From 8dc673147d3d894c58cfe39814eeadc4cbb75002 Mon Sep 17 00:00:00 2001 From: Anatolios Laskaris Date: Mon, 4 Nov 2024 13:39:33 +0200 Subject: [PATCH 01/40] Provide loadbalancer ip to ingres --- Justfile | 1 - flux/dev/ingress-nginx/helm-release.yml | 12 ++++++------ terraform/controlplane.tf | 1 + terraform/templates/controlplane_patch.yml | 13 +++++++++++++ 4 files changed, 20 insertions(+), 7 deletions(-) diff --git a/Justfile b/Justfile index 15aedf05..e8803232 100644 --- a/Justfile +++ b/Justfile @@ -1,4 +1,3 @@ download: rm -f kubeconfig talosconfig gh run download -n configs - nix-direnv-reload diff --git a/flux/dev/ingress-nginx/helm-release.yml b/flux/dev/ingress-nginx/helm-release.yml index 41ceb502..d1562b6b 100644 --- a/flux/dev/ingress-nginx/helm-release.yml +++ b/flux/dev/ingress-nginx/helm-release.yml @@ -1,9 +1,3 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: ingress-nginx ---- apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: @@ -20,11 +14,17 @@ spec: name: ingress-nginx namespace: ingress-nginx interval: 12h + valuesFrom: + - kind: ConfigMap + name: loadbalancer-ip + valuesKey: externalIP values: controller: kind: DaemonSet service: type: LoadBalancer + externalIPs: + - "${externalIP}" nodePorts: http: 30100 https: 30101 diff --git a/terraform/controlplane.tf b/terraform/controlplane.tf index 4a69c2ca..42eff2d4 100644 --- a/terraform/controlplane.tf +++ b/terraform/controlplane.tf @@ -71,6 +71,7 @@ data "talos_machine_configuration" "cp" { hostdns = "${each.key}.${local.prefix}.fluence.dev", subnet = data.digitalocean_vpc.spectrum.ip_range, branch = var.github_branch + loadbalancerip = digitalocean_loadbalancer.cp.ip }) ] } diff --git a/terraform/templates/controlplane_patch.yml b/terraform/templates/controlplane_patch.yml index 13f65e89..b6a9f182 100644 --- a/terraform/templates/controlplane_patch.yml +++ b/terraform/templates/controlplane_patch.yml @@ -150,3 +150,16 @@ cluster: namespace: default validation: client timeout: 2m + --- + apiVersion: v1 + kind: Namespace + metadata: + name: ingress-nginx + --- + apiVersion: v1 + kind: ConfigMap + metadata: + name: loadbalancer-ip + namespace: ingress-nginx + data: + externalIP: "${loadbalancerip}" From bd8a51244fbb78f7c1f55da6650be4794ae2598d Mon Sep 17 00:00:00 2001 From: Anatolios Laskaris Date: Mon, 4 Nov 2024 13:49:59 +0200 Subject: [PATCH 02/40] F --- flux/dev/ingress-nginx/helm-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flux/dev/ingress-nginx/helm-release.yml b/flux/dev/ingress-nginx/helm-release.yml index d1562b6b..37b5c8b3 100644 --- a/flux/dev/ingress-nginx/helm-release.yml +++ b/flux/dev/ingress-nginx/helm-release.yml @@ -24,7 +24,7 @@ spec: service: type: LoadBalancer externalIPs: - - "${externalIP}" + - '{{ values.externalIP }}' nodePorts: http: 30100 https: 30101 From e4b6a534515a5baf7310c252008a04f4e3213c96 Mon Sep 17 00:00:00 2001 From: Anatolios Laskaris Date: Mon, 4 Nov 2024 13:55:37 +0200 Subject: [PATCH 03/40] Fix --- terraform/templates/controlplane_patch.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/templates/controlplane_patch.yml b/terraform/templates/controlplane_patch.yml index b6a9f182..c19aa64f 100644 --- a/terraform/templates/controlplane_patch.yml +++ b/terraform/templates/controlplane_patch.yml @@ -162,4 +162,4 @@ cluster: name: loadbalancer-ip namespace: ingress-nginx data: - externalIP: "${loadbalancerip}" + externalIP: ${loadbalancerip} From 2f397ae83153cd1514e24afffccf385dc25cb6be Mon Sep 17 00:00:00 2001 From: Anatolios Laskaris Date: Tue, 5 Nov 2024 09:25:19 +0200 Subject: [PATCH 04/40] Fix? --- flux/dev/ingress-nginx/helm-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flux/dev/ingress-nginx/helm-release.yml b/flux/dev/ingress-nginx/helm-release.yml index 37b5c8b3..a5a338f3 100644 --- a/flux/dev/ingress-nginx/helm-release.yml +++ b/flux/dev/ingress-nginx/helm-release.yml @@ -24,7 +24,7 @@ spec: service: type: LoadBalancer externalIPs: - - '{{ values.externalIP }}' + - '{{ valuesFrom.externalIP }}' nodePorts: http: 30100 https: 30101 From fa70783886a231c2ac1160f1ca48365329c6f659 Mon Sep 17 00:00:00 2001 From: Anatolios Laskaris Date: Tue, 5 Nov 2024 09:34:01 +0200 Subject: [PATCH 05/40] Test --- flux/dev/ingress-nginx/helm-release.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/flux/dev/ingress-nginx/helm-release.yml b/flux/dev/ingress-nginx/helm-release.yml index a5a338f3..b066918c 100644 --- a/flux/dev/ingress-nginx/helm-release.yml +++ b/flux/dev/ingress-nginx/helm-release.yml @@ -18,13 +18,12 @@ spec: - kind: ConfigMap name: loadbalancer-ip valuesKey: externalIP + targetPath: controller.service.externalIPs values: controller: kind: DaemonSet service: type: LoadBalancer - externalIPs: - - '{{ valuesFrom.externalIP }}' nodePorts: http: 30100 https: 30101 From 9e2efde404fff767b986083af907522fbc466f6f Mon Sep 17 00:00:00 2001 From: Anatolios Laskaris Date: Tue, 5 Nov 2024 09:43:18 +0200 Subject: [PATCH 06/40] Fix? --- flux/dev/ingress-nginx/helm-release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/flux/dev/ingress-nginx/helm-release.yml b/flux/dev/ingress-nginx/helm-release.yml index b066918c..0781e782 100644 --- a/flux/dev/ingress-nginx/helm-release.yml +++ b/flux/dev/ingress-nginx/helm-release.yml @@ -17,13 +17,13 @@ spec: valuesFrom: - kind: ConfigMap name: loadbalancer-ip - valuesKey: externalIP - targetPath: controller.service.externalIPs values: controller: kind: DaemonSet service: type: LoadBalancer + externalIPs: + - ${externalIP} nodePorts: http: 30100 https: 30101 From eb2feb7e51fef5f8bff1d73a2b3400dea2f4ee3b Mon Sep 17 00:00:00 2001 From: Anatolios Laskaris Date: Tue, 5 Nov 2024 10:04:10 +0200 Subject: [PATCH 07/40] F --- flake.nix | 2 +- flux/dev/ingress-nginx/helm-release.yml | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/flake.nix b/flake.nix index 5ec6de31..2ddc50bf 100644 --- a/flake.nix +++ b/flake.nix @@ -32,7 +32,7 @@ pkgs.kubernetes-helm pkgs.kubevirt pkgs.cilium-cli - pkgs.flux + pkgs.fluxcd pkgs.terraform ]; diff --git a/flux/dev/ingress-nginx/helm-release.yml b/flux/dev/ingress-nginx/helm-release.yml index 0781e782..2bbbd6b7 100644 --- a/flux/dev/ingress-nginx/helm-release.yml +++ b/flux/dev/ingress-nginx/helm-release.yml @@ -22,8 +22,6 @@ spec: kind: DaemonSet service: type: LoadBalancer - externalIPs: - - ${externalIP} nodePorts: http: 30100 https: 30101 From 7762e0ffafc4974dfd90fd8a18951847fb8a7149 Mon Sep 17 00:00:00 2001 From: Anatolios Laskaris Date: Tue, 5 Nov 2024 10:11:34 +0200 Subject: [PATCH 08/40] test --- .../dev/kubernetes-dashboard/helm-release.yml | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/flux/dev/kubernetes-dashboard/helm-release.yml b/flux/dev/kubernetes-dashboard/helm-release.yml index 32dc9bb7..f6ab6474 100644 --- a/flux/dev/kubernetes-dashboard/helm-release.yml +++ b/flux/dev/kubernetes-dashboard/helm-release.yml @@ -45,3 +45,23 @@ spec: rbac: create: true replicas: 1 +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: kubernetes-dashboard + namespace: kubernetes-dashboard + annotations: + kubernetes.io/ingress.class: nginx +spec: + rules: + - host: kube.rnd-setup-ingress.fluence.dev + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: kubernetes-dashboard + port: + number: 443 From b8460d3c031a683cfcd362a9aaba1c0e89dc91d5 Mon Sep 17 00:00:00 2001 From: Anatolios Laskaris Date: Tue, 5 Nov 2024 10:14:28 +0200 Subject: [PATCH 09/40] Test --- flux/dev/kubernetes-dashboard/helm-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flux/dev/kubernetes-dashboard/helm-release.yml b/flux/dev/kubernetes-dashboard/helm-release.yml index f6ab6474..3d5ec707 100644 --- a/flux/dev/kubernetes-dashboard/helm-release.yml +++ b/flux/dev/kubernetes-dashboard/helm-release.yml @@ -64,4 +64,4 @@ spec: service: name: kubernetes-dashboard port: - number: 443 + number: 8443 From 304b806c481f9b59087efcb3fde79aa7e0559081 Mon Sep 17 00:00:00 2001 From: Anatolios Laskaris Date: Tue, 5 Nov 2024 10:15:03 +0200 Subject: [PATCH 10/40] F --- flux/dev/kubernetes-dashboard/helm-release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/flux/dev/kubernetes-dashboard/helm-release.yml b/flux/dev/kubernetes-dashboard/helm-release.yml index 3d5ec707..86eb819e 100644 --- a/flux/dev/kubernetes-dashboard/helm-release.yml +++ b/flux/dev/kubernetes-dashboard/helm-release.yml @@ -62,6 +62,6 @@ spec: pathType: Prefix backend: service: - name: kubernetes-dashboard + name: kubernetes-dashboard-kong-proxy port: - number: 8443 + number: 443 From 16193189505df42295432c630d39d156f1652eb7 Mon Sep 17 00:00:00 2001 From: nahsi Date: Tue, 5 Nov 2024 11:22:24 +0200 Subject: [PATCH 11/40] Update --- flux/dev/ingress-nginx/helm-release.yml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/flux/dev/ingress-nginx/helm-release.yml b/flux/dev/ingress-nginx/helm-release.yml index 2bbbd6b7..ce1181ce 100644 --- a/flux/dev/ingress-nginx/helm-release.yml +++ b/flux/dev/ingress-nginx/helm-release.yml @@ -26,3 +26,24 @@ spec: http: 30100 https: 30101 externalTrafficPolicy: Local + ingress: + enabled: true + hosts: + - kube.rnd-setup-ingress.fluence.dev + ingressClassName: nginx + # This will append our Ingress with annotations required by our default configuration. + # nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + # nginx.ingress.kubernetes.io/ssl-passthrough: "true" + # nginx.ingress.kubernetes.io/ssl-redirect: "true" + useDefaultAnnotations: true + pathType: ImplementationSpecific + path: / + issuer: + name: selfsigned + # Scope determines what kind of issuer annotation will be used on ingress resource + # - default - adds 'cert-manager.io/issuer' + # - cluster - adds 'cert-manager.io/cluster-issuer' + # - disabled - disables cert-manager annotations + scope: disabled + tls: + enabled: false From 6a0a7103c657fea8da802c610149397e90a15816 Mon Sep 17 00:00:00 2001 From: nahsi Date: Tue, 5 Nov 2024 11:41:52 +0200 Subject: [PATCH 12/40] F --- flux/dev/ingress-nginx/helm-release.yml | 2 +- flux/dev/kubernetes-dashboard/helm-release.yml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/flux/dev/ingress-nginx/helm-release.yml b/flux/dev/ingress-nginx/helm-release.yml index ce1181ce..743d8879 100644 --- a/flux/dev/ingress-nginx/helm-release.yml +++ b/flux/dev/ingress-nginx/helm-release.yml @@ -46,4 +46,4 @@ spec: # - disabled - disables cert-manager annotations scope: disabled tls: - enabled: false + enabled: true diff --git a/flux/dev/kubernetes-dashboard/helm-release.yml b/flux/dev/kubernetes-dashboard/helm-release.yml index 86eb819e..a829c3c5 100644 --- a/flux/dev/kubernetes-dashboard/helm-release.yml +++ b/flux/dev/kubernetes-dashboard/helm-release.yml @@ -53,6 +53,7 @@ metadata: namespace: kubernetes-dashboard annotations: kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" spec: rules: - host: kube.rnd-setup-ingress.fluence.dev From 2bbb91664587ae4be8d8da713251d6d0e2e40ab1 Mon Sep 17 00:00:00 2001 From: nahsi Date: Tue, 5 Nov 2024 13:46:44 +0200 Subject: [PATCH 13/40] Update --- flux/dev/kubernetes-dashboard/helm-release.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/flux/dev/kubernetes-dashboard/helm-release.yml b/flux/dev/kubernetes-dashboard/helm-release.yml index a829c3c5..26888f49 100644 --- a/flux/dev/kubernetes-dashboard/helm-release.yml +++ b/flux/dev/kubernetes-dashboard/helm-release.yml @@ -54,9 +54,10 @@ metadata: annotations: kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + external-dns.alpha.kubernetes.io/hostname: "dashboard.rnd-setup-ingress.fluence.dev" spec: rules: - - host: kube.rnd-setup-ingress.fluence.dev + - host: "dashboard.rnd-setup-ingress.fluence.dev" http: paths: - path: / From e726b4378adee5ecaedf4b5139991010055f367a Mon Sep 17 00:00:00 2001 From: nahsi Date: Tue, 5 Nov 2024 14:27:07 +0200 Subject: [PATCH 14/40] F --- flux/dev/ingress-nginx/helm-release.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/flux/dev/ingress-nginx/helm-release.yml b/flux/dev/ingress-nginx/helm-release.yml index 743d8879..3556407a 100644 --- a/flux/dev/ingress-nginx/helm-release.yml +++ b/flux/dev/ingress-nginx/helm-release.yml @@ -20,6 +20,8 @@ spec: values: controller: kind: DaemonSet + publishService: + enabled: true service: type: LoadBalancer nodePorts: From 05eb0201e7759bcdc3d40c7cd4801c83404fa448 Mon Sep 17 00:00:00 2001 From: nahsi Date: Tue, 5 Nov 2024 15:34:29 +0200 Subject: [PATCH 15/40] Updat --- README.md | 7 +++++++ terraform/controlplane.tf | 16 ++++++++-------- terraform/dns.tf | 16 ++++++++++++++++ 3 files changed, 31 insertions(+), 8 deletions(-) create mode 100644 terraform/dns.tf diff --git a/README.md b/README.md index c5aa446f..4798198b 100644 --- a/README.md +++ b/README.md @@ -39,3 +39,10 @@ export KUBECONFIG=./kubeconfig #### Start using the cluster https://kubernetes.io/docs/reference/kubectl/quick-reference/ + + +## Misc +### Accessing kubernetes dashboard +``` +kubectl -n kubernetes-dashboard create token kubernetes-dashboard-admin +``` diff --git a/terraform/controlplane.tf b/terraform/controlplane.tf index 42eff2d4..00317f60 100644 --- a/terraform/controlplane.tf +++ b/terraform/controlplane.tf @@ -46,11 +46,11 @@ resource "digitalocean_loadbalancer" "cp" { droplet_tag = "${local.prefix}-controlplane" } -resource "cloudflare_record" "endpoint" { - zone_id = data.cloudflare_zone.fluence_dev.zone_id - name = "kube.${local.prefix}.fluence.dev" - content = digitalocean_loadbalancer.cp.ip - type = "A" +resource "digitalocean_record" "endpoint" { + domain = digitalocean_domain.spectrum.id + type = "A" + name = "kube" + value = digitalocean_loadbalancer.cp.ip } resource "talos_machine_secrets" "this" { @@ -67,11 +67,11 @@ data "talos_machine_configuration" "cp" { talos_version = "v1.8" config_patches = [ templatefile("${path.module}/templates/controlplane_patch.yml", { - loadbalancerdns = "${local.loadbalancer_dns}", + loadbalancerdns = digitalocean_record.endpoint.fqdn + loadbalancerip = digitalocean_loadbalancer.cp.ip hostdns = "${each.key}.${local.prefix}.fluence.dev", subnet = data.digitalocean_vpc.spectrum.ip_range, branch = var.github_branch - loadbalancerip = digitalocean_loadbalancer.cp.ip }) ] } @@ -80,7 +80,7 @@ data "talos_client_configuration" "this" { cluster_name = terraform.workspace client_configuration = talos_machine_secrets.this.client_configuration endpoints = [ - local.loadbalancer_dns, + digitalocean_record.endpoint.fqdn, ] } diff --git a/terraform/dns.tf b/terraform/dns.tf new file mode 100644 index 00000000..452bc38f --- /dev/null +++ b/terraform/dns.tf @@ -0,0 +1,16 @@ +resource "digitalocean_domain" "spectrum" { + name = "${local.prefix}.fluence.dev" +} + +resource "cloudflare_record" "ns" { + for_each = toset([ + "ns1.digitalocean.com", + "ns2.digitalocean.com", + "ns3.digitalocean.com", + ]) + + zone_id = data.cloudflare_zone.fluence_dev.zone_id + name = "${local.prefix}.fluence.dev" + content = each.key + type = "NS" +} From 2832895b3c4baee9240ee3f364e671fa4a71efc0 Mon Sep 17 00:00:00 2001 From: Anatolios Laskaris Date: Tue, 5 Nov 2024 15:35:27 +0200 Subject: [PATCH 16/40] Update --- terraform/templates/controlplane_patch.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/terraform/templates/controlplane_patch.yml b/terraform/templates/controlplane_patch.yml index c19aa64f..01d79dda 100644 --- a/terraform/templates/controlplane_patch.yml +++ b/terraform/templates/controlplane_patch.yml @@ -162,4 +162,8 @@ cluster: name: loadbalancer-ip namespace: ingress-nginx data: - externalIP: ${loadbalancerip} + values.yaml: | + controller: + service: + externalIPs: + - ${loadbalancerip} From e229c0777b56f36d1b8a672a0cf24820377a3c6f Mon Sep 17 00:00:00 2001 From: Anatolios Laskaris Date: Tue, 5 Nov 2024 16:36:37 +0200 Subject: [PATCH 17/40] Update --- .github/workflows/terraform.yml | 2 +- flux/dev/external-dns/helm-release.yml | 29 ++++++++++++++++++++++ flux/dev/external-dns/helm-repository.yml | 8 ++++++ terraform/backend.tf | 4 +-- terraform/controlplane.tf | 1 + terraform/main.tf | 4 +++ terraform/templates/controlplane_patch.yml | 9 +++++++ 7 files changed, 54 insertions(+), 3 deletions(-) create mode 100644 flux/dev/external-dns/helm-release.yml create mode 100644 flux/dev/external-dns/helm-repository.yml diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index f98ea23a..f58263db 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -58,7 +58,7 @@ jobs: method: jwt jwtGithubAudience: "https://github.com/fluencelabs" jwtTtl: 300 - exportToken: false + exportToken: true secrets: | kv/digitalocean/gitops token | DIGITALOCEAN_TOKEN ; kv/cloudflare/gitops token | CLOUDFLARE_API_TOKEN ; diff --git a/flux/dev/external-dns/helm-release.yml b/flux/dev/external-dns/helm-release.yml new file mode 100644 index 00000000..a8135d64 --- /dev/null +++ b/flux/dev/external-dns/helm-release.yml @@ -0,0 +1,29 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: external-dns + namespace: default +spec: + interval: 5m + chart: + spec: + chart: external-dns + version: 1.15.0 + sourceRef: + kind: HelmRepository + name: external-dns-charts + namespace: flux-system + interval: 5m + values: + env: + - name: DO_TOKEN + valueFrom: + secretKeyRef: + name: external-dns-digitalocean + key: token + logLevel: debug + txtOwnerId: "rnd-setup-ingress" + sources: + - ingress + policy: sync + provider: digitalocean diff --git a/flux/dev/external-dns/helm-repository.yml b/flux/dev/external-dns/helm-repository.yml new file mode 100644 index 00000000..0bebbe3b --- /dev/null +++ b/flux/dev/external-dns/helm-repository.yml @@ -0,0 +1,8 @@ +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: external-dns-charts + namespace: flux-system +spec: + interval: 1h + url: https://kubernetes-sigs.github.io/external-dns diff --git a/terraform/backend.tf b/terraform/backend.tf index 21fbfea0..9ce75609 100644 --- a/terraform/backend.tf +++ b/terraform/backend.tf @@ -24,6 +24,6 @@ data "cloudflare_zone" "fluence_dev" { name = "fluence.dev" } -data "cloudflare_accounts" "fluence" { - name = "fluence" +provider "vault" { + address = "https://hashi.fluence.dev:8200" } diff --git a/terraform/controlplane.tf b/terraform/controlplane.tf index 00317f60..ebae09c8 100644 --- a/terraform/controlplane.tf +++ b/terraform/controlplane.tf @@ -72,6 +72,7 @@ data "talos_machine_configuration" "cp" { hostdns = "${each.key}.${local.prefix}.fluence.dev", subnet = data.digitalocean_vpc.spectrum.ip_range, branch = var.github_branch + dotoken = base64encode(data.vault_generic_secret.spectrum.data.token) }) ] } diff --git a/terraform/main.tf b/terraform/main.tf index cf870ed7..a68a7133 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -15,3 +15,7 @@ resource "digitalocean_ssh_key" "spectrum" { data "digitalocean_image" "talos" { name = "talos-v1.8.2" } + +data "vault_generic_secret" "spectrum" { + path = "kv/digitalocean/spectrum" +} diff --git a/terraform/templates/controlplane_patch.yml b/terraform/templates/controlplane_patch.yml index 01d79dda..5cdb2108 100644 --- a/terraform/templates/controlplane_patch.yml +++ b/terraform/templates/controlplane_patch.yml @@ -167,3 +167,12 @@ cluster: service: externalIPs: - ${loadbalancerip} + --- + apiVersion: v1 + kind: Secret + metadata: + name: external-dns-digitalocean + namespace: kube-system + type: Opaque + data: + token: ${dotoken} From 996d4d5e8c2310ac3fce871a6384941f89dd6835 Mon Sep 17 00:00:00 2001 From: Anatolios Laskaris Date: Tue, 5 Nov 2024 16:37:38 +0200 Subject: [PATCH 18/40] Update --- flux/dev/external-dns/kustomization.yml | 5 +++++ flux/dev/kustomization.yml | 1 + 2 files changed, 6 insertions(+) create mode 100644 flux/dev/external-dns/kustomization.yml diff --git a/flux/dev/external-dns/kustomization.yml b/flux/dev/external-dns/kustomization.yml new file mode 100644 index 00000000..c1f399d2 --- /dev/null +++ b/flux/dev/external-dns/kustomization.yml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - helm-release.yml + - helm-repository.yml diff --git a/flux/dev/kustomization.yml b/flux/dev/kustomization.yml index b9c5b84e..87ca3038 100644 --- a/flux/dev/kustomization.yml +++ b/flux/dev/kustomization.yml @@ -1,6 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: + - external-dns - ingress-nginx - kubernetes-dashboard - kubevirt From e009de211e08f6e0c18d122cb407b5b8d328bac5 Mon Sep 17 00:00:00 2001 From: nahsi Date: Wed, 6 Nov 2024 09:21:27 +0200 Subject: [PATCH 19/40] U --- terraform/controlplane.tf | 18 +++++++++++++++++- terraform/templates/controlplane_patch.yml | 2 +- 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/terraform/controlplane.tf b/terraform/controlplane.tf index ebae09c8..f6bb9496 100644 --- a/terraform/controlplane.tf +++ b/terraform/controlplane.tf @@ -114,7 +114,7 @@ resource "cloudflare_record" "cp" { type = "A" } -resource "talos_machine_bootstrap" "bootstrap" { +resource "talos_machine_bootstrap" "this" { client_configuration = talos_machine_secrets.this.client_configuration endpoint = digitalocean_droplet.cp["cp-0"].ipv4_address node = digitalocean_droplet.cp["cp-0"].ipv4_address @@ -136,3 +136,19 @@ resource "talos_cluster_kubeconfig" "this" { # control_plane_nodes = [for droplet in digitalocean_droplet.cp : droplet.ipv4_address] # endpoints = data.talos_client_configuration.this.endpoints #} + +#data "http" "talos_health" { +# for_each = toset([ +# "cp-0.${local.prefix}.fluence.dev", +# "cp-1.${local.prefix}.fluence.dev", +# "cp-2.${local.prefix}.fluence.dev", +# ]) +# url = "https://${each.key}:6443/version" +# insecure = true +# retry { +# attempts = 60 +# min_delay_ms = 5000 +# max_delay_ms = 5000 +# } +# depends_on = [talos_machine_bootstrap.this] +#} diff --git a/terraform/templates/controlplane_patch.yml b/terraform/templates/controlplane_patch.yml index 5cdb2108..5dbd1e3d 100644 --- a/terraform/templates/controlplane_patch.yml +++ b/terraform/templates/controlplane_patch.yml @@ -172,7 +172,7 @@ cluster: kind: Secret metadata: name: external-dns-digitalocean - namespace: kube-system + namespace: default type: Opaque data: token: ${dotoken} From 0c08718798f96eb7602e2f2659e9cbaa0793f41f Mon Sep 17 00:00:00 2001 From: Anatolios Laskaris Date: Mon, 11 Nov 2024 16:00:12 +0200 Subject: [PATCH 20/40] Update --- flux/dev/cert-issuer-do.yml | 18 ++++++ flux/dev/cert-manager/helm-release.yml | 18 ++++++ flux/dev/cert-manager/helm-repository.yml | 8 +++ flux/dev/cert-manager/kustomization.yml | 5 ++ flux/dev/external-dns/helm-release.yml | 12 ++-- flux/dev/ingress-nginx/helm-release.yml | 22 +++---- flux/dev/ingress-nginx/helm-repository.yml | 2 +- .../dev/kubernetes-dashboard/helm-release.yml | 64 +++++-------------- .../kubernetes-dashboard/kustomization.yml | 1 + .../kubernetes-dashboard/serviceaccount.yml | 18 ++++++ flux/dev/kubevirt-manager/kustomization.yml | 4 -- flux/dev/kustomization.yml | 3 +- 12 files changed, 101 insertions(+), 74 deletions(-) create mode 100644 flux/dev/cert-issuer-do.yml create mode 100644 flux/dev/cert-manager/helm-release.yml create mode 100644 flux/dev/cert-manager/helm-repository.yml create mode 100644 flux/dev/cert-manager/kustomization.yml create mode 100644 flux/dev/kubernetes-dashboard/serviceaccount.yml delete mode 100644 flux/dev/kubevirt-manager/kustomization.yml diff --git a/flux/dev/cert-issuer-do.yml b/flux/dev/cert-issuer-do.yml new file mode 100644 index 00000000..ea338738 --- /dev/null +++ b/flux/dev/cert-issuer-do.yml @@ -0,0 +1,18 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt + namespace: kube-system +spec: + acme: + email: devops@fluence.one + # server: https://acme-v02.api.letsencrypt.org/directory + server: https://acme-staging-v02.api.letsencrypt.org/directory + privateKeySecretRef: + name: letsencrypt + solvers: + - dns01: + digitalocean: + tokenSecretRef: + name: terraformSecrets + key: dotoken diff --git a/flux/dev/cert-manager/helm-release.yml b/flux/dev/cert-manager/helm-release.yml new file mode 100644 index 00000000..8bb6edad --- /dev/null +++ b/flux/dev/cert-manager/helm-release.yml @@ -0,0 +1,18 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: cert-manager + namespace: kube-system +spec: + interval: 30m + chart: + spec: + chart: cert-manager + version: "1.x" + sourceRef: + kind: HelmRepository + name: cert-manager + namespace: flux-system + interval: 12h + values: + installCRDs: true diff --git a/flux/dev/cert-manager/helm-repository.yml b/flux/dev/cert-manager/helm-repository.yml new file mode 100644 index 00000000..2629f361 --- /dev/null +++ b/flux/dev/cert-manager/helm-repository.yml @@ -0,0 +1,8 @@ +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: cert-manager + namespace: flux-system +spec: + interval: 24h + url: https://charts.jetstack.io diff --git a/flux/dev/cert-manager/kustomization.yml b/flux/dev/cert-manager/kustomization.yml new file mode 100644 index 00000000..c4907f6a --- /dev/null +++ b/flux/dev/cert-manager/kustomization.yml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - helm-repository.yml + - helm-release.yml diff --git a/flux/dev/external-dns/helm-release.yml b/flux/dev/external-dns/helm-release.yml index a8135d64..8bae5163 100644 --- a/flux/dev/external-dns/helm-release.yml +++ b/flux/dev/external-dns/helm-release.yml @@ -2,7 +2,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: external-dns - namespace: default + namespace: kube-system spec: interval: 5m chart: @@ -14,15 +14,17 @@ spec: name: external-dns-charts namespace: flux-system interval: 5m + valuesFrom: + - kind: ConfigMap + name: terraformConfig values: env: - name: DO_TOKEN valueFrom: secretKeyRef: - name: external-dns-digitalocean - key: token - logLevel: debug - txtOwnerId: "rnd-setup-ingress" + name: terraformSecrets + key: dotoken + txtOwnerId: "{{ Values.prefix }}" sources: - ingress policy: sync diff --git a/flux/dev/ingress-nginx/helm-release.yml b/flux/dev/ingress-nginx/helm-release.yml index 3556407a..36a00ee7 100644 --- a/flux/dev/ingress-nginx/helm-release.yml +++ b/flux/dev/ingress-nginx/helm-release.yml @@ -2,7 +2,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: ingress-nginx - namespace: ingress-nginx + namespace: kube-system spec: interval: 30m chart: @@ -12,11 +12,11 @@ spec: sourceRef: kind: HelmRepository name: ingress-nginx - namespace: ingress-nginx + namespace: flux-system interval: 12h valuesFrom: - kind: ConfigMap - name: loadbalancer-ip + name: terraformConfig values: controller: kind: DaemonSet @@ -24,6 +24,8 @@ spec: enabled: true service: type: LoadBalancer + externalIPs: + - {{ .Values.loadbalancerIP }} nodePorts: http: 30100 https: 30101 @@ -31,21 +33,13 @@ spec: ingress: enabled: true hosts: - - kube.rnd-setup-ingress.fluence.dev + - kube.{{ .Values.domain }} ingressClassName: nginx - # This will append our Ingress with annotations required by our default configuration. - # nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - # nginx.ingress.kubernetes.io/ssl-passthrough: "true" - # nginx.ingress.kubernetes.io/ssl-redirect: "true" useDefaultAnnotations: true pathType: ImplementationSpecific path: / issuer: - name: selfsigned - # Scope determines what kind of issuer annotation will be used on ingress resource - # - default - adds 'cert-manager.io/issuer' - # - cluster - adds 'cert-manager.io/cluster-issuer' - # - disabled - disables cert-manager annotations - scope: disabled + name: letsencrypt + scope: cluster tls: enabled: true diff --git a/flux/dev/ingress-nginx/helm-repository.yml b/flux/dev/ingress-nginx/helm-repository.yml index 88131c78..eb02c143 100644 --- a/flux/dev/ingress-nginx/helm-repository.yml +++ b/flux/dev/ingress-nginx/helm-repository.yml @@ -2,7 +2,7 @@ apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: name: ingress-nginx - namespace: ingress-nginx + namespace: flux-system spec: interval: 24h url: https://kubernetes.github.io/ingress-nginx diff --git a/flux/dev/kubernetes-dashboard/helm-release.yml b/flux/dev/kubernetes-dashboard/helm-release.yml index 26888f49..052cb637 100644 --- a/flux/dev/kubernetes-dashboard/helm-release.yml +++ b/flux/dev/kubernetes-dashboard/helm-release.yml @@ -1,35 +1,11 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: kubernetes-dashboard ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: kubernetes-dashboard-admin - namespace: kubernetes-dashboard ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kubernetes-dashboard-admin -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: - - kind: ServiceAccount - name: kubernetes-dashboard-admin - namespace: kubernetes-dashboard ---- apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: kubernetes-dashboard - namespace: kubernetes-dashboard + namespace: kube-system spec: releaseName: kubernetes-dashboard + interval: 5m chart: spec: chart: kubernetes-dashboard @@ -38,32 +14,22 @@ spec: kind: HelmRepository name: kubernetes-dashboard namespace: flux-system - interval: 5m + valuesFrom: + - configMapRef: + name: terraformConfig values: serviceAccount: create: true rbac: create: true replicas: 1 ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: kubernetes-dashboard - namespace: kubernetes-dashboard - annotations: - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - external-dns.alpha.kubernetes.io/hostname: "dashboard.rnd-setup-ingress.fluence.dev" -spec: - rules: - - host: "dashboard.rnd-setup-ingress.fluence.dev" - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: kubernetes-dashboard-kong-proxy - port: - number: 443 + ingress: + enabled: true + hosts: + - dashboard.{{ .Values.domain }} + ingressClassName: nginx + issuer: + name: letsencrypt + scope: cluster + tls: + enabled: true diff --git a/flux/dev/kubernetes-dashboard/kustomization.yml b/flux/dev/kubernetes-dashboard/kustomization.yml index c4907f6a..bb4d2b56 100644 --- a/flux/dev/kubernetes-dashboard/kustomization.yml +++ b/flux/dev/kubernetes-dashboard/kustomization.yml @@ -3,3 +3,4 @@ kind: Kustomization resources: - helm-repository.yml - helm-release.yml + - serviceaccount.yml diff --git a/flux/dev/kubernetes-dashboard/serviceaccount.yml b/flux/dev/kubernetes-dashboard/serviceaccount.yml new file mode 100644 index 00000000..f619b747 --- /dev/null +++ b/flux/dev/kubernetes-dashboard/serviceaccount.yml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kubernetes-dashboard-admin + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kubernetes-dashboard-admin +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: + - kind: ServiceAccount + name: kubernetes-dashboard-admin + namespace: kube-system diff --git a/flux/dev/kubevirt-manager/kustomization.yml b/flux/dev/kubevirt-manager/kustomization.yml deleted file mode 100644 index cf5583e5..00000000 --- a/flux/dev/kubevirt-manager/kustomization.yml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -namespace: kubevirt-manager -resources: - - https://raw.githubusercontent.com/kubevirt-manager/kubevirt-manager/main/kubernetes/bundled.yaml diff --git a/flux/dev/kustomization.yml b/flux/dev/kustomization.yml index 87ca3038..e0358b7c 100644 --- a/flux/dev/kustomization.yml +++ b/flux/dev/kustomization.yml @@ -3,6 +3,7 @@ kind: Kustomization resources: - external-dns - ingress-nginx + - cert-manager + - cert-issuer-do.yml - kubernetes-dashboard - kubevirt - - kubevirt-manager From b25824a68c658b2e3f53d7b17074041f63626f63 Mon Sep 17 00:00:00 2001 From: Anatolios Laskaris Date: Mon, 11 Nov 2024 16:01:11 +0200 Subject: [PATCH 21/40] f --- terraform/controlplane.tf | 3 ++- terraform/templates/controlplane_patch.yml | 31 +++++++++------------- 2 files changed, 14 insertions(+), 20 deletions(-) diff --git a/terraform/controlplane.tf b/terraform/controlplane.tf index b348e962..213fe718 100644 --- a/terraform/controlplane.tf +++ b/terraform/controlplane.tf @@ -72,7 +72,8 @@ data "talos_machine_configuration" "cp" { hostdns = "${each.key}.${local.prefix}.fluence.dev", subnet = data.digitalocean_vpc.spectrum.ip_range, branch = var.github_branch - dotoken = base64encode(data.vault_generic_secret.spectrum.data.token) + dotoken = base64encode(data.vault_generic_secret.spectrum.data.token) + domain = "${local.prefix}.fluence.dev" }) ] } diff --git a/terraform/templates/controlplane_patch.yml b/terraform/templates/controlplane_patch.yml index 5dbd1e3d..01685c5f 100644 --- a/terraform/templates/controlplane_patch.yml +++ b/terraform/templates/controlplane_patch.yml @@ -128,7 +128,7 @@ cluster: kind: GitRepository metadata: name: spectrum - namespace: default + namespace: flux-system spec: interval: 1m0s url: https://github.com/fluencelabs/spectrum.git @@ -152,27 +152,20 @@ cluster: timeout: 2m --- apiVersion: v1 - kind: Namespace - metadata: - name: ingress-nginx - --- - apiVersion: v1 - kind: ConfigMap + kind: Secret metadata: - name: loadbalancer-ip - namespace: ingress-nginx + name: terraformSecrets + namespace: kube-system + type: Opaque data: - values.yaml: | - controller: - service: - externalIPs: - - ${loadbalancerip} + dotoken: ${dotoken} --- apiVersion: v1 - kind: Secret + kind: ConfigMap metadata: - name: external-dns-digitalocean - namespace: default - type: Opaque + name: terraformConfig + namespace: kube-system data: - token: ${dotoken} + domain: ${domain} + loadbalancerIP: ${locabalancerip} + branch: ${branch} From bc19a79dc735d840cc3b1032b7258f5c7221c057 Mon Sep 17 00:00:00 2001 From: Anatolios Laskaris Date: Mon, 11 Nov 2024 16:04:28 +0200 Subject: [PATCH 22/40] F --- terraform/controlplane.tf | 1 + terraform/templates/controlplane_patch.yml | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/terraform/controlplane.tf b/terraform/controlplane.tf index 213fe718..4c8b0909 100644 --- a/terraform/controlplane.tf +++ b/terraform/controlplane.tf @@ -74,6 +74,7 @@ data "talos_machine_configuration" "cp" { branch = var.github_branch dotoken = base64encode(data.vault_generic_secret.spectrum.data.token) domain = "${local.prefix}.fluence.dev" + prefix = local.prefix }) ] } diff --git a/terraform/templates/controlplane_patch.yml b/terraform/templates/controlplane_patch.yml index 01685c5f..3d009968 100644 --- a/terraform/templates/controlplane_patch.yml +++ b/terraform/templates/controlplane_patch.yml @@ -167,5 +167,6 @@ cluster: namespace: kube-system data: domain: ${domain} - loadbalancerIP: ${locabalancerip} + loadbalancerIP: ${loadbalancerip} branch: ${branch} + prefix: ${prefix} From af3e7621c898a3787ed64b56ca6dbd72eaa3cac6 Mon Sep 17 00:00:00 2001 From: Anatolios Laskaris Date: Mon, 11 Nov 2024 16:05:54 +0200 Subject: [PATCH 23/40] F --- terraform/backend.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/backend.tf b/terraform/backend.tf index 9ce75609..c69d98e9 100644 --- a/terraform/backend.tf +++ b/terraform/backend.tf @@ -25,5 +25,5 @@ data "cloudflare_zone" "fluence_dev" { } provider "vault" { - address = "https://hashi.fluence.dev:8200" + address = "https://vault.nahsi.dev" } From c087ff3f581ef513759c9ae303b6c8d2ff913dda Mon Sep 17 00:00:00 2001 From: Anatolios Laskaris Date: Mon, 11 Nov 2024 16:07:20 +0200 Subject: [PATCH 24/40] F --- terraform/backend.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/backend.tf b/terraform/backend.tf index c69d98e9..74e5dd31 100644 --- a/terraform/backend.tf +++ b/terraform/backend.tf @@ -25,5 +25,5 @@ data "cloudflare_zone" "fluence_dev" { } provider "vault" { - address = "https://vault.nahsi.dev" + address = "https://vault.fluence.dev" } From 4585d25aa856a42db32eecaf5af4d19f618b72ce Mon Sep 17 00:00:00 2001 From: Anatolios Laskaris Date: Mon, 11 Nov 2024 16:45:51 +0200 Subject: [PATCH 25/40] Push --- terraform/templates/controlplane_patch.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/templates/controlplane_patch.yml b/terraform/templates/controlplane_patch.yml index 3d009968..905aac61 100644 --- a/terraform/templates/controlplane_patch.yml +++ b/terraform/templates/controlplane_patch.yml @@ -139,7 +139,7 @@ cluster: kind: Kustomization metadata: name: deploy-spectrum - namespace: default + namespace: flux-system spec: interval: 1m0s path: "./flux/dev" @@ -147,7 +147,7 @@ cluster: sourceRef: kind: GitRepository name: spectrum - namespace: default + namespace: flux-system validation: client timeout: 2m --- From 46eb9b5ca33b88a9e810eb3fb2b5a4c0da887f1f Mon Sep 17 00:00:00 2001 From: Anatolios Laskaris Date: Mon, 11 Nov 2024 17:24:39 +0200 Subject: [PATCH 26/40] Fix --- flux/dev/cert-issuer-do.yml | 2 +- flux/dev/external-dns/helm-release.yml | 4 +- flux/dev/ingress-nginx/helm-release.yml | 4 +- .../dev/kubernetes-dashboard/helm-release.yml | 2 +- terraform/backend.tf | 3 - terraform/controlplane.tf | 5 +- terraform/templates/controlplane_patch.yml | 6 +- terraform/test.yml | 57 ------------------- 8 files changed, 12 insertions(+), 71 deletions(-) delete mode 100644 terraform/test.yml diff --git a/flux/dev/cert-issuer-do.yml b/flux/dev/cert-issuer-do.yml index ea338738..a2d4412c 100644 --- a/flux/dev/cert-issuer-do.yml +++ b/flux/dev/cert-issuer-do.yml @@ -14,5 +14,5 @@ spec: - dns01: digitalocean: tokenSecretRef: - name: terraformSecrets + name: terraform-secrets key: dotoken diff --git a/flux/dev/external-dns/helm-release.yml b/flux/dev/external-dns/helm-release.yml index 8bae5163..dfcf985e 100644 --- a/flux/dev/external-dns/helm-release.yml +++ b/flux/dev/external-dns/helm-release.yml @@ -16,13 +16,13 @@ spec: interval: 5m valuesFrom: - kind: ConfigMap - name: terraformConfig + name: terraform-config values: env: - name: DO_TOKEN valueFrom: secretKeyRef: - name: terraformSecrets + name: terraform-secrets key: dotoken txtOwnerId: "{{ Values.prefix }}" sources: diff --git a/flux/dev/ingress-nginx/helm-release.yml b/flux/dev/ingress-nginx/helm-release.yml index 36a00ee7..e0007c62 100644 --- a/flux/dev/ingress-nginx/helm-release.yml +++ b/flux/dev/ingress-nginx/helm-release.yml @@ -16,7 +16,7 @@ spec: interval: 12h valuesFrom: - kind: ConfigMap - name: terraformConfig + name: terraform-config values: controller: kind: DaemonSet @@ -25,7 +25,7 @@ spec: service: type: LoadBalancer externalIPs: - - {{ .Values.loadbalancerIP }} + - {{ .Values.loadbalancerip }} nodePorts: http: 30100 https: 30101 diff --git a/flux/dev/kubernetes-dashboard/helm-release.yml b/flux/dev/kubernetes-dashboard/helm-release.yml index 052cb637..5068df46 100644 --- a/flux/dev/kubernetes-dashboard/helm-release.yml +++ b/flux/dev/kubernetes-dashboard/helm-release.yml @@ -16,7 +16,7 @@ spec: namespace: flux-system valuesFrom: - configMapRef: - name: terraformConfig + name: terraform-config values: serviceAccount: create: true diff --git a/terraform/backend.tf b/terraform/backend.tf index 74e5dd31..2e341fb3 100644 --- a/terraform/backend.tf +++ b/terraform/backend.tf @@ -24,6 +24,3 @@ data "cloudflare_zone" "fluence_dev" { name = "fluence.dev" } -provider "vault" { - address = "https://vault.fluence.dev" -} diff --git a/terraform/controlplane.tf b/terraform/controlplane.tf index 4c8b0909..ea836ad3 100644 --- a/terraform/controlplane.tf +++ b/terraform/controlplane.tf @@ -51,6 +51,7 @@ resource "digitalocean_record" "endpoint" { type = "A" name = "kube" value = digitalocean_loadbalancer.cp.ip + ttl = 30 } resource "talos_machine_secrets" "this" { @@ -67,7 +68,7 @@ data "talos_machine_configuration" "cp" { talos_version = "v1.8" config_patches = [ templatefile("${path.module}/templates/controlplane_patch.yml", { - loadbalancerdns = digitalocean_record.endpoint.fqdn + loadbalancerdns = "kube.${local.prefix}.fluence.dev" loadbalancerip = digitalocean_loadbalancer.cp.ip hostdns = "${each.key}.${local.prefix}.fluence.dev", subnet = data.digitalocean_vpc.spectrum.ip_range, @@ -83,7 +84,7 @@ data "talos_client_configuration" "this" { cluster_name = terraform.workspace client_configuration = talos_machine_secrets.this.client_configuration endpoints = [ - digitalocean_record.endpoint.fqdn, + "kube.${local.prefix}.fluence.dev" ] } diff --git a/terraform/templates/controlplane_patch.yml b/terraform/templates/controlplane_patch.yml index 905aac61..7dc5a1ff 100644 --- a/terraform/templates/controlplane_patch.yml +++ b/terraform/templates/controlplane_patch.yml @@ -154,7 +154,7 @@ cluster: apiVersion: v1 kind: Secret metadata: - name: terraformSecrets + name: terraform-secrets namespace: kube-system type: Opaque data: @@ -163,10 +163,10 @@ cluster: apiVersion: v1 kind: ConfigMap metadata: - name: terraformConfig + name: terraform-config namespace: kube-system data: domain: ${domain} - loadbalancerIP: ${loadbalancerip} + loadbalancerip: ${loadbalancerip} branch: ${branch} prefix: ${prefix} diff --git a/terraform/test.yml b/terraform/test.yml deleted file mode 100644 index 38078df6..00000000 --- a/terraform/test.yml +++ /dev/null @@ -1,57 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: kuard -spec: - selector: - matchLabels: - app: kuard - replicas: 1 - template: - metadata: - labels: - app: kuard - spec: - containers: - - image: gcr.io/kuar-demo/kuard-amd64:1 - imagePullPolicy: Always - name: kuard - ports: - - containerPort: 8080 ---- -apiVersion: v1 -kind: Service -metadata: - name: kuard -spec: - ports: - - port: 80 - targetPort: 8080 - protocol: TCP - selector: - app: kuard ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: kuard - annotations: - cert-manager.io/cluster-issuer: "letsencrypt-staging" -spec: - ingressClassName: nginx - tls: - - hosts: - - test.rnd-setup-ingress.fluence.dev - secretName: quickstart-example-tls - rules: - - host: test.rnd-setup-ingress.fluence.dev - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: kuard - port: - number: 80 From 2fe9654600cf80ebac6b51f0c55f8aa8390d9215 Mon Sep 17 00:00:00 2001 From: Anatolios Laskaris Date: Mon, 11 Nov 2024 17:27:03 +0200 Subject: [PATCH 27/40] Fi --- terraform/backend.tf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/terraform/backend.tf b/terraform/backend.tf index 2e341fb3..74e5dd31 100644 --- a/terraform/backend.tf +++ b/terraform/backend.tf @@ -24,3 +24,6 @@ data "cloudflare_zone" "fluence_dev" { name = "fluence.dev" } +provider "vault" { + address = "https://vault.fluence.dev" +} From 5e7099f66dd239e03b6e172ff328e6a3c921eab5 Mon Sep 17 00:00:00 2001 From: Anatolios Laskaris Date: Mon, 11 Nov 2024 17:37:27 +0200 Subject: [PATCH 28/40] Update --- flux/dev/external-dns/helm-release.yml | 2 +- flux/dev/ingress-nginx/helm-release.yml | 4 ++-- flux/dev/kubernetes-dashboard/helm-release.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/flux/dev/external-dns/helm-release.yml b/flux/dev/external-dns/helm-release.yml index dfcf985e..e2617613 100644 --- a/flux/dev/external-dns/helm-release.yml +++ b/flux/dev/external-dns/helm-release.yml @@ -24,7 +24,7 @@ spec: secretKeyRef: name: terraform-secrets key: dotoken - txtOwnerId: "{{ Values.prefix }}" + txtOwnerId: "${prefix}" sources: - ingress policy: sync diff --git a/flux/dev/ingress-nginx/helm-release.yml b/flux/dev/ingress-nginx/helm-release.yml index e0007c62..8872a8f8 100644 --- a/flux/dev/ingress-nginx/helm-release.yml +++ b/flux/dev/ingress-nginx/helm-release.yml @@ -25,7 +25,7 @@ spec: service: type: LoadBalancer externalIPs: - - {{ .Values.loadbalancerip }} + - ${loadbalancerip} nodePorts: http: 30100 https: 30101 @@ -33,7 +33,7 @@ spec: ingress: enabled: true hosts: - - kube.{{ .Values.domain }} + - kube.${domain} ingressClassName: nginx useDefaultAnnotations: true pathType: ImplementationSpecific diff --git a/flux/dev/kubernetes-dashboard/helm-release.yml b/flux/dev/kubernetes-dashboard/helm-release.yml index 5068df46..10f778d9 100644 --- a/flux/dev/kubernetes-dashboard/helm-release.yml +++ b/flux/dev/kubernetes-dashboard/helm-release.yml @@ -26,7 +26,7 @@ spec: ingress: enabled: true hosts: - - dashboard.{{ .Values.domain }} + - dashboard.${domain} ingressClassName: nginx issuer: name: letsencrypt From 69e48de9003b9e6b5b964fa561c2fdb5b36866bd Mon Sep 17 00:00:00 2001 From: Anatolios Laskaris Date: Mon, 11 Nov 2024 17:46:07 +0200 Subject: [PATCH 29/40] F --- .../cluster-issuer.yml} | 0 flux/dev/cert-issuer/kustomization.yml | 15 +++++++++++++++ flux/dev/kustomization.yml | 2 +- 3 files changed, 16 insertions(+), 1 deletion(-) rename flux/dev/{cert-issuer-do.yml => cert-issuer/cluster-issuer.yml} (100%) create mode 100644 flux/dev/cert-issuer/kustomization.yml diff --git a/flux/dev/cert-issuer-do.yml b/flux/dev/cert-issuer/cluster-issuer.yml similarity index 100% rename from flux/dev/cert-issuer-do.yml rename to flux/dev/cert-issuer/cluster-issuer.yml diff --git a/flux/dev/cert-issuer/kustomization.yml b/flux/dev/cert-issuer/kustomization.yml new file mode 100644 index 00000000..ddcee0c4 --- /dev/null +++ b/flux/dev/cert-issuer/kustomization.yml @@ -0,0 +1,15 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 +kind: Kustomization +metadata: + name: cluster-issuer + namespace: flux-system +spec: + interval: 1m0s + path: ./flux/dev/cert-issuer + prune: true + sourceRef: + kind: GitRepository + name: flux-system + namespace: flux-system + dependsOn: + - name: cert-manager diff --git a/flux/dev/kustomization.yml b/flux/dev/kustomization.yml index e0358b7c..e1c8c7b1 100644 --- a/flux/dev/kustomization.yml +++ b/flux/dev/kustomization.yml @@ -4,6 +4,6 @@ resources: - external-dns - ingress-nginx - cert-manager - - cert-issuer-do.yml + - cert-issuer - kubernetes-dashboard - kubevirt From dfa6f41b142034faa795ee0227e8d69c9fc93ca2 Mon Sep 17 00:00:00 2001 From: Anatolios Laskaris Date: Mon, 11 Nov 2024 17:49:41 +0200 Subject: [PATCH 30/40] F --- flux/dev/cert-issuer/ks.yml | 15 +++++++++++++++ flux/dev/cert-issuer/kustomization.yml | 17 +++-------------- 2 files changed, 18 insertions(+), 14 deletions(-) create mode 100644 flux/dev/cert-issuer/ks.yml diff --git a/flux/dev/cert-issuer/ks.yml b/flux/dev/cert-issuer/ks.yml new file mode 100644 index 00000000..d0208411 --- /dev/null +++ b/flux/dev/cert-issuer/ks.yml @@ -0,0 +1,15 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 +kind: Kustomization +metadata: + name: cluster-issuer + namespace: flux-system +spec: + interval: 1m0s + path: ./flux/dev/cert-issuer/cluster-issuer.yml + prune: true + sourceRef: + kind: GitRepository + name: spectrum + namespace: flux-system + dependsOn: + - name: cert-manager diff --git a/flux/dev/cert-issuer/kustomization.yml b/flux/dev/cert-issuer/kustomization.yml index ddcee0c4..1f8ae66b 100644 --- a/flux/dev/cert-issuer/kustomization.yml +++ b/flux/dev/cert-issuer/kustomization.yml @@ -1,15 +1,4 @@ -apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 +apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -metadata: - name: cluster-issuer - namespace: flux-system -spec: - interval: 1m0s - path: ./flux/dev/cert-issuer - prune: true - sourceRef: - kind: GitRepository - name: flux-system - namespace: flux-system - dependsOn: - - name: cert-manager +resources: + - ks.yml From b54d6697ca919ea67ebdae14e52b2446ed6de395 Mon Sep 17 00:00:00 2001 From: Anatolios Laskaris Date: Mon, 11 Nov 2024 17:51:59 +0200 Subject: [PATCH 31/40] Fi --- flux/dev/kubernetes-dashboard/helm-release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/flux/dev/kubernetes-dashboard/helm-release.yml b/flux/dev/kubernetes-dashboard/helm-release.yml index 10f778d9..611e4aba 100644 --- a/flux/dev/kubernetes-dashboard/helm-release.yml +++ b/flux/dev/kubernetes-dashboard/helm-release.yml @@ -15,8 +15,8 @@ spec: name: kubernetes-dashboard namespace: flux-system valuesFrom: - - configMapRef: - name: terraform-config + - kind: ConfigMap + name: terraform-config values: serviceAccount: create: true From 8c2518ad2bcf93cc47b0e71d01837424af64ab8e Mon Sep 17 00:00:00 2001 From: Anatolios Laskaris Date: Mon, 11 Nov 2024 18:01:57 +0200 Subject: [PATCH 32/40] Fix? --- flux/dev/cert-issuer/{ => app}/cluster-issuer.yml | 0 flux/dev/cert-issuer/app/kustomization.yml | 4 ++++ flux/dev/cert-issuer/ks.yml | 4 ++-- flux/dev/cert-manager/{ => app}/helm-release.yml | 0 flux/dev/cert-manager/{ => app}/helm-repository.yml | 0 flux/dev/cert-manager/app/kustomization.yml | 5 +++++ flux/dev/cert-manager/ks.yml | 13 +++++++++++++ flux/dev/cert-manager/kustomization.yml | 3 +-- 8 files changed, 25 insertions(+), 4 deletions(-) rename flux/dev/cert-issuer/{ => app}/cluster-issuer.yml (100%) create mode 100644 flux/dev/cert-issuer/app/kustomization.yml rename flux/dev/cert-manager/{ => app}/helm-release.yml (100%) rename flux/dev/cert-manager/{ => app}/helm-repository.yml (100%) create mode 100644 flux/dev/cert-manager/app/kustomization.yml create mode 100644 flux/dev/cert-manager/ks.yml diff --git a/flux/dev/cert-issuer/cluster-issuer.yml b/flux/dev/cert-issuer/app/cluster-issuer.yml similarity index 100% rename from flux/dev/cert-issuer/cluster-issuer.yml rename to flux/dev/cert-issuer/app/cluster-issuer.yml diff --git a/flux/dev/cert-issuer/app/kustomization.yml b/flux/dev/cert-issuer/app/kustomization.yml new file mode 100644 index 00000000..86fec029 --- /dev/null +++ b/flux/dev/cert-issuer/app/kustomization.yml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - cluster-issuer.yml diff --git a/flux/dev/cert-issuer/ks.yml b/flux/dev/cert-issuer/ks.yml index d0208411..bcbef0be 100644 --- a/flux/dev/cert-issuer/ks.yml +++ b/flux/dev/cert-issuer/ks.yml @@ -4,8 +4,8 @@ metadata: name: cluster-issuer namespace: flux-system spec: - interval: 1m0s - path: ./flux/dev/cert-issuer/cluster-issuer.yml + interval: 2m0s + path: ./flux/dev/cert-issuer/app prune: true sourceRef: kind: GitRepository diff --git a/flux/dev/cert-manager/helm-release.yml b/flux/dev/cert-manager/app/helm-release.yml similarity index 100% rename from flux/dev/cert-manager/helm-release.yml rename to flux/dev/cert-manager/app/helm-release.yml diff --git a/flux/dev/cert-manager/helm-repository.yml b/flux/dev/cert-manager/app/helm-repository.yml similarity index 100% rename from flux/dev/cert-manager/helm-repository.yml rename to flux/dev/cert-manager/app/helm-repository.yml diff --git a/flux/dev/cert-manager/app/kustomization.yml b/flux/dev/cert-manager/app/kustomization.yml new file mode 100644 index 00000000..c4907f6a --- /dev/null +++ b/flux/dev/cert-manager/app/kustomization.yml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - helm-repository.yml + - helm-release.yml diff --git a/flux/dev/cert-manager/ks.yml b/flux/dev/cert-manager/ks.yml new file mode 100644 index 00000000..e6e8ae07 --- /dev/null +++ b/flux/dev/cert-manager/ks.yml @@ -0,0 +1,13 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 +kind: Kustomization +metadata: + name: cert-manager + namespace: flux-system +spec: + interval: 1m0s + path: ./flux/dev/cert-manager/app + prune: true + sourceRef: + kind: GitRepository + name: spectrum + namespace: flux-system diff --git a/flux/dev/cert-manager/kustomization.yml b/flux/dev/cert-manager/kustomization.yml index c4907f6a..1f8ae66b 100644 --- a/flux/dev/cert-manager/kustomization.yml +++ b/flux/dev/cert-manager/kustomization.yml @@ -1,5 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - helm-repository.yml - - helm-release.yml + - ks.yml From a4b2ebc4e8dce6f8e75b5c8c0dbe0b4e8d026805 Mon Sep 17 00:00:00 2001 From: Anatolios Laskaris Date: Mon, 11 Nov 2024 18:13:12 +0200 Subject: [PATCH 33/40] fix --- flux/dev/ingress-nginx/helm-release.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/flux/dev/ingress-nginx/helm-release.yml b/flux/dev/ingress-nginx/helm-release.yml index 8872a8f8..114149c7 100644 --- a/flux/dev/ingress-nginx/helm-release.yml +++ b/flux/dev/ingress-nginx/helm-release.yml @@ -17,6 +17,9 @@ spec: valuesFrom: - kind: ConfigMap name: terraform-config + - kind: ConfigMap + name: terraform-config + targetPath: controller.service.externalIPs[0] values: controller: kind: DaemonSet @@ -24,8 +27,6 @@ spec: enabled: true service: type: LoadBalancer - externalIPs: - - ${loadbalancerip} nodePorts: http: 30100 https: 30101 From eb1611511e40421171827b47ea4d22ada77994e2 Mon Sep 17 00:00:00 2001 From: Anatolios Laskaris Date: Mon, 11 Nov 2024 18:20:53 +0200 Subject: [PATCH 34/40] F --- flux/dev/ingress-nginx/helm-release.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/flux/dev/ingress-nginx/helm-release.yml b/flux/dev/ingress-nginx/helm-release.yml index 114149c7..c65c927f 100644 --- a/flux/dev/ingress-nginx/helm-release.yml +++ b/flux/dev/ingress-nginx/helm-release.yml @@ -19,6 +19,7 @@ spec: name: terraform-config - kind: ConfigMap name: terraform-config + valuesKey: loadbalancerip targetPath: controller.service.externalIPs[0] values: controller: From ecf0db05db7c76723e46ba8c50769559ddf6c602 Mon Sep 17 00:00:00 2001 From: Anatolios Laskaris Date: Mon, 11 Nov 2024 18:24:40 +0200 Subject: [PATCH 35/40] F --- terraform/controlplane.tf | 2 +- terraform/templates/controlplane_patch.yml | 8 +++++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/terraform/controlplane.tf b/terraform/controlplane.tf index ea836ad3..a26f3067 100644 --- a/terraform/controlplane.tf +++ b/terraform/controlplane.tf @@ -1,6 +1,6 @@ locals { cp = [ - for i in range(1) : format("%s-%d", "cp", i) + for i in range(3) : format("%s-%d", "cp", i) ] } diff --git a/terraform/templates/controlplane_patch.yml b/terraform/templates/controlplane_patch.yml index 7dc5a1ff..e7ea0c31 100644 --- a/terraform/templates/controlplane_patch.yml +++ b/terraform/templates/controlplane_patch.yml @@ -166,7 +166,9 @@ cluster: name: terraform-config namespace: kube-system data: - domain: ${domain} loadbalancerip: ${loadbalancerip} - branch: ${branch} - prefix: ${prefix} + values.yaml: | + domain: ${domain} + loadbalancerip: ${loadbalancerip} + branch: ${branch} + prefix: ${prefix} From fdfd59f727d2eafac0708ce993003e006715f989 Mon Sep 17 00:00:00 2001 From: Anatolios Laskaris Date: Mon, 11 Nov 2024 19:06:32 +0200 Subject: [PATCH 36/40] Fix --- .../dev/kubernetes-dashboard/helm-release.yml | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/flux/dev/kubernetes-dashboard/helm-release.yml b/flux/dev/kubernetes-dashboard/helm-release.yml index 611e4aba..730bd94e 100644 --- a/flux/dev/kubernetes-dashboard/helm-release.yml +++ b/flux/dev/kubernetes-dashboard/helm-release.yml @@ -23,13 +23,14 @@ spec: rbac: create: true replicas: 1 - ingress: - enabled: true - hosts: - - dashboard.${domain} - ingressClassName: nginx - issuer: - name: letsencrypt - scope: cluster - tls: + app: + ingress: enabled: true + hosts: + - dashboard.${domain} + ingressClassName: nginx + issuer: + name: letsencrypt + scope: cluster + tls: + enabled: true From 58b9074778d1abe6901da6272b054ecaa4e3b297 Mon Sep 17 00:00:00 2001 From: Anatolios Laskaris Date: Mon, 11 Nov 2024 19:25:13 +0200 Subject: [PATCH 37/40] F --- flux/dev/kubernetes-dashboard/helm-release.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/flux/dev/kubernetes-dashboard/helm-release.yml b/flux/dev/kubernetes-dashboard/helm-release.yml index 730bd94e..1c82cfb3 100644 --- a/flux/dev/kubernetes-dashboard/helm-release.yml +++ b/flux/dev/kubernetes-dashboard/helm-release.yml @@ -14,9 +14,6 @@ spec: kind: HelmRepository name: kubernetes-dashboard namespace: flux-system - valuesFrom: - - kind: ConfigMap - name: terraform-config values: serviceAccount: create: true @@ -27,7 +24,7 @@ spec: ingress: enabled: true hosts: - - dashboard.${domain} + - dashboard.${DOMAIN} ingressClassName: nginx issuer: name: letsencrypt From 2633f5babe845a976cf7dfa8490f61561d74845a Mon Sep 17 00:00:00 2001 From: Anatolios Laskaris Date: Mon, 11 Nov 2024 19:34:08 +0200 Subject: [PATCH 38/40] F --- terraform/templates/controlplane_patch.yml | 37 ++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/terraform/templates/controlplane_patch.yml b/terraform/templates/controlplane_patch.yml index e7ea0c31..0d2bd69d 100644 --- a/terraform/templates/controlplane_patch.yml +++ b/terraform/templates/controlplane_patch.yml @@ -135,6 +135,37 @@ cluster: ref: branch: ${branch} --- + apiVersion: v1 + kind: Secret + metadata: + name: terraform-secrets + namespace: flux-system + type: Opaque + data: + dotoken: ${dotoken} + --- + apiVersion: v1 + kind: ConfigMap + metadata: + name: terraform-config + namespace: flux-system + data: + domain: ${domain} + loadbalancerip: ${loadbalancerip} + branch: ${branch} + prefix: ${prefix} + --- + apiVersion: source.toolkit.fluxcd.io/v1 + kind: GitRepository + metadata: + name: spectrum + namespace: flux-system + spec: + interval: 1m0s + url: https://github.com/fluencelabs/spectrum.git + ref: + branch: ${branch} + --- apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: @@ -150,6 +181,12 @@ cluster: namespace: flux-system validation: client timeout: 2m + postBuild: + substituteFrom: + - kind: ConfigMap + name: terraform-config + - kind: Secret + name: terraform-secrets --- apiVersion: v1 kind: Secret From 59399310fad1157296aaef853ac7480fa086f983 Mon Sep 17 00:00:00 2001 From: Anatolios Laskaris Date: Mon, 11 Nov 2024 19:42:24 +0200 Subject: [PATCH 39/40] F --- flux/dev/kubernetes-dashboard/helm-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flux/dev/kubernetes-dashboard/helm-release.yml b/flux/dev/kubernetes-dashboard/helm-release.yml index 1c82cfb3..c9518fe0 100644 --- a/flux/dev/kubernetes-dashboard/helm-release.yml +++ b/flux/dev/kubernetes-dashboard/helm-release.yml @@ -24,7 +24,7 @@ spec: ingress: enabled: true hosts: - - dashboard.${DOMAIN} + - dashboard.${domain} ingressClassName: nginx issuer: name: letsencrypt From fdd8aec39beb03d9b8a9a8c777d28d23d8c46e58 Mon Sep 17 00:00:00 2001 From: Anatolios Laskaris Date: Mon, 11 Nov 2024 19:50:32 +0200 Subject: [PATCH 40/40] F --- flux/dev/cert-issuer/app/cluster-issuer.yml | 4 +- flux/dev/external-dns/helm-release.yml | 9 ++-- flux/dev/ingress-nginx/helm-release.yml | 11 ++--- .../dev/kubernetes-dashboard/helm-release.yml | 2 +- terraform/templates/controlplane_patch.yml | 44 +++++-------------- 5 files changed, 19 insertions(+), 51 deletions(-) diff --git a/flux/dev/cert-issuer/app/cluster-issuer.yml b/flux/dev/cert-issuer/app/cluster-issuer.yml index a2d4412c..5b2c8c98 100644 --- a/flux/dev/cert-issuer/app/cluster-issuer.yml +++ b/flux/dev/cert-issuer/app/cluster-issuer.yml @@ -14,5 +14,5 @@ spec: - dns01: digitalocean: tokenSecretRef: - name: terraform-secrets - key: dotoken + name: digitalocean-token + key: token diff --git a/flux/dev/external-dns/helm-release.yml b/flux/dev/external-dns/helm-release.yml index e2617613..d075a753 100644 --- a/flux/dev/external-dns/helm-release.yml +++ b/flux/dev/external-dns/helm-release.yml @@ -14,17 +14,14 @@ spec: name: external-dns-charts namespace: flux-system interval: 5m - valuesFrom: - - kind: ConfigMap - name: terraform-config values: env: - name: DO_TOKEN valueFrom: secretKeyRef: - name: terraform-secrets - key: dotoken - txtOwnerId: "${prefix}" + name: digitalocean-token + key: token + txtOwnerId: "${PREFIX}" sources: - ingress policy: sync diff --git a/flux/dev/ingress-nginx/helm-release.yml b/flux/dev/ingress-nginx/helm-release.yml index c65c927f..c7872899 100644 --- a/flux/dev/ingress-nginx/helm-release.yml +++ b/flux/dev/ingress-nginx/helm-release.yml @@ -14,13 +14,6 @@ spec: name: ingress-nginx namespace: flux-system interval: 12h - valuesFrom: - - kind: ConfigMap - name: terraform-config - - kind: ConfigMap - name: terraform-config - valuesKey: loadbalancerip - targetPath: controller.service.externalIPs[0] values: controller: kind: DaemonSet @@ -28,6 +21,8 @@ spec: enabled: true service: type: LoadBalancer + externalIPs: + - ${LOADBALANCER_IP} nodePorts: http: 30100 https: 30101 @@ -35,7 +30,7 @@ spec: ingress: enabled: true hosts: - - kube.${domain} + - kube.${DOMAIN} ingressClassName: nginx useDefaultAnnotations: true pathType: ImplementationSpecific diff --git a/flux/dev/kubernetes-dashboard/helm-release.yml b/flux/dev/kubernetes-dashboard/helm-release.yml index c9518fe0..1c82cfb3 100644 --- a/flux/dev/kubernetes-dashboard/helm-release.yml +++ b/flux/dev/kubernetes-dashboard/helm-release.yml @@ -24,7 +24,7 @@ spec: ingress: enabled: true hosts: - - dashboard.${domain} + - dashboard.${DOMAIN} ingressClassName: nginx issuer: name: letsencrypt diff --git a/terraform/templates/controlplane_patch.yml b/terraform/templates/controlplane_patch.yml index 0d2bd69d..aa094b39 100644 --- a/terraform/templates/controlplane_patch.yml +++ b/terraform/templates/controlplane_patch.yml @@ -136,24 +136,15 @@ cluster: branch: ${branch} --- apiVersion: v1 - kind: Secret - metadata: - name: terraform-secrets - namespace: flux-system - type: Opaque - data: - dotoken: ${dotoken} - --- - apiVersion: v1 kind: ConfigMap metadata: name: terraform-config namespace: flux-system data: - domain: ${domain} - loadbalancerip: ${loadbalancerip} - branch: ${branch} - prefix: ${prefix} + DOMAIN: ${domain} + LOADBALANCER_IP: ${loadbalancerip} + BRANCH: ${branch} + PREFIX: ${prefix} --- apiVersion: source.toolkit.fluxcd.io/v1 kind: GitRepository @@ -181,31 +172,16 @@ cluster: namespace: flux-system validation: client timeout: 2m - postBuild: - substituteFrom: - - kind: ConfigMap - name: terraform-config - - kind: Secret - name: terraform-secrets + postBuild: + substituteFrom: + - kind: ConfigMap + name: terraform-config --- apiVersion: v1 kind: Secret metadata: - name: terraform-secrets + name: digitalocean-token namespace: kube-system type: Opaque data: - dotoken: ${dotoken} - --- - apiVersion: v1 - kind: ConfigMap - metadata: - name: terraform-config - namespace: kube-system - data: - loadbalancerip: ${loadbalancerip} - values.yaml: | - domain: ${domain} - loadbalancerip: ${loadbalancerip} - branch: ${branch} - prefix: ${prefix} + token: ${dotoken}