tobru
/
gitops-tbrnt
Archived
1
0
Fork 0
Code Issues Pull Requests Releases Activity
Public GitOps repository for showing how I run my services on k3s https://tobru.ch/
This repository has been archived on 2023-04-02. You can view files and clone it, but cannot push or open issues or pull requests.
35 Commits 31 Branches 0 Tags 27 MiB
Open Policy Agent 52.9%
HTML 43%
Makefile 4.1%
Go to file
Tobias Brunner 12e56b77ad install pylokid 2020-02-08 15:59:06 +01:00
_apps install pylokid 2020-02-08 15:59:06 +01:00
cert-manager on k3s were using traefik 2020-01-25 20:40:53 +01:00
drone install drone 2020-02-08 15:50:11 +01:00
k8up correct access keys 2020-02-08 15:04:02 +01:00
monitoring add monitoring manifests 2020-01-28 21:31:13 +01:00
mosquitto move acls and passwds to sealed secrets 2020-01-26 20:30:42 +01:00
owntracks configure frontend and move recorder ingress 2020-01-26 21:27:34 +01:00
pylokid install pylokid 2020-02-08 15:59:06 +01:00
sealed-secrets install sealed secrets controller 2020-01-25 20:13:41 +01:00
stakater-reloader correct rolebinding ns 2020-01-26 20:02:23 +01:00
tobru-ch selector in pvc not needed 2020-02-08 15:28:27 +01:00
README.md add hint how to use kubeseal 2020-02-08 15:24:09 +01:00

README.md

GitOps for tbrnt k3s hosting

Repo structure

  • Each subdirectory is a namespace
  • _apps is the meta directory for Argo CD apps
  • Another private repo contains stuff in a more approachable format, f.e. for dealing with updating sealed-secrets: gitops-tbrnt-private

Usage

Argo CD

Access

Either

sudo -E kubefwd svc -n argocd and then https://argocd-server/

or

kubectl port-forward svc/argocd-server -n argocd 8080:443 and then https://localhost:8080/

CLI

  • argocd login argocd-server
  • argocd app list
  • argocd app sync <name>

Kubeseal (Sealed Secrets)

See README of apps. Basically:

kubeseal --controller-namespace sealed-secrets -o yaml -n MYNS < ../../gitops-tbrnt-private/MYNS/MYSECRET.yaml > MYSECRET-secret.yaml

Bootstrap GitOps

After installing k3s, do:

kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml

TODO:

  • private key restore
  • initial app provisioning
  • ...

k3s on Alpine

  • Install k3s: apk add k3s cni-plugins iptables wireguard-virt wireguard-tools-wg
  • Enable cgroups: rc-update add cgroups default
  • Adapt service file /etc/init.d/k3s:
#!/sbin/openrc-run

export PATH=/usr/share/cni-plugins/bin:$PATH

name="k3s"
command="/usr/bin/k3s"
command_args="$K3S_OPTS"
command_background="yes"
output_log="/var/log/k3s.log"
error_log="/var/log/k3s.err"

start_stop_daemon_args="server"
pidfile="/run/k3s.pid"

depend() {
	need net
	after firewall
}

Helpful links:

Configure Wireguard

/etc/network/interfaces

auto wg0
iface wg0 inet static
    address 10.42.42.16
    netmask 255.255.255.0
    pre-up ip link add dev wg0 type wireguard
    pre-up wg setconf wg0 /etc/wireguard/wg0.conf
    post-up ip route add 10.42.42.0/24 dev wg0
    post-down ip link delete dev wg0