Giter VIP home page Giter VIP logo

cd's Introduction

cd

Prerequisites

  1. Working Kubernetes cluster
  2. Working kubectl config
kubectl get nodes
NAME                            STATUS   ROLES           AGE     VERSION
k8s1.private.swifthomelab.net   Ready    control-plane   3m54s   v1.28.6
k8s2.private.swifthomelab.net   Ready    control-plane   3m36s   v1.28.6
k8s3.private.swifthomelab.net   Ready    control-plane   3m3s    v1.28.6

Initial installation on bare cluster

(ArgoCD-cli installation not necessary)

  1. Bootstrap ArgoCD and wait for it to come up
kubectl create namespace argocd
kubectl apply -n argocd -k bootstrap/install && kubectl -n argocd rollout status deployment argocd-server
  1. Install base applications (argo-cd, root, cluster-resources)
kubectl apply -f bootstrap/

Base application definition

  • argo-cd manages argo-cd installtion itself, reconciles ownership of resources after initial installation with step 1.
  • root manages applications in 'app-of-apps' pattern on default project
  • cluster-resources owns global cluster resources that should be preserved on application deletion (like the argocd namespace)

  1. Update ArgoCD user password

    1. Generate password hash using bcrypt (Python implementation)
    python3 -I
    >>> import bcrypt
>>> print(bcrypt.hashpw(b'YOUR-PASSWORD-HERE', bcrypt.gensalt()).decode())
>>> exit()
    1. Create ArgoCD admin secret with new hash
    kubectl apply -f ./secrets/argocd.yaml
    # ./secrets/argocd.yaml
apiVersion: v1
stringData:
  admin.password: YOUR-PASSWORD-HASH
kind: Secret
metadata:
  labels:
    app.kubernetes.io/name: argocd-secret
    app.kubernetes.io/part-of: argocd
  name: argocd-secret
  namespace: argocd
type: Opaque
    1. Update password mtime
    kubectl -n argocd patch secret argocd-secret \
    -p '{"stringData": {"admin.passwordMtime": "'$(date +%FT%T%Z)'"}}'

    You could also install the ArgoCD CLI and update passwords via

    argocd account update-password

  2. Forward ArgoCD server on loopback port 8443/HTTPS

kubectl port-forward svc/argocd-server -n argocd 8443:443

  1. Sign-in to ArgoCD via web UI using new password

  2. Manually sync all applications

  1. Restart admin server to apply HTTPs patch
kubectl -n argocd rollout restart deployment argocd-server && kubectl -n argocd rollout status deployment argocd-server
  1. ArgoCD is now available at ingress (done)

Note: https://kubernetes.default.svc is the default address for the local cluster that ArgoCD is installed in. If ArgoCD should manage an external cluster, this address must be changed.

This repository follows the app of apps pattern described here. Manual pinning of cluster version and strict access control is necesarry due to the inherent danger of auto-bootstrapping clusters.

Signing-in to Kubernetes dashboard

kubectl -n kubernetes-dashboard create token admin
kubectl -n kubernetes-dashboard get secret admin -o jsonpath={".data.token"} | base64 -d

Setup Proxmox-CSI

Label nodes

kubectl label node k8s1.private.swifthomelab.net topology.kubernetes.io/region=cluster1
kubectl label node k8s1.private.swifthomelab.net topology.kubernetes.io/zone=pve2
kubectl patch node k8s1.private.swifthomelab.net -p $'spec:\n providerID: proxmox://cluster1/501'

kubectl label node k8s2.private.swifthomelab.net topology.kubernetes.io/region=cluster1
kubectl label node k8s2.private.swifthomelab.net topology.kubernetes.io/zone=pve1
kubectl patch node k8s2.private.swifthomelab.net -p $'spec:\n providerID: proxmox://cluster1/502'

kubectl label node k8s3.private.swifthomelab.net topology.kubernetes.io/region=cluster1
kubectl label node k8s3.private.swifthomelab.net topology.kubernetes.io/zone=pve3
kubectl patch node k8s3.private.swifthomelab.net -p $'spec:\n providerID: proxmox://cluster1/503'

Install secret

# config.yaml
clusters:
  - url: https://pve1.private.swifthomelab.net:8006/api2/json
    insecure: false
    token_id: "kubernetes-csi@pve!csi"
    token_secret: "secret-api-token"
    region: cluster1
kubectl -n csi-proxmox create secret generic proxmox-csi-plugin --from-file=config.yaml

cd's People

Contributors

josbritton avatar renovate[bot] avatar

Stargazers

avatar

Watchers

avatar

cd's Issues

Dependency Dashboard

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

This repository currently has no open or pending branches.

Detected dependencies

github-actions
.github/workflows/ci.yaml
  • actions/checkout v4@692973e3d937129bcbf40652eb9f2f61becf3332
  • ibiqlik/action-yamllint v3@2576378a8e339169678f9939646ee3ee325e845c
  • actions/checkout v4@692973e3d937129bcbf40652eb9f2f61becf3332
  • actions/setup-go v5.0.2@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32
helm-values
apps/dashboard/upstream/values.yaml
  • docker.io/kubernetesui/dashboard-auth 1.1.3
  • docker.io/kubernetesui/dashboard-api 1.7.0
  • docker.io/kubernetesui/dashboard-web 1.4.0
  • docker.io/kubernetesui/dashboard-metrics-scraper 1.1.1
apps/descheduler/upstream/values.yaml
apps/influxdb/upstream/values.yaml
  • influxdb 2.7.10-alpine@sha256:84934b1007a518d779df42b1e58e6185f1f09a81a6593c6cd0c242fb9fb5c2f0
helmv3
apps/cert-manager/upstream/Chart.yaml
  • cert-manager v1.15.3
apps/contour/upstream/Chart.yaml
  • contour 19.0.2
apps/dashboard/upstream/Chart.yaml
  • kubernetes-dashboard 7.5.0
apps/descheduler/upstream/Chart.yaml
  • descheduler 0.30.1
apps/influxdb/upstream/Chart.yaml
  • influxdb2 2.1.2
apps/prometheus/upstream/Chart.yaml
  • kube-prometheus-stack 61.9.0
apps/proxmox-csi-plugin/upstream/Chart.yaml
  • proxmox-csi-plugin 0.2.5
kubernetes
apps/bazarr/statefulset.yaml
  • ghcr.io/onedr0p/bazarr 1.4.3@sha256:d2b70813f7d636fb1ab3448e13ca4074630b63216c6c6d02d034cd5d9e938ea3
  • StatefulSet apps/v1
apps/cert-manager/kustomization.yaml
  • Kustomization kustomize.config.k8s.io/v1beta1
apps/cert-manager/resources/upstream.yaml
apps/contour/kustomization.yaml
  • Kustomization kustomize.config.k8s.io/v1beta1
apps/contour/resources/upstream.yaml
apps/dashboard/kustomization.yaml
  • Kustomization kustomize.config.k8s.io/v1beta1
apps/dashboard/resources/auth.yaml
  • ClusterRoleBinding rbac.authorization.k8s.io/v1
apps/dashboard/resources/upstream.yaml
apps/descheduler/kustomization.yaml
  • Kustomization kustomize.config.k8s.io/v1beta1
apps/descheduler/resources/upstream.yaml
apps/flaresolverr/deployment.yaml
  • ghcr.io/flaresolverr/flaresolverr v3.3.21@sha256:f104ee51e5124d83cf3be9b37480649355d223f7d8f9e453d0d5ef06c6e3b31b
  • Deployment apps/v1
apps/influxdb/kustomization.yaml
  • Kustomization kustomize.config.k8s.io/v1beta1
apps/influxdb/resources/upstream.yaml
apps/plex/statefulset.yaml
  • ghcr.io/onedr0p/plex rolling@sha256:b9c296227e318d81b62873aebfb25ba78685b65546e47a4840d31dd501504f1c
  • StatefulSet apps/v1
apps/prometheus/kustomization.yaml
  • Kustomization kustomize.config.k8s.io/v1beta1
apps/prometheus/resources/upstream.yaml
apps/prowlarr/statefulset.yaml
  • ghcr.io/onedr0p/prowlarr 1.21.2.4649@sha256:1434332f68d87c7394030d8bc80963b2353d0f5705055c6ab447a43cf6b76eab
  • StatefulSet apps/v1
apps/proxmox-csi-plugin/kustomization.yaml
  • Kustomization kustomize.config.k8s.io/v1beta1
apps/proxmox-csi-plugin/resources/storageclass.yaml
  • StorageClass storage.k8s.io/v1
apps/proxmox-csi-plugin/resources/upstream.yaml
apps/radarr/statefulset.yaml
  • ghcr.io/onedr0p/radarr 5.8.3@sha256:c8fa12f8efdbcb8ef736b019335c39f4962def9bee479b0fb8b0401824bcf26b
  • StatefulSet apps/v1
apps/sonarr/statefulset.yaml
  • ghcr.io/onedr0p/sonarr 4.0.8.1874@sha256:3c8d3d5648f9d292d834252e98c34f459ea81a906ab88782bd53f405bb2c4b26
  • StatefulSet apps/v1
apps/tdarr/daemonset.yaml
  • ghcr.io/haveagitgat/tdarr_node 2.24.04@sha256:1d49dfd3a5749d12872368f00e1e2db2875845d9041c14ebd71350c93ac03486
  • DaemonSet apps/v1
apps/tdarr/statefulset.yaml
  • ghcr.io/haveagitgat/tdarr 2.24.04@sha256:b01fc64a885fe9976f07ff0673b5a0e62984068d4838b79dd47248c49e316ca1
  • StatefulSet apps/v1
apps/vaultwarden/statefulset.yaml
  • vaultwarden/server 1.32.0-alpine@sha256:e3efdc8a9961643f5f0d2c72596aedfe4b4fcfce9836e18c1e8ba0b8c2e06459
  • StatefulSet apps/v1
bootstrap/argo-cd/kustomization.yaml
  • Kustomization kustomize.config.k8s.io/v1beta1
bootstrap/install/kustomization.yaml
  • Kustomization kustomize.config.k8s.io/v1beta1
kustomize
apps/prometheus/kustomization.yaml
  • dotdc/grafana-dashboards-kubernetes 4b06b004f4a3c5a86249516f088b7d6c029e13a2
pip_requirements
requirements.txt
  • yamllint ==1.35.1
  • pre-commit ==3.8.0
  • Check this box to trigger a request for Renovate to run again on this repository

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.