2020-01-25 19:01:21 +00:00
|
|
|
# GitOps for tbrnt k3s hosting
|
|
|
|
|
2020-01-26 18:57:32 +00:00
|
|
|
## Repo structure
|
|
|
|
|
|
|
|
* Each subdirectory is a namespace
|
|
|
|
* `_apps` is the meta directory for Argo CD apps
|
|
|
|
* Another private repo contains stuff in a more
|
|
|
|
approachable format, f.e. for dealing with
|
|
|
|
updating sealed-secrets: `gitops-tbrnt-private`
|
2020-01-25 19:01:21 +00:00
|
|
|
|
2020-01-28 20:15:57 +00:00
|
|
|
## Usage
|
|
|
|
|
|
|
|
### Argo CD
|
|
|
|
|
|
|
|
#### Access
|
|
|
|
|
|
|
|
Either
|
|
|
|
|
|
|
|
`sudo -E kubefwd svc -n argocd` and then https://argocd-server/
|
|
|
|
|
|
|
|
or
|
|
|
|
|
|
|
|
`kubectl port-forward svc/argocd-server -n argocd 8080:443` and
|
|
|
|
then https://localhost:8080/
|
|
|
|
|
|
|
|
#### CLI
|
|
|
|
|
|
|
|
* `argocd login argocd-server`
|
|
|
|
* `argocd app list`
|
|
|
|
* `argocd app sync <name>`
|
|
|
|
|
|
|
|
### Kubeseal (Sealed Secrets)
|
|
|
|
|
|
|
|
tbd
|
|
|
|
|
|
|
|
## Bootstrap GitOps
|
|
|
|
|
|
|
|
After installing k3s, do:
|
|
|
|
|
|
|
|
```
|
|
|
|
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
|
|
|
|
```
|
|
|
|
|
|
|
|
TODO:
|
|
|
|
* private key restore
|
|
|
|
* initial app provisioning
|
|
|
|
* ...
|
|
|
|
|
2020-01-25 19:01:21 +00:00
|
|
|
## k3s on Alpine
|
|
|
|
|
|
|
|
* Install k3s: `apk add k3s cni-plugins iptables`
|
|
|
|
* Enable cgroups: `rc-update add cgroups default`
|
|
|
|
* Adapt service file `/etc/init.d/k3s`:
|
2020-01-28 20:15:57 +00:00
|
|
|
|
2020-01-26 18:57:32 +00:00
|
|
|
```
|
2020-01-25 19:01:21 +00:00
|
|
|
#!/sbin/openrc-run
|
|
|
|
|
|
|
|
export PATH=/usr/share/cni-plugins/bin:$PATH
|
|
|
|
|
|
|
|
name="k3s"
|
|
|
|
command="/usr/bin/k3s"
|
|
|
|
command_args="$K3S_OPTS"
|
|
|
|
command_background="yes"
|
|
|
|
output_log="/var/log/k3s.log"
|
|
|
|
error_log="/var/log/k3s.err"
|
|
|
|
|
|
|
|
start_stop_daemon_args="server"
|
|
|
|
pidfile="/run/k3s.pid"
|
|
|
|
|
|
|
|
depend() {
|
|
|
|
need net
|
|
|
|
after firewall
|
|
|
|
}
|
|
|
|
```
|
|
|
|
|
|
|
|
Helpful links:
|
|
|
|
|
|
|
|
* https://rancher.com/docs/k3s/latest/en/advanced/#additional-preparation-for-alpine-linux-setup
|
|
|
|
* https://github.com/rancher/k3s/issues/660
|