runme | ||||
---|---|---|---|---|
|
my cluster
bb tasks
bb build
This ensures all generated yaml is up to date on commit
bb apply-git-hooks
This assumes that you have placed the files tls.crt and tls.key at the root of the directory
All secrets are encrypted with that key
bbg k3d-create-registry
See https://github.com/duck1123/dotfiles
bbg k3d-create
Wait until all pods are running or completed
kubectl get pods -A
https://argo-cd.readthedocs.io/en/stable/getting_started/
helm repo add argo https://argoproj.github.io/argo-helm
kubectl create namespace argocd
export DOMAIN="argocd.dev.kronkltd.net"
cat <<EOF | jet -o yaml | helm upgrade argocd argo/argo-cd \
--install \
--namespace argocd \
--version 7.6.12 \
-f -
{:domain "${DOMAIN?}"
:configs {:params {"server.insecure" true}}
:server
{:ingress
{:annotations
{"cert-manager.io/cluster-issuer" "letsencrypt-prod"
"ingress.kubernetes.io/force-ssl-redirect" "true"}
:enabled true
:tls true
:hostname "${DOMAIN?}"}}}
EOF
argocd admin initial-password -n argocd
kubectl port-forward svc/argocd-server -n argocd 8080:443
This registers the 00-master
Application with argocd.
bb apply-master-application
Create cluster issuer record.
This will cause any ingress with the appropriate annotations to obtain a certificate from letsencrypt
replace EMAIL with your email
# Set to an email that will receive certificate expiration notices.
export EMAIL="[email protected]"
cat <<EOF | kubectl apply -f -
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: ${EMAIL}
privateKeySecretRef:
name: letsencrypt-prod
solvers:
- http01:
ingress:
class: traefik
EOF
Ensure that 001-infra
is properly healthy
Ensure that tls.crt
and tls.key
have been installed to the root of the directory. (from Keepass)
Creates a secret from the keypair
bb install-sealed-key
bb apply-sealed-key-label
Completely destroy dev cluster
k3d cluster delete
Delete registry for locally-built images
k3d registry delete k3d-myregistry.localtest.me
echo "Bearer $(kubectl -n argo-workflows get secret duck.service-account-token -o=jsonpath='{.data.token}' | base64 --decode)"