.
This commit is contained in:
parent
021a4e1a2a
commit
175b2e4358
23
README.md
23
README.md
@ -0,0 +1,23 @@
|
|||||||
|
|
||||||
|
curl -sfL https://get.k3s.io | K3S_KUBECONFIG_MODE="644" INSTALL_K3S_EXEC=" --disable servicelb --disable traefik" sh -s -
|
||||||
|
curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
|
||||||
|
helm repo add stable https://charts.helm.sh/stable
|
||||||
|
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
|
||||||
|
helm repo add jetstack https://charts.jetstack.io
|
||||||
|
helm repo update
|
||||||
|
helm install ingress-nginx ingress-nginx/ingress-nginx --namespace ingress-nginx --create-namespace
|
||||||
|
helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --set crds.enabled=true
|
||||||
|
mkdir -p ~/.kube/
|
||||||
|
sudo cp /etc/rancher/k3s/k3s.yaml ~/.kube/config
|
||||||
|
helm upgrade ingress-nginx ingress-nginx/ingress-nginx --namespace ingress-nginx -f ingress-values.yaml
|
||||||
|
kubectl apply -f matthewaveryusa_cloudflare_token_secret.yaml -n cert-manager
|
||||||
|
kubectl apply -f matthewaveryusa_cloudflare_issuer.yaml -n cert-manager
|
||||||
|
kubectl apply -f matthewaveryusa_certificate.yaml -n cert-manager
|
||||||
|
|
||||||
|
helm repo add argo https://argoproj.github.io/argo-helm
|
||||||
|
helm repo update
|
||||||
|
helm install argocd argo/argo-cd --namespace argocd --create-namespace
|
||||||
|
|
||||||
|
kubectl apply -n argocd -f argocd_ingress.yaml
|
||||||
|
helm upgrade argocd argo/argo-cd -f argocd-values.yaml -n argocd
|
||||||
|
kubectl apply -f argocd-appset.yaml -n argocd
|
||||||
30
argocd-appset.yaml
Normal file
30
argocd-appset.yaml
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
apiVersion: argoproj.io/v1alpha1
|
||||||
|
kind: ApplicationSet
|
||||||
|
metadata:
|
||||||
|
name: k8s-applications
|
||||||
|
spec:
|
||||||
|
generators:
|
||||||
|
- git:
|
||||||
|
repoURL: ssh://git@git.averytribe.com:522/matthewaveryusa/mono.git
|
||||||
|
revision: main
|
||||||
|
directories:
|
||||||
|
- path: k8s/*
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
name: '{{path.basename}}' # This sets the app name to the folder name
|
||||||
|
spec:
|
||||||
|
project: default
|
||||||
|
source:
|
||||||
|
repoURL: ssh://git@git.averytribe.com:522/matthewaveryusa/mono.git
|
||||||
|
targetRevision: main
|
||||||
|
path: '{{path}}'
|
||||||
|
destination:
|
||||||
|
server: https://kubernetes.default.svc
|
||||||
|
namespace: '{{path.basename}}' # Deploy into a namespace matching the app name
|
||||||
|
syncPolicy:
|
||||||
|
automated:
|
||||||
|
prune: true # Ensures apps are removed if deleted from Git
|
||||||
|
selfHeal: true
|
||||||
|
syncOptions:
|
||||||
|
- CreateNamespace=true # Ensures namespace is created if missing
|
||||||
|
|
||||||
3
argocd-values.yaml
Normal file
3
argocd-values.yaml
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
configs:
|
||||||
|
params:
|
||||||
|
server.insecure: true
|
||||||
26
argocd_ingress.yaml
Normal file
26
argocd_ingress.yaml
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
apiVersion: networking.k8s.io/v1
|
||||||
|
kind: Ingress
|
||||||
|
metadata:
|
||||||
|
name: argocd-server-http-ingress
|
||||||
|
namespace: argocd
|
||||||
|
annotations:
|
||||||
|
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
||||||
|
nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
|
||||||
|
cert-manager.io/cluster-issuer: matthewaveryusa-issuer
|
||||||
|
spec:
|
||||||
|
ingressClassName: nginx
|
||||||
|
rules:
|
||||||
|
- http:
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: argocd-server
|
||||||
|
port:
|
||||||
|
name: http
|
||||||
|
host: argocd.matthewaveryusa.com
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- argocd.matthewaveryusa.com
|
||||||
|
secretName: matthewaveryusa-wildcard
|
||||||
6
ingress-values.yaml
Normal file
6
ingress-values.yaml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
controller:
|
||||||
|
hostNetwork: true
|
||||||
|
dnsPolicy: ClusterFirstWithHostNet
|
||||||
|
service:
|
||||||
|
type: NodePort
|
||||||
|
|
||||||
14
matthewaveryusa_certificate.yaml
Normal file
14
matthewaveryusa_certificate.yaml
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
apiVersion: cert-manager.io/v1
|
||||||
|
kind: Certificate
|
||||||
|
metadata:
|
||||||
|
name: matthewaveryusa-wildcard
|
||||||
|
namespace : cert-manager
|
||||||
|
spec:
|
||||||
|
secretName: matthewaveryusa-wildcard
|
||||||
|
issuerRef:
|
||||||
|
name: matthewaveryusa-issuer
|
||||||
|
kind: ClusterIssuer
|
||||||
|
commonName: '*.matthewaveryusa.com'
|
||||||
|
dnsNames:
|
||||||
|
- "*.matthewaveryusa.com"
|
||||||
|
- "matthewaveryusa.com"
|
||||||
16
matthewaveryusa_cloudflare_issuer.yaml
Normal file
16
matthewaveryusa_cloudflare_issuer.yaml
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
apiVersion: cert-manager.io/v1
|
||||||
|
kind: ClusterIssuer
|
||||||
|
metadata:
|
||||||
|
name: matthewaveryusa-issuer
|
||||||
|
spec:
|
||||||
|
acme:
|
||||||
|
email: letsencrypt@matthewaveryusa.com
|
||||||
|
server: https://acme-v02.api.letsencrypt.org/directory
|
||||||
|
privateKeySecretRef:
|
||||||
|
name: matthewaveryusa-issuer-key
|
||||||
|
solvers:
|
||||||
|
- dns01:
|
||||||
|
cloudflare:
|
||||||
|
apiTokenSecretRef:
|
||||||
|
name: matthewaveryusa-cloudflare-api-token-secret
|
||||||
|
key: api-token
|
||||||
7
matthewaveryusa_cloudflare_token_secret.yaml
Normal file
7
matthewaveryusa_cloudflare_token_secret.yaml
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: matthewaveryusa-cloudflare-api-token-secret
|
||||||
|
type: Opaque
|
||||||
|
stringData:
|
||||||
|
api-token: ${CLOUDFLARE_MATTHEWAVERYUSA_TOKEN}
|
||||||
Loading…
x
Reference in New Issue
Block a user