From 4256b8ee60036c2b71c7a998b769e142b702e6d3 Mon Sep 17 00:00:00 2001 From: nold Date: Sat, 30 May 2020 16:55:24 +0200 Subject: [PATCH] fix(allthethings) --- .gitignore | 1 + bin/00_bootstrap_argocd.sh | 9 +- bin/10_get_passwords.sh | 6 +- charts/heqet/templates/_helpers.tpl | 6 +- .../heqet/templates/acme-clusterissuer.yaml | 6 +- charts/heqet/templates/heqet-apps.yaml | 33 +-- charts/heqet/values.yaml | 188 +++++++++--------- manifests/heqet-apps.yaml | 11 +- 8 files changed, 148 insertions(+), 112 deletions(-) diff --git a/.gitignore b/.gitignore index 1377554..452d2e7 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ *.swp +.terraform diff --git a/bin/00_bootstrap_argocd.sh b/bin/00_bootstrap_argocd.sh index 2c372e9..44e91e8 100755 --- a/bin/00_bootstrap_argocd.sh +++ b/bin/00_bootstrap_argocd.sh @@ -1,10 +1,17 @@ #!/bin/bash + +if kubectl get nodes | grep -q '^gke-' ; then + echo "[GKE] Ensure we are Cluster-Admin..." + kubectl create clusterrolebinding cluster-admin-binding \ + --clusterrole=cluster-admin \ + --user=$(gcloud config get-value core/account) || exit 1 +fi + echo "Installing ArgoCD..." helm repo add argo https://argoproj.github.io/argo-helm kubectl create ns argocd helm install argo argo/argo-cd --namespace argocd -#kubectl apply -n argocd -f manifests/argocd.yaml echo echo "Bootstrapping Heqet Apps..." diff --git a/bin/10_get_passwords.sh b/bin/10_get_passwords.sh index 46e9d6a..1ac626b 100755 --- a/bin/10_get_passwords.sh +++ b/bin/10_get_passwords.sh @@ -1,4 +1,8 @@ #!/bin/bash -echo "Grafana 'admin': $(kubectl get secret -n heqet-loki loki-grafana --output jsonpath='{.data.admin-password}' | base64 -d)" +echo "Grafana 'admin': $(kubectl get secret -n loki-stack loki-stack-grafana --output jsonpath='{.data.admin-password}' | base64 -d)" echo "ArgoCD 'admin': $(kubectl get pods -n argocd -l app.kubernetes.io/name=argocd-server -o name | cut -d'/' -f 2)" +echo +echo "Vault:" +kubectl logs vault-0 -n vault | egrep 'Unseal Key|Root Token' + exit 0 diff --git a/charts/heqet/templates/_helpers.tpl b/charts/heqet/templates/_helpers.tpl index e0b00bd..7aa3225 100644 --- a/charts/heqet/templates/_helpers.tpl +++ b/charts/heqet/templates/_helpers.tpl @@ -6,9 +6,9 @@ ingress: enabled: true hosts: {{- if not .ingress_hosts_keymap }} - - {{ required "You need to set a domain for your app or disable atic" .domain }} + - {{ required "You need to set a domain for your app or disable atic" .vhost }} {{- else }} - - host: {{ required "You need to set a domain for your app or disable atic" .domain }} + - host: {{ required "You need to set a domain for your app or disable atic" .vhost }} paths: [] {{- end }} annotations: @@ -18,5 +18,5 @@ ingress: tls: - secretName: {{ .name }}-le-tls hosts: - - {{ .domain | quote }} + - {{ .vhost | quote }} {{- end }} diff --git a/charts/heqet/templates/acme-clusterissuer.yaml b/charts/heqet/templates/acme-clusterissuer.yaml index f045502..eaacd90 100644 --- a/charts/heqet/templates/acme-clusterissuer.yaml +++ b/charts/heqet/templates/acme-clusterissuer.yaml @@ -1,14 +1,16 @@ +{{ if .Values.acme.enabled }} apiVersion: cert-manager.io/v1alpha3 kind: ClusterIssuer metadata: name: letsencrypt spec: acme: - server: {{ .Values.heqet.acme.server | default "https://acme-staging-v02.api.letsencrypt.org/directory" }} - email: {{ .Values.heqet.acme.email | quote }} + server: {{ .Values.acme.server | default "https://acme-staging-v02.api.letsencrypt.org/directory" }} + email: {{ .Values.acme.email | quote }} privateKeySecretRef: name: letsencrypt-clusterissuer solvers: - http01: ingress: class: nginx +{{- end }} diff --git a/charts/heqet/templates/heqet-apps.yaml b/charts/heqet/templates/heqet-apps.yaml index b4488aa..c29014e 100644 --- a/charts/heqet/templates/heqet-apps.yaml +++ b/charts/heqet/templates/heqet-apps.yaml @@ -1,4 +1,4 @@ -{{- range .Values.heqet.apps }} +{{- range .Values.apps -}} --- apiVersion: v1 kind: Namespace @@ -6,6 +6,9 @@ metadata: name: {{ .namespace | default .name | quote }} annotations: argocd.argoproj.io/sync-wave: "-1" +{{- if .namespace_vars }} +{{ .namespace_vars | indent 2 }} +{{- end }} --- apiVersion: argoproj.io/v1alpha1 kind: Application @@ -18,10 +21,10 @@ spec: project: {{ .project | default "default" }} destination: namespace: {{ .namespace | default .name | quote }} - server: {{ .server | default $.Values.heqet.defaults.server }} + server: {{ .server | default $.Values.defaults.server }} source: path: {{ .path | default "." | quote }} - repoURL: {{ .repoURL | default $.Values.heqet.defaults.repoURL | quote }} + repoURL: {{ .repoURL | default $.Values.defaults.repoURL | quote }} targetRevision: {{ .targetRevision | default "HEAD" | quote }} {{- if or .parameters .domain }} helm: @@ -31,20 +34,24 @@ spec: - name: {{ .name | quote }} value: {{ .value | quote }} {{- end }} - {{- end }} - {{- if and $.Values.ingress.enabled .domain }} + {{- end -}} + + {{- if or $.Values.ingress.enabled .values }} values: |- - {{- $shift := empty .ingress_prefix -}} - {{- $indent := ternary 8 10 $shift -}} - {{- if .ingress_prefix }} +{{- .values | default "" |indent 10 -}} + {{- if and $.Values.ingress.enabled .vhost }} + {{- $shift := empty .ingress_prefix -}} + {{- $indent := ternary 8 10 $shift -}} + {{- if .ingress_prefix }} {{ .ingress_prefix | indent 8 }}: + {{- end }} + {{- include "heqet.ingress" . | indent $indent -}} {{- end }} - {{- include "heqet.ingress" . | indent $indent -}} - {{- end }} + {{- end -}} {{- end }} syncPolicy: automated: # FIXME: Open Issue: https://github.com/helm/helm/issues/8026 - prune: {{ $.Values.heqet.defaults.automated.prune | default false }} - selfHeal: {{ $.Values.heqet.defaults.automated.selfHeal | default false }} -{{- end }} + prune: {{ $.Values.defaults.automated.prune | default false }} + selfHeal: {{ $.Values.defaults.automated.selfHeal | default false }} +{{ end }} diff --git a/charts/heqet/values.yaml b/charts/heqet/values.yaml index 4bdb0e8..3ccbf30 100644 --- a/charts/heqet/values.yaml +++ b/charts/heqet/values.yaml @@ -4,105 +4,111 @@ installCRDs: true # This configures Heqet's ATIC ['Automatic-Tls-Ingress-Creator'] ingress: enabled: true + class: "nginx" + #FIXME: Can't disable tls ATM tls: enabled: true - #cluster-issuer - # etc. + cluster_issuer: "letsencrypt" + +# Enables ACME cluster-issuer +acme: + enabled: true + email: nold@gnu.one + server: https://acme-v02.api.letsencrypt.org/directory -heqet: - defaults: - project: "default" - repoURL: https://github.com/nold360/heqet - server: https://kubernetes.default.svc - automated: - prune: true - selfHeal: false - acme: - server: https://acme-v02.api.letsencrypt.org/directory - email: nold@gnu.one +# Default values for you applications +defaults: + project: "default" + repoURL: https://github.com/nold360/heqet + server: https://kubernetes.default.svc + automated: + prune: true + selfHeal: false - apps: - - name: heqet - path: charts/heqet +apps: + - name: heqet + path: charts/heqet - - name: argocd - repoURL: https://github.com/argoproj/argo-helm - path: charts/argo-cd - domain: argocd.heqet.gnu.one - ingress_prefix: server - parameters: - - name: server.debug - value: true - - name: server.config.url - value: https://argocd.heqet.gnu.one - - name: server.ingress.enabled - value: true - - name: dex.enabled - value: false - - name: controller.logLevel - value: debug - - name: repoServer.logLevel - value: debug + - name: argocd + repoURL: https://github.com/argoproj/argo-helm + path: charts/argo-cd + vhost: argocd.heqet.gnu.one + ingress_prefix: server + parameters: + - name: server.debug + value: true + - name: server.config.url + value: https://argocd.heqet.gnu.one + - name: server.ingress.enabled + value: true + - name: dex.enabled + value: false + - name: controller.logLevel + value: debug + - name: repoServer.logLevel + value: debug + - name: server.service.annotations + value: 443 - - name: jaeger - path: charts/jaeger - repoURL: https://github.com/jaegertracing/helm-charts - targetRevision: HEAD - domain: jaeger.heqet.gnu.one - ingress_prefix: query + - name: jaeger + path: charts/jaeger + repoURL: https://github.com/jaegertracing/helm-charts + targetRevision: HEAD + vhost: jaeger.heqet.gnu.one + ingress_prefix: query - - name: nginx-ingress - repoURL: https://github.com/kubernetes/ingress-nginx - path: charts/ingress-nginx - parameters: - - name: controller.admissionWebhooks.enabled - value: false - - name: controller.admissionWebhooks.patch.enabled - value: false - - name: rbac.create - value: true - - name: controller.publishService.enabled - value: true - - name: controller.image.repository - value: bitnami/nginx-ingress-controller + - name: nginx-ingress + repoURL: https://github.com/kubernetes/ingress-nginx + path: charts/ingress-nginx + parameters: + - name: controller.admissionWebhooks.enabled + value: false + - name: controller.admissionWebhooks.patch.enabled + value: false + - name: rbac.create + value: true + - name: controller.publishService.enabled + value: true + - name: controller.image.repository + value: bitnami/nginx-ingress-controller - - name: cert-manager - repoURL: https://github.com/jetstack/cert-manager - path: deploy/charts/cert-manager - parameters: - - name: acme.server - value: https://acme-v02.api.letsencrypt.org/directory - - name: acme.email - value: nold@gnu.one - # using crds/ directory - - name: installCRDs - value: false - - name: cainjector.image.tag - value: v0.15.1 - - name: image.tag - value: v0.15.1 - - name: webhook.image.tag - value: v0.15.1 - - - name: vault - repoURL: https://github.com/hashicorp/vault-helm - domain: vault.heqet.gnu.one - ingress_prefix: server - ingress_hosts_keymap: true - parameters: - - name: server.dev.enabled - value: true - - name: ui.enabled - value: true + - name: cert-manager + repoURL: https://github.com/jetstack/cert-manager + path: deploy/charts/cert-manager + parameters: + - name: acme.server + value: https://acme-v02.api.letsencrypt.org/directory + - name: acme.email + value: nold@gnu.one + # using crds/ directory + - name: installCRDs + value: false + - name: cainjector.image.tag + value: v0.15.1 + - name: image.tag + value: v0.15.1 + - name: webhook.image.tag + value: v0.15.1 + + - name: vault + repoURL: https://github.com/hashicorp/vault-helm + vhost: vault.heqet.gnu.one + ingress_prefix: server + ingress_hosts_keymap: true + parameters: + - name: server.dev.enabled + value: true + - name: ui.enabled + value: true - - name: kubernetes-dashboard - path: stable/kubernetes-dashboard - repoURL: https://github.com/helm/charts - domain: dashboard.heqet.gnu.one - parameters: - - name: rbac.clusterAdminRole - value: true + - name: kubernetes-dashboard + path: stable/kubernetes-dashboard + repoURL: https://github.com/helm/charts + vhost: dashboard.heqet.gnu.one + parameters: + - name: rbac.clusterAdminRole + value: true - - name: loki-stack - path: charts/loki-stack + - name: loki-stack + path: charts/loki-stack diff --git a/manifests/heqet-apps.yaml b/manifests/heqet-apps.yaml index 0ea7eac..7808fa4 100644 --- a/manifests/heqet-apps.yaml +++ b/manifests/heqet-apps.yaml @@ -1,10 +1,19 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: heqet +spec: {} +status: {} +--- apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: heqet + namespace: argocd spec: destination: - namespace: argocd + namespace: heqet server: 'https://kubernetes.default.svc' source: path: charts/heqet