From 3381e7d5294dc4b5443e2a1240f8fac3643eded9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Simen=20R=C3=B8stvik?= Date: Tue, 13 Dec 2022 16:18:52 +0100 Subject: [PATCH] start again, again --- Charts/argo-cd/values.yaml | 58 ++++++------ apps/templates/applications.yaml | 22 ----- apps/templates/authentik.yaml | 81 ---------------- apps/templates/cert-manager.yaml | 54 ----------- apps/templates/ci.yaml | 24 ----- apps/templates/loki.yaml | 27 ------ apps/templates/metallb.yaml | 39 -------- apps/templates/metrics-server.yaml | 25 ----- apps/templates/prometheus.yaml | 69 -------------- apps/templates/traefik.yaml | 145 ----------------------------- 10 files changed, 29 insertions(+), 515 deletions(-) delete mode 100644 apps/templates/applications.yaml delete mode 100644 apps/templates/authentik.yaml delete mode 100644 apps/templates/cert-manager.yaml delete mode 100644 apps/templates/ci.yaml delete mode 100644 apps/templates/loki.yaml delete mode 100644 apps/templates/metallb.yaml delete mode 100644 apps/templates/metrics-server.yaml delete mode 100644 apps/templates/prometheus.yaml delete mode 100644 apps/templates/traefik.yaml diff --git a/Charts/argo-cd/values.yaml b/Charts/argo-cd/values.yaml index 54e4243..19365a1 100644 --- a/Charts/argo-cd/values.yaml +++ b/Charts/argo-cd/values.yaml @@ -11,29 +11,29 @@ argo-cd: extraArgs: - --insecure - ingress: - enabled: true - ingressClassName: traefik - annotations: - cert-manager.io/acme-challenge-type: dns01 - cert-manager.io/cluster-issuer: roxedus.com-cloudflare - hosts: - - argo.roxedus.com - tls: - - hosts: - - argo.roxedus.com - secretName: argo-roxedus-com-cert + # ingress: + # enabled: true + # ingressClassName: traefik + # annotations: + # cert-manager.io/acme-challenge-type: dns01 + # cert-manager.io/cluster-issuer: roxedus.com-cloudflare + # hosts: + # - argo.roxedus.com + # tls: + # - hosts: + # - argo.roxedus.com + # secretName: argo-roxedus-com-cert config: accounts.roxedus: apiKey, login - accounts.admin.enabled: "false" + # accounts.admin.enabled: "false" repositories: | - type: helm name: argo-cd url: https://argoproj.github.io/argo-helm configs: cm: - admin.enabled: false + # admin.enabled: false url: https://argo.roxedus.com resource.customizations.health.networking.k8s.io_Ingress: | @@ -64,19 +64,19 @@ argo-cd: hs.message = "Waiting for certificate" return hs - dex.config: | + # dex.config: | - connectors: - - config: - issuer: https://authentik.roxedus.com/application/o/argo/ - clientID: 509095b1ecd5117c95b9a2879d1cbcd5adc0b5d9 - clientSecret: $authentik-sso:oidc.auth0.clientSecret - insecureEnableGroups: true - scopes: - - openid - - profile - - email - - groups - name: authentik - type: oidc - id: authentik + # connectors: + # - config: + # issuer: https://authentik.roxedus.com/application/o/argo/ + # clientID: 509095b1ecd5117c95b9a2879d1cbcd5adc0b5d9 + # clientSecret: $authentik-sso:oidc.auth0.clientSecret + # insecureEnableGroups: true + # scopes: + # - openid + # - profile + # - email + # - groups + # name: authentik + # type: oidc + # id: authentik diff --git a/apps/templates/applications.yaml b/apps/templates/applications.yaml deleted file mode 100644 index 1aa3af0..0000000 --- a/apps/templates/applications.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: applications - namespace: argo-cd - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - destination: - server: https://kubernetes.default.svc - namespace: default - project: default - source: - path: Deployments/ - repoURL: https://git.roxedus.dev/Roxedus/Argo.git - targetRevision: HEAD - directory: - recurse: true - syncPolicy: - automated: - prune: true - selfHeal: true diff --git a/apps/templates/authentik.yaml b/apps/templates/authentik.yaml deleted file mode 100644 index 9dbf9be..0000000 --- a/apps/templates/authentik.yaml +++ /dev/null @@ -1,81 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: authentik - namespace: argo-cd - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - destination: - server: https://kubernetes.default.svc - namespace: authentik - project: default - source: - chart: authentik - helm: - values: | - - image: - repository: ghcr.io/goauthentik/server - tag: 2022.11.3 - - authentik: - error_reporting: - enabled: true - - ingress: - enabled: true - ingressClassName: traefik - annotations: - cert-manager.io/acme-challenge-type: dns01 - cert-manager.io/cluster-issuer: roxedus.com-cloudflare - hosts: - - host: authentik.roxedus.com - paths: - - path: "/" - pathType: Prefix - - tls: - - hosts: - - authentik.roxedus.com - secretName: authentik-roxedus-com-cert - - envValueFrom: - AUTHENTIK_POSTGRESQL__PASSWORD: - secretKeyRef: - key: postgresql-password - name: authentik-postgresql - - AUTHENTIK_SECRET_KEY: - secretKeyRef: - key: AUTHENTIK_SECRET_KEY - name: authentik-secret - - postgresql: - image: - registry: ghcr.io - repository: zcube/bitnami-compat/postgresql - tag: 11.18.0-debian-11-r39 - enabled: true - # auth: - # existingSecret: authentik-postgresql - # persistence: - # enabled: true - # storageClass: longhorn - # accessModes: - # - ReadWriteOnce - redis: - enabled: true - image: - registry: ghcr.io - repository: zcube/bitnami-compat/redis - tag: 6.2.7-debian-11-r39 - - repoURL: https://charts.goauthentik.io - targetRevision: 2022.11.3 - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true diff --git a/apps/templates/cert-manager.yaml b/apps/templates/cert-manager.yaml deleted file mode 100644 index dc9df2e..0000000 --- a/apps/templates/cert-manager.yaml +++ /dev/null @@ -1,54 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: cert-manager - namespace: argo-cd - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - destination: - server: https://kubernetes.default.svc - namespace: cert-manager - project: default - source: - chart: cert-manager - helm: - values: | - - prometheus: - enabled: false - - extraArgs: - - --enable-certificate-owner-ref=true - - --dns01-recursive-nameservers-only - - --dns01-recursive-nameservers=8.8.8.8:53,1.1.1.1:53 - - repoURL: https://charts.jetstack.io - targetRevision: 1.10.1 - - syncPolicy: - automated: - prune: true - selfHeal: true - ---- -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: roxedus.com-cloudflare - namespace: cert-manager -spec: - acme: - server: https://acme-v02.api.letsencrypt.org/directory - privateKeySecretRef: - name: cloudflare-issuer-account-key - solvers: - - dns01: - cloudflare: - apiTokenSecretRef: - name: cloudflare-api-token-secret - key: CLOUDFLARE_API_KEY - # selector: - # dnsNames: - # - 'roxedus.com' - # - '*.roxedus.com' diff --git a/apps/templates/ci.yaml b/apps/templates/ci.yaml deleted file mode 100644 index 40392d1..0000000 --- a/apps/templates/ci.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: ci - namespace: argo-cd - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - destination: - server: https://kubernetes.default.svc - namespace: ci - project: default - source: - path: CI/ - repoURL: https://git.roxedus.dev/Roxedus/Argo.git - targetRevision: HEAD - directory: - recurse: true - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true \ No newline at end of file diff --git a/apps/templates/loki.yaml b/apps/templates/loki.yaml deleted file mode 100644 index 972e63f..0000000 --- a/apps/templates/loki.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: loki - namespace: argo-cd - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - destination: - server: https://kubernetes.default.svc - namespace: prometheus - project: default - source: - chart: loki-stack - helm: - values: | - - test_pod: {} - - repoURL: https://grafana.github.io/helm-charts - targetRevision: 2.8.7 - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true diff --git a/apps/templates/metallb.yaml b/apps/templates/metallb.yaml deleted file mode 100644 index 0f1540b..0000000 --- a/apps/templates/metallb.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: metallb - namespace: argo-cd - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - destination: - server: https://kubernetes.default.svc - namespace: metallb-system - project: default - source: - chart: metallb - - repoURL: https://metallb.github.io/metallb - targetRevision: 0.13.7 - - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true ---- -apiVersion: metallb.io/v1beta1 -kind: IPAddressPool -metadata: - name: first-pool - namespace: metallb-system -spec: - addresses: - - 10.0.2.40-10.0.2.50 ---- -apiVersion: metallb.io/v1beta1 -kind: L2Advertisement -metadata: - name: first-pool-advertisement - namespace: metallb-system diff --git a/apps/templates/metrics-server.yaml b/apps/templates/metrics-server.yaml deleted file mode 100644 index e3a6ddc..0000000 --- a/apps/templates/metrics-server.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: metrics-server - namespace: argo-cd - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - destination: - server: https://kubernetes.default.svc - namespace: kube-system - project: default - source: - chart: metrics-server - helm: - values: | - args: - - --kubelet-insecure-tls - repoURL: https://kubernetes-sigs.github.io/metrics-server/ - targetRevision: 3.8.2 - - syncPolicy: - automated: - prune: true - selfHeal: true \ No newline at end of file diff --git a/apps/templates/prometheus.yaml b/apps/templates/prometheus.yaml deleted file mode 100644 index c41c0c7..0000000 --- a/apps/templates/prometheus.yaml +++ /dev/null @@ -1,69 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: prometheus - namespace: argo-cd - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - destination: - server: https://kubernetes.default.svc - namespace: prometheus - project: default - source: - chart: kube-prometheus-stack - helm: - values: | - - namespaceOverride: prometheus - - alertmanager.enabled: true - kubeApiServer.enabled: false - kubelet.enabled: false - kubeControllerManager.enabled: false - coreDns.enabled: false - kubeDns.enabled: false - kubeEtcd.enabled: false - kubeScheduler.enabled: false - kubeProxy.enabled: false - kubeStateMetrics.enabled: false - - grafana: - # persistence: - # enabled: true - # storageClassName: longhorn - env: - GF_SERVER_ROOT_URL: https://%(domain)s/ - GF_AUTH_GENERIC_OAUTH_ENABLED: "true" - GF_AUTH_GENERIC_OAUTH_NAME: authentik - GF_AUTH_GENERIC_OAUTH_SCOPES: openid profile email - GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://authentik.roxedus.com/application/o/authorize/ - GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://authentik.roxedus.com/application/o/token/ - GF_AUTH_GENERIC_OAUTH_API_URL: https://authentik.roxedus.com/application/o/userinfo/ - GF_AUTH_SIGNOUT_REDIRECT_URL: https://authentik.roxedus.com/application/o/grafana/ - GF_AUTH_OAUTH_AUTO_LOGIN: "true" - GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: "contains(groups[*], 'Grafana Admins') && 'Admin' || contains(groups[*], 'Grafana Editors') && 'Editor' || 'Viewer'" - envFromSecrets: - - name: grafana-oauth - ingress: - enabled: true - ingressClassName: traefik - annotations: - cert-manager.io/acme-challenge-type: dns01 - cert-manager.io/cluster-issuer: roxedus.com-cloudflare - hosts: - - grafana.roxedus.com - tls: - - hosts: - - grafana.roxedus.com - secretName: grafana-roxedus-com-cert - - repoURL: https://prometheus-community.github.io/helm-charts - targetRevision: 42.2.1 - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true - - ServerSideApply=true diff --git a/apps/templates/traefik.yaml b/apps/templates/traefik.yaml deleted file mode 100644 index e8d8b4f..0000000 --- a/apps/templates/traefik.yaml +++ /dev/null @@ -1,145 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: traefik - namespace: argo-cd - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - destination: - server: https://kubernetes.default.svc - namespace: traefik - project: default - source: - chart: traefik - helm: - values: | - - image: - repository: &traefikImage library/traefik - name: *traefikImage - tag: v2.9.4 - pullPolicy: IfNotPresent - - experimental: - http3: - enabled: true - plugins: - enabled: false - kubernetesGateway: - enabled: false - - # dnsPolicy: ClusterFirstWithHostNet - # hostNetwork: true - # nodeSelector: - # hasDns: "true" - - # securityContext: - # capabilities: - # drop: [ALL] - # add: [NET_BIND_SERVICE] - # readOnlyRootFilesystem: true - # runAsGroup: 0 - # runAsNonRoot: false - # runAsUser: 0 - - globalArguments: [] - - additionalArguments: - # - "--entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32" - - "--api.insecure=true" - - "--ping" - - "--ping.entrypoint=traefik" - envFrom: - - secretRef: - name: traefik-secrets - - # persistence: - # enabled: true - # name: data - # accessMode: ReadWriteOnce - # size: 128Mi - # storageClass: "longhorn" - # path: /data - - ports: - traefik: - port: 9000 - expose: true - exposedPort: 9900 - protocol: TCP - web: - port: 8080 - exposedPort: 80 - expose: true - protocol: TCP - redirectTo: websecure - websecure: - port: 4443 - exposedPort: 443 - expose: true - protocol: TCP - tls: - enabled: true - metrics: - port: 9102 - expose: false - udp: - port: 6666 - protocol: UDP - expose: true - - tlsOptions: - default: - sniStrict: true - minVersion: VersionTLS12 - - service: - enabled: true - type: LoadBalancer - - # deployment: - # initContainers: - # #The "volume-permissions" init container is required if you run into permission issues. - # #Related issue: https://github.com/traefik/traefik/issues/6825 - # - name: volume-permissions - # image: busybox:1.35 - # command: ["sh", "-c", "touch /data/acme.json && chmod -Rv 600 /data/* && chown 65532:65532 /data/acme.json"] - # volumeMounts: - # - name: data - # mountPath: /data - - logs: - general: - level: DEBUG - - providers: - kubernetesCRD: - allowCrossNamespace: true - kubernetesIngress: - publishedService: - enabled: true - - ingressClass: - enabled: true - isDefaultClass: true - - # certResolvers: - # cloudflare: - # email: me@roxedus.dev - # #caServer: https://acme-staging-v02.api.letsencrypt.org/directory - # dnsChallenge: - # provider: cloudflare - # resolvers: - # - "1.1.1.1:53" - # - "8.8.8.8:53" - # storage: /data/acme.json - - repoURL: https://helm.traefik.io/traefik - targetRevision: 20.6.0 - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true