From f061e8238c31499e530de45518be701ecc80040c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?c=C4=83t=C4=83lin?= Date: Fri, 5 Jan 2024 15:31:17 +0100 Subject: [PATCH] feat(k8s/argo-apps/dcsi): add argo app --- .gitignore | 1 + k8s/argo-apps/dcsi.yaml | 30 ++++++++++++++++ k8s/argo-apps/democratic-csi.yaml | 21 ----------- k8s/services/argo/appgen.yaml | 16 +++++++++ k8s/services/argo/argocd-cmd-params-cm.yaml | 10 ++++++ k8s/services/argo/ingress-route.yaml | 24 +++++++++++++ k8s/services/argo/project-fuku.yaml | 19 ++++++++++ k8s/services/argo/project-roboces.yaml | 13 +++++++ k8s/services/argo/repos.yaml | 10 ++++++ k8s/services/dcsi/sealedsecrets.yaml | 16 +++++++++ k8s/services/dcsi/test.yaml | 35 ------------------ k8s/services/dcsi/truenas-nfs.yaml | 40 --------------------- 12 files changed, 139 insertions(+), 96 deletions(-) create mode 100644 k8s/argo-apps/dcsi.yaml delete mode 100644 k8s/argo-apps/democratic-csi.yaml create mode 100644 k8s/services/argo/appgen.yaml create mode 100644 k8s/services/argo/argocd-cmd-params-cm.yaml create mode 100644 k8s/services/argo/ingress-route.yaml create mode 100644 k8s/services/argo/project-fuku.yaml create mode 100644 k8s/services/argo/project-roboces.yaml create mode 100644 k8s/services/argo/repos.yaml create mode 100644 k8s/services/dcsi/sealedsecrets.yaml delete mode 100644 k8s/services/dcsi/test.yaml delete mode 100644 k8s/services/dcsi/truenas-nfs.yaml diff --git a/.gitignore b/.gitignore index 9f11b75..7bb6416 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ .idea/ +secrets.yaml \ No newline at end of file diff --git a/k8s/argo-apps/dcsi.yaml b/k8s/argo-apps/dcsi.yaml new file mode 100644 index 0000000..afab693 --- /dev/null +++ b/k8s/argo-apps/dcsi.yaml @@ -0,0 +1,30 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: democratic-csi + namespace: argocd +spec: + destination: + name: '' + namespace: 'democratic-csi' + server: 'https://kubernetes.default.svc' + source: + chart: democratic-csi + repoURL: https://democratic-csi.github.io/charts/ + targetRevision: 0.14.4 + helm: + releaseName: zfs-nfs + valuesObject: + csiDriver: + name: "org.dcsi.nfs" + driver: + existingConfigSecret: secrets-dcsi + config: + driver: freenas-api-nfs + sources: [] + project: fuku + syncPolicy: + automated: + prune: false + selfHeal: true + diff --git a/k8s/argo-apps/democratic-csi.yaml b/k8s/argo-apps/democratic-csi.yaml deleted file mode 100644 index 4fab8fa..0000000 --- a/k8s/argo-apps/democratic-csi.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: democratic-csi - namespace: argocd -spec: - destination: - name: '' - namespace: 'dcsi' - server: 'https://kubernetes.default.svc' - source: - path: - repoURL: 'https://gitlab.com/fukurokuju/k3s/services.git' - targetRevision: main - sources: [] - project: roboces - syncPolicy: - automated: - prune: false - selfHeal: false - diff --git a/k8s/services/argo/appgen.yaml b/k8s/services/argo/appgen.yaml new file mode 100644 index 0000000..8ece92f --- /dev/null +++ b/k8s/services/argo/appgen.yaml @@ -0,0 +1,16 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: fukuops-appgen + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + destination: + namespace: default + name: in-cluster + project: default + source: + path: k8s/argo-apps + repoURL: https://git.roboces.dev/catalin/fukuops.git + targetRevision: main diff --git a/k8s/services/argo/argocd-cmd-params-cm.yaml b/k8s/services/argo/argocd-cmd-params-cm.yaml new file mode 100644 index 0000000..9016764 --- /dev/null +++ b/k8s/services/argo/argocd-cmd-params-cm.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: argocd-cmd-params-cm + namespace: argocd + labels: + app.kubernetes.io/name: argocd-cmd-params-cm + app.kubernetes.io/part-of: argocd +data: + server.insecure: "true" diff --git a/k8s/services/argo/ingress-route.yaml b/k8s/services/argo/ingress-route.yaml new file mode 100644 index 0000000..8fd4706 --- /dev/null +++ b/k8s/services/argo/ingress-route.yaml @@ -0,0 +1,24 @@ +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: argocd-server + namespace: argocd +spec: + entryPoints: + - websecure + routes: + - kind: Rule + match: Host(`argo.fuku`) + priority: 10 + services: + - name: argocd-server + port: 80 + - kind: Rule + match: Host(`argo.fuku`) && Headers(`Content-Type`, `application/grpc`) + priority: 11 + services: + - name: argocd-server + port: 80 + scheme: h2c + tls: + certResolver: default diff --git a/k8s/services/argo/project-fuku.yaml b/k8s/services/argo/project-fuku.yaml new file mode 100644 index 0000000..066959e --- /dev/null +++ b/k8s/services/argo/project-fuku.yaml @@ -0,0 +1,19 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: AppProject +metadata: + namespace: argocd + name: fuku +spec: + destinations: + - namespace: apps-fuku + server: https://kubernetes.default.svc + - namespace: democratic-csi + server: https://kubernetes.default.svc + clusterResourceWhitelist: + - group: "*" + kind: "*" + sourceRepos: + - https://gitlab.com/fukurokuju/k3s/services.git + - https://git.roboces.dev/catalin/fukuops.git + - https://democratic-csi.github.io/charts/ diff --git a/k8s/services/argo/project-roboces.yaml b/k8s/services/argo/project-roboces.yaml new file mode 100644 index 0000000..854bb43 --- /dev/null +++ b/k8s/services/argo/project-roboces.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: AppProject +metadata: + namespace: argocd + name: roboces +spec: + destinations: + - namespace: apps-roboces + server: https://kubernetes.default.svc + + sourceRepos: + - https://gitlab.com/fukurokuju/k3s/services.git diff --git a/k8s/services/argo/repos.yaml b/k8s/services/argo/repos.yaml new file mode 100644 index 0000000..a0daba0 --- /dev/null +++ b/k8s/services/argo/repos.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: fuku-services + namespace: argocd + labels: + argocd.argoproj.io/secret-type: repository +stringData: + url: https://gitlab.com/fukurokuju/k3s/services.git diff --git a/k8s/services/dcsi/sealedsecrets.yaml b/k8s/services/dcsi/sealedsecrets.yaml new file mode 100644 index 0000000..67e2491 --- /dev/null +++ b/k8s/services/dcsi/sealedsecrets.yaml @@ -0,0 +1,16 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: secrets-dcsi + namespace: democratic-csi +spec: + encryptedData: + driver-config-file.yaml: AgBlO8BsDvPZ680OaqdWB9dv/GQ7UI/UN2dJaLT6fGQBOC/ipeIHw8htNAxQQUSblW5+hVRcYeY32H20q5H+8dzGJpuf7XWjWEPB2zXVhEJChtuBVYTwri0+WswCYUjbr4ZbOag8usQiJPLIDGbBN0crZQ5ETq7Z7NoGAnvZy7GlUpmbygLEoHb5l80Ai3Gtss9Gu+2CuFMBF/MoLlxJnABEkmDUZ5fRhuEnYgY20y1enFw1oO+Hqk2a1fwWOJLrx1kPB0zW2MRxIpr8M1Un0kuZZ4acjc0cTRVy3ju0eiRdINFq+SGstXMuMTSGUu8oxptV2BpFQzR05KLSmzJ3dt5ggEUtDSRAl8nINdOlqHVZNh4USkILS5dAEgHL27tA7WFE3QFradN+XeyHsraZAqA+uYxm6tZ8wgzyhrfgSe6g21iyzYRrPyA95/o3RG5y8zLtg3oSpSTwOai52GK8TqzSto8gazeG8ZfuHbm5ZiIEXDv5K6KY/MHQFzVgWoMmnVs0hzG7Lb+J5BhjRvHtmEhG/ti8MmRUrNpeS+4au/szJVNhRYDEvz5IwgqoC9w5UYw4mMYb7Acmbc9WA9JZaJg4DHt9EZZUxt9QvZQ7d+Rvc/QxJLrJnq963AOAc5appgXPvGbvbdCNCqO2wId6wsD44RpponqTzSznZlpVjXKjNF2c3bxlxFdlZyg/vTrvQasz1SziLNvIsUtFIP5P1IUVovOcfTzigC3QabqxpkD11tKQBmm8EW7K7l+SkWehhE923OSMlih+Ar4gqHOR8jjp3AXsDF16GDxJTjb5L7jAV/Jc9n1C63auZ5f61DiBq2SaVVTroV/d5WqSlieMwh4yRSVWKtwLO8lZslquhBMll/DTdVY+qCvgIsi/VVwZUMn+q7Jjou4QIeOreyg3SqmWfu0vQcK/rrIs6Vl+mtDQ8tsDhgQacf4usZv03CnmXKADITgrHu6ytV/XkPYYyPsCKSjQryWDMwETNUggo1RCfSNcaGUa39KW3v7NQLKBffUVaKCaNPd+QEFUp8+/Xq9MjpQ07ep8SdM6J15FH/IBSP5nEzxfRVFli9dH6fAi8iNlZR4lS7gem7FwWDKbGhVcRHqDw7pRWqCysPpZWBU1HIC6auWpMDe/Pbw3ITCL7FpxpahO/NQpFBJHz75AVcYvvfpqn75Izzang+za1DczCugYZBzWATCXmBMpHBkgIIyT2EIIcjcOMeMz3qHNgiweVgi4qQHn6PsMYTj4qhpccPLCBzCnKNFlxWZPUlMpz+/mAWYN2LuBIaThGDjNflQ9JD2DABZKD6o7Nl5EpSpjoExDoqSmLnRQdATqoZS23e3PHDA4ZoS6fXKPo2T+gSTbwCzFVceNWw2gG1VpEdyPYxoKQ+jiIKvcCR0pmD83zEQ7RVK9o7NeV76jp60EHU41WL1O7jVOsuiRTAylZaeBVsVRdyQQPznNmVcPKkhGAtft3c1OD9lMLGwoUrcBCcnKjRBHj3/c6+xgpAndHw== + template: + metadata: + creationTimestamp: null + name: secrets-dcsi + namespace: democratic-csi + type: Opaque + diff --git a/k8s/services/dcsi/test.yaml b/k8s/services/dcsi/test.yaml deleted file mode 100644 index 5be14a1..0000000 --- a/k8s/services/dcsi/test.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: nginx -spec: - selector: - matchLabels: - app: nginx - template: - metadata: - labels: - app: nginx - spec: - containers: - - name: nginx - image: nginx - volumeMounts: - - name: data - mountPath: /data - volumes: - - name: data - persistentVolumeClaim: - claimName: nfs-pvc ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: nfs-pvc -spec: - accessModes: - - ReadWriteOnce - storageClassName: "truenas-nfs-csi" - resources: - requests: - storage: 1Gi \ No newline at end of file diff --git a/k8s/services/dcsi/truenas-nfs.yaml b/k8s/services/dcsi/truenas-nfs.yaml deleted file mode 100644 index 8e6f051..0000000 --- a/k8s/services/dcsi/truenas-nfs.yaml +++ /dev/null @@ -1,40 +0,0 @@ -csiDriver: - name: "org.dcsi.nfs" - -storageClasses: -- name: truenas-nfs-csi - defaultClass: false - reclaimPolicy: Delete - volumeBindingMode: Immediate - allowVolumeExpansion: true - parameters: - fsType: nfs - mountOptions: - - noatime - - nfsvers=4.2 -driver: - config: - driver: freenas-api-nfs - instance_id: - httpConnection: - protocol: http - host: 192.168.1.3 - port: 80 - apiKey: "bogus" - allowInsecure: true - zfs: - datasetParentName: pool1/dcsi/a/vols - detachedSnapshotsDatasetParentName: pool1/dcsi/a/snaps - datasetEnableQuotas: true - datasetEnableReservation: false - datasetPermissionsMode: "0777" - datasetPermissionsUser: 0 - datasetPermissionsGroup: 0 - - nfs: - shareHost: 192.168.1.3 - shareAlldirs: false - shareAllowedHosts: [] - shareAllowedNetworks: [] - shareMapallUser: apps - shareMapallGroup: apps \ No newline at end of file