kubernetes
/
gitops
1
0
Fork 0
Code Issues Pull Requests Actions 29 Packages Projects Releases Wiki Activity
gitops/README.md

173 lines
5.0 KiB
Markdown
Raw Permalink Blame History

# Cluster Configs for Midnightthoughts and Nordgedanken
These are the current running setups at Midnightthoughts and Nordegedanken.
This is based on <https://github.com/fluxcd/flux2-kustomize-helm-example/tree/d54e250182ead1f4a00e9fd78b05dc9e0186246d>
## Prerequisites
You will need a Kubernetes cluster version 1.21 or newer.
For a quick local test, you can use [Kubernetes kind](https://kind.sigs.k8s.io/docs/user/quick-start/).
Any other Kubernetes setup will work as well though.
Install the Flux CLI on MacOS or Linux using Homebrew:
```sh
brew install fluxcd/tap/flux
```
Or install the CLI by downloading precompiled binaries using a Bash script:
```sh
curl -s https://fluxcd.io/install.sh | sudo bash
```
## Repository structure
The Git repository contains the following top directories:
- **apps** dir contains Helm releases with a custom configuration per cluster
- **infrastructure** dir contains common infra tools such as ingress-nginx and cert-manager
- **clusters** dir contains the Flux configuration per cluster (Note that staging isn't deployed anywhere at this time)
```
├── apps
│ ├── base
│ ├── production
│ └── staging
├── infrastructure
│ ├── configs
│ └── controllers
└── clusters
├── production
└── staging
```
### Applications
The apps configuration is structured into:
- **apps/base/** dir contains namespaces and Helm release definitions
- **apps/production/** dir contains the production Helm release values
- **apps/staging/** dir contains the staging values
```
./apps/
├── base
│ └── podinfo
│ ├── kustomization.yaml
│ ├── namespace.yaml
│ ├── release.yaml
│ └── repository.yaml
├── production
│ ├── kustomization.yaml
│ └── podinfo-patch.yaml
└── staging
├── kustomization.yaml
└── podinfo-patch.yaml
```
### Infrastructure
The infrastructure is structured into:
- **infrastructure/controllers/** dir contains namespaces and Helm release definitions for Kubernetes controllers
- **infrastructure/configs/** dir contains Kubernetes custom resources such as cert issuers and networks policies
```
./infrastructure/
├── configs
│ ├── cluster-issuers.yaml
│ ├── network-policies.yaml
│ └── kustomization.yaml
└── controllers
├── cert-manager.yaml
├── ingress-nginx.yaml
├── weave-gitops.yaml
└── kustomization.yaml
```
In **clusters/production/infrastructure.yaml** we replace the Let's Encrypt server value to point to the production API:
```yaml
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
name: infra-configs
namespace: flux-system
spec:
# ...omitted for brevity
dependsOn:
- name: infra-controllers
patches:
- patch: |
- op: replace
path: /spec/acme/server
value: https://acme-v02.api.letsencrypt.org/directory
target:
kind: ClusterIssuer
name: letsencrypt
```
Note that with `dependsOn` we tell Flux to first install or upgrade the controllers and only then the configs.
This ensures that the Kubernetes CRDs are registered on the cluster, before Flux applies any custom resources.
<!-- TODO setup bootstrap docs -->
## Useful things
Watch for the Helm releases being installed:
```console
$ watch flux get helmreleases --all-namespaces
NAMESPACE NAME REVISION SUSPENDED READY MESSAGE
flux-system weave-gitops 4.0.12 False True Release reconciliation succeeded
```
Watch kustomizations getting deployed:
```console
$ flux get kustomizations -w
NAME REVISION SUSPENDED READY MESSAGE
flux-system main@sha1:21ebd912 False True Applied revision: main@sha1:21ebd912
infra-controllers main@sha1:21ebd912 False True Applied revision: main@sha1:21ebd912
```
## TODOs
- [ ] Migrate old deployments here
- [ ] ~~Gitea~~
- [x] Woodpecker
- [ ] ~~Docker repo~~ (Part of gitea now)
- [ ] Traefik
- [x] Certmanager
- [ ] External DNS
- [ ] Matrix
- [x] Media Repo
- [x] Move DB to DB Cluster
- [x] Synapse
- [x] Prepare DB in DB Cluster
- [x] Move DB to DB Cluster
- [x] Sliding Proxy
- [x] Prepare DB in DB Cluster
- [x] Move DB to DB Cluster
- [x] Mjolnir (important ones)
- [ ] ~~Bridges~~
- [x] ~~Prepare DBs in DB Cluster~~
- [ ] ~~Move DBs to DB Cluster~~
- [ ] Keycloak
- [x] Prometheus/grafana
- [x] Cosign
- [ ] Mailu (<https://just-4.fun/blog/howto/oc-k8s-mailu/> with <https://github.com/fastlorenzo/helm-charts-1/tree/master/mailu>)
- [ ] Imapsync from old server to new server
- [ ] ...
- [ ] Port validate script
- [x] ~~Setup CI for github and woodpecker~~ (Fluxcd can pull it)
- [x] Verify sops is working as expected and then publish repo
## Kubeaudit
`find ./ | grep .yaml | xargs -I{} -d'\n' kubeaudit all -k ./kubeaudit-config.yml -f {} > audit.txt`
Reference in New Issue View Git Blame Copy Permalink