiv31VJNUNpkJkK66q8MO7gkxxa4KY0AYMTm+c9w8oBE6Po+lQ2LoSvNfuI+8GBX2eh5IqFtHtuBqW3AvYJw6TLA+cGzGXzkb5fvC/94Qn5EiTy50eVCHLnx0Zy3DAi0oFM+8Hub2GK5oPJV0Qprb9MwxWfXyxsSeKfjqU2JACDmOGSjRlsBDzw9IfPJxDjw0qMiXLNocWgW0iZnFhiBsYHDmES7I2yksza63iNIoFaCF0P6qVNm9UACwJcyzUq6E8AABQL5Mn4kS+xWa8pJJQftW2I2L47/6ymM36d2irpvxrfH0dXTjkBPv7e0wsjQrLigtujceqev3cDba4VfLcJ/qOjoer5S9efaONM6GD9V9+bfeIF2gVy6eJJyQQo5eASW7tzAaZMRvfW6h9V2IvO0plD3M6Q== + template: + metadata: + creationTimestamp: null + name: linkerd-trust-anchor + namespace: linkerd + type: kubernetes.io/tls diff --git a/infra-stage-2/values.yaml b/infra-stage-2/values.yaml new file mode 100644 index 0000000..3c77bef --- /dev/null +++ b/infra-stage-2/values.yaml @@ -0,0 +1,7 @@ +spec: + destination: + server: https://kubernetes.default.svc + source: + repoURL: https://github.com/genebean/kubebag + # targetRevision: HEAD + targetRevision: redo