Skip to content

duck1123/k3s-fleetops

Repository files navigation

runme
id version
01J9HAPD89ZH24ER7CPYFPD9FG
v3

my cluster

Setup

List Tasks

bb tasks

Build

bb build

Register Git hooks

This ensures all generated yaml is up to date on commit

bb apply-git-hooks

Secrets

This assumes that you have placed the files tls.crt and tls.key at the root of the directory

All secrets are encrypted with that key

Registry

bbg k3d-create-registry

Cluster

See https://github.com/duck1123/dotfiles

bbg k3d-create

Check Pod Status

Wait until all pods are running or completed

kubectl get pods -A

Argo CD

Install

https://argo-cd.readthedocs.io/en/stable/getting_started/

Add Repo

helm repo add argo https://argoproj.github.io/argo-helm

Create Namespace

kubectl create namespace argocd

Install Helm Chart

export DOMAIN="argocd.dev.kronkltd.net"
cat <<EOF | jet -o yaml | helm upgrade argocd argo/argo-cd \
  --install \
  --namespace argocd \
  --version 7.6.12 \
  -f -
{:domain "${DOMAIN?}"
 :configs {:params {"server.insecure" true}}
 :server
 {:ingress
   {:annotations
    {"cert-manager.io/cluster-issuer"           "letsencrypt-prod"
     "ingress.kubernetes.io/force-ssl-redirect" "true"}
    :enabled     true
    :tls         true
    :hostname    "${DOMAIN?}"}}}
EOF

Get password

argocd admin initial-password -n argocd

Forward ports

kubectl port-forward svc/argocd-server -n argocd 8080:443

https://localhost:8080/

Apply master app

This registers the 00-master Application with argocd.

bb apply-master-application

Create letsencrypt provider

Create cluster issuer record.

This will cause any ingress with the appropriate annotations to obtain a certificate from letsencrypt

replace EMAIL with your email

# Set to an email that will receive certificate expiration notices.
export EMAIL="[email protected]"

cat <<EOF | kubectl apply -f -
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: ${EMAIL}
    privateKeySecretRef:
      name: letsencrypt-prod
    solvers:
    - http01:
        ingress:
          class: traefik
EOF

Install Sealed Key

Ensure that 001-infra is properly healthy

Ensure that tls.crt and tls.key have been installed to the root of the directory. (from Keepass)

Upload sealed key to server

Creates a secret from the keypair

bb install-sealed-key

Mark key as active

bb apply-sealed-key-label

Clean Up

Delete Cluster

Completely destroy dev cluster

k3d cluster delete

Delete Registry

Delete registry for locally-built images

k3d registry delete k3d-myregistry.localtest.me

Inspect

Argo Workflows

Read token

echo "Bearer $(kubectl -n argo-workflows get secret duck.service-account-token -o=jsonpath='{.data.token}' | base64 --decode)"

About

Personal Devops stack

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published