fix(allthethings)

drone
nold 2 years ago
parent 9e6e98a0cd
commit 4256b8ee60
  1. 1
      .gitignore
  2. 9
      bin/00_bootstrap_argocd.sh
  3. 6
      bin/10_get_passwords.sh
  4. 6
      charts/heqet/templates/_helpers.tpl
  5. 6
      charts/heqet/templates/acme-clusterissuer.yaml
  6. 33
      charts/heqet/templates/heqet-apps.yaml
  7. 188
      charts/heqet/values.yaml
  8. 11
      manifests/heqet-apps.yaml

1
.gitignore vendored

@ -1 +1,2 @@
*.swp
.terraform

@ -1,10 +1,17 @@
#!/bin/bash
if kubectl get nodes | grep -q '^gke-' ; then
echo "[GKE] Ensure we are Cluster-Admin..."
kubectl create clusterrolebinding cluster-admin-binding \
--clusterrole=cluster-admin \
--user=$(gcloud config get-value core/account) || exit 1
fi
echo "Installing ArgoCD..."
helm repo add argo https://argoproj.github.io/argo-helm
kubectl create ns argocd
helm install argo argo/argo-cd --namespace argocd
#kubectl apply -n argocd -f manifests/argocd.yaml
echo
echo "Bootstrapping Heqet Apps..."

@ -1,4 +1,8 @@
#!/bin/bash
echo "Grafana 'admin': $(kubectl get secret -n heqet-loki loki-grafana --output jsonpath='{.data.admin-password}' | base64 -d)"
echo "Grafana 'admin': $(kubectl get secret -n loki-stack loki-stack-grafana --output jsonpath='{.data.admin-password}' | base64 -d)"
echo "ArgoCD 'admin': $(kubectl get pods -n argocd -l app.kubernetes.io/name=argocd-server -o name | cut -d'/' -f 2)"
echo
echo "Vault:"
kubectl logs vault-0 -n vault | egrep 'Unseal Key|Root Token'
exit 0

@ -6,9 +6,9 @@ ingress:
enabled: true
hosts:
{{- if not .ingress_hosts_keymap }}
- {{ required "You need to set a domain for your app or disable atic" .domain }}
- {{ required "You need to set a domain for your app or disable atic" .vhost }}
{{- else }}
- host: {{ required "You need to set a domain for your app or disable atic" .domain }}
- host: {{ required "You need to set a domain for your app or disable atic" .vhost }}
paths: []
{{- end }}
annotations:
@ -18,5 +18,5 @@ ingress:
tls:
- secretName: {{ .name }}-le-tls
hosts:
- {{ .domain | quote }}
- {{ .vhost | quote }}
{{- end }}

@ -1,14 +1,16 @@
{{ if .Values.acme.enabled }}
apiVersion: cert-manager.io/v1alpha3
kind: ClusterIssuer
metadata:
name: letsencrypt
spec:
acme:
server: {{ .Values.heqet.acme.server | default "https://acme-staging-v02.api.letsencrypt.org/directory" }}
email: {{ .Values.heqet.acme.email | quote }}
server: {{ .Values.acme.server | default "https://acme-staging-v02.api.letsencrypt.org/directory" }}
email: {{ .Values.acme.email | quote }}
privateKeySecretRef:
name: letsencrypt-clusterissuer
solvers:
- http01:
ingress:
class: nginx
{{- end }}

@ -1,4 +1,4 @@
{{- range .Values.heqet.apps }}
{{- range .Values.apps -}}
---
apiVersion: v1
kind: Namespace
@ -6,6 +6,9 @@ metadata:
name: {{ .namespace | default .name | quote }}
annotations:
argocd.argoproj.io/sync-wave: "-1"
{{- if .namespace_vars }}
{{ .namespace_vars | indent 2 }}
{{- end }}
---
apiVersion: argoproj.io/v1alpha1
kind: Application
@ -18,10 +21,10 @@ spec:
project: {{ .project | default "default" }}
destination:
namespace: {{ .namespace | default .name | quote }}
server: {{ .server | default $.Values.heqet.defaults.server }}
server: {{ .server | default $.Values.defaults.server }}
source:
path: {{ .path | default "." | quote }}
repoURL: {{ .repoURL | default $.Values.heqet.defaults.repoURL | quote }}
repoURL: {{ .repoURL | default $.Values.defaults.repoURL | quote }}
targetRevision: {{ .targetRevision | default "HEAD" | quote }}
{{- if or .parameters .domain }}
helm:
@ -31,20 +34,24 @@ spec:
- name: {{ .name | quote }}
value: {{ .value | quote }}
{{- end }}
{{- end }}
{{- if and $.Values.ingress.enabled .domain }}
{{- end -}}
{{- if or $.Values.ingress.enabled .values }}
values: |-
{{- $shift := empty .ingress_prefix -}}
{{- $indent := ternary 8 10 $shift -}}
{{- if .ingress_prefix }}
{{- .values | default "" |indent 10 -}}
{{- if and $.Values.ingress.enabled .vhost }}
{{- $shift := empty .ingress_prefix -}}
{{- $indent := ternary 8 10 $shift -}}
{{- if .ingress_prefix }}
{{ .ingress_prefix | indent 8 }}:
{{- end }}
{{- include "heqet.ingress" . | indent $indent -}}
{{- end }}
{{- include "heqet.ingress" . | indent $indent -}}
{{- end }}
{{- end -}}
{{- end }}
syncPolicy:
automated:
# FIXME: Open Issue: https://github.com/helm/helm/issues/8026
prune: {{ $.Values.heqet.defaults.automated.prune | default false }}
selfHeal: {{ $.Values.heqet.defaults.automated.selfHeal | default false }}
{{- end }}
prune: {{ $.Values.defaults.automated.prune | default false }}
selfHeal: {{ $.Values.defaults.automated.selfHeal | default false }}
{{ end }}

@ -4,105 +4,111 @@ installCRDs: true
# This configures Heqet's ATIC ['Automatic-Tls-Ingress-Creator']
ingress:
enabled: true
class: "nginx"
#FIXME: Can't disable tls ATM
tls:
enabled: true
#cluster-issuer
# etc.
cluster_issuer: "letsencrypt"
# Enables ACME cluster-issuer
acme:
enabled: true
email: nold@gnu.one
server: https://acme-v02.api.letsencrypt.org/directory
heqet:
defaults:
project: "default"
repoURL: https://github.com/nold360/heqet
server: https://kubernetes.default.svc
automated:
prune: true
selfHeal: false
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: nold@gnu.one
# Default values for you applications
defaults:
project: "default"
repoURL: https://github.com/nold360/heqet
server: https://kubernetes.default.svc
automated:
prune: true
selfHeal: false
apps:
- name: heqet
path: charts/heqet
apps:
- name: heqet
path: charts/heqet
- name: argocd
repoURL: https://github.com/argoproj/argo-helm
path: charts/argo-cd
domain: argocd.heqet.gnu.one
ingress_prefix: server
parameters:
- name: server.debug
value: true
- name: server.config.url
value: https://argocd.heqet.gnu.one
- name: server.ingress.enabled
value: true
- name: dex.enabled
value: false
- name: controller.logLevel
value: debug
- name: repoServer.logLevel
value: debug
- name: argocd
repoURL: https://github.com/argoproj/argo-helm
path: charts/argo-cd
vhost: argocd.heqet.gnu.one
ingress_prefix: server
parameters:
- name: server.debug
value: true
- name: server.config.url
value: https://argocd.heqet.gnu.one
- name: server.ingress.enabled
value: true
- name: dex.enabled
value: false
- name: controller.logLevel
value: debug
- name: repoServer.logLevel
value: debug
- name: server.service.annotations
value: 443
- name: jaeger
path: charts/jaeger
repoURL: https://github.com/jaegertracing/helm-charts
targetRevision: HEAD
domain: jaeger.heqet.gnu.one
ingress_prefix: query
- name: jaeger
path: charts/jaeger
repoURL: https://github.com/jaegertracing/helm-charts
targetRevision: HEAD
vhost: jaeger.heqet.gnu.one
ingress_prefix: query
- name: nginx-ingress
repoURL: https://github.com/kubernetes/ingress-nginx
path: charts/ingress-nginx
parameters:
- name: controller.admissionWebhooks.enabled
value: false
- name: controller.admissionWebhooks.patch.enabled
value: false
- name: rbac.create
value: true
- name: controller.publishService.enabled
value: true
- name: controller.image.repository
value: bitnami/nginx-ingress-controller
- name: nginx-ingress
repoURL: https://github.com/kubernetes/ingress-nginx
path: charts/ingress-nginx
parameters:
- name: controller.admissionWebhooks.enabled
value: false
- name: controller.admissionWebhooks.patch.enabled
value: false
- name: rbac.create
value: true
- name: controller.publishService.enabled
value: true
- name: controller.image.repository
value: bitnami/nginx-ingress-controller
- name: cert-manager
repoURL: https://github.com/jetstack/cert-manager
path: deploy/charts/cert-manager
parameters:
- name: acme.server
value: https://acme-v02.api.letsencrypt.org/directory
- name: acme.email
value: nold@gnu.one
# using crds/ directory
- name: installCRDs
value: false
- name: cainjector.image.tag
value: v0.15.1
- name: image.tag
value: v0.15.1
- name: webhook.image.tag
value: v0.15.1
- name: vault
repoURL: https://github.com/hashicorp/vault-helm
domain: vault.heqet.gnu.one
ingress_prefix: server
ingress_hosts_keymap: true
parameters:
- name: server.dev.enabled
value: true
- name: ui.enabled
value: true
- name: cert-manager
repoURL: https://github.com/jetstack/cert-manager
path: deploy/charts/cert-manager
parameters:
- name: acme.server
value: https://acme-v02.api.letsencrypt.org/directory
- name: acme.email
value: nold@gnu.one
# using crds/ directory
- name: installCRDs
value: false
- name: cainjector.image.tag
value: v0.15.1
- name: image.tag
value: v0.15.1
- name: webhook.image.tag
value: v0.15.1
- name: vault
repoURL: https://github.com/hashicorp/vault-helm
vhost: vault.heqet.gnu.one
ingress_prefix: server
ingress_hosts_keymap: true
parameters:
- name: server.dev.enabled
value: true
- name: ui.enabled
value: true
- name: kubernetes-dashboard
path: stable/kubernetes-dashboard
repoURL: https://github.com/helm/charts
domain: dashboard.heqet.gnu.one
parameters:
- name: rbac.clusterAdminRole
value: true
- name: kubernetes-dashboard
path: stable/kubernetes-dashboard
repoURL: https://github.com/helm/charts
vhost: dashboard.heqet.gnu.one
parameters:
- name: rbac.clusterAdminRole
value: true
- name: loki-stack
path: charts/loki-stack
- name: loki-stack
path: charts/loki-stack

@ -1,10 +1,19 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: heqet
spec: {}
status: {}
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: heqet
namespace: argocd
spec:
destination:
namespace: argocd
namespace: heqet
server: 'https://kubernetes.default.svc'
source:
path: charts/heqet

Loading…
Cancel
Save