K3S-Cluster/home-cluster-ops
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #534 from 3dwardch3ng/misc

Browse Source 
update scripts
This commit is contained in:
Edward Cheng
2024-07-18 15:56:53 +10:00
committed by GitHub
parent 142af8e582 b7587f8226
commit 5d6d3bb986
6 changed files with 2 additions and 90 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
scripts/2.install-argocd.sh
View File

@@ -6,6 +6,7 @@ kubectl create namespace argocd || echo "Namespace argocd already exists"
helm repo add argo https://argoproj.github.io/argo-helm || echo "Argo repo already exists" helm repo add argo https://argoproj.github.io/argo-helm || echo "Argo repo already exists"
helm repo update || echo "Failed to update helm repos" helm repo update || echo "Failed to update helm repos"
helm upgrade --install argocd -n argocd -f argocd-values.yaml argo/argo-cd --version 7.3.6 helm upgrade --install argocd -n argocd -f argocd-values.yaml argo/argo-cd --version 7.3.6
#kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.9.18/manifests/ha/install.yaml
helm plugin install https://github.com/jkroepke/helm-secrets helm plugin install https://github.com/jkroepke/helm-secrets
#Check repo server secret accessibility #Check repo server secret accessibility

0
scripts/5.install-sealed-secrets.sh → scripts/3.install-sealed-secrets.sh
View File

7
scripts/3.install-sops.sh
View File

@@ -1,7 +0,0 @@
#!/bin/bash
set -e
curl -LO https://github.com/getsops/sops/releases/download/v3.8.1/sops-v3.8.1.linux.arm64 &&
sudo mv sops-v3.8.1.linux.arm64 /usr/local/bin/sops &&
chmod +x /usr/local/bin/sops
sudo apt install age -y

7
scripts/4.add-age-key.sh
View File

@@ -1,7 +0,0 @@
#!/bin/bash
set -e
cat /mnt/nfs/agekey/age.agekey |
kubectl create secret generic sops-age \
--namespace=argocd \
--from-file=age.agekey=/dev/stdin

0
scripts/4.install-argocd-ingress.sh Normal file
View File

77
scripts/argocd-values.yaml
View File

@@ -32,81 +32,6 @@ redis-ha:
enabled: true enabled: true
server: server:
env:
- name: HELM_PLUGINS
value: /gitops-tools/helm-plugins/
- name: HELM_SECRETS_CURL_PATH
value: /gitops-tools/curl
- name: HELM_SECRETS_SOPS_PATH
value: /gitops-tools/sops
- name: HELM_SECRETS_VALS_PATH
value: /gitops-tools/vals
- name: HELM_SECRETS_KUBECTL_PATH
value: /gitops-tools/kubectl
- name: HELM_SECRETS_BACKEND
value: sops
- name: HELM_SECRETS_VALUES_ALLOW_SYMLINKS
value: "false"
- name: HELM_SECRETS_VALUES_ALLOW_ABSOLUTE_PATH
value: "true"
- name: HELM_SECRETS_VALUES_ALLOW_PATH_TRAVERSAL
value: "false"
- name: HELM_SECRETS_WRAPPER_ENABLED
value: "true"
- name: HELM_SECRETS_DECRYPT_SECRETS_IN_TMP_DIR
value: "true"
- name: HELM_SECRETS_HELM_PATH
value: /usr/local/bin/helm
- name: SOPS_AGE_KEY_FILE
# Multiple keys can be separated by space
value: /helm-secrets-private-keys/age.agekey
initContainers:
- name: download-tools
image: alpine:latest
imagePullPolicy: IfNotPresent
command: [ sh, -ec ]
env:
- name: HELM_SECRETS_VERSION
value: "4.6.0"
- name: KUBECTL_VERSION
value: "1.30.2"
- name: VALS_VERSION
value: "0.37.3"
- name: SOPS_VERSION
value: "3.9.0"
args:
- |
mkdir -p /gitops-tools/helm-plugins
GO_ARCH=$(uname -m | sed -e 's/x86_64/amd64/')
wget -qO /gitops-tools/curl https://github.com/moparisthebest/static-curl/releases/latest/download/curl-${GO_ARCH}
GO_ARCH=$(uname -m | sed -e 's/x86_64/amd64/' -e 's/\(arm\)\(64\)\?.*/\1\2/' -e 's/aarch64$/arm64/') && \
wget -qO /gitops-tools/kubectl https://dl.k8s.io/release/v${KUBECTL_VERSION}/bin/linux/${GO_ARCH}/kubectl
wget -qO /gitops-tools/sops https://github.com/getsops/sops/releases/download/v${SOPS_VERSION}/sops-v${SOPS_VERSION}.linux.${GO_ARCH}
wget -qO- https://github.com/helmfile/vals/releases/download/v${VALS_VERSION}/vals_${VALS_VERSION}_linux_${GO_ARCH}.tar.gz | tar zxv -C /gitops-tools vals
wget -qO- https://github.com/jkroepke/helm-secrets/releases/download/v${HELM_SECRETS_VERSION}/helm-secrets.tar.gz | tar -C /gitops-tools/helm-plugins -xzf-
chmod +x /gitops-tools/*
cp /gitops-tools/helm-plugins/helm-secrets/scripts/wrapper/helm.sh /gitops-tools/helm
volumeMounts:
- mountPath: /gitops-tools
name: gitops-tools
volumes:
- name: gitops-tools
emptyDir: { }
# kubectl create secret generic helm-secrets-private-keys --from-file=key.asc=assets/gpg/private2.gpg
- name: helm-secrets-private-keys
secret:
secretName: sops-age
volumeMounts:
- mountPath: /gitops-tools
name: gitops-tools
- mountPath: /usr/local/sbin/helm
subPath: helm
name: gitops-tools
- mountPath: /helm-secrets-private-keys/
name: helm-secrets-private-keys
autoscaling: autoscaling:
enabled: true enabled: true
minReplicas: 2 minReplicas: 2
@@ -121,7 +46,7 @@ server:
service: service:
type: NodePort type: NodePort
ingress: ingress:
# enabled: true enabled: true
annotations: annotations:
nginx.ingress.kubernetes.io/force-ssl-redirect: "true" nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/ssl-passthrough: "true" nginx.ingress.kubernetes.io/ssl-passthrough: "true"