Updates and cleanups
This commit is contained in:
parent
4fa554da57
commit
b11ac8bcae
26
README.md
26
README.md
@ -2,21 +2,8 @@
|
|||||||
|
|
||||||
## Introduction
|
## Introduction
|
||||||
|
|
||||||
This is the Kubernetes manifests of services running on k-space.ee domains:
|
This is the Kubernetes manifests of services running on k-space.ee domains.
|
||||||
|
The applications are listed on https://auth2.k-space.ee for authenticated users.
|
||||||
- [Authelia](https://auth.k-space.ee) for authentication
|
|
||||||
- [Drone.io](https://drone.k-space.ee) for building Docker images
|
|
||||||
- [Harbor](https://harbor.k-space.ee) for hosting Docker images
|
|
||||||
- [ArgoCD](https://argocd.k-space.ee) for deploying Kubernetes manifests and
|
|
||||||
Helm charts into the cluster
|
|
||||||
- [camtiler](https://cams.k-space.ee) for cameras
|
|
||||||
- [Longhorn Dashboard](https://longhorn.k-space.ee) for administering
|
|
||||||
Longhorn storage
|
|
||||||
- [Kubernetes Dashboard](https://kubernetes-dashboard.k-space.ee/) for read-only overview
|
|
||||||
of the Kubernetes cluster
|
|
||||||
- [Wildduck Webmail](https://webmail.k-space.ee/)
|
|
||||||
|
|
||||||
Most endpoints are protected by OIDC autentication or Authelia SSO middleware.
|
|
||||||
|
|
||||||
|
|
||||||
## Cluster access
|
## Cluster access
|
||||||
@ -27,7 +14,7 @@ General discussion is happening in the `#kube` Slack channel.
|
|||||||
For bootstrap access obtain `/etc/kubernetes/admin.conf` from one of the master
|
For bootstrap access obtain `/etc/kubernetes/admin.conf` from one of the master
|
||||||
nodes and place it under `~/.kube/config` on your machine.
|
nodes and place it under `~/.kube/config` on your machine.
|
||||||
|
|
||||||
Once Authelia is working, OIDC access for others can be enabled with
|
Once Passmower is working, OIDC access for others can be enabled with
|
||||||
running following on Kubernetes masters:
|
running following on Kubernetes masters:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
@ -120,7 +107,7 @@ Our self-hosted Kubernetes stack compared to AWS based deployments:
|
|||||||
| AWS Route53 | Bind and RFC2136 | DNS records and Let's Encrypt DNS validation |
|
| AWS Route53 | Bind and RFC2136 | DNS records and Let's Encrypt DNS validation |
|
||||||
| AWS S3 | Minio Operator | Highly available object storage |
|
| AWS S3 | Minio Operator | Highly available object storage |
|
||||||
| AWS VPC | Calico | Overlay network |
|
| AWS VPC | Calico | Overlay network |
|
||||||
| Dex | Authelia | ACL mapping and OIDC provider which integrates with GitHub/Samba |
|
| Dex | Passmower | ACL mapping and OIDC provider which integrates with GitHub/Samba |
|
||||||
| GitHub Actions | Drone | Build Docker images |
|
| GitHub Actions | Drone | Build Docker images |
|
||||||
| GitHub | Gitea | Source code management, issue tracking |
|
| GitHub | Gitea | Source code management, issue tracking |
|
||||||
| GitHub OAuth2 | Samba (Active Directory compatible) | Source of truth for authentication and authorization |
|
| GitHub OAuth2 | Samba (Active Directory compatible) | Source of truth for authentication and authorization |
|
||||||
@ -129,7 +116,6 @@ Our self-hosted Kubernetes stack compared to AWS based deployments:
|
|||||||
|
|
||||||
External dependencies running as classic virtual machines:
|
External dependencies running as classic virtual machines:
|
||||||
|
|
||||||
- Samba as Authelia's source of truth
|
|
||||||
- Bind as DNS server
|
- Bind as DNS server
|
||||||
|
|
||||||
|
|
||||||
@ -137,13 +123,13 @@ External dependencies running as classic virtual machines:
|
|||||||
|
|
||||||
Deploy applications via [ArgoCD](https://argocd.k-space.ee)
|
Deploy applications via [ArgoCD](https://argocd.k-space.ee)
|
||||||
|
|
||||||
We use Treafik with Authelia for Ingress.
|
We use Treafik with Passmower for Ingress.
|
||||||
Applications where possible and where applicable should use `Remote-User`
|
Applications where possible and where applicable should use `Remote-User`
|
||||||
authentication. This prevents application exposure on public Internet.
|
authentication. This prevents application exposure on public Internet.
|
||||||
Otherwise use OpenID Connect for authentication,
|
Otherwise use OpenID Connect for authentication,
|
||||||
see Argo itself as an example how that is done.
|
see Argo itself as an example how that is done.
|
||||||
|
|
||||||
See `kspace-camtiler/ingress.yml` for commented Ingress example.
|
See `camtiler/ingress.yml` for commented Ingress example.
|
||||||
|
|
||||||
Note that we do not use IngressRoute objects because they don't
|
Note that we do not use IngressRoute objects because they don't
|
||||||
support `external-dns` out of the box.
|
support `external-dns` out of the box.
|
||||||
|
@ -1,6 +1,7 @@
|
|||||||
# Workflow
|
# Workflow
|
||||||
|
|
||||||
Most applications in our Kubernetes cluster are managed by ArgoCD.
|
Most applications in our Kubernetes cluster are managed by ArgoCD.
|
||||||
|
Most notably operators are NOT managed by ArgoCD.
|
||||||
|
|
||||||
|
|
||||||
# Deployment
|
# Deployment
|
||||||
@ -20,8 +21,6 @@ kubectl -n argocd rollout restart statefulset/k6-argocd-application-controller
|
|||||||
kubectl label -n argocd secret oidc-client-argocd-owner-secrets app.kubernetes.io/part-of=argocd
|
kubectl label -n argocd secret oidc-client-argocd-owner-secrets app.kubernetes.io/part-of=argocd
|
||||||
```
|
```
|
||||||
|
|
||||||
Note: Refer to Authelia README for OIDC secret setup
|
|
||||||
|
|
||||||
|
|
||||||
# Setting up Git secrets
|
# Setting up Git secrets
|
||||||
|
|
||||||
@ -50,3 +49,32 @@ rm -fv id_ecdsa
|
|||||||
Have Gitea admin reset password for user `argocd` and log in with that account.
|
Have Gitea admin reset password for user `argocd` and log in with that account.
|
||||||
Add the SSH key for user `argocd` from file `id_ecdsa.pub`.
|
Add the SSH key for user `argocd` from file `id_ecdsa.pub`.
|
||||||
Delete any other SSH keys associated with Gitea user `argocd`.
|
Delete any other SSH keys associated with Gitea user `argocd`.
|
||||||
|
|
||||||
|
|
||||||
|
# Managing applications
|
||||||
|
|
||||||
|
To update apps:
|
||||||
|
|
||||||
|
```
|
||||||
|
for j in asterisk bind camtiler drone drone-execution etherpad freescout gitea grafana hackerspace nextcloud nyancat rosdump traefik wiki wildduck woodpecker; do
|
||||||
|
cat << EOF >> applications/$j.yaml
|
||||||
|
---
|
||||||
|
apiVersion: argoproj.io/v1alpha1
|
||||||
|
kind: Application
|
||||||
|
metadata:
|
||||||
|
name: $j
|
||||||
|
namespace: argocd
|
||||||
|
spec:
|
||||||
|
project: k-space.ee
|
||||||
|
source:
|
||||||
|
repoURL: 'git@git.k-space.ee:k-space/kube.git'
|
||||||
|
path: $j
|
||||||
|
targetRevision: HEAD
|
||||||
|
destination:
|
||||||
|
server: 'https://kubernetes.default.svc'
|
||||||
|
namespace: $j
|
||||||
|
syncPolicy: {}
|
||||||
|
EOF
|
||||||
|
done
|
||||||
|
find applications -name "*.yaml" -exec kubectl apply -n argocd -f {} \;
|
||||||
|
```
|
||||||
|
@ -3,6 +3,7 @@ apiVersion: codemowers.io/v1alpha1
|
|||||||
kind: OIDCGWClient
|
kind: OIDCGWClient
|
||||||
metadata:
|
metadata:
|
||||||
name: argocd
|
name: argocd
|
||||||
|
namespace: argocd
|
||||||
spec:
|
spec:
|
||||||
displayName: Argo CD
|
displayName: Argo CD
|
||||||
uri: https://argocd.k-space.ee
|
uri: https://argocd.k-space.ee
|
||||||
@ -19,4 +20,18 @@ spec:
|
|||||||
- openid
|
- openid
|
||||||
- profile
|
- profile
|
||||||
pkce: false
|
pkce: false
|
||||||
|
---
|
||||||
|
apiVersion: argoproj.io/v1alpha1
|
||||||
|
kind: AppProject
|
||||||
|
metadata:
|
||||||
|
namespace: argocd
|
||||||
|
name: k-space.ee
|
||||||
|
spec:
|
||||||
|
clusterResourceWhitelist:
|
||||||
|
- group: '*'
|
||||||
|
kind: '*'
|
||||||
|
destinations:
|
||||||
|
- namespace: '*'
|
||||||
|
server: '*'
|
||||||
|
sourceRepos:
|
||||||
|
- '*'
|
||||||
|
@ -1,14 +1,16 @@
|
|||||||
|
---
|
||||||
apiVersion: argoproj.io/v1alpha1
|
apiVersion: argoproj.io/v1alpha1
|
||||||
kind: Application
|
kind: Application
|
||||||
metadata:
|
metadata:
|
||||||
name: prometheus-operator
|
name: asterisk
|
||||||
namespace: argocd
|
namespace: argocd
|
||||||
spec:
|
spec:
|
||||||
project: default
|
project: k-space.ee
|
||||||
source:
|
source:
|
||||||
repoURL: 'git@git.k-space.ee:k-space/kube.git'
|
repoURL: 'git@git.k-space.ee:k-space/kube.git'
|
||||||
path: prometheus-operator
|
path: asterisk
|
||||||
targetRevision: HEAD
|
targetRevision: HEAD
|
||||||
destination:
|
destination:
|
||||||
server: 'https://kubernetes.default.svc'
|
server: 'https://kubernetes.default.svc'
|
||||||
namespace: prometheus-operator
|
namespace: asterisk
|
||||||
|
syncPolicy: {}
|
@ -1,17 +0,0 @@
|
|||||||
apiVersion: argoproj.io/v1alpha1
|
|
||||||
kind: Application
|
|
||||||
metadata:
|
|
||||||
name: authelia
|
|
||||||
namespace: argocd
|
|
||||||
spec:
|
|
||||||
project: default
|
|
||||||
source:
|
|
||||||
repoURL: 'git@git.k-space.ee:k-space/kube.git'
|
|
||||||
path: authelia
|
|
||||||
targetRevision: HEAD
|
|
||||||
destination:
|
|
||||||
server: 'https://kubernetes.default.svc'
|
|
||||||
namespace: authelia
|
|
||||||
syncPolicy:
|
|
||||||
syncOptions:
|
|
||||||
- CreateNamespace=true
|
|
@ -1,17 +1,16 @@
|
|||||||
|
---
|
||||||
apiVersion: argoproj.io/v1alpha1
|
apiVersion: argoproj.io/v1alpha1
|
||||||
kind: Application
|
kind: Application
|
||||||
metadata:
|
metadata:
|
||||||
name: keel
|
name: bind
|
||||||
namespace: argocd
|
namespace: argocd
|
||||||
spec:
|
spec:
|
||||||
project: default
|
project: k-space.ee
|
||||||
source:
|
source:
|
||||||
repoURL: 'git@git.k-space.ee:k-space/kube.git'
|
repoURL: 'git@git.k-space.ee:k-space/kube.git'
|
||||||
path: keel
|
path: bind
|
||||||
targetRevision: HEAD
|
targetRevision: HEAD
|
||||||
destination:
|
destination:
|
||||||
server: 'https://kubernetes.default.svc'
|
server: 'https://kubernetes.default.svc'
|
||||||
namespace: keel
|
namespace: bind
|
||||||
syncPolicy:
|
syncPolicy: {}
|
||||||
syncOptions:
|
|
||||||
- CreateNamespace=true
|
|
@ -1,10 +1,11 @@
|
|||||||
|
---
|
||||||
apiVersion: argoproj.io/v1alpha1
|
apiVersion: argoproj.io/v1alpha1
|
||||||
kind: Application
|
kind: Application
|
||||||
metadata:
|
metadata:
|
||||||
name: camtiler
|
name: camtiler
|
||||||
namespace: argocd
|
namespace: argocd
|
||||||
spec:
|
spec:
|
||||||
project: default
|
project: k-space.ee
|
||||||
source:
|
source:
|
||||||
repoURL: 'git@git.k-space.ee:k-space/kube.git'
|
repoURL: 'git@git.k-space.ee:k-space/kube.git'
|
||||||
path: camtiler
|
path: camtiler
|
||||||
@ -12,6 +13,4 @@ spec:
|
|||||||
destination:
|
destination:
|
||||||
server: 'https://kubernetes.default.svc'
|
server: 'https://kubernetes.default.svc'
|
||||||
namespace: camtiler
|
namespace: camtiler
|
||||||
syncPolicy:
|
syncPolicy: {}
|
||||||
syncOptions:
|
|
||||||
- CreateNamespace=true
|
|
@ -1,10 +1,11 @@
|
|||||||
|
---
|
||||||
apiVersion: argoproj.io/v1alpha1
|
apiVersion: argoproj.io/v1alpha1
|
||||||
kind: Application
|
kind: Application
|
||||||
metadata:
|
metadata:
|
||||||
name: drone-execution
|
name: drone-execution
|
||||||
namespace: argocd
|
namespace: argocd
|
||||||
spec:
|
spec:
|
||||||
project: default
|
project: k-space.ee
|
||||||
source:
|
source:
|
||||||
repoURL: 'git@git.k-space.ee:k-space/kube.git'
|
repoURL: 'git@git.k-space.ee:k-space/kube.git'
|
||||||
path: drone-execution
|
path: drone-execution
|
||||||
@ -12,6 +13,4 @@ spec:
|
|||||||
destination:
|
destination:
|
||||||
server: 'https://kubernetes.default.svc'
|
server: 'https://kubernetes.default.svc'
|
||||||
namespace: drone-execution
|
namespace: drone-execution
|
||||||
syncPolicy:
|
syncPolicy: {}
|
||||||
syncOptions:
|
|
||||||
- CreateNamespace=true
|
|
@ -1,10 +1,11 @@
|
|||||||
|
---
|
||||||
apiVersion: argoproj.io/v1alpha1
|
apiVersion: argoproj.io/v1alpha1
|
||||||
kind: Application
|
kind: Application
|
||||||
metadata:
|
metadata:
|
||||||
name: drone
|
name: drone
|
||||||
namespace: argocd
|
namespace: argocd
|
||||||
spec:
|
spec:
|
||||||
project: default
|
project: k-space.ee
|
||||||
source:
|
source:
|
||||||
repoURL: 'git@git.k-space.ee:k-space/kube.git'
|
repoURL: 'git@git.k-space.ee:k-space/kube.git'
|
||||||
path: drone
|
path: drone
|
||||||
@ -12,6 +13,4 @@ spec:
|
|||||||
destination:
|
destination:
|
||||||
server: 'https://kubernetes.default.svc'
|
server: 'https://kubernetes.default.svc'
|
||||||
namespace: drone
|
namespace: drone
|
||||||
syncPolicy:
|
syncPolicy: {}
|
||||||
syncOptions:
|
|
||||||
- CreateNamespace=true
|
|
@ -1,22 +0,0 @@
|
|||||||
apiVersion: argoproj.io/v1alpha1
|
|
||||||
kind: Application
|
|
||||||
metadata:
|
|
||||||
name: elastic-system
|
|
||||||
namespace: argocd
|
|
||||||
spec:
|
|
||||||
project: default
|
|
||||||
source:
|
|
||||||
repoURL: 'git@git.k-space.ee:k-space/kube.git'
|
|
||||||
path: elastic-system
|
|
||||||
targetRevision: HEAD
|
|
||||||
destination:
|
|
||||||
server: 'https://kubernetes.default.svc'
|
|
||||||
namespace: elastic-system
|
|
||||||
syncPolicy:
|
|
||||||
syncOptions:
|
|
||||||
- CreateNamespace=true
|
|
||||||
ignoreDifferences:
|
|
||||||
- group: admissionregistration.k8s.io
|
|
||||||
kind: ValidatingWebhookConfiguration
|
|
||||||
jqPathExpressions:
|
|
||||||
- '.webhooks[]?.clientConfig.caBundle'
|
|
@ -1,10 +1,11 @@
|
|||||||
|
---
|
||||||
apiVersion: argoproj.io/v1alpha1
|
apiVersion: argoproj.io/v1alpha1
|
||||||
kind: Application
|
kind: Application
|
||||||
metadata:
|
metadata:
|
||||||
name: etherpad
|
name: etherpad
|
||||||
namespace: argocd
|
namespace: argocd
|
||||||
spec:
|
spec:
|
||||||
project: default
|
project: k-space.ee
|
||||||
source:
|
source:
|
||||||
repoURL: 'git@git.k-space.ee:k-space/kube.git'
|
repoURL: 'git@git.k-space.ee:k-space/kube.git'
|
||||||
path: etherpad
|
path: etherpad
|
||||||
@ -12,6 +13,4 @@ spec:
|
|||||||
destination:
|
destination:
|
||||||
server: 'https://kubernetes.default.svc'
|
server: 'https://kubernetes.default.svc'
|
||||||
namespace: etherpad
|
namespace: etherpad
|
||||||
syncPolicy:
|
syncPolicy: {}
|
||||||
syncOptions:
|
|
||||||
- CreateNamespace=true
|
|
@ -1,17 +0,0 @@
|
|||||||
apiVersion: argoproj.io/v1alpha1
|
|
||||||
kind: Application
|
|
||||||
metadata:
|
|
||||||
name: external-dns
|
|
||||||
namespace: argocd
|
|
||||||
spec:
|
|
||||||
project: default
|
|
||||||
source:
|
|
||||||
repoURL: 'git@git.k-space.ee:k-space/kube.git'
|
|
||||||
path: external-dns
|
|
||||||
targetRevision: HEAD
|
|
||||||
destination:
|
|
||||||
server: 'https://kubernetes.default.svc'
|
|
||||||
namespace: external-dns
|
|
||||||
syncPolicy:
|
|
||||||
syncOptions:
|
|
||||||
- CreateNamespace=true
|
|
@ -1,17 +1,16 @@
|
|||||||
|
---
|
||||||
apiVersion: argoproj.io/v1alpha1
|
apiVersion: argoproj.io/v1alpha1
|
||||||
kind: Application
|
kind: Application
|
||||||
metadata:
|
metadata:
|
||||||
name: harbor
|
name: freescout
|
||||||
namespace: argocd
|
namespace: argocd
|
||||||
spec:
|
spec:
|
||||||
project: default
|
project: k-space.ee
|
||||||
source:
|
source:
|
||||||
repoURL: 'git@git.k-space.ee:k-space/kube.git'
|
repoURL: 'git@git.k-space.ee:k-space/kube.git'
|
||||||
path: harbor
|
path: freescout
|
||||||
targetRevision: HEAD
|
targetRevision: HEAD
|
||||||
destination:
|
destination:
|
||||||
server: 'https://kubernetes.default.svc'
|
server: 'https://kubernetes.default.svc'
|
||||||
namespace: harbor
|
namespace: freescout
|
||||||
syncPolicy:
|
syncPolicy: {}
|
||||||
syncOptions:
|
|
||||||
- CreateNamespace=true
|
|
16
argocd/applications/gitea.yaml
Normal file
16
argocd/applications/gitea.yaml
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
---
|
||||||
|
apiVersion: argoproj.io/v1alpha1
|
||||||
|
kind: Application
|
||||||
|
metadata:
|
||||||
|
name: gitea
|
||||||
|
namespace: argocd
|
||||||
|
spec:
|
||||||
|
project: k-space.ee
|
||||||
|
source:
|
||||||
|
repoURL: 'git@git.k-space.ee:k-space/kube.git'
|
||||||
|
path: gitea
|
||||||
|
targetRevision: HEAD
|
||||||
|
destination:
|
||||||
|
server: 'https://kubernetes.default.svc'
|
||||||
|
namespace: gitea
|
||||||
|
syncPolicy: {}
|
@ -1,10 +1,11 @@
|
|||||||
|
---
|
||||||
apiVersion: argoproj.io/v1alpha1
|
apiVersion: argoproj.io/v1alpha1
|
||||||
kind: Application
|
kind: Application
|
||||||
metadata:
|
metadata:
|
||||||
name: grafana
|
name: grafana
|
||||||
namespace: argocd
|
namespace: argocd
|
||||||
spec:
|
spec:
|
||||||
project: default
|
project: k-space.ee
|
||||||
source:
|
source:
|
||||||
repoURL: 'git@git.k-space.ee:k-space/kube.git'
|
repoURL: 'git@git.k-space.ee:k-space/kube.git'
|
||||||
path: grafana
|
path: grafana
|
||||||
@ -12,6 +13,4 @@ spec:
|
|||||||
destination:
|
destination:
|
||||||
server: 'https://kubernetes.default.svc'
|
server: 'https://kubernetes.default.svc'
|
||||||
namespace: grafana
|
namespace: grafana
|
||||||
syncPolicy:
|
syncPolicy: {}
|
||||||
syncOptions:
|
|
||||||
- CreateNamespace=true
|
|
16
argocd/applications/hackerspace.yaml
Normal file
16
argocd/applications/hackerspace.yaml
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
---
|
||||||
|
apiVersion: argoproj.io/v1alpha1
|
||||||
|
kind: Application
|
||||||
|
metadata:
|
||||||
|
name: hackerspace
|
||||||
|
namespace: argocd
|
||||||
|
spec:
|
||||||
|
project: k-space.ee
|
||||||
|
source:
|
||||||
|
repoURL: 'git@git.k-space.ee:k-space/kube.git'
|
||||||
|
path: hackerspace
|
||||||
|
targetRevision: HEAD
|
||||||
|
destination:
|
||||||
|
server: 'https://kubernetes.default.svc'
|
||||||
|
namespace: hackerspace
|
||||||
|
syncPolicy: {}
|
@ -1,17 +0,0 @@
|
|||||||
apiVersion: argoproj.io/v1alpha1
|
|
||||||
kind: Application
|
|
||||||
metadata:
|
|
||||||
name: kubernetes-dashboard
|
|
||||||
namespace: argocd
|
|
||||||
spec:
|
|
||||||
project: default
|
|
||||||
source:
|
|
||||||
repoURL: 'git@git.k-space.ee:k-space/kube.git'
|
|
||||||
path: kubernetes-dashboard
|
|
||||||
targetRevision: HEAD
|
|
||||||
destination:
|
|
||||||
server: 'https://kubernetes.default.svc'
|
|
||||||
namespace: kubernetes-dashboard
|
|
||||||
syncPolicy:
|
|
||||||
syncOptions:
|
|
||||||
- CreateNamespace=true
|
|
@ -1,17 +0,0 @@
|
|||||||
apiVersion: argoproj.io/v1alpha1
|
|
||||||
kind: Application
|
|
||||||
metadata:
|
|
||||||
name: logging
|
|
||||||
namespace: argocd
|
|
||||||
spec:
|
|
||||||
project: default
|
|
||||||
source:
|
|
||||||
repoURL: 'git@git.k-space.ee:k-space/kube.git'
|
|
||||||
path: logging
|
|
||||||
targetRevision: HEAD
|
|
||||||
destination:
|
|
||||||
server: 'https://kubernetes.default.svc'
|
|
||||||
namespace: logging
|
|
||||||
syncPolicy:
|
|
||||||
syncOptions:
|
|
||||||
- CreateNamespace=true
|
|
@ -1,17 +0,0 @@
|
|||||||
apiVersion: argoproj.io/v1alpha1
|
|
||||||
kind: Application
|
|
||||||
metadata:
|
|
||||||
name: logmower
|
|
||||||
namespace: argocd
|
|
||||||
spec:
|
|
||||||
project: default
|
|
||||||
source:
|
|
||||||
repoURL: 'git@git.k-space.ee:k-space/kube.git'
|
|
||||||
path: logmower
|
|
||||||
targetRevision: HEAD
|
|
||||||
destination:
|
|
||||||
server: 'https://kubernetes.default.svc'
|
|
||||||
namespace: logmower
|
|
||||||
syncPolicy:
|
|
||||||
syncOptions:
|
|
||||||
- CreateNamespace=true
|
|
@ -1,17 +0,0 @@
|
|||||||
apiVersion: argoproj.io/v1alpha1
|
|
||||||
kind: Application
|
|
||||||
metadata:
|
|
||||||
name: members
|
|
||||||
namespace: argocd
|
|
||||||
spec:
|
|
||||||
project: default
|
|
||||||
source:
|
|
||||||
repoURL: 'git@git.k-space.ee:k-space/kube-members.git'
|
|
||||||
path: .
|
|
||||||
targetRevision: HEAD
|
|
||||||
destination:
|
|
||||||
server: 'https://kubernetes.default.svc'
|
|
||||||
namespace: members
|
|
||||||
syncPolicy:
|
|
||||||
syncOptions:
|
|
||||||
- CreateNamespace=true
|
|
@ -1,22 +0,0 @@
|
|||||||
apiVersion: argoproj.io/v1alpha1
|
|
||||||
kind: Application
|
|
||||||
metadata:
|
|
||||||
name: metallb-system
|
|
||||||
namespace: argocd
|
|
||||||
spec:
|
|
||||||
project: default
|
|
||||||
source:
|
|
||||||
repoURL: 'git@git.k-space.ee:k-space/kube.git'
|
|
||||||
path: metallb-system
|
|
||||||
targetRevision: HEAD
|
|
||||||
destination:
|
|
||||||
server: 'https://kubernetes.default.svc'
|
|
||||||
namespace: metallb-system
|
|
||||||
syncPolicy:
|
|
||||||
syncOptions:
|
|
||||||
- CreateNamespace=true
|
|
||||||
ignoreDifferences:
|
|
||||||
- group: apiextensions.k8s.io
|
|
||||||
kind: CustomResourceDefinition
|
|
||||||
jqPathExpressions:
|
|
||||||
- '.spec.conversion.webhook.clientConfig.caBundle'
|
|
@ -1,17 +0,0 @@
|
|||||||
apiVersion: argoproj.io/v1alpha1
|
|
||||||
kind: Application
|
|
||||||
metadata:
|
|
||||||
name: mysql-operator
|
|
||||||
namespace: argocd
|
|
||||||
spec:
|
|
||||||
project: default
|
|
||||||
source:
|
|
||||||
repoURL: 'git@git.k-space.ee:k-space/kube.git'
|
|
||||||
path: mysql-operator
|
|
||||||
targetRevision: HEAD
|
|
||||||
destination:
|
|
||||||
server: 'https://kubernetes.default.svc'
|
|
||||||
namespace: mysql-operator
|
|
||||||
syncPolicy:
|
|
||||||
syncOptions:
|
|
||||||
- CreateNamespace=true
|
|
16
argocd/applications/nextcloud.yaml
Normal file
16
argocd/applications/nextcloud.yaml
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
---
|
||||||
|
apiVersion: argoproj.io/v1alpha1
|
||||||
|
kind: Application
|
||||||
|
metadata:
|
||||||
|
name: nextcloud
|
||||||
|
namespace: argocd
|
||||||
|
spec:
|
||||||
|
project: k-space.ee
|
||||||
|
source:
|
||||||
|
repoURL: 'git@git.k-space.ee:k-space/kube.git'
|
||||||
|
path: nextcloud
|
||||||
|
targetRevision: HEAD
|
||||||
|
destination:
|
||||||
|
server: 'https://kubernetes.default.svc'
|
||||||
|
namespace: nextcloud
|
||||||
|
syncPolicy: {}
|
16
argocd/applications/nyancat.yaml
Normal file
16
argocd/applications/nyancat.yaml
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
---
|
||||||
|
apiVersion: argoproj.io/v1alpha1
|
||||||
|
kind: Application
|
||||||
|
metadata:
|
||||||
|
name: nyancat
|
||||||
|
namespace: argocd
|
||||||
|
spec:
|
||||||
|
project: k-space.ee
|
||||||
|
source:
|
||||||
|
repoURL: 'git@git.k-space.ee:k-space/kube.git'
|
||||||
|
path: nyancat
|
||||||
|
targetRevision: HEAD
|
||||||
|
destination:
|
||||||
|
server: 'https://kubernetes.default.svc'
|
||||||
|
namespace: nyancat
|
||||||
|
syncPolicy: {}
|
@ -1,17 +0,0 @@
|
|||||||
apiVersion: argoproj.io/v1alpha1
|
|
||||||
kind: Application
|
|
||||||
metadata:
|
|
||||||
name: phpmyadmin
|
|
||||||
namespace: argocd
|
|
||||||
spec:
|
|
||||||
project: default
|
|
||||||
source:
|
|
||||||
repoURL: 'git@git.k-space.ee:k-space/kube.git'
|
|
||||||
path: phpmyadmin
|
|
||||||
targetRevision: HEAD
|
|
||||||
destination:
|
|
||||||
server: 'https://kubernetes.default.svc'
|
|
||||||
namespace: phpmyadmin
|
|
||||||
syncPolicy:
|
|
||||||
syncOptions:
|
|
||||||
- CreateNamespace=true
|
|
@ -1,17 +0,0 @@
|
|||||||
apiVersion: argoproj.io/v1alpha1
|
|
||||||
kind: Application
|
|
||||||
metadata:
|
|
||||||
name: reloader
|
|
||||||
namespace: argocd
|
|
||||||
spec:
|
|
||||||
project: default
|
|
||||||
source:
|
|
||||||
repoURL: 'git@git.k-space.ee:k-space/kube.git'
|
|
||||||
path: reloader
|
|
||||||
targetRevision: HEAD
|
|
||||||
destination:
|
|
||||||
server: 'https://kubernetes.default.svc'
|
|
||||||
namespace: reloader
|
|
||||||
syncPolicy:
|
|
||||||
syncOptions:
|
|
||||||
- CreateNamespace=true
|
|
@ -1,10 +1,11 @@
|
|||||||
|
---
|
||||||
apiVersion: argoproj.io/v1alpha1
|
apiVersion: argoproj.io/v1alpha1
|
||||||
kind: Application
|
kind: Application
|
||||||
metadata:
|
metadata:
|
||||||
name: rosdump
|
name: rosdump
|
||||||
namespace: argocd
|
namespace: argocd
|
||||||
spec:
|
spec:
|
||||||
project: default
|
project: k-space.ee
|
||||||
source:
|
source:
|
||||||
repoURL: 'git@git.k-space.ee:k-space/kube.git'
|
repoURL: 'git@git.k-space.ee:k-space/kube.git'
|
||||||
path: rosdump
|
path: rosdump
|
||||||
@ -12,6 +13,4 @@ spec:
|
|||||||
destination:
|
destination:
|
||||||
server: 'https://kubernetes.default.svc'
|
server: 'https://kubernetes.default.svc'
|
||||||
namespace: rosdump
|
namespace: rosdump
|
||||||
syncPolicy:
|
syncPolicy: {}
|
||||||
syncOptions:
|
|
||||||
- CreateNamespace=true
|
|
16
argocd/applications/traefik.yaml
Normal file
16
argocd/applications/traefik.yaml
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
---
|
||||||
|
apiVersion: argoproj.io/v1alpha1
|
||||||
|
kind: Application
|
||||||
|
metadata:
|
||||||
|
name: traefik
|
||||||
|
namespace: argocd
|
||||||
|
spec:
|
||||||
|
project: k-space.ee
|
||||||
|
source:
|
||||||
|
repoURL: 'git@git.k-space.ee:k-space/kube.git'
|
||||||
|
path: traefik
|
||||||
|
targetRevision: HEAD
|
||||||
|
destination:
|
||||||
|
server: 'https://kubernetes.default.svc'
|
||||||
|
namespace: traefik
|
||||||
|
syncPolicy: {}
|
16
argocd/applications/wiki.yaml
Normal file
16
argocd/applications/wiki.yaml
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
---
|
||||||
|
apiVersion: argoproj.io/v1alpha1
|
||||||
|
kind: Application
|
||||||
|
metadata:
|
||||||
|
name: wiki
|
||||||
|
namespace: argocd
|
||||||
|
spec:
|
||||||
|
project: k-space.ee
|
||||||
|
source:
|
||||||
|
repoURL: 'git@git.k-space.ee:k-space/kube.git'
|
||||||
|
path: wiki
|
||||||
|
targetRevision: HEAD
|
||||||
|
destination:
|
||||||
|
server: 'https://kubernetes.default.svc'
|
||||||
|
namespace: wiki
|
||||||
|
syncPolicy: {}
|
@ -1,10 +1,11 @@
|
|||||||
|
---
|
||||||
apiVersion: argoproj.io/v1alpha1
|
apiVersion: argoproj.io/v1alpha1
|
||||||
kind: Application
|
kind: Application
|
||||||
metadata:
|
metadata:
|
||||||
name: wildduck
|
name: wildduck
|
||||||
namespace: argocd
|
namespace: argocd
|
||||||
spec:
|
spec:
|
||||||
project: default
|
project: k-space.ee
|
||||||
source:
|
source:
|
||||||
repoURL: 'git@git.k-space.ee:k-space/kube.git'
|
repoURL: 'git@git.k-space.ee:k-space/kube.git'
|
||||||
path: wildduck
|
path: wildduck
|
||||||
@ -12,6 +13,4 @@ spec:
|
|||||||
destination:
|
destination:
|
||||||
server: 'https://kubernetes.default.svc'
|
server: 'https://kubernetes.default.svc'
|
||||||
namespace: wildduck
|
namespace: wildduck
|
||||||
syncPolicy:
|
syncPolicy: {}
|
||||||
syncOptions:
|
|
||||||
- CreateNamespace=true
|
|
16
argocd/applications/woodpecker.yaml
Normal file
16
argocd/applications/woodpecker.yaml
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
---
|
||||||
|
apiVersion: argoproj.io/v1alpha1
|
||||||
|
kind: Application
|
||||||
|
metadata:
|
||||||
|
name: woodpecker
|
||||||
|
namespace: argocd
|
||||||
|
spec:
|
||||||
|
project: k-space.ee
|
||||||
|
source:
|
||||||
|
repoURL: 'git@git.k-space.ee:k-space/kube.git'
|
||||||
|
path: woodpecker
|
||||||
|
targetRevision: HEAD
|
||||||
|
destination:
|
||||||
|
server: 'https://kubernetes.default.svc'
|
||||||
|
namespace: woodpecker
|
||||||
|
syncPolicy: {}
|
11
asterisk/README.md
Normal file
11
asterisk/README.md
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
# Asterisk
|
||||||
|
|
||||||
|
Asterisk is used as
|
||||||
|
|
||||||
|
This application is managed by [ArgoCD](https://argocd.k-space.ee/applications/argocd/asterisk)
|
||||||
|
|
||||||
|
Should ArgoCD be down manifests here can be applied with:
|
||||||
|
|
||||||
|
```
|
||||||
|
kubectl apply -n asterisk -f application.yaml
|
||||||
|
```
|
@ -9,9 +9,9 @@ spec:
|
|||||||
type: LoadBalancer
|
type: LoadBalancer
|
||||||
externalTrafficPolicy: Local
|
externalTrafficPolicy: Local
|
||||||
selector:
|
selector:
|
||||||
app: asterisk
|
app: sip
|
||||||
ports:
|
ports:
|
||||||
- name: sip
|
- name: asterisk
|
||||||
protocol: UDP
|
protocol: UDP
|
||||||
port: 5060
|
port: 5060
|
||||||
---
|
---
|
||||||
|
@ -1,9 +1,10 @@
|
|||||||
# Bind setup
|
# Bind setup
|
||||||
|
|
||||||
The Bind primary resides outside Kubernetes at `193.40.103.2` and
|
The Bind primary resides outside Kubernetes at `193.40.103.2` and
|
||||||
it's internally reachable via `172.20.0.2`
|
it's internally reachable via `172.20.0.2`.
|
||||||
|
|
||||||
Bind secondaries are hosted inside Kubernetes and load balanced behind `62.65.250.2`
|
Bind secondaries are hosted inside Kubernetes, load balanced behind `62.65.250.2` and
|
||||||
|
under normal circumstances managed by [ArgoCD](https://argocd.k-space.ee/applications/argocd/bind).
|
||||||
|
|
||||||
Ingresses and DNSEndpoints referring to `k-space.ee`, `kspace.ee`, `k6.ee`
|
Ingresses and DNSEndpoints referring to `k-space.ee`, `kspace.ee`, `k6.ee`
|
||||||
are picked up automatically by `external-dns` and updated on primary.
|
are picked up automatically by `external-dns` and updated on primary.
|
||||||
|
9
freescout/README.md
Normal file
9
freescout/README.md
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
# Freescout
|
||||||
|
|
||||||
|
This application is managed by [ArgoCD](https://argocd.k-space.ee/applications/argocd/freescout)
|
||||||
|
|
||||||
|
Should ArgoCD be down manifests here can be applied with:
|
||||||
|
|
||||||
|
```
|
||||||
|
kubectl apply -n freescout -f application.yaml
|
||||||
|
```
|
@ -1,5 +1,9 @@
|
|||||||
# Gitea
|
# Gitea
|
||||||
|
|
||||||
|
This application is managed by [ArgoCD](https://argocd.k-space.ee/applications/argocd/gitea)
|
||||||
|
|
||||||
|
Should ArgoCD be down manifests here can be applied with:
|
||||||
|
|
||||||
```
|
```
|
||||||
kubectl apply -n gitea -f application.yaml
|
kubectl apply -n gitea -f application.yaml
|
||||||
```
|
```
|
||||||
|
@ -61,6 +61,7 @@ metadata:
|
|||||||
labels:
|
labels:
|
||||||
app.kubernetes.io/name: gitea
|
app.kubernetes.io/name: gitea
|
||||||
spec:
|
spec:
|
||||||
|
revisionHistoryLimit: 0
|
||||||
serviceName: gitea
|
serviceName: gitea
|
||||||
replicas: 1
|
replicas: 1
|
||||||
selector:
|
selector:
|
||||||
|
@ -1,5 +1,9 @@
|
|||||||
# Grafana
|
# Grafana
|
||||||
|
|
||||||
|
This application is managed by [ArgoCD](https://argocd.k-space.ee/applications/argocd/grafana)
|
||||||
|
|
||||||
|
Should ArgoCD be down manifests here can be applied with:
|
||||||
|
|
||||||
```
|
```
|
||||||
kubectl create namespace grafana
|
kubectl create namespace grafana
|
||||||
kubectl apply -n grafana -f application.yml
|
kubectl apply -n grafana -f application.yml
|
||||||
@ -8,8 +12,4 @@ kubectl apply -n grafana -f application.yml
|
|||||||
## Grafana post deployment steps
|
## Grafana post deployment steps
|
||||||
|
|
||||||
* Configure Prometheus datasource with URL set to
|
* Configure Prometheus datasource with URL set to
|
||||||
`http://prometheus-operated.prometheus-operator.svc.cluster.local:9090`
|
`http://prometheus-operated.monitoring.svc.cluster.local:9090`
|
||||||
* Configure Elasticsearch datasource with URL set to
|
|
||||||
`http://elasticsearch.elastic-system.svc.cluster.local`,
|
|
||||||
Time field name set to `timestamp` and
|
|
||||||
ElasticSearch version set to `7.10+`
|
|
||||||
|
@ -185,3 +185,11 @@ spec:
|
|||||||
tls:
|
tls:
|
||||||
- hosts:
|
- hosts:
|
||||||
- "*.k-space.ee"
|
- "*.k-space.ee"
|
||||||
|
---
|
||||||
|
apiVersion: codemowers.cloud/v1beta1
|
||||||
|
kind: MysqlDatabaseClaim
|
||||||
|
metadata:
|
||||||
|
name: grafana
|
||||||
|
spec:
|
||||||
|
capacity: 1Gi
|
||||||
|
class: shared
|
||||||
|
@ -1,21 +0,0 @@
|
|||||||
|
|
||||||
To deploy components:
|
|
||||||
|
|
||||||
```
|
|
||||||
kubectl create namespace members-site
|
|
||||||
kubectl apply -n members-site -f doorboy.yml
|
|
||||||
```
|
|
||||||
|
|
||||||
|
|
||||||
# Doorboy
|
|
||||||
|
|
||||||
Set up Doorboy UID hashing salt:
|
|
||||||
|
|
||||||
```
|
|
||||||
kubectl create secret generic -n members-site doorboy-api \
|
|
||||||
--from-literal=DOORBOY_SECRET=hg2NmVlf6JcS3w237ZXn
|
|
||||||
kubectl create secret generic -n members-site doorboy-uid-hash-salt \
|
|
||||||
--from-literal=KDOORPI_UID_SALT=hkRXwLlQKmCJoy5qaahp
|
|
||||||
kubectl create secret generic -n members-site mongo-application-readwrite \
|
|
||||||
--from-literal=connectionString.standard=mongodb://kspace_accounting:dBDCS21pHlZAd5isyfBI@mongodb.infra.k-space.ee:27017/kspace_accounting?replicaSet=kspace-mongo-set
|
|
||||||
```
|
|
@ -1,5 +1,7 @@
|
|||||||
# Logging infrastructure
|
# Logging infrastructure
|
||||||
|
|
||||||
|
Note: This is deprecated since we moved to [Logmower stack](https://github.com/logmower)
|
||||||
|
|
||||||
## Background
|
## Background
|
||||||
|
|
||||||
Fluent Bit picks up the logs from Kubernetes workers and sends them to Graylog
|
Fluent Bit picks up the logs from Kubernetes workers and sends them to Graylog
|
||||||
|
@ -1,4 +1,9 @@
|
|||||||
Traefik Ingress Controller:
|
# Traefik Ingress Controller
|
||||||
|
|
||||||
|
This application is managed by
|
||||||
|
[ArgoCD](https://argocd.k-space.ee/applications/argocd/traefik)
|
||||||
|
|
||||||
|
Should ArgoCD be down manifests here can be applied with:
|
||||||
|
|
||||||
```
|
```
|
||||||
kubectl create namespace traefik
|
kubectl create namespace traefik
|
||||||
|
Loading…
Reference in New Issue
Block a user