.

2025-03-05 15:35:05 -05:00 · 2025-03-05 15:35:05 -05:00 · 175b2e4358
commit 175b2e4358
parent 021a4e1a2a
8 changed files with 125 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -0,0 +1,23 @@
+
+    curl -sfL https://get.k3s.io | K3S_KUBECONFIG_MODE="644" INSTALL_K3S_EXEC=" --disable servicelb --disable traefik" sh -s -
+    curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
+    helm repo add stable https://charts.helm.sh/stable
+    helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
+    helm repo add jetstack https://charts.jetstack.io
+    helm repo update
+    helm install ingress-nginx ingress-nginx/ingress-nginx --namespace ingress-nginx --create-namespace
+    helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --set crds.enabled=true
+    mkdir -p ~/.kube/
+    sudo cp /etc/rancher/k3s/k3s.yaml ~/.kube/config
+    helm upgrade ingress-nginx ingress-nginx/ingress-nginx   --namespace ingress-nginx   -f ingress-values.yaml
+    kubectl apply -f matthewaveryusa_cloudflare_token_secret.yaml -n cert-manager
+    kubectl apply -f matthewaveryusa_cloudflare_issuer.yaml -n cert-manager
+    kubectl apply -f matthewaveryusa_certificate.yaml -n cert-manager
+    
+    helm repo add argo https://argoproj.github.io/argo-helm
+    helm repo update
+    helm install argocd argo/argo-cd --namespace argocd --create-namespace
+
+    kubectl apply -n argocd -f argocd_ingress.yaml 
+    helm upgrade argocd argo/argo-cd -f argocd-values.yaml  -n argocd
+    kubectl apply -f argocd-appset.yaml -n argocd
--- a/argocd-appset.yaml
+++ b/argocd-appset.yaml
@ -0,0 +1,30 @@
+apiVersion: argoproj.io/v1alpha1
+kind: ApplicationSet
+metadata:
+  name: k8s-applications
+spec:
+  generators:
+  - git:
+      repoURL: ssh://git@git.averytribe.com:522/matthewaveryusa/mono.git
+      revision: main
+      directories:
+      - path: k8s/*
+  template:
+    metadata:
+      name: '{{path.basename}}'  # This sets the app name to the folder name
+    spec:
+      project: default
+      source:
+        repoURL: ssh://git@git.averytribe.com:522/matthewaveryusa/mono.git
+        targetRevision: main
+        path: '{{path}}'
+      destination:
+        server: https://kubernetes.default.svc
+        namespace: '{{path.basename}}'  # Deploy into a namespace matching the app name
+      syncPolicy:
+        automated:
+          prune: true  # Ensures apps are removed if deleted from Git
+          selfHeal: true
+        syncOptions:
+          - CreateNamespace=true  # Ensures namespace is created if missing
+
--- a/argocd-values.yaml
+++ b/argocd-values.yaml
@ -0,0 +1,3 @@
+configs:
+  params:
+    server.insecure: true
--- a/argocd_ingress.yaml
+++ b/argocd_ingress.yaml
@ -0,0 +1,26 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: argocd-server-http-ingress
+  namespace: argocd
+  annotations:
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
+    cert-manager.io/cluster-issuer: matthewaveryusa-issuer
+spec:
+  ingressClassName: nginx
+  rules:
+  - http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: argocd-server
+            port:
+              name: http
+    host: argocd.matthewaveryusa.com
+  tls:
+  - hosts:
+    - argocd.matthewaveryusa.com
+    secretName: matthewaveryusa-wildcard 
--- a/ingress-values.yaml
+++ b/ingress-values.yaml
@ -0,0 +1,6 @@
+controller:
+  hostNetwork: true
+  dnsPolicy: ClusterFirstWithHostNet
+  service:
+    type: NodePort
+
--- a/matthewaveryusa_certificate.yaml
+++ b/matthewaveryusa_certificate.yaml
@ -0,0 +1,14 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: matthewaveryusa-wildcard
+  namespace : cert-manager
+spec:
+  secretName: matthewaveryusa-wildcard
+  issuerRef:
+    name: matthewaveryusa-issuer
+    kind: ClusterIssuer
+  commonName: '*.matthewaveryusa.com'
+  dnsNames:
+  - "*.matthewaveryusa.com"
+  - "matthewaveryusa.com"
--- a/matthewaveryusa_cloudflare_issuer.yaml
+++ b/matthewaveryusa_cloudflare_issuer.yaml
@ -0,0 +1,16 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: matthewaveryusa-issuer
+spec:
+  acme:
+    email: letsencrypt@matthewaveryusa.com
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: matthewaveryusa-issuer-key
+    solvers:
+    - dns01:
+        cloudflare:
+          apiTokenSecretRef:
+            name: matthewaveryusa-cloudflare-api-token-secret
+            key: api-token
--- a/matthewaveryusa_cloudflare_token_secret.yaml
+++ b/matthewaveryusa_cloudflare_token_secret.yaml
@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: matthewaveryusa-cloudflare-api-token-secret
+type: Opaque
+stringData:
+  api-token: ${CLOUDFLARE_MATTHEWAVERYUSA_TOKEN}