Add a cluster of thin clients #399

Merged
SeanOMik merged 27 commits from feat/thin-cluster into main 2024-09-19 23:11:39 +00:00
32 changed files with 339 additions and 66 deletions
Showing only changes of commit 63ad2c9c31 - Show all commits

View File

@ -14,7 +14,7 @@ spec:
name: jetstack-charts
namespace: flux-system
values:
installCRDs: false
installCRDs: true
webhook:
enabled: true
extraArgs:
@ -26,8 +26,8 @@ spec:
nameservers:
- "1.1.1.1"
- "9.9.9.9"
prometheus:
servicemonitor:
enabled: true
labels:
release: kube-prometheus-stack
# prometheus:
# servicemonitor:
# enabled: false
# labels:
# release: kube-prometheus-stack

View File

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./helm-release.yaml

View File

@ -0,0 +1,25 @@
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: metallb
namespace: flux-system
spec:
timeout: 5m
interval: 10m
path: ./kubernetes/common/apps/metallb/app/files
prune: true
sourceRef:
kind: GitRepository
name: home-cluster
decryption:
provider: sops
secretRef:
name: sops-gpg
postBuild:
substitute: {}
substituteFrom:
- kind: ConfigMap
name: cluster-settings
- kind: Secret
name: cluster-secrets

View File

@ -2,5 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./namespace.yaml
- ./helm-release.yaml
- ./metallb-static-ips.yaml
- ./app/ks.yaml
- ./pool/ks.yaml

View File

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./metallb-static-ip

View File

@ -0,0 +1,28 @@
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: metallb-pool
namespace: flux-system
spec:
timeout: 5m
interval: 10m
path: ./kubernetes/common/apps/metallb/pool/files
prune: true
sourceRef:
kind: GitRepository
name: home-cluster
decryption:
provider: sops
secretRef:
name: sops-gpg
dependsOn:
- name: metallb
namespace: flux-system
postBuild:
substitute: {}
substituteFrom:
- kind: ConfigMap
name: cluster-settings
- kind: Secret
name: cluster-secrets

View File

@ -0,0 +1,25 @@
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: traefik
namespace: flux-system
spec:
timeout: 5m
interval: 10m
path: ./kubernetes/common/apps/traefik/app/files
prune: true
sourceRef:
kind: GitRepository
name: home-cluster
decryption:
provider: sops
secretRef:
name: sops-gpg
postBuild:
substitute: {}
substituteFrom:
- kind: ConfigMap
name: cluster-settings
- kind: Secret
name: cluster-secrets

View File

@ -0,0 +1,30 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: traefik-default-tls
namespace: flux-system
spec:
timeout: 5m
interval: 10m
path: ./kubernetes/common/apps/traefik/extra/files
prune: true
sourceRef:
kind: GitRepository
name: home-cluster
decryption:
provider: sops
secretRef:
name: sops-gpg
dependsOn:
- name: traefik
namespace: flux-system
postBuild:
substitute: {}
substituteFrom:
- kind: ConfigMap
name: cluster-settings
- kind: Secret
name: cluster-secrets

View File

@ -1,54 +0,0 @@
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: traefik
namespace: flux-system
spec:
timeout: 5m
interval: 10m
path: ./kubernetes/common/apps/traefik/app
prune: true
sourceRef:
kind: GitRepository
name: home-cluster
decryption:
provider: sops
secretRef:
name: sops-gpg
postBuild:
substitute: {}
substituteFrom:
- kind: ConfigMap
name: cluster-settings
- kind: Secret
name: cluster-secrets
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: traefik-default-tls
namespace: flux-system
spec:
timeout: 5m
interval: 10m
path: ./kubernetes/common/apps/traefik/extra
prune: true
sourceRef:
kind: GitRepository
name: home-cluster
decryption:
provider: sops
secretRef:
name: sops-gpg
dependsOn:
- name: traefik
namespace: flux-system
postBuild:
substitute: {}
substituteFrom:
- kind: ConfigMap
name: cluster-settings
- kind: Secret
name: cluster-secrets

View File

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./app/ks.yaml
- ./extra/ks.yaml

View File

@ -5,7 +5,7 @@ resources:
- ./helm-repositories.yaml
- ../../common/apps/cert-manager
- ../../common/apps/metallb
- ../../common/apps/traefik/ks.yaml
- ../../common/apps/traefik
# storage
- ./longhorn
- ./openebs

View File

@ -2,9 +2,10 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./helm-repositories.yaml
- ./main-ip-pool.yaml
#- ./main-ip-pool.yaml
- ../../common/apps/cert-manager
- ../../common/apps/traefik/ks.yaml
- ../../common/apps/metallb
- ../../common/apps/traefik
# storage
#- ../../common/apps/openebs

View File

@ -5,4 +5,4 @@ metadata:
spec:
blocks:
- start: "192.168.1.50"
stop: "192.168.1.60"
stop: "192.168.1.59"

View File

@ -0,0 +1,24 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: traefik-dash-ingress
namespace: traefik
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
spec:
rules:
- host: "traefik.${SECRET_DOMAIN}"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: traefik
port:
number: 9000
tls:
- hosts:
- "${SECRET_DOMAIN}"
- "traefik.${SECRET_DOMAIN}"

View File

@ -0,0 +1,87 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: traefik
namespace: traefik
spec:
interval: 5m
chart:
spec:
chart: traefik
version: '30.1.0'
sourceRef:
kind: HelmRepository
name: traefik-charts
namespace: flux-system
interval: 1m
values:
additionalArguments:
- --api.insecure
logs:
general:
level: DEBUG
providers:
kubernetesCRD:
enabled: true
allowCrossNamespace: false
allowExternalNameServices: false
allowEmptyServices: false
namespaces: []
kubernetesIngress:
enabled: true
allowExternalNameServices: false
allowEmptyServices: false
namespaces: []
publishedService:
enabled: false
ports:
traefik:
port: 9000
expose:
default: false
exposedPort: 9000
protocol: TCP
web:
port: 8000
#nodePort: 30080
expose:
default: true
redirectTo:
port: websecure
protocol: TCP
websecure:
port: 8443
#nodePort: 30443
expose:
default: true
protocol: TCP
tls:
enabled: true
metrics:
port: 9100
expose:
default: false
protocol: TCP
# Disable Dashboard
ingressRoute:
dashboard:
enabled: false
# Set Traefik as your default Ingress Controller, according to Kubernetes 1.19+ changes.
ingressClass:
enabled: true
isDefaultClass: true
metrics:
prometheus:
entryPoint: metrics
namespaceOverride: traefik

View File

@ -0,0 +1,8 @@
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: traefik-charts
namespace: flux-system
spec:
interval: 1m
url: https://traefik.github.io/charts

View File

@ -0,0 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./namespace.yaml
- ./helm-repository.yaml
- ./helm-release.yaml
- ./dashboard-ingress.yaml

View File

@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: traefik
labels:
name: traefik

View File

@ -0,0 +1,25 @@
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: traefik
namespace: flux-system
spec:
timeout: 5m
interval: 10m
path: ./kubernetes/common/apps/traefik/app/files
prune: true
sourceRef:
kind: GitRepository
name: home-cluster
decryption:
provider: sops
secretRef:
name: sops-gpg
postBuild:
substitute: {}
substituteFrom:
- kind: ConfigMap
name: cluster-settings
- kind: Secret
name: cluster-secrets

View File

@ -0,0 +1,9 @@
apiVersion: traefik.io/v1alpha1
kind: TLSStore
metadata:
name: default
namespace: traefik
spec:
defaultCertificate:
secretName: wildcard-main-tls

View File

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./default-tls-store.yaml

View File

@ -0,0 +1,30 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: traefik-default-tls
namespace: flux-system
spec:
timeout: 5m
interval: 10m
path: ./kubernetes/common/apps/traefik/extra/files
prune: true
sourceRef:
kind: GitRepository
name: home-cluster
decryption:
provider: sops
secretRef:
name: sops-gpg
dependsOn:
- name: traefik
namespace: flux-system
postBuild:
substitute: {}
substituteFrom:
- kind: ConfigMap
name: cluster-settings
- kind: Secret
name: cluster-secrets

View File

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./app/ks.yaml
- ./extra/ks.yaml