Initial commit

.gitignore

@@ -0,0 +1,2 @@
+# Chart dependencies
+**/charts/*.tgz

README.md

@@ -0,0 +1,10 @@
+`minikube config set rootless true`
+`minikube start --driver podman -n 4 --cni calico --container-runtime=containerd`
+`minikube addons enable metrics-server`
+
+Order:
+* cert-manager
+* linkerd
+* ingress-nginx
+* linkerd-viz
+* argocd

argocd/Chart.lock

@@ -0,0 +1,9 @@
+dependencies:
+- name: argo-cd
+  repository: https://argoproj.github.io/argo-helm
+  version: 7.6.12
+- name: argo-rollouts
+  repository: https://argoproj.github.io/argo-helm
+  version: 2.37.7
+digest: sha256:e9a0a80ab4a190dcfa0469eb57a0e89e87deb66fa3036f807618662e57387bf4
+generated: "2024-10-20T03:51:59.001632239+02:00"

argocd/Chart.yaml

@@ -0,0 +1,12 @@
+apiVersion: v2
+name: argocd
+description: Helm chart to update the argocd
+type: application
+version: 0.1.0
+dependencies:
+- name: argo-cd
+  version: "7.6.12"
+  repository: "https://argoproj.github.io/argo-helm"
+- name: argo-rollouts
+  version: "2.37.7"
+  repository: "https://argoproj.github.io/argo-helm"

argocd/values.yaml

@@ -0,0 +1,43 @@
+argo-cd:
+  configs:
+    params:
+      server.insecure: true
+  installCRDs: true
+  global:
+    domain: 'argo.localhost'
+  server:
+    ingress:
+      enabled: true
+      ingressClassName: nginx
+    podAnnotations:
+      linkerd.io/inject: enabled
+    service:
+      annotations:
+        nginx.ingress.kubernetes.io/service-upstream: "true"
+  repoServer:
+    podAnnotations:
+      linkerd.io/inject: enabled
+    service:
+      annotations:
+        nginx.ingress.kubernetes.io/service-upstream: "true"
+  redis:
+    podAnnotations:
+      linkerd.io/inject: enabled
+    service:
+      annotations:
+        nginx.ingress.kubernetes.io/service-upstream: "true"
+
+argo-rollouts:
+  dashboard:
+    enabled: true
+    podAnnotations:
+      linkerd.io/inject: enabled
+    service:
+      annotations:
+        nginx.ingress.kubernetes.io/service-upstream: "true"
+    ingress:
+      enabled: true
+      hosts:
+        - argo-rollouts.localhost
+      ingressClassName: nginx
+

cert-manager/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: cert-manager
+  repository: https://charts.jetstack.io
+  version: v1.16.1
+digest: sha256:a9bd0faf5ab5ec3f5d38ed60609a5fb32e96685bab8967277f2786f9bae0a71f
+generated: "2024-10-20T00:40:07.657440586+02:00"

cert-manager/Chart.yaml

@@ -0,0 +1,9 @@
+apiVersion: v2
+name: cert-manager
+description: Helm chart to update the cert-manager
+type: application
+version: 0.1.0
+dependencies:
+- name: cert-manager
+  version: "1.16.1"
+  repository: "https://charts.jetstack.io"

cert-manager/values.yaml

@@ -0,0 +1,3 @@
+cert-manager:
+  crds:
+    enabled: true

ingress-nginx/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: ingress-nginx
+  repository: https://kubernetes.github.io/ingress-nginx
+  version: 4.11.3
+digest: sha256:0963a4470e5fe0ce97023b16cfc9c3cde18b74707c6379947542e09afa6d5346
+generated: "2024-10-20T02:00:24.043856216+02:00"

ingress-nginx/Chart.yaml

@@ -0,0 +1,9 @@
+apiVersion: v2
+name: ingress-nginx
+description: Helm chart to update the ingress-nginx
+type: application
+version: 0.1.0
+dependencies:
+- name: ingress-nginx
+  version: "4.11.3"
+  repository: "https://kubernetes.github.io/ingress-nginx"

ingress-nginx/values.yaml

@@ -0,0 +1,12 @@
+ingress-nginx:
+  controller:
+    kind: DaemonSet
+    podAnnotations:
+      linkerd.io/inject: enabled
+    service:
+      externalTrafficPolicy: Local
+    updateStrategy:
+      rollingUpdate:
+        maxUnavailable: 0
+        maxSurge: 1
+      type: RollingUpdate

linkerd-viz/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: linkerd-viz
+  repository: https://helm.linkerd.io/edge
+  version: 2024.10.3
+digest: sha256:25a6f763e542431a8996a6e524c5c571a2196495a40ef83483ed1603bc9059f2
+generated: "2024-10-23T23:19:37.227839164+02:00"

linkerd-viz/Chart.yaml

@@ -0,0 +1,9 @@
+apiVersion: v2
+name: linkerd-viz
+description: Helm chart to update the linkerd-viz setup
+type: application
+version: 0.1.0
+dependencies:
+  - name: linkerd-viz
+    version: "2024.10.3"
+    repository: "https://helm.linkerd.io/edge"

linkerd-viz/templates/viz-ingress.yaml

@@ -0,0 +1,19 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: web
+  annotations:
+    nginx.ingress.kubernetes.io/upstream-vhost: $service_name.$namespace.svc.cluster.local:8084
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: linkerd.localhost
+      http:
+        paths:
+          - backend:
+              service:
+                name: web
+                port:
+                  name: http
+            path: /
+            pathType: Prefix

linkerd-viz/values.yaml

@@ -0,0 +1,5 @@
+linkerd-viz:
+  dashboard:
+    service:
+      annotations:
+        nginx.ingress.kubernetes.io/service-upstream: "true"

linkerd/Chart.lock

@@ -0,0 +1,18 @@
+dependencies:
+- name: linkerd-crds
+  repository: https://helm.linkerd.io/edge
+  version: 2024.10.3
+- name: linkerd2-cni
+  repository: https://helm.linkerd.io/edge
+  version: 2024.10.3
+- name: linkerd-control-plane
+  repository: https://helm.linkerd.io/edge
+  version: 2024.10.3
+- name: linkerd-viz
+  repository: https://helm.linkerd.io/edge
+  version: 2024.10.3
+- name: linkerd-smi
+  repository: https://linkerd.github.io/linkerd-smi
+  version: 1.0.4
+digest: sha256:9abbf9c779d8421b51613e8b45c41b2012f380bd85069bc3b0074a0a79096dcb
+generated: "2024-10-20T04:06:19.187873925+02:00"

linkerd/Chart.yaml

@@ -0,0 +1,18 @@
+apiVersion: v2
+name: linkerd
+description: Helm chart to update the linkerd setup
+type: application
+version: 0.1.0
+dependencies:
+- name: linkerd-crds 
+  version: "2024.10.3"
+  repository: "https://helm.linkerd.io/edge"
+- name: linkerd2-cni
+  version: "2024.10.3"
+  repository: "https://helm.linkerd.io/edge"
+- name: linkerd-control-plane
+  version: "2024.10.3"
+  repository: "https://helm.linkerd.io/edge"
+- name: linkerd-smi
+  version: "1.0.4"
+  repository: "https://linkerd.github.io/linkerd-smi"

linkerd/init.sh

@@ -0,0 +1,9 @@
+step-cli certificate create root.linkerd.cluster.local ca.crt ca.key \
+  --profile root-ca --no-password --insecure &&
+  kubectl create secret tls \
+    linkerd-trust-anchor \
+    --cert=ca.crt \
+    --key=ca.key \
+    --namespace=linkerd &&
+  yq e -i '.["linkerd-control-plane"].identityTrustAnchorsPEM=load_str("ca.crt")' values.yaml &&
+  rm ca.crt ca.key

linkerd/templates/identity-issuer-certificate.yaml

@@ -0,0 +1,22 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: linkerd-identity-issuer
+spec:
+  secretName: linkerd-identity-issuer
+  duration: 48h
+  renewBefore: 25h
+  issuerRef:
+    name: linkerd-trust-anchor
+    kind: Issuer
+  commonName: identity.linkerd.cluster.local
+  dnsNames:
+  - identity.linkerd.cluster.local
+  isCA: true
+  privateKey:
+    algorithm: ECDSA
+  usages:
+  - cert sign
+  - crl sign
+  - server auth
+  - client auth

linkerd/templates/trust-anchor-issuer.yaml

@@ -0,0 +1,7 @@
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: linkerd-trust-anchor
+spec:
+  ca:
+    secretName: linkerd-trust-anchor

linkerd/values.yaml

@@ -0,0 +1,23 @@
+linkerd-control-plane:
+  cniEnabled: true
+  identity:
+    issuer:
+      scheme: kubernetes.io/tls
+  identityTrustAnchorsPEM: |
+    -----BEGIN CERTIFICATE-----
+    MIIBjjCCATSgAwIBAgIRALFMxwXuxeFAIPXzJnwl35IwCgYIKoZIzj0EAwIwJTEj
+    MCEGA1UEAxMacm9vdC5saW5rZXJkLmNsdXN0ZXIubG9jYWwwHhcNMjQxMDE5MjM0
+    NTQyWhcNMzQxMDE3MjM0NTQyWjAlMSMwIQYDVQQDExpyb290LmxpbmtlcmQuY2x1
+    c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABM9+FB46xXRcqAwC
+    YaZ0nCESy31TU6wk3ED5b4RGkM+W0HCjr6FkJ/bdiZalwGZ5CmYo2skOvdMNMiOI
+    DpDcW6yjRTBDMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEBMB0G
+    A1UdDgQWBBSS3w3dDp+eYTqv/r/6aWX1HCGkTTAKBggqhkjOPQQDAgNIADBFAiBA
+    2HeSIMA42bJtg4VImveysgdrHUEuLkvqyDt4NzPEFwIhAMsFnvGKdBlW0kckLWeN
+    KNZoN1TwbI/Hvdhh0EJRgx8e
+    -----END CERTIFICATE-----
+  proxy:
+    nativeSidecar: true
+
+linkerd2-cni:
+  repairController:
+    enabled: true