forked from k-space/kube
		
	Updates and cleanups
This commit is contained in:
		
							
								
								
									
										26
									
								
								README.md
									
									
									
									
									
								
							
							
						
						
									
										26
									
								
								README.md
									
									
									
									
									
								
							| @@ -2,21 +2,8 @@ | ||||
|  | ||||
| ## Introduction | ||||
|  | ||||
| This is the Kubernetes manifests of services running on k-space.ee domains: | ||||
|  | ||||
| - [Authelia](https://auth.k-space.ee) for authentication | ||||
| - [Drone.io](https://drone.k-space.ee) for building Docker images | ||||
| - [Harbor](https://harbor.k-space.ee) for hosting Docker images | ||||
| - [ArgoCD](https://argocd.k-space.ee) for deploying Kubernetes manifests and | ||||
|   Helm charts into the cluster | ||||
| - [camtiler](https://cams.k-space.ee) for cameras | ||||
| - [Longhorn Dashboard](https://longhorn.k-space.ee) for administering | ||||
|   Longhorn storage | ||||
| - [Kubernetes Dashboard](https://kubernetes-dashboard.k-space.ee/) for read-only overview | ||||
|   of the Kubernetes cluster | ||||
| - [Wildduck Webmail](https://webmail.k-space.ee/) | ||||
|  | ||||
| Most endpoints are protected by OIDC autentication or Authelia SSO middleware. | ||||
| This is the Kubernetes manifests of services running on k-space.ee domains. | ||||
| The applications are listed on https://auth2.k-space.ee for authenticated users. | ||||
|  | ||||
|  | ||||
| ## Cluster access | ||||
| @@ -27,7 +14,7 @@ General discussion is happening in the `#kube` Slack channel. | ||||
| For bootstrap access obtain `/etc/kubernetes/admin.conf` from one of the master | ||||
| nodes and place it under `~/.kube/config` on your machine. | ||||
|  | ||||
| Once Authelia is working, OIDC access for others can be enabled with | ||||
| Once Passmower is working, OIDC access for others can be enabled with | ||||
| running following on Kubernetes masters: | ||||
|  | ||||
| ```bash | ||||
| @@ -120,7 +107,7 @@ Our self-hosted Kubernetes stack compared to AWS based deployments: | ||||
| | AWS Route53       | Bind and RFC2136                    | DNS records and Let's Encrypt DNS validation                        | | ||||
| | AWS S3            | Minio Operator                      | Highly available object storage                                     | | ||||
| | AWS VPC           | Calico                              | Overlay network                                                     | | ||||
| | Dex               | Authelia                            | ACL mapping and OIDC provider which integrates with GitHub/Samba    | | ||||
| | Dex               | Passmower                           | ACL mapping and OIDC provider which integrates with GitHub/Samba    | | ||||
| | GitHub Actions    | Drone                               | Build Docker images                                                 | | ||||
| | GitHub            | Gitea                               | Source code management, issue tracking                              | | ||||
| | GitHub OAuth2     | Samba (Active Directory compatible) | Source of truth for authentication and authorization                | | ||||
| @@ -129,7 +116,6 @@ Our self-hosted Kubernetes stack compared to AWS based deployments: | ||||
|  | ||||
| External dependencies running as classic virtual machines: | ||||
|  | ||||
| - Samba as Authelia's source of truth | ||||
| - Bind as DNS server | ||||
|  | ||||
|  | ||||
| @@ -137,13 +123,13 @@ External dependencies running as classic virtual machines: | ||||
|  | ||||
| Deploy applications via [ArgoCD](https://argocd.k-space.ee) | ||||
|  | ||||
| We use Treafik with Authelia for Ingress. | ||||
| We use Treafik with Passmower for Ingress. | ||||
| Applications where possible and where applicable should use `Remote-User` | ||||
| authentication. This prevents application exposure on public Internet. | ||||
| Otherwise use OpenID Connect for authentication, | ||||
| see Argo itself as an example how that is done. | ||||
|  | ||||
| See `kspace-camtiler/ingress.yml` for commented Ingress example. | ||||
| See `camtiler/ingress.yml` for commented Ingress example. | ||||
|  | ||||
| Note that we do not use IngressRoute objects because they don't | ||||
| support `external-dns` out of the box. | ||||
|   | ||||
| @@ -1,6 +1,7 @@ | ||||
| # Workflow | ||||
|  | ||||
| Most applications in our Kubernetes cluster are managed by ArgoCD. | ||||
| Most notably operators are NOT managed by ArgoCD. | ||||
|  | ||||
|  | ||||
| # Deployment | ||||
| @@ -20,8 +21,6 @@ kubectl -n argocd rollout restart statefulset/k6-argocd-application-controller | ||||
| kubectl label -n argocd secret oidc-client-argocd-owner-secrets app.kubernetes.io/part-of=argocd | ||||
| ``` | ||||
|  | ||||
| Note: Refer to Authelia README for OIDC secret setup | ||||
|  | ||||
|  | ||||
| # Setting up Git secrets | ||||
|  | ||||
| @@ -50,3 +49,32 @@ rm -fv id_ecdsa | ||||
| Have Gitea admin reset password for user `argocd` and log in with that account. | ||||
| Add the SSH key for user `argocd` from file `id_ecdsa.pub`. | ||||
| Delete any other SSH keys associated with Gitea user `argocd`. | ||||
|  | ||||
|  | ||||
| # Managing applications | ||||
|  | ||||
| To update apps: | ||||
|  | ||||
| ``` | ||||
| for j in asterisk bind camtiler drone drone-execution etherpad freescout gitea grafana hackerspace nextcloud nyancat rosdump traefik wiki wildduck woodpecker; do | ||||
| cat << EOF >> applications/$j.yaml | ||||
| --- | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: $j | ||||
|   namespace: argocd | ||||
| spec: | ||||
|   project: k-space.ee | ||||
|   source: | ||||
|     repoURL: 'git@git.k-space.ee:k-space/kube.git' | ||||
|     path: $j | ||||
|     targetRevision: HEAD | ||||
|   destination: | ||||
|     server: 'https://kubernetes.default.svc' | ||||
|     namespace: $j | ||||
|   syncPolicy: {} | ||||
| EOF | ||||
| done | ||||
| find applications -name "*.yaml" -exec kubectl apply -n argocd -f {} \; | ||||
| ``` | ||||
|   | ||||
| @@ -3,6 +3,7 @@ apiVersion: codemowers.io/v1alpha1 | ||||
| kind: OIDCGWClient | ||||
| metadata: | ||||
|   name: argocd | ||||
|   namespace: argocd | ||||
| spec: | ||||
|   displayName: Argo CD | ||||
|   uri: https://argocd.k-space.ee | ||||
| @@ -19,4 +20,18 @@ spec: | ||||
|     - openid | ||||
|     - profile | ||||
|   pkce: false | ||||
|  | ||||
| --- | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: AppProject | ||||
| metadata: | ||||
|   namespace: argocd | ||||
|   name: k-space.ee | ||||
| spec: | ||||
|   clusterResourceWhitelist: | ||||
|     - group: '*' | ||||
|       kind: '*' | ||||
|   destinations: | ||||
|     - namespace: '*' | ||||
|       server: '*' | ||||
|   sourceRepos: | ||||
|     - '*' | ||||
|   | ||||
| @@ -1,14 +1,16 @@ | ||||
| --- | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: prometheus-operator | ||||
|   name: asterisk | ||||
|   namespace: argocd | ||||
| spec: | ||||
|   project: default | ||||
|   project: k-space.ee | ||||
|   source: | ||||
|     repoURL: 'git@git.k-space.ee:k-space/kube.git' | ||||
|     path: prometheus-operator | ||||
|     path: asterisk | ||||
|     targetRevision: HEAD | ||||
|   destination: | ||||
|     server: 'https://kubernetes.default.svc' | ||||
|     namespace: prometheus-operator | ||||
|     namespace: asterisk | ||||
|   syncPolicy: {} | ||||
| @@ -1,17 +0,0 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: authelia | ||||
|   namespace: argocd | ||||
| spec: | ||||
|   project: default | ||||
|   source: | ||||
|     repoURL: 'git@git.k-space.ee:k-space/kube.git' | ||||
|     path: authelia | ||||
|     targetRevision: HEAD | ||||
|   destination: | ||||
|     server: 'https://kubernetes.default.svc' | ||||
|     namespace: authelia | ||||
|   syncPolicy: | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
| @@ -1,17 +1,16 @@ | ||||
| --- | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: keel | ||||
|   name: bind | ||||
|   namespace: argocd | ||||
| spec: | ||||
|   project: default | ||||
|   project: k-space.ee | ||||
|   source: | ||||
|     repoURL: 'git@git.k-space.ee:k-space/kube.git' | ||||
|     path: keel | ||||
|     path: bind | ||||
|     targetRevision: HEAD | ||||
|   destination: | ||||
|     server: 'https://kubernetes.default.svc' | ||||
|     namespace: keel | ||||
|   syncPolicy: | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|     namespace: bind | ||||
|   syncPolicy: {} | ||||
| @@ -1,10 +1,11 @@ | ||||
| --- | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: camtiler | ||||
|   namespace: argocd | ||||
| spec: | ||||
|   project: default | ||||
|   project: k-space.ee | ||||
|   source: | ||||
|     repoURL: 'git@git.k-space.ee:k-space/kube.git' | ||||
|     path: camtiler | ||||
| @@ -12,6 +13,4 @@ spec: | ||||
|   destination: | ||||
|     server: 'https://kubernetes.default.svc' | ||||
|     namespace: camtiler | ||||
|   syncPolicy: | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|   syncPolicy: {} | ||||
| @@ -1,10 +1,11 @@ | ||||
| --- | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: drone-execution | ||||
|   namespace: argocd | ||||
| spec: | ||||
|   project: default | ||||
|   project: k-space.ee | ||||
|   source: | ||||
|     repoURL: 'git@git.k-space.ee:k-space/kube.git' | ||||
|     path: drone-execution | ||||
| @@ -12,6 +13,4 @@ spec: | ||||
|   destination: | ||||
|     server: 'https://kubernetes.default.svc' | ||||
|     namespace: drone-execution | ||||
|   syncPolicy: | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|   syncPolicy: {} | ||||
| @@ -1,10 +1,11 @@ | ||||
| --- | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: drone | ||||
|   namespace: argocd | ||||
| spec: | ||||
|   project: default | ||||
|   project: k-space.ee | ||||
|   source: | ||||
|     repoURL: 'git@git.k-space.ee:k-space/kube.git' | ||||
|     path: drone | ||||
| @@ -12,6 +13,4 @@ spec: | ||||
|   destination: | ||||
|     server: 'https://kubernetes.default.svc' | ||||
|     namespace: drone | ||||
|   syncPolicy: | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|   syncPolicy: {} | ||||
| @@ -1,22 +0,0 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: elastic-system | ||||
|   namespace: argocd | ||||
| spec: | ||||
|   project: default | ||||
|   source: | ||||
|     repoURL: 'git@git.k-space.ee:k-space/kube.git' | ||||
|     path: elastic-system | ||||
|     targetRevision: HEAD | ||||
|   destination: | ||||
|     server: 'https://kubernetes.default.svc' | ||||
|     namespace: elastic-system | ||||
|   syncPolicy: | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|   ignoreDifferences: | ||||
|     - group: admissionregistration.k8s.io | ||||
|       kind: ValidatingWebhookConfiguration | ||||
|       jqPathExpressions: | ||||
|         - '.webhooks[]?.clientConfig.caBundle' | ||||
| @@ -1,10 +1,11 @@ | ||||
| --- | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: etherpad | ||||
|   namespace: argocd | ||||
| spec: | ||||
|   project: default | ||||
|   project: k-space.ee | ||||
|   source: | ||||
|     repoURL: 'git@git.k-space.ee:k-space/kube.git' | ||||
|     path: etherpad | ||||
| @@ -12,6 +13,4 @@ spec: | ||||
|   destination: | ||||
|     server: 'https://kubernetes.default.svc' | ||||
|     namespace: etherpad | ||||
|   syncPolicy: | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|   syncPolicy: {} | ||||
| @@ -1,17 +0,0 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: external-dns | ||||
|   namespace: argocd | ||||
| spec: | ||||
|   project: default | ||||
|   source: | ||||
|     repoURL: 'git@git.k-space.ee:k-space/kube.git' | ||||
|     path: external-dns | ||||
|     targetRevision: HEAD | ||||
|   destination: | ||||
|     server: 'https://kubernetes.default.svc' | ||||
|     namespace: external-dns | ||||
|   syncPolicy: | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
| @@ -1,17 +1,16 @@ | ||||
| --- | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: harbor | ||||
|   name: freescout | ||||
|   namespace: argocd | ||||
| spec: | ||||
|   project: default | ||||
|   project: k-space.ee | ||||
|   source: | ||||
|     repoURL: 'git@git.k-space.ee:k-space/kube.git' | ||||
|     path: harbor | ||||
|     path: freescout | ||||
|     targetRevision: HEAD | ||||
|   destination: | ||||
|     server: 'https://kubernetes.default.svc' | ||||
|     namespace: harbor | ||||
|   syncPolicy: | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|     namespace: freescout | ||||
|   syncPolicy: {} | ||||
							
								
								
									
										16
									
								
								argocd/applications/gitea.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										16
									
								
								argocd/applications/gitea.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,16 @@ | ||||
| --- | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: gitea | ||||
|   namespace: argocd | ||||
| spec: | ||||
|   project: k-space.ee | ||||
|   source: | ||||
|     repoURL: 'git@git.k-space.ee:k-space/kube.git' | ||||
|     path: gitea | ||||
|     targetRevision: HEAD | ||||
|   destination: | ||||
|     server: 'https://kubernetes.default.svc' | ||||
|     namespace: gitea | ||||
|   syncPolicy: {} | ||||
| @@ -1,10 +1,11 @@ | ||||
| --- | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: grafana | ||||
|   namespace: argocd | ||||
| spec: | ||||
|   project: default | ||||
|   project: k-space.ee | ||||
|   source: | ||||
|     repoURL: 'git@git.k-space.ee:k-space/kube.git' | ||||
|     path: grafana | ||||
| @@ -12,6 +13,4 @@ spec: | ||||
|   destination: | ||||
|     server: 'https://kubernetes.default.svc' | ||||
|     namespace: grafana | ||||
|   syncPolicy: | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|   syncPolicy: {} | ||||
							
								
								
									
										16
									
								
								argocd/applications/hackerspace.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										16
									
								
								argocd/applications/hackerspace.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,16 @@ | ||||
| --- | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: hackerspace | ||||
|   namespace: argocd | ||||
| spec: | ||||
|   project: k-space.ee | ||||
|   source: | ||||
|     repoURL: 'git@git.k-space.ee:k-space/kube.git' | ||||
|     path: hackerspace | ||||
|     targetRevision: HEAD | ||||
|   destination: | ||||
|     server: 'https://kubernetes.default.svc' | ||||
|     namespace: hackerspace | ||||
|   syncPolicy: {} | ||||
| @@ -1,17 +0,0 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: kubernetes-dashboard | ||||
|   namespace: argocd | ||||
| spec: | ||||
|   project: default | ||||
|   source: | ||||
|     repoURL: 'git@git.k-space.ee:k-space/kube.git' | ||||
|     path: kubernetes-dashboard | ||||
|     targetRevision: HEAD | ||||
|   destination: | ||||
|     server: 'https://kubernetes.default.svc' | ||||
|     namespace: kubernetes-dashboard | ||||
|   syncPolicy: | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
| @@ -1,17 +0,0 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: logging | ||||
|   namespace: argocd | ||||
| spec: | ||||
|   project: default | ||||
|   source: | ||||
|     repoURL: 'git@git.k-space.ee:k-space/kube.git' | ||||
|     path: logging | ||||
|     targetRevision: HEAD | ||||
|   destination: | ||||
|     server: 'https://kubernetes.default.svc' | ||||
|     namespace: logging | ||||
|   syncPolicy: | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
| @@ -1,17 +0,0 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: logmower | ||||
|   namespace: argocd | ||||
| spec: | ||||
|   project: default | ||||
|   source: | ||||
|     repoURL: 'git@git.k-space.ee:k-space/kube.git' | ||||
|     path: logmower | ||||
|     targetRevision: HEAD | ||||
|   destination: | ||||
|     server: 'https://kubernetes.default.svc' | ||||
|     namespace: logmower | ||||
|   syncPolicy: | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
| @@ -1,17 +0,0 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: members | ||||
|   namespace: argocd | ||||
| spec: | ||||
|   project: default | ||||
|   source: | ||||
|     repoURL: 'git@git.k-space.ee:k-space/kube-members.git' | ||||
|     path: . | ||||
|     targetRevision: HEAD | ||||
|   destination: | ||||
|     server: 'https://kubernetes.default.svc' | ||||
|     namespace: members | ||||
|   syncPolicy: | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
| @@ -1,22 +0,0 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: metallb-system | ||||
|   namespace: argocd | ||||
| spec: | ||||
|   project: default | ||||
|   source: | ||||
|     repoURL: 'git@git.k-space.ee:k-space/kube.git' | ||||
|     path: metallb-system | ||||
|     targetRevision: HEAD | ||||
|   destination: | ||||
|     server: 'https://kubernetes.default.svc' | ||||
|     namespace: metallb-system | ||||
|   syncPolicy: | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|   ignoreDifferences: | ||||
|     - group: apiextensions.k8s.io | ||||
|       kind: CustomResourceDefinition | ||||
|       jqPathExpressions: | ||||
|         - '.spec.conversion.webhook.clientConfig.caBundle' | ||||
| @@ -1,17 +0,0 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: mysql-operator | ||||
|   namespace: argocd | ||||
| spec: | ||||
|   project: default | ||||
|   source: | ||||
|     repoURL: 'git@git.k-space.ee:k-space/kube.git' | ||||
|     path: mysql-operator | ||||
|     targetRevision: HEAD | ||||
|   destination: | ||||
|     server: 'https://kubernetes.default.svc' | ||||
|     namespace: mysql-operator | ||||
|   syncPolicy: | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
							
								
								
									
										16
									
								
								argocd/applications/nextcloud.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										16
									
								
								argocd/applications/nextcloud.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,16 @@ | ||||
| --- | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: nextcloud | ||||
|   namespace: argocd | ||||
| spec: | ||||
|   project: k-space.ee | ||||
|   source: | ||||
|     repoURL: 'git@git.k-space.ee:k-space/kube.git' | ||||
|     path: nextcloud | ||||
|     targetRevision: HEAD | ||||
|   destination: | ||||
|     server: 'https://kubernetes.default.svc' | ||||
|     namespace: nextcloud | ||||
|   syncPolicy: {} | ||||
							
								
								
									
										16
									
								
								argocd/applications/nyancat.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										16
									
								
								argocd/applications/nyancat.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,16 @@ | ||||
| --- | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: nyancat | ||||
|   namespace: argocd | ||||
| spec: | ||||
|   project: k-space.ee | ||||
|   source: | ||||
|     repoURL: 'git@git.k-space.ee:k-space/kube.git' | ||||
|     path: nyancat | ||||
|     targetRevision: HEAD | ||||
|   destination: | ||||
|     server: 'https://kubernetes.default.svc' | ||||
|     namespace: nyancat | ||||
|   syncPolicy: {} | ||||
| @@ -1,17 +0,0 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: phpmyadmin | ||||
|   namespace: argocd | ||||
| spec: | ||||
|   project: default | ||||
|   source: | ||||
|     repoURL: 'git@git.k-space.ee:k-space/kube.git' | ||||
|     path: phpmyadmin | ||||
|     targetRevision: HEAD | ||||
|   destination: | ||||
|     server: 'https://kubernetes.default.svc' | ||||
|     namespace: phpmyadmin | ||||
|   syncPolicy: | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
| @@ -1,17 +0,0 @@ | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: reloader | ||||
|   namespace: argocd | ||||
| spec: | ||||
|   project: default | ||||
|   source: | ||||
|     repoURL: 'git@git.k-space.ee:k-space/kube.git' | ||||
|     path: reloader | ||||
|     targetRevision: HEAD | ||||
|   destination: | ||||
|     server: 'https://kubernetes.default.svc' | ||||
|     namespace: reloader | ||||
|   syncPolicy: | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
| @@ -1,10 +1,11 @@ | ||||
| --- | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: rosdump | ||||
|   namespace: argocd | ||||
| spec: | ||||
|   project: default | ||||
|   project: k-space.ee | ||||
|   source: | ||||
|     repoURL: 'git@git.k-space.ee:k-space/kube.git' | ||||
|     path: rosdump | ||||
| @@ -12,6 +13,4 @@ spec: | ||||
|   destination: | ||||
|     server: 'https://kubernetes.default.svc' | ||||
|     namespace: rosdump | ||||
|   syncPolicy: | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|   syncPolicy: {} | ||||
							
								
								
									
										16
									
								
								argocd/applications/traefik.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										16
									
								
								argocd/applications/traefik.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,16 @@ | ||||
| --- | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: traefik | ||||
|   namespace: argocd | ||||
| spec: | ||||
|   project: k-space.ee | ||||
|   source: | ||||
|     repoURL: 'git@git.k-space.ee:k-space/kube.git' | ||||
|     path: traefik | ||||
|     targetRevision: HEAD | ||||
|   destination: | ||||
|     server: 'https://kubernetes.default.svc' | ||||
|     namespace: traefik | ||||
|   syncPolicy: {} | ||||
							
								
								
									
										16
									
								
								argocd/applications/wiki.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										16
									
								
								argocd/applications/wiki.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,16 @@ | ||||
| --- | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: wiki | ||||
|   namespace: argocd | ||||
| spec: | ||||
|   project: k-space.ee | ||||
|   source: | ||||
|     repoURL: 'git@git.k-space.ee:k-space/kube.git' | ||||
|     path: wiki | ||||
|     targetRevision: HEAD | ||||
|   destination: | ||||
|     server: 'https://kubernetes.default.svc' | ||||
|     namespace: wiki | ||||
|   syncPolicy: {} | ||||
| @@ -1,10 +1,11 @@ | ||||
| --- | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: wildduck | ||||
|   namespace: argocd | ||||
| spec: | ||||
|   project: default | ||||
|   project: k-space.ee | ||||
|   source: | ||||
|     repoURL: 'git@git.k-space.ee:k-space/kube.git' | ||||
|     path: wildduck | ||||
| @@ -12,6 +13,4 @@ spec: | ||||
|   destination: | ||||
|     server: 'https://kubernetes.default.svc' | ||||
|     namespace: wildduck | ||||
|   syncPolicy: | ||||
|     syncOptions: | ||||
|       - CreateNamespace=true | ||||
|   syncPolicy: {} | ||||
							
								
								
									
										16
									
								
								argocd/applications/woodpecker.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										16
									
								
								argocd/applications/woodpecker.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,16 @@ | ||||
| --- | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: woodpecker | ||||
|   namespace: argocd | ||||
| spec: | ||||
|   project: k-space.ee | ||||
|   source: | ||||
|     repoURL: 'git@git.k-space.ee:k-space/kube.git' | ||||
|     path: woodpecker | ||||
|     targetRevision: HEAD | ||||
|   destination: | ||||
|     server: 'https://kubernetes.default.svc' | ||||
|     namespace: woodpecker | ||||
|   syncPolicy: {} | ||||
							
								
								
									
										11
									
								
								asterisk/README.md
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										11
									
								
								asterisk/README.md
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,11 @@ | ||||
| # Asterisk | ||||
|  | ||||
| Asterisk is used as  | ||||
|  | ||||
| This application is managed by [ArgoCD](https://argocd.k-space.ee/applications/argocd/asterisk) | ||||
|  | ||||
| Should ArgoCD be down manifests here can be applied with: | ||||
|  | ||||
| ``` | ||||
| kubectl apply -n asterisk -f application.yaml | ||||
| ``` | ||||
| @@ -9,9 +9,9 @@ spec: | ||||
|   type: LoadBalancer | ||||
|   externalTrafficPolicy: Local | ||||
|   selector: | ||||
|     app: asterisk | ||||
|     app: sip | ||||
|   ports: | ||||
|     - name: sip | ||||
|     - name: asterisk | ||||
|       protocol: UDP | ||||
|       port: 5060 | ||||
| --- | ||||
|   | ||||
| @@ -1,9 +1,10 @@ | ||||
| # Bind setup | ||||
|  | ||||
| The Bind primary resides outside Kubernetes at `193.40.103.2` and | ||||
| it's internally reachable via `172.20.0.2` | ||||
| it's internally reachable via `172.20.0.2`. | ||||
|  | ||||
| Bind secondaries are hosted inside Kubernetes and load balanced behind `62.65.250.2` | ||||
| Bind secondaries are hosted inside Kubernetes, load balanced behind `62.65.250.2` and | ||||
| under normal circumstances managed by [ArgoCD](https://argocd.k-space.ee/applications/argocd/bind). | ||||
|  | ||||
| Ingresses and DNSEndpoints referring to `k-space.ee`, `kspace.ee`, `k6.ee` | ||||
| are picked up automatically by `external-dns` and updated on primary. | ||||
|   | ||||
							
								
								
									
										9
									
								
								freescout/README.md
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										9
									
								
								freescout/README.md
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,9 @@ | ||||
| # Freescout | ||||
|  | ||||
| This application is managed by [ArgoCD](https://argocd.k-space.ee/applications/argocd/freescout) | ||||
|  | ||||
| Should ArgoCD be down manifests here can be applied with: | ||||
|  | ||||
| ``` | ||||
| kubectl apply -n freescout -f application.yaml | ||||
| ``` | ||||
| @@ -1,5 +1,9 @@ | ||||
| # Gitea | ||||
|  | ||||
| This application is managed by [ArgoCD](https://argocd.k-space.ee/applications/argocd/gitea) | ||||
|  | ||||
| Should ArgoCD be down manifests here can be applied with: | ||||
|  | ||||
| ``` | ||||
| kubectl apply -n gitea -f application.yaml | ||||
| ``` | ||||
|   | ||||
| @@ -61,6 +61,7 @@ metadata: | ||||
|   labels: | ||||
|     app.kubernetes.io/name: gitea | ||||
| spec: | ||||
|   revisionHistoryLimit: 0 | ||||
|   serviceName: gitea | ||||
|   replicas: 1 | ||||
|   selector: | ||||
|   | ||||
| @@ -1,5 +1,9 @@ | ||||
| # Grafana | ||||
|  | ||||
| This application is managed by [ArgoCD](https://argocd.k-space.ee/applications/argocd/grafana) | ||||
|  | ||||
| Should ArgoCD be down manifests here can be applied with: | ||||
|  | ||||
| ``` | ||||
| kubectl create namespace grafana | ||||
| kubectl apply -n grafana -f application.yml | ||||
| @@ -8,8 +12,4 @@ kubectl apply -n grafana -f application.yml | ||||
| ## Grafana post deployment steps | ||||
|  | ||||
| * Configure Prometheus datasource with URL set to | ||||
|   `http://prometheus-operated.prometheus-operator.svc.cluster.local:9090` | ||||
| * Configure Elasticsearch datasource with URL set to | ||||
|   `http://elasticsearch.elastic-system.svc.cluster.local`, | ||||
|   Time field name set to `timestamp` and | ||||
|   ElasticSearch version set to `7.10+` | ||||
|   `http://prometheus-operated.monitoring.svc.cluster.local:9090` | ||||
|   | ||||
| @@ -185,3 +185,11 @@ spec: | ||||
|   tls: | ||||
|   - hosts: | ||||
|     - "*.k-space.ee" | ||||
| --- | ||||
| apiVersion: codemowers.cloud/v1beta1 | ||||
| kind: MysqlDatabaseClaim | ||||
| metadata: | ||||
|   name: grafana | ||||
| spec: | ||||
|   capacity: 1Gi | ||||
|   class: shared | ||||
|   | ||||
| @@ -1,21 +0,0 @@ | ||||
|  | ||||
| To deploy components: | ||||
|  | ||||
| ``` | ||||
| kubectl create namespace members-site | ||||
| kubectl apply -n members-site -f doorboy.yml | ||||
| ``` | ||||
|  | ||||
|  | ||||
| # Doorboy | ||||
|  | ||||
| Set up Doorboy UID hashing salt: | ||||
|  | ||||
| ``` | ||||
|  kubectl create secret generic -n members-site doorboy-api \ | ||||
|     --from-literal=DOORBOY_SECRET=hg2NmVlf6JcS3w237ZXn | ||||
|  kubectl create secret generic -n members-site doorboy-uid-hash-salt \ | ||||
|     --from-literal=KDOORPI_UID_SALT=hkRXwLlQKmCJoy5qaahp | ||||
|  kubectl create secret generic -n members-site mongo-application-readwrite \ | ||||
|     --from-literal=connectionString.standard=mongodb://kspace_accounting:dBDCS21pHlZAd5isyfBI@mongodb.infra.k-space.ee:27017/kspace_accounting?replicaSet=kspace-mongo-set | ||||
| ``` | ||||
| @@ -1,5 +1,7 @@ | ||||
| # Logging infrastructure | ||||
|  | ||||
| Note: This is deprecated since we moved to [Logmower stack](https://github.com/logmower) | ||||
|  | ||||
| ## Background | ||||
|  | ||||
| Fluent Bit picks up the logs from Kubernetes workers and sends them to Graylog | ||||
|   | ||||
| @@ -1,4 +1,9 @@ | ||||
| Traefik Ingress Controller: | ||||
| # Traefik Ingress Controller | ||||
|  | ||||
| This application is managed by | ||||
| [ArgoCD](https://argocd.k-space.ee/applications/argocd/traefik) | ||||
|  | ||||
| Should ArgoCD be down manifests here can be applied with: | ||||
|  | ||||
| ``` | ||||
| kubectl create namespace traefik | ||||
|   | ||||
		Reference in New Issue
	
	Block a user