commit ae27aa6faf1ec854a3970c65990a26717e365187 Author: dobiadi Date: Wed Oct 23 23:35:59 2024 +0200 Initial commit diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..5376c26 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +# Chart dependencies +**/charts/*.tgz diff --git a/README.md b/README.md new file mode 100644 index 0000000..081d489 --- /dev/null +++ b/README.md @@ -0,0 +1,10 @@ +`minikube config set rootless true` +`minikube start --driver podman -n 4 --cni calico --container-runtime=containerd` +`minikube addons enable metrics-server` + +Order: +* cert-manager +* linkerd +* ingress-nginx +* linkerd-viz +* argocd diff --git a/argocd/Chart.lock b/argocd/Chart.lock new file mode 100644 index 0000000..517bc90 --- /dev/null +++ b/argocd/Chart.lock @@ -0,0 +1,9 @@ +dependencies: +- name: argo-cd + repository: https://argoproj.github.io/argo-helm + version: 7.6.12 +- name: argo-rollouts + repository: https://argoproj.github.io/argo-helm + version: 2.37.7 +digest: sha256:e9a0a80ab4a190dcfa0469eb57a0e89e87deb66fa3036f807618662e57387bf4 +generated: "2024-10-20T03:51:59.001632239+02:00" diff --git a/argocd/Chart.yaml b/argocd/Chart.yaml new file mode 100644 index 0000000..a56087e --- /dev/null +++ b/argocd/Chart.yaml @@ -0,0 +1,12 @@ +apiVersion: v2 +name: argocd +description: Helm chart to update the argocd +type: application +version: 0.1.0 +dependencies: +- name: argo-cd + version: "7.6.12" + repository: "https://argoproj.github.io/argo-helm" +- name: argo-rollouts + version: "2.37.7" + repository: "https://argoproj.github.io/argo-helm" diff --git a/argocd/values.yaml b/argocd/values.yaml new file mode 100644 index 0000000..b3c5001 --- /dev/null +++ b/argocd/values.yaml @@ -0,0 +1,43 @@ +argo-cd: + configs: + params: + server.insecure: true + installCRDs: true + global: + domain: 'argo.localhost' + server: + ingress: + enabled: true + ingressClassName: nginx + podAnnotations: + linkerd.io/inject: enabled + service: + annotations: + nginx.ingress.kubernetes.io/service-upstream: "true" + repoServer: + podAnnotations: + linkerd.io/inject: enabled + service: + annotations: + nginx.ingress.kubernetes.io/service-upstream: "true" + redis: + podAnnotations: + linkerd.io/inject: enabled + service: + annotations: + nginx.ingress.kubernetes.io/service-upstream: "true" + +argo-rollouts: + dashboard: + enabled: true + podAnnotations: + linkerd.io/inject: enabled + service: + annotations: + nginx.ingress.kubernetes.io/service-upstream: "true" + ingress: + enabled: true + hosts: + - argo-rollouts.localhost + ingressClassName: nginx + diff --git a/cert-manager/Chart.lock b/cert-manager/Chart.lock new file mode 100644 index 0000000..fb3b2ec --- /dev/null +++ b/cert-manager/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: cert-manager + repository: https://charts.jetstack.io + version: v1.16.1 +digest: sha256:a9bd0faf5ab5ec3f5d38ed60609a5fb32e96685bab8967277f2786f9bae0a71f +generated: "2024-10-20T00:40:07.657440586+02:00" diff --git a/cert-manager/Chart.yaml b/cert-manager/Chart.yaml new file mode 100644 index 0000000..47650d8 --- /dev/null +++ b/cert-manager/Chart.yaml @@ -0,0 +1,9 @@ +apiVersion: v2 +name: cert-manager +description: Helm chart to update the cert-manager +type: application +version: 0.1.0 +dependencies: +- name: cert-manager + version: "1.16.1" + repository: "https://charts.jetstack.io" diff --git a/cert-manager/values.yaml b/cert-manager/values.yaml new file mode 100644 index 0000000..f96b7f1 --- /dev/null +++ b/cert-manager/values.yaml @@ -0,0 +1,3 @@ +cert-manager: + crds: + enabled: true diff --git a/ingress-nginx/Chart.lock b/ingress-nginx/Chart.lock new file mode 100644 index 0000000..89aa30d --- /dev/null +++ b/ingress-nginx/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: ingress-nginx + repository: https://kubernetes.github.io/ingress-nginx + version: 4.11.3 +digest: sha256:0963a4470e5fe0ce97023b16cfc9c3cde18b74707c6379947542e09afa6d5346 +generated: "2024-10-20T02:00:24.043856216+02:00" diff --git a/ingress-nginx/Chart.yaml b/ingress-nginx/Chart.yaml new file mode 100644 index 0000000..26e80d7 --- /dev/null +++ b/ingress-nginx/Chart.yaml @@ -0,0 +1,9 @@ +apiVersion: v2 +name: ingress-nginx +description: Helm chart to update the ingress-nginx +type: application +version: 0.1.0 +dependencies: +- name: ingress-nginx + version: "4.11.3" + repository: "https://kubernetes.github.io/ingress-nginx" diff --git a/ingress-nginx/values.yaml b/ingress-nginx/values.yaml new file mode 100644 index 0000000..5bc96d5 --- /dev/null +++ b/ingress-nginx/values.yaml @@ -0,0 +1,12 @@ +ingress-nginx: + controller: + kind: DaemonSet + podAnnotations: + linkerd.io/inject: enabled + service: + externalTrafficPolicy: Local + updateStrategy: + rollingUpdate: + maxUnavailable: 0 + maxSurge: 1 + type: RollingUpdate diff --git a/linkerd-viz/Chart.lock b/linkerd-viz/Chart.lock new file mode 100644 index 0000000..b220a68 --- /dev/null +++ b/linkerd-viz/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: linkerd-viz + repository: https://helm.linkerd.io/edge + version: 2024.10.3 +digest: sha256:25a6f763e542431a8996a6e524c5c571a2196495a40ef83483ed1603bc9059f2 +generated: "2024-10-23T23:19:37.227839164+02:00" diff --git a/linkerd-viz/Chart.yaml b/linkerd-viz/Chart.yaml new file mode 100644 index 0000000..e813575 --- /dev/null +++ b/linkerd-viz/Chart.yaml @@ -0,0 +1,9 @@ +apiVersion: v2 +name: linkerd-viz +description: Helm chart to update the linkerd-viz setup +type: application +version: 0.1.0 +dependencies: + - name: linkerd-viz + version: "2024.10.3" + repository: "https://helm.linkerd.io/edge" diff --git a/linkerd-viz/templates/viz-ingress.yaml b/linkerd-viz/templates/viz-ingress.yaml new file mode 100644 index 0000000..c825c4b --- /dev/null +++ b/linkerd-viz/templates/viz-ingress.yaml @@ -0,0 +1,19 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: web + annotations: + nginx.ingress.kubernetes.io/upstream-vhost: $service_name.$namespace.svc.cluster.local:8084 +spec: + ingressClassName: nginx + rules: + - host: linkerd.localhost + http: + paths: + - backend: + service: + name: web + port: + name: http + path: / + pathType: Prefix diff --git a/linkerd-viz/values.yaml b/linkerd-viz/values.yaml new file mode 100644 index 0000000..2deae1f --- /dev/null +++ b/linkerd-viz/values.yaml @@ -0,0 +1,5 @@ +linkerd-viz: + dashboard: + service: + annotations: + nginx.ingress.kubernetes.io/service-upstream: "true" diff --git a/linkerd/Chart.lock b/linkerd/Chart.lock new file mode 100644 index 0000000..91c5682 --- /dev/null +++ b/linkerd/Chart.lock @@ -0,0 +1,18 @@ +dependencies: +- name: linkerd-crds + repository: https://helm.linkerd.io/edge + version: 2024.10.3 +- name: linkerd2-cni + repository: https://helm.linkerd.io/edge + version: 2024.10.3 +- name: linkerd-control-plane + repository: https://helm.linkerd.io/edge + version: 2024.10.3 +- name: linkerd-viz + repository: https://helm.linkerd.io/edge + version: 2024.10.3 +- name: linkerd-smi + repository: https://linkerd.github.io/linkerd-smi + version: 1.0.4 +digest: sha256:9abbf9c779d8421b51613e8b45c41b2012f380bd85069bc3b0074a0a79096dcb +generated: "2024-10-20T04:06:19.187873925+02:00" diff --git a/linkerd/Chart.yaml b/linkerd/Chart.yaml new file mode 100644 index 0000000..6af602a --- /dev/null +++ b/linkerd/Chart.yaml @@ -0,0 +1,18 @@ +apiVersion: v2 +name: linkerd +description: Helm chart to update the linkerd setup +type: application +version: 0.1.0 +dependencies: +- name: linkerd-crds + version: "2024.10.3" + repository: "https://helm.linkerd.io/edge" +- name: linkerd2-cni + version: "2024.10.3" + repository: "https://helm.linkerd.io/edge" +- name: linkerd-control-plane + version: "2024.10.3" + repository: "https://helm.linkerd.io/edge" +- name: linkerd-smi + version: "1.0.4" + repository: "https://linkerd.github.io/linkerd-smi" diff --git a/linkerd/init.sh b/linkerd/init.sh new file mode 100755 index 0000000..52a6bdb --- /dev/null +++ b/linkerd/init.sh @@ -0,0 +1,9 @@ +step-cli certificate create root.linkerd.cluster.local ca.crt ca.key \ + --profile root-ca --no-password --insecure && + kubectl create secret tls \ + linkerd-trust-anchor \ + --cert=ca.crt \ + --key=ca.key \ + --namespace=linkerd && + yq e -i '.["linkerd-control-plane"].identityTrustAnchorsPEM=load_str("ca.crt")' values.yaml && + rm ca.crt ca.key diff --git a/linkerd/templates/identity-issuer-certificate.yaml b/linkerd/templates/identity-issuer-certificate.yaml new file mode 100644 index 0000000..cfd5942 --- /dev/null +++ b/linkerd/templates/identity-issuer-certificate.yaml @@ -0,0 +1,22 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: linkerd-identity-issuer +spec: + secretName: linkerd-identity-issuer + duration: 48h + renewBefore: 25h + issuerRef: + name: linkerd-trust-anchor + kind: Issuer + commonName: identity.linkerd.cluster.local + dnsNames: + - identity.linkerd.cluster.local + isCA: true + privateKey: + algorithm: ECDSA + usages: + - cert sign + - crl sign + - server auth + - client auth diff --git a/linkerd/templates/trust-anchor-issuer.yaml b/linkerd/templates/trust-anchor-issuer.yaml new file mode 100644 index 0000000..507b454 --- /dev/null +++ b/linkerd/templates/trust-anchor-issuer.yaml @@ -0,0 +1,7 @@ +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: linkerd-trust-anchor +spec: + ca: + secretName: linkerd-trust-anchor diff --git a/linkerd/values.yaml b/linkerd/values.yaml new file mode 100644 index 0000000..e1acba7 --- /dev/null +++ b/linkerd/values.yaml @@ -0,0 +1,23 @@ +linkerd-control-plane: + cniEnabled: true + identity: + issuer: + scheme: kubernetes.io/tls + identityTrustAnchorsPEM: | + -----BEGIN CERTIFICATE----- + MIIBjjCCATSgAwIBAgIRALFMxwXuxeFAIPXzJnwl35IwCgYIKoZIzj0EAwIwJTEj + MCEGA1UEAxMacm9vdC5saW5rZXJkLmNsdXN0ZXIubG9jYWwwHhcNMjQxMDE5MjM0 + NTQyWhcNMzQxMDE3MjM0NTQyWjAlMSMwIQYDVQQDExpyb290LmxpbmtlcmQuY2x1 + c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABM9+FB46xXRcqAwC + YaZ0nCESy31TU6wk3ED5b4RGkM+W0HCjr6FkJ/bdiZalwGZ5CmYo2skOvdMNMiOI + DpDcW6yjRTBDMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEBMB0G + A1UdDgQWBBSS3w3dDp+eYTqv/r/6aWX1HCGkTTAKBggqhkjOPQQDAgNIADBFAiBA + 2HeSIMA42bJtg4VImveysgdrHUEuLkvqyDt4NzPEFwIhAMsFnvGKdBlW0kckLWeN + KNZoN1TwbI/Hvdhh0EJRgx8e + -----END CERTIFICATE----- + proxy: + nativeSidecar: true + +linkerd2-cni: + repairController: + enabled: true