diff --git a/kubernetes/common/apps/cert-manager/app/files/helm-release.yaml b/kubernetes/common/apps/cert-manager/app/files/helm-release.yaml index c31b577..6712652 100644 --- a/kubernetes/common/apps/cert-manager/app/files/helm-release.yaml +++ b/kubernetes/common/apps/cert-manager/app/files/helm-release.yaml @@ -14,7 +14,7 @@ spec: name: jetstack-charts namespace: flux-system values: - installCRDs: false + installCRDs: true webhook: enabled: true extraArgs: @@ -26,8 +26,8 @@ spec: nameservers: - "1.1.1.1" - "9.9.9.9" - prometheus: - servicemonitor: - enabled: true - labels: - release: kube-prometheus-stack \ No newline at end of file +# prometheus: +# servicemonitor: +# enabled: false +# labels: +# release: kube-prometheus-stack \ No newline at end of file diff --git a/kubernetes/common/apps/metallb/helm-release.yaml b/kubernetes/common/apps/metallb/app/files/helm-release.yaml similarity index 100% rename from kubernetes/common/apps/metallb/helm-release.yaml rename to kubernetes/common/apps/metallb/app/files/helm-release.yaml diff --git a/kubernetes/common/apps/metallb/app/files/kustomization.yaml b/kubernetes/common/apps/metallb/app/files/kustomization.yaml new file mode 100644 index 0000000..ea3145d --- /dev/null +++ b/kubernetes/common/apps/metallb/app/files/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ./helm-release.yaml \ No newline at end of file diff --git a/kubernetes/common/apps/metallb/app/ks.yaml b/kubernetes/common/apps/metallb/app/ks.yaml new file mode 100644 index 0000000..cd1c37f --- /dev/null +++ b/kubernetes/common/apps/metallb/app/ks.yaml @@ -0,0 +1,25 @@ +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: metallb + namespace: flux-system +spec: + timeout: 5m + interval: 10m + path: ./kubernetes/common/apps/metallb/app/files + prune: true + sourceRef: + kind: GitRepository + name: home-cluster + decryption: + provider: sops + secretRef: + name: sops-gpg + postBuild: + substitute: {} + substituteFrom: + - kind: ConfigMap + name: cluster-settings + - kind: Secret + name: cluster-secrets \ No newline at end of file diff --git a/kubernetes/common/apps/metallb/kustomization.yaml b/kubernetes/common/apps/metallb/kustomization.yaml index 046bf58..965ecd3 100644 --- a/kubernetes/common/apps/metallb/kustomization.yaml +++ b/kubernetes/common/apps/metallb/kustomization.yaml @@ -2,5 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ./namespace.yaml -- ./helm-release.yaml -- ./metallb-static-ips.yaml \ No newline at end of file +- ./app/ks.yaml +- ./pool/ks.yaml \ No newline at end of file diff --git a/kubernetes/common/apps/metallb/pool/files/kustomization.yaml b/kubernetes/common/apps/metallb/pool/files/kustomization.yaml new file mode 100644 index 0000000..71361b8 --- /dev/null +++ b/kubernetes/common/apps/metallb/pool/files/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ./metallb-static-ip \ No newline at end of file diff --git a/kubernetes/common/apps/metallb/metallb-static-ips.yaml b/kubernetes/common/apps/metallb/pool/files/metallb-static-ips.yaml similarity index 100% rename from kubernetes/common/apps/metallb/metallb-static-ips.yaml rename to kubernetes/common/apps/metallb/pool/files/metallb-static-ips.yaml diff --git a/kubernetes/common/apps/metallb/pool/ks.yaml b/kubernetes/common/apps/metallb/pool/ks.yaml new file mode 100644 index 0000000..d224748 --- /dev/null +++ b/kubernetes/common/apps/metallb/pool/ks.yaml @@ -0,0 +1,28 @@ +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: metallb-pool + namespace: flux-system +spec: + timeout: 5m + interval: 10m + path: ./kubernetes/common/apps/metallb/pool/files + prune: true + sourceRef: + kind: GitRepository + name: home-cluster + decryption: + provider: sops + secretRef: + name: sops-gpg + dependsOn: + - name: metallb + namespace: flux-system + postBuild: + substitute: {} + substituteFrom: + - kind: ConfigMap + name: cluster-settings + - kind: Secret + name: cluster-secrets \ No newline at end of file diff --git a/kubernetes/common/apps/traefik/app/dashboard-ingress.yaml b/kubernetes/common/apps/traefik/app/files/dashboard-ingress.yaml similarity index 100% rename from kubernetes/common/apps/traefik/app/dashboard-ingress.yaml rename to kubernetes/common/apps/traefik/app/files/dashboard-ingress.yaml diff --git a/kubernetes/common/apps/traefik/app/helm-release.yaml b/kubernetes/common/apps/traefik/app/files/helm-release.yaml similarity index 100% rename from kubernetes/common/apps/traefik/app/helm-release.yaml rename to kubernetes/common/apps/traefik/app/files/helm-release.yaml diff --git a/kubernetes/common/apps/traefik/app/helm-repository.yaml b/kubernetes/common/apps/traefik/app/files/helm-repository.yaml similarity index 100% rename from kubernetes/common/apps/traefik/app/helm-repository.yaml rename to kubernetes/common/apps/traefik/app/files/helm-repository.yaml diff --git a/kubernetes/common/apps/traefik/app/kustomization.yaml b/kubernetes/common/apps/traefik/app/files/kustomization.yaml similarity index 100% rename from kubernetes/common/apps/traefik/app/kustomization.yaml rename to kubernetes/common/apps/traefik/app/files/kustomization.yaml diff --git a/kubernetes/common/apps/traefik/app/namespace.yaml b/kubernetes/common/apps/traefik/app/files/namespace.yaml similarity index 100% rename from kubernetes/common/apps/traefik/app/namespace.yaml rename to kubernetes/common/apps/traefik/app/files/namespace.yaml diff --git a/kubernetes/common/apps/traefik/app/ks.yaml b/kubernetes/common/apps/traefik/app/ks.yaml new file mode 100644 index 0000000..d514965 --- /dev/null +++ b/kubernetes/common/apps/traefik/app/ks.yaml @@ -0,0 +1,25 @@ +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: traefik + namespace: flux-system +spec: + timeout: 5m + interval: 10m + path: ./kubernetes/common/apps/traefik/app/files + prune: true + sourceRef: + kind: GitRepository + name: home-cluster + decryption: + provider: sops + secretRef: + name: sops-gpg + postBuild: + substitute: {} + substituteFrom: + - kind: ConfigMap + name: cluster-settings + - kind: Secret + name: cluster-secrets \ No newline at end of file diff --git a/kubernetes/common/apps/traefik/extra/default-tls-store.yaml b/kubernetes/common/apps/traefik/extra/files/default-tls-store.yaml similarity index 100% rename from kubernetes/common/apps/traefik/extra/default-tls-store.yaml rename to kubernetes/common/apps/traefik/extra/files/default-tls-store.yaml diff --git a/kubernetes/common/apps/traefik/extra/kustomization.yaml b/kubernetes/common/apps/traefik/extra/files/kustomization.yaml similarity index 100% rename from kubernetes/common/apps/traefik/extra/kustomization.yaml rename to kubernetes/common/apps/traefik/extra/files/kustomization.yaml diff --git a/kubernetes/common/apps/traefik/extra/ks.yaml b/kubernetes/common/apps/traefik/extra/ks.yaml new file mode 100644 index 0000000..53e157d --- /dev/null +++ b/kubernetes/common/apps/traefik/extra/ks.yaml @@ -0,0 +1,30 @@ + +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: traefik-default-tls + namespace: flux-system +spec: + timeout: 5m + interval: 10m + path: ./kubernetes/common/apps/traefik/extra/files + prune: true + sourceRef: + kind: GitRepository + name: home-cluster + decryption: + provider: sops + secretRef: + name: sops-gpg + dependsOn: + - name: traefik + namespace: flux-system + postBuild: + substitute: {} + substituteFrom: + - kind: ConfigMap + name: cluster-settings + - kind: Secret + name: cluster-secrets \ No newline at end of file diff --git a/kubernetes/common/apps/traefik/ks.yaml b/kubernetes/common/apps/traefik/ks.yaml deleted file mode 100644 index ce392ff..0000000 --- a/kubernetes/common/apps/traefik/ks.yaml +++ /dev/null @@ -1,54 +0,0 @@ -# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: traefik - namespace: flux-system -spec: - timeout: 5m - interval: 10m - path: ./kubernetes/common/apps/traefik/app - prune: true - sourceRef: - kind: GitRepository - name: home-cluster - decryption: - provider: sops - secretRef: - name: sops-gpg - postBuild: - substitute: {} - substituteFrom: - - kind: ConfigMap - name: cluster-settings - - kind: Secret - name: cluster-secrets ---- -# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: traefik-default-tls - namespace: flux-system -spec: - timeout: 5m - interval: 10m - path: ./kubernetes/common/apps/traefik/extra - prune: true - sourceRef: - kind: GitRepository - name: home-cluster - decryption: - provider: sops - secretRef: - name: sops-gpg - dependsOn: - - name: traefik - namespace: flux-system - postBuild: - substitute: {} - substituteFrom: - - kind: ConfigMap - name: cluster-settings - - kind: Secret - name: cluster-secrets \ No newline at end of file diff --git a/kubernetes/common/apps/traefik/kustomization.yaml b/kubernetes/common/apps/traefik/kustomization.yaml new file mode 100644 index 0000000..c2d4a00 --- /dev/null +++ b/kubernetes/common/apps/traefik/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ./app/ks.yaml +- ./extra/ks.yaml \ No newline at end of file diff --git a/kubernetes/main/core/kustomization.yaml b/kubernetes/main/core/kustomization.yaml index f5e016b..d929528 100644 --- a/kubernetes/main/core/kustomization.yaml +++ b/kubernetes/main/core/kustomization.yaml @@ -5,7 +5,7 @@ resources: - ./helm-repositories.yaml - ../../common/apps/cert-manager - ../../common/apps/metallb -- ../../common/apps/traefik/ks.yaml +- ../../common/apps/traefik # storage - ./longhorn - ./openebs diff --git a/kubernetes/thin/apps/kustomization.yaml b/kubernetes/thin/apps/kustomization.yaml index 2df0834..89920c5 100644 --- a/kubernetes/thin/apps/kustomization.yaml +++ b/kubernetes/thin/apps/kustomization.yaml @@ -2,9 +2,10 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ./helm-repositories.yaml -- ./main-ip-pool.yaml +#- ./main-ip-pool.yaml - ../../common/apps/cert-manager -- ../../common/apps/traefik/ks.yaml +- ../../common/apps/metallb +- ../../common/apps/traefik # storage #- ../../common/apps/openebs diff --git a/kubernetes/thin/apps/main-ip-pool.yaml b/kubernetes/thin/apps/main-ip-pool.yaml index 1dec48d..bccf201 100644 --- a/kubernetes/thin/apps/main-ip-pool.yaml +++ b/kubernetes/thin/apps/main-ip-pool.yaml @@ -5,4 +5,4 @@ metadata: spec: blocks: - start: "192.168.1.50" - stop: "192.168.1.60" \ No newline at end of file + stop: "192.168.1.59" \ No newline at end of file diff --git a/kubernetes/thin/apps/traefik/app/files/dashboard-ingress.yaml b/kubernetes/thin/apps/traefik/app/files/dashboard-ingress.yaml new file mode 100644 index 0000000..965ae98 --- /dev/null +++ b/kubernetes/thin/apps/traefik/app/files/dashboard-ingress.yaml @@ -0,0 +1,24 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: traefik-dash-ingress + namespace: traefik + annotations: + traefik.ingress.kubernetes.io/router.entrypoints: websecure + traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd +spec: + rules: + - host: "traefik.${SECRET_DOMAIN}" + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: traefik + port: + number: 9000 + tls: + - hosts: + - "${SECRET_DOMAIN}" + - "traefik.${SECRET_DOMAIN}" \ No newline at end of file diff --git a/kubernetes/thin/apps/traefik/app/files/helm-release.yaml b/kubernetes/thin/apps/traefik/app/files/helm-release.yaml new file mode 100644 index 0000000..6870c99 --- /dev/null +++ b/kubernetes/thin/apps/traefik/app/files/helm-release.yaml @@ -0,0 +1,87 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: traefik + namespace: traefik +spec: + interval: 5m + chart: + spec: + chart: traefik + version: '30.1.0' + sourceRef: + kind: HelmRepository + name: traefik-charts + namespace: flux-system + interval: 1m + values: + additionalArguments: + - --api.insecure + + logs: + general: + level: DEBUG + + providers: + kubernetesCRD: + enabled: true + allowCrossNamespace: false + allowExternalNameServices: false + allowEmptyServices: false + namespaces: [] + + kubernetesIngress: + enabled: true + allowExternalNameServices: false + allowEmptyServices: false + namespaces: [] + publishedService: + enabled: false + + ports: + traefik: + port: 9000 + expose: + default: false + exposedPort: 9000 + protocol: TCP + + web: + port: 8000 + #nodePort: 30080 + expose: + default: true + redirectTo: + port: websecure + protocol: TCP + + websecure: + port: 8443 + #nodePort: 30443 + expose: + default: true + protocol: TCP + tls: + enabled: true + + metrics: + port: 9100 + expose: + default: false + protocol: TCP + + # Disable Dashboard + ingressRoute: + dashboard: + enabled: false + + # Set Traefik as your default Ingress Controller, according to Kubernetes 1.19+ changes. + ingressClass: + enabled: true + isDefaultClass: true + + metrics: + prometheus: + entryPoint: metrics + + namespaceOverride: traefik diff --git a/kubernetes/thin/apps/traefik/app/files/helm-repository.yaml b/kubernetes/thin/apps/traefik/app/files/helm-repository.yaml new file mode 100644 index 0000000..cb2e806 --- /dev/null +++ b/kubernetes/thin/apps/traefik/app/files/helm-repository.yaml @@ -0,0 +1,8 @@ +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: traefik-charts + namespace: flux-system +spec: + interval: 1m + url: https://traefik.github.io/charts diff --git a/kubernetes/thin/apps/traefik/app/files/kustomization.yaml b/kubernetes/thin/apps/traefik/app/files/kustomization.yaml new file mode 100644 index 0000000..191a565 --- /dev/null +++ b/kubernetes/thin/apps/traefik/app/files/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ./namespace.yaml +- ./helm-repository.yaml +- ./helm-release.yaml +- ./dashboard-ingress.yaml \ No newline at end of file diff --git a/kubernetes/thin/apps/traefik/app/files/namespace.yaml b/kubernetes/thin/apps/traefik/app/files/namespace.yaml new file mode 100644 index 0000000..c30b28b --- /dev/null +++ b/kubernetes/thin/apps/traefik/app/files/namespace.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: traefik + labels: + name: traefik \ No newline at end of file diff --git a/kubernetes/thin/apps/traefik/app/ks.yaml b/kubernetes/thin/apps/traefik/app/ks.yaml new file mode 100644 index 0000000..d514965 --- /dev/null +++ b/kubernetes/thin/apps/traefik/app/ks.yaml @@ -0,0 +1,25 @@ +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: traefik + namespace: flux-system +spec: + timeout: 5m + interval: 10m + path: ./kubernetes/common/apps/traefik/app/files + prune: true + sourceRef: + kind: GitRepository + name: home-cluster + decryption: + provider: sops + secretRef: + name: sops-gpg + postBuild: + substitute: {} + substituteFrom: + - kind: ConfigMap + name: cluster-settings + - kind: Secret + name: cluster-secrets \ No newline at end of file diff --git a/kubernetes/thin/apps/traefik/extra/files/default-tls-store.yaml b/kubernetes/thin/apps/traefik/extra/files/default-tls-store.yaml new file mode 100644 index 0000000..9a38626 --- /dev/null +++ b/kubernetes/thin/apps/traefik/extra/files/default-tls-store.yaml @@ -0,0 +1,9 @@ +apiVersion: traefik.io/v1alpha1 +kind: TLSStore +metadata: + name: default + namespace: traefik + +spec: + defaultCertificate: + secretName: wildcard-main-tls \ No newline at end of file diff --git a/kubernetes/thin/apps/traefik/extra/files/kustomization.yaml b/kubernetes/thin/apps/traefik/extra/files/kustomization.yaml new file mode 100644 index 0000000..4dfa729 --- /dev/null +++ b/kubernetes/thin/apps/traefik/extra/files/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ./default-tls-store.yaml \ No newline at end of file diff --git a/kubernetes/thin/apps/traefik/extra/ks.yaml b/kubernetes/thin/apps/traefik/extra/ks.yaml new file mode 100644 index 0000000..53e157d --- /dev/null +++ b/kubernetes/thin/apps/traefik/extra/ks.yaml @@ -0,0 +1,30 @@ + +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: traefik-default-tls + namespace: flux-system +spec: + timeout: 5m + interval: 10m + path: ./kubernetes/common/apps/traefik/extra/files + prune: true + sourceRef: + kind: GitRepository + name: home-cluster + decryption: + provider: sops + secretRef: + name: sops-gpg + dependsOn: + - name: traefik + namespace: flux-system + postBuild: + substitute: {} + substituteFrom: + - kind: ConfigMap + name: cluster-settings + - kind: Secret + name: cluster-secrets \ No newline at end of file diff --git a/kubernetes/thin/apps/traefik/kustomization.yaml b/kubernetes/thin/apps/traefik/kustomization.yaml new file mode 100644 index 0000000..c2d4a00 --- /dev/null +++ b/kubernetes/thin/apps/traefik/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ./app/ks.yaml +- ./extra/ks.yaml \ No newline at end of file