From 179c947bf13c9a6065f968e983f0bd30332b2763 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Tue, 11 Jun 2024 01:28:33 +1000 Subject: [PATCH 1/5] fix dependency issue --- kubernetes/apps/cert-manager/cert-manager.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/kubernetes/apps/cert-manager/cert-manager.yaml b/kubernetes/apps/cert-manager/cert-manager.yaml index ec2e313..bac36a8 100644 --- a/kubernetes/apps/cert-manager/cert-manager.yaml +++ b/kubernetes/apps/cert-manager/cert-manager.yaml @@ -35,7 +35,6 @@ spec: name: flux-system dependsOn: - name: cert-manager-secrets - - name: flux-system postBuild: substituteFrom: - kind: Secret From 83fc15ae4096d3efda37c23aa2690713f89b487a Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Tue, 11 Jun 2024 01:52:09 +1000 Subject: [PATCH 2/5] adding common repos --- .../infrastructure/repositories/bitnami.yaml | 9 +++++++++ .../infrastructure/repositories/bjw-s.yaml | 9 +++++++++ .../repositories/external-dns.yaml | 8 ++++++++ .../infrastructure/repositories/gabe565.yaml | 9 +++++++++ .../repositories/home-cluster-ops-secrets.yaml | 13 +++++++++++++ .../repositories/kustomization.yaml | 4 ++++ .../repositories/prometheus-community.yaml | 8 ++++++++ .../repositories/repositories.yaml | 16 ++-------------- .../app/{helmrepository.yaml => repository.yaml} | 0 9 files changed, 62 insertions(+), 14 deletions(-) create mode 100644 kubernetes/infrastructure/repositories/bitnami.yaml create mode 100644 kubernetes/infrastructure/repositories/bjw-s.yaml create mode 100644 kubernetes/infrastructure/repositories/external-dns.yaml create mode 100644 kubernetes/infrastructure/repositories/gabe565.yaml create mode 100644 kubernetes/infrastructure/repositories/home-cluster-ops-secrets.yaml create mode 100644 kubernetes/infrastructure/repositories/kustomization.yaml create mode 100644 kubernetes/infrastructure/repositories/prometheus-community.yaml rename kubernetes/templates/apps/cert-manager/app/{helmrepository.yaml => repository.yaml} (100%) diff --git a/kubernetes/infrastructure/repositories/bitnami.yaml b/kubernetes/infrastructure/repositories/bitnami.yaml new file mode 100644 index 0000000..3a3cda7 --- /dev/null +++ b/kubernetes/infrastructure/repositories/bitnami.yaml @@ -0,0 +1,9 @@ +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: bitnami + namespace: flux-system +spec: + interval: 1h + type: oci + url: oci://registry-1.docker.io/bitnamicharts diff --git a/kubernetes/infrastructure/repositories/bjw-s.yaml b/kubernetes/infrastructure/repositories/bjw-s.yaml new file mode 100644 index 0000000..00ff034 --- /dev/null +++ b/kubernetes/infrastructure/repositories/bjw-s.yaml @@ -0,0 +1,9 @@ +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: bjw-s + namespace: flux-system +spec: + interval: 1h + type: oci + url: oci://ghcr.io/bjw-s/helm diff --git a/kubernetes/infrastructure/repositories/external-dns.yaml b/kubernetes/infrastructure/repositories/external-dns.yaml new file mode 100644 index 0000000..d211bb7 --- /dev/null +++ b/kubernetes/infrastructure/repositories/external-dns.yaml @@ -0,0 +1,8 @@ +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: external-dns + namespace: flux-system +spec: + interval: 1h + url: https://kubernetes-sigs.github.io/external-dns/ diff --git a/kubernetes/infrastructure/repositories/gabe565.yaml b/kubernetes/infrastructure/repositories/gabe565.yaml new file mode 100644 index 0000000..c3ce81a --- /dev/null +++ b/kubernetes/infrastructure/repositories/gabe565.yaml @@ -0,0 +1,9 @@ +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: gabe565 + namespace: flux-system +spec: + interval: 1h + type: oci + url: oci://ghcr.io/gabe565/charts diff --git a/kubernetes/infrastructure/repositories/home-cluster-ops-secrets.yaml b/kubernetes/infrastructure/repositories/home-cluster-ops-secrets.yaml new file mode 100644 index 0000000..2bc806d --- /dev/null +++ b/kubernetes/infrastructure/repositories/home-cluster-ops-secrets.yaml @@ -0,0 +1,13 @@ +apiVersion: source.toolkit.fluxcd.io/v1 +kind: GitRepository +metadata: + name: home-cluster-ops-secrets + namespace: flux-system +spec: + interval: 10m0s + ref: + branch: main + secretRef: + name: flux-system + timeout: 60s + url: https://github.com/3dwardch3ng/home-cluster-ops-secrets.git \ No newline at end of file diff --git a/kubernetes/infrastructure/repositories/kustomization.yaml b/kubernetes/infrastructure/repositories/kustomization.yaml new file mode 100644 index 0000000..9769c46 --- /dev/null +++ b/kubernetes/infrastructure/repositories/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - repositories.yaml diff --git a/kubernetes/infrastructure/repositories/prometheus-community.yaml b/kubernetes/infrastructure/repositories/prometheus-community.yaml new file mode 100644 index 0000000..e6c9333 --- /dev/null +++ b/kubernetes/infrastructure/repositories/prometheus-community.yaml @@ -0,0 +1,8 @@ +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: prometheus-community + namespace: flux-system +spec: + interval: 1h + url: https://prometheus-community.github.io/helm-charts diff --git a/kubernetes/infrastructure/repositories/repositories.yaml b/kubernetes/infrastructure/repositories/repositories.yaml index 039b666..8c3c98f 100644 --- a/kubernetes/infrastructure/repositories/repositories.yaml +++ b/kubernetes/infrastructure/repositories/repositories.yaml @@ -1,22 +1,10 @@ -apiVersion: source.toolkit.fluxcd.io/v1 -kind: GitRepository -metadata: - name: home-cluster-ops-secrets - namespace: flux-system -spec: - interval: 10m0s - ref: - branch: main - secretRef: - name: flux-system - timeout: 60s - url: https://github.com/3dwardch3ng/home-cluster-ops-secrets.git + --- # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/gitrepository_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: - name: home-cluster-ops-secrets-repo + name: repositories namespace: flux-system spec: interval: 5m diff --git a/kubernetes/templates/apps/cert-manager/app/helmrepository.yaml b/kubernetes/templates/apps/cert-manager/app/repository.yaml similarity index 100% rename from kubernetes/templates/apps/cert-manager/app/helmrepository.yaml rename to kubernetes/templates/apps/cert-manager/app/repository.yaml From 5940896dd3a1b0fb3dae84b64954e00249438e9d Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Tue, 11 Jun 2024 01:53:17 +1000 Subject: [PATCH 3/5] refactor --- .../apps/cert-manager/app/{helmrelease.yaml => release.yaml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename kubernetes/templates/apps/cert-manager/app/{helmrelease.yaml => release.yaml} (100%) diff --git a/kubernetes/templates/apps/cert-manager/app/helmrelease.yaml b/kubernetes/templates/apps/cert-manager/app/release.yaml similarity index 100% rename from kubernetes/templates/apps/cert-manager/app/helmrelease.yaml rename to kubernetes/templates/apps/cert-manager/app/release.yaml From 47c1068cdbc3eef8ae142fb2c55fe63600e09d3b Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Tue, 11 Jun 2024 01:54:22 +1000 Subject: [PATCH 4/5] update repo config --- .../infrastructure/repositories/home-cluster-ops-secrets.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubernetes/infrastructure/repositories/home-cluster-ops-secrets.yaml b/kubernetes/infrastructure/repositories/home-cluster-ops-secrets.yaml index 2bc806d..7591dc6 100644 --- a/kubernetes/infrastructure/repositories/home-cluster-ops-secrets.yaml +++ b/kubernetes/infrastructure/repositories/home-cluster-ops-secrets.yaml @@ -4,7 +4,7 @@ metadata: name: home-cluster-ops-secrets namespace: flux-system spec: - interval: 10m0s + interval: 5m0s ref: branch: main secretRef: From 2b11a2eec7ef65816203d612c2ae95335d792fd8 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Tue, 11 Jun 2024 02:30:17 +1000 Subject: [PATCH 5/5] add ingress-nginx app --- .../config/ingress-configmap.yaml | 27 +++++ .../ingress-nginx/ingress-nginx.yaml | 48 +++++++++ .../ingress-nginx/kustomization.yaml | 4 + .../infrastructure/ingress-nginx/values.yaml | 9 ++ .../apps/ingress-nginx/namespace.yaml | 4 + .../templates/apps/ingress-nginx/release.yaml | 98 +++++++++++++++++++ .../apps/ingress-nginx/repository.yaml | 8 ++ 7 files changed, 198 insertions(+) create mode 100644 kubernetes/infrastructure/ingress-nginx/config/ingress-configmap.yaml create mode 100644 kubernetes/infrastructure/ingress-nginx/ingress-nginx.yaml create mode 100644 kubernetes/infrastructure/ingress-nginx/kustomization.yaml create mode 100644 kubernetes/infrastructure/ingress-nginx/values.yaml create mode 100644 kubernetes/templates/apps/ingress-nginx/namespace.yaml create mode 100644 kubernetes/templates/apps/ingress-nginx/release.yaml create mode 100644 kubernetes/templates/apps/ingress-nginx/repository.yaml diff --git a/kubernetes/infrastructure/ingress-nginx/config/ingress-configmap.yaml b/kubernetes/infrastructure/ingress-nginx/config/ingress-configmap.yaml new file mode 100644 index 0000000..e6615e4 --- /dev/null +++ b/kubernetes/infrastructure/ingress-nginx/config/ingress-configmap.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: tcp-services + namespace: ingress-nginx +data: + 53: "adguard-home/adguard-home:53" + 853: "adguard-home/adguard-home:853" + 5443: "adguard-home/adguard-home:5443" + 6060: "adguard-home/adguard-home:6060" + 10080: "adguard-home/adguard-home:80" + 10443: "adguard-home/adguard-home:443" + 13000: "adguard-home/adguard-home::3000" +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: udp-services + namespace: ingress-nginx +data: + 53: "adguard-home/adguard-home:53" + 67: "adguard-home/adguard-home:67" + 68: "adguard-home/adguard-home:68" + 853: "adguard-home/adguard-home:853" + 5443: "adguard-home/adguard-home:5443" + 10443: "adguard-home/adguard-home:443" + 13000: "adguard-home/adguard-home:3000" diff --git a/kubernetes/infrastructure/ingress-nginx/ingress-nginx.yaml b/kubernetes/infrastructure/ingress-nginx/ingress-nginx.yaml new file mode 100644 index 0000000..9037f19 --- /dev/null +++ b/kubernetes/infrastructure/ingress-nginx/ingress-nginx.yaml @@ -0,0 +1,48 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: ingress-nginx-config + namespace: ingress-nginx +spec: + interval: 1h + targetNamespace: ingress-nginx + path: ./kubernetes/infrastructure/ingress-nginx/config + prune: true + sourceRef: + kind: GitRepository + namespace: flux-system + name: flux-system +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: ingress-nginx + namespace: ingress-nginx +spec: + interval: 1h + targetNamespace: ingress-nginx + path: ./kubernetes/templates/apps/ingress-nginx + prune: true + sourceRef: + kind: GitRepository + namespace: flux-system + name: flux-system + dependsOn: + - name: ingress-nginx-config + postBuild: + substituteFrom: + - kind: Secret + name: app-vars + - kind: ConfigMap + name: ingress-nginx-values + patches: + - target: + kind: Deployment + name: ingress-nginx-controller + patch: | + - op: add + path: /spec/template/spec/containers/0/args/- + value: --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services + - op: add + path: /spec/template/spec/containers/0/args/- + value: --udp-services-configmap=$(POD_NAMESPACE)/udp-services diff --git a/kubernetes/infrastructure/ingress-nginx/kustomization.yaml b/kubernetes/infrastructure/ingress-nginx/kustomization.yaml new file mode 100644 index 0000000..158bf74 --- /dev/null +++ b/kubernetes/infrastructure/ingress-nginx/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ingress-nginx.yaml diff --git a/kubernetes/infrastructure/ingress-nginx/values.yaml b/kubernetes/infrastructure/ingress-nginx/values.yaml new file mode 100644 index 0000000..f954662 --- /dev/null +++ b/kubernetes/infrastructure/ingress-nginx/values.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: ingress-nginx-values + namespace: ingress-nginx +data: + load_balancer_ip: "192.168.0.180" + use_geoip2: "false" + metrics_enabled: "true" \ No newline at end of file diff --git a/kubernetes/templates/apps/ingress-nginx/namespace.yaml b/kubernetes/templates/apps/ingress-nginx/namespace.yaml new file mode 100644 index 0000000..6878f0b --- /dev/null +++ b/kubernetes/templates/apps/ingress-nginx/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: ingress-nginx diff --git a/kubernetes/templates/apps/ingress-nginx/release.yaml b/kubernetes/templates/apps/ingress-nginx/release.yaml new file mode 100644 index 0000000..dcfad7a --- /dev/null +++ b/kubernetes/templates/apps/ingress-nginx/release.yaml @@ -0,0 +1,98 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: ingress-nginx + namespace: ingress-nginx +spec: + interval: 1h + driftDetection: + mode: enabled + chart: + spec: + chart: ingress-nginx + version: 4.10.1 + sourceRef: + kind: HelmRepository + namespace: ingress-nginx + name: ingress-nginx + interval: 1h + values: + rbac: + create: true + + controller: + priorityClassName: system-cluster-critical + + extraArgs: + update-status-on-shutdown: "false" + + podLabels: + rpi5.cluster.policy/egress-kubeapi: "true" + rpi5.cluster.policy/egress-namespace: "true" + rpi5.cluster.policy/egress-world-with-lan: "true" + rpi5.cluster.policy/ingress-nodes: "true" + rpi5.cluster.policy/ingress-prometheus: "true" + rpi5.cluster.policy/ingress-world: "true" + + allowSnippetAnnotations: true + + maxmindLicenseKey: ${geoip_license_key} + + config: + proxy-buffer-size: 16k + use-gzip: ${use_gzip:=true} + enable-brotli: ${enable_brotli:=true} + hsts-max-age: ${hsts_max_age:=31536000} + hsts-preload: ${hsts_preload:=true} + disable-ipv6: ${disable_ipv6:=true} + disable-ipv6-dns: ${disable_ipv6_dns:=true} + keep-alive-requests: ${keep_alive_requests:=1000} + use-geoip2: ${use_geoip2:=true} + custom-http-errors: 401,403,404,500,501,502,503,504 + + extraEnvs: + - name: TZ + value: Australia/Sydney + + addHeaders: + Referrer-Policy: same-origin, strict-origin-when-cross-origin + X-Content-Type-Options: nosniff + X-Frame-Options: SAMEORIGIN + X-XSS-Protection: 1; mode=block + + ingressClassResource: + default: true + + service: + externalTrafficPolicy: Local + loadBalancerIP: ${load_balancer_ip} + ipFamilyPolicy: PreferDualStack + + metrics: + enabled: ${metrics_enabled:=false} + serviceMonitor: + enabled: ${metrics_enabled:=false} + scrapeInterval: 1m + + admissionWebhooks: + labels: + rpi5.cluster.policy/egress-kubeapi: "true" + patch: + labels: + rpi5.cluster.policy/egress-kubeapi: "true" + + defaultBackend: + enabled: true + image: + repository: ghcr.io/tarampampam/error-pages + tag: 2.27.0@sha256:40e2631173b1a407c18fe7d1ba8104d995cf9e4780d123eeadfa1d57c68eaf4f + pullPolicy: IfNotPresent + extraEnvs: + - name: TEMPLATE_NAME + value: connection + - name: SHOW_DETAILS + value: "true" + - name: READ_BUFFER_SIZE + value: "8192" + podLabels: + rpi5.cluster.policy/ingress-namespace: "true" diff --git a/kubernetes/templates/apps/ingress-nginx/repository.yaml b/kubernetes/templates/apps/ingress-nginx/repository.yaml new file mode 100644 index 0000000..0f6103d --- /dev/null +++ b/kubernetes/templates/apps/ingress-nginx/repository.yaml @@ -0,0 +1,8 @@ +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: ingress-nginx + namespace: ingress-nginx +spec: + interval: 1h + url: https://kubernetes.github.io/ingress-nginx