From d44ccf830c076d4850b1d1ef4a3f52d67a9394b9 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 1 Apr 2024 13:30:18 +0200 Subject: [PATCH] Prepare helmfile for the service cluster --- helmfile.yaml | 31 ----- service/helmfile.yaml | 111 ++++++++++++++++++ {manifests => service/manifests}/ip.yaml | 0 service/manifests/pipeline-run.yaml | 20 ++++ service/manifests/pipeline.yaml | 17 +++ service/manifests/role-binding.yaml | 12 ++ service/manifests/task.yaml | 47 ++++++++ service/values/cert-mangager.yaml | 1 + service/values/cilium.yaml | 12 ++ service/values/coredns.yaml | 2 + service/values/metrics-server.yaml | 4 + {values => service/values}/namespaces.yaml | 1 + .../values}/values.istio-ingressgateway.yaml | 0 {values => service/values}/values.istiod.yaml | 0 14 files changed, 227 insertions(+), 31 deletions(-) delete mode 100644 helmfile.yaml create mode 100644 service/helmfile.yaml rename {manifests => service/manifests}/ip.yaml (100%) create mode 100644 service/manifests/pipeline-run.yaml create mode 100644 service/manifests/pipeline.yaml create mode 100644 service/manifests/role-binding.yaml create mode 100644 service/manifests/task.yaml create mode 100644 service/values/cert-mangager.yaml create mode 100644 service/values/cilium.yaml create mode 100644 service/values/coredns.yaml create mode 100644 service/values/metrics-server.yaml rename {values => service/values}/namespaces.yaml (88%) rename {values => service/values}/values.istio-ingressgateway.yaml (100%) rename {values => service/values}/values.istiod.yaml (100%) diff --git a/helmfile.yaml b/helmfile.yaml deleted file mode 100644 index 3944ae8..0000000 --- a/helmfile.yaml +++ /dev/null @@ -1,31 +0,0 @@ -repositories: - - name: istio - url: https://istio-release.storage.googleapis.com/charts - - name: metallb - url: https://metallb.github.io/metallb -releases: - - name: namespace - namespace: default - createNamespace: false - chart: ./charts/namespaces - values: - - ./values/namespaces.yaml - - name: metallb - chart: metallb/metallb - version: 0.14.3 - namespace: metallb-system - createNamespace: false - - name: istio-base - chart: istio/base - namespace: istio-system - createNamespace: false - - name: istio-ingressgateway - chart: istio/gateway - namespace: istio-system - values: - - ./values/values.istio-ingressgateway.yaml - - name: istiod - chart: istio/istiod - namespace: istio-system - values: - - ./values/values.istiod.yaml diff --git a/service/helmfile.yaml b/service/helmfile.yaml new file mode 100644 index 0000000..1825ed0 --- /dev/null +++ b/service/helmfile.yaml @@ -0,0 +1,111 @@ +repositories: + - name: istio + url: https://istio-release.storage.googleapis.com/charts + - name: metallb + url: https://metallb.github.io/metallb + - name: cdf + url: https://cdfoundation.github.io/tekton-helm-chart/ + - name: zot + url: registry.badhouseplants.net/helmule + oci: true + +releases: + - name: namespaces + namespace: kube-system + createNamespace: false + chart: ../charts/namespaces + values: + - ./values/namespaces.yaml + + - name: coredns + chart: zot/coredns + version: 1.29.0 + namespace: kube-system + values: + - ./values/coredns.yaml + + - name: cilium + chart: zot/cilium + installed: true + version: 1.15.2 + namespace: kube-system + needs: + - kube-system/coredns + values: + - ./values/cilium.yaml + + - name: metrics-server + chart: zot/metrics-server + version: 3.12.0 + namespace: kube-system + needs: + - kube-system/coredns + - kube-system/cilium + values: + - ./values/metrics-server.yaml + + - name: tekton + chart: cdf/tekton-pipeline + namespace: tekton-system + version: 1.0.2 + createNamespace: false + needs: + - kube-system/coredns + - kube-system/cilium + - kube-system/namespaces + + - name: cert-manager + chart: zot/cert-manager + version: v1.14.4 + namespace: cert-manager + needs: + - kube-system/namespaces + - kube-system/coredns + values: + - ./values/cert-mangager.yaml + + - name: metallb + chart: metallb/metallb + version: 0.14.3 + namespace: metallb-system + createNamespace: false + needs: + - kube-system/namespaces + - kube-system/coredns + - kube-system/cilium + + - name: local-path-provisioner + chart: zot/local-path-provisioner + namespace: kube-system + version: 0.0.25-dev + needs: + - kube-system/namespaces + - kube-system/coredns + - kube-system/cilium + + - name: istio-base + chart: istio/base + namespace: istio-system + createNamespace: false + needs: + - kube-system/namespaces + - kube-system/coredns + - kube-system/cilium + - name: istio-ingressgateway + chart: istio/gateway + namespace: istio-system + needs: + - kube-system/namespaces + - kube-system/coredns + - kube-system/cilium + values: + - ./values/values.istio-ingressgateway.yaml + - name: istiod + chart: istio/istiod + namespace: istio-system + needs: + - kube-system/namespaces + - kube-system/coredns + - kube-system/cilium + values: + - ./values/values.istiod.yaml diff --git a/manifests/ip.yaml b/service/manifests/ip.yaml similarity index 100% rename from manifests/ip.yaml rename to service/manifests/ip.yaml diff --git a/service/manifests/pipeline-run.yaml b/service/manifests/pipeline-run.yaml new file mode 100644 index 0000000..fc4380f --- /dev/null +++ b/service/manifests/pipeline-run.yaml @@ -0,0 +1,20 @@ +apiVersion: tekton.dev/v1beta1 +kind: PipelineRun +metadata: + name: generate-ssh-key +spec: + pipelineRef: + name: generate-ssh-key + params: + - name: username + value: "Tekton" + workspaces: + - name: outputs + volumeClaimTemplate: + spec: + accessModes: + - ReadWriteOnce # access mode may affect how you can use this volume in parallel tasks + resources: + requests: + storage: 1Gi + serviceAccountName: default diff --git a/service/manifests/pipeline.yaml b/service/manifests/pipeline.yaml new file mode 100644 index 0000000..eef635d --- /dev/null +++ b/service/manifests/pipeline.yaml @@ -0,0 +1,17 @@ +apiVersion: tekton.dev/v1beta1 +kind: Pipeline +metadata: + name: generate-ssh-key +spec: + workspaces: + - name: outputs + params: + - name: username + type: string + tasks: + - name: generate-key + taskRef: + name: generate-key + workspaces: + - name: outputs + workspaces: outputs diff --git a/service/manifests/role-binding.yaml b/service/manifests/role-binding.yaml new file mode 100644 index 0000000..75a9df5 --- /dev/null +++ b/service/manifests/role-binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: admin +subjects: +- kind: ServiceAccount + name: default + namespace: 60927041-78c2-4095-a2f5-6443c20c # this is the namespace your service account is in +roleRef: # referring to your ClusterRole + kind: ClusterRole + name: admin + apiGroup: rbac.authorization.k8s.io diff --git a/service/manifests/task.yaml b/service/manifests/task.yaml new file mode 100644 index 0000000..c34f1e3 --- /dev/null +++ b/service/manifests/task.yaml @@ -0,0 +1,47 @@ +--- +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: generate-key +spec: + workspaces: + - name: outputs + mountPath: /tmp/outputs + steps: + - name: prepare-ssh-key + image: ansible + imagePullPolicy: Never + script: | + #!/bin/sh + export SP_CUSTOMER=allanger + export SP_ENV=default + export SP_STATE=present + export COLLECTIONS_PATHS=./.ansible/collection + export COLLECTIONS_PATHS=./.ansible/collections + export ANSIBLE_ROLES_PATH=$./.ansible/roles + ansible-playbook /src/ssh-key-gen/playbook.yml -i /src/ssh-key-gen/inventory.yaml + - name: print-keys + image: alpine + script: + #!/bin/sh + ls -R $(workspaces.outputs.path) + - name: kubectl + image: alpine/k8s:1.20.7 + script: + #!/bin/sh + kubectl get all +--- +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: goodbye +spec: + params: + - name: username + type: string + steps: + - name: goodbye + image: ubuntu + script: | + #!/bin/bash + echo "Goodbye $(params.username)!" diff --git a/service/values/cert-mangager.yaml b/service/values/cert-mangager.yaml new file mode 100644 index 0000000..1b4551c --- /dev/null +++ b/service/values/cert-mangager.yaml @@ -0,0 +1 @@ +installCRDs: true diff --git a/service/values/cilium.yaml b/service/values/cilium.yaml new file mode 100644 index 0000000..1fa2b36 --- /dev/null +++ b/service/values/cilium.yaml @@ -0,0 +1,12 @@ + +operator: + replicas: 1 +endpointRoutes: + # -- Enable use of per endpoint routes instead of routing via + # the cilium_host interface. + enabled: true +ipam: + ciliumNodeUpdateRate: "15s" + operator: + clusterPoolIPv4PodCIDRList: + - 10.244.0.0/16 diff --git a/service/values/coredns.yaml b/service/values/coredns.yaml new file mode 100644 index 0000000..bca34fe --- /dev/null +++ b/service/values/coredns.yaml @@ -0,0 +1,2 @@ +service: + clusterIP: 10.43.0.10 diff --git a/service/values/metrics-server.yaml b/service/values/metrics-server.yaml new file mode 100644 index 0000000..ad6879b --- /dev/null +++ b/service/values/metrics-server.yaml @@ -0,0 +1,4 @@ +apiService: + insecureSkipTLSVerify: true +args: + - --kubelet-insecure-tls diff --git a/values/namespaces.yaml b/service/values/namespaces.yaml similarity index 88% rename from values/namespaces.yaml rename to service/values/namespaces.yaml index 4950079..cae607c 100644 --- a/values/namespaces.yaml +++ b/service/values/namespaces.yaml @@ -2,6 +2,7 @@ namespaces: - name: tekton-system - name: metallb-system - name: istio-system + - name: cert-manager - name: softplayer-backend labels: istio-injection: enabled diff --git a/values/values.istio-ingressgateway.yaml b/service/values/values.istio-ingressgateway.yaml similarity index 100% rename from values/values.istio-ingressgateway.yaml rename to service/values/values.istio-ingressgateway.yaml diff --git a/values/values.istiod.yaml b/service/values/values.istiod.yaml similarity index 100% rename from values/values.istiod.yaml rename to service/values/values.istiod.yaml