diff --git a/.github/workflows/create-command.yml b/.github/workflows/create-command.yml deleted file mode 100644 index 4650f10b..00000000 --- a/.github/workflows/create-command.yml +++ /dev/null @@ -1,16 +0,0 @@ -name: create-command - -on: - repository_dispatch: - types: [create-command] - -jobs: - create: - uses: ./.github/workflows/terraform.yml - with: - command: ${{ github.event.client_payload.slash_command.command }} - branch: ${{ github.event.client_payload.pull_request.head.ref }} - sha: ${{ github.event.client_payload.pull_request.head.sha }} - workspace: "spectrum-${{ github.event.client_payload.pull_request.head.ref }}" - secrets: - PAT: ${{ secrets.FLUENCEBOT_RELEASE_PLEASE_PAT }} diff --git a/.github/workflows/create.yml b/.github/workflows/create.yml new file mode 100644 index 00000000..ce7e8e24 --- /dev/null +++ b/.github/workflows/create.yml @@ -0,0 +1,22 @@ +name: "create" + +on: + pull_request: + types: + - "labeled" + - "synchronize" + - "opened" + - "reopened" + +jobs: + k8s: + if: > + contains(github.event.pull_request.labels.*.name, 'create') && + !github.event.pull_request.head.repo.fork + uses: ./.github/workflows/terraform.yml + with: + command: create + workspace: "spectrum-${{ github.head_ref }}" + branch: ${{ github.event.pull_request.head.ref }} + secrets: + PAT: ${{ secrets.FLUENCEBOT_RELEASE_PLEASE_PAT }} diff --git a/.github/workflows/destroy-command.yml b/.github/workflows/destroy-command.yml deleted file mode 100644 index 679a0daa..00000000 --- a/.github/workflows/destroy-command.yml +++ /dev/null @@ -1,16 +0,0 @@ -name: destroy-command - -on: - repository_dispatch: - types: [destroy-command] - -jobs: - destroy: - uses: ./.github/workflows/terraform.yml - with: - command: ${{ github.event.client_payload.slash_command.command }} - branch: ${{ github.event.client_payload.pull_request.head.ref }} - sha: ${{ github.event.client_payload.pull_request.head.sha }} - workspace: "spectrum-${{ github.event.client_payload.pull_request.head.ref }}" - secrets: - PAT: ${{ secrets.FLUENCEBOT_RELEASE_PLEASE_PAT }} diff --git a/.github/workflows/help-command.yml b/.github/workflows/help-command.yml deleted file mode 100644 index 759eb390..00000000 --- a/.github/workflows/help-command.yml +++ /dev/null @@ -1,23 +0,0 @@ -name: help-command - -on: - repository_dispatch: - types: [help-command] - -jobs: - help: - runs-on: ubuntu-latest - steps: - - name: Update comment - uses: peter-evans/create-or-update-comment@v4 - with: - token: ${{ secrets.GITHUB_TOKEN }} - repository: ${{ github.event.client_payload.github.payload.repository.full_name }} - comment-id: ${{ github.event.client_payload.github.payload.comment.id }} - body: | - > Command | Description - > --- | --- - > /help | List available commands - > /create | Create and bootstrap talos cluster - > /destroy | Destroy talos cluster and all resources - > /reset | Recreate talos cluster (destroy && create) diff --git a/.github/workflows/reset-command.yml b/.github/workflows/reset-command.yml deleted file mode 100644 index 0c1c99e2..00000000 --- a/.github/workflows/reset-command.yml +++ /dev/null @@ -1,16 +0,0 @@ -name: reset-command - -on: - repository_dispatch: - types: [reset-command] - -jobs: - reset: - uses: ./.github/workflows/terraform.yml - with: - command: ${{ github.event.client_payload.slash_command.command }} - branch: ${{ github.event.client_payload.pull_request.head.ref }} - sha: ${{ github.event.client_payload.pull_request.head.sha }} - workspace: "spectrum-${{ github.event.client_payload.pull_request.head.ref }}" - secrets: - PAT: ${{ secrets.FLUENCEBOT_RELEASE_PLEASE_PAT }} diff --git a/.github/workflows/slash.yml b/.github/workflows/slash.yml deleted file mode 100644 index ca2d6030..00000000 --- a/.github/workflows/slash.yml +++ /dev/null @@ -1,20 +0,0 @@ -name: slash command - -on: - issue_comment: - types: [created] - -jobs: - command: - runs-on: ubuntu-latest - steps: - - name: Slash Command Dispatch - uses: peter-evans/slash-command-dispatch@v4 - with: - token: ${{ secrets.FLUENCEBOT_RELEASE_PLEASE_PAT }} - issue-type: pull-request - commands: | - create - reset - destroy - help diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 58c0fb9c..1e4c5794 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -16,15 +16,14 @@ on: required: false type: string default: "main" - sha: - description: "Last commit in the branch" - required: false - type: string secrets: PAT: description: "Used in Flux to clone the repo" required: true +concurrency: + group: "${{ github.workflow }}-${{ github.ref }}" + jobs: terraform: runs-on: ubuntu-latest @@ -41,14 +40,6 @@ jobs: TF_VAR_github_branch: ${{ inputs.branch }} steps: - - name: Set latest commit status as pending - if: inputs.sha - uses: myrotvorets/set-commit-status-action@v2.0.1 - with: - sha: ${{ inputs.sha }} - token: ${{ secrets.PAT }} - status: pending - - name: Checkout uses: actions/checkout@v4 with: @@ -81,6 +72,27 @@ jobs: WORKSPACE="${WORKSPACE,,}" # Convert to lowercase echo "workspace=${WORKSPACE}" >> $GITHUB_OUTPUT + - name: Find comment + if: inputs.command == 'create' || inputs.command == 'reset' + uses: peter-evans/find-comment@v3 + id: comment + with: + token: ${{ secrets.PAT }} + issue-number: "${{ github.event.pull_request.number }}" + body-includes: "## ephemeral: ${{ steps.sanitize.outputs.workspace }}" + + - name: Add comment + if: steps.comment.outputs.comment-id == null + uses: peter-evans/create-or-update-comment@v3 + with: + comment-id: "${{ steps.comment.outputs.comment-id }}" + token: ${{ secrets.PAT }} + issue-number: "${{ github.event.pull_request.number }}" + body: | + ## ephemeral: ${{ steps.sanitize.outputs.workspace }} + Your instance is getting ready. Please wait. + edit-mode: replace + - name: Setup terraform uses: hashicorp/setup-terraform@v3 @@ -111,16 +123,35 @@ jobs: - name: Upload Artifacts if: inputs.command == 'create' || inputs.command == 'reset' uses: actions/upload-artifact@v4 + id: artifact with: name: configs path: | terraform/kubeconfig terraform/talosconfig - - name: Set latest commit status as ${{ job.status }} - uses: myrotvorets/set-commit-status-action@master - if: inputs.sha && always() + - name: Update comment + if: inputs.command == 'create' || inputs.command == 'reset' + uses: peter-evans/create-or-update-comment@v3 with: - sha: ${{ inputs.sha }} + comment-id: "${{ steps.comment.outputs.comment-id }}" token: ${{ secrets.PAT }} - status: ${{ job.status }} + issue-number: "${{ github.event.pull_request.number }}" + body: | + ## ephemeral: ${{ steps.sanitize.outputs.workspace }} + Your ephemeral k8s cluster is ready. + + Visit the dashboard at https://home.rnd-${{ steps.sanitize.outputs.workspace }}.fluence.dev + + You can obtain kubeconfig and talos config from this [artifact](${{ steps.artifact.outputs.artifact-url }}). + Download and unarchive the artifact, then run this command to export variables: + ```shell + [[ -f ./kubeconfig ]] && export KUBECONFIG=$(realpath ./kubeconfig) + [[ -f ./talosconfig ]] && export TALOSCONFIG=$(realpath ./talosconfig) + ``` + + To get the token for kubernetes-dashboard auth run: + ```shell + kubectl -n kubernetes-dashboard create token kubernetes-dashboard-admin + ``` + edit-mode: replace diff --git a/README.md b/README.md index 4798198b..a6b7f226 100644 --- a/README.md +++ b/README.md @@ -12,20 +12,7 @@ #### Create a cluster -Create a PR with changes and add a comment to PR: - -``` -/create -``` - -This will trigger the workflow that will setup talos cluster from you PR. -Comment - -``` -/help -``` - -to see all available commands. +Create a PR with changes and add a a label `create` to PR. #### Download and export kubeconfig @@ -40,9 +27,10 @@ export KUBECONFIG=./kubeconfig https://kubernetes.io/docs/reference/kubectl/quick-reference/ - ## Misc + ### Accessing kubernetes dashboard + ``` kubectl -n kubernetes-dashboard create token kubernetes-dashboard-admin ``` diff --git a/flux/dev/cert-issuer/app/cluster-issuer.yml b/flux/apps/cert-manager/issuer/cluster-issuer.yml similarity index 67% rename from flux/dev/cert-issuer/app/cluster-issuer.yml rename to flux/apps/cert-manager/issuer/cluster-issuer.yml index 5b2c8c98..ed803027 100644 --- a/flux/dev/cert-issuer/app/cluster-issuer.yml +++ b/flux/apps/cert-manager/issuer/cluster-issuer.yml @@ -2,12 +2,12 @@ apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: name: letsencrypt - namespace: kube-system + namespace: cert-manager spec: acme: email: devops@fluence.one - # server: https://acme-v02.api.letsencrypt.org/directory - server: https://acme-staging-v02.api.letsencrypt.org/directory + server: https://acme-v02.api.letsencrypt.org/directory + # server: https://acme-staging-v02.api.letsencrypt.org/directory privateKeySecretRef: name: letsencrypt solvers: diff --git a/flux/dev/cert-issuer/app/kustomization.yml b/flux/apps/cert-manager/issuer/kustomization.yml similarity index 86% rename from flux/dev/cert-issuer/app/kustomization.yml rename to flux/apps/cert-manager/issuer/kustomization.yml index 86fec029..30407f72 100644 --- a/flux/dev/cert-issuer/app/kustomization.yml +++ b/flux/apps/cert-manager/issuer/kustomization.yml @@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - cluster-issuer.yml + - secret.yml diff --git a/flux/apps/cert-manager/issuer/secret.yml b/flux/apps/cert-manager/issuer/secret.yml new file mode 100644 index 00000000..0a9cf0b9 --- /dev/null +++ b/flux/apps/cert-manager/issuer/secret.yml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + name: digitalocean-token + namespace: cert-manager +data: + access-token: "${DOTOKEN}" diff --git a/flux/apps/cert-manager/ks.yml b/flux/apps/cert-manager/ks.yml new file mode 100644 index 00000000..d6a676b3 --- /dev/null +++ b/flux/apps/cert-manager/ks.yml @@ -0,0 +1,33 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 +kind: Kustomization +metadata: + name: cert-manager + namespace: flux-system +spec: + interval: 1m0s + path: ./flux/apps/cert-manager/manager + prune: true + sourceRef: + kind: GitRepository + name: spectrum + namespace: flux-system +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 +kind: Kustomization +metadata: + name: cluster-issuer + namespace: flux-system +spec: + interval: 2m0s + path: ./flux/apps/cert-manager/issuer + prune: true + sourceRef: + kind: GitRepository + name: spectrum + namespace: flux-system + dependsOn: + - name: cert-manager + postBuild: + substituteFrom: + - kind: ConfigMap + name: terraform-config diff --git a/flux/dev/cert-issuer/kustomization.yml b/flux/apps/cert-manager/kustomization.yml similarity index 82% rename from flux/dev/cert-issuer/kustomization.yml rename to flux/apps/cert-manager/kustomization.yml index 1f8ae66b..27a0edaf 100644 --- a/flux/dev/cert-issuer/kustomization.yml +++ b/flux/apps/cert-manager/kustomization.yml @@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ks.yml + - namespace.yml diff --git a/flux/dev/cert-manager/app/helm-release.yml b/flux/apps/cert-manager/manager/helm-release.yml similarity index 92% rename from flux/dev/cert-manager/app/helm-release.yml rename to flux/apps/cert-manager/manager/helm-release.yml index 8bb6edad..e650db26 100644 --- a/flux/dev/cert-manager/app/helm-release.yml +++ b/flux/apps/cert-manager/manager/helm-release.yml @@ -2,7 +2,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: cert-manager - namespace: kube-system + namespace: cert-manager spec: interval: 30m chart: diff --git a/flux/dev/cert-manager/app/helm-repository.yml b/flux/apps/cert-manager/manager/helm-repository.yml similarity index 100% rename from flux/dev/cert-manager/app/helm-repository.yml rename to flux/apps/cert-manager/manager/helm-repository.yml diff --git a/flux/dev/cert-manager/app/kustomization.yml b/flux/apps/cert-manager/manager/kustomization.yml similarity index 100% rename from flux/dev/cert-manager/app/kustomization.yml rename to flux/apps/cert-manager/manager/kustomization.yml diff --git a/flux/apps/cert-manager/namespace.yml b/flux/apps/cert-manager/namespace.yml new file mode 100644 index 00000000..c90416ff --- /dev/null +++ b/flux/apps/cert-manager/namespace.yml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cert-manager diff --git a/flux/dev/external-dns/helm-release.yml b/flux/apps/external-dns/helm-release.yml similarity index 90% rename from flux/dev/external-dns/helm-release.yml rename to flux/apps/external-dns/helm-release.yml index d075a753..2ab3f979 100644 --- a/flux/dev/external-dns/helm-release.yml +++ b/flux/apps/external-dns/helm-release.yml @@ -2,7 +2,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: external-dns - namespace: kube-system + namespace: external-dns spec: interval: 5m chart: @@ -20,7 +20,7 @@ spec: valueFrom: secretKeyRef: name: digitalocean-token - key: token + key: access-token txtOwnerId: "${PREFIX}" sources: - ingress diff --git a/flux/dev/external-dns/helm-repository.yml b/flux/apps/external-dns/helm-repository.yml similarity index 100% rename from flux/dev/external-dns/helm-repository.yml rename to flux/apps/external-dns/helm-repository.yml diff --git a/flux/dev/external-dns/kustomization.yml b/flux/apps/external-dns/kustomization.yml similarity index 78% rename from flux/dev/external-dns/kustomization.yml rename to flux/apps/external-dns/kustomization.yml index c1f399d2..804eb184 100644 --- a/flux/dev/external-dns/kustomization.yml +++ b/flux/apps/external-dns/kustomization.yml @@ -1,5 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: + - namespace.yml - helm-release.yml - helm-repository.yml + - secret.yml diff --git a/flux/apps/external-dns/namespace.yml b/flux/apps/external-dns/namespace.yml new file mode 100644 index 00000000..d18e962c --- /dev/null +++ b/flux/apps/external-dns/namespace.yml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: external-dns diff --git a/flux/apps/external-dns/secret.yml b/flux/apps/external-dns/secret.yml new file mode 100644 index 00000000..02155a77 --- /dev/null +++ b/flux/apps/external-dns/secret.yml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + name: digitalocean-token + namespace: external-dns +data: + access-token: "${DOTOKEN}" diff --git a/flux/apps/homepage/configs/bookmarks.yaml b/flux/apps/homepage/configs/bookmarks.yaml new file mode 100644 index 00000000..443bf4e8 --- /dev/null +++ b/flux/apps/homepage/configs/bookmarks.yaml @@ -0,0 +1,4 @@ +- Spectrum: + - Github: + - abbr: GH + href: https://github.com/fluencelabs/spectrum diff --git a/flux/apps/homepage/configs/docker.yaml b/flux/apps/homepage/configs/docker.yaml new file mode 100644 index 00000000..ed97d539 --- /dev/null +++ b/flux/apps/homepage/configs/docker.yaml @@ -0,0 +1 @@ +--- diff --git a/flux/apps/homepage/configs/kubernetes.yaml b/flux/apps/homepage/configs/kubernetes.yaml new file mode 100644 index 00000000..0f259a0d --- /dev/null +++ b/flux/apps/homepage/configs/kubernetes.yaml @@ -0,0 +1 @@ +mode: cluster diff --git a/flux/apps/homepage/configs/services.yaml b/flux/apps/homepage/configs/services.yaml new file mode 100644 index 00000000..ed97d539 --- /dev/null +++ b/flux/apps/homepage/configs/services.yaml @@ -0,0 +1 @@ +--- diff --git a/flux/apps/homepage/configs/settings.yaml b/flux/apps/homepage/configs/settings.yaml new file mode 100644 index 00000000..ec247e60 --- /dev/null +++ b/flux/apps/homepage/configs/settings.yaml @@ -0,0 +1,10 @@ +title: Spectrum Dashboard +favicon: https://kubernetes.io/images/favicon.png +theme: dark +color: slate +target: _self +headerStyle: clean +layout: + Home: + style: row + columns: 4 diff --git a/flux/apps/homepage/configs/widgets.yaml b/flux/apps/homepage/configs/widgets.yaml new file mode 100644 index 00000000..fb393251 --- /dev/null +++ b/flux/apps/homepage/configs/widgets.yaml @@ -0,0 +1,4 @@ +- search: + provider: [duckduckgo] + focus: false + target: _blank diff --git a/flux/apps/homepage/helm-release.yml b/flux/apps/homepage/helm-release.yml new file mode 100644 index 00000000..3a70799e --- /dev/null +++ b/flux/apps/homepage/helm-release.yml @@ -0,0 +1,40 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: homepage + namespace: default +spec: + interval: 15m + chart: + spec: + chart: homepage + version: 2.0.1 + sourceRef: + kind: HelmRepository + name: jameswynn + namespace: flux-system + values: + image: + repository: ghcr.io/gethomepage/homepage + tag: v0.9.12 + serviceAccount: + create: true + name: homepage + enableRbac: true + ingress: + main: + enabled: true + ingressClassName: nginx + annotations: + cert-manager.io/cluster-issuer: "letsencrypt" + hosts: + - host: &host "home.${DOMAIN}" + paths: + - path: / + pathType: Prefix + tls: + - hosts: + - *host + secretName: homepage-tls + config: + useExistingConfigMap: homepage-values diff --git a/flux/apps/homepage/helm-repository.yml b/flux/apps/homepage/helm-repository.yml new file mode 100644 index 00000000..01765bc5 --- /dev/null +++ b/flux/apps/homepage/helm-repository.yml @@ -0,0 +1,8 @@ +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: jameswynn + namespace: flux-system +spec: + interval: 2h + url: http://jameswynn.github.io/helm-charts/ diff --git a/flux/apps/homepage/kustomization.yml b/flux/apps/homepage/kustomization.yml new file mode 100644 index 00000000..e9131181 --- /dev/null +++ b/flux/apps/homepage/kustomization.yml @@ -0,0 +1,19 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./helm-repository.yml + - ./helm-release.yml + +configMapGenerator: + - name: homepage-values + namespace: default + files: + - ./configs/bookmarks.yaml + - ./configs/docker.yaml + - ./configs/kubernetes.yaml + - ./configs/services.yaml + - ./configs/settings.yaml + - ./configs/widgets.yaml + +configurations: + - kustomize-config.yml diff --git a/flux/apps/homepage/kustomize-config.yml b/flux/apps/homepage/kustomize-config.yml new file mode 100644 index 00000000..2b88e694 --- /dev/null +++ b/flux/apps/homepage/kustomize-config.yml @@ -0,0 +1,6 @@ +nameReference: + - kind: ConfigMap + version: v1 + fieldSpecs: + - path: spec/values/config/useExistingConfigMap + kind: HelmRelease diff --git a/flux/dev/ingress-nginx/helm-release.yml b/flux/apps/ingress-nginx/helm-release.yml similarity index 65% rename from flux/dev/ingress-nginx/helm-release.yml rename to flux/apps/ingress-nginx/helm-release.yml index c7872899..34dde15a 100644 --- a/flux/dev/ingress-nginx/helm-release.yml +++ b/flux/apps/ingress-nginx/helm-release.yml @@ -2,7 +2,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: ingress-nginx - namespace: kube-system + namespace: ingress-nginx spec: interval: 30m chart: @@ -27,16 +27,3 @@ spec: http: 30100 https: 30101 externalTrafficPolicy: Local - ingress: - enabled: true - hosts: - - kube.${DOMAIN} - ingressClassName: nginx - useDefaultAnnotations: true - pathType: ImplementationSpecific - path: / - issuer: - name: letsencrypt - scope: cluster - tls: - enabled: true diff --git a/flux/dev/ingress-nginx/helm-repository.yml b/flux/apps/ingress-nginx/helm-repository.yml similarity index 100% rename from flux/dev/ingress-nginx/helm-repository.yml rename to flux/apps/ingress-nginx/helm-repository.yml diff --git a/flux/dev/ingress-nginx/kustomization.yml b/flux/apps/ingress-nginx/kustomization.yml similarity index 86% rename from flux/dev/ingress-nginx/kustomization.yml rename to flux/apps/ingress-nginx/kustomization.yml index c1f399d2..bb4cde66 100644 --- a/flux/dev/ingress-nginx/kustomization.yml +++ b/flux/apps/ingress-nginx/kustomization.yml @@ -1,5 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: + - namespace.yml - helm-release.yml - helm-repository.yml diff --git a/flux/apps/ingress-nginx/namespace.yml b/flux/apps/ingress-nginx/namespace.yml new file mode 100644 index 00000000..6878f0be --- /dev/null +++ b/flux/apps/ingress-nginx/namespace.yml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: ingress-nginx diff --git a/flux/clusters/ephemeral/kustomization.yml b/flux/clusters/ephemeral/kustomization.yml new file mode 100644 index 00000000..c2d178ca --- /dev/null +++ b/flux/clusters/ephemeral/kustomization.yml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../../core/cilium + - ../../core/kubernetes-dashboard + - ../../core/kubevirt + - ../../apps/external-dns + - ../../apps/ingress-nginx + - ../../apps/cert-manager + - ../../apps/homepage diff --git a/flux/core/cilium/helm-release.yml b/flux/core/cilium/helm-release.yml new file mode 100644 index 00000000..78f2b4b0 --- /dev/null +++ b/flux/core/cilium/helm-release.yml @@ -0,0 +1,18 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: cilium + namespace: kube-system +spec: + interval: 5m + chart: + spec: + chart: cilium + version: 1.16.x + sourceRef: + kind: HelmRepository + name: cilium + namespace: flux-system + valuesFrom: + - kind: ConfigMap + name: cilium-values diff --git a/flux/core/cilium/helm-repository.yml b/flux/core/cilium/helm-repository.yml new file mode 100644 index 00000000..f6b07eff --- /dev/null +++ b/flux/core/cilium/helm-repository.yml @@ -0,0 +1,8 @@ +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: cilium + namespace: flux-system +spec: + url: https://helm.cilium.io/ + interval: 24h diff --git a/flux/core/cilium/kustomization.yml b/flux/core/cilium/kustomization.yml new file mode 100644 index 00000000..399b461d --- /dev/null +++ b/flux/core/cilium/kustomization.yml @@ -0,0 +1,14 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - helm-repository.yml + - helm-release.yml + +configMapGenerator: + - name: cilium-values + namespace: kube-system + files: + - values.yaml=./values.yml + +configurations: + - kustomize-config.yml diff --git a/flux/core/cilium/kustomize-config.yml b/flux/core/cilium/kustomize-config.yml new file mode 100644 index 00000000..a80be15a --- /dev/null +++ b/flux/core/cilium/kustomize-config.yml @@ -0,0 +1,6 @@ +nameReference: + - kind: ConfigMap + version: v1 + fieldSpecs: + - path: spec/valuesFrom/name + kind: HelmRelease diff --git a/flux/core/cilium/values.yml b/flux/core/cilium/values.yml new file mode 100644 index 00000000..954d0c47 --- /dev/null +++ b/flux/core/cilium/values.yml @@ -0,0 +1,63 @@ +operator: + replicas: 1 + rollOutPods: true + +rollOutCiliumPods: true +envoy.rollOutPods: true + +k8sServiceHost: localhost +k8sServicePort: 7445 + +l2announcements: + enabled: true + +ipam: + mode: kubernetes + +kubeProxyReplacement: true + +securityContext: + capabilities: + ciliumAgent: + - CHOWN + - KILL + - NET_ADMIN + - NET_RAW + - IPC_LOCK + - SYS_ADMIN + - SYS_RESOURCE + - DAC_OVERRIDE + - FOWNER + - SETGID + - SETUID + cleanCiliumState: + - NET_ADMIN + - SYS_ADMIN + - SYS_RESOURCE + +cgroup: + autoMount: + enabled: false + hostRoot: /sys/fs/cgroup + +hubble: + enabled: true + relay: + enabled: true + rollOutPods: true + ui: + enabled: true + rollOutPods: true + ingress: + enabled: true + className: nginx + annotations: + gethomepage.dev/enabled: "true" + gethomepage.dev/group: Observability + gethomepage.dev/icon: cilium.png + gethomepage.dev/name: Hubble + hosts: + - &host "hubble.${DOMAIN}" + tls: + - hosts: + - *host diff --git a/flux/dev/kubernetes-dashboard/helm-release.yml b/flux/core/kubernetes-dashboard/helm-release.yml similarity index 67% rename from flux/dev/kubernetes-dashboard/helm-release.yml rename to flux/core/kubernetes-dashboard/helm-release.yml index 1c82cfb3..19384eab 100644 --- a/flux/dev/kubernetes-dashboard/helm-release.yml +++ b/flux/core/kubernetes-dashboard/helm-release.yml @@ -2,7 +2,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: kubernetes-dashboard - namespace: kube-system + namespace: kubernetes-dashboard spec: releaseName: kubernetes-dashboard interval: 5m @@ -22,10 +22,15 @@ spec: replicas: 1 app: ingress: - enabled: true + enabled: ${DOMAIN:+true} hosts: - dashboard.${DOMAIN} ingressClassName: nginx + annotations: + gethomepage.dev/enabled: "true" + gethomepage.dev/name: kube-dashboard + gethomepage.dev/icon: kubernetes.png + gethomepage.dev/pod-selector: "app.kubernetes.io/name=kubernetes-dashboard-web" issuer: name: letsencrypt scope: cluster diff --git a/flux/dev/kubernetes-dashboard/helm-repository.yml b/flux/core/kubernetes-dashboard/helm-repository.yml similarity index 100% rename from flux/dev/kubernetes-dashboard/helm-repository.yml rename to flux/core/kubernetes-dashboard/helm-repository.yml diff --git a/flux/dev/kubernetes-dashboard/kustomization.yml b/flux/core/kubernetes-dashboard/kustomization.yml similarity index 88% rename from flux/dev/kubernetes-dashboard/kustomization.yml rename to flux/core/kubernetes-dashboard/kustomization.yml index bb4d2b56..60241859 100644 --- a/flux/dev/kubernetes-dashboard/kustomization.yml +++ b/flux/core/kubernetes-dashboard/kustomization.yml @@ -1,6 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: + - namespace.yml - helm-repository.yml - helm-release.yml - serviceaccount.yml diff --git a/flux/core/kubernetes-dashboard/namespace.yml b/flux/core/kubernetes-dashboard/namespace.yml new file mode 100644 index 00000000..7f5196a0 --- /dev/null +++ b/flux/core/kubernetes-dashboard/namespace.yml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: kubernetes-dashboard diff --git a/flux/dev/kubernetes-dashboard/serviceaccount.yml b/flux/core/kubernetes-dashboard/serviceaccount.yml similarity index 83% rename from flux/dev/kubernetes-dashboard/serviceaccount.yml rename to flux/core/kubernetes-dashboard/serviceaccount.yml index f619b747..bf121668 100644 --- a/flux/dev/kubernetes-dashboard/serviceaccount.yml +++ b/flux/core/kubernetes-dashboard/serviceaccount.yml @@ -2,7 +2,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: kubernetes-dashboard-admin - namespace: kube-system + namespace: kubernetes-dashboard --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -15,4 +15,4 @@ roleRef: subjects: - kind: ServiceAccount name: kubernetes-dashboard-admin - namespace: kube-system + namespace: kubernetes-dashboard diff --git a/flux/core/kubevirt/kustomization.yml b/flux/core/kubevirt/kustomization.yml new file mode 100644 index 00000000..f16037f3 --- /dev/null +++ b/flux/core/kubevirt/kustomization.yml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - https://github.com/kubevirt/kubevirt/releases/download/v1.3.1/kubevirt-operator.yaml + - https://github.com/kubevirt/kubevirt/releases/download/v1.3.1/kubevirt-cr.yaml + - https://github.com/kubevirt/containerized-data-importer/releases/download/v1.60.3/cdi-operator.yaml + - https://github.com/kubevirt/containerized-data-importer/releases/download/v1.60.3/cdi-cr.yaml diff --git a/flux/dev/cert-issuer/ks.yml b/flux/dev/cert-issuer/ks.yml deleted file mode 100644 index bcbef0be..00000000 --- a/flux/dev/cert-issuer/ks.yml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 -kind: Kustomization -metadata: - name: cluster-issuer - namespace: flux-system -spec: - interval: 2m0s - path: ./flux/dev/cert-issuer/app - prune: true - sourceRef: - kind: GitRepository - name: spectrum - namespace: flux-system - dependsOn: - - name: cert-manager diff --git a/flux/dev/cert-manager/ks.yml b/flux/dev/cert-manager/ks.yml deleted file mode 100644 index e6e8ae07..00000000 --- a/flux/dev/cert-manager/ks.yml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 -kind: Kustomization -metadata: - name: cert-manager - namespace: flux-system -spec: - interval: 1m0s - path: ./flux/dev/cert-manager/app - prune: true - sourceRef: - kind: GitRepository - name: spectrum - namespace: flux-system diff --git a/flux/dev/cert-manager/kustomization.yml b/flux/dev/cert-manager/kustomization.yml deleted file mode 100644 index 1f8ae66b..00000000 --- a/flux/dev/cert-manager/kustomization.yml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ks.yml diff --git a/flux/dev/kubevirt/ks.yml b/flux/dev/kubevirt/ks.yml deleted file mode 100644 index 895d6b21..00000000 --- a/flux/dev/kubevirt/ks.yml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: kubevirt-app - namespace: flux-system -spec: - interval: 5m - prune: true - wait: true - path: "./deploy" - sourceRef: - kind: GitRepository - name: kubevirt-flux diff --git a/flux/dev/kubevirt/kustomization.yml b/flux/dev/kubevirt/kustomization.yml deleted file mode 100644 index ae946210..00000000 --- a/flux/dev/kubevirt/kustomization.yml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ./repo.yml - - ./ks.yml diff --git a/flux/dev/kubevirt/repo.yml b/flux/dev/kubevirt/repo.yml deleted file mode 100644 index b3ff7788..00000000 --- a/flux/dev/kubevirt/repo.yml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: source.toolkit.fluxcd.io/v1 -kind: GitRepository -metadata: - name: kubevirt-flux - namespace: flux-system -spec: - interval: 10m0s - url: https://github.com/JJGadgets/kubevirt-flux.git - ref: - branch: v1.3.1 - ignore: | - # exclude all to whitelist - /* - # include operator (with CRDs) and CR to deploy KubeVirt - !/deploy diff --git a/flux/dev/kustomization.yml b/flux/dev/kustomization.yml deleted file mode 100644 index e1c8c7b1..00000000 --- a/flux/dev/kustomization.yml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - external-dns - - ingress-nginx - - cert-manager - - cert-issuer - - kubernetes-dashboard - - kubevirt diff --git a/terraform/controlplane.tf b/terraform/controlplane.tf index f3891baa..718d7401 100644 --- a/terraform/controlplane.tf +++ b/terraform/controlplane.tf @@ -1,6 +1,6 @@ locals { cp = [ - for i in range(3) : format("%s-%d", "cp", i) + for i in range(1) : format("%s-%d", "cp", i) ] } @@ -76,7 +76,7 @@ data "talos_machine_configuration" "cp" { dotoken = base64encode(data.vault_generic_secret.spectrum.data.token) domain = "${local.prefix}.fluence.dev" prefix = local.prefix - docker = base64encode(local.docker_config_json) + docker = base64encode(local.docker_config_json) }) ] } @@ -93,7 +93,7 @@ resource "digitalocean_droplet" "cp" { for_each = { for index, name in local.cp : name => index } name = "${local.prefix}-spectrum-${each.key}" - size = "s-2vcpu-4gb" + size = "s-4vcpu-8gb" image = data.digitalocean_image.talos.id region = "fra1" vpc_uuid = data.digitalocean_vpc.spectrum.id @@ -135,17 +135,15 @@ resource "talos_cluster_kubeconfig" "this" { node = digitalocean_droplet.cp["cp-0"].ipv4_address } -#data "talos_cluster_health" "health" { -# client_configuration = data.talos_client_configuration.this.client_configuration -# control_plane_nodes = [for droplet in digitalocean_droplet.cp : droplet.ipv4_address] -# endpoints = data.talos_client_configuration.this.endpoints -#} +# data "talos_cluster_health" "health" { +# client_configuration = data.talos_client_configuration.this.client_configuration +# control_plane_nodes = [for droplet in digitalocean_droplet.cp : droplet.ipv4_address] +# endpoints = data.talos_client_configuration.this.endpoints +# } data "http" "talos_health" { for_each = toset([ "cp-0.${local.prefix}.fluence.dev", - "cp-1.${local.prefix}.fluence.dev", - "cp-2.${local.prefix}.fluence.dev", ]) url = "https://${each.key}:6443/version" insecure = true diff --git a/terraform/templates/controlplane_patch.yml b/terraform/templates/controlplane_patch.yml index 7ede01a5..94b3a380 100644 --- a/terraform/templates/controlplane_patch.yml +++ b/terraform/templates/controlplane_patch.yml @@ -145,6 +145,7 @@ cluster: LOADBALANCER_IP: ${loadbalancerip} BRANCH: ${branch} PREFIX: ${prefix} + DOTOKEN: ${dotoken} --- apiVersion: source.toolkit.fluxcd.io/v1 kind: GitRepository @@ -164,7 +165,7 @@ cluster: namespace: flux-system spec: interval: 1m0s - path: "./flux/dev" + path: "./flux/clusters/ephemeral" prune: true sourceRef: kind: GitRepository @@ -179,15 +180,6 @@ cluster: --- apiVersion: v1 kind: Secret - metadata: - name: digitalocean-token - namespace: kube-system - type: Opaque - data: - token: ${dotoken} - --- - apiVersion: v1 - kind: Secret metadata: name: docker-auth namespace: default