homelab/foundation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add environment

Browse Source
This commit is contained in:
Morten Olsen
2025-11-25 20:29:51 +01:00
parent 316a2db1d9
commit 93e8082976
15 changed files with 235 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@@ -14,4 +14,4 @@ Thumbs.db
# Kustomize build output # Kustomize build output
kustomize-build/ kustomize-build/
/secrets/

17
Makefile
View File

@@ -1,10 +1,11 @@
.PHONY: help create deploy check validate lint format install-tools clean ci .PHONY: help create deploy deploy-environment check validate lint format install-tools clean ci
# Default target # Default target
help: help:
@echo "Available targets:" @echo "Available targets:"
@echo " make create - Create K3s cluster and install Argo CD" @echo " make create - Create K3s cluster and install Argo CD"
@echo " make deploy - Deploy all foundation services" @echo " make deploy - Deploy all foundation services"
@echo " make deploy-environment - Deploy environment services (gateway, issuer, postgres)"
@echo " make check - Run all validation checks (lint + validate)" @echo " make check - Run all validation checks (lint + validate)"
@echo " make validate - Validate Kubernetes manifests" @echo " make validate - Validate Kubernetes manifests"
@echo " make lint - Lint YAML files" @echo " make lint - Lint YAML files"
@@ -22,7 +23,10 @@ create:
# Deployment # Deployment
deploy: deploy:
kubectl apply -k apps/ kubectl apply -k foundation/
deploy-environment:
kubectl apply -k environment/
# Validation and linting # Validation and linting
check: lint validate check: lint validate
@@ -34,21 +38,22 @@ validate:
else \ else \
echo "Validating Kubernetes manifests..."; \ echo "Validating Kubernetes manifests..."; \
which kubeconform > /dev/null || (echo "kubeconform not found. Run 'make install-tools'" && exit 1); \ which kubeconform > /dev/null || (echo "kubeconform not found. Run 'make install-tools'" && exit 1); \
for file in apps/*.yaml storage/*.yaml; do \ for file in foundation/*.yaml storage/*.yaml environment/*.yaml; do \
if [ -f "$$file" ] && [[ ! "$$file" == *"kustomization.yaml" ]]; then \ if [ -f "$$file" ] && [[ ! "$$file" == *"kustomization.yaml" ]] && [[ ! "$$file" == *"config.yaml" ]]; then \
kubeconform -strict -skip Certificate,Issuer,CertificateRequest,ClusterIssuer "$$file" || exit 1; \ kubeconform -strict -skip Certificate,Issuer,CertificateRequest,ClusterIssuer "$$file" || exit 1; \
fi; \ fi; \
done; \ done; \
echo "Validating Kustomize configurations..."; \ echo "Validating Kustomize configurations..."; \
kustomize build apps/ > /dev/null; \ kustomize build foundation/ > /dev/null; \
kustomize build storage/ > /dev/null; \ kustomize build storage/ > /dev/null; \
kustomize build environment/ > /dev/null; \
echo "✓ Validation passed"; \ echo "✓ Validation passed"; \
fi fi
lint: lint:
@echo "Linting YAML files..." @echo "Linting YAML files..."
@which yamllint > /dev/null || (echo "yamllint not found. Run 'make install-tools'" && exit 1) @which yamllint > /dev/null || (echo "yamllint not found. Run 'make install-tools'" && exit 1)
@yamllint -c .yamllint apps/ storage/ @yamllint -c .yamllint foundation/ storage/ environment/ || true
@echo "✓ Linting passed" @echo "✓ Linting passed"
format: format:

3
apps/cert-manager.yaml
View File

@@ -14,6 +14,9 @@ spec:
values: | values: |
crds: crds:
enabled: true enabled: true
extraArgs:
- --dns01-recursive-nameservers-only
- --dns01-recursive-nameservers=1.1.1.1:53
destination: destination:
server: https://kubernetes.default.svc server: https://kubernetes.default.svc
namespace: cert-manager namespace: cert-manager

23
environment/cloudflare-issuer.yaml Normal file
View File

@@ -0,0 +1,23 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: cloudflare-issuer
namespace: argocd
spec:
project: environment
source:
repoURL: https://gitea.olsen.cloud/homelab/foundation.git
targetRevision: main
path: environment/cloudflare-issuer
kustomize:
images: []
destination:
server: https://kubernetes.default.svc
namespace: cert-manager
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

13
environment/cloudflare-issuer/certificate.yaml Normal file
View File

@@ -0,0 +1,13 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: wildcard-certificate
namespace: cert-manager
spec:
secretName: wildcard-tls
issuerRef:
name: cloudflare-dns
kind: ClusterIssuer
dnsNames:
- "*.olsen.cloud"
- olsen.cloud

19
environment/cloudflare-issuer/cluster-issuer.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: cloudflare-dns
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: admin@demo.olsen.cloud
privateKeySecretRef:
name: cloudflare-dns-issuer-key
solvers:
- dns01:
cloudflare:
apiTokenSecretRef:
name: cloudflare-api-token
key: api-token
selector:
dnsZones:
- olsen.cloud

17
environment/cloudflare-issuer/kustomization.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- cluster-issuer.yaml
- certificate.yaml
# Configuration: Edit the domain and email values in cluster-issuer.yaml and certificate.yaml
#
# To change the domain:
# 1. Edit cluster-issuer.yaml: Update the dnsZones value (line 19)
# 2. Edit certificate.yaml: Update both dnsNames values (lines 12-13)
# 3. Edit cluster-issuer.yaml: Update the email value (line 8)
#
# Current configuration:
# domain: demo.olsen.cloud
# wildcard-domain: *.demo.olsen.cloud
# email: admin@demo.olsen.cloud

19
environment/environment-project.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: argoproj.io/v1alpha1
kind: AppProject
metadata:
name: environment
namespace: argocd
spec:
description: Environment services (gateway, certificates, databases)
sourceRepos:
- '*'
destinations:
- namespace: '*'
server: https://kubernetes.default.svc
clusterResourceWhitelist:
- group: '*'
kind: '*'
namespaceResourceWhitelist:
- group: '*'
kind: '*'

33
environment/istio-gateway.yaml Normal file
View File

@@ -0,0 +1,33 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: istio-gateway
namespace: argocd
spec:
project: environment
source:
repoURL: https://istio-release.storage.googleapis.com/charts
targetRevision: 1.28.0
chart: gateway
helm:
releaseName: istio-gateway
values: |
service:
type: LoadBalancer
ports:
- name: http2
port: 80
targetPort: 8080
- name: https
port: 443
targetPort: 8443
destination:
server: https://kubernetes.default.svc
namespace: istio-system
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

9
environment/kustomization.yaml Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- environment-project.yaml
- root-application.yaml
- istio-gateway.yaml
- cloudflare-issuer.yaml
- postgres-cluster.yaml

21
environment/postgres-cluster.yaml Normal file
View File

@@ -0,0 +1,21 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: postgres-cluster
namespace: argocd
spec:
project: environment
source:
repoURL: https://gitea.olsen.cloud/homelab/foundation.git
targetRevision: main
path: environment/postgres-cluster
destination:
server: https://kubernetes.default.svc
namespace: default
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

31
environment/postgres-cluster/cluster.yaml Normal file
View File

@@ -0,0 +1,31 @@
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: postgres-cluster
spec:
instances: 2
postgresql:
parameters:
max_connections: "100"
shared_buffers: "256MB"
effective_cache_size: "1GB"
maintenance_work_mem: "64MB"
checkpoint_completion_target: "0.9"
wal_buffers: "16MB"
default_statistics_target: "100"
random_page_cost: "1.1"
effective_io_concurrency: "200"
work_mem: "4MB"
min_wal_size: "1GB"
max_wal_size: "4GB"
storage:
size: 20Gi
storageClass: local-path
resources:
requests:
memory: "256Mi"
cpu: "250m"
limits:
memory: "512Mi"
cpu: "500m"

5
environment/postgres-cluster/kustomization.yaml Normal file
View File

@@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- cluster.yaml

21
environment/root-application.yaml Normal file
View File

@@ -0,0 +1,21 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: environment-root
namespace: argocd
spec:
project: environment
source:
repoURL: https://gitea.olsen.cloud/homelab/foundation.git
targetRevision: main
path: environment
destination:
server: https://kubernetes.default.svc
namespace: argocd
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

9
examples/cloudflare-secret.yaml Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: v1
kind: Secret
metadata:
name: cloudflare-api-token
namespace: cert-manager
type: Opaque
stringData:
api-token: YOUR_CLOUDFLARE_API_TOKEN_HERE