SeanOMik
/
k3s-cluster
1
0
Fork 0
Code Issues 2 Pull Requests 3 Packages Projects Releases Wiki Activity

feat: move metallb to common, install it in thin cluster

This commit is contained in:
SeanOMik 2024-09-07 14:39:48 -04:00
parent 3a8639f80d
commit 63ad2c9c31
32 changed files with 339 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
kubernetes/common/apps/cert-manager/app/files/helm-release.yaml
View File

@ -14,7 +14,7 @@ spec:
name: jetstack-charts
namespace: flux-system
values:
installCRDs: false
installCRDs: true
webhook:
enabled: true
extraArgs:
@ -26,8 +26,8 @@ spec:
nameservers:
- "1.1.1.1"
- "9.9.9.9"
prometheus:
servicemonitor:
enabled: true
labels:
release: kube-prometheus-stack
# prometheus:
# servicemonitor:
# enabled: false
# labels:
# release: kube-prometheus-stack

0
kubernetes/common/apps/metallb/helm-release.yaml → kubernetes/common/apps/metallb/app/files/helm-release.yaml
View File

4
kubernetes/common/apps/metallb/app/files/kustomization.yaml Normal file
View File

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./helm-release.yaml

25
kubernetes/common/apps/metallb/app/ks.yaml Normal file
View File

@ -0,0 +1,25 @@
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: metallb
namespace: flux-system
spec:
timeout: 5m
interval: 10m
path: ./kubernetes/common/apps/metallb/app/files
prune: true
sourceRef:
kind: GitRepository
name: home-cluster
decryption:
provider: sops
secretRef:
name: sops-gpg
postBuild:
substitute: {}
substituteFrom:
- kind: ConfigMap
name: cluster-settings
- kind: Secret
name: cluster-secrets

4
kubernetes/common/apps/metallb/kustomization.yaml
View File

@ -2,5 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./namespace.yaml
- ./helm-release.yaml
- ./metallb-static-ips.yaml
- ./app/ks.yaml
- ./pool/ks.yaml

4
kubernetes/common/apps/metallb/pool/files/kustomization.yaml Normal file
View File

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./metallb-static-ip

0
kubernetes/common/apps/metallb/metallb-static-ips.yaml → kubernetes/common/apps/metallb/pool/files/metallb-static-ips.yaml
View File

28
kubernetes/common/apps/metallb/pool/ks.yaml Normal file
View File

@ -0,0 +1,28 @@
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: metallb-pool
namespace: flux-system
spec:
timeout: 5m
interval: 10m
path: ./kubernetes/common/apps/metallb/pool/files
prune: true
sourceRef:
kind: GitRepository
name: home-cluster
decryption:
provider: sops
secretRef:
name: sops-gpg
dependsOn:
- name: metallb
namespace: flux-system
postBuild:
substitute: {}
substituteFrom:
- kind: ConfigMap
name: cluster-settings
- kind: Secret
name: cluster-secrets

0
kubernetes/common/apps/traefik/app/dashboard-ingress.yaml → kubernetes/common/apps/traefik/app/files/dashboard-ingress.yaml
View File

0
kubernetes/common/apps/traefik/app/helm-release.yaml → kubernetes/common/apps/traefik/app/files/helm-release.yaml
View File

0
kubernetes/common/apps/traefik/app/helm-repository.yaml → kubernetes/common/apps/traefik/app/files/helm-repository.yaml
View File

0
kubernetes/common/apps/traefik/app/kustomization.yaml → kubernetes/common/apps/traefik/app/files/kustomization.yaml
View File

0
kubernetes/common/apps/traefik/app/namespace.yaml → kubernetes/common/apps/traefik/app/files/namespace.yaml
View File

25
kubernetes/common/apps/traefik/app/ks.yaml Normal file
View File

@ -0,0 +1,25 @@
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: traefik
namespace: flux-system
spec:
timeout: 5m
interval: 10m
path: ./kubernetes/common/apps/traefik/app/files
prune: true
sourceRef:
kind: GitRepository
name: home-cluster
decryption:
provider: sops
secretRef:
name: sops-gpg
postBuild:
substitute: {}
substituteFrom:
- kind: ConfigMap
name: cluster-settings
- kind: Secret
name: cluster-secrets

0
kubernetes/common/apps/traefik/extra/default-tls-store.yaml → kubernetes/common/apps/traefik/extra/files/default-tls-store.yaml
View File

0
kubernetes/common/apps/traefik/extra/kustomization.yaml → kubernetes/common/apps/traefik/extra/files/kustomization.yaml
View File

30
kubernetes/common/apps/traefik/extra/ks.yaml Normal file
View File

@ -0,0 +1,30 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: traefik-default-tls
namespace: flux-system
spec:
timeout: 5m
interval: 10m
path: ./kubernetes/common/apps/traefik/extra/files
prune: true
sourceRef:
kind: GitRepository
name: home-cluster
decryption:
provider: sops
secretRef:
name: sops-gpg
dependsOn:
- name: traefik
namespace: flux-system
postBuild:
substitute: {}
substituteFrom:
- kind: ConfigMap
name: cluster-settings
- kind: Secret
name: cluster-secrets

54
kubernetes/common/apps/traefik/ks.yaml
View File

@ -1,54 +0,0 @@
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: traefik
namespace: flux-system
spec:
timeout: 5m
interval: 10m
path: ./kubernetes/common/apps/traefik/app
prune: true
sourceRef:
kind: GitRepository
name: home-cluster
decryption:
provider: sops
secretRef:
name: sops-gpg
postBuild:
substitute: {}
substituteFrom:
- kind: ConfigMap
name: cluster-settings
- kind: Secret
name: cluster-secrets
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: traefik-default-tls
namespace: flux-system
spec:
timeout: 5m
interval: 10m
path: ./kubernetes/common/apps/traefik/extra
prune: true
sourceRef:
kind: GitRepository
name: home-cluster
decryption:
provider: sops
secretRef:
name: sops-gpg
dependsOn:
- name: traefik
namespace: flux-system
postBuild:
substitute: {}
substituteFrom:
- kind: ConfigMap
name: cluster-settings
- kind: Secret
name: cluster-secrets

5
kubernetes/common/apps/traefik/kustomization.yaml Normal file
View File

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./app/ks.yaml
- ./extra/ks.yaml

2
kubernetes/main/core/kustomization.yaml
View File

@ -5,7 +5,7 @@ resources:
- ./helm-repositories.yaml
- ../../common/apps/cert-manager
- ../../common/apps/metallb
- ../../common/apps/traefik/ks.yaml
- ../../common/apps/traefik
# storage
- ./longhorn
- ./openebs

5
kubernetes/thin/apps/kustomization.yaml
View File

@ -2,9 +2,10 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./helm-repositories.yaml
- ./main-ip-pool.yaml
#- ./main-ip-pool.yaml
- ../../common/apps/cert-manager
- ../../common/apps/traefik/ks.yaml
- ../../common/apps/metallb
- ../../common/apps/traefik
# storage
#- ../../common/apps/openebs

2
kubernetes/thin/apps/main-ip-pool.yaml
View File

@ -5,4 +5,4 @@ metadata:
spec:
blocks:
- start: "192.168.1.50"
stop: "192.168.1.60"
stop: "192.168.1.59"

24
kubernetes/thin/apps/traefik/app/files/dashboard-ingress.yaml Normal file
View File

@ -0,0 +1,24 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: traefik-dash-ingress
namespace: traefik
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
spec:
rules:
- host: "traefik.${SECRET_DOMAIN}"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: traefik
port:
number: 9000
tls:
- hosts:
- "${SECRET_DOMAIN}"
- "traefik.${SECRET_DOMAIN}"

87
kubernetes/thin/apps/traefik/app/files/helm-release.yaml Normal file
View File

@ -0,0 +1,87 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: traefik
namespace: traefik
spec:
interval: 5m
chart:
spec:
chart: traefik
version: '30.1.0'
sourceRef:
kind: HelmRepository
name: traefik-charts
namespace: flux-system
interval: 1m
values:
additionalArguments:
- --api.insecure
logs:
general:
level: DEBUG
providers:
kubernetesCRD:
enabled: true
allowCrossNamespace: false
allowExternalNameServices: false
allowEmptyServices: false
namespaces: []
kubernetesIngress:
enabled: true
allowExternalNameServices: false
allowEmptyServices: false
namespaces: []
publishedService:
enabled: false
ports:
traefik:
port: 9000
expose:
default: false
exposedPort: 9000
protocol: TCP
web:
port: 8000
#nodePort: 30080
expose:
default: true
redirectTo:
port: websecure
protocol: TCP
websecure:
port: 8443
#nodePort: 30443
expose:
default: true
protocol: TCP
tls:
enabled: true
metrics:
port: 9100
expose:
default: false
protocol: TCP
# Disable Dashboard
ingressRoute:
dashboard:
enabled: false
# Set Traefik as your default Ingress Controller, according to Kubernetes 1.19+ changes.
ingressClass:
enabled: true
isDefaultClass: true
metrics:
prometheus:
entryPoint: metrics
namespaceOverride: traefik

8
kubernetes/thin/apps/traefik/app/files/helm-repository.yaml Normal file
View File

@ -0,0 +1,8 @@
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: traefik-charts
namespace: flux-system
spec:
interval: 1m
url: https://traefik.github.io/charts

7
kubernetes/thin/apps/traefik/app/files/kustomization.yaml Normal file
View File

@ -0,0 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./namespace.yaml
- ./helm-repository.yaml
- ./helm-release.yaml
- ./dashboard-ingress.yaml

6
kubernetes/thin/apps/traefik/app/files/namespace.yaml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: traefik
labels:
name: traefik

25
kubernetes/thin/apps/traefik/app/ks.yaml Normal file
View File

@ -0,0 +1,25 @@
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: traefik
namespace: flux-system
spec:
timeout: 5m
interval: 10m
path: ./kubernetes/common/apps/traefik/app/files
prune: true
sourceRef:
kind: GitRepository
name: home-cluster
decryption:
provider: sops
secretRef:
name: sops-gpg
postBuild:
substitute: {}
substituteFrom:
- kind: ConfigMap
name: cluster-settings
- kind: Secret
name: cluster-secrets

9
kubernetes/thin/apps/traefik/extra/files/default-tls-store.yaml Normal file
View File

@ -0,0 +1,9 @@
apiVersion: traefik.io/v1alpha1
kind: TLSStore
metadata:
name: default
namespace: traefik
spec:
defaultCertificate:
secretName: wildcard-main-tls

4
kubernetes/thin/apps/traefik/extra/files/kustomization.yaml Normal file
View File

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./default-tls-store.yaml

30
kubernetes/thin/apps/traefik/extra/ks.yaml Normal file
View File

@ -0,0 +1,30 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: traefik-default-tls
namespace: flux-system
spec:
timeout: 5m
interval: 10m
path: ./kubernetes/common/apps/traefik/extra/files
prune: true
sourceRef:
kind: GitRepository
name: home-cluster
decryption:
provider: sops
secretRef:
name: sops-gpg
dependsOn:
- name: traefik
namespace: flux-system
postBuild:
substitute: {}
substituteFrom:
- kind: ConfigMap
name: cluster-settings
- kind: Secret
name: cluster-secrets

5
kubernetes/thin/apps/traefik/kustomization.yaml Normal file
View File

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./app/ks.yaml
- ./extra/ks.yaml